Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×

Submission + - Can a Mobile Game Diagnose Alzheimer's? (ieee.org)

Submitted by the_newsbeagle
the_newsbeagle writes: Currently, the best way to check if a person has a high likelihood of developing Alzheimer's is to perform a PET scan to measure the amount of amyloid plaque in his or her brain. That's an expensive procedure. But a startup called Akili Interactive says it has developed a mobile game that can identify likely Alzheimer's patients just by their gameplay and game results. The game is based on a neuroscience study which showed that multitasking is one of the first brain functions to take a hit in Alzheimer's patients. Therefore the game requires players to perform two tasks at the same time.

Submission + - US public's acceptance of scientific knowledge erratic | Ars Technica (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: The U.S. general population is often the butt of jokes with regard to their understanding of science. A survey by the Associated Press now shows just how arbitrary and erratic the public's dissent can be. 'The good news is that more than 80 percent of those surveyed are strongly confident that smoking causes cancer; only four percent doubt it. Roughly 70 percent accepted that we have a genome and that mental illness is seated in the brain; about 20 percent were uncertain on these subjects, and the doubters were few. But things go downhill from there. Only about half of the people accepted that vaccines are safe and effective, with 15 percent doubting. And that's one of the controversial topics where the public did well. As for humanity's role in climate change, 33 percent accepted, 28 percent were unsure, and 37 percent fell in the doubter category. For a 4.5-billion-year-old Earth and a 13.8-billion-year-old Big Bang, acceptance was below 30 percent. Fully half of the public doubted the Big Bang (PDF).'

Submission + - OpenSSL: The New Face Of Technology Monoculture (securityledger.com)

Submitted by chicksdaddy
chicksdaddy writes: In a now-famous 2003 essay, “Cyberinsecurity: The Cost of Monopoly” (http://cryptome.org/cyberinsecurity.htm) Dr. Dan Geer (http://en.wikipedia.org/wiki/Dan_Geer) argued, persuasively, that Microsoft’s operating system monopoly constituted a grave risk to the security of the United States and international security, as well. It was in the interest of the U.S. government and others to break Redmond’s monopoly, or at least to lessen Microsoft’s ability to ‘lock in’ customers and limit choice. “The prevalence of security flaw (sp) in Microsoft’s products is an effect of monopoly power; it must not be allowed to become a reinforcer,” Geer wrote.

The essay cost Geer his job at the security consulting firm AtStake, which then counted Microsoft as a major customer.(http://cryptome.org/cyberinsecurity.htm#Fired) (AtStake was later acquired by Symantec.)

These days Geer is the Chief Security Officer at In-Q-Tel, the CIA’s venture capital arm. But he’s no less vigilant of the dangers of software monocultures. Security Ledger notes that, in a post today for the blog Lawfare (http://www.lawfareblog.com/2014/04/heartbleed-as-metaphor/), Geer is again warning about the dangers that come from an over-reliance on common platforms and code. His concern this time isn’t proprietary software managed by Redmond, however, it’s common, oft-reused hardware and software packages like the OpenSSL software at the heart (pun intended) of Heartbleed.(https://securityledger.com/2014/04/the-heartbleed-openssl-flaw-what-you-need-to-know/)

“The critical infrastructure’s monoculture question was once centered on Microsoft Windows,” he writes. “No more. The critical infrastructure’s monoculture problem, and hence its exposure to common mode risk, is now small devices and the chips which run them," Geer writes.

What happens when a critical and vulnerable component becomes ubiquitous — far more ubiquitous than OpenSSL? Geer wonders if the stability of the Internet itself is at stake.

“The Internet, per se, was designed for resistance to random faults; it was not designed for resistance to targeted faults,” Geer warns. “As the monocultures build, they do so in ever more pervasive, ever smaller packages, in ever less noticeable roles. The avenues to common mode failure proliferate.”

Submission + - Crowd Funding Bug Bounties To Fix Open Source Insecurity? Don't Count On It. (veracode.com)

Submitted by chicksdaddy
chicksdaddy writes: The discovery of the Heartbleed vulnerability put the lie to the notion that ‘thousands of eyes’ keep watch over critical open source software packages like OpenSSL. In fact, some of the earliest reporting on Heartbleed noted that the team supporting the software consisted of just four developers – only one of them full time. (http://online.wsj.com/news/articles/SB10001424052702304819004579489813056799076)

To be sure, there are still plenty of examples of tightly monitored open source projects and real accountability. (The ever-mercurial Linus Torvalds recently made news by openly castigating a key Linux kernel developer Kay Sievers for submitting buggy code, suspending him from further contributions.) (http://lkml.iu.edu//hypermail/linux/kernel/1404.0/01331.html)

But how do poorer, volunteer-led open source projects improve accountability and oversight — especially in areas like security? Casey Ellis over at the firm BugCrowd has proposed a crowd-funded project to fund bug bounties (https://www.crowdtilt.com/campaigns/lets-make-sure-heartbleed-doesnt-happen-again/description) for a security audit of OpenSSL ($7,162 raised thus far, with a target of $100,000).

But a post on Veracode's blog doubts that offering fat purses for information on open source bugs will make much difference.

"A paid bounty program would mirror efforts by companies like Google, Adobe and Microsoft to attract the attention of the best and brightest security researchers to their platform. No doubt: bounties will beget bug discoveries, some of them important," the post reads. "But a bounty program isn’t a substitute for a full security audit and, beyond that, a program for managing OpenSSL (or similar projects) over the long term. And, after all, the Heartbleed vulnerability doesn’t just point out a security failing, it raises questions about the growth and complexity of the OpenSSL code base. Bounties won’t make it any easier to address those bigger and important problems."

In other words: finding bugs doesn't equate with making the underlying code more secure. That's a lesson that Adobe and Microsoft learned years ago (see Adobe's take on it from back in 2010 here: http://blogs.adobe.com/securit...).

What's needed is a more holistic approach to security that result in something like Microsoft's SDL (Secure Development Lifecycle) or Adobe's SPLC (Secure Product Lifecycle). That will staunch the flow of new vulnerabilities. Then investments need to be made to create a robust incident response and updating/patching post deployment. That's a lot to fit into a crowd-funding proposal — so it will need to fall to companies that rely on packages like OpenSSL to foot the bill (and provide the talent). Some companies, like Akamai, are already talking about that.

Submission + - How Apple's billion dollar sapphire bet will pay off (networkworld.com) 1

Submitted by alphadogg
alphadogg writes: Apple is making a billion dollar bet on sapphire as a strategic material for mobile devices such as the iPhone, iPad and perhaps an iWatch. Though exactly what the company plans to do with the scratch-resistant crystal – and when – is still the subject of debate. Apple is creating its own supply chain devoted to producing and finishing synthetic sapphire crystal in unprecedented quantities. The new Mesa, Ariz., plant, in a partnership with sapphire furnace maker GT Advanced Technologies, will make Apple one of the world’s largest sapphire producers when it reaches full capacity, probably in late 2014. By doing so, Apple is assured of a very large amount of sapphire and insulates itself from the ups and downs of sapphire material pricing in the global market.

Submission + - Sherpas Contemplate Strike after Everest Disaster

Submitted by Hugh Pickens DOT Com
Hugh Pickens DOT Com writes: Three days have passed since an avalanche killed at least 13 Sherpas as they carried gear for international expedition groups in the worst single-day death toll in the mountain’s history. Now the NYT reports that disappointed at the Nepali government’s offer of 40,000 rupees, or about $408, as compensation for the families of the dead, some Sherpas gathered at Everest’s base camp proposed a “work stoppage” that could disrupt or cancel the 334 expeditions planned for the 2014 climbing season and more than 300 Sherpas have signed a petition to the Nepalese government saying that Everest summit attempts should be suspended this year out of respect for the dead. They also asked the government — which takes in $3.3 million a year in Everest climbing fees alone — to increase work death benefits to $10,000 from the current $400, cover medical costs for injuries sustained while climbing and provide disability benefits. “Sherpas are the backbone of Mount Everest expeditions, but the government neglects them,” says Mingma Sherpa, a mountaineering entrepreneur.

The tension promises to heighten when groups of Sherpas plan to carry the bodies of their dead colleagues through the streets of Katmandu, Nepal’s capital. Members of the ethnic group are the backbone of the Himalayan adventure-tourism industry, where they work as guides, porters and climbers. Many of the international commercial teams still at the base camp are weighing whether to continue their push to the summit or abandon their expeditions. Everest is attracting more climbers each year, most of them members of groups that pay professional Western guides to lead them up the mountain. Clients prepare for months or years, often investing tens of thousands of dollars, and some experts said they would be unlikely to turn around. “I don’t think this is going to slow down the machine, which will escalate through May,” said David Roberts, a climber and the author of several books about climbing. “Even though it is the greatest tragedy in the history of Everest, right now at base camp they are saying, ‘This is a tragedy, but we have paid all this money to get here.’ ”

Submission + - Peoria Mayor Sends Police to Track Down Twitter Parodist (reason.com)

Submitted by rotorbudd
rotorbudd writes: Guess the good Mayor has never heard of the Streisand Effect.
The original Twitter account had a total of 50 followers. The new account has over 200
"Jim Ardis, mayor of Peoria, Illinois, ordered police to track down whoever was responsible for a parody Twitter account mocking him."

Submission + - Dropbox's acquisition strategy shows it isn't serious about being a platform (citeworld.com)

Submitted by backabeyond
backabeyond writes: Dropbox and Box have both talked about wanting to be seen as a platform where third-party developers can build related apps. But Dropbox has been on an acquisition tear, scooping up startups that add a bunch of new services to Dropbox. That's not particularly attractive for developers to see, since it shows that Dropbox could potentially decide to start offering services that are competitive to the developers who build on its platform. Box's acquisition strategy seems a lot more friendly to developers.

Submission + - VA Supreme Court Issues Ruling in Global Warming FOIA Case

Submitted by RoccamOccam
RoccamOccam writes: Unpublished data and records collected by university scientists is exempt from the Virginia Freedom of Information Act, the Virginia Supreme Court ruled, rejecting a request for former U-Va. professor Michael Mann's (of Hockey Stick fame) unpublished data.

Lawyers for U-Va. turned over about 1,000 documents , but withheld another 12,000 papers and e-mails, saying that work 'of a propriety nature' was exempt under the state’s FOIA law.

About the ruling, David Schnare, attorney for the plaintiff, said '[the Court] accepted U-Va.’s unsubstantiated fears that release of the e-mails would significantly chill intellectual debate and on that basis allowed U-Va. to continue to operate under a veil of secrecy that the citizens may not penetrate.'

Submission + - MIT Grad Students Declare War On The Power Brick (itworld.com)

Submitted by jfruh
jfruh writes: In the world of petty tech annoyances, laptop power bricks are among the most annoying: they either take the form of something big and heavy that gets tangled up underfoot, or a huge plug that blocks other outlets. A group of MIT grad students think they've found a better way, a slimmer, lighter alternative that includes a USB port as well that so you can charge your laptop and phone at the same time. They're crowdfunding the project on Kickstarter.

Submission + - Detroit: America's Next Tech Boomtown (itworld.com) 1

Submitted by jfruh
jfruh writes: Over the past few years, the growth rate in Detroit tech jobs has been twice the natural average. The reason is the industry that still makes Detroit a company town: U.S. automotive companies are getting into high tech in a big way, and need qualified people to help them do it. Another bonus: the rent is a lot cheaper than it is in San Francisco.

Submission + - Plant Breeders Release First 'Open Source Seeds' (npr.org)

Submitted by mr crypto
mr crypto writes: Ag with an OSS twist: "A group of scientists and food activists is launching a campaign Thursday to change the rules that govern seeds. They're releasing 29 new varieties of crops under a new "open source pledge" that's intended to safeguard the ability of farmers, gardeners and plant breeders to share those seeds freely."

Submission + - Does Heartbleed Disprove 'Open Source is Safer'? (datamation.com)

Submitted by jammag
jammag writes: "Almost as devastating is the blow Heartbleed has dealt to the image of free and open source software (FOSS). In the self-mythology of FOSS, bugs like Heartbleed aren't supposed to happen when the source code is freely available and being worked with daily. As Eric Raymond famously said, 'given enough eyeballs, all bugs are shallow'...Tired of FOSS's continual claims of superior security, some Windows and OS X users welcome the idea that Heartbleed has punctured FOSS pretensions. But is that what has happened?"

Slashdot Top Deals

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]

Close