An anonymous reader notes a recent post on the SANS Institute's Internet Storm Center site estimating the time to infection of an unpatched Windows machine on the Internet — currently about 4 minutes. The researcher stipulated that the sub-5-minute estimate was valid for an unpatched machine in an ISP netblock with no NAT or firewall. The researcher, Lorna Hutcheson, called for others to post data on time-to-infection, and honeypot researchers in Germany did so the same day. They found longer times to infection, an average of 16 hours. Concludes the ISC's Hutchinson: "While the survival time varies quite a bit across methods used, pretty much all agree that placing an unpatched Windows computer directly onto the Internet in the hope that it downloads the patches faster than it gets exploited are odds that you wouldn't bet on in Vegas."

nickull wrote in his journal that "Today Adobe systems made an announcement that it has provided technology and information to Google and Yahoo! to help the two search engine rivals index Shockwave Flash (SWF) file formats. According to the company, this will provide more relevant search rankings of the millions pieces of Flash content. Until now, developers had to implement workarounds for exposing text content used in Flash to search-engine spiders and other bots such as using XHTML data providers. While the Flash content is exposed, it is not yet clear how it will be utilized by the search engines, as they have not revealed their algorithms. The SWF specification is openly published."

Coach Wei writes "An industry wishlist for future browsers has been collected and developed by OpenAjax Alliance. Using wiki as an open collaboration tool, the feature list now lists 37 separate feature requests, covering a wide range of technology areas, such as security, Comet, multimedia, CSS, interactivity, and performance. The goal is to inform the browser vendors about what the Ajax developer community feels are most important for the next round of browsers (i.e., FF4, IE9, Safari4, and Opera10) and to provide supplemental details relative to the feature requests. Currently, the top three voted features are: 2D Drawing/Vector Graphics, The Two HTTP Connection Limit Issue, and HTML DOM Operation Performance In General . OpenAjax Alliance is calling for everyone to vote for his/her favorite features. The alliance also strongly encourages people to comment on the wiki pages for each of the existing features and to add any important new features that are not yet on the list."

stoolpigeon writes "It seems that it wasn't long ago that Google was just a search company. The number of on-line products that fly under the Google moniker, today, is impressive. Google has moved well beyond its office-suite-like applications and excelled with everything from mapping to blogging to 3-D drawing. Google Apps Hacks is a new book from O'Reilly, published in conjunction with their Make magazine. This volume presents the reader with 141 hacks in an attempt to get the most out of a wide array of Google's on-line applications. The result is a quick ride that is rather fun — and while a bit shallow at times, it provides a great overview of just how much is available out there." Read below for the rest of JR's review.

mattnyc99 writes "The FBI has confirmed to Popular Mechanics that it's not only adding palm prints to its criminal records, but preparing to balloon its repository of photos, which an agency official says 'could be the basis for our facial recognition.' It's all part of a new biometric software system that could store millions of iris scans within 10 years and has privacy advocates crying foul. Quoting: 'The FBI's Next Generation Identification (NGI) system, which could cost as much as $1 billion over its 10-year life cycle, will create an unprecedented database of biometric markers, such as facial images and iris scans. For criminal investigators, NGI could be as useful as DNA some day — a distinctive scar or a lopsided jaw line could mean the difference between a cold case and closed one. And for privacy watchdogs, it's a dual threat — seen as a step toward a police state, and a gold mine of personal data waiting to be plundered by cybercriminals.'"

An anonymous reader writes "Currently, I'm running an old 4u Linux server for my private backup and storage needs. I could add new drives, but it's just way too bulky (and only IDE). For the sake of size and power efficiency I think about replacing it with a NAS solution, but cannot decide which one to get. The only requirements I have are capacity (>1.5TB) and RAID5. Samba/FTP/USB is enough. Since manufacturers always claim their system to be the best, I'd like to hear some suggestions from you Slashdot readers."

Hyrum writes "The Subversion team is proud to announce the release of Subversion 1.5.0, a popular open source version control system. The first new feature release of Subversion in almost 2 years, 1.5.0 contains a number of new improvements and features. A detailed list of changes can be found in the release notes. Among the major new features included in this release is merge tracking—Subversion now keeps track of what changes have been merged where. Source code is available immediately, with various other packages available soon."

klubar writes "According to a a recent survey, one in three IT staff snoops on colleagues. U.S. information security company Cyber-Ark surveyed 300 senior IT professionals, and found that one-third admitted to secretly snooping, while 47 percent said they had accessed information that was not relevant to their role. Makes you wonder about the other 2 out of 3. Did they lie on the survey or really don't snoop?"

Nate D writes "It's here: a new major release of Novell's community-supported distro is now available, and can be downloaded from the mirrors. Linux Format has a hands-on look at the new installer, SLAB menu and Compiz Fusion, and weighs up whether the distro can fight competition from Ubuntu and Fedora. Is this the start of a new era for SUSE?"

boustrophedon writes "Starting at midnight in their local timezones, downloaders have been asking when Firefox 3 will be ready for Firefox Download Day, June 17, 2008. Mary announced on the Spread Firefox Forum that downloads will commence at 10 AM PST." That means 1 p.m. East Coast time, and, in Justin Mason's view, some pretty annoying times of day for many parts of the world. Reader CorinneI supplies a link to PC Magazine's (very positive) overview of the new version's features, which praises the "speedy performance, thrifty memory usage, and, in particular, the address bar that now predicts where you want to go when you start typing (what Mozilla insiders refer to as the Awesome Bar)." FF3, even in Beta and RC form, and even with the extension incompatibilities I've run into, has quickly replaced FF2 as my preferred browser — for me, the improved drop-down autocomplete behavior alone is enough to justify the switch.

snydeq writes "PCs preconfigured with stone-age malware, backups without recovery, Social Security numbers stored in plain view of high school students — Andy Brandt gives InfoWorld's Stupid Users series a new IT admin twist. Call it fratricide if you will, but getting paid to know better is no guarantee against IT idiocy, as these stories attest."

An anonymous reader points us to an interview Microsoft's Windows 7 development chief, Steven Sinofsky, did with CNet. He reveals that Windows 7 will be a further evolution of Vista, and will lose the rumored MinWin kernel. "We're very clear that drivers and software that work on Windows Vista are going to work really well on Windows 7; in fact, they'll work the same. We're going to not introduce additional compatibilities, particularly in the driver model. Windows Vista was about improving those things. We are going to build on the success and the strength of the Windows Server 2008 kernel, and that has all of this work that you've been talking about. The key there is that the kernel in Windows Server 08 is an evolution of the kernel in Windows Vista, and then Windows 7 will be a further evolution of that kernel as well."