Linux Magazine column for many years and now writes for ZDNet. The ZDNet blurb describes him as "a technologist with over two decades of experience integrating large heterogeneous multi-vendor computing environments in Fortune 500 companies." Most recently, he worked for IBM, and for Unisys before that. So Jason knows plenty about Linux and its role in big-time enterprise computing. In this video, he talks about how Linux needs to take another step forward to gain even more enterprise traction in coming years.
First time accepted submitter r3dR0v3r writes "I have the opportunity to help improve / replace the website of my small U.S. town (~6000 people). The town leaders are open to most any suggestions, and are open to the idea of having the website facilitate a more open government — by being a place at which town documents, meeting agendas, meeting minutes, legal forms, ordinances, etc. can be found in an organized way and downloaded. And of course the site should provide general info about the town, it's services, recreation opportunities, etc.. Now, we have no budget, so we'll be looking at free/open software. I've considered options such as Drupal, but I'm doing this as volunteer work so I don't want to start from scratch and spend overly much time. Thus, I'm looking for advice about any existing platforms made specifically for municipalities as a great way to get a jump start. I'm guessing there are other slashdotters that have helped their communities in this way. Your suggestions please?"
concealment writes "For three years, a group of hackers from China waged a relentless campaign of cyber harassment against Solid Oak Software Inc., Milburn's family-owned, eight-person firm in Santa Barbara, California. The attack began less than two weeks after Milburn publicly accused China of appropriating his company's parental filtering software, CYBERsitter, for a national Internet censoring project. And it ended shortly after he settled a $2.2 billion lawsuit against the Chinese government and a string of computer companies last April."
jandersen writes "I am the system manager in charge of a smallish server room (~50 servers, most in racks), and I am going to buy a set of tools; but first I want to hear what other people think would be a good idea. Certainly a range of good quality screwdrivers — slotted, Phillips, Pozidriv, Torx. But what else? Tape measure? Spirit level (for aligning the racks)? Any meters or cable testers? A wood lathe? I can probably get away with a budget of a few hundred GBP, but there ought to be some mileage in that."
New submitter whizzter writes "I was reading the Swedish national news today and an image in a stock exchange related article struck my eye. An order had been placed for 4 294 967 290 futures (0xfffffffa or -6 if treated as a 32-bit signed integer), each valued at approximately 16,000 USD, giving a neat total of almost 69 trillion USD. The order apparently started to affect valuations and was later annulled, however it is said to have caused residual effects in the system and trading was halted for several hours."
Orome1 writes "NetWars CyberCity is a small-scale city located close by the New Jersey Turnpike complete with a bank, hospital, water tower, train system, electric power grid, and a coffee shop. It was developed to teach cyber warriors from the U.S. military how online actions can have kinetic effects. Developed in response to a challenge by U.S. military cyber warriors, NetWars CyberCity is an intense defensive training program organized around missions. 'We've built over eighteen missions, and each of them challenges participants to devise strategies and employ tactics to thwart computer attacks that would cause significant real-world damage,' commented Ed Skoudis, SANS Instructor and NetWars CyberCity Director."
MrSeb writes "Way back in August, three months before the release of Windows 8, we learned about the existence of a project at Microsoft codenamed Blue. At the time it wasn't clear whether this was Windows 9, or some kind of interim update/service pack for Windows 8. Now, if unnamed sources are to be believed, Windows Blue is both of those things: a major update to Windows 8, and also the beginning of a major shift that will result in a major release of Windows every 12 months — just like Apple's OS X. According to these insiders, Blue will roll out mid-2013, and will be very cheap — or possibly even free, to ensure that 'Windows Blue [is] the next OS that everyone installs.' Exact details are still rather vague, but at the very least Blue will make 'UI changes' to Windows 8. The sources also indicate that the Windows 8 and Windows Phone 8 SDKs will be merged or standardized, to further simplify the development of cross-platform apps. Perhaps more important, though, is the shift to a 12-month release cadence. Historically, Microsoft has released a major version of Windows every few years, with the intervening periods populated with stability- and security-oriented service packs. Now it seems that Microsoft wants to move to an OS X-like system, where new and exciting features will be added on an annual basis. In turn, Microsoft will drop the price of these releases — probably to around $25, just like OS X."
porsche911 writes "A hacker group called 'Parastoo' have broken into an International Atomic Energy Agency computer and released details of more than 100 IAEA experts. They are asking the experts to criticize Israel's nuclear arsenal (English translation)." The IAEA confirms the breach happened, but that it was of a decommissioned server. The statement from Parastoo courtesy of Cryptome.
hypnosec writes "A new flaw has been discovered in printers manufactured by Samsung whereby a backdoor in the form of an administrator account would enable attackers to not only take control of the flawed device, but will also allow them to attack other systems in the network. According to a warning on US-CERT the administrator account is hard-coded in the device in the form of an SNMP community string with full read-write access. The backdoor is not only present in Samsung printers but also in Dell printers that have been manufactured by Samsung. The administrator account remains active even if SNMP is disabled from the printer's administration interface."
Lucas123 writes "Next year, smart phones will begin shipping with the ability to have dual identities: one for private use and the other for corporate. Hypervisor developers, such as VMware and Red Bend, are working with system manufacturers to embed their virtualization software in the phones, while IC makers, such as Intel, are developing more powerful and secure mobile device processors. The combination will enable mobile platforms that afford end users their own user interface, secure from IT's prying eyes, while in turn allowing a company to secure its data using mobile device management software. One of the biggest benefits dual-identity phones will offer is enabling admins to wipe corporate data from phones without erasing end users profiles and personal information."
Nerval's Lobster writes "Netflix has released Hystrix, a library designed for managing interactions between distributed systems, complete with 'fallback' options for when those systems inevitably fail. The code for Hystrix—which Netflix tested on its own systems—can be downloaded at Github, with documentation available here, in addition to a getting-started guide and operations examples, among others. Hystrix evolved out of Netflix's need to manage an increasing rate of calls to its APIs, and resulted in (according to the company) a 'dramatic improvement in uptime and resilience has been achieved through its use.' The Netflix API receives more than 1 billion incoming calls per day, which translates into several billion outgoing calls (averaging a ratio of 1:6) to dozens of underlying systems, with peaks of over 100,000 dependency requests per second. That's according to Netflix engineer Ben Christensen, who described the incredible loads on the company's infrastructure in a February blog posting. The vast majority of those calls serve the discovery user interfaces (UIs) of the more than 800 different devices supported by Netflix."
Sparrowvsrevolution writes "You may remember a vulnerability in four million keycard locks presented at the Black Hat conference in July. Hacker Cody Brocious showed he could insert a device he built for less than $50 into the port at the bottom of the common hotel lock, read a key out of its memory, and open it in seconds. Two months later, it turns out at least one burglar was already making use of that technique to rob a series of hotel rooms in Texas. The Hyatt House Galleria in Houston has revealed that in at least three September cases of theft from its rooms, the thief used that Onity vulnerability to effortlessly open rooms and steal valuables like laptops. Petra Risk Solutions, an insurance firm focus the hospitality industry also reports that at least two other hotels in Texas were hit with the attack. Onity has been criticized for its less-than-stellar response to a glaring vulnerability in its devices. The Hyatt says Onity didn't provide a fix until after its break-ins, forcing the hotel to plug its locks' ports with epoxy. And even now, Onity is asking its hotel customers to pay for the full fix, which involves replacing the locks' circuit boards."
Trailrunner7 writes "It is open season on SCADA software right now. Last week, researchers at ReVuln, an Italian security firm, released a video showing off a number of zero-day vulnerabilities in SCADA applications from manufacturers such as Siemens, GE and Schneider Electric. And now a researcher at Exodus Intelligence says he has discovered more than 20 flaws in SCADA packages from some of the same vendors and other manufacturers, all after just a few hours' work."
ryzvonusef writes with news that hackers have taken down the local Pakistan versions of many popular websites, including google.com.pk, apple.pk, microsoft.pk and yahoo.pk. 284 sites were affected in total. Many of the sites were defaced, and a group called Eboz is taking credit for the hack. According to TechCrunch, "The root of today’s attack, it seems, came via a breach of Pakistan’s TLD operator, PKNIC, which administers and registers all .pk domains. Looking at affected organizations via PKNIC’s look up, it appears that all the sites are now redirecting to two nameservers, dns1.freehostia.com and dns2.freehostia.com."
David Hume writes "The Los Angeles Times has a story about the two-year University of Tulsa Cyber Corps Program. About '85% of the 260 graduates since 2003 have gone to the NSA, which students call "the fraternity," or the CIA, which they call "the sorority."' 'Other graduates have taken positions with the FBI, NASA and the Department of Homeland Security.' According to the University of Tulsa website, two programs — the National Science Foundation's Federal Cyber Service: Scholarship for Service and the Department of Defense's (DOD's) Information Assurance Scholarship Program — provide scholarships to Cyber Corps students."