Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Government

US Government Fights To Not Explain No-Fly List Selection Process 244

Posted by Soulskill
from the you-can-trust-us dept.
An anonymous reader writes: On August 6, U.S. District Judge Anthony Trenga ordered the federal government to "explain why the government places U.S. citizens who haven't been convicted of any violent crimes on its no-fly database." Unsurprisingly, the federal government objected to the order, once more claiming that to divulge their no-fly list criteria would expose state secrets and thus pose a national security threat. When the judge said he would read the material privately, the government insisted that reading the material "would not assist the Court in deciding the pending Motion to Dismiss (PDF) because it is not an appropriate means to test the scope of the assertion of the State Secrets privilege." The federal government has until September 7 to comply with the judge's order unless the judge is swayed by the government's objection.
Red Hat Software

How Red Hat Can Recapture Developer Interest 232

Posted by Soulskill
from the cookies-will-do-the-trick dept.
snydeq writes: Developers are embracing a range of open source technologies, writes Matt Asay, virtually none of which are supported or sold by Red Hat, the purported open source leader. "Ask a CIO her choice to run mission-critical workloads, and her answer is a near immediate 'Red Hat.' Ask her developers what they prefer, however, and it's Ubuntu. Outside the operating system, according to AngelList data compiled by Leo Polovets, these developers go with MySQL, MongoDB, or PostgreSQL for their database; Chef or Puppet for configuration; and ElasticSearch or Solr for search. None of this technology is developed by Red Hat. Yet all of this technology is what the next generation of developers is using to build modern applications. Given that developers are the new kingmakers, Red Hat needs to get out in front of the developer freight train if it wants to remain relevant for the next 20 years, much less the next two."
Businesses

Companies That Don't Understand Engineers Don't Respect Engineers 371

Posted by Soulskill
from the if-you-aren't-part-of-the-solution,-you're-part-of-the-preciptate dept.
An anonymous reader writes Following up on a recent experiment into the status of software engineers versus managers, Jon Evans writes that the easiest way to find out which companies don't respect their engineers is to learn which companies simply don't understand them. "Engineers are treated as less-than-equal because we are often viewed as idiot savants. We may speak the magic language of machines, the thinking goes, but we aren't business people, so we aren't qualified to make the most important decisions. ... Whereas in fact any engineer worth her salt will tell you that she makes business decisions daily–albeit on the micro not macro level–because she has to in order to get the job done. Exactly how long should this database field be? And of what datatype? How and where should it be validated? How do we handle all of the edge cases? These are in fact business decisions, and we make them, because we're at the proverbial coal face, and it would take forever to run every single one of them by the product people and sometimes they wouldn't even understand the technical factors involved. ... It might have made some sense to treat them as separate-but-slightly-inferior when technology was not at the heart of almost every business, but not any more."
Sci-Fi

Where are the Flying Cars? (Video; Part Two of Two) 66

Posted by Soulskill
from the fly-me-to-the-moon dept.
Yesterday we ran Part One of this two-part video. This is part two. To recap yesterday's text introduction: Detroit recently hosted the North American Science Fiction Convention, drawing thousands of SF fans to see and hear a variety of talks on all sorts of topics. One of the biggest panels featured a discussion on perhaps the greatest technological disappointment of the past fifty years: Where are our d@%& flying cars? Panelists included author and database consultant Jonathan Stars, expert in Aeronautical Management and 20-year veteran of the Air Force Douglas Johnson, author and founder of the Artemis Project Ian Randal Strock, novelist Cindy A. Matthews, Fermilab physicist Bill Higgins, general manager of a nanotechnology company Dr. Charles Dezelah, and astrobiology expert Dr. Nicolle Zellner. As it turns out, the reality of situation is far less enticing than the dream -- but new technologies offer a glimmer of hope. (Alternate Video Link)
Crime

Fugitive Child Sex Abuser Caught By Face-Recognition Technology 232

Posted by Soulskill
from the casting-wider-nets-through-technology dept.
mrspoonsi sends this BBC report: "A U.S. juggler facing child sex abuse charges, who jumped bail 14 years ago, has been arrested in Nepal after the use of facial-recognition technology. Street performer Neil Stammer traveled to Nepal eight years ago using a fake passport under the name Kevin Hodges. New facial-recognition software matched his passport picture with a wanted poster the FBI released in January. Mr Stammer, who had owned a magic shop in New Mexico, has now been returned to the U.S. state to face trial. The Diplomatic Security Service, which protects U.S. embassies and checks the validity of U.S. visas and passports, had been using FBI wanted posters to test the facial-recognition software, designed to uncover passport fraud. The FBI has been developing its own facial-recognition database as part of the bureau's Next Generation Identification program."
Transportation

Where are the Flying Cars? (Video; Part One of Two) 107

Posted by Soulskill
from the keeping-up-with-the-jetsons dept.
Detroit recently hosted the North American Science Fiction Convention, drawing thousands of SF fans to see and hear a variety of talks on all sorts of topics. One of the biggest panels featured a discussion on perhaps the greatest technological disappointment of the past fifty years: Where are our d@%& flying cars? Panelists included author and database consultant Jonathan Stars, expert in Aeronautical Management and 20-year veteran of the Air Force Douglas Johnson, author and founder of the Artemis Project Ian Randal Strock, novelist Cindy A. Matthews, Fermilab physicist Bill Higgins, general manager of a nanotechnology company Dr. Charles Dezelah, and astrobiology expert Dr. Nicolle Zellner. This video and the one you'll see tomorrow show their lively discussion about the economic, social, and political barriers to development and adoption of affordable flying cars. (Alternate Video Link)
Oracle

Oracle Database Redaction Trivial To Bypass, Says David Litchfield 62

Posted by timothy
from the let-me-ask-that-another-way dept.
msm1267 (2804139) writes "Researcher David Litchfield is back at it again, dissecting Oracle software looking for critical bugs. At the Black Hat 2014 conference, Litchfield delivered research on a new data redaction service the company added in Oracle 12c. The service is designed to allow administrators to mask sensitive data, such as credit card numbers or health information, during certain operations. But when Litchfield took a close look he found a slew of trivially exploitable vulnerabilities that bypass the data redaction service and trick the system into returning data that should be masked."
Security

Massive Russian Hack Has Researchers Scratching Their Heads 102

Posted by timothy
from the schroedinger's-breach dept.
itwbennett writes Some security researchers on Wednesday said it's still unclear just how serious Hold Security's discovery of a massive database of stolen credentials really is. "The only way we can know if this is a big deal is if we know what the information is and where it came from," said Chester Wisniewski, a senior security advisor at Sophos. "But I can't answer that because the people who disclosed this decided they want to make money off of this. There's no way for others to verify." Wisniewski was referring to an offer by Hold Security to notify website operators if they were affected, but only if they sign up for its breach notification service, which starts at $120 per year.
Privacy

40% Of People On Terror Watch List Have No Terrorist Ties 256

Posted by Unknown Lamer
from the friendly-neighborhood-terrorist dept.
Advocatus Diaboli (1627651) writes with the chilling, but not really surprising, news that the U.S. government is aware that many names in its terrorist suspect database are not linked to terrorism in any way. From the article: Nearly half of the people on the U.S. government's widely shared database of terrorist suspects are not connected to any known terrorist group, according to classified government documents obtained by The Intercept. Of the 680,000 people caught up in the government's Terrorist Screening Database — a watchlist of "known or suspected terrorists" that is shared with local law enforcement agencies, private contractors, and foreign governments — more than 40 percent are described by the government as having "no recognized terrorist group affiliation." That category — 280,000 people — dwarfs the number of watchlisted people suspected of ties to al Qaeda, Hamas, and Hezbollah combined.
Mozilla

Mozilla Dumps Info of 76,000 Developers To Public Web Server 80

Posted by samzenpus
from the for-everyone's-eyes dept.
wiredmikey writes Mozilla warned on Friday that it had mistakenly exposed information on almost 80,000 members of its Mozilla Developer Network (MDN) as a result of a botched data sanitization process. The discovery was made around June 22 by one of Mozilla's Web developers, Stormy Peters, Director of Developer Relations at Mozilla, said in a security advisory posted to the Mozilla Security Blog on Friday. "Starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server," Peters wrote. According to Peters, the encrypted passwords were salted hashes and they by themselves cannot currently be used to authenticate with the MDN. However, Peters warned that MDN users may be at risk if they reused their original MDN passwords on other non-Mozilla websites or authentication systems.
Bug

Passport Database Outage Leaves Thousands Stranded 162

Posted by Unknown Lamer
from the maintenance-considered-harmful dept.
linuxwrangler (582055) writes Job interviews missed, work and wedding plans disrupted, children unable to fly home with their adoptive parents. All this disruption is due to a outage involving the passport and visa processing database at the U.S. State Department. The problems have been ongoing since July 19 and the best estimate for repair is "soon." The system "crashed shortly after maintenance."
Businesses

Ask Slashdot: When Is It Better To Modify the ERP vs. Interfacing It? 209

Posted by timothy
from the which-point-in-the-chain dept.
New submitter yeshuawatso writes I work for one of the largest HVAC manufacturers in the world. We've currently spent millions of dollars investing in an ERP system from Oracle (via a third-party implementor and distributor) that handles most of our global operations, but it's been a great ordeal getting the thing to work for us across SBUs and even departments without having to constantly go back to the third-party, whom have their hands out asking for more money. What we've also discovered is that the ERP system is being used for inputting and retrieving data but not for managing the data. Managing the data is being handled by systems of spreadsheets and access databases wrought with macros to turn them into functional applications. I'm asking you wise and experienced readers on your take if it's a better idea to continue to hire our third-party to convert these applications into the ERP system or hire internal developers to convert these applications to more scalable and practical applications that interface with the ERP (via API of choice)? We have a ton of spare capacity in data centers that formerly housed mainframes and local servers that now mostly run local Exchange and domain servers. We've consolidated these data centers into our co-location in Atlanta but the old data centers are still running, just empty. We definitely have the space to run commodity servers for an OpenStack, Eucalyptus, or some other private/hybrid cloud solution, but would this be counter productive to the goal of standardizing processes. Our CIO wants to dump everything into the ERP (creating a single point of failure to me) but our accountants are having a tough time chewing the additional costs of re-doing every departmental application. What are your experiences with such implementations?
Networking

Ask Slashdot: Is Running Mission-Critical Servers Without a Firewall Common? 348

Posted by Soulskill
from the common-enough-to-make-you-sad dept.
An anonymous reader writes: I do some contract work on the side, and am helping a client set up a new point-of-sale system. For the time being, it's pretty simple: selling products, keeping track of employee time, managing inventory and the like. However, it requires a small network because there are two clients, and one of the clients feeds off of a small SQL Express database from the first. During the setup, the vendor disabled the local firewall, and in a number of emails back and forth since (with me getting more and more aggravated) they went from suggesting that there's no need for a firewall, to outright telling me that's just how they do it and the contract dictates that's how we need to run it. This isn't a tremendous deal today, but with how things are going, odds are there will be e-Commerce worked into it, and probably credit card transactions... which worries the bejesus out of me.

So my question to the Slashdot masses: is this common? In my admittedly limited networking experience, it's been drilled into my head fairly well that not running a firewall is lazy (if not simply negligent), and to open the appropriate ports and call it a day. However, I've seen forum posts here and there with people admitting they run their clients without firewalls, believing that the firewall on their incoming internet connection is good enough, and that their client security will pick up the pieces. I'm curious how many real professionals do this, or if the forum posts I'm seeing (along with the vendor in question) are just a bunch of clowns.
Oracle

Oracle Offers Custom Intel Chips and Unanticipated Costs 97

Posted by timothy
from the your-fries-come-with-lobster dept.
jfruh (300774) writes "For some time, Intel has been offering custom-tweaked chips to big customers. While most of the companies that have taken them up on this offer, like Facebook and eBay, put the chips into servers meant for internal use, Oracle will now be selling systems running on custom Xeons directly to end users. Those customers need to be careful about how they configure those systems, though: in the new Oracle 12c, the in-memory database option, which costs $23,000 per processor, is turned on by default."
Piracy

For Now, UK Online Pirates Will Get 4 Warnings -- And That's It 143

Posted by timothy
from the on-high-alert dept.
New submitter Tmackiller writes with an excerpt from VG247.com: The British government has decriminalised online video game, music and movie piracy, scrapping fuller punishment plans after branding them unworkable. Starting in 2015, persistent file-sharers will be sent four warning letters explaining their actions are illegal, but if the notes are ignored no further action will be taken. The scheme, named the Voluntary Copyright Alert Programme (VCAP), is the result of years of talks between ISPs, British politicians and the movie and music industries. The UK's biggest providers – BT, TalkTalk, Virgin and Sky – have all signed up to VCAP, and smaller ISPs are expected to follow suit. VCAP replaces planned anti-piracy measures that included cutting users' internet connections and creating a database of file-sharers. Geoff Taylor, chief executive of music trade body the BPI, said VCAP was about "persuading the persuadable, such as parents who do not know what is going on with their net connection." He added: "VCAP is not about denying access to the internet. It's about changing attitudes and raising awareness so people can make the right choice." Officials will still work to close and stem funding to file-sharing sites, but the news appears to mean that the British authorities have abandoned legal enforcement of online media piracy. Figures recently published by Ofcom said that nearly a quarter of all UK downloads were of pirated content." Tmackiller wants to know "Will this result in more private lawsuits against file sharers by the companies involved?"
Government

Activist Group Sues US Border Agency Over New, Vast Intelligence System 83

Posted by samzenpus
from the lets-see-what-you-have-there dept.
An anonymous reader writes with news about one of the latest unanswered FOIA requests made to the Department of Homeland Security and the associated lawsuit the department's silence has brought. The Electronic Privacy Information Center (EPIC) has sued the United States Customs and Border Protection (CBP) in an attempt to compel the government agency to hand over documents relating to a relatively new comprehensive intelligence database of people and cargo crossing the US border. EPIC's lawsuit, which was filed last Friday, seeks a trove of documents concerning the 'Analytical Framework for Intelligence' (AFI) as part of a Freedom of Information Act (FOIA) request. EPIC's April 2014 FOIA request went unanswered after the 20 days that the law requires, and the group waited an additional 49 days before filing suit. The AFI, which was formally announced in June 2012 by the Department of Homeland Security (DHS), consists of "a single platform for research, analysis, and visualization of large amounts of data from disparate sources and maintaining the final analysis or products in a single, searchable location for later use as well as appropriate dissemination."
Communications

New Technology Uses Cellular Towers For Super-Accurate Weather Measurements 42

Posted by timothy
from the gives-each-droplet-ipv6-address dept.
Iddo Genuth (903542) writes "Israeli scientists from the Tel Aviv University perfected a method for using cell phone service towers' microwave emitters to measure rain and snow and even (for the first time ) detect fog with great accuracy over vast areas in real time. The research team members have analyzed endless amounts of raw cellular data and developed more accurate ways to measure meteorological information and added more parameters that they can now measure using their growing database. When combined with existing meteorological monitoring technologies such as radars and local ground based weather stations, the results show unprecedented level of accuracy that can give better and further weather forecast as well as special warnings about upcoming floods, fog and hail which can affect both people and crop production."
Crime

Hackers Ransom European Domino's Customer Data (including Favourite Toppings) 100

Posted by timothy
from the pineapple-and-olives-kinky dept.
stephendavion (2872091) writes Hackers who compromised the servers of Domino's Pizza have demanded a ransom of €30,000 or they will publish the records of more than 600,000 customers – including their favourite toppings. "Earlier this week, we hacked our way into the servers of Domino's Pizza France and Belgium, who happen to share the same vulnerable database," wrote Rex Mundi [the name the perpetrators go by]. "And boy, did we find some juicy stuff in there!"
Censorship

Canadian Court Orders Google To Remove Websites From Its Global Index 248

Posted by timothy
from the youthful-indiscretion dept.
An anonymous reader writes In the aftermath of the European Court of Justice "right to be forgotten" decision, many asked whether a similar ruling could arise elsewhere. While a privacy-related ruling has yet to hit Canada, Michael Geist reports that last week a Canadian court relied in part on the decision in issuing an unprecedented order requiring Google to remove websites from its global index. The ruling is unusual since its reach extends far beyond Canada. Rather than ordering the company to remove certain links from the search results available through Google.ca, the order intentionally targets the entire database, requiring the company to ensure that no one, anywhere in the world, can see the search results.
Security

Transforming the Web Into a Transparent 'HTTPA' Database 69

Posted by timothy
from the security-still-needed-note dept.
An anonymous reader writes MIT researchers believe the solution to misuse and leakage of private data is more transparency and auditability, not adding new layers of security. Traditional approaches make it hard, if not impossible, to share data for useful purposes, such as in healthcare. Enter HTTPA, HTTP with accountability.
From the article: "With HTTPA, each item of private data would be assigned its own uniform resource identifier (URI), a component of the Semantic Web that, researchers say, would convert the Web from a collection of searchable text files into a giant database. Every time the server transmitted a piece of sensitive data, it would also send a description of the restrictions on the data’s use. And it would also log the transaction, using the URI, in a network of encrypted servers."

"Floggings will continue until morale improves." -- anonymous flyer being distributed at Exxon USA

Working...