Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Government

Snowden Documents Show How Well NSA Codebreakers Can Pry 165

Posted by timothy
from the keeping-you-well-under-surveillance dept.
Der Spiegel has published today an excellent summary of what some of Edward Snowden's revelations show about the difficulty (or, generally, ease) with which the NSA and collaborating intelligence services can track, decrypt, and correlate different means of online communication. An interesting slice: The NSA and its allies routinely intercept [HTTPS] connections -- by the millions. According to an NSA document, the agency intended to crack 10 million intercepted https connections a day by late 2012. The intelligence services are particularly interested in the moment when a user types his or her password. By the end of 2012, the system was supposed to be able to "detect the presence of at least 100 password based encryption applications" in each instance some 20,000 times a month. For its part, Britain's GCHQ collects information about encryption using the TLS and SSL protocols -- the protocols https connections are encrypted with -- in a database called "FLYING PIG." The British spies produce weekly "trends reports" to catalog which services use the most SSL connections and save details about those connections. Sites like Facebook, Twitter, Hotmail, Yahoo and Apple's iCloud service top the charts, and the number of catalogued SSL connections for one week is in the many billions -- for the top 40 sites alone. ... The NSA also has a program with which it claims it can sometimes decrypt the Secure Shell protocol (SSH). This is typically used by systems administrators to log into employees' computers remotely, largely for use in the infrastructure of businesses, core Internet routers and other similarly important systems. The NSA combines the data collected in this manner with other information to leverage access to important systems of interest.
Piracy

The Open Bay Helps Launch 372 'Copies' of the Pirate Bay In a Week 61

Posted by timothy
from the triple-digits dept.
An anonymous reader writes isoHunt, the group now best known for launching The Old Pirate Bay, has shared an update a week after debuting The Open Bay. The Pirate Bay, the most popular file sharing website on the planet, still isn't back following police raids on its data center in Sweden, but its "cause" is very much alive. So far, 372 "copies" of The Pirate Bay have been created thanks to the project. The torrent database dump, which combines content from isoHunt, KickassTorrents (via its public API), and The Old Pirate Bay, has seen 1,256 downloads to date.
Databases

Net Neutrality Comments Overtaxed FCC's System 32

Posted by Soulskill
from the maybe-it's-time-for-an-upgrade dept.
Presto Vivace writes with news that the FCC has had trouble dealing with the sheer volume of comments submitted about net neutrality. There were millions of them, and they caused problems with the agency's 18-year-old Electronic Comment Filing System (ECFS). When the FCC attempted to dump the comments into XML format to make download and analysis easier, problems with Apache Solr meant roughly 680,000 didn't make the transfer. The agency promised to release a new set of fixed XML files in January that include all of the dropped comments. Despite many reports that the comments were "lost," they're all available using the ECFS.
Cloud

The Joys and Hype of Hadoop 55

Posted by samzenpus
from the ups-and-downs dept.
theodp writes "Investors have poured over $2 billion into businesses built on Hadoop," writes the WSJ's Elizabeth Dwoskin, "including Hortonworks Inc., which went public last week, its rivals Cloudera Inc. and MapR Technologies, and a growing list of tiny startups. Yet companies that have tried to use Hadoop have met with frustration." Dwoskin adds that Hadoop vendors are responding with improvements and additions, but for now, "It can take a lot of work to combine data stored in legacy repositories with the data that's stored in Hadoop. And while Hadoop can be much faster than traditional databases for some purposes, it often isn't fast enough to respond to queries immediately or to work on incoming information in real time. Satisfying requirements for data security and governance also poses a challenge."
The Courts

Apple Wins iTunes DRM Case 191

Posted by Soulskill
from the drm-protected-history-is-written-by-the-victors dept.
An anonymous reader sends word that Apple's iTunes DRM case has already been decided. The 8-person jury took only a few hours to decide that the features introduced in iTunes 7.0 were good for consumers and did not violate antitrust laws. Following the decision, the plaintiff's head attorney Patrick Coughlin said an appeal is already planned. He also expressed frustrations over getting two of the security features — one that checks the iTunes database, and another that checks each song on the iPod itself — lumped together with the other user-facing features in the iTunes 7.0 update, like support for movies and games. "At least we got a chance to get it in front of the jury," he told reporters. ... All along, Apple's made the case that its music store, jukebox software, and hardware was simply an integrated system similar to video game consoles from Sony, Microsoft, and Nintendo. It built all those pieces to work together, and thus it would be unusual to expect any one piece from another company to work without issues, Apple's attorneys said. But more importantly, Apple offered, any the evolution of its DRM that ended up locking out competitors was absolutely necessary given deals it had with the major record companies to patch security holes.
Science

How Birds Lost Their Teeth 138

Posted by samzenpus
from the no-more-floss dept.
An anonymous reader writes A research team from the University of California, Riverside and Montclair State University, New Jersey, have found that the lack of teeth in all living birds can be traced back to a common ancestor who lived about 116 million years ago. From the article: "To solve this puzzle, the researchers used a recently created genome database that catalogues the genetic history of nearly all living bird orders--48 species in total. They were looking for two specific types of genes: one responsible for dentin, the substance that (mostly) makes up teeth, and another for the enamel that protects them. Upon finding these genes, researchers then located the mutations that deactivate them, and combed the fossil record to figure out when those mutations developed. They concluded that the loss of teeth and the development of the beak was a two-stage process, though the steps basically happened simultaneously. The paper states: 'In the first stage, tooth loss and partial beak development began on the anterior portion of both the upper and lower jaws. The second stage involved concurrent progression of tooth loss and beak development from the anterior portion of both jaws to the back of the rostrum.'"
The Military

Every Weapon, Armored Truck, and Plane the Pentagon Gave To Local Police 191

Posted by samzenpus
from the going-down-the-list dept.
v3rgEz writes You may have heard that the image-conscious Los Angeles Unified School District chose to return the grenade launchers it received from the Defense Department's surplus equipment program. You probably have not heard about some of the more obscure beneficiaries of the Pentagon giveaway, but now you can after MuckRock got the Department of Defense to release the full database, letting anyone browse what gear their local department has received.
Stats

'Moneyball' Approach Reduces Crime In New York City 218

Posted by timothy
from the precrime-works-citizens dept.
HughPickens.com writes The NYT reports that NY County District Attorney Cyrus Vance Jr.'s most significant initiative has been to transform, through the use of data, the way district attorneys fight crime. "The question I had when I came in was, Do we sit on our hands waiting for crime to tick up, or can we do something to drive crime lower?" says Vance. "I wanted to develop what I call intelligence-driven prosecution." When Vance became DA in 2009, it was glaringly evident that assistant D.A.s fielding the 105,000-plus cases a year in Manhattan seldom had enough information to make nuanced decisions about bail, charges, pleas or sentences. They were narrowly focused on the facts of cases in front of them, not on the people committing the crimes. They couldn't quickly sort minor delinquents from irredeemably bad apples. They didn't know what havoc defendants might be wreaking in other boroughs.
United Kingdom

UK Authorities Launching Massive Child Abuse Database 150

Posted by Soulskill
from the saving-gallons-of-eye-bleach dept.
mrspoonsi sends news that "Data taken from tens of millions of child abuse photos and videos will shortly be used as part of a new police system to aid investigations into suspected pedophiles across the UK." The Child Abuse Image Database (CAID) will be available to authorities starting December 11th. It's been populated with data seized in earlier investigations. The database assigns a hash to each photograph, so when a new drive full of illegal images is confiscated, it can immediately be plugged in and quickly scanned to see if there are any matches. It will also catalog GPS coordinates from Exif data.

The purpose of CAID is to eliminate the duplication of effort when investigating these photos. Often when storage drives are seized, they contain thousands or millions of images, and dozens of different police departments could end up unknowingly investigating the same victims. Law enforcement liaison officer Johann Hofmann said, "We're looking at 70, 80, up to 90% work load reduction. We're seeing investigations being reduced from months to days."
Social Networks

Crowd-Sourced Experiment To Map All Human Skills 70

Posted by samzenpus
from the what-can-you-do? dept.
spadadot writes French-based startup has just launched a website that will let you add your skills to a comprehensive map of human skills. As quoted from their website "We aim to build the largest, most accurate, multilingual skills database ever made, by allowing a diverse and skillful community to contribute their individual skills to the global map." The ontology is simple: skills can have zero or more sub-skills. Every new skill is available in all supported languages (only English and French at the moment). The crowdsourced data is free for non-commercial use."
Cloud

Amazon Goes After Oracle (Again) With New Aurora Database 102

Posted by samzenpus
from the brand-new dept.
Sez Zero writes with news about the latest from Amazon Web Services. "Once again Amazon Web Services is taking on Oracle, the kingpin of relational databases, with Aurora, a relational database that is as capable as 'proprietary database engines at 1/10 the cost,' according to AWS SVP Andy Jassy. Amazon is right that customers, even big Oracle customers who hesitate to dump tried-and-true database technology are sick of Oracle’s cost structure and refusal to budge from older licensing models. Still there are very few applications that are more “sticky” than databases, which after typically contains the keys to the kingdom. Financial institutions see their use of Oracle databases as almost a pre-requisite for compliance, although that perception may be changing."
Privacy

Judge Says Public Has a Right To Know About FBI's Facial Recognition Database 79

Posted by samzenpus
from the now-you-know dept.
schwit1 writes U.S. District Judge Tanya Chutkan said the bureau's Next Generation Identification program represents a "significant public interest" due to concerns regarding its potential impact on privacy rights and should be subject to rigorous transparency oversight. "There can be little dispute that the general public has a genuine, tangible interest in a system designed to store and manipulate significant quantities of its own biometric data, particularly given the great numbers of people from whom such data will be gathered," Chutkan wrote in an opinion.
Databases

Ask Slashdot: Choosing a Data Warehouse Server System? 147

Posted by timothy
from the index-cards-and-an-actual-warehouse dept.
New submitter puzzled_decoy writes The company I work has decided to get in on this "big data" thing. We are trying to find a good data warehouse system to host and run analytics on, you guessed it, a bunch of data. Right now we are looking into MSSQL, a company called Domo, and Oracle contacted us. Google BigQuery may be another option. At its core, we need to be able to query huge amounts of data in sometimes rather odd ways. We need a strong ETLlayer, and hopefully we can put some nice visual reporting service on top of wherever the data is stored. So, what is your experience with "big data" servers and services? What would you recommend, and what are the pitfalls you've encountered?
Earth

Using Naval Logbooks To Reconstruct Past Weather and Predict Future Climate 102

Posted by Soulskill
from the climate-change-destroyed-the-mermaid's-natural-habitat dept.
Lasrick writes: What a great idea: the Old Weather Project uses old logbooks to study the weather patterns of long ago, providing a trove of archival data to scientists who are trying to fill in the details of our knowledge about the atmosphere and the changing climate. "Pity the poor navigator who fell asleep on watch and failed to update his ship's logbook every four hours with details about its geographic position, time, date, wind direction, barometric readings, temperatures, ocean currents, and weather conditions." As Clive Wilkinson of the UK's National Maritime Museum adds, "Anything you read in a logbook, you can be sure that it is a true and faithful account."

The Old Weather Project uses citizen scientists to transcribe and digitize observations that were scrupulously recorded on a clockwork-like basis, and it is one of several that climate scientists are using to create "a three-dimensional computer simulation that will provide a continuous, century-and-a-half-long profile of the entire planet's climate over time" — the 20th Century Reanalysis Project. Data is checked and rechecked by three different people before entry into the database, and the logbook measurements are especially valuable because they were compiled at sea.
United Kingdom

Secret Policy Allows GCHQ Bulk Access To NSA Data 95

Posted by samzenpus
from the have-some-data dept.
hazeii writes Though legal proceedings following the Snowden revelations, Liberty UK have succeeded in forcing GCHQ to reveal secret internal policies allowing Britain's intelligence services to receive unlimited bulk intelligence from the NSA and other foreign agencies and to keep this data on a massive searchable databases, all without a warrant. Apparently, British intelligence agencies can "trawl through foreign intelligence material without meaningful restrictions", and can keep copies of both content and metadata for up to two years. There is also mention of data obtained "through US corporate partnerships". According to Liberty, this raises serious doubts about oversight of the UK Intelligence and Security Committee and their reassurances that in every case where GCHQ sought information from the US, a warrant for interception signed by a minister was in place.

Eric King, Deputy Director of Privacy international, said: "We now know that data from any call, internet search, or website you visited over the past two years could be stored in GCHQ's database and analyzed at will, all without a warrant to collect it in the first place. It is outrageous that the Government thinks mass surveillance, justified by secret 'arrangements' that allow for vast and unrestrained receipt and analysis of foreign intelligence material is lawful. This is completely unacceptable, and makes clear how little transparency and accountability exists within the British intelligence community."
Databases

Python-LMDB In a High-Performance Environment 98

Posted by Soulskill
from the fast-enough-to-cause-drama dept.
lkcl writes: In an open letter to the core developers behind OpenLDAP (Howard Chu) and Python-LMDB (David Wilson) is a story of a successful creation of a high-performance task scheduling engine written (perplexingly) in Python. With only partial optimization allowing tasks to be executed in parallel at a phenomenal rate of 240,000 per second, the choice to use Python-LMDB for the per-task database store based on its benchmarks, as well as its well-researched design criteria, turned out to be the right decision. Part of the success was also due to earlier architectural advice gratefully received here on Slashdot. What is puzzling, though, is that LMDB on Wikipedia is being constantly deleted, despite its "notability" by way of being used in a seriously-long list of prominent software libre projects, which has been, in part, motivated by the Oracle-driven BerkeleyDB license change. It would appear that the original complaint about notability came from an Oracle employee as well.
Security

Drupal Fixes Highly Critical SQL Injection Flaw 54

Posted by samzenpus
from the protect-ya-neck dept.
An anonymous reader writes Drupal has patched a critical SQL injection vulnerability in version 7.x of the content management system that can allow arbitrary code execution. The flaw lies in an API that is specifically designed to help prevent against SQL injection attacks. "Drupal 7 includes a database abstraction API to ensure that queries executed against the database are sanitized to prevent SQL injection attacks," the Drupal advisory says. "A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. Depending on the content of the requests this can lead to privilege escalation, arbitrary PHP execution, or other attacks."
Oracle

Oracle Database Certifications Are No Longer Permanent 108

Posted by Soulskill
from the you're-now-allowed-to-forget-things dept.
jfruh writes: It used to be that you could get an Oracle database certification and declare yourself Oracle-certified for the rest of your career. That time is now over, causing a certain amount of consternation among DBAs. On the one hand, it makes sense that someone who's only been certified on a decade-old version of the product should need to prove they've updated their skills. On the other, Oracle charges for certification and will definitely profit from this shift."
Security

Snapchat Says Users Were Victimized By Their Use of Third-Party Apps 90

Posted by Soulskill
from the illusion-of-impermanence dept.
Lucas123 writes: Reports that the servers of photo messaging site Snapchat were hacked are being denied by the company, which is now is saying its users were instead victimized by their use of third-party apps to send and receive Snaps. Hackers on 4chan have said broke into the site and they're preparing to release 200,000 photos or videos in their own database that will be searchable by Snapchatter name. According to one report, the third-party Snapchat client app enabled access for years to the data that was supposed have been deleted. The hackers have said they have a 13GB photo library. For its part, Snapchat in a statement reiterated its Terms of Use Policy, that "expressly prohibits" third-party app use "because they compromise our users' security."
Advertising

Why Do Contextual Ads Fail? 249

Posted by timothy
from the pandemic-tone-deafness dept.
minstrelmike writes If we give up all our privacy on-line for contextual ads, then how come so many of them are so far off the mark? Personal data harvesting for contextual ads and content should be a beautiful thing. They do it privately and securely, and it's all automated so that no human being actually learns anything about you. And then the online world becomes customized, just for you. The real problem with this scenario is that is we're paying for contextual ads and content with our personal data, but we're not getting what we pay for. Facebook advertising is off target and almost completely irrelevant. The question is: Why? Facebook has a database of our explicitly stated interests, which many users fill out voluntarily. Facebook sees what we post about. It knows who we interact with. It counts our likes, monitors our comments and even follows us around the Web. Yet, while the degree of personal data collection is extreme, the advertising seems totally random.

Don't sweat it -- it's only ones and zeros. -- P. Skelly

Working...