flaws writes "The guys at Secure Science Corporation have written a revealing article demonstrating the relationship with the most recent Ransom-based Trojan (known as Glamour) and some previous data stealing trojans. They include an open source decrypting utility for unlocking your files if infected, and some stats that are a bit disturbing. According to their report, in the past 8 months, 152,000 victims have been infected, and over 14.5 million records were discovered to be logged by the trojan."

Pcol writes "The New York Times reports that in a poker game this week between man and machine, a program called Polaris fought a close match, but lost to two well-known professional poker players. Designing a poker playing algorithm is a different and more difficult challenge for software designers than chess and checkers because of uncertainties introduced by the hidden cards held by each player and difficult-to-quantify risk-taking behaviors such as bluffing. The game-tree approach doesn't work in poker because in many situations there is no one best move and a top-notch player adapts his play over time, exploiting his opponent's behavior. Polaris build a series of "bots" that have differing personalities or styles of play, ranging from aggressive to passive. Researchers monitored the performance of three bots and then moved them in and out of the lineup like football players."

athloi writes "Researchers have made a computer program that learns to decode sounds from different languages in the same way that a baby does. The program will help to shed new light on how people learn to talk. It has already raised questions as to how much specific information about language is hard-wired into the brain."

littlefoo writes "Intel Software Dispatch have announced the availability of the Threading Building Blocks (TBB) template library under the GPL v2 with the run-time exception — so this previously commercial only package is now open for all the use, whether for open-source projects or commercial offerings (although they are explicitly encouraging open source use). The interface is more task-based then thread-based, but with a somewhat different view of things than, e.g. OpenMP. From the Intel release: 'Intel® Threading Building Blocks (TBB) offers a rich and complete approach to expressing parallelism in a C++ program. It is a library that helps you leverage multi-core processor performance without having to be a threading expert. Threading Building Blocks is not just a threads-replacement library. It represents a higher-level, task-based parallelism that abstracts platform details and threading mechanism for performance and scalability.'"

Stoyan writes "Steve Souders, performance architect at Yahoo, announced today the public release of YSlow — a Firefox extension that adds a new panel to Firebug and reports page's performance score in addition to other performance-related features. Here is a review plus helpful tips how to make the scoring system match your needs.

An anonymous reader writes "After the first Hello World application, hacker NerveGas and the people at #iphone-shell have built Apache, Python and other Open Source apps for the iPhone using NightWatch's toolchain. Yes, your iPhone can now be a Web Server and do all sort of 1337 things. This also means that third-party applications for iPhone will happen no matter what. People, iPhone Doom could be just around the corner." It's fairly thin on information but if true, this will lead to good things. Like hopefully permission from apple.

liquidat writes "Linus Torvalds has included patches into the mainline tree which implement a stable userspace driver API into the Linux kernel. The stable driver API was already announced a year ago by Greg Kroah-Hartman. The last patch to Linus' tree included the new API elements. The idea is to make life easier for driver developers: 'This interface allows the ability to write the majority of a driver in userspace with only a very small shell of a driver in the kernel itself. It uses a char device and sysfs to interact with a userspace process to process interrupts and control memory accesses.'"

Finch writes "Net Security.org is reporting on the surprisingly sophisticated 'virus in a can' software called Pinch. Pinch is a tool sold on several online forums and designed to create Trojans. It allows attackers to specify the data that Trojans steal. One of the interface tabs, PWD, allows malicious users to select the type of password to be stolen by the Trojan: from email passwords to passwords kept by the system tools. It is possible to order the Trojan to encrypt this data when sending it, so that nobody else can read it. 'Pinch also lets users carry out other actions: turn infected computers into zombie computers, pack Trojans to make detection more difficult, and kill certain system processes, particularly those of security solutions.'"

dcollins writes "Previous discussions here have turned into debates over who is liable for faulty software: the programmers, the publisher, etc. Yahoo has a new option: perhaps the users are criminally liable for using the software. From the AP: 'Prosecutors are considering criminal charges against casino gamblers who won big on a slot machine that had been installed with faulty software ... A decision on whether to bring criminal charges could come in a couple of weeks, said John Colin, chief deputy prosecutor for Harrison County. He said 'criminal intent' may be involved when people play a machine they know is faulty.' Would your average user be able to distinguish 'faulty software' from 'lucky'?"

An anonymous reader writes "When the decision was initially made to move in the direction of XHTML, instead of a new version of HTML proper, it seemed like a good idea. Years later and the widespread adoption of CSS (among other things) has proven that things don't always develop the way we expect. As a result, HTML 5 has been revived by the W3C. After some lobbying and continued work by the Web Hypertext Application Technology Working Group, the old web markup language is getting an official face-lift. A post to the Webforefront blog explains the history behind the initial decision to move to XHTML, and why things are so different in the here and now."

tgeller writes "My story on the Nature site announced that a team of computer scientists at the University of Alberta has solved checkers. From the game's 500 billion billion positions (5 * 10^20), 'Chinook' has determined which 100,000 billion (10^14) are needed for their proof, and run through all relevant decision trees. They've set up a site where you can see the proof, traverse the logic, and play their unbeatable automaton. '[Jonathan] Schaeffer notes that his research has implications beyond the checkers board. The same algorithms his team writes to solve games could be helpful in searching other databases, such as vast lists of biological information because, as he says, "At the core, they both reduce to the same fundamental problem: large, compressed data sets that have to be accessed quickly."'"

exigentsky writes "Having looked at BeOS technology, it is clear that, like NeXTSTEP, it was ahead of its time. Most remarkable to me is the incredible responsiveness of the whole OS. On relatively slow hardware, BeOS could run eight movies simultaneously while still being responsive in all of its GUI controls, and launching programs almost instantaneously. Today, more than ten years after BeOS's introduction, its legendary responsiveness is still unmatched. There is simply no other major OS that has pervasive multithreading from the lowest level up (requiring no programmer tricks). Is it likely, or at least possible, that future versions of Windows or OS X could become pervasively multithreaded without creating an entirely new OS?"

andhow writes "Practically any time I hear a large software system discussed I hear "X is a #%@!in mess," or "Y is unmanageable and really should be rewritten." Some of this I know is just fresh programmers seeing their first big hunk o' code and having the natural reaction. In other cases I've heard it from main developers, so I'll take their word for it. Over time, it paints a bleak picture, and I'd be really like to know of a counterexample. Getting to know a piece of software well enough to ascertain its quality takes a long time, so I submit to the experience of the readership: what projects have you worked on which you felt had admirable code, both high-level architecture and in-the-trenches implementation? In particular I am interested in large user applications using modern C++ libraries and techniques like exception handling and RAII."

ScaredOfTheMan writes "'The lawsuit, filed by brothers Cameron and Tyler Winklevoss, and Divya Narendra, accuses Zuckerberg, Facebook's 23-year-old C.E.O, of stealing the source code, design, and business plan for Facebook in 2003 when he briefly worked in the Harvard dorms as a programmer for their own fledgling social-networking site, now known as ConnectU. The plaintiffs have demanded that Facebook be shut down and that full control of the site — and its profits — be turned over to them.' I just wonder why they waited so long to sue? If he really stole their idea in 2003, why wait four years?"

dgcrawford writes "A growing, 100-person company I work for is looking to integrate a Human Resources Management System into their Linux computer base. Does anyone have experience with any products that fit this need? Does it interface well with payroll, applicant tracking, maybe even finance and stock or other non-monetary compensation? I realize most of you would look at this from an IT point of view, but how did the system work across fields? And how important/useful did you find this interoperability?"

perbert writes "The PHP development team has announced that support for PHP 4 will continue until the end of this year only. After 2007-12-31 there will be no more releases of PHP 4.4. Critical security fixes will be made available on a case-by-case basis until 2008-08-08. For documentation on migration for PHP 4 to PHP 5, there is a migration guide. There is additional information available in the PHP 5.0 to PHP 5.1 and PHP 5.1 to PHP 5.2 migration guides as well."

Marc Nathoni writes with a ZDet article about a critically dangerous hole in the Java Runtime Environment. Due to the ubiquitousness of Java, this could prove a serious security problem. "Australia's Computer Emergency Response Team (AusCERT) analyst, Robert Lowe, warned that anyone using the Java Runtime Environment or Java Development Kit is at risk. 'Delivery of exploits in this manner is attractive to attackers because even though the browser may be fully patched, some people neglect to also patch programs invoked by browsers to render specific types of content,' said Lowe."

hill101 writes "According to Rob Weir's blog, Microsoft's 325-page OOXML specification for spreadsheet formulas is deeply flawed. From basic trigonometric functions that forget to specify units, to statistical functions, to critical financial functions — the specification does not contain correct formulas that could possibly be implemented in an interoperable way. Quoting Mr. Weir: 'It has incorrect formulas that, if implemented according to the standard, may cause loss of life, property, and capital... Shame on all those who praised and continue to praise the OOXML formula specification without actually reading it.'"

Mike writes "New users of the GIMP often become frustrated at the application's unwieldy user interface. Now Prof. Michael Terry and a group of researchers at the University of Waterloo have created ingimp, a modified version of the GIMP that collects real-time usability data in order to help the GIMP developers find and fix its usability problems. Terry recently gave a lecture about ingimp and the data it collects. During each session, ingimp records events such as document creation, window manipulation, and tool use. A log of these events is sent to the ingimp server for analysis. The project hopes to answer questions such as 'What is the typical monitor resolution of a GIMP user?' and 'Is the GIMP used primarily for photo editing or drawing?'"

anticlimate writes "A new benchmark published on SPEC shows PostgreSQL's performance approaching that of Oracle's and surpassing or on par with MySQL (however the test-hardwares of the other DB systems are somewhat different). The test was put together by PostgreSQL's core developers working at Sun. They certainly are not unbiased, but this is the first 'real' benchmark with PostgreSQL — according to Josh Berkus's blog. The main difference compared to earlier benchmarks (and anecdotes) seems to be the tuning of PostgreSQL."