Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Submission + - SPAM: Using Grype as an Admission Controller

Submitted by ghostoftiber
ghostoftiber writes: The grype admission controller attempts to enable security teams to become partners in the devsecops game.

Security has a big problem: On one hand, security teams are responsible for making everything secure. That's their job. But on the other hand, they need to somehow do that job while not being directly involved in the production of the code. That creates a very sticky wicket in the form of rigid policies, and usually means the security team is blamed for being inflexible, draconian, and rigid.

How can we empower the security team to have control, without causing them to become those blockers we all know and (don't) love? DevSecOps, of course!

In DevOps, we wouldn't traditionally say “well we do it that way because of corporate policy”. That's a bad solution, and it disempowers people to innovate and do their best work. We want people to innovate, and we want the corporate stuff to get out of their way so they can do awesome jobs and shine. The mechanism of communication and record in serious DevOps shops is the merge request, and so we need to bring the Security team to the table in a dynamic, yet secure way.
Link to Original Source

Comment Re:Hopefully they'll have better writers (Score 1) 162

by emag (#61830845) Attached to: 'Doctor Who' Showrunner Russell T. Davies To Return For Next Season

I have to agree... Jodie Whittaker seemed to get a rather raw deal in this. I really liked her in Broadchurch, but I can't help but feel the scripts she's been given, overall, for Doctor Who, have been mediocre at best, with all the brow-beating most of them seem to embrace. Somewhat like while I loved both the Moffatt and Chibnall scripts when they *weren't* showrunners, I pretty much hated their seasons *as* showrunners, maybe aside from Capaldi's run. I'm cautiously optimistic that any more NuWho under Davies will compare favorably with Tennant's tenure, which has been my favorite newer incarnation. Allonns-y!

Comment 1.6 light seconds? (Score 1) 353

1.6 light seconds is 298,052 miles or 479,668 kilometers for our metric buddies.

Halved (for the one way distance) is 149,026 mi or 239,834 km.

The circumference of the plant is 24,901 miles (40,075 km).

Were they working over a satellite in orbit halfway to the moon? What's going on here?

Comment RAID is not a backup! (Score 1) 165

by emag (#61812347) Attached to: What's the Best Ransomware Backup Solution: Disk or Tape?

It's 2021, and we still have to remind people that RAID is not a backup?!

Every time someone tells me tape is obsolete, and I should just use disks or The Cloud! to do backups, I ask how they intend to make offline backups of up to 3PB of data (it's about 1/3 that used currently, but increasing year on year, and I expect we'll top out in a few) that is currently air-gapped, with an off-site requirement. In terms of rack space, power, and cooling, we can't expand anymore. Tape (mix of LTO-5/6/7/8, currently) is about the only way we can meet our requirements.

In just terms of physical *weight*, disk is impossible. Imagine how much, say, 64 16TB HDDs weigh vs 87 LTO-8 tapes weigh (roughly 1PB each, ignoring the compression factor of 2.5x, which I never actually see), let alone physical volume... Add in the additional mechanical complexities of needing all the control hardware on-board with disk, and things like vibration during transport becomes a major thing.

Let's not forget that, many times in the past, HW RAID has been shown to be... less than ideal, shall we say. So much so, that I wouldn't trust HW RAID further than I can spit, and would rather rely on Linux SW RAID in terms of reliability. Tapes, I can pull as they fill up, and ship offsite. Drives in a RAID array have to all be pulled in tandem, or you break the array (and have to rebuild later, with its own plethora of problems), so it's still significantly less convenient. Space, as well... I can fit 80 12TB tapes in 4U, in an easy to access fashion, but putting 80 HDDs in the same amount of space (maybe outside a Petabox) isn't really doable, especially with power and cooling.

All in all, tape isn't going away anytime soon. Anyone who says otherwise is either deluded, inexperienced, or trying to up-sell something unfit to task...
The Media

Snopes.com Co-Founder Accused of Copying from Other Sites Without Attribution (buzzfeednews.com) 126

Posted by EditorDavid from the black-and-white-and-read-all-over dept.
The co-founder of the fact-checking website Snopes has been accused of publishing articles that are too accurate: copying text from other more authorative web sites.

Snopes.com describes them as "sentences or paragraphs from various news sites pasted into Snopes news stories without appropriate attribution." BuzzFeed News writes: A BuzzFeed News investigation has found that between 2015 and 2019, Mikkelson wrote and published dozens of articles containing material plagiarized from news outlets such as the Guardian and the LA Times. After inquiries from BuzzFeed News, Snopes conducted an internal review and confirmed that under a pseudonym, the Snopes byline, and his own name, Mikkelson wrote and published 54 articles with plagiarized material... BuzzFeed News found dozens of articles on Snopes' site that include language — sometimes entire paragraphs — that appear to have been copied without attribution from news outlets that include the New York Times, CNN, NBC News, and the BBC... Snopes's subsequent internal review identified 140 articles with possible problems and 54 that were found to include appropriated material...

"That was his big SEO/speed secret," said Binkowski, whom Snopes fired without explanation in 2018 (she currently manages the fact-checking site Truth or Fiction). "He would instruct us to copy text from other sites, post them verbatim so that it looked like we were fast and could scoop up traffic, and then change the story in real time. I hated it and wouldn't tell any of the staff to do it, but he did it all the time." Two other former employees also said that copying and rewriting content was part of Mikkelson's strategy for driving traffic to Snopes' site...
Thanks to Slashdot reader PolygamousRanchKid for submitting this story. BuzzFeed notes that Mikkelson himself had also begun using a pseudonym "intended to mislead the trolls and conspiracy theorists who frequently targeted the site and its writers." That byline linked to a satirical bio claiming that in 2006 they'd "won the Pulitzer Prize for numismatics" (coin collecting) and were "also the winner of the Distinguished Conflagration Award of the American Society of Muleskinners for 2005."

Snopes.com actually thanked BuzzFeed's reporter for letting them know, calling BuzzFeed's article "an example of dogged, watchdog journalism we cherish" (while adding "Our staff has moved quickly to fix the problem... Our reputation is dependent on our ability to get things right, and more importantly, to quickly correct the record when we are wrong.") Besides removing Mikkelson's purloined content (and preventing him, though he's still the site's co-owner, from publishing on it), Snopes.com says that in addition, "We will attempt to contact each news outlet whose reporting we appropriated to issue an apology."

In an interview with BuzzFeed News, Mikkelson attributed the unattributed sentence-copying to his lack of formal journalism experience. "I wasn't used to doing news aggregation. A number of times I crossed the line to where it was copyright infringement. I own that...."

I remember when Snopes.com was just an entertaining fringe web site debunking kooky claims turning up in forwarded emails or on Usenet. Was it a victim of its own success — drawn into the 24/7 news cycle, with its "race to be first"? Were they overwhelmed by the amount of misinformation being spread on social media that needed debunking? In a statement to BuzzFeed, Mikkelson had this to say: Snopes has grown beyond our roots as a "one-man band" website into a newsroom of dedicated, professional journalists who serve the public with trustworthy information. Thanks to their efforts, Snopes has published original reporting on the COVID-19 pandemic, the recent elections, Russian disinformation efforts and so much more. The last thing I ever wanted was to have my mistakes detract from their excellent work, and I'm doing everything I can to make it right.
And on Twitter, BuzzFeed's reporter added that "I don't like that this story is being weaponized by bad actors like Steve Bannon to unfairly and baselessly smear the work of Snopes' staff writers who do good work and had no part in this."
Transportation

Cathay Working On Single-Pilot System for Long-Haul (reuters.com) 94

Posted by msmash from the more-human-than-human-is-our-motto dept.
schwit1 writes: Cathay Pacific is working with Airbus to introduce "reduced crew" long-haul flights with a sole pilot in the cockpit much of the time, industry sources told Reuters. The programme, known within Airbus as Project Connect, aims to certify its A350 jet for single-pilot operations during high-altitude cruise, starting in 2025 on Cathay passenger flights, the sources said. High hurdles remain on the path to international acceptance. Once cleared, longer flights would become possible with a pair of pilots alternating rest breaks, instead of the three or four currently needed to maintain at least two in the cockpit. That promises savings for airlines, amid uncertainty over the post-pandemic economics of intercontinental flying. But it is likely to encounter resistance from pilots already hit by mass layoffs, and safety concerns about aircraft automation.
Education

Amazon Calls For Funding K-12 CS, Eyes $250M Seed Money From Congress 31

Posted by msmash from the more-human-than-human-is-our-motto dept.
theodp writes: The U.S. isn't producing nearly enough students trained in computer science to meet the future demands of the American workforce," lamented Amazon in a Friday press release, adding that it is "urging Congress and legislatures across the U.S. to support -- and fund -- computer science education in public schools." Well, the 'urging' seems to be working. On Friday, Representatives Barbara Lee (D-CA) and Chuck Fleischmann (R-TN) reintroduced the Computer Science for All Act (Amazon, Google, Facebook, and Microsoft all lobbied for the bill's predecessor, the CS for All Act of 2019), which provides $250 million in new grants to support a diverse 'tech pipeline' in pre-K through grade 12 education.

Amazon and Amazon-funded nonprofit Code.org were cited as the bill's 'supporting organizations' and quoted in Lee's accompanying press release for the legislation, which aims to improve equity in CS education. "We look forward to working with Representative Lee and the bill's cosponsors to meet these objectives," said Brian Huseman, VP of Public Policy for Amazon, which in 2017 curiously broke from other tech giants and stopped releasing the gender and racial data on its workforce it's required to report to the federal government. "Right now, there are over 400,000 open computing jobs in the United States," added Code.org CEO Hadi Partovi. "Frustratingly, only 47% of our public high schools teach computer science.

Slashdot Top Deals

A morsel of genuine history is a thing so rare as to be always valuable. -- Thomas Jefferson

Close