tiffanydanica writes "For all the flack Mozilla gets about its new security warnings for https sites, at least it warns the user when a mismatch occurs. Sadly the new Yahoo! Zimbra Desktop (released in part to fix some security issues), doesn't bother validating the SSL certificate on the other side before sending along the username and password, making it vulnerable to a man-in-the-middle attack. This is certainly a step up from transmitting the information in the clear, since the attacker must switch from being passive to active, but with all of the DNS security problems, it would be fairly trivial for a malicious attacker to grab a large number of Yahoo! accounts (be it for phishing or spaming). Hopefully this issue will get fixed shortly, but for now Yahoo! Zimbra Desktop users may wish to use the webmail interface."

Read more of this story at Slashdot.

Ahmed Kamal writes "What happens when you take a solid system such as Ubuntu Hardy, unplug its Linux kernel, and plug in a replacement OpenSolaris kernel? Then you marry Debian's apt-get to Solaris' zfs file-system? What you get is Nexenta Core Platform OS. Let's take Nexenta for a quick spin, installing and configuring this young but promising system."

Read more of this story at Slashdot.

Hugh Pickens writes "In the first such system deployed in the country, police vehicles in Ponca City, Oklahoma will have wireless video cameras installed so precinct dispatchers and supervisors can monitor activities during traffic stops in real time, and quickly deploy additional officers and resources if necessary. The system to provide an added level of monitoring and protection for its force is part of a broadband mesh network comprised of more than 490 wireless nodes and gateways connected to 120 miles of fiber backbone that will provide coverage for approximately 30 square miles of the city. The network will provide field communications for city services including police, fire and emergency, parks and recreation, public works and energy, but will also be used to provide free wireless internet access for all residents of the city. 'The testing of this network showed that it was robust enough to handle not only municipal traffic, but also citizens' traffic.' said Mayor Homer Nicholson. 'So the Ponca City Board of Commissioners voted to allow the extra internet access to be given to the citizens of Ponca City for free.' The second phase of the project will expand the network and wireless coverage to more than 430 square miles surrounding the city with an estimated annual cost savings of over $1 million for city residents, who can discontinue their existing internet service. 'Our goal is to be one of the most mobile communities in America, and this is a significant step in that direction,' said Nicholson."

Read more of this story at Slashdot.

circletimessquare brings us an update to the status of the million-dollar Netflix competition to develop a better algorithm for movie recommendations. We've discussed aspects of the competition since it started two years ago, but the New York Times has a lengthy overview of where it stands now. "The Netflix competition is still going strong, with a vibrant, competitive roster of some 30,000 programmers around the globe hard at work trying to win the prize. The Times provides a look at some of the more obsessive searchers, such as Len Bertoni, a semi-retired computer scientist near Pittsburgh who logs 20 hours a week on the problem, oftentimes with the help of his children. There's also Martin Chabbert in Montreal: 'After the kids are asleep and I've packed the lunches for school, I come down at 9 in the evening and work until 11 or 12.' The article gets into the history of the search algorithm Netflix currently uses, and explores the hot commodity called 'singular value decomposition' that serves as the basis for most of the algorithms in competition."

Read more of this story at Slashdot.

Anti-Globalism writes with this excerpt from the Guardian: "China is stealing sensitive information from American computer networks and stepping up its online espionage, according to a US congressional panel. Beijing's investment in rocket technology is also accelerating the militarization of outer space and lifting it into the 'commanding heights' of modern warfare, the advisory group claims. ... A summary of the study, released in advance, alleges that networks and databases used by the US government and American defense contractors are regularly targeted by Chinese hackers. 'China is stealing vast amounts of sensitive information from US computer networks,' says Larry Wortzel, chairman of the commission set up by Congress in 2000 to investigate US-China issues." The full study addresses these issues and others relating to the US-China relationship (PDF).

Read more of this story at Slashdot.

darthcamaro writes "Running IE and been hacked? Don't blame Microsoft — at least that's what their security types are now arguing. 'One of the things we've seen in the last two years is that attackers aren't even going after the browser itself anymore,' Eric Lawrence, Security Program Manager on Microsoft's Internet Explorer team, said. 'The browser is becoming a harder target and there are many more browsers. So attackers are targeting add-ons.' This kinda makes sense since whether you're running IE, Firefox, Safari or Chrome you could still be at risk if there is a vulnerability in Flash, PDF, QuickTime or another popular add-on. Or does it?"

Read more of this story at Slashdot.

An anonymous reader writes "I'm a Project Manager (hold the remarks) who recently decided that I want/need to get my dev skills more up-to-date, as more projects are looking for their PM's to be hands-on with the development. Looking around my house, I have quite the collection of older (read: real old — it's been a while) PCs — it's pretty much a PC graveyard. Nothing that would really help me set up a nice dev infrastructure for developing web/database apps. So, my question is as follows: Should I buy a number of cheaper PC's, or should I buy one monster machine and leverage (pick your favorite) virtual machine technology?"

Read more of this story at Slashdot.

An anonymous reader writes "The Pentagon has suffered from a cyber attack so alarming that it has taken the unprecedented step of banning the use of external hardware devices, such as flash drives and DVDs [...] The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks."

Read more of this story at Slashdot.

netbuzz writes "Meeting in Minneapolis this week, the Internet engineering community is debating whether to aggressively fashion and apply fixes for the so-called Kaminsky bug in the DNS discovered this summer, or to simply let its threat stand as motivation for all to move with greater speed toward DNSSEC, which is considered the best long-term security solution. Problem with the latter approach is that DNSSEC has been in the works for a decade already, no one is confident it will be universally embraced, and the Kaminsky flaw is causing real problems today.

Read more of this story at Slashdot.

Roland Piquepaille writes "In recent months, the concept of 'cloud computing' was all the buzz. European researchers think about another name, the World Wide Grid, which could run on top of the Internet. In an article to appear soon, ICT Results will report about the g-Eclipse project. As the scientists said, 'the g-Eclipse project aims to build an integrated workbench framework to access the power of existing Grid infrastructures. The framework will be built on top of the reliable eco-system of the Eclipse community to enable a sustainable development.' The project started in July 2006 and was successfully completed in June 2008 for a total cost of €2.5 million, including a EU contribution of €1.96 million."

Read more of this story at Slashdot.

thricenightly writes "After more than 20 years in IT I've learned that the most valuable people in a team are frequently the old timers. Young pups straight out of college might (think they) know all the latest buzzwords and techniques, but in the real world, where getting working products delivered on time and on budget is of paramount importance, people who have been doing the job for a decade or two tend to be the people I'd rather be working alongside. I've recently been elevated to a position where I get to interview and choose those who get hired in my department. Although I'm very much focused on choosing the right person for the role regardless of age, experience or whatever, it's probably fair to say the more mature applicants will get a more sympathetic hearing from me than they might from most other interviewers for IT roles. The question is, what do I ask older applicants to get them to demonstrate the value of their experience? My current gambit is something like 'IT is seen as a young man's game. My next applicant after you is 23 years old. What do you know that he doesn't?' This gets responses ranging from the vague to the truly enlightened. All next week I'm interviewing for a number of senior software designer and developer roles. What should I be asking of the more experienced applicants, and what responses should I be looking out for?"

Read more of this story at Slashdot.

nk497 writes "Over the summer, the London travelcard ticketing system — called Oyster — fell over twice, forcing the transport authority to offer free travel to the six million Londoners using the system. After that, it cut its contract with the supplier of the system, a consortium called TranSys. But now, Transport for London has signed a new contract to replace the TranSys one — with the same two companies that made up the TranSys consortium. Sure, that should fix everything."

Read more of this story at Slashdot.

An anonymous reader writes "Fewer than 1% of airline passengers singled out at airports using the much vaunted 'suspicious behavior detection' techniques are arrested, Transportation Security Administration figures show. The TSA program, launched in early 2006, looks for terrorists using a controversial surveillance method based on behavior detection and has led to more than 160,000 people in airports receiving scrutiny, such as a pat-down search or a brief interview. It has resulted in only 1,266 arrests, often on charges of carrying drugs or fake IDs, the TSA said. The TSA has not publicly said whether it has caught a terrorist through the program." In related news, the odds of sanity coming to the TSA plummeted today when Schneier said he's not interested in the top job there.

Read more of this story at Slashdot.

blackbearnh writes "CIO Magazine has an article up looking at some of the ways that Agile projects can fail, or Agile can be misapplied in organizations. Some of the issues raised may not be new, but folks might want to pay special attention to these, since the people throwing the stones are two of the original Agile Manifesto signatories, Alistair Cockburn and Kent Brock. From the article: 'Once individuals become familiar with Agile, either through training or practice, they can become inflexible and intolerant of people new to the process. Cockburn has seen this in action. "I'm one of the authors of the manifesto, so if I say something 'weird,' they can't tell me I don't understand Agile. But if someone else — and it doesn't matter how many years of experience they have — says something funny, they get told they don't understand Agile."'" Here's another recent article by the same author on the perils now besetting Agile.

Read more of this story at Slashdot.

An anonymous reader notes a posting up at a law blog with the provocative title Does Your Boss Have to Pay You While You Wait for Vista to Boot Up?. (Provocative because Vista doesn't boot more slowly than anything else, necessarily, as one commenter points out.) The National Law Journal article behind the post requires subscription. Quoting: "Lawyers are noting a new type of lawsuit, in which employees are suing over time spent booting [up] their computers. ... During the past year, several companies, including AT&T Inc., UnitedHealth Group Inc. and Cigna Corp., have been hit with lawsuits in which employees claimed that they were not paid for the 15- to 30-minute task of booting their computers at the start of each day and logging out at the end. Add those minutes up over a week, and hourly employees are losing some serious pay, argues plaintiffs' lawyer Mark Thierman, a Las Vegas solo practitioner who has filed a handful of computer-booting lawsuits in recent years. ... [A] management-side attorney... who is defending a half-dozen employers in computer-booting lawsuits... believes that, in most cases, computer booting does not warrant being called work."

Read more of this story at Slashdot.