Advocates of open source software have hailed a court ruling protecting its use even though it is given away free.

BBC NEWS | Technology | Legal milestone for open source

Many of Georgia's internet servers were under external control from late Thursday,' before the actual war began.

Slashdot | Evidence of Russian Cyberwarfare Against Georgia

I have “software architect” on my resume, and it pains me. Wikipedia has a great article on what a software architect may or may not be. But, in my world, a software architect has the knowledge, insight and responsibility to make educated decisions about the scope and direction of a team-developed software project.

That was a mouthful.

Software architects pick frameworks. They find previously existing packages for functionality just before the rest of the team realizes they need it. And, they plan and communicate how all the moving parts will come together. They’re really-really smart.

Everyone wants to be a software architect. At Seattle’s Startup Weekend, no less than a third of the developers signed up as architects. And why not?! The act of creation - from art to programming - is egotistical. If you’ve ever referred to yourself as a “software engineer” with a straight face, then you’re advertising the capability to plan non-trivial projects.

You’re a liar.

I will never be a software architect

In an age where JavaScript is so ubiquitous that some websites won't even load if you don't enable in your browser, cross-site scripting hacks are everywhere - letting malicious or merely mischievous hacker create links that have some very unintended consequences on websites that are not careful to keep from executing other people's code.

Most are run-of-the-mill and hardly worth writing about, but reader Harry Sintonen writes in with a vulnerability on the CIA's site that THREAT LEVEL can't resist.

For those of you who don't see it after clicking through, notice that the links lead to the CIA's site, but displays a recent THREAT LEVEL story. Here the CIA search box fails to rip out characters that will run as a script when the site tries to process the search query.

This story went up at 3:26pm, and it's still working at 8:45pm.

This would be great for a prank form...

Update: This is still working today. So much for fast response.. Here is the obligatory memestreams @ cia.gov link.

CIA.gov XSS | Threat Level

A leading contender to replace silicon as the basis for computing has made another step forward.

Transistors one atom thick and ten atoms wide have been made by UK researchers. They were carved from graphene, predicted by some to one day oust silicon as the basis of future computing.

For 40 years computing has been dominated by a rule of thumb named Moore's law, which predicts that the number of transistors on a chip will double roughly every two years.

Yet silicon, the material that has so far been used to keep up with Moore's law cannot form stable structures below 10 nanometres in size. And today's newest chips already have features just 45 nm across. The hunt is on for a replacement for silicon.

Graphene, a material made from flat sheets of carbon in a honeycomb arrangement is a leading contender. A team at the University of Manchester, UK, have now used it to make some of the smallest transistors ever. Devices only 1 nm across that contain just a few carbons rings.

Previous graphene transistors were significantly bigger – ribbons 10 nm across and many times longer.

Atom-thick material runs rings around silicon - tech - 17 April 2008 - New Scientist Tech

This tutorial shows how to set up a two-node Apache web server cluster that provides high-availability. In front of the Apache cluster we create a load balancer that splits up incoming requests between the two Apache nodes. Because we do not want the load balancer to become another "Single Point Of Failure", we must provide high-availability for the load balancer, too. Therefore our load balancer will in fact consist out of two load balancer nodes that monitor each other using heartbeat, and if one load balancer fails, the other takes over silently.

How To Set Up A Loadbalanced High-Availability Apache Cluster | HowtoForge - Linux Howtos and Tutorials

Support from studios has been widely cited as the reason for Blu-ray's victory, but few consumers know that the studios were likely won over by the presence of a digital lock on movies called BD+, a far more sophisticated and resilient digital rights management, or DRM, system than that offered by HD DVD.

This is very interesting.

How Crypto Won the DVD War | Threat Level from Wired.com

Ajax Security is out and the feedback I'm getting is incredible.

Andrew van der Stock The Executive Director of OWASP reviewed a draft of Ajax Security and here is what he had to say about it:

If you are writing or reviewing Ajax code, you need this book. Billy and Bryan have done a stellar job in a nascent area of our field, and deserves success. Go buy this book.

Is it just a re-hash of old presentations? No. The book breaks some new ground, and fills in a lot of the blanks in all of our presentations and demos. I hadn’t heard of some of these attacks in book form before. The examples improved my knowledge of DOM and other injections considerably, so there’s something there for the advanced folks as well as the newbies.

I really liked the easy, laid back writing style. Billy and Bryan’s text is straightforward and easy to understand. They get across the concepts in a relatively new area of our field.

The structure flows pretty well, building upon what you’ve already learnt ...
there is advanced stuff, but the authors have to bring the newbie audience along for the ride.

Billy and Bryan spend a bit of time repeating the old hoary “no new attacks in Ajax” meme which is big with the popular kids (mainly because their products can’t detect or scan Ajax code yet and still want money from you), and then spend the rest of the book debunking their own propaganda with a wonderful panache that beats the meme into a bloody pulp and buries it for all time.

Web security guru dre offers up this review of Ajax Security:

It’s quite possible that many Star Wars Ajax security fans will be calling Billy Hoffman, the great “Obi-Wan”, and pdp “Lord Vader” to represent the “light” and “dark” sides that is The Force behind the power wielded by Ajax.

The book, Ajax Security, covered a lot of new material that hadn’t been seen or talked about in the press or the security industry. The authors introduced Ajax security topics with ease and provided greater understanding of how to view Javascript malware, tricks, and the aberrant Java... [ Read More (0.2k in body) ]

Ajax Security Book Out! Awesome buzz!

Dagmar posted up this summary of the situation with Dan Egerstad (Google Cache).

In a move almost staggeringly myopic, agents from Swedish National Crime and the Swedish Security Police raided Dan Egerstad on Monday of this week, rather clearly on the basis of his massive non-hack of the TOR routing service.

For those not catching on, Dan is the gentleman we all cheered a short while ago for having the ingenuity to set up and connect several new TOR (an anonymizing packet routing system) nodes and see if people were actually using the network with unencrypted protocols (which would basically be foolish in the extreme). It turns out that Dan's suspicions were right, and that not only were people using the network insecurely, lots of people, up to and including embassies and government and military offices were using the network unsafely--effectively sending emails and other sensitive traffic across the network completely in the clear where anyone who added their connectivity to the network could see it. This is very, very bad.

Let me make this clear... Anyone, myself included, can at any time, add their resources to and use the TOR network, simply by joining it and using it. (Non-technical explanation for simplicity) Participants in the network pass each other's traffic back and forth randomly through encrypted links, counting on the misdirection of a massive shell game to protect their privacy. Users are supposed to encrypt all their traffic as well as an additional step to keep the last site that handles the traffic before it goes back out to the Internet at large from being able to see what's being sent around. The encryption of the TOR network itself protects the contents up to that point, but no farther. For embassies and other installations that might have things going on where a breach of security could mean people die, incorrect use of the network almost guarantees that someone's likely to get hurt--possibly many, many someones. Dan figured that if anyone can do this, bad people were probably already doing it.

After doing his due diligence and trying to tell the people using the network unsafely the mistakes they were making (and getting nowhere), Dan took the more civic-minded approach of shouting it to the heavens by publishing samples and account information of the hapless fools on his website, and announcing the disturbing results of his completely legal and ethical research to security-oriented mailing lists in hopes that people would take notice and stop endangering themselves and others. The resulting splash should certainly penetrate far and ... [ Read More (0.2k in body) ]

Hacker arrested for... um... *not* hacking?

Less than two weeks after a team of scientists created a nanoscale radio component, scientists at the Lawrence Berkeley National Laboratory have gone one better -- announcing the creation of the world's first complete nanoradio.

The breakthrough nanoradio consists of a single carbon-nanotube molecule that serves simultaneously as all the essential components of a radio -- antenna, tunable band-pass filter, amplifier and demodulator. Physicist Alex Zettl led the development team, and graduate student Kenneth Jensen built the radio.

"I'm totally amazed that it works so well," says Zettl. "Making individual components are good breakthroughs, but the holy grail was putting it all together. So we're ecstatic that we were able to achieve that full integration."

The radio opens the possibility of creating radio-controlled interfaces on the subcellular scale, which may have applications in the areas of medical and sensor technology.

Nanoelectronic systems are considered crucial to the continued miniaturization of electronic devices, and it's becoming a hot research and investment arena. Two weeks ago, a team at the University of California at Irvine announced the development of a nanoscale demodulator, an essential component of a radio.

The number of consumer products using nanotechnology -- from the iPhone to home pregnancy testing kits -- has soared from 212 to well over 500, according to the Project on Emerging Nanotechnologies' online inventory of manufacturer-identified nanotech goods in March 2006.

The nanoradio is less than one micron long and only 10 nanometers wide -- or one ten-thousandth the width of a human hair -- making it the smallest radio ever created.

The researchers' paper was published at the American Chemical Society's Nano Letters website.

The first transmission received by the nanoradio was an FM broadcast of Eric Clapton's "Layla." (The lab has posted video of that moment.) The Clapton classic was quickly followed by the Beach Boys' "Good Vibrations" and Handel's Largo from the opera Xerxes -- the first piece of music broadcast by radio, on Dec. 24, 1906.

The nanoradio's amplifier operates on the same principles as vacuum-tube radios from the 1940s and early '50s, says Zettl.

"We've come full circle. We're using the old vacuum-tube principle of having electrons jump off the tip of the nanotube onto another electrode, rather than the conventional solid-state transistor principle," says Zettl.

The electronic properties of this electron-emitting nanotube function as the radio's demodulator -- making a complete radio possible within a single molecule.

The audio quality "can be very good," says Zettl, but if you listen closely, some unique effects of the radio's tiny size can be heard: an old-fashioned "scratchiness" that occurs because the device is working in the quantum regime.

"The amazing thing is that since we have such a sensitive nanosc... [ Read More (0.2k in body) ]

World's First Nanoradio Could Lead to Subcellular Remote-Control Interfaces