lucky13

Have you ever wondered if you portable data storage could handle submersion up to 200 meters and survive crushing physical compression/destruction? Wonder no more. Try the Corsair Survivor. Available in 4GB ($60) and 8GB ($130) versions, 256-bit AES encryption app included.

Email Systems reports a sharp surge in the amount of spam in general and zipped and encrypted malware in particular. The biggest culprit appears to be Trojan.Peacomm (Storm Trojan).

It looks like Dell has decided to pre-install Ubuntu on two e-series (one laptop, one desktop) and one XPS (desktop) models.

Gartner has released a security advisory now that certain details of Dai Zovi’s exploit have been made public. At risk are computers with Java-enabled browsers that also have Apple QuickTime plug-ins, so this is not Mac-specific. Gartner says, “The sheer breadth of systems and browsers that potentially could be affected means that this could be a serious browser vulnerability. No single safeguard can guarantee complete protection.”

It’s not a browser vulnerability, it’s an Apple QuickTime vulnerability: no QuickTime plugin installed, no problem with remote users getting local current-user control via Java. Solution: ditch QuickTime plugins and codecs til Apple gets their act together. And don’t forget this next time you see one of their ads touting how much safer they are.

Macworld has reprinted an(other) interview of Dino Dai Zovi. He talks more about Mac (in)security, what users should do to be safe — regardless of OS, and acknowledges that Microsoft has made significant strides in security. In fact, he says Vista is more secure than OSX with respect to code quality:

I have found the code quality, at least in terms of security, to be much better overall in Vista than Mac OS X 10.4. It is obvious from observing affected components in security patches that Microsoft’s Security Development Lifecycle (SDL) has resulted in fewer vulnerabilities in newly-written code. I hope that more software vendors follow their lead in developing proactive software security development methodologies.

Somebody forgot to tell Joanna Rutkowska, who will demonstrate rootkit and encryption vulnerabilities in Vista later this summer.

The One Laptop Per Child project’s XO is getting some heavy press coverage. Much of it seems to focus on the initial price point — $175 instead of $100, which should level down as production ramps up. We’re also getting early reviews. And they appear to be favorable.

A user can click on the drum-shaped icon, launching the TamTam music composition program and producing a symphony of duck quacks, infant giggles and car horns. Once the laughter stops, he can click on the camera icon, and snap photos and videos by pointing the laptop at subjects. A mosaic-shaped icon starts a quick game of Tetris, and the laptop screen be rotated and used as a tablet for reading an illustrated children’s book written in Farsi.

The AMD Geode-powered machine runs on Fedora and uses an interface called Sugar based on the Matchbox window manager (which I can strongly endorse for PDAs and even small monitors).

Sun is considering relicensing their Solaris OS under GPL. Is this why they hired Ian Murdoch?

In Sun’s view, more developers writing to its platform equals more revenue. To get there, the company needs to make Solaris “palatable and effective for people who traditionally use Linux,” says Bob Brewin, Sun’s chief technology officer for software. “And Solaris is seen by that community as lagging.” Sun has been adding support for Web-friendly programming languages–like Perl, PHP, and Ruby–to Java, to appeal to the Silicon Valley startups the company is eager to court.

This would certainly make ZFS a more viable option in Linux since it could be run in kernelspace rather than (more slowly in) FUSE. It also could mean we’d see DTrace for Linux.

This post was entered yesterday but blogsavy was down (again).
This article repeats Webroot Software’s finding last year that nine out of ten computers are infected with some form of malware and Consumer Reports’ claim that individuals and businesses spent $2.6 billion in 2006 trying to block or remove spyware. It also points out:

Criminals now have more incentive to crack into computers and steal information than they did only a few years ago.

People are increasingly accessing information such as bank accounts and stock portfolios online and are using credit cards to make purchases from Internet retailers. During tax season, more than 20 million submit tax forms full of personal information from a home computer.

Most criminals attack Windows because it’s so pervasive. While the article says that “most tech experts consider operating systems like Apple’s OS X and Linux more secure than Windows,” neither is without vulnerability. Cross-platform threats can and do affect non-Windows systems, particularly from vulnerabilities in certain applications (Open Office, Java, Flash, QuickTime, etc.), over the Internet (phishing and other scams are OS-neutral), and gullible trust when using unencrypted wireless connections.

Following up on Steven J Vaughan-Nichols’ recent muddle-headed articles about Debian, a group of Debian users have published this parody of a SJVN review of “Debain” on Linux.com.

You can generally recognize a Debain user if you see one, as they customarily wear bright colors, have waist-length beards, and tend to sport pastel eyepatches and/or crack pipes. Debain developers look similar, but they usually carry some sort of small monkey, parrot, or miniature fat pony on their shoulders. It’s also easy to recognize Debain developers because none of them are Americans. All true Americans run Genuine Windows Vista, and have no need for Debain.

It is rumored that as many as 110% of terrorists are Debain developers, and that the WrEtch release, occurring as it does so closely to the Vista launch, is a sign that the terrorists wish to leave their mark on Microsoft’s profits in particular, and on the US economy in general. Given all of this, it’s no surprise that Debain’s logo is red and that Debain itself is an ancient African word meaning Down with America.

Scientific American has an article about robots using open source hardware and software. The kit, called Telepresence Robot Kit (or TeRK), will offer builders “an entire suite of tools to build their own droids from parts readily available at a hardware store—no soldering or programming required.” TeRK is based on a 5″x1″ box called Qwerk which contains a 200Mhz ARM processor powered by Linux, 32MB SDRAM and another 8MB flash memory, that has 16 servo controllers, and is WiFi-capable and USB 2.0-compliant. It will be priced at $350, much less than it would cost without open-source community development. That’s not the only open-source feature or benefit:

Qwerk even uses a field-programmable gate array (FPGA) to carry out control functions. Unlike normal integrated circuits (which are unalterably etched at the plant), FPGAs can be reconfigured by the user. According to Legrand, this kind of control is unprecedented.

“[TeRK] is not only open from a software perspective, but also from a hardware perspective,” Legrand says. “That’s something this industry has never seen.”