Forgot your password?
typodupeerror
NASA

The Sun Unleashes Coronal Mass Ejection At Earth 220

Posted by Soulskill
from the return-fire dept.
astroengine writes "Yesterday morning, at 08:55 UT, NASA's Solar Dynamics Observatory detected a C3-class flare erupt inside a sunspot cluster. 100,000 kilometers away, deep within the solar atmosphere (the corona), an extended magnetic field filled with cool plasma forming a dark ribbon across the face of the sun (a feature known as a 'filament') erupted at the exact same time. It seems very likely that both eruptions were connected after a powerful shock wave produced by the flare destabilized the filament, causing the eruption. A second solar observatory, the Solar and Heliospheric Observatory, then spotted a huge coronal mass ejection blast into space, straight in the direction of Earth. Solar physicists have calculated that this magnetic bubble filled with energetic particles should hit Earth on August 3, so look out for some intense aurorae — a solar storm is coming."
Bug

+ - Microsoft Issues Rush Patch for .LNK Shortcut Bug->

Submitted by suraj.sun
suraj.sun (1348507) writes "Microsoft has issued an "out of band" update to all versions of Windows to fix a critical vulnerability that has been exploited in the wild for over 2 weeks.

MS 10:046: Vulnerability in Windows Shell Could Allow Remote Code Execution-- addresses the vulnerability exploited by Stuxnet and other families of malware, described first by Belorussian security firm VirusBlokAda.

For most users, the update will be automatic via Windows Update, according to Microsoft.

The vulnerability is in the Windows Shell. It can allow remote code execution if the icon of a specially crafted shortcut is displayed.

PC Magazine: http://www.pcmag.com/article2/0,2817,2367282,00.asp

Microsoft: http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx"

Link to Original Source

Comment: Thumbs up for Fisma-Apps (Score 4, Insightful) 98

by Sub Zero 992 (#33049510) Attached to: LA's Move To Google Apps Slows As "Apps For Gov't." Announced

This is what you get, and what - currently - only very few federal agencies can afford:

An independent third party auditor issued Google Apps an unqualified SAS70 Type II certification. Google is proud to provide Google Apps administrators the peace of mind knowing that their data is secure under the SAS70 auditing industry standard.

The independent third party auditor verified that Google Apps has the following controls and protocols in place:

  • Logical security: Controls provide reasonable assurance that logical access to Google Apps production systems and data is restricted to authorized individuals
  • Privacy: Controls provide reasonable assurance that Google has implemented policies and procedures addressing the privacy of customer data related to Google Apps
  • Data center physical security: Controls provide reasonable assurance that data centers that house Google Apps data and corporate offices are protected
  • Incident management and availability: Controls provide reasonable assurance that Google Apps systems are redundant and incidents are properly reported, responded to, and recorded
  • Change management: Controls provide reasonable assurance that development of and changes to Google Apps undergo testing and independent code review prior to release into production
  • Organization and administration: Controls provide reasonable assurance that management provides the infrastructure and mechanisms to track and communicate initiatives within the company that impact Google Apps

http://www.google.com/apps/intl/en/government/trust.html

Sure, it comes with a risk (do you have multiple redundant and trunked high speed internet connections?) but also with enorous freeing of public funds.

In my view, a win.

Comment: Re:A solution in need of a problem? (Score 2, Informative) 178

by Sub Zero 992 (#32838386) Attached to: Free Clock Democratizes Atomic Accuracy

From TFA:

"The RADclock project (formerly known under 'TSCclock') aims to provide a new system for network timing within two years. We are developing replacements for NTP clients and servers based on new principles, in particular the need to distinguish between difference clocks and absolute clocks. The term RADclock, 'Robust Absolute and Difference Clock', stems from this. The RADclock difference clock, for example, can measure RTTs to under a microsecond, even if connectively to the time server is lost for over a week! "

ymmv

Comment: "freedom" (Score 5, Insightful) 249

by Sub Zero 992 (#31543246) Attached to: Free Software To Save Us From Social Networks

I am getting pretty tired of other people telling me what freedom should mean to me.

What freedom means to me, what I am frightened of and / or prepared to sacrifice is not a temporally static concept. 10 years ago I wouldn't even publish my mail address online. Now I have my entire cv on xing. These are rational decisions I made according to costs I perceive (correctly or not) with publishing personal information, or not.

Sure, some people make poor choices about publishing personal information (sexting, anyone?). But some times openness is an indicator for a "safe" society.

Just my thoughts.

Comment: Wrong approach (Score 5, Interesting) 314

by Sub Zero 992 (#31542852) Attached to: The Woes of Munich's Linux Migration

Well, they tried a horizontal migration strategy, moving from location to location and department to department. That meant the problems never stopped.

A better approach might have been to do a vertical top-down migration: Servers: first roll out a directory server infrastructure, then a CIFS strategy etc.; Clients: migrate away from MSIE / Active X, then to CUPS, then away from MS Office etc.. And then, finally, to change the desktop OS out from underneath.

A suggested strategy for those planning something similar: 1: migrate the server services (and create a shiny new unified and consistent infrastructure); 2: migrate the desktop apps to FOSS alternatives (chose apps which will work under your target desktop OS); 3: switch out the desktop OS for linux (the users retain the apps they have become used to).

Just my 0,02

Comment: Re:Not noted in statistics (Score 1) 378

by hkmwbz (#31542776) Attached to: Opera Sees "Dramatic" Rise From Microsoft's Ballot
It's too bad that those stats are completely unreliable. StatCounter reported a higher market share for Chrome when Chrome had 30 million users and Opera had 40 million users, and they are supposed to get it right this time? Hah. These stats sites clearly have a huge problem detecting Opera properly.

Comment: Re:A false choice, of course... (Score 1) 2044

by sweatyboatman (#31541746) Attached to: Health Care Reform

Are you familiar with the term Cognitive Dissonance? I am very interested in what you have to say, that's why I am continuing this conversation.

I would encourage you to try to accept that I am not trying to play gotcha here. I am not trying to win anything. I ask questions because I am trying to explain to you why your arguments aren't convincing to me. In the hope that you will be able to make your point of view clearer to me.

I fail to see your point. Most Americans believe grass is green.

You make the argument that the American public is happy with their health insurance. So why change it?

I make the point that the American public is not always the best judge of what's going on. And so a poll that says they're happy with their health-care doesn't mean much when we're talking about the system collapsing in the near future.

To further expand on that. I'd say that public opinion is what economists would call a lagging indicator. So it wont be until after collapse of health insurance in this country that public opinion turns from "Gee, my health care is alright." to "Holy CRAP! WHY DIDN'T SOMEONE DO SOMETHING TO AVERT THIS CRISIS!"

Which I would think my examples of the economy in 2007 and the Iraq War would help elucidate.

The idea behind health reform is to avoid the crisis by addressing the major systemic problems before they lead to a collapse.

Now, let's get to this other thing. You read my post and thought, "He's saying I am contradicting myself". But that's not what I am saying. I tried to clarify before, but that didn't work.

My point is not that your concerns aren't valid. It's that you present a collection of grievances as though they were a cohesive argument.

I've been in the health-care industry for over 20 years now. It needs reform. Fix the broken parts of it. Don't tear it down and rebuild it. I can tell you virtually all my peers (not all) feel the same. My job has me working with many doctors and nurses -- and virtually all feel the same.

so here you make an interesting statement that would have been a good place to start a conversation. with a little elaboration you might make a cohesive argument.

That elaboration should proceed from this statement:

It needs reform. Fix the broken parts of it

And you should elaborate on:
- what are the broken parts?
- how will fixing them resolve the never-ending spiral of higher medical costs?

But please do not use Tort Reform as the lynch-pin of your arguments. Knowing what I know, I cannot accept Tort reform as a solution.

The Congressional Budget Office is now estimating that limits on medical malpractice lawsuits -- reforms favored by many Republicans -- could save the government as much as $54 billion over the next 10 years.

The government spends about $2.5 trillion on health care every year.

You could further elaborate to answer these questions:
-What do your fixes do to reduce government over-spending on health care?
-What do your fixes do to help small businesses who can no longer afford to provide health-care to their employees?
-What do your fixes do for individuals who do not get insurance through their employer? And those who have pre-existing conditions?
-What do your fixes do for the 30 million uninsured (and many times more under-insured) citizens of this country whose numbers are likely to increase as insurance premiums rise?
-And finally, why is it only now, when major health reform appears possible that these minor changes are being championed? Couldn't these small changes have been implemented any time in the last 20 years? Why weren't they?

I would suggest reading "Constitutional Journal"

You work in the medical profession, please do not presume to have a better understanding of the Constitution than I do.

The process is supposed to be slow. Anyone with eyes can see the reason this particular bill is trying to get rammed down our throats is that the more time passes, the more "passions" cool and the less support it has.

Granted the process is supposed to be slow (not sure why we're talking about "passions" -- Clearly many people are passionate on all sides of most issues in Congress). But a year and a half of public debate, after 20 years of mostly ignoring the issue is "ramming it down your throat"?

So we agree that Congress moves slowly. But in your previous post you make the argument that Health Care is not broken because if it was, the Democrats would be able to rush through a fix. Your appeal to the Constitutional Journal appears to support my argument rather than yours.

Security

+ - Researchers Show Names are Weak Passwords->

Submitted by Sub Zero 992
Sub Zero 992 (947972) writes "Security researchers at Cambridge University have analysed Facebook's gigantic list of human names. We have known for many years that using password recovery questions such as "What is your pet's name?" are weak alternatives to real security. So the question is, what will replace passwords as authentication tokens?"
Link to Original Source

Comment: Re:not md5, bcrypt (Score 1) 259

by Sub Zero 992 (#29540995) Attached to: ISP Mistakenly Emails Customer Database To Thousands

Hi,

Well, the choice of algorithm is important. MD5 is a bad choice.

And yes you're right, if the password is weak, and the website provides no protection against brute force attacks over HTTP, then it remains a weak password. And resetting the password is a problem which has been mostly solved, you send the person a token by email or sms to their pre-validated account, with which they can create a new password.

Cheers

"Confound these ancestors.... They've stolen our best ideas!" - Ben Jonson

Working...