Slashdot

narramissic writes "According to identity management firm Cyber-Ark's annual 'Trust, Security & Passwords' survey, a whopping 88% of IT administrators would steal CEO passwords, customer database, research and development plans, financial reports, M&A plans and the company's list of privileged passwords if they were suddenly laid off. The survey also found that one third of IT staff admitted to snooping around the network, looking at highly confidential information, such as salary details and people's personal emails."

Read more of this story at Slashdot.

mernil writes to mention that the Dead Sea Scrolls are headed for the internet. The Israel Antiquities Authority, custodians of the scrolls, plan on digitizing the 900 fragments to make them available to the public via the internet. Unfortunately they are claiming the project will take somewhere in the neighborhood of two years to complete.

Read more of this story at Slashdot.

alphadogg writes to tell us that IBM is claiming a victory on the flash storage front. Their new research project "Quicksilver" is claiming data transfer speeds of more than 1 million input/output operations per second (IOPS). "IBM said Quicksilver is two and a half times faster than its own SAN Volume Controller coupled with IBM's DS4700 storage. It would also be two and a half times faster than technology from Texas Memory Systems, which says it has the world's fastest storage with an IOPS rate of 400,000. "

Read more of this story at Slashdot.

Linux.com has an interesting look at the inner workings of the Free Software Foundation (FSF). "The purpose of the Free Software Foundation (FSF) is probably obvious from its name -- but what does promoting free software mean in terms of everyday activity? Examining the roles of the organization shows how complex the FSF's advocacy role has become. It also reveals the range of services available to the free software community, and helps to explain how such a small group has had such a major influence on computer technology. As a 501(c)3 charity in the United States, the FSF is run by a board of directors. The current board includes FSF founder and president Richard M. Stallman and long-term member Henry Poole, but, in the last few years, new faces have appeared on the board."

Read more of this story at Slashdot.

JagsLive sends in a story (in somewhat inflammatory prose) from The Inquirer, which links to many others; they have been following developments in the alleged NVidia quality "fiasco" for some time. "Hot on the heels of its denials that anything is wrong with the G92 and G94s comes another PCN [Product Change Notification] that shows the G92s and G92b are being changed for no reason. Yup, the problems that are plaguing G84 and G86 are the same that affect seemingly all 65nm and now 55nm NVidia parts... It is hard to overstate how bad this is. Basically every 65nm and 55nm NVidia part appears to be defective... We are hearing of early failure rates in the teens percent for 8800GTs and far higher for 9600GTs... To make matters worse, NVidia has a mound of unsold defective parts that they are going to bleed out into the channel along side of the (hopefully) fixed parts. As a buyer, you have no way of knowing which one you are getting... Until NVidia comes fully clean on this fiasco, lists all the defective parts, and orders boxes clearly marked, you can't say anything other than just avoid them. Then again, since doing the right thing would likely bankrupt them, we wouldn't hold your breath for it to happen."

Read more of this story at Slashdot.

snydeq writes "Smart coders always optimize the slowest thing. But what if 'the slowest thing' is the code supplied by your vendor? That was exactly the situation Vipul Ved Prakash discovered when he tinkered with a company Linux box on which Perl code was running at least 100 times slower than expected. The code, he found, was running on CentOS Linux, using Perl packages built by Red Hat. So Prakash got rid of the Perl executable that came with CentOS, compiled a new one from stock, and the bug disappeared. 'What's more disturbing,' McAllister writes, 'is that this Red Hat Perl performance issue is a known bug,' first documented in 2006 on Red Hat's own Bugzilla database. Folks affected by the current bug have two options: sit tight, or compile the Perl interpreter from source — effectively waiving your support contract. If a Linux vendor can't provide comprehensive maintenance and support for the open source software projects you depend on, McAllister asks, who ever will?"

Read more of this story at Slashdot.

Barence writes "Google has reversed its decision to ban projects created under the Mozilla Public License from being hosted on its Google Code site. Google banned the license in August, claiming it wanted to 'make a statement against open-source license proliferation' which it blamed for hindering the cross-pollination of code from one project to another. Chris DiBona, of Google's open source team, described its decision to ban the MPL as 'absurd,' citing the community's huge popularity." Jamie mentions that the issue was raised from the floor at OSCON at the Google Open Source Update panel, with DiBona on stage.

Read more of this story at Slashdot.

Scott Aaronson offers an intriguing call for ideas on how nerds can supercharge the political process this year. He's clearly an Obama admirer and phrases his challenge this way: "What non-obvious things can nerds who are so inclined do to help the Democrats win in November?" But the question itself is not inherently partisan. The analogy Aaronson gives is to the Nadertrading idea in 2000 (which we discussed at the time). What's the Nadertrading for 2008? "The sorts of ideas I'm looking for are ones that (1) exploit nerds' nerdiness, (2) go outside the normal channels of influence, (3) increase nerds' effective voting power by several orders of magnitude, (4) are legal, (5) target critical swing states, and (6) can be done as a hobby."

Read more of this story at Slashdot.

KentuckyFC writes "We've long thought that nuclear decay rates are constant regardless of ambient conditions (except in a few special cases where beta decay can be influenced by powerful electric fields). So that makes it hard to explain two puzzling experiments from the 1980s that found periodic variations over many years in the decay rates of silicon-32 and radium-226. Now a new analysis of the raw data says that changes in the decay rate are synchronized with each other and with Earth's distance from the sun. The physicists behind this work offer two theories to explain why this might be happening (abstract). First, some theorists think the sun produces a field that changes the value of the fine structure constant on Earth as its distance from the sun varies. That would certainly affect the rate of nuclear decay. Another idea is that the effect is caused by some kind of interaction with the neutrino flux from the sun's interior which also varies with distance. Take your pick. What makes the whole story even more intriguing is that for years physicists have disagreed over the decay rates of several isotopes such as titanium-44, silicon-32, and cesium-137. Perhaps they took their data at different times of the year?"

Read more of this story at Slashdot.

An anonymous reader writes "According to a thread on the bind-users mailing list, there is nothing inherent in the DNS protocol that would cause the massive vulnerability discussed at length here and elsewhere. As it turns out, it appears to be a simple off-by-one error in BIND, which favors new NS records over cached ones (even if the cached TTL is not yet expired). The patch changes this in favor of still-valid cached records, removing the attacker's ability to successfully poison the cache outside the small window of opportunity afforded by an expiring TTL, which is the way things used to be before the Kaminsky debacle. Source port randomization is nice, but removing the root cause of the attack's effectiveness is better." Update: 08/29 20:11 GMT by KD : Dan Kaminsky sent this note: "What Gabriel suggests is interesting and was considered, but a) doesn't work and b) creates fatal reliability issues. I've responded in a post here."

Read more of this story at Slashdot.

coondoggie writes "The online Hitman scammer, who threatens to kill recipients if they do not pay thousands of dollars to the sender, is still sending out thousands of emails and the FBI is again today warning users to ignore the spam and report any incidents to the Internet Crime Complaint Center. Two new versions of the scheme began appearing in July 2008, the FBI said. One instructed the recipient to contact a telephone number contained in the e-mail and the other claimed the recipient or a 'loved one' was going to be kidnapped unless a ransom was paid."

Read more of this story at Slashdot.

An anonymous reader writes "The BBC has published a very good profile of Gary McKinnon. It discusses his motives and methods as well as raising the question as to whether he is a malicious 'hacker' or whether he was simply obsessed with finding info about UFOs and should be praised for finding security faults in what should be extremely secure systems. This should provided stimulus for some interesting discussion on Slashdot especially between us Brits and our American friends following the confirmation of his extradition to the USA."

Read more of this story at Slashdot.

mattnyc99 writes "There was plenty of chatter last week about an MIT announcement that researcher Angela Belcher had developed a way to create virus-based nanoscale batteries to power mini gadgets of the future. In a fascinating followup at Popular Mechanics, Belcher now says that her unpublished work includes full-scale models of the batteries themselves, and that they could power everything from cars and laptops to medical devices and wearable armor. Quoting: 'We haven't ruled out cars. That's a lot of amplification. But right now the thing is trying to make the best material possible, and if we get a really great material, then we have to think about how do you scale it.'"

Read more of this story at Slashdot.

kgagne writes "While solid state disk drives can vastly improve random read performance and are perfectly suited to most mobile devices, many operations are sequential in laptops and desktops and involve writes where SSDs most often lose to magnetic hard disk drives in performance. While introducing multi-channel flash memory controllers and interleaving the NAND flash chips increases performance, it will still be about two years before the cost versus benefit ratio will make sense to install SSD in your laptop or desktop PC, according to a Computerworld story. 'I think you need to get to 128GB for around $200, and that's going to happen around 2010. Also, the industry needs to effectively communicate why consumers or enterprise users should pay more for less storage," says Joseph Unsworth, an analyst at Gartner Inc.'"

Read more of this story at Slashdot.

JagsLive writes with this story from PC Magazine: "Comcast has confirmed that all residential customers will be subject to a 250 gigabyte per month data limit starting October 1. 'This is the same system we have in place today,' Comcast wrote in an amendment to its acceptable use policy. 'The only difference is that we will now provide a limit by which a customer may be contacted.' The cable provider insisted that 250 GB is "an extremely large amount of data, much more than a typical residential customer uses on a monthly basis. ... As part of our pre-existing policy, we will continue to contact the top users of our high-speed Internet service and ask them to curb their usage,' Comcast said Thursday. 'If a customer uses more than 250 GB and is one of the top users of our service, he or she may be contacted by Comcast to notify them of excessive use,' according to the AUP."

Read more of this story at Slashdot.

cce writes "The MicroID standard, despite getting thrashed soundly by Ben Laurie two years ago, has since been recommended by the DataPortability Project and published on the user profiles of millions of users at Digg and Last.fm. MicroID is basically a hash calculated using a user's profile page URL and registered email address, producing a token that makes the email address vulnerable to dictionary attacks. To see how easy it was to crack these tokens, I conducted a small study, choosing 56,775 random Digg users, and cracking the email addresses of 14,294 of them (25%) using just their MicroID, username, and a list of popular email domains. Digg has more than 2 million users, and that means half a million of them — mostly people who had never heard of MicroID, and had probably not logged in for a long time — had their email addresses exposed to this trivial attack. I also applied this attack to Last.fm (19%) and ClaimID (34%). Digg and Last.fm have since removed support for MicroID, but the lesson is clear: don't publish a hash of my email address online, guys!"

Read more of this story at Slashdot.

arcticstoat writes "In a bid to deter people from using pirate versions of Windows XP, Microsoft is now updating its Windows Genuine Advantage (WGA) tool to introduce a few uncomfortable niggles for users of pirated versions of Windows. These include replacing the desktop wallpaper with a black screen every 60 minutes, although you can still replace it with your wallpaper of choice in the intervening period. As well as this, copies of Windows deemed to not be genuine will also have a translucent watermark above the system tray, which Microsoft calls a 'persistent desktop notification.'"

Read more of this story at Slashdot.

at0mic26 writes "I am currently tasked with finding a cost effective solution to our 30+ degree Celsius server room. The only air conditioning currently provided is a single duct pipe from one of two air conditioner units. I was thinking of stealing air from the second air conditioning unit with some sheet metal work, but it likely will not be sufficient — and would not have tolerance for both AC units being offline for any amount of time. An ideal supplemental portable AC unit is what I am after, however I'm finding it cost prohibitive, with $600+ humidity controlled AC unit, plus 20 amp socket requirement, plus contract work to make a hole in the wall for outside drainage so that the unit does not flood the place. What sort of successful cheaper air conditioning solutions have you come up with?"

Read more of this story at Slashdot.

An anonymous reader writes with this snippet from Wired: "After six Nobel Prizes, the invention of the transistor, laser and countless contributions to computer science and technology, it is the end of the road for Bell Labs' fundamental physics research lab. Alcatel-Lucent, the parent company of Bell Labs, is pulling out of basic science, material physics and semiconductor research and will instead be focusing on more immediately marketable areas such as networking, high-speed electronics, wireless, nanotechnology and software." Jamie points out this list of Bell Labs' accomplishments at Wikipedia, including little things like the UNIX operating system.

Read more of this story at Slashdot.

dotne writes "Microsoft has submitted Embedded OpenType (EOT) to W3C and a slimy campaign for EOT has been launched. EOT is a DRM layer on top of normal TrueType/Opentype files; EOT ties a font file to a certain web page or site and prevents reuse by other pages/sites. Microsoft's IE has supported EOT for years, but it has largely been ignored due to the clumsiness of having to regenerate font files when a page changes. Now that other browsers are moving to support normal TrueType and OpenType on the web (Safari, Opera, Mozilla, Prince), W3C is faced with a question: should they bless Microsoft's EOT for use on the web? Or, should they encourage normal font files on the web and help break Microsoft's forgotten monopoly?"

Read more of this story at Slashdot.