Recent Posts
Then it's safe to post that tip on here no?Surely people around here know better...Most people around here probably do, but most of us aren't regular users.-Ehtyar (February 01, 2009, 01:19 PM)-f0dder (February 02, 2009, 02:12 PM)
I guess they better hurry then, or they'll have to rename it to C++1xThat's a good point. Are we to assume that C++0x will be finalized this year?...I think not-Gothi[c] (January 31, 2009, 09:26 PM)
| Hi all. Sorry guys, no funny this week 'coz the Onion videos sucked. If anyone has a place they'd suggest I check please reply. As usual, you can find last week's news here. |
We see them everywhere these days, digital signs by the side of the road telling us about road conditions or that we should prepare to stop or that our local bridge might be closed next Tuesday from noon to midnight. And if you're like me, you've always just assumed that the message on the signs is legitimate and properly authorized.
But what if the sign, instead of reading something like "Ice Ahead" was flashing the message, "Zombies Ahead"?
The Trusted Computing Group (TCG) has released three final specifications for hardware-level data encryption, and virtually all the major storage manufacturers have declared that they intend to adopt the new standards in the near future. Self-encrypted disks are already available on the market— Seagate has been actively pushing its DriveTrust technology for several years—but there was no central standard for drive encryption developers to refer to. The two new encryption standards provide a blueprint for desktop, laptops, and enterprise-level protection, while the third (dubbed the Storage Interface Interactions Specification) details how self-encrypted drives should interact with various communication protocols.
These new encryption methods do not require the presence of a Trusted Platform Module (TPM), but it's hard to imagine why an OEM would bother to build a system using self-encrypting hard drives and not include one. The TCG expects self-encrypting drives (and presumably TPM modules) to become ubiquitous across the enterprise/business market over the next few years. "With 48 states and many countries enforcing data protection laws, it has become crucial for enterprises to protect all data to avoid fines, lawsuits or even being put out of business. Encryption with authentication directly in the drive or enterprise storage devices as outlined in the Trusted Computing Group specifications is one of the most effective ways to ensure data is secure against virtual and physical attacks,” noted Jon Oltsik, senior analyst, Enterprise Strategy Group.
Thursday, we checked in on the case of Avery Doninger, the former Connecticut high school student who was barred from seeking reelection to her student council seat after calling school administrators "douchebags" in a LiveJournal post. As we noted, a federal court has ruled that, given the fuzzy state of the law concerning the scope of school authority over online student speech, Doninger can't press her First Amendment claim for damages against those who punished her. She plans to appeal that decision, but one state legislator has already declared his intention to introduce a bill establishing separation of blog and state.
According to the Journal-Inquirer, a local paper, former high school teacher Gary LeBeau, who sits on the state's General Assembly, will seek to create a "bright line" between speech produced on school computers or sent over school networks—which falls within the school's disciplinary purview—and private speech merely concerning the school. The court had found such a line lacking because "
- ff-campus speech can become on-campus speech with the click of a mouse."
Microsoft has announced plans to release the code of its Web Sandbox project under the open source Apache Software License. This move reflects Microsoft's growing interest in contributing to interoperable standards-based Web technologies and also demonstrates the company's willingness to adopt well-established open source licenses for its own projects.
The Web Sandbox project aims to mitigate some of the security risks that are associated with building Web mashups that mix in untrusted content from third-party sources. The task of isolating untrusted code poses some complex technical challenges. Web Sandbox is one of several ongoing research projects that are implementing experimental solutions. It is similar in function to Google's Caja project.
The UK has officially announced its intention to legislate a "graduated response" system for P2P copyright infringement, though it sounds remarkably balanced compared to some proposals; the government insists that the "availability of legal content in the forms that consumers want" is actually the most important step content owners can take to address the problem. Disconnection of users without a court order appears not to be on the table, either.
The government's long-awaited interim Digital Britain report has just been released. It's a lengthy document that lays out UK thinking about universal broadband, spectrum reform, and digital radio, but nestled right in the middle of the report is one of the most controversial ideas: a mandatory "code" for ISPs to follow, and the creation of a government "Rights Agency" to help stakeholders deal with the issue of civil copyright infringement online.
Gamers who tried to play Gears of War on the PC Thursday ran into a slight snag: it seems that the digital certificate that allows the game to run expired on January 28, 2009. Basically that means if you keep your PC's clock up to date, you can no longer play the game. The official Epic forum is ablaze with complaints about this issue, as the still-kicking community becomes enraged.
"I had this problem this evening, I had to change the date and time (from PM to AM) and I am able to get in just fine," one frustrated gamer posted. "I also changed it back to the current date and time and it didn't work. Change it back to yesterday AM and it works fine... EPIC games won't be on my list anytime soon...."
Blizzard notched another victory in its legal campaign against World of Warcraft bots when a judge on Wednesday ruled that a leading bot violates the Digital Millennium Copyright Act. MDY Industries LLC, the firm that develops and sells the Glider bot, already suffered a major setback last summer when the judge granted Blizzard summary judgment on several key issues. This week's decision deals with the issues the judge believed could not be decided until the conclusion of this month's trial. The judge ruled that Glider violated the DMCA's ban on "circumvention devices," and he also found that MDY's founder, Michael Donnelly, was personally liable for the actions of his firm.
As we've noted before, Blizzard's legal arguments, which Judge David G. Campbell largely accepted, could have far-reaching and troubling implications for the software industry. Donnelly is not the most sympathetic defendant, and some users may cheer the demise of a software vendor that helps users break the rules of Blizzard's wildly popular role playing game. But the sweeping language of Judge Campbell's decision, combined with his equally troubling decision last summer, creates a lot of new uncertainty for software vendors seeking to enter software markets dominated by entrenched incumbents and achieve interoperability with legacy platforms.
As notable as the sustained fall-off in spam levels has been, we've all known it's only a matter of time before botnets began to worm their way back into the the Internet. It turns out that part of the reason spam levels may have stayed lower these past months is that the same authors who might have normally spent time resurrecting their dead botnets on new servers were instead writing new botnets altogether. The new malware networks aren't just rehashes of what's come before; many of them incorporate advanced techniques to render themselves harder to detect/remove.
First the good news: SecureWorks reports that Storm is dead, Bobax/Kraken is moribund, and both Srizbi and Rustock were heavily damaged by the McColo takedown; Srizbi is now all but silent, while Rustock remains viable. That's three significant botnets taken out and one damaged in a single year; cue (genuine) applause.
Fast flux and double flux hosting present both registrars and registrants with a thorny problem. These two hosting methods are not classified as attack methods in and of themselves, but are often employed by spammers and malware botnets.
At "best," fast flux hosting obfuscates and delays security personnel working to shut down an attack; a particularly sophisticated double flux hosting system could allow a botnet to grow and remain active long enough to establish itself as a threat of Storm-worthy proportions. That last mention isn't an accident; fast flux hosting was a prominent Storm tactic.
Verizon seems to have run into a glitch with one of its customer databases, losing thousands of records. Here's the background: in compliance with Federal Communications Commission rules, the company has established a system to permit consumers to "opt out" of letting Verizon use their phone records for marketing campaigns.
The wireless giant hires a vendor to handle these requests. Verizon then integrates this data, or "customer proprietary network information" (CPNI), into a database, which it says it checks prior to launching a campaign. CPNI usually includes calling records and the services that consumers use, such as voicemail or call forwarding. The opt out system caused quite a stir in late 2007, when the FCC beefed up its CPNI security rules, but it has more or less faded into the background auto flow of telecom policy since then.
One of Ireland's largest ISPs, Eircom, has capitulated to the major music labels and agreed to implement a full "graduated response" program—complete with disconnections. Users get two warnings regarding file-sharing, and a third violation brings down the banhammer. The music industry has already said that it intends to pursue the same agreement with Ireland's other ISPs.
The dispute began some time ago when the Irish branches of EMI, Warner, Universal, and Sony filed suit against Eircom. They charged that the ISP was essentially aiding and abetting piracy by doing things like advertising its services on The Pirate Bay, and the labels believed they could get a judge to force the ISP to install network monitoring equipment.
It takes guts—or perhaps something a bit further down the anatomy—to wait until Comcast has been smacked down for singling out P2P, the Obama administration has come to power, and Democrat Michael Copps (temporarily) heads the FCC to roll out a new Internet traffic management system that delays only some kinds of content during moments of congestion.
But that's exactly what Cox Cable, the third largest cable system in the US, has just announced.
According to the announcement made Tuesday night, Cox will trial the system in Kansas and Arkansas first, expanding it to the rest of its territory later in the year if all goes well.
The ContactPoint database is intended to improve information sharing between professionals working with children.
Children's Minister Baroness Morgan said parents would not be allowed to remove their children from the list.
The Conservatives attacked the £224m database as "another expensive data disaster waiting to happen".
The Liberal Democrats have also previously opposed what they called an "intrusive and expensive project".
Can't say I tried it to be honest. the GPL limitation was an instant turn off.Ditto.-Eóin (January 31, 2009, 12:25 PM)
Also in addition I don't tend to really like these all-encompassing frameworks.I have to say I once held the same opinion, until I realized that it's fairly pointless having a cross platform GUI framework, and then relying on the standard library for everything else. There is really just too many differences between the various platforms to code a large complete app without a complete framework.-Eóin (January 31, 2009, 12:25 PM)
Perhaps the most annoying bug, which should be easily fixed and has existed since .94, is the fact that the windows version will not remember the last used folder so you have to constantly browse to the last used folder everytime you choose file - openOooooh, yes please!!-Josh (January 31, 2009, 01:35 AM)
oh wowSame!! And I even read Mouse Man deciding whether or not to do it this year on IRC
without this newsletter the best of 2008 would have gone past me! And I have another 10 tabs open on various threads on DC. I cannot stress enough the importance of these newsletters.-housetier (January 28, 2009, 12:54 PM)
What's proprietary about "<!--"? That's a standard HTML comment.Indeed. I'm the first to bash Microsoft when they put proprietary shit in the wrong place, but I can't see a problem here...except with the recipient's email client (please don't be using Thunderbird <repeat>).-CWuestefeld (January 28, 2009, 03:06 PM)
) and I'm having quite some fun with it. It's called Cube Craft. Basically you get prints off a website, you print them out on your standard color laser and cut them out and fold them up. There are images of all your favorite nerdy characters from Star Wars to Family Guy, and they're all in a cube (or more accurately, rectangular prism) shape.
| Hi all. Not much news this week guys. Honestly, I'd prefer to have fewer articles than inflate the list with boring junk. As usual, you can find last week's news here. |
IT managers should start familiarising themselves with a new security tool, the paint brush, as Japanese researchers have come up with a paint that they say will block high-speed wireless signals, giving businesses a cheap option to protect their wireless networks.
The problem of securing wireless networks has been an issue for a while now. Wi-Fi LANs with no encryption or running the obsolete WEP system, run the risk of having hackers outside the building eavesdrop on wireless LAN traffic, or simply stealing bandwidth. However, there are a number of solutions, besides encryption, for companies wishing to secure their networks.
Malware masquerading as part of Apple's iWork 09 productivity suite is targeting unsuspecting Mac users foolish enough to install pirated software downloaded on warez sites.
Once installed, iServices.A has unfettered root access, which it promptly uses to connect to a remote server over the internet, according to Intego, which sells anti-virus software for Macs. A secondary download installs malware that makes victims part of a botnet that's attacking undisclosed websites.
A student who researches malware and intrusion detection systems at the University Politecnico di Milano in Italy will be making a presentation next month at the upcoming Black Hat conference in Washington D.C. The briefing, as Black Hat refers to it as, will deal with a memory injection technique specific to Apple hardware, which subsequently allows a piece of code to be run from memory.
While it may sound like the RAM Disk feature from the days of OS 9 and before, the technique is nowhere near as benign. What makes the memory injection technique particularly attractive to would-be hackers is that no traces are left on the hard drive and a new process is not created, making it what the experts call an "anti-forensic technique." What is run in memory is up to the attacker; it can range from code snippets to complete applications.
Downadup, the superworm that attacks a patched vulnerability in Microsoft Windows, is making exponential gains if estimates from researchers at F-Secure are accurate. They show 6.5 million new infections in the past four days, bringing the total number of machines it has compromised to almost 9 million.
The astronomical growth stunned some researchers, although others cautioned the numbers could be inflated since the counting of infected computers is by no means an exact science. Most agreed F-Secure's estimate was certainly plausible and if it proved to be correct, represented a major development in the world of cyberthreats.
Record companies cannot collect restitution for every time a song has been illegally downloaded, a US District judge has decided. Judge James P. Jones gave his opinion on United States of America v. Dove, a criminal copyright case, ruling that each illegal download does not necessarily equate to a lost sale, and that the companies affected by P2P piracy cannot make their restitution claims based on this assumption.
Daniel Dove was originally found guilty of criminal copyright infringement for running a torrent group called "Elite Torrents" between 2004 and 2005. The jury in the case had found Dove guilty of reproduction and distribution of copyrighted works, as well as conspiracy to commit criminal copyright infringement. At the time, Judge Jones sentenced Dove to 18 months in prison for each count, plus a special assessment of $200 and a $20,000 fine ($10,000 per count).
Microsoft has contributed source code to Apache's Stonehenge project, an open source effort that collects sample implementations of applications that are built with Service Oriented Architecture (SOA). The aim of the project is to test and demonstrate interoperability between application implementations that are built on different underlying technology.
The project was launched in November under the aegis of the Apache Incubator, a pool of nascent community-driven projects that are working their way into the Apache ecosystem. According to Stonehenge participant Paul Fremantle, this is the first Incubator podling that has received direct involvement from Microsoft.
When Google's lawyers entered the smooth marble hallways of the Department of Justice on the morning of October 17, they had reason to feel confident. Sure, they were about to face the antitrust division—an experience most companies dread—to defend a proposed deal with Yahoo. But they had to like their chances. In the previous seven years, only one of the mergers that had been brought here had been opposed. And Google wasn't even requesting a full merger. It just wanted the go-ahead to pursue a small deal that it was convinced would benefit consumers, the two companies, and the search-advertising market as a whole. Settling around a large oval table in the conference room, the attorneys from Google and Yahoo prepared to make their arguments. Google wanted to serve its ads for certain search terms on Yahoo's pages in exchange for a share of the revenue those ads generated. It already had similar arrangements with AOL, Ask.com, and countless other Web sites. And the deal wasn't exclusive or permanent.
Tom Barnett, assistant attorney general for antitrust, took his seat at the table and called the meeting to order. The Yahoo lawyers kicked things off by describing their negotiations with DOJ staff; they had already suggested limiting the length of the deal and capping the amount of money in play. Barnett seemed unimpressed. "Staff," he proclaimed, "is irrelevant." He made the decisions around there.
