angry tapir writes "Google security engineer Tavis Ormandy discovered several flaws in Sophos antivirus and says the product should be kept away from high value information systems unless the company can avoid easy mistakes and issue patches faster. Ormandy has released a scathing 30-page analysis (PDF) 'Sophail: Applied attacks against Sophos Antivirus,' in which he details several flaws 'caused by poor development practices and coding standards,' topped off by the company's sluggishly response to the warning he had working exploits for those flaws. One of the exploits Ormandy details is for a flaw in Sophos' on-access scanner, which could be used to unleash a worm on a network simply by targeting a company receiving an attack email via Outlook. Although the example he provided was on a Mac, the 'wormable, pre-authentication, zero-interaction, remote root' affected all platforms running Sophos. (Ormandy released the paper as an independent researcher, not in his role as a Google employee.)"
Become a fan of Slashdot on Facebook
An anonymous reader sends this excerpt from Western University in Canada: "The first human applied clinical study (SAV CT 01) using a genetically modified killed whole-virus vaccine (SAV001-H) to evaluate its safety and tolerability was initiated in March 2012. This study is a randomized, observer-blinded, placebo-controlled study of killed whole HIV-1 vaccine (SAV001-H) following intramuscular (IM) administration. Infected men and women, 18-50 years of age, have been enrolled in this study and randomized into two treatment groups to administer killed whole HIV-1 vaccine (SAV001-H) or placebo. Sumagen announced today the patient enrollment has progressed smoothly and there have been no adverse effects observed including local reactions, signs/symptoms and laboratory toxicities after SAV001-H injection in all enrolled patients to date. With these interim results, the SAV001-H has proven safety and tolerability in humans and given Sumagen confidence for the next clinical trials to prove its immunogenicity and efficacy evaluation."
kmoser writes "Everybody's favorite astrophysicist, Neil deGrasse Tyson, makes an appearance in upcoming Superman #14, in which Superman visits the Hayden Planetarium to view his original planet. Meanwhile, back in reality, DC Comics explains that NdGT has used his 'astronomical' powers to select the red dwarf LHS 2520 as the most likely real-life red star to fit with Superman's back story."
Several readers have submitted news of the inevitable problems involved with trying to securely collect information from tens of millions of people on the same day. A video is making the rounds of a touchscreen voting machine registering a vote for Mitt Romney when Barack Obama was selected. A North Carolina newspaper is reporting that votes for Romney are being switched to Obama. Voters are being encouraged to check and double-check that their votes are recorded accurately. In Ohio, some recently-installed election software got a pass from a District Court Judge. In Galveston County, Texas, poll workers didn't start their computer systems early enough to be ready for the opening of the polls, which led to a court order requiring the stations to be open for an extra two hours at night. Yesterday we discussed how people in New Jersey who were displaced by the storm would be allowed to vote via email; not only are some of the emails bouncing, but voters are being directed to request ballots from a county clerk's personal Hotmail account. If only vote machines were as secure as slot machines. Of course, there's still the good, old fashioned analog problems; workers tampering with ballots, voters being told they can vote tomorrow, and people leaving after excessively long wait times.
NotSanguine writes "Technology companies are up in arms about the FTC's pending rules change which would require explicit parental permission to allow websites to gather a wide range of data on children 13 and under. From the NYT Article: '"If adopted, the effect of these new rules would be to slow the deployment of applications that provide tremendous benefits to children, and to slow the economic growth and job creation generated by the app economy," Catherine A. Novelli, vice president of worldwide government affairs at Apple, wrote in comments to the agency (PDF).' But would that be a bad thing? As reported in the Times last week, Matt Richtel writes, 'There is a widespread belief among teachers that students' constant use of digital technology is hampering their attention spans and ability to persevere in the face of challenging tasks, according to two surveys of teachers being released on Thursday.' So, will the new FTC rules end up helping children (by enhancing their privacy and, if industry pundits are right, reducing the amount of content available online for children — thus enhancing their attention spans), or will the negative effects on corporations have as deleterious an effect on the economy as to measurably reduce the quality of education?"
Entropy98 writes "Windows Live Messenger will be shut down by March 2013, after nearly 13 years of service, so Microsoft can focus its efforts on Skype, its recent $8.5bn acquisition. No word on whether users will be able to transfer their WLM accounts to Skype. 'According to internet analysis firm Comscore, WLM still had more than double the number of Skype's instant messenger facility at the start of this year and was second only in popularity to Yahoo Messenger. But the report suggested WLM's US audience had fallen to 8.3 million unique users, representing a 48% drop year-on-year. By contrast, the number of people using Skype to instant message each other grew over the period.'"
Nerval's Lobster writes "Companies are rushing to lock customer data into their specific walled gardens, Rackspace CTO John Engates argued in an interview after a Cloud Expo keynote in Silicon Valley. That makes it more important than ever to ensure that the cloud undergirding all the various functions of daily life remains open. 'These companies have grown up in the era of enterprise software and they're addicted to enterprise software margins, magnitudes more profitable than what we make as a hosting company,' he said. 'Now you have software companies embracing cloud computing and taking the same enterprise-software playbook they've had for years and trying to run it in the cloud.' Ultimately, he added, cloud computing needs to adopt the Linux model. 'Linux opened it up and gave you vendor choice, with numerous vendors bringing their own strengths to the table.'"
concealment sends this quote from Bloomberg: "Apple Inc. is exploring ways to replace Intel processors in its Mac personal computers with a version of the chip technology it uses in the iPhone and iPad, according to people familiar with the company's research. Apple engineers have grown confident that the chip designs used for its mobile devices will one day be powerful enough to run its desktops and laptops, said three people with knowledge of the work, who asked to remain anonymous because the plans are confidential. Apple began using Intel chips for Macs in 2005."
New submitter mc10 points out a post on the CloudFlare blog about the circumstances behind Google's services being inaccessible for a brief time earlier today. Quoting: "To understand what went wrong you need to understand a bit about how networking on the Internet works. The Internet is a collection of networks, known as "Autonomous Systems" (AS). Each network has a unique number to identify it known as AS number. CloudFlare's AS number is 13335, Google's is 15169. The networks are connected together by what is known as Border Gateway Protocol (BGP). BGP is the glue of the Internet — announcing what IP addresses belong to each network and establishing the routes from one AS to another. An Internet "route" is exactly what it sounds like: a path from the IP address on one AS to an IP address on another AS. ... Unfortunately, if a network starts to send out an announcement of a particular IP address or network behind it, when in fact it is not, if that network is trusted by its upstreams and peers then packets can end up misrouted. That is what was happening here. I looked at the BGP Routes for a Google IP Address. The route traversed Moratel (23947), an Indonesian ISP. Given that I'm looking at the routing from California and Google is operating Data Centre's not far from our office, packets should never be routed via Indonesia."
leppi writes "Nvidia has announced a huge increase in Linux gaming performance for their GeForce R310 drivers after almost a year of development alongside Valve and other game developer partners. Nvidia's announcement also indicated the Steam beta for Linux should be out today. Quoting: 'Available for download at www.geforce.com, the new R310 drivers were also thoroughly tested with Steam for Linux, the extension of Valve's phenomenally popular Steam gaming platform that officially opened to gamers starting today. ... Comparing 304.51 driver performance of 142.7 fps versus 310.14 driver performance of 301.4 fps in beta build of Left for Dead 2. All tests run on the same system using Intel Core i7-3930K CPU @ 3.20GHz with 8 GB memory, GeForce GTX 680 and Ubuntu 12.04 32-bit.'" Update: 11/06 21:00 GMT by S : Valve has gone ahead and announced the Steam for Linux Beta. They've sent invites to a number of people who filled out the application, and they'll be inviting more as the test goes along. The beta test is available for installation on Ubuntu 12.04, with support for other distros to come: "We intend to support additional popular distros in the future; we’ll prioritize development for these based on user feedback."
An anonymous reader writes "I am not a fan of wireless except for Wi-Fi to a notebook, but have gotten frustrated by the vast amounts of tangled cables around my computers: I have two machines, four monitors, multiple external hard drives, cable modem, network switch, router, USB hubs — everything requires power and connection to the other devices. The tangles and tangles make it almost impossible to move anything without spending twenty or thirty minutes under the desk. I'd rather untie balled-up fishing line than try to snake a monitor cable out from some thirty or so other wires. Anyone have good ways to prevent this?"
First time accepted submitter aurtherdent2000 writes "IEEE Spectrum magazine says that Cornell University has developed neuromorphic algorithms that enable MAVs to avoid obstacles using just a single camera. This is especially relevant for small and cheap robots, because all you need is a single camera, minimal processing power, and even more minimal battery power. Now, will we see more of the drones and aerial vehicles flying all around us?"
Today is Election Day in the U.S., and polls are open even in Hawaii now. The current Slashdot poll gives a snapshot of how many readers have voted or plan to vote; more rigorous and wide-based polls are easy to find. If you're taking part in today's election, what have you found? Did you or will you vote electronically, or on paper? How long did you wait to vote? Did you vote weeks ago by mail? How much time did you put into making your choices? It would be helpful if in comments you start the subject of your post with your 2-letter state abbreviation, like this: "TX - About to go get in line to push some buttons."
Riskable writes "Version 1.1 of Gate One (HTML5 terminal emulator/SSH client) was just released (download). New features include security enhancements, major performance improvements, mobile browser support, improved terminal emulation, automatic syntax highlighting of syslog messages, PDFs can now be captured/displayed just like images, Python 3 support, Internet Explorer (10) support, and quite a lot more (full release notes). There's also a new demo where you can try out vim in your browser, play terminal games (nethack, vitetris, adventure, zangband, battlestar, greed, robotfindskitten, and hangman), surf the web in lynx, and a useful suite of IPv6-enabled network tools (ping, traceroute, nmap, dig, and a domain name checker)." Gate One is dual licensed (AGPLv3/Commercial Licensing); for individuals, it's pay-as-you-please.
colinneagle writes "Andrew Mayhall is 19 years old and is running a server company, called Evtron, whose product has reportedly set the world record for data density (4.6 petabytes per server rack) and has begun attracting attention from investors. One of those interested parties is reportedly Facebook, with whom the young CEO claims to have had casual discussions about a potential acquisition/hire agreement (Facebook did not respond to a request for comment on the talks). He says the opportunity to speak with Facebook was simply one he couldn't pass up, and seems more impassioned by entrepreneurship. He speaks often of building his company into an EMC or NetApp, and could very well compete with them soon. But if an offer from Facebook ever comes, should he accept, or try to build something on his own?"