Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment: Apply the rules! (Score 1) 209

by gmccloskey (#38152584) Attached to: Ask Slashdot: Data Remanence Solutions?
Hi You don't specify which government, but let's assume it's one with an comprehensive information assurance policy. First things first. Find out who the technical authority for information assurance is in your country. Then find out what the official policy on erasing and destroying information assets are. This information may not be published, and you may need to be registered with the technical authority to access it. Then cross reference against the terms of the contract. Then do. To help you a little, most best practice policies describe a range of methods. The selection of which method depends on * the device used to hold the data - HDD, flash memory (multiple technologies), DRAM, etc * the classification / protective marking of the data (SECRET, TOP SECRET etc) * whether the device is being re-used (for new data) within the same secure facility where it was held originally, or is it being removed from that facility (for destruction) Removal methods vary from using certified data erasure products, to complete physical destruction via a specified and approved method. In any case, there will be a detailed procedure to follow, possibly also independent witnessing and certification of the destruction. In any case, there will be an explicit process to follow, as well as copious paperwork. Note the use of the phrase 'certified...products'. While tools such as DBAN may be effective, they are not approved and certified by your national technical authority for information assurance. Using a non-certified product is equivalent to using nothing, and there may be penalties if you claim to have followed the set process, but used such non approved tools. Your organisation should have an information security officer (or similar executive) who is responsible for this. Normally it is a pre-requisite to have such a professional as a pre-requisite to handling classified / protectively marked material in most countries. What you've discovered should really have been caught pre-contract signing, by your legal and/or commercial people. You need to talk to your bosses about this. Oversights such as this can destroy a business, both in terms of money and reputation. HTH g

+ - The Xbox 360 reset glitch hack - New Homebrew Hack->

Submitted by Anonymous Coward
An anonymous reader writes ""GliGli released a new hack to boot the Xbox360 into XeLL and thus run homebrew software on your console. It's is compatible with ALL dashboard version and ALL Slim and Fat (expect Xenon, Falcon support will follow later) models and is unpatchable via software updates by Microsoft." — www.xbox-scene.com"
Link to Original Source

Comment: Re:No sense at all (Score 4, Insightful) 400

by gmccloskey (#37127212) Attached to: UK Men Get 4 Years For Trying to Incite Riots Via Facebook
I think you are confusing some of the political unrest from the 80s with the self-serving mindless violence of recent weeks.
It is absolutely true to say that government cuts are affecting national and local funding for all citizens, and they are affecting deprived areas. However, these cuts have only come in to effect fully from April this year. The unemployment and illiteracy have been at those levels for a long time, including during the boom years of 1995-2005, and during the previous Labour administration. It is illogical to say that the currently limited impacts of the austerity measures are giving people cause to riot. If you look at the actual activity during the riots, it didn't include political protest, marches, speeches or any other normal signs of protest by ordinary people. It did include a relatively large number of groups causing criminal damage, violence and commiting flagrant acts of theft - typically of high value goods and big name brands. This was theft on a large scale, enabled by breakdown in normal social barriers.
The government is planning to reduce both front and back office police numbers, however these cuts have not taken place yet to any extent. Police numbers are at almost record levels. The police didn't retreat to protect stations, they deployed in the areas that they thought needed protection. However the mobile hoards, enabled by SMS and social networks, just moved to new sites, typically after a short skirmish. In short, asymmetric confrontation and overwhelming numbers. Once the scale of the problem was understood (a d a few politicians returned from holiday) they brought in an extra 16000 police for London alone - an increase of approximately 25% on the normal force. This managed to suppress most of the activity.
There are currently reportedly over 1000 people arrested, and the MPS have suggested that possibly another 2000 will be, once the CCTV and other evidence is analysed. This is hardly tiny by any one's measure.
As for brutal policing, the MPS have been negatively criticised for not being tough enough in the first few days, and they adjusted their tactics subsequently. They have not however used plastic bullets, water cannon, tear gas or any other large scale crowd suppression measures. This is not brutal. If you want to see 'firm' policing, ask the French.
As for fixing problems on the ground, the previous administration spent 10s of billions over more than a decade on enhanced social benefits and programmes for the disadvantaged. While it has doubtless helped many, it has also raised a generation that expects to live off the state, spurn education and employment, contribute nothing in return except vocal occasionally violent protest about how they are not provided enough.

Comment: Re:PNG? That photo size is huge. (Score 1) 128

by gmccloskey (#36268436) Attached to: CmdrTaco Visits Pixar
Not only is it a big ass PNG, it's also in AdobeRGB colourspace - so probably about .1% of the readership is actually able to see it correctly. and never mind cutting file size by 75%, try 90 or 95%, and that's without even touching the resolution. The only question is why he didn't go the whole hog with a 32-bit image instead of the paltry 8-bit option. (that last bit was sarcasm, or should I say the last 24 bots were sarcasm) Leading technology web site, eh? Remind me again of the relevance of slashdot, with stories regularly appearing a day or two days behind other sites, slashvertisements, and little in the way of original content. And I agree with the others, taking advantage of users' good will and giving nothing back is pretty weak.

Comment: Re:What kind of stupid question is this? (Score 1) 174

by gmccloskey (#35948768) Attached to: Does Wiretapping Require Cell Company Cooperation?
I really hope you're trying to be sarcastic or ironic - otherwise there isn't a clue stick big enough. The 'only way' isn't. There are several. All methods of interception require money, some require legislation and the rest require subterfuge and technical skill. In this case I imagine it's very simple. The state has a law saying it's legal for certain agencies to intercept calls in order to protect national security. The state's telecoms provider(s) purchase interception equipment from telecoms hardware providers. It gets plugged in and switched on. The state uses it. No conspiracy, no mad l33t skillz, no drama. Except possibly for the subjects/victims of the interception. For examples of legal intercept equipment, see http://www.google.co.uk/url?sa=t&source=web&cd=7&ved=0CEkQFjAG&url=http%3A%2F%2Fwww.cisco.com%2Fweb%2Fabout%2Fsecurity%2Fintelligence%2FLI-3GPP.html&ei=CWy3Td-NNZS1hAe6_8H3Dg&usg=AFQjCNGEKGTT3PTOMkB172TvxVlkqgMKZg or http://www.scribd.com/doc/49742557/50/Legal-Interception-Gateway-LIG There is of course the relatively recent case of illegal intercept, in Greece. There it came to light that politicians and other high profile figures had their mobils calls tapped. On investigation, one of the country's mobile providers found that someone had installed, configured and turned on the 'legal intercept' software/hardware to do the tapping. Here's the rub - it wasn't done by the government company or home intelligence service. So who did it and why?
Space

DARPA's New Hi-Tech Telescope 89

Posted by samzenpus
from the shiny-new-toys dept.
coondoggie writes "You can bet that if there are little red aliens running around on Mars, or spaceships patrolling other planets in our solar system for that matter, a recently powered-up telescope built by researchers at the Defense Advanced Research Projects Agency might just be able to see them. The Air Force, which operates the DARPA-developed Space Surveillance Telescope says the telescope's design, featuring unique image-capturing technology known as a curved charge coupled device system, as well as very wide field-of-view, large-aperture optics, doesn't require the long optics train of a more traditional telescopes."
Privacy

Canadian Judge Orders Disclosure of Anonymous Posters 250

Posted by timothy
from the or-you'll-get-a-mountie's-hoofprint dept.
debrain writes "The Globe and Mail is reporting that Google and a newspaper called The Coast must disclose all information they have about the identity of individuals who posted anonymous comments online about top firefighters in Halifax. The story in question is titled 'Black firefighters file human rights complaint,' and there are some heated opinions in the comments."
Image

Man Sues Neighbor Claiming Wi-Fi Made Him Sick 574

Posted by samzenpus
from the bad-waves dept.
OrangeMonkey11 writes "A Santa Fe man who claims to suffer from 'electromagnetic sensitivities' has sued his neighbor after she refused to stop using wireless devices. 59-year-old Arthur Firstenberg claims his sensitivity can be set off by cellphones, routers and other electronic devices. From the article: 'Firstenberg, 59, wanted Raphaela Monribot to limit her use of the devices. "I asked her to work with me," he said. "Basically, she refused." So he sued Monribot in state district court, seeking $530,000 in damages and an injunction to force her to turn off the electronics. "Being the target of this lawsuit has affected me very adversely," Monribot said Friday in response to e-mailed questions. "I feel as if my life and liberty are under attack for no valid reason, and it has forced me to have to defend my very basic human rights."'"

Comment: Re:TrueCrpt (Score 1) 51

by gmccloskey (#31464826) Attached to: UK Intel Agency's Missing Laptops Might Contain Sensitive Data

They have - by mandating that appropriate controls are implemented, including full disk encryption. See http://www.cabinetoffice.gov.uk/spf/sp4_isa.aspx - specifically requirement #40.

Truecrypt is not a product tested and approved by http://www.cesg.gov.uk/ so it can't be used for UK government business. If someone is willing to pony up the accreditation fees, and it passes, then it can be used.

These new UK gov regulations are interesting - they make specific nominated individuals in every government organisation personally responsible for data security - with penalties including fines and prison. Unsurprisingly, data security is now very heavily implemented and monitored.

Comment: Re:Should not be a problem... (Score 2, Insightful) 51

by gmccloskey (#31463720) Attached to: UK Intel Agency's Missing Laptops Might Contain Sensitive Data

All UK government devices storing information classified as RESTRICTED ( no US equivalent) must have two factor authentication, and full disk encryption using a FIPS140 certified product from a CESG-approved list. Anything carrying CONFIDENTIAL or SECRET has the same, plus additional techniques and handling protocols to ensure CIA (confidentiality, integrity, assurance). TOP SECRET isn't discussed in open forums.

This is a non story if they are accidental losses. All organisations, including those within and around the intelligence communities, lose assets. The real questions should be (1) was it accidental, (2) if not, who made the effort and (3) are you confident the systems in place will protect the information for long enough until its value decreases below the effort required to recover it.

  To be honest, the more pressing issue for ordinary citizens is not governments protecting or losing information about citizens, but private organisations.

Comment: Re:Highly sensitive data? (Score 1) 51

by gmccloskey (#31463624) Attached to: UK Intel Agency's Missing Laptops Might Contain Sensitive Data

This would be the UK that led the development of modern computing with the work of Alan Turing, led the development of the use of computers in industrial and military environments (Bletchley Park) and which dramatically shortened the second world war. This would be the UK that invented public key cryptography before the NSA. This would be the UK which developed working, scalable MIMD parallel processing (transputer) in the early 90s. Then there was the matter of Boole, who did some minor mathematical work. That UK.

PlayStation (Games)

US Air Force Buying Another 2,200 PS3s 144

Posted by Soulskill
from the quick-who-knows-a-good-ps3-flight-sim dept.
bleedingpegasus sends word that the US Air Force will be grabbing up 2,200 new PlayStation 3 consoles for research into supercomputing. They already have a cluster made from 336 of the old-style (non-Slim) consoles, which they've used for a variety of purposes, including "processing multiple radar images into higher resolution composite images (known as synthetic aperture radar image formation), high-def video processing, and 'neuromorphic computing.'" According to the Justification Review Document (DOC), "Once the hardware configuration is implemented, software code will be developed in-house for cluster implementation utilizing a Linux-based operating software."

Comment: re-order your priorities (Score 1) 1095

by gmccloskey (#30212982) Attached to: Geek Travel To London From the US — Tips?

Dude,
leave the laptop. you have two weeks in a new country / continent, why sit down with a laptop? If you want to email or blog, there are many internet kiosk/ cafe type places.

Seriously, leave it.

Two weeks is too long in London. Give yourself a day to get over jetlag, and 1-2 days to cover the major attractions. Then take the next ten days to travel around, and come back to london to a final sweep of interesting places, and get ready for the flight.

You can grab a train to Paris (France), and spend a day or two there - get another country in. Get a flight to Dublin, Cork or Belfast (45 mins) Yet another country.

Comment: Re:Cloud Computing(TM) (Score 2, Insightful) 264

by gmccloskey (#30192882) Attached to: Best Practices For Infrastructure Upgrade?

mod parent up.

The first step is to find out what the business wants, and how much it is willing to pay. THEN you go out to find out what tech is appropriate/affordable to do it.

Ask the heads of each office, and the main business managers what they want the tech to do now, in a year and in three years. Do you have a business continuity plan that has to be allowed for. If you don't have a BC plan, now's a good time to have one done, before you buy a load of kit that may not do the job.

Once you have a list of business needs, and put them in a prioritised list (again the managers set the priority), you go out and look at what can do the job. Assuming you find a reasonable solution within budget, you need to plan the migration.

Protip: do not attempt to migrate everything in one go. Do it in steps, with breaks in between.

Proprotip: whatever your migration, be able to revert to the original solution in less than 8 hours - ie one working day.

Migration is the biggest gotcha - plan, plan and plan again. Do a dry run. Start with the least critical services. You do have backups, right? Fully tested backups, from ground zero? You do have all your network and infrastructure accurately and completely mapped out, and all configuration settings / files stored on paper and independent machines?

Both arguments for VM and KISS have their place - only you can decide. But when you do decide, make sure it's based on evidence, and will end up making the business better.

Don't forget Total Cost of Ownership - the shiny boxes may run faster, but will you have to hire two more techs to keep them running, or a new maintenance contract?

Don't forget training - for you, your staff and the end users. If you're putting shiney newness in place, people will need to know how to use it, and do their jobs at least as quickly as on the old solution. No use putting in shiny web4.0 uber cloud goodness, if the users end up spending an hour doing a job that used to take 5 minutes, because they don't know how to use it properly, or the interface doesn't easily work with their business processes.

good luck

When you make your mark in the world, watch out for guys with erasers. -- The Wall Street Journal

Working...