Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×

Submission + - Jackson: Tech Diversity is Next Civil Rights Step

Submitted by theodp
theodp writes: Having seen this movie before, U.S. civil rights leader Rev. Jesse Jackson called on the Obama administration Monday to scrutinize the tech industry's lack of diversity. "There's no talent shortage. There's an opportunity shortage," Jackson said, calling Silicon Valley "far worse" than many others, such as car makers that have been pressured by unions. He said tech behemoths have largely escaped scrutiny by a public dazzled with their cutting-edge gadgets. Jackson spoke after meeting with Labor Secretary Tom Perez to press for a review of H-1B visas, arguing that data show Americans have the skills and should have first access to high-paying tech work. Jackson's Rainbow Push Coalition plans to file a freedom-of-information request next month with the EEOC to acquire employment data for companies that have not yet disclosed it publicly, which includes Amazon, Broadcom, Oracle, Qualcomm and Yelp. Unlike the DOL, Jackson isn't buying Silicon Valley's argument that minority hiring statistics are trade secrets. Five years after Google's HR Chief would only reassure Congress the company had "a very strong internal Black Googler Network" and its CEO brushed off similar questions about its diversity numbers by saying "we're pretty happy with the way our recruiting work," Google — under pressure from Jackson — fessed up to having a tech workforce that's only 1% Black, apparently par for the course in Silicon Valley.

Submission + - Is running mission-critical servers without a firewall a "thing"?

Submitted by Anonymous Coward
An anonymous reader writes: I do some contract work on the side (as many folks do), and am helping a client set up a new point of sale system. For the time being, it's pretty simple: selling products, keeping track of employee time, managing inventory and the like. However, it requires a small network because there are two clients, and one of the clients feeds off of a small SQL Express database from the first. During the setup the vendor disabled the local firewall, and in a number of emails back and forth since (with me getting more and more aggravated) they went from suggesting that there's no NEED for a firewall, to outright telling me that's just how they do it and the contract dictates that's how we need to run it. This isn't a tremendous deal today, but with how things are going odds are there will be e-Commerce worked into it, and probably credit card transactions.. which worries the bejesus out of me.

So my question to the Slashdot masses: is this common? In my admittedly limited networking experience, it's been drilled into my head fairly well that not running a firewall is lazy (if not simply negligent), and to open the appropriate ports and call it a day. However, I've seen forum posts here and there with people admitting they run their clients without firewalls, believing that the firewall on their incoming internet connection is good enough, and that their client security will pick up the pieces. I'm curious how many real professionals do this, or if the forum posts I'm seeing (along with the vendor in question) are just a bunch of clowns.

Submission + - Ford, GM Sued Over Vehicles' CD-R Ability To Rip Music To Hard Drive (computerworld.com)

Submitted by Lucas123
Lucas123 writes: The Alliance of Artists and Recording Companies is suing Ford and General Motors for millions of dollars over alleged copyrights infringement violations because their vehicles' CD-Rs can rip music to infotainment center hard drives. The AARC claims in its filing that the CD-R's ability to copy music violates the Audio Home Recording Act of 1992. The Act protects against distributing digital audio recording devices whose primary purpose is to rip copyrighted material. For example, Ford's owner's manual explains, "Your mobile media navigation system has a Jukebox which allows you to save desired tracks or CDs to the hard drive for later access. The hard drive can store up to 10GB (164 hours; approximately 2,472 tracks) of music." The AARC wants $2,500 for each digital audio recording device installed in a vehicle, the amount it says should have been paid in royalties.

Submission + - Malaysia flight MH17... not the first... probably not the last

Submitted by Flytrap
Flytrap writes: Whoever brought down the Malaysian airliner should be held accountable... But history shows us that geopolitics often overshadows accountability and very few of the parties responsible for such disasters are ever held accountable.

An article contrasting the downing of Malaysian Flight M17 (by forces still to be determined) with the downing of Korean Air Flight 007 by Soviet fighters and the downing of Iran Air Flight 655 by the USS Vincennes got me thinking about why the standards of accountability are so inconsistent.

The Independent catalogues 7 passenger planes that were shot down prior to Malaysian Flight M17 (I added 2 more for completeness). This article also raises questions about why some parties are able to get away with downing a civilian aircraft while some parties are held accountable (the article does not attempt to answer the question)
  • 1954. Cathay Pacific VR-HEU shot down by the People’s Liberation Army Air Force. Ten people on board were killed.
  • 1955. El Al Flight 402 shot down in Bulgarian airspace by two MiG-15 jets. Seven crew and 51 passengers were killed.
  • 1973. Libyan Airlines Flight 114 shot down by Israeli Phantom jet fighters. Only 5 survived of the 113 on board.
  • 1978. Korean Air flight 902 shot down by Soviet Sukhoi fighters after it violated Soviet airspace. Remarkably nearly all the passengers on board survived an emergency landing on a frozen lake. Two people were killed.
  • 1978. Air Rhodesia Flight RH 825 and Flight RH827 shot down by Zimbabwe People’s Liberation Army (Zipra) using ground-launched Stela missiles. 10 survivors were murdered at one of the crash sites, in the other none of the 59 passengers and crew survived.
  • 1980. Aerolinee Itavia Flight 870 brought down by a missile fired from French Navy aircraft over the Tyrrhenian Sea. All 77 passengers and 4 crew were killed.
  • 1983. Korean Air Flight 007 shot down by Soviet fighters after the pilot strayed into Soviet airspace. There were no survivors.
  • 1988. Iran Air Flight 655 shot down by the USS Vincennes using a surface-to-air missile while in Iranian territorial waters. All 290 passengers and crew were killed.
  • 2001. Siberia Airlines Flight 1812 shot down by the Ukrainian military over the Black Sea using a BUK S-200 missile. All 66 passengers and 12 crew members died.

The Russians, of course have their own take on this inconsistency, and one suspects that they are counting on a continuation of this practice, in the event that they may have had a hand in the downing of Flight M17. However, despite their obviously ulterior motives, they have a valid point, which other web sites are beginning to also pick up on.

Not withstanding what may have happened in the past, we should not let that get in the way of holding those who may be responsible for shooting down Flight M17 accountable, regardless of whether their act was deliberate or accident — when you wield weapons of that nature, one has to accept culpability for how they are used. The question for us, is: how do we do that when the standard of accountability set by prior incidents is so low and inconsistent and seems to be overshadowed by geopolitical agendas that make it hard to sift fact from fiction — Colin Powell's very detailed presentation to the UN security Council of fake made up evidence of Saddam Hussein's weapons of mass destruction, comes to mind.

Submission + - Man-made 'breathing' leaf is an oxygen factory (cnet.com)

Submitted by gardas
gardas writes: Royal College of Art graduate Julian Melchiorri has created the first man-made, biologically functional leaf that takes in carbon dioxide, water, and light and releases oxygen. The leaf consists of chloroplasts — the part of a plant cell where photosynthesis happens — suspended in body made of silk protein.

Submission + - Chinese government probes Microsoft over anti-monopoly issues

Submitted by DroidJason1
DroidJason1 writes: The Chinese government is investigating Microsoft for possible breaches of anti-monopoly laws, following a series of surprise visits to Redmond's offices in cities across China on Monday. These surprise visits were part of China's ongoing investigation, and were based on security complaints about Microsoft’s Windows operating system and Office productivity suite. Results from an earlier inspection apparently were not enough to clear Microsoft of suspicion of anti-competitive behavior. Microsoft's alleged anti-monopoly behavior is a criminal matter, so if found guilty, the software giant could face steep fines as well as other sanctions.

Submission + - Six Ways Big Telecom Tries to Kill Community Broadband

Submitted by Jason Koebler
Jason Koebler writes: Beyond merely staying out of each other's way in many big cities, ISPs have managed to throw up legal, logistical, and financial roadblocks at every turn to prevent municipally owned fiber networks from taking hold in many parts of the country.
The lobbying money is well-documented, but some of the other strategies, such as threatening to cut off business with companies who help build municipal fiber networks, are less known. Catharine Rice of the Coalition for Local Internet Choice, says there are at least six distinct tactics national telecom companies have perfected to do this.

Submission + - Are you being tracked by your phone's wifi?

Submitted by toshikodo
toshikodo writes: The authorities in the UK city of York are about to role out a system supplied by Purple Wifi that will, according to the BBC, track people as they move around the city using the mac address from the wifi pings received from their mobile phones. They claim that this tracking will be anonymous unless you sign up for their "free" wifi, but what if they have already obtained your mac address from some other source, say some hotel you stayed in two years ago? Will this really be anonymous, and is this something local government should ever be involved with?

Submission + - Old Apache Code at Root of Android FakeID Mess (securityledger.com)

Submitted by chicksdaddy
chicksdaddy writes: The Security Ledger reports that a four year-old vulnerability in an open source component that is a critical part of Android mobile OS leaves hundreds of millions of mobile devices susceptible silent malware infections. (https://securityledger.com/2014/07/old-apache-code-at-root-of-android-fakeid-mess/)

The vulnerability was disclosed on Tuesday (http://bluebox.com/news/). It affects devices running Android versions 2.1 to 4.4 (“KitKat”), according to a statement released by Bluebox. According to Bluebox, the vulnerability was found in a package installer in affected versions of Android. The installer doesn't attempt to determine the authenticity of certificate chains that are used to vouch for new digital identity certificates. In short, Bluebox writes “an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim.”

The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual ‘sandbox’ environments that keep malicious programs from accessing sensitive data and other applications running on the Android device.

In a scenario that is becoming all too common: the flaw appears to have been introduced to Android through an open source component — this time from Apache Harmony (http://harmony.apache.org/), an open source alternative to Oracle’s Java. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.

Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged.

Submission + - University of Michigan solar car wins fifth straight national title (mlive.com)

Submitted by Anonymous Coward
An anonymous reader writes: For the fifth consecutive year, the solar car team from the University of Michigan has won the American Solar Car Challenge. The event is an eight-day, 1,700-mile race with a total of 23 participating teams. The Umich victory comes in spite of a 20-30 minute delay when they had problems with the motor at the very beginning of the race. "They made the time up when team strategists decided to push the car to the speed limit while the sun was shining bright, rather than hold back to conserve energy." Footage of the race and daily updates on the car's performance are available from the team's website, as are the specs of the car itself. Notably, the current iteration of the car weighs only 320 pounds, a full 200 pounds lighter than the previous version.

Submission + - 35% of (American) Adults Have Debt "In Collections" 1

Submitted by meeotch
meeotch writes: According to a new study by the Urban Institute, 35% of U.S. adults with a credit history (91% of the adult population of the U.S.) have debt "in collections" — a status generally not acquired until payments are at least 180 days past due. Debt problems seem to be worse in the South, with states hovering in the 40%+ range, while the Northeast has it better, at less than 30%. The study's authors claim their findings actually underrepresent low-income consumers, because "adults without a credit file are more likely to be financially disadvantaged."

Oddly, only 5% of adults have debt 30-180 days past due. This latter fact is partially accounted for by the fact that a broader range of debt can enter "in collections" status than "past due" status (e.g. parking tickets)... But also perhaps demonstrates that as one falls far enough along the debt spiral, escape becomes impossible. Particularly in the case of high-interest debt such as credit cards — the issuers of which cluster in states such as South Dakota, following a 1978 Supreme Court ruling that found that states' usury laws did not apply to banks headquartered in other states.

Even taking into account the folks to lost a parking ticket under their passenger seat, 35% is a pretty shocking number. Anyone have other theories why this number is so much higher than the 5% of people who are just "late"? How about some napkin math on the debt spiral? (And unfortunately, cue the inevitable geek snobbery about how people in debt must be "idiots".)

Slashdot Top Deals

It is easier to write an incorrect program than understand a correct one.

Close