Messages

151

General Software Discussion / Re: Wanted: SysAdmin-focused Account Information Keeper

« on: October 13, 2009, 05:57 PM »

I do understand what you're saying, but for sysadmin related stuff I'm only looking to prevent a random user getting a-hold of all our passwords, I've no expectation that the NSA would want to get into my Wiki. An optional password with something basic (AES, Twofish etc) would be plenty for me.

Ehtyar.

[edit]
It also means decrypting to a file instead of decrypting to memory. Nasty.
[/edit]

152

General Software Discussion / Re: Wanted: SysAdmin-focused Account Information Keeper

« on: October 13, 2009, 02:42 PM »

The problem I find with KeePass is that the format is soooooo limited. If I set up a new server with PHP/MySQL, a few webapps and a few users, there's 10 or 15 passwords right there. Are you telling me I've then got to add 15 individual passwords to KeePass, one at a time? No thank you...

Right now I'm using WikidPad and keeping the wiki itself encrypted on my drive. It's a nasty hack, and I'd really like native encryption within the application, but beggars can't be choosers...

Ehtyar.

153

Living Room / Re: Snow leopard bug causes erasure of users home directory

« on: October 13, 2009, 02:35 PM »

"I hope all your previous words were soft and sweet. Because you're about to eat them." -Anonymous

-40hz (October 13, 2009, 06:36 AM)

Want to lose all your data? There's an app for that.

-Innuendo (October 13, 2009, 10:06 AM)

Ehtyar.

154

Living Room / Re: Tech News Weekly: Edition 41-09

« on: October 11, 2009, 05:20 PM »

I'm pretty sure that using graphics cards to replace our current CPUs would not be conducive to a smooth transition, what with the hundreds of missing instruction and register equivalents and all that...

Ehtyar.

155

Living Room / Tech News Weekly: Edition 41-09

« on: October 11, 2009, 06:05 AM »

The Weekly Tech News

Hi all. Enjoy As usual, you can find last week's news here.

1. DRAM Study Turns Assumptions About Errors Upside Down

Spoiler

http://arstechnica.com/business/news/2009/10/dram-study-turns-assumptions-about-errors-upside-down.ars
Google have conducted a pretty sweet real-world study of DRAM over the past couple of years and have published some very interesting results.

The conventional wisdom about DRAM error rates is that errors are rare, and the majority of the errors that do occur are so-called "soft errors"—randomly corrupted bits that have been flipped by incoming cosmic rays. But a recent large-scale study of DRAM errors released by Google turns this wisdom on its head, and in doing so reinforces the importance of error correction coding (ECC) and regular hardware replacement for datacenter machines.

Google's 2.5-year study of DRAM error rates in its datacenters is the largest such real-world study ever released; prior studies have been based on lab tests done under artificially high-stress conditions, with the results then extrapolated to give a picture of real-world conditions. Google engineers tracked errors as they happened, and logged both the errors and relevant data like temperature, CPU utilization, and memory allocated. After analyzing the data, they drew seven main conclusions about the nature, frequency, and causes of DRAM errors.

2. EU, Microsoft Agree On Browser Ballot, Testing to Start Soon

Spoiler

http://arstechnica.com/microsoft/news/2009/10/microsoft-investigation-nears-end-as-eu-oks-browser-ballot.ars
The EU and Microsoft have agreed on a format for the browser ballot that will come with the European version of Windows. Very interesting.

The European Commission's investigation into Microsoft's bundling of Internet Explorer with Windows may be winding down, as the Commission has announced plans to begin testing the browser ballot proposed this past July by Microsoft. Starting Friday, consumers, OEMs, developers, and "other interested parties" will have a chance to speak their mind on the browser ballot.

In deciding to move ahead with the browser ballot, the EC cited improvements made to Microsoft's original proposal. One of those is pictured above: before the ballot actually appears on the screen, users are educated on what, exactly, a browser does. ("It's what you use to surf the Internet.") Once users confirm that they are connected to the Internet, the ballot itself appears.

3. Australian ISP in Court for Not Disconnecting Users

Spoiler

http://arstechnica.com/tech-policy/news/2009/10/australian-isp-in-court-for-not-disconnecting-users.ars
A landmark lawsuit is taking place in Australia, where the big movie studios are taking an ISP to court for taking action against repeat copyright infringers. If the ISP loses, ISPs can no longer claim immunity when confronted with proof of copyright infringement.

Australia's third-largest ISP finally found itself in court this week after film companies last year sued iiNet for not disconnecting Internet users on their say-so. The case will be a major test of Australia's "safe harbor" copyright law that provides immunity to Internet service providers—but only those that "reasonably implement" a user termination policy for "repeat infringers."

The movie studios told Australia's Federal Court yesterday that a one-year investigation had uncovered 97,942 examples of iiNet customers making copyrighted films available on peer-to-peer networks. 29,914 of those cases involved films at issue in the current litigation. The movie Wanted was the most popular offering, while the truly execrable Hancock was second.

4. New Malware Re-Writes Online Bank Statements to Cover Fraud

Spoiler

http://www.wired.com/threatlevel/2009/09/rogue-bank-statements/
Oh I like this one. Seems too many malware writers were getting caught out transferring funds from bank accounts, so they're rewriting your online bank statements to cover their tracks.

New malware being used by cybercrooks does more than let hackers loot a bank account; it hides evidence of a victim’s dwindling balance by rewriting online bank statements on the fly, according to a new report.

The sophisticated hack uses a Trojan horse program installed on the victim’s machine that alters html coding before it’s displayed in the user’s browser, to either erase evidence of a money transfer transaction entirely from a bank statement, or alter the amount of money transfers and balances.

5. It's Official: Software is Owned, Not Licensed

Spoiler

http://www.net-security.org/secworld.php?id=8286
It seems you can now legally resell a second-hand copy of software in the US; you own it.

Autodesk, a California based software company that has been suing one Timothy Vernor for second-hand sale of (legitimate) copies of the company's software via eBay, has lost the suit.

Out-Law News reports that Autodesk tried to prove that the software in question is licensed (not sold), and that Vernor's attempt to sell it constitutes copyright infringement - but the court found that there isn't enough evidence to back that claim.

6. More Transparency Coming to Blog Reviews Under New FTC Rules

Spoiler

http://arstechnica.com/tech-policy/news/2009/10/more-transparency-coming-to-blog-reviews-under-new-ftc-rules.ars
In a superb demonstration of unenforceable legislation, the FTC is now requiring almost any form of provision of goods without compensation to be mentioned in any related blog post. *sigh*

Bloggers will come under the watchful eyes of the Federal Trade Commission for the first time, as the agency has finalized new rules governing bloggers and the products they write about. "Consumer-generated media" outlets (e.g., bloggers) will now have to disclose if they are being compensated by a manufacturer, advertiser, or service provider when they review an item. So if a blogger gets a laptop from a manufacturer to review and gets to keep it, he or she will have to make that fact public.

The new guidelines don't tell bloggers how they need to make the disclosure, but they do lay out the penalties: up to $11,000 per violation with the possibility of injunctions to boot, although the FTC makes it clear that the fines are a last resort. "Worst-case scenario, someone receives a warning, refuses to comply, followed by a serious product defect; we would institute a proceeding with a cease-and-desist order and mandate compliance with the law," FTC assistant director of advertising practices Richard Cleland told Fast Company. The FTC could also order that consumers be reimbursed in cases where a relationship between blogger and advertiser isn't disclosed and they suffer financial harm because of it.

7. Feds Net 100 Phishers in Biggest Cybercrime Case Ever

Spoiler

http://www.theregister.co.uk/2009/10/08/100_phishers_netted/
As far as money goes, this seems like small fries to me, but this is a lot of scumbags behind bars.

US and Egyptian authorities have charged 100 people with conducting a phishing operation that siphoned at least $1.5m from thousands of accounts belonging to Bank of America and Well Fargo customers.

Fifty-three defendants from California, Nevada and North Carolina were named in a federal indictment unsealed Wednesday. Prosecutors said it was the largest number of defendants ever charged in a cybercrime case. Authorities in Egypt charged an additional 47 people.

8. Botnet-hosting Subscribers Soon to Get Warnings from Comcast

Spoiler

http://arstechnica.com/security/news/2009/10/botnet-hosting-subscribers-soon-to-get-warnings-from-comcast.ars
Fun stuff. And just what, exactly, will someone who isn't able to determine they have a bot on their machine going to do with a piece of paper telling them there is a bot on their machine?

Internet users, don't worry—papa Comcast's lookin' out for you. The company announced that it has begun rolling out a service that will warn its broadband customers when they could be infected with malware based on their traffic patterns. The service, dubbed "Constant Guard," is really aimed at reducing botnet traffic on Comcast's network with the spin that the company wants to protect customers, and a trial has already begun in Denver, Colorado.

The warning will come as an in-browser pop-up that will trigger if there's an unusual spike in traffic from a customer's home, or if mass numbers of e-mails suddenly start going out of that user's account. The pop-up will instruct users to go to Comcast's Anti-Virus Center to help diagnosing and fixing the problem (Comcast has partnered with McAfee for virus removal software).

9. Microsoft Mulling 128-bit Versions of Windows 8, Windows 9

Spoiler

http://arstechnica.com/microsoft/news/2009/10/microsoft-mulling-128-bit-versions-of-windows-8-windows-9.ars
Can someone please explain to me how they intend to accomplish this without a shred of architecture spec to work with? Or is this yet another instance of Wintel anti-trust?

Believe it or not, Windows 7's successor(s) have been in the planning and early development stages for a while now. We haven't posted anything about any of them yet, but we've been watching closely to see if anything really interesting turned up. Exactly two weeks ago, it did. A LinkedIn profile, which has already been taken down, for a Robert Morgan, Senior Research & Development at Microsoft, has shone a sliver of light on the possibility of 128-bit support coming to Windows 8.

10. Wesley Crusher Must Die

Spoiler

http://www.youtube.com/watch?v=tVYCbRjhnsE
For all those who wanted to see Wesley Crusher asplode (Wil Wheaton is still awesome though).

Ehtyar.

156

Living Room / Tech News Weekly: Edition 40-09

« on: October 05, 2009, 04:54 AM »

The Weekly Tech News

Hi all. Enjoy As usual, you can find last week's news here.

1. Bank Snafu Gmail Missive Never Opened

Spoiler

http://www.theregister.co.uk/2009/09/30/rocky_mountain_google_case_fini/
You may remember the story involving a mistakenly emails bank document and a suit against Google..well a lot has happened since then. The bank successfully sued Google, and the judge actually ordered Google to close the entire Gmail account (and the fucktard score here is?....anyone?). So anyway, Google closes the account, deletes the offending email, and through an agreement with the bank, reopens the account. Now the bank is shouting from the hilltops that the email was never opened...well hip-hip-hooray for that....

The confidential email at the heart of a roundabout US lawsuit against Google was never opened, according to the bank that accidentally sent the missive to the wrong Gmail account.

This summer, according to court documents, an unnamed employee with the Wyoming-based Rocky Mountain Bank was asked by a customer to send some loan documents to a Gmail account used by a third party. But the employee mistakenly sent them to different Gmail account, along with another confidential file packed with the names, addresses, tax IDs, and loan info for 1,325 of the bank's customers.

2. Next-gen Trojan Rewrites Bank Statements

Spoiler

http://www.theregister.co.uk/2009/10/01/next_gen_bank_trojan/
Now why didn't I think of that...?

Black hat hackers have created a new strain of Trojan that rewrites online bank statements to disguise fraud.

Victims of the URLZone Trojan would only realise their bank account has been looted after they check their balance with a bank branch or via an ATM.

Cybercriminals distribute the malware by booby-trapping websites (many of them legitimate) using the LuckySpoilt toolkit. Malicious pdf files or JavaScripts are used to push the URLZone Trojan onto the vulnerable Windows boxes of visiting surfers.

3. Holographic Storage, Phase-change Memory Coming Soon

Spoiler

http://arstechnica.com/science/news/2009/09/holographic-storage-phase-change-memory-nearing-the-market.ars
Soooo cool, but we need capacity people!!

Last week's EmTech 09 meeting played host to a panel discussion on the future of data storage. All three of the panelists were from companies that have a poorly known product on the market, and each of them discussed improvements that are in the pipeline, which we'll cover towards the end of this article. But they also provided a more general overview of the challenges facing storage technology at a time when data production is beginning to outstrip our ability to cope with it.

Ed Doller, of memory maker Numonyx, put things into perspective by discussing the launch of the iPhone 3GS. The hardware itself doesn't store all that much, but its capabilities led to downstream issues: within a few weeks of its release, mobile uploads of videos to YouTube had shot up by roughly 400 percent, and it's likely that other data-intensive activities will follow personal video before very long.

4. Irate Android Devs Aim to Replace Google's Proprietary Bits

Spoiler

http://arstechnica.com/open-source/news/2009/09/android-community-aims-to-replace-googles-proprietary-bits.ars
Apparently its commonplace to hack at mobile phone roms, redistribute it, and have the manufacturer turn a blind eye. It seems this is not the case with a largely open-source phone firmware.

Google is facing a major backlash from the Android community after sending a cease-and-desist order to the independent developer behind a popular Android mod. The controversy reflects some of the licensing challenges that are raised by mobile platforms that incorporate both open and proprietary components. It also illuminates yet another weak point in Google's commitment to delivering a truly inclusive and open platform.

Developer Steve Kondik, known by his handle Cyanogen, is an independent Android hacker who builds custom ROM images that users can install on their Android-powered handsets. His customizations are well-liked and bring significant improvements to the platform. A growing number of Android enthusiasts contend that the stock platform doesn't live up to expectations and that the custom ROM, particularly its performance optimizations, are essential to having a quality Android user experience. The problem, however, is that the custom ROM ships with Google's proprietary software components, such as the Android Market and Maps applications.

5. ICANN Cuts Cord to US Government, Gets Broader Oversight

Spoiler

http://arstechnica.com/tech-policy/news/2009/09/icann-cuts-cord-to-us-government-gets-broader-oversight.ars
On the heels of the US government considering passing legislation that would permit the President to "shut down the Internet" (we all know that's not possible, but the US could get the furthest), ICANN has significantly lessened its ties to the US, going for a more international approach.

The Internet Corporation for Assigned Names and Numbers (ICANN) is breaking free of the US Department of Commerce. The many-times-amended Memorandum of Understanding between the two groups was replaced today with a new Affirmation of Commitments that gives international stakeholders more say in how ICANN oversees the worldwide domain name system (DNS).

The US government has exerted control over ICANN since the nonprofit group was set up in 1998. Though DNS was a worldwide system, ICANN was answerable only to the Department of Commerce, and it faced significant criticism for being slow to adopt measures useful to Web browsers in other countries—non-English characters in domain names, for instance.

6. $388 Million Patent Verdict Against Microsoft Overturned

Spoiler

http://arstechnica.com/microsoft/news/2009/09/record-388-million-verdict-against-microsoft-overturned.ars
SO who didn't see this one coming? Hands up, you need a spanking....

Judge William Smith of the US District Court for the District of Rhode Island has overturned a $388 million patent-infringement verdict against Microsoft. A jury had found the company had infringed on a patent held by software maker Uniloc, a Singapore-based security company, sticking Microsoft with the largest patent penalty on record, but the court has now ruled in the software giant's favor. "We are pleased that the court has vacated the jury verdict and entered judgment in favor of Microsoft," a Microsoft spokesperson told Ars.

Uniloc now plans to appeal. "We are disappointed by the decision the trial judge has made to overturn the jury's unanimous verdict in Uniloc's patent infringement case against Microsoft," Brad Davis, CEO at Uniloc, told Ars. "We believe that the jury's verdict in April was thoughtful, well reasoned and supported by the evidence presented. Since the patent status remains unchanged, Uniloc will continue to protect its intellectual property and appeal the Judge's decision to override the jury's verdict to the US Court of Appeals. We are confident that Uniloc will ultimately prevail."

7. @fakeaccount You Got Served! Quit the Fake Tweets!

Spoiler

http://arstechnica.com/tech-policy/news/2009/10/fakeaccounts-you-got-served-shut-down-immediately.ars
Not really new since that Facebook incident, but it looks we can consider social networks fair ground when it comes to being served.

What if we all started getting legal notifications via Twitter? It seems like a recipe for disaster, but Britain's High Court believes it's worth a shot in order to reach one anonymous Twitter user who just won't let up on his (or her) impersonation of conservative blogger Donal Blaney.

The Twitter account in question is called "blaneysblarney," after Blaney's own blog of the same name. A quick look at the Twitter page gives no indication that the account is a fake or parody—it uses a real picture of Blaney and merely states "Blaney's Blarney" under the name field with no bio. For those looking to follow the real Donal Blaney on Twitter, there's nothing that would make a casual user suspect that this account wasn't his except perhaps the snarky tone of its tweets.

8. Apple Tries to Patent Method to Lock Down Your Mobile Device

Spoiler

http://arstechnica.com/apple/news/2009/10/apple-tries-to-patent-method-to-lock-down-your-mobile-device.ars
*sigh* So does this mean we don't have to pay for the hardware? I don't need a phone with a compass...

One of the ways Apple's iPhone succeeded where other phones failed is that it doesn't let carriers install custom firmware that locks out features of the phone. However, Apple doesn't appear to be above giving carriers a way to be able to do that, even with the iPhone. The company filed a patent application earlier this year (published yesterday) for "provisioning" services on a mobile device based on a custom carrier profile.

In the patent filling, revealed by Slashdot, Apple describes a unified system for allowing a carrier-defined list of approved and unapproved features and applications to be uploaded to the device during activation, essentially allowing carriers to restrict whatever features or applications it decided not to "allow" on its network. "[M]obile devices often have capabilities that the carriers do not want utilized on their networks," according to the patent application. "For example, a mobile device may be designed with Bluetooth functionality, but the carrier may wish to prevent its users from taking advantage of that capability. Various applications on these devices may also need to be restricted."

9. Terminator 2 Mega Tribute

Spoiler

http://vimeo.com/5376487
A Terminator 2 tribute by the staff at Vimeo. A woman as John and a guy as Sarah? That's my kind of tribute...

Ehtyar.

157

General Software Discussion / Re: Rant: Firefox 3.5.x

« on: September 29, 2009, 07:04 PM »

Just to clarify, there should be no expectation that any of your extensions work with Minefield. If any of your extensions *do* work, it is pure luck, though you may be looking at destabilizing your build if you continue to use it.

Ehtyar.

158

Living Room / Re: Here come the airport rectal exams! (NSFW)

« on: September 29, 2009, 07:01 PM »

Oh god...the puns...too much...love it...

Ehtyar.

159

General Software Discussion / Re: Rant: Firefox 3.5.x

« on: September 27, 2009, 06:29 PM »

I used 3.7a1pre yesterday for a few hours. With the exception of WebGL, I didn't notice a difference.

Ehtyar.

160

Living Room / Re: Tech News Weekly: Edition 39-09

« on: September 27, 2009, 06:27 PM »

My pleasure House Man, glad you enjoy it

Ehtyar.

161

General Software Discussion / Re: -Recklessly- remove hardware (from USB)

« on: September 27, 2009, 06:24 PM »

Even with "optimize for quick removal", I'd still use "safely remove" to be 100% on the safe side. That will ensure all data is flushed and the filesystem is clean, and will notify you if there's programs still trying to access the device.

-f0dder (September 27, 2009, 11:57 AM)

Amen. However, it is extremely frustrating when Windows refuses to eject a device despite there being no open handles to it. I find that in this case, there are no adverse effects to simply yanking the device.

Ehtyar.

162

Living Room / Tech News Weekly: Edition 39-09

« on: September 27, 2009, 06:11 AM »

The Weekly Tech News

Hi all. Sorry about all the data breach stories, hopefully some of them will induce a LOL As usual, you can find last week's news here.

1. Demon Splurges Details of 3,600 Customers in Billing Email

Spoiler

http://www.theregister.co.uk/2009/09/23/demon_password_giveaway/
Normally I don't post about data leaks, but I think such gross incompetence is worthy of an exception. Basically, British ISP Demon Internet sent out an email talking up their new electronic billing system, and attached a document containing the private details, including passwords, for their some 3600 customers.

Demon Internet sent thousands of business and government subscribers an email this morning telling them all about a new e-billing system, and tacked on details, including passwords, for 3,600 customers.

The email - supposedly from Simon Blackburn Demon's director of customer service - has been sent to customers opting for e-billing. It includes a guide to the new service along with user names and passwords.

But the email also has a .csv attachment with 3,681 customer records on it. Entries include names, emails, telephone numbers and what looks very like a user name and password.

2. Bank Sues Google for Identity of Gmail User

Spoiler

http://www.theregister.co.uk/2009/09/23/google_sued_for_gmail_user_identity/
This one's even funnier, though on a more serious note this case a lot of potential to create some very nasty case law. A bank clerk has sent loan details of 1300 customers to a Gmail address, and the bank is now suing Gmail for the identity of the account holder.

A US bank is suing Google for the identity of a Gmail user after a bank employee accidentally sent the user a file that included the names, addresses, tax IDs, and loan info for more than 1,300 of the bank's customers.

In mid-August, according to court documents filed in a California federal court, the Wyoming-based Rocky Mountain Bank was asked by a customer to send certain loan documents to a Gmail account belonging to a third party. A bank employee attempted to do so. But a day later, he realized he had sent the documents to the wrong address - along with a file containing confidential information for 1,325 other customers.

3. WebGL in Firefox Nightly Builds, Demoed With 3D Spore Model

Spoiler

http://arstechnica.com/open-source/news/2009/09/webgl-in-firefox-nightly-builds-demoed-with-3d-spore-model.ars
Mozilla, along with Apple, will soon have a 3D graphics framework available in their browsers called WebGL.

The latest Firefox nightly builds now include Mozilla's implementation of WebGL, an emerging standard that aims to bring 3D graphics to the Web. Although the standard is still at a relatively early stage in the draft process, it is rapidly gaining momentum and has strong backing from a growing number of browser vendors. It's yet another sign that standards adoption is accelerating as the need to bring richer content to the Web drives forward browser evolution.

The WebGL working group was formed earlier this year when Mozilla teamed up with the Khronos Group, the organization behind the OpenGL standard, to define an open standard for native browser 3D. The goal is to develop low-level JavaScript APIs that will provide comprehensive support for OpenGL ES 2.0. High-level third-party libraries, such as C3DL, will be built on top to give Web application developers a more expressive and convenient way to leverage WebGL's 3D capabilities. Mozilla believes that the flexibility inherent in this layered approach will be advantageous in the long term and that the trend towards faster JavaScript engines will make it practical for real-world usage.

4. Big GPL Copyright Enforcement Win in Paris Court of Appeals

Spoiler

http://arstechnica.com/open-source/news/2009/09/big-gpl-copyright-enforcement-win-in-paris-court-of-appeals.ars
An interesting bit of case law has just shot up in France, making it possible for GPL enforcement lawsuits to be won by those receiving the software, not just those developing it.

The Free Software Foundation France (FSF France) is jubilant about a recent court ruling that has affirmed the validity of the open source GNU General Public License (GPL) under French copyright law. This successful GPL enforcement effort will send a strong message about the importance of open source license compliance to the French software industry.

The GPL is a copyleft license that mandates reciprocal disclosure of source code. When a company incorporates code that is licensed under the GPL into their software product, they are obligated to make their own code available under the terms of the GPL, which stipulates that source code must be made available for third parties to study, modify, and redistribute. Companies that ship GPL-based products must provide notice to end users and promise to furnish source code upon request.

5. Oracle Won't Unload MySQL, Sun Losing $100 Million Per Month

Spoiler

http://arstechnica.com/open-source/news/2009/09/oracle-wont-unload-mysql-sun-losing-100-million-per-month.ars
Oracle has officially announced that it will be holding on to MySQL when it aquires Sun Microsystems, despite antitrust concerns from the EU.

Oracle's pending acquisition of Sun recently hit a snag when EU regulators decided that Oracle's assimilation of MySQL warranted closer scrutiny. Oracle CEO Larry Ellison responded publicly in a recent address, saying that Oracle will not unload MySQL in order to appease EU regulators.

Sun acquired MySQL last year in a move that aimed to position the company's Solaris operating system as a more appealing choice for Web servers. The honeymoon was short, however, and key people from MySQL fled in the aftermath of the acquisition. MySQL cofounder Monty Widenius left in February after expressing frustration with the 5.1 release. He founded his own company and formed an alliance with other independent companies in the MySQL ecosystem with the intention of providing an alternate path forward for MySQL in the event that Oracle takes steps that are disadvantageous to the community.

6. FCC to Take a Stand On Net Neutrality

Spoiler

http://www.pcworld.com/article/172290/fcc_to_take_a_stand_on_net_neutrality.html
The FCC has announced it intends to legislate a form of Net Neutrality, which would, perhaps most importantly, prevent ISPs from giving preference to, or discriminating against, certain types of traffic on their networks.

Federal Communications Commission (FCC) chairman Julius Genachowski is expected to announce a plan on Monday to formalize the idea of net neutrality. The move, which supports a campaign promise made by President Barack Obama, will prevent the information superhighway from becoming a toll road giving preferential treatment to those who pay for it.

The move would formalize rules the FCC has already been imposing on a case by case basis. Last Fall, under the previous administration and previous FCC chairman, Kevin Martin, the FCC ruled that Comcast could not throttle (or limit) bandwidth for peer-to-peer (P2P) networking traffic. Comcast is challenging that ruling, but formalizing the guidelines being imposed would help support the FCC decision.

7. Facebook Enables Apps to Peek at Mail

Spoiler

http://www.theregister.co.uk/2009/09/23/facebook_mailbox_api_privacy/
Facebook app developers will soon be able to raid a users' message inbox, after the user has provided explicit permission.

Facebook plans to open up members' inboxes and notifications to developers have drawn fire from security experts as an unacceptable privacy risk.

The social network site published plans to release a notification and Mailbox API in a post on a developers' forum last month. The development has received little attention since, despite marking a huge shift in how much confidential data software applications on the social networking might be able to access.

Users who sign up to applications that make use of the feature give the green-light for software to scan the contents of messages sent through the social networking website.

8. Texas Instruments Signing Keys Broken

Spoiler

http://www.schneier.com/blog/archives/2009/09/texas_instrumen.html
A cute cryptography story for the budding cryptologists among us; Texas Instruments' 512-bit code signing keys have been factored, laying bare their firmware update mechanism.

Texas Instruments' calculators use RSA digital signatures to authenticate any updates to their operating system. Unfortunately, their signing keys are too short: 512-bits. Earlier this month, a collaborative effort factored the moduli and published the private keys. Texas Instruments responded by threatening websites that published the keys with the DMCA, but it's too late.

So far, we have the operating-system signing keys for the TI-92+, TI-73, TI-89, TI-83+/TI-83+ Silver Edition, Voyage 200, TI-89 Titanium, and the TI-84+/TI-84 Silver Edition, and the date-stamp signing key for the TI-73, Explorer, TI-83 Plus, TI-83 Silver Edition, TI-84 Plus, TI-84 Silver Edition, TI-89, TI-89 Titanium, TI-92 Plus, and the Voyage 200.

9. Quantum Chip Helps Crack Code

Spoiler

http://www.spectrum.ieee.org/computing/hardware/chip-does-part-of-codecracking-quantum-algorithm
It seems I'm a bit late on this one, but no matter. Researchers have used a quantum integrated circuit to etermine the prime factors of the number 15. THis is a long way from cracking DSA or RSA, but is an incredible breakthrough for Quantum computing nonetheless.

Modern cryptography relies on the extreme difficulty computers have in factoring huge numbers, but an algorithm that works only on a quantum computer finds factors easily. Today in Science, researchers at the University of Bristol, in England, report the first factoring using this method—called Shor’s algorithm—on a chip-scale quantum computer, bringing the field a tiny step closer to realizing practical quantum computation and code cracking.

Quantum computers are based on the quantum bit, or qubit. A bit in an ordinary computer can be either a 1 or a 0, but a qubit can be 1, 0, or a ”superposition” of both at the same time. That makes solving certain problems—like factoring—exponentially faster, because it lets the computer try many more solutions at once. The race is on to find the ideal quantum computer architecture, with qubit contenders that include ions, electrons, superconducting circuits, and in the University of Bristol’s case, photons.

10. Astronaut Mess

Spoiler

http://www.youtube.com/watch?v=gugmvumKU6s
Ha-larious!!

Ehtyar.

163

General Software Discussion / Re: Rant: Firefox 3.5.x

« on: September 26, 2009, 06:34 AM »

3.0 and 3.5 are indeed different branches of Firefox. Mozilla considers first-point releases (x.x) to be distinct, only second-point releases (x.x.x) are of the same branch. Each first-point release is built atop a new version Gecko, the Mozilla rendering engine. Firefox 3.5 will not be offered as an update to 3.0 clients until support ends for 3.0. This is simply Mozilla's style of versioning their software.

Under Windows 7 RTM with Firefox 3.5 plus ~40 extensions, I can report no such problems as those detailed by SectorSeven.

Ehtyar.

164

Living Room / Re: Tech News Weekly: Edition 38-09

« on: September 21, 2009, 03:16 PM »

Hehe, can you try to forget every few Sundays, or at least every time the Aussie Govt. does something stupid? Oh, but you would like to actually be taking your medication at some point...maybe back to every few Sundays then

Ehtyar.

165

Living Room / Re: Permanently Delete Your Facebook Account

« on: September 21, 2009, 01:18 AM »

No, you can't. Your mum/face etc said so

Ehtyar.

166

Living Room / Re: Permanently Delete Your Facebook Account

« on: September 20, 2009, 07:58 PM »

You're too late for their ~300,000,000 users Joshua

Ehtyar.

167

Living Room / Permanently Delete Your Facebook Account

« on: September 20, 2009, 07:54 PM »

How to permanently delete your facebook account... 2 methods outlined here...

Ehtyar.

168

General Software Discussion / Re: Virtual PC 2007 Final

« on: September 20, 2009, 07:19 PM »

Yay VirtualBox!!

Ehtyar.

169

Living Room / Re: Tech News Weekly: Edition 38-09

« on: September 20, 2009, 03:18 PM »

7.

"Dear Mr Rudd, I have decided that the 900 Ruddbucks you generously gave me is in no way compensation for the irreparable harm that you and your cabal of technologically illiterate, backward gorillas wish to inflict upon this nation.

I hereby request that I be no longer forced to pay taxes from this moment on as I no longer wish to finance such an inept bunch of cretins.

I might conceivably reassess this situation in the future if and when you have come to your senses and started investing in education.....you know, what we used to go to school for back in the last century."

Yours sincerely,
F.U. Rudd   (no relation)

-4wd (September 20, 2009, 07:51 AM)

*applause applause applause* - That was a great read 4wd

Honestly, I don't consider number 7 to be wrong.
The first warning will let people know they have their computers infected with something and are a problem for the rest of the society. If they choose to ignore the warning and not fix the computer or take it to the shop, they are unplugged from the internet.

Something similar happens with cars (in portugal): if your car doesn't pass on the inspection, you must fix it. If you're caught driving it without the inspection in order, the car is apprehended.

-jgpaiva (September 20, 2009, 08:30 AM)

Good god....

Ehtyar.

170

Living Room / Tech News Weekly: Edition 38-09

« on: September 20, 2009, 05:13 AM »

The Weekly Tech News

Hi all. Enjoy As usual, you can find last week's news here.

1. IE8 Beats Firefox, Chrome, Opera, and Safari in Battery Life

Spoiler

http://arstechnica.com/microsoft/news/2009/09/ie8-beats-firefox-chrome-opera-and-safari-in-battery-life.ars
Finally, a browser comparison with IE on top that sounds remotely believable... IE8 apparently tops all the major browsers in battery usage.

When you think about benchmarking a browser, you typically consider speed, as well as CPU and memory usage. What about battery life, though? Laptop sales are outpacing desktop sales after all, so it only makes sense to choose software based on battery life, in addition to other factors and criteria. AnandTech tested a Gateway laptop with an AMD processor, a Gateway laptop with an Intel processor, and the Asus Eee PC netbook to compare battery life while running Internet Explorer 8, Firefox + AdBlock, Chrome 2, Firefox 3.5.2., Opera 9.64, Opera 10.0b3, and Safari 4. The two Gateways were running Windows Vista, while the Eee PC was running Windows XP SP3. Simple webpages were tested, as well as ones with Flash.

2. France Passes Harsh Anti-P2P Three-strikes Law (again)

Spoiler

http://arstechnica.com/tech-policy/news/2009/09/france-passes-harsh-anti-p2p-three-strikes-law-again.ars
After the first version of the law was struck down by federal courts, a newly modified version of the french 3-strikes law has been passed by parliament.

The French legislature today passed into law a second version of the ultra-controversial HADOPI "three strikes" law that targets illegal Internet file-swappers. The revised proposal does address the concerns of the "Sages" who sit on France's Constitutional Council who objected to the first version of the law, but it does little to mollify critics. Internet disconnections of up to a year can be ordered by a single judge in a "streamlined" proceeding, while Internet users who fail to "secure" their connections can also be punished if other people use those connections to exchange copyrighted material.

The National Assembly passed HADOPI 2 today by a margin of 285-225; the Senate has already passed the legislation.

3. Google Boosts Book Digitization by Capturing ReCAPTCHA

Spoiler

http://arstechnica.com/web/news/2009/09/google-boosts-book-digitization-by-capturing-recaptcha.ars
Google has purchased online service reCAPTCHA in the hopes the service might assist them with their book digitizing effort.

This morning, the Official Google Blog announced that the search giant has acquired reCAPTCHA. The company provides a service that combines two things that Google would be very interested in: it verifies that information provided to a server has been entered by a human and, in the process, helps identify difficult-to-decipher text from book digitization projects. As such, it's a natural fit for Google.

The basic premise of the reCAPTCHA service is based on two related computer science problems. Book digitization efforts rely on the ability of optical character recognition (OCR) software to help extract the text from a scanned image of a page. For a variety of reasons—damage to a book, improperly placed pages, unusual fonts, etc.—this process fails at a certain rate, leaving an incomplete digitization.

4. Disloyal Employees Are Not Hackers, Says Court

Spoiler

http://arstechnica.com/tech-policy/news/2009/09/disloyal-employees-are-not-hackers-says-court.ars
This court decision sets a precedent for far less harsh sentences for employees who steal data from their place of employment.

The "unauthorized access" provision of the Computer Fraud and Abuse Act (CFAA) has turned out to be quite an asset to those looking to prosecute people for all manner of actions involving computers, even though it was originally meant to target hackers. The Ninth Circuit Court of Appeals has ruled, however, that it cannot be used to prosecute someone for being disloyal with company info after quitting—a decision that is being applauded by CFAA critics who want to limit the statute.

The decision came after a company named LVRC Holdings filed a lawsuit against a former employee, Christopher Brekka, his wife, Carolyn Quain, and their independent consulting business. LVRC had accused Brekka of using company computers "without authorization" in order to e-mail himself LVRC client files in order to use that information for his personal business after leaving the company.

5. Google Apps Bug: You've Got (my) Mail

Spoiler

http://news.cnet.com/8301-27080_3-10356803-245.html
A Google Apps snafu saw several university students given access each others' email. Still want your stuff in the cloud people?

As a result of a bug in a Google Apps e-mail migration tool, some students at Brown University found other students' e-mail in their in-box over the weekend as Google was moving their e-mail from Exchange to Gmail, Google confirmed on Friday.

The problem affected a "handful" of organizations that use Google Apps, a spokesman said. He declined to specify how many were affected or how many individual users were affected.

Brown University newspaper the Brown Daily Herald reported that e-mail for 22 students was misdirected starting on Friday, that the university notified Google about it on Saturday, and it was fixed on Tuesday.

6. Microsoft, Cisco Issue Defenses For TCP Denial-Of-Service Attack

Spoiler

http://www.darkreading.com/security/perimeter/showArticle.jhtml?articleID=219700358
Microsoft and Cisco have both released patches for the still as-yet only partially disclosed TCP stack resource exhaustion vulnerability.

A denial-of-service (DoS) attack threat to Transmission Control Protocol (TCP) implementations reported more than a year ago re-emerged yesterday in the form of security updates from Microsoft and Cisco, with the two vendors each issuing protections against the potentially deadly attacks.

Microsoft and Cisco were the first vendors to address the still mostly mysterious flaws in implementations of TCP that were first revealed last fall by researchers from Outpost24. Details of the attack have been kept under wraps for security reasons, but it basically lets an attacker DoS a PC or router using just a few malicious packets, in some cases permanently damaging victim machines.

7. Australia Mulls Botnet Takedown Scheme

Spoiler

http://www.theregister.co.uk/2009/09/15/oz_botnet_takedown_scheme/
Honestly, I'm running out of negative euphemisms for the Australian Government, if it's even worthy of that title anymore... Basically, they've decided that the best way of getting zombie PCs offline is to disconnect their owners from the Internet, an act for which ISPs (of course, who else?) would be responsible.

Australia is considering the adopting of a code that would oblige ISPs to contact, and in extreme cases perhaps even disconnect, customers with malware-infested computers.

The voluntary eSecurity Code is designed to put a squeeze on the estimated 100,000 zombies in Australia, each of which might be capable of kicking out 10,000 junk emails a day.

Pilot data sharing schemes in Australia are praised for resulting in the reduction of malware-infected systems. Around 68 ISPs were involved in a 2007 Australian Internet Security Initiative (AISI) programme credited with reports of 10,000 compromises every day. The scheme cost a relatively modest A$4.7 million over four years.

8. Pirate Bay Buyer Faces Setbacks

Spoiler

http://news.bbc.co.uk/2/hi/technology/8263471.stm
Torrent site The Pirate Bay is facing significant setbacks in the pursuit of its sale to Global Gaming Factory after a creditor claimed to be owed almost $200,000 by GGF.

The document was filed with a Swedish court by a creditor of Global Gaming Factory (GGF), which outlined plans to buy the site in June.

The creditor - Advatar Systems - is claiming more than 1.3m kronor (£116,000) in unpaid debts.

It is the latest in a long series of hold-ups which have stalled the sale.

Trading in GGF's shares were suspended in August after an investigation was launched into financial irregularities.

9. The Incredible, Amazing, Awesome Apple Keynote

Spoiler

http://www.collegehumor.com/video:1921290
For all of you on the verge of just fragging everyone in a 100 foot radius the next time you hear something about Steve Jobs or apple being so incredible, amazing or awesome, I give you the The Incredible, Amazing, Awesome Apple Keynote.

Ehtyar.

171

Living Room / Re: The unspoken truth about managing geeks

« on: September 14, 2009, 03:43 PM »

*Shrug* Actually I was just trying to throw in a little stereo-type "salt" to liven it up a bit...and since the DMV always takes such a beating I thought it best to pick on someone else.

-Stoic Joker (September 14, 2009, 06:10 AM)

Heh, OK.

Well I must say, this turning out to be a revelation of just how awful HR depts are. I thought we had it bad. My feelings goo out to all you guys

Ehtyar.

172

Living Room / Re: Flight simulator site avsim.com loses 13 years of community data to hacker

« on: September 13, 2009, 03:12 PM »

Eeep! *runs from crazed old people*

Ehtyar.

173

Living Room / Re: The unspoken truth about managing geeks

« on: September 13, 2009, 03:12 PM »

LOL, this thread is getting difficult to follow, what with having only half a brain and all...

Very interesting to read your replies guys, thanks. Stoic Joker, you weed out ex McDonald's employees? Why is that? Here in .au it's considered to be a positive thing.

Ehtyar.

174

Living Room / Re: Flight simulator site avsim.com loses 13 years of community data to hacker

« on: September 13, 2009, 06:02 AM »

Looks like they may have caught the guys...http://news.bbc.co.u...chnology/8244028.stm

Ehtyar.

175

Living Room / Tech News Weekly: Edition 37-09

« on: September 13, 2009, 05:55 AM »

The Weekly Tech News

Hi all. Apparently next to nothing happened in the world of tech this week...has half the industry disappeared or what? As usual, you can find last week's news here.

1. Oz Government Sites Floored in Firewall Protests

Spoiler

http://www.theregister.co.uk/2009/09/10/oz_filtering_protest/
Sensationalist headline, yet again, but interesting none the less. Though apparently much weaker than their counterparts in other countries, the Australian branch of Anonymous took to the web this past week to show the Australian Government how they felt about the proposed Internet filtering scheme.

Hackers reportedly knocked over the website of Australian prime minister Kevin Rudd for a few minutes on Wednesday in an apparent protest against government plans for compulsory internet content filtering.

The site of the Australian Communications and Media Authority also disappeared for about an hour Wednesday evening local time, The Australian reports. The website of Communications Minister Stephen Conroy, the man behind the plan, also came under attack.

2. Feds Bust World's Most Prolific Music Piracy Ring

Spoiler

http://www.theregister.co.uk/2009/09/10/rabid_neurosis_busted/
http://arstechnica.com/tech-policy/news/2009/09/prerelease-music-pirates-face-4-years-in-prison-250k-fine.ars
They haven't released a thing for years, but it seems that doesn't stop the authorities from tracking down and arresting the members of a music piracy group with over 25K releases under their belts, many of which were pre-retail.

Six men have been accused of running the world's most prolific music piracy ring, an online crew federal prosecutors allege delivered more than 25,000 copyrighted albums, often before they were officially released.

As members of Rabid Neurosis, or RNS as the group was called, they tapped insiders at music retailers, radio stations, and CD manufacturing plants, who were able to get their hands on music titles before their commercial release in the US. In other cases, they turned to affiliates elsewhere in the world, who were able to supply music that was not yet available in America.

3. Google Modifies Europe Book Plans

Spoiler

http://news.bbc.co.uk/2/hi/technology/8242710.stm
In order to appease those opposed to its ditigal library plans, Google has made its agreement slightly less broad.

Material which is out of print in the US, but still available for sale elsewhere, will not be added to Google Books, unless consent is granted.

Google has already digitised millions of out-of-print titles.

The European Commission wants concerted action to allow more books in Europe's national libraries to be scanned.

4. PM Apology After Turing Petition

Spoiler

http://news.bbc.co.uk/2/hi/technology/8249792.stm
Alan Turing has received a posthumous apology for the treatment he endured as a homosexual after a petition was submitted to the British Government.

A petition on the No 10 website had called for a posthumous government apology to the computer pioneer.

In 1952 Turing was prosecuted for gross indecency after admitting a sexual relationship with a man. Two years later he killed himself.

The campaign was the idea of computer scientist John Graham-Cumming.

5. Microsoft: IIS Vulnerability Under Limited Attacks

Spoiler

http://arstechnica.com/microsoft/news/2009/09/microsoft-investigating-possible-vulnerability-in-iis.ars
A nasty, if not easily exploited remote code execution vulnerability exists in the FTP service of Microsofts IIS versions 5 and 6. The vulnerability is yet to be patched, but can only be exploited by thoise with write permissions to the FTP.

A hacker has posted code on his Milw0rm website that could be used to attack a system running Microsoft Internet Information Services (IIS) server and install unauthorized software on it. The good news is that the attack appears to work only on older versions of IIS—versions 7.x are not affected. The flaw resides in the File Transfer Protocol (FTP) software used by IIS to transfer large files, meaning that FTP must be enabled for an attack to be succesful. The risk posed by this vulnerability isn't completely clear yet, but Microsoft says it is looking into the issue.

"Microsoft is investigating new public claims of a possible vulnerability in IIS 5 and IIS 6 File Transfer Protocol (FTP) and are currently unaware of any attacks trying to use the claimed vulnerability or of customer impact," a Microsoft spokesperson told Ars. The software giant will take steps to determine how customers can protect themselves if the vulnerability is confirmed and will take whatever action it determines is appropriate to protect customers once the investigation is complete.

6. 802.11n APPROVED! Official Notification! (Thanks Joshua)

Spoiler

http://s2n.merunetworks.com/2009/09/802-11n-approved-official-notification/
And for the Pièce de résistance this week. As Joshua so eloquently put it, hell has indeed frozen over ladies and gentlemen. Six years on and 802.11n has been approved.

802.11 had two items under consideration during the Standards Board meetings being held this week.

I’m am very pleased to announce that both P802.11w and P802.11n were approved today.

Although this email vehicle falls far short of expressing the sentiment, Thanks to the hundreds of 802.11members that contributed to these efforts, as well as the 802 EC and the IEEE Staff.

7. Universe Exclusive Preview

Spoiler

http://www.youtube.com/watch?v=mUlYsnMoAwk
Seems this was out like two months ago..and somehow i friggin' missed it!! Here it is for those of who were similarly left out in the cold.

Ehtyar.