Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Comment Re:Run as user AND back-ups (Score 2) 167

by mlts (#49348067) Attached to: NJ School District Hit With Ransomware-For-Bitcoins Scheme

Most backups would be erased or encrypted by the ransomware. The problem is that people think in terms of disk failures or hardware failures, so have their backup solution based around this. Just this in mind, going with two SANs that replicate with each other asynchronously is the best thing to do, since the data is always available.

However, this doesn't factor in software designed to corrupt/encrypt backups over a long haul. This is going to take a dedicated backup server that pulls backups and stores them in a place where a machine cannot access (and thus tamper) with stored data. It also takes a long data retention policy, just in case.

However, in a lot of places, backups are like security -- they are viewed as having no ROI, so at best, you might get some mechanism to stash stuff on disk, but if a machine can back up to the disk directly, it likely can erase/modify stored data.

Comment Re:Be careful of the term "terrorist attack" (Score 1) 737

by Mr. Slippery (#49344345) Attached to: Germanwings Plane Crash Was No Accident

The fact that no attack occured gives the talking heads leeway to claim there was no "terrorist attack."

A terrorist is a person who attempts to bring about political change by "illegitimate" (i.e., non-state) violence.

Mass murder is only terrorism if it is an attack on a political entity, or is an attempt to scare a nation's population into something.

Unless someone says, "We're going to keep crash your planes until you do such-and-such", this isn't terrorism. There's no attempt to bring about political change involved, only murder, motive unknown.

Comment Same can happen at a cloud provider... (Score 1) 262

by mlts (#49338889) Attached to: RadioShack Puts Customer Data Up For Sale In Bankruptcy Auction

One scenario that I worry about with cloud providers is exactly this. The provider goes bankrupt, sells all data to someone else, and they now have all the servers and can use the container information, free, clear, with nothing the clients of the former cloud provider able to do about it legally, barring copyright violations.

Both Borders and RS both show a lesson -- yes, there is a privacy policy with company "A", but when the servers get under the ownership of a new company, that policy is out the window, and the data can be used for anything that the new owners desire. Multi-TB torrent? Perfectly legal.

If a cloud provider changes hands, I can see a new company digging through data just to extort people. Say they find a sex toy maker's customer list on a server. They can then send out a note that all customers of this maker will have their named published unless they "buy into" a privacy policy (removing the name from the list) for the low price of $99.99. Since the new company 100% owns the data, free and clear, this is perfectly legal.

Comment Re:I am not worried (Score 1, Informative) 262

by MightyMartian (#49338827) Attached to: RadioShack Puts Customer Data Up For Sale In Bankruptcy Auction

I bought lots of stuff off of RadioShack back in ye olden days. Two computers (an MC-10 and a CoCo3), several game ROMs, two printers, a one-sided floppy drive, OS/9 level 2, and dozens of doo-dads for various projects.

So yeah, if RadioShack wants to sell the fact that I bought a TP-10 thermal printer back in 1983, then go to town!
The Military

How Nuclear Weapon Modernization Undercuts Disarmament 228

Posted by Soulskill from the perfecting-the-planetcracker dept.
Lasrick writes: John Mecklin details exactly how nuclear weapons modernization is kick-starting a new arms race, and how modernizing these weapons to make them more accurate and stealthy puts the world at even greater risk of nuclear war: "[T]his is precisely why the U.S. Congress rejected the Air Force’s requests for low-yield, precision-guided nuclear weapons in the 1990s: Their very accuracy increases the temptation to use them." The issue is not getting very much attention, but the patience of the non-nuclear states is wearing thin, and a breakthrough in public awareness may be on the horizon: "The disarmament debate is likely to make this spring's NPT conference a contentious one and just might be loud enough to make the public aware that a new type of nuclear arms race is unfolding around the world."
Programming

No, It's Not Always Quicker To Do Things In Memory 486

Posted by Soulskill from the performance-that-fails-to-perform dept.
itwbennett writes: It's a commonly held belief among software developers that avoiding disk access in favor of doing as much work as possible in-memory will results in shorter runtimes. To test this assumption, researchers from the University of Calgary and the University of British Columbia compared the efficiency of alternative ways to create a 1MB string and write it to disk. The results consistently found that doing most of the work in-memory to minimize disk access was significantly slower than just writing out to disk repeatedly (PDF).
Programming

A Bechdel Test For Programmers? 522

Posted by timothy from the this-code-feels-different dept.
Nerval's Lobster writes In order for a movie or television show to pass the Bechdel Test (named after cartoonist and MacArthur genius Alison Bechdel), it must feature two female characters, have those two characters talk to one another, and have those characters talk to one another about something other than a man. A lot of movies and shows don't pass. How would programming culture fare if subjected to a similar test? One tech firm, 18F, decided to find out after seeing a tweet from Laurie Voss, CTO of npm, which explained the parameters of a modified Bechdel Test. According to Voss, a project that passes the test must feature at least one function written by a woman developer, that calls a function written by another woman developer. 'The conversation started with us quickly listing the projects that passed the Bechdel coding test, but then shifted after one of our devs then raised a good point,' read 18F's blog posting on the experiment. 'She said some of our projects had lots of female devs, but did not pass the test as defined.' For example, some custom languages don't have functions, which means a project built using those languages would fail even if written by women. Nonetheless, both startups and larger companies could find the modified Bechdel Test a useful tool for opening up a discussion about gender balance within engineering and development teams.
Medicine

Hacking Weight Loss: What I Learned Losing 30 Pounds 496

Posted by timothy from the can't-be-more-than-a-hundred-and-ninety-seven dept.
reifman writes The CDC reports that 69% of adult Americans are overweight or obese. Techies like us are at increased risk because of our sedentary lifestyles. Perhaps you even scoffed at Neilsen's recent finding that some Americans spend only 11 hours daily of screen time. Over the last nine months, I've lost 30 pounds and learned a lot about hacking weight loss and I did it without fad diets, step trackers, running or going paleo. No such discussion is complete without a link to the Hacker Diet.

Comment Re:Sooo .. (Score 1) 127

http://goo.gl/z8ti3D

From a root command line, you can do:

vdc cryptfs changepw newpass

(where newpass is your new password for the dm-crypt volume... which is your /data partition.)

There is also apps that do this as well, but you need root.

Of course, when you change your screen lock PIN, it will change the boot password, but that is a given.
Security

The Bulletin of the Atomic Scientists Introduces the Doomsday Dashboard 92

Posted by samzenpus from the for-your-viewing-pleasure dept.
Lasrick writes You probably know the hand on the Doomsday Clock now rests at 3 minutes to midnight. The Bulletin of the Atomic Scientists has launched a pretty cool little interactive Dashboard that lets you see data that the Bulletin's Science and Security Board considers when making the decision on the Clock's time each year. There are interactive graphs that show global nuclear arsenals, nuclear material security breaches, and how much weapons-grade plutonium and uranium is stored (and where). The climate change section features graphs of global sea level rise over time, Arctic sea ice minimums. atmospheric carbon dioxide levels, and differences in global temperature. There's also a section for research on biosecurity and emerging technologies.

Comment Re:Sooo .. (Score 1) 127

Those are some good suggestions. I might add a few myself:

1: If your device is rooted, you can separate the password that unlocks the /data partition from the PIN that unlocks the screen. This way, you have 4-5 digits that are quickly typed in... but if a thief decides to reboot the phone or power it off, they are facing the 20-30+ character passphrase... and most newer Android ROMs only allow 30 guesses before they do an erase.

2: Enable encryption of the /data partition. This is worth mentioning.

3: There is an app that will detect if the power button is pressed six times quickly, and send out a duress code. Forgot the name, but might be worth having.

4: Some ROMs will do some form of encryption on the SD card. If not, you can get an EncFS app, or BoxCryptor (which is a commercial/subscription version that uses EncFS as its base.)

5: Consider a backup program like Titanium Backup which uses a very reliable encryption mechanism (it uses a passphrase for a private key, and uses a public key for backups), and can save the encrypted backups to a cloud provider.

6: Consider a utility that requires a PIN to access some apps. For example, the app for a terminal and other rooted apps on my Android phone is PIN protected, FB and other apps are under another PIN, etc... so if a bad guy gets the phone while its unlocked, they might have access to the Web browser, but not the other parts. If they reboot the phone, they are faced with a very long /data encryption password as stated in #1.
Medicine

Child Psychotherapist: Easy and Constant Access To the Internet Is Harming Kids 353

Posted by samzenpus from the there's-something-wrong-with-my-brain dept.
First time accepted submitter sharkbiter sends note that one of the UK's foremost psychotherapists has concerns that smartphones may be harmful to the mental health of children. "Julie Lynn Evans has been a child psychotherapist for 25 years, working in hospitals, schools and with families, and she says she has never been so busy. 'In the 1990s, I would have had one or two attempted suicides a year – mainly teenaged girls taking overdoses, the things that don't get reported. Now, I could have as many as four a month.'.... Issues such as cyber-bullying are, of course, nothing new, and schools now all strive to develop robust policies to tackle them, but Lynn Evans’ target is both more precise and more general. She is pointing a finger of accusation at the smartphones - “pocket rockets” as she calls them – which are now routinely in the hands of over 80 per cent of secondary school age children. Their arrival has been, she notes, a key change since 2010. 'It’s a simplistic view, but I think it is the ubiquity of broadband and smartphones that has changed the pace and the power and the drama of mental illness in young people.'”
Programming

A Software Project Full of "Male Anatomy" Jokes Causes Controversy 765

Posted by samzenpus from the can't-we-all-just-get-along? dept.
An anonymous reader writes with the story of a Github user's joke repository that is causing some controversy. "There's no question that the tech world is an overwhelmingly male place. There's legit concern that tech is run-amok with 'brogrammers' that make women programmers feel unwelcome. On the other hand, people just want to laugh. It's at that intersection that programmer Randy Hunt, aka 'letsgetrandy' posted a 'project' earlier this week to software hosting site GitHub called 'DICSS.' The project, which is actual free and open source software, is surrounded by geeky jokes about the male anatomy. And it's gone nuts, so to speak, becoming the most trending project on Github, and the subject of a lot of chatter on Twitter. And, Hunt tells us, the folks at Github are scratching their heads wondering what they should do about it. Some people love DICSS ... and some people are, understandably, offended. The offended people point out that this is exactly the sort of thing that makes tech unwelcoming to women, and not just because of the original project, but because of some of the comments (posted as "commits") that might take the joke too far."
Government

WHO Report Links Weed Killer Ingredient To Cancer Risk 179

Posted by samzenpus from the what's-to-blame dept.
An anonymous reader sends word that a common weed killer may cause cancer according to the World Health Organization. "The world's most widely used weed killer can 'probably' cause cancer, the World Health Organization said on Friday. The WHO's cancer arm, the International Agency for Research on Cancer, said glyphosate, the active ingredient in Roundup and other herbicides, was 'classified as probably carcinogenic to humans.' It also said there was 'limited evidence' that glyphosate was carcinogenic in humans for non-Hodgkin lymphoma." Unsurprisingly, Monsanto, Roundup's manufacturer disagrees saying there is no evidence to support the findings and calls on WHO to hold a meeting to explain their conclusions.

Slashdot Top Deals

The rule on staying alive as a forecaster is to give 'em a number or give 'em a date, but never give 'em both at once. -- Jane Bryant Quinn

Close