Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re: Multiple multi-million dollar satellites. (Score 2) 362 362

I talked to someone recently who lost a day of science data from a UAV because the Windows system driving the instrument decided to auto update while in the air with something like a 56kbps data rate.

I recently built a field instrument and made it Linux based specifically to prevent things like that, as well as to keep power and latency down by being able to kill unnecessary background tasks.

Comment: Re:So don't put warnings on the windshield. (Score 1) 195 195

Same in a car, or fighter jet for that matter: Want to see the time? Look at where the clock is. Want to see what radio station you're listening to? Look at where the tuner is. Want to see how much gas you've got? Look at where the fuel gauge is. This is constant-time lookup. If you have multifunction displays that *change* where these basic things are, now you've upped the cognitive load on the driver in that he now has to keep track of what state the display is in rather than just glancing in a well-remembered spot.

Ford did a pretty good job of this in the Cmax hybrids. The things you need to know to drive the car don't change location, and are the way they've been on cars forever. The speedometer is a big analog rotating needle, so you just have to glance at the needle position-- you don't have to evaluate numbers. The hybrid details are also displayed as analog dial information (using the LCD) to minimize mental processing. They're also in an unobtrusive side display of the driver's side triptych and you can choose from several default sets of details that all are consistent with showing the same information in the same way, but add new information if you pick the more detailed ones. The center console is for phone, entertainment system, climate, and nav, and can be controlled via the touchscreen, traditional controls that would be familiar if all you ever drove before is a car out of the 60s, or voice controls interchangeably. The more common things to adjust also have steering wheel controls, but it's all set up so the learning curve is easy and you can operate everything just fine with all the traditional controls.

But yeah. If you've got bells and whistles and distractions in your field of vision, of course it's unsafe. Most people are probably smart enough to ignore the popup message crap polluting automotive mutlifunction displays, by keeping their eyes up. If the crap follows them there, that's not an usafe display mechanism, that's unsafe human interface design. </rant>

that's what bugs me whenever I drive a prius- they decided to get creative and put things in non-standard positions, used digital displays where analog is faster to evaluate, put a whole bunch of distractive stuff in the driver's field of view, and made the front window small with huge pillars so it's hard to see out. It's a car that encourages people to drive badly.

Comment: Re:Head-Desk. (Score 1) 142 142

No, at least parts of the government require full disk encryption of all laptops, as well as fully encrypted, two-factor auth remote access. NASA implemented full disk encryption in a rush after a similar personnel data set was stolen from an unencrypted laptop in a car in DC.

Comment: Re:This (Score 4, Informative) 142 142

Two-factor authentication only means that in order to access the system you need two components, for example a Debit card and PIN, it doesn't necessarily limit access if you have those two components.

Other parts of the government already use more appropriate forms of two-factor authentication, generally smartcard badge+password, pin+rolling RSA key, or in some cases pin+password+rolling RSA key (not really more secure, and easier to forget pin+password). The badges and RSA keys have to be issued by the agency (and sometimes department) and synchronized-- I have a bag full of them from various agencies and aerospace companies and they're hard to keep track of. The badges are issued as a result of the whole background check process that was compromised and contain a hash of your fingerprints as well (some, though very few, computers have fingerprint readers). If they had implemented any of those, it's likely that the breach wouldn't have occurred. If, as you suggest, they had included access limits or almost any kind of access log checking, they could likely have detected and stopped a breach that was traceable to a forged/stolen credential as well.

Comment: Re:Just use OpenBSD, for crying out loud! (Score 1) 91 91

Is it possible to separate the fields of the SF-86 form so after they get OCR-ed, the physical documents (if any) go to a secure site [1], and if electronic, it gets printed out. Hard copies are useful for long term archiving.

If you're going through OPM you fill out the SF86 online on a system called eQIP-- you get a pdf at the end that you can print and keep, but they collect all the data electronically. No OCR involved.

eQIP has its own problems-- the default passwords for entry are based on data that anybody can look up about you. You're supposed to change them so that when you submit your stuff for reinvestigation you use passwords that you made up, but given that they have specific password requirements (3 passwords) and reinvestigation is every 5+ years, you might as well just bang on they keyboard and then ask for a password reset when it's time to do it again.

Comment: Re:Just use OpenBSD, for crying out loud! (Score 1) 91 91

As perpenso already noted-- you can move some of the data temporarily across the gap. Even whole files for people whose investigations are currently in progress. But given that reinvestigations are only every 5+ years, data that isn't immediately required can be isolated from the internet. In that case, if you suffer a data breach you still let out a bunch of confidential information on people, but you don't let *all* of it out on *everybody*. And some inputs to the database (e.g. invesitgation results that aren't needed for other investigators) can be swept to the isolated side on a regular basis.

Comment: Re:GOOD (Score 1) 173 173

"Most background information is not self-volunteered, it is gathered by FBI agents, etc., at their own discretion."

First, I'm not sure if this is correct. I'd be surprised if the FBI actually gathers info as part of clearance investigations, for instance.

But more importantly, the leak was SF86 data, right? That would be the forms, not every little detail of every mundane investigation.

The FBI doesn't do most of the investigations-- there are various investigating agencies and contractors depending on who you're going to do the cleared work for, but they do indeed do detailed investigations. I've been interviewed a few times for people's investigations, and mostly they ask benign things that you'd be willing to tell anyone (do you know about spouses/partners/dating habits, ever seen the person drink, ever seen them drunk, are they quiet vs. outgoing, do they overshare), but there are probably cases where they get into a lot of personal details if you give them something that might lead down a juicy path.

Comment: Re:Bah! Media! (Score 1) 173 173

What I don't understand is why you would record all this information.

After you've gathered the information (somehow) and you decide someone's clearance level, what's the point of keeping it? If you grant a certain clearance level, that means that the data is by definition uninteresting, because anything interesting means you won't get clearance.

So that the gov't can use it to blackmail you into compliance? At least that's how it probably started. I don't get the impression that they do a lot of that since Hoover went away, but they kept all the systems because that's how they always did it. Now it may come back to bite...

Comment: Re:Bah! Media! (Score 1) 173 173

A curious thing about the disclosures, is that your boss *doesn't* get the information that goes into the SF86 (at least if you're a contractor, may be different if you're a civil servant), only the government does. I never had a clearance, but know a lot of people who do, and it's not clear that you're required to disclose all the blackmailable things to the people you might be blackmailed with respect to (e.g. spouses), or just to the government. From what I can tell, I think it's just to the gov't. It seems very traceable to Hoover's FBI, where his personal goal seemed to be that he would get blackmail material for absolutely everyone he could so that he would have the ability to coerce people, rather than as the claimed prevention of blackmail by other parties.

I tend to agree that if you look at the process it does appear to be more of an ideological filter than real trust/security system.

Comment: Re:Bah! Media! (Score 1) 173 173

Though if you whip out a spliff in the interview and assure them that it's your last one, you probavly won't get the clearance.

Things like that always seemed like they should depend a lot on where/when you are-- I think in parts of the country and for people of certain ages if you *don't* do that you should probably be a little suspect.

Comment: Re:Bah! Media! (Score 2) 173 173

If you don't admit to a past drug problem and they find out about it, you don't get a clearance, or you lose it if you had it. If you tell the truth about it and it's in the past you probably will get a clearance. They ask about it on the SF85 (the form for non-sensitive positions) and people have been denied employment or fired for lying about it.

Comment: Re:competition is good but where does the money go (Score 1) 72 72

you want money you have to play live. the era of living off royalties, reselling your music in new formats and greatest hits collections is over

That era never existed for most artists, even large, well known ones. The money has always been in live shows, merch, and more recently licensing.

Comment: Re:No options. (Score 1) 229 229

Now consider the cable company. You want to add service? No problem--you can do that by yourself online. Want to cancel something or downgrade it? You *have* to call. Then you find that that part of the system is understaffed and it takes over an hour to do. Oh, and the cancellation is only open from 9-5, so I have to call during work. I kept a service at an old home for months (still owned it) after because I didn't have time to call to deal with it; only $20 a month for really cheap internet that was meant to tide over during a transition, but it shows how much hassle canceling can be.

Comcast was particularly evil about cancelling-- my mom was in competitive territory where she could have Comcast or WOW, and had signed up for a Comcast deal where she had no end of equipment trouble, and they would send her random stuff that she hadn't ordered. She died before the contract ran out and when I was managing her estate, they demanded that I come in to their office with the death certificate and letters of authority and wouldn't accept it by mail or give me a mailing address when I talked to them on the phone. I live 2000 miles away and was able to do the entire probate by mail and phone with the use of notaries and few medallion signature guarantees. *Every* other business and government entity was perfectly fine with mail (sometimes fax) and notaries or guarantees from my bank. Surprisingly, though, twitter shaming ended up working with comcast-- one tweet about it with details (because they can't hide it) and they gave me an email address to send details to and I got it worked out. Dealing with them was frustrating enough that I actually wrote to the FCC and my congress people to oppose the Comcast/TW merger.

Charter, on the other hand, has actually been pretty decent. I got them after PacBell was unable to make DSL work at my new house, and I've had very few problems. For a long time if I called them up for anything (add a service or ask a question) they'd actually offer to *lower* my rate and then backdate it 3 months. That happened several times. When I got my own cable modem it was no hassle to switch, and the few times I've had to go in for hardware swaps (e.g. to trade analog equipment for digital) there's been no more than one or two people in line. Last time I talked to them they said they'd stopped charging for the cable modems and I could switch back to one of theirs if I felt like it, or not. Recently I had problems due to rain (animals chewing on the cable insulation) and they sent someone out in the rain to fix it-- it took two trips because the pole access requires putting a ladder on a neighbors roof, but they were very easy to schedule with them and the neighbor. If they can buy TWC and make TWC be like the Charter I deal with (SoCal) it would actually be a good thing.

Comment: Re:What? (Score 1) 133 133

Portable power for a Wireless router. Take a router with you for tethering and range extension. The lighter socket in the car goes off with the key, but a 5V router can provide some run time for mobile road warriors.

My portable wireless router has a built in 6 Ah battery that can be used to charge other devices.

And the lighters/aux power in my car don't turn off til you open the door after you turn the key to off.

Comment: Re:I've never seen this use of powerpoint (Score 1) 327 327

I've seen it for lots of detailed technical meetings. But when it's useful, most of the slides are blank plus a title (and with the title removed if it gets in the way) with graphics of some sort (drawing, flowchart, photo, plot of actual data) pasted in and the only ppt features used are circles and arrows and text boxes for labels.

Work without a vision is slavery, Vision without work is a pipe dream, But vision with work is the hope of the world.