http://slashdot.org/firehose.pl News for nerds, stuff that matters en-us Copyright 1997-2009, Geeknet, Inc. All Rights Reserved. 2009-12-26T20:53:04+00:00 Geeknet, Inc. help@slashdot.org Technology hourly 1 1970-01-01T00:00+00:00 http://a.fsdn.com/sd/topics/topicslashdot.gif http://slashdot.org/firehose.pl //slashdot.org/submission/1140572/Star-Trek-Synthehol-beta-goes-into-development?from=rss Researchers at the Imperial College London have announced development of an alcohol substitute that has many of the same properties as the Sythehol from the series Star Trek in that one will get a buzz from it but will not end up with a hangover. In addition you will have the option of getting immediately sober if you so desire it. Let's hope this is not the typical vaporware. It is not that I really want a drink of Synthehol but with its release I assume Romulan Ale won't be far behind. Ada_Rules 2009-12-26T17:00:35+00:00 //slashdot.org/submission/1139436/Voyager-Makes-an-Interstellar-Discovery?from=rss The solar system is passing through an interstellar cloud that physics says should not exist. In the Dec. 24th issue of Nature, a team of scientists reveal how NASA's Voyager spacecraft have solved the mystery. azoblue 2009-12-23T20:10:06+00:00 //slashdot.org/submission/1139918/NetBIOS-Design-Allows-Traffic-Redirection?from=rss Security researchers at SkullSecurity released research demonstrating how the NetBIOS protocol allows trivial hijacking due to its design; they have demonstrated this attack in a tool called 'nbpoison' (in the package 'nbtool'). If a DNS lookup fails on Windows, the operating system will broadcast a NetBIOS lookup request that anybody can respond to. One vector of attack is against business workstations on an untrusted network, like a hotel; all DNS requests for internal resources can be redirected (Exchange, proxy, WPAD, etc). Other attack vectors are discussed here. Although similar attacks exist against DHCP, ARP, and many other LAN-based protocols, and we all know that untrusted systems on a LAN means game over, NetBIOS poisoning is much quieter and less likely to break other things. iago-vL 2009-12-24T16:51:41+00:00 //slashdot.org/submission/1139506/Cygwin-17-Released?from=rss The 1.7 branch of Cygwin, the Unix-like environment for Windows, has reached stable status after about 3 1/2 years of effort. Among many other changes, this release drops support for Windows 9x. Since the NT API and NT-based versions of Windows are more capable and somewhat less of a mismatch with POSIX (for instance, they include a security model), this has allowed for code path simplifications, better performance (particularly noticeable with pipe I/O), better security, and better POSIX compatibility. jensend 2009-12-24T00:23:19+00:00 //slashdot.org/submission/1139980/Really-misleading-ads-from-broadband-providers?from=rss From the I-really-wish-they-asked-me-before-getting-into-that-contract department: Gizmodo has put together a good compilation of the — seemingly almost criminally — misleading (largely plain wrong) advertising from our favorite local monopolies. My personal favorite is from At&t which states you need 3 mbps to use social networking sites like facebook (an accurate but still absurd requirement might be a something to effect of needing a multiple core processor if you allow of the javascript & flash to run on said sites) Bourdain 2009-12-24T20:37:24+00:00 //slashdot.org/submission/1140332/Prevent-my-hosting-provider-from-rooting-my-server?from=rss I have a heavily-hit public server (web, mail, cvs/svn/git, dns, etc.) that runs a few dozen OSS project websites, as well as my own personal sites (gallery, blog, etc.). From time to time, the server has "unexpected" outages, which I've determined to be the result of hardware, network and other issues on behalf of the provider. I run a lot of monitoring and logging on the server-side, so I see and graph every single bit and byte in and out of the server and applications, so I know it's not the OS itself.When I file "WTF?" style support tickets to the provider through their web-based ticketing system, I often get the response of "Please provide us with the root password to your server so we can analyze your logs for the cause of the outage." Moments ago, there were 3 simultaneous outages, while I was logged into the server working on some projects. Server-side, everything was fine. They asked me for the root password, which I flatly denied (as I always do), and then they rooted the server anyway, bringing it down and poking around through my logs anyway. This is at least the third time they've done this without my approval or consent.Is it possible to create a minimal Linux boot that will allow me to reboot the server remotely, come back up with basic networking and ssh, and then from there, allow me to log in and mount the other application and data partitions under dm-crypt/loop-aes and friends?With sufficient memory and CPU, I could install VMware and run my entire system within a VM, and encrypt that. I could also use UML, and try to bury my data in there, but that's not encrypted. Ultimately, I'd like to have an encrypted system end-to-end, but if I do that, I can't reboot it remotely without entering the password at boot time. Since I'll be remote, that's a blocker for me.What does the Slashdot community have for ideas in this regard? What other technologies and options are at my disposal to try here (beyond litigation and jumping providers, both of which are on the short horizon ahead). hacker 2009-12-26T03:47:06+00:00 //slashdot.org/submission/1140616/Social-movie-reviewing?from=rss Watching a lot of movies, and being a developer, I felt there wasn't a good option for succinct reviews of movies/tv/music/books, while still providing a good rating system. So, I created a site with friend associations pulled from Facebook/Myspace/Twitter, and a limit of 250 characters per review. This ensures you can scan through quickly, while giving you ratings based on what your friends think. imunfair 2009-12-26T20:46:34+00:00 //slashdot.org/submission/1138922/Amazon-Kindle-proprietary-format-broken?from=rss The Register reports that the proprietary document format used by Amazon's Kindle and the Amazon online store have been successfully reverse engineered, allowing these DRM protected documents to be converted into the open MOBI format.Users of alternative E-book readers rejoice. Anonymous Coward 2009-12-23T01:47:16+00:00 //slashdot.org/submission/1139780/All-GPLed-Code-Removed-from-MonoDevelop?from=rss A few days ago, Miguel de Icaza wrote on his blog that the whole MonoDevelop is now "free" of GPL-licensed code. "MonoDevelop code is now LGPLv2 and MIT X11 licensed. We have removed all of the GPL code, allowing addins to use Apache, MS-PL code as well as allowing proprietary add-ins to be used with MonoDevelop (like RemObject;s Oxygene)." A move that may be seen as quite controversial. rysiek 2009-12-24T11:29:29+00:00 //slashdot.org/submission/1139586/US-Patent-Office-Tightens-Software-Patents?from=rss A decision from a key panel at the Patent Office builds on last year's Bilski decision to place new limits on software patents. Just running some algorithm on a PC and claiming that you've built a patentable "machine" may not work any more. Anonymous Coward 2009-12-24T05:16:12+00:00 //slashdot.org/submission/1139582/isoHunt-guilty-of-inducing-infringement?from=rss The MPAA has won a summary judgment against torrent indexing site isoHunt for inducing copyright infringement. Michael Geist notes that "[t]he judge ruled that the isoHunt case is little different from other U.S. cases such as Napster and Grokster, therefore concluding that there is no need to proceed to a full trial and granting Columbia Pictures request for summary judgment." Attorney Ben Sheffner, who worked on the case for Fox, explains some of the implications, noting that "the most significant ruling in the opinion was the court's holding that the DMCA's safe harbors are simply not available where inducement has been established." This case could have implications on other indexing sites, and creates a gap in the DMCA safe harbor provisions that could have far-reaching implications on other sites. roju 2009-12-24T05:04:16+00:00 //slashdot.org/submission/1139978/Testing-network-changes-when-no-test-labs-exist?from=rss The ugly truth is that many network guys secretly work on production equipment all the time, or test things on production networks when they face impossible deadlines. Management often expects us to get a job done but refuse to provide funds for expensive lab equipment, test circuits and for reasonable time to get testing done before moving equipment or configs into production. How do most of you handle such situations, and what recommendation do you have for creating a network test lab on the cheap, especially when core network devices are vendor-centric, like Cisco? vvaduva 2009-12-24T20:08:44+00:00 //slashdot.org/submission/1139482/Comcast-pays-for-blocking-large-file-transfers?from=rss Comcast Corp. has agreed to pay up to $16 million to settle a class-action lawsuit accusing the cable TV operator of delaying transfers of large movie and music files despite promises of unfettered Internet access. hessian 2009-12-23T22:36:48+00:00 //slashdot.org/submission/1137390/When-Developers-Work-Late-Should-Manager-Stay?from=rss A veteran developer looks back — in irritation — at those times he had to work late, and his unskilled manager stayed too, just to look over his shoulder and add worry and fret to the process. Now that same developer, lo and behold, is a manager himself — and recently stayed late to ride herd over late-working developers. "And guess what? Yep, I hadnâât coded in years and never in the language he had to work with." Yet now he understood: his own butt was on the line so he was staying put. Still, does it really help developers to have management hovering in late evening, even if the boss handles pizza delivery? jammag 2009-12-20T15:59:33+00:00 //slashdot.org/submission/1137350/Prosecutors-Want-Open-Source-AIG-Investigation?from=rss As you may recall, the citizens of the US shelled out about $85 billion to bail out AIG and its creditors (Goldman Sachs in particular) last year. But as 80% owners of AIG, we still don't know what happened exactly. That may change. In an NYTimes Op-Ed, former prosecutors (including former NY governor Eliot Spitzer) are calling for the US Treasury to force to AIG release its treasure-trove of emails to the public before allowing AIG to "break free" of our control. As the prosecutors put it, "By putting the evidence online, the government could establish a new form of "open source" investigation. Once the documents are available for everyone to inspect, a thousand journalistic flowers can bloom, as reporters, victims and angry citizens have a chance to piece together the story." Good idea? VValdo 2009-12-20T11:42:34+00:00 //slashdot.org/submission/1138850/BBCs-plan-to-kick-freeopen-source-out-of-UK-TV?from=rss Generally speaking, the BBC isn't allowed to encrypt or restrict its broadcasts: the licence fee payer pays for these broadcasts. But the BBC has tried to get around this, asking Ofcom for permission to encrypt the "metadata" on its broadcasts – including the assistive information used by deaf and blind people and the "tables" used by receivers to play back the video. As Ofcom gears up to a second consultation on the issue, there's one important question that the BBC must answer if the implications of this move are to be fully explored, namely: How can free/open source software co-exist with a plan to put DRM on broadcasts? bluec 2009-12-22T22:45:33+00:00 //slashdot.org/submission/1140010/Software-fraudster-fooled-CIA-into-terror-alert?from=rss The Register, citing this Playboy article, reports that a Nevada man named Dennis Montgomery was able in 2003 to connive his way into a position of respectabilty at the CIA on the basis of his company's claimed ability, using software, to "detect and decrypt 'barcodes' in broadcasts by Al Jazeera, the Qatari news station." Montgomery was CTO of Reno-based eTreppid Technologies, which produced bucketloads of data purported to represent "geographic coordinates and flight numbers." All of which, it seems, were hokum, finally debunked in cooperation with a branch of the French intelligence service — but not, says the article, before the fabricated information, chalked up to "credible sources," was used as justification to ground some international flights, and even evacuate New York's Metropolitan Museum of Art. timothy 2009-12-25T00:11:53+00:00 //slashdot.org/submission/1138674/Congressman-wants-critic-blogger-sent-to-jail?from=rss Florida Rep. Alan Grayson wants to see one of his critics go directly to jail, all over her use of the word "my" on her blog. In a four-page letter sent to Holder, Grayson accuses Langley of lying to federal elections and requests that she be fined and imprisoned for five years. Her lie, according to Grayson, is that she claims to be one of his constituents. Langley, Grayson says, is misrepresenting herself by using the term "my" in the Web site's name. vvaduva 2009-12-22T16:12:11+00:00 //slashdot.org/submission/1139188/Telepathic-typing?from=rss "Why bother to type a document using a keyboard when you can write it by simply thinking about the letters?" asks this article. A brain wave study presented at the 2009 annual meeting of the American Epilepsy Society shows that people with electrodes in their brains can "type"... using just their minds. The study involved electrocorticography — a sheet of electrodes laid directly on the surface of the brain after a surgical incision into the skull. ("We were able to consistently predict the desired letters for our patients at or near 100 percent accuracy," explains one Mayo clinic neurologist.) And besides typing, there's new brain wave applications that can now turn brain waves into music and even Twitter status updates — by thought alone. destinyland 2009-12-23T11:39:42+00:00 //slashdot.org/submission/1138846/Comcast-Pays-Out-16Million-in-P2P-Throttling-Suit?from=rss Comcast has settled out of court to the tune of $16 million for P2P throttling class action lawsuit in Pennsylvania. You may be eligible for up to $16 restitution if 'you live in the United States or its Territories, have a current or former Comcast High-Speed Internet account, and either used or attempted to use Comcast service to use The Ares, BitTorrent, eDonkey, FastTrack or Gnutella P2P protocols at any time from April 1, 2006 to December 31, 2008; and/or Lotus Notes to send emails any time from March 26, 2007 to October 3, 2007.' $16 million seems a bit on the low end and it's too bad this was an out of court settlement instead of solid precedence for your right to use P2P applications and traffic. It's not clear on how this affects the slough of other Comcast P2P throttling suits or if they are included in this settlement or even if this satiates the FCC. eldavojohn 2009-12-22T22:41:19+00:00 //slashdot.org/submission/1140278/Soviet-Scientist-Turns-Foxes-Into-Puppies?from=rss In the 1950s, Soviet scientist Dmitri Belyaev set out to breed a tamer fox that would be easier for their handlers in the Russian fur industry to work with. Much to the scientist's shock, changes no one had expected emerged after just 10 generations. The foxes began behaving playfully, were smaller in size, and even changed color — much like dogs. gamebittk 2009-12-25T18:32:20+00:00 //slashdot.org/submission/1137474/Killing-in-the-Name-UK-No-1-thanks-to-Facebook?from=rss Due to a 900,000+ Facebook campaign, 90's rap metal group Rage Against the Machine are this year's Christmas number 1, beating out Simon Cowell's X-Factor contestant Joe McElderry to the top spot, making 'Killing in the Name' the first ever UK download-only Christmas number 1. The popular 90's rock song had support from celebrities and the BBC, who got in trouble earlier in the week for allowing five 'fucks' to slip through the censor on a live performance. Josh04 2009-12-20T22:42:01+00:00 //slashdot.org/submission/1140612/Book-Review-The-Art-of-Unit-Testing?from=rss The Art of Unit Testing with Examples in .NET Author: Roy Osherove Publisher: Manning Pages: 296 ISBN: 1933988274 Summary: Soup to nuts unit testing with examples in .NET "We let the tests we wrote do more harm than good." That snippet from the preface of Roy Osherove’s "The Art of Unit Testing with Examples in .NET" (AOUT hereafter) is the wrap up of a frank description of a failed project Osherove was part of. The goal of AOUT is teaching you great approaches to unit testing so you won’t run into similar failures on your own projects. AOUT is a well-written, concise book walking readers through many different aspects of unit testing. Osherove’s book has something for all readers, regardless of their experience with unit testing. While the book's primary focus is .NET, the concepts apply to many different platforms, and Osherove also covers a few Java tools as well. Osherove has a long history of advocating testing in the .NET space. He’s blogged about it extensively, speaks at many international conferences, and leads a large number of Agile and testing classes. He’s also the chief architect at TypeMock, an isolation framework that’s a tool you may make use of in your testing efforts – and he’s very up front about his involvement with that tool when discussing isolation techniques in the book. He does a very good job of not pushing his specific tool and also covers several others, leaving me feeling there wasn’t any bias toward his product whatsoever. AOUT does a number of different things really, really well. First off, it focuses solely on unit testing. Early on Osherove lays out the differences between unit and integration tests, but he quickly moves past that and stays with unit tests the rest of the book. Secondly, Osherove avoids pushing any particular methodology (Test Driven Development, Behavior Driven Development, etc.) and just stays on critical concepts around unit testing. I particularly appreciated that latter point. While I’m a proponent of *DD, it was nice to read through the book without having to filter out any particular dogma biases. I think that mindset makes this book much more approachable and useful to a broader audience – dive in to unit testing and learn the fundamentals before moving on to the next step. I also enjoyed that Osherove carries one example project through the entire book. He takes readers through a journey as he builds a log analyzer and uses that application to drive discussion of specific testing techniques. There are other examples used in the book, but they’re all specific to certain situations; the brunt of his discussion remains on the one project which helps keep readers focused in the concepts Osherove’s laying out. The book’s first two chapters are the obligatory introduction to unit testing frameworks and concepts. Osherove quickly moves through discussions of "good" unit tests, offers up a few paragraphs on TDD, and lays out a few bits around unit test frameworks in general. After that he’s straight in to his "Core Techniques" section where he discusses stubs, mocks, and isolation frameworks. The third part, "The Test Code" covers hierarchies and pillars of good testing. The book finishes with "Design and Process" which hits on getting testing solidly integrated into your organization, plus has a great section on trying to deal with testing legacy systems. There are a couple handy appendices covering design issues and tooling. Osherove uses his "Core Techniques" section to clearly lay out the differences between stubs and mocks, plus he covers using isolation frameworks such as Rhino.Mocks or TypeMock to assist with implementing these concepts. I enjoyed reading this section because too many folks confuse the concepts of stubbing and mocking. They’re not interchangeable, and Osherove does a great job emphasizing where you should use stubs and mocks to deal with dependencies and interactions, respectively. The walkthrough of splitting out a dependency and using a stub is a perfect example of why this book’s so valuable: Osherove clearly steps through pulling the dependency out to an interface, then shows you different methods of using a stub for testing via injection by constructors, properties, or method parameters. He’s also very clear about the drawbacks of each approach, something I find critical in any design-related discussion – let me know what things might cause me grief later on! While the discussion on mocking, stubbing, and isolation was informative and well-written, I got the most out of chapters 6 ("Test hierarchies and organization") and 7 ("The pillars of good tests"). The hierarchy discussion in particular caused me to re-think how I’ve been organizing an evolving suite of Selenium-based UI tests. I was already making use of DRY and refactoring out common functionality into factory and helper methods; however, Osherove’s discussion led to me re-evaluating the overall structure, resulting in some careful use of base class and inheritance. His concrete examples of building out a usable test API for your environment also changed how I was handling namespaces and general naming. If you’re in an organization that’s new to testing, or if you’re trying to deal with getting testing around legacy software, then the last two chapters of the book are must-read sections. Changing cultures inside organizations is never easy, and Osherove shows a number of different tools you can use when trying to drive the adoption of testing in your organizations. My own experience has shown you’ll need to use combinations of many of these including finding champions, getting management buy off, and most importantly learning how to deal with the folks who become roadblocks. The Art of Unit Testing does a lot of things really well. I didn’t feel the book did anything poorly, and I happily include it in my list of top software engineering/craftsmanship books I’ve read. All software developers, regardless of their experience with unit testing, stand to learn something from it. FrazzledDad 2009-12-26T20:42:52+00:00 //slashdot.org/submission/1139388/Why-Coder-Pay-Isnt-Proportional-to-Productivity?from=rss John D. Cook takes a stab at explaining why programmers are not paid in proportion to their productivity. The basic problem, Cook explains, is that extreme programmer productivity may not be obvious. A salesman who sells 10x as much as his peers will be noticed, and compensated accordingly. And if a bricklayer were 10x more productive than his peers this would be obvious too (it doesn't happen). But the best programmers do not write 10x as many lines of code; nor do they work 10x longer hours. Programmers are most effective when they avoid writing code. An über-programmer, Cook explains, is likely to be someone stares quietly into space and then says "Hmm. I think I've seen something like this before." theodp 2009-12-23T17:49:24+00:00 //slashdot.org/submission/1139292/NASA-and-space-station-alliance-on-shaky-ground?from=rss Even as the latest shift of astronauts arrived at the International Space Station, NASA challenges with the orbital outpost on the ground are threatening its future. Those challenges include the pending retirement of the space shuttle but also the way NASA and the ISS are managed. A report issued this week by the Government Accountability Office said NASA faces several significant issues that may impede efforts to maximize utilization of all ISS research facilities.http://www.networkworld.com/news/2009/122309-layer8-nasa-iss-astronauts.html?hpg1=bn#comments coondoggie 2009-12-23T14:56:28+00:00