Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Submission + - Internet Explorer 8, 9, and 10 Reach End-of-Life Next Week (thenextweb.com)

An anonymous reader writes: On Tuesday, January 12, Microsoft Internet Explorer 8, 9, and 10 will officially reach their end of life. A new patch going live soon will add a notification that nags users to upgrade. "What’s even bigger about the end of life for these versions is that this means Internet Explorer 11 is the last version of Microsoft’s old browser that’s left supported, as the company continues to transition customers to Edge on Windows 10."

Submission + - Drupal Update Process Flawed by Multiple Bugs, Attackers Can Take Over Sites

An anonymous reader writes: The Drupal CMS, a favorite with large enterprises, has a few bugs in its update process, affecting both the Drupal core update and its modules. The biggest flaw of the three discovered by IOActive researchers allows an attacker to take over the sites via poisoned updates. What's worse is that Drupal's team had known of this issue since 2012, but only recently reopened discussions on fixing the problem.

Submission + - IBM union calls it quits (computerworld.com)

dcblogs writes: A 16-year effort by the Communication Workers of America to organize IBM employees into a union is ending. The union's local, the Alliance@IBM, is suspending "organizing" efforts, and says its membership has been worn down by IBM's ongoing decline of its U.S. work force as it grows overseas. The union never got many dues-paying members, but its Website, a source of reports from employees on layoffs, benefit changes and restructuring, was popular with employees, a source of information for the news media, and a continuing thorn in the side of IBM.

Submission + - DaaS play brings Oracle into a cloud leadership role

Amanda Parker writes: Oracle has made its 96th acquisition, this time focusing on expanding its offerings in cloud marketing technology. AddThis offers sharing features that you will no doubt have seen on many sites, they allow you to share stories to sites such as Facebook and Twitter. The real benefit of this to Oracle is that AddThis has activity data for 1.9 billion monthly unique visitors and over 15 million mobile and desktop web domains. With Oracle saying that it will continue to serve AddThis customers, it means that Big Red will have access to a very large data source. This plays to the company's Data-as-a-Service business, selling anonymised data to help them run their marketing campaigns.

Submission + - Verizon launches auction to sell data centers (reuters.com)

operator_error writes: Verizon has now chosen to reverse "its strategy to expand in hosting and colocation services after it acquired data center operator Terremark Worldwide Inc in 2011 for $1.4 billion", and has "started a process to sell its data center assets".

The so-called 'colocation' portfolio up for sale includes 48 data centers, and generates annual earnings before interest, tax, depreciation and amortization of around $275 million.

The enterprise telecommunications industry has had to adapt in recent years to corporate customers seeking more sophisticated and cheaper offerings to manage their data. Verizon joins a host of its rivals in telecommunications who are shedding their data centers.

The article doesn't mention alternative, scalable, virtual machine technologies or companies with such a focus, like as Amazon, Xen, KVM, or VMware, but Slashdot readers might be able to draw such conclusions for themselves.

Submission + - New HTTPS Bicycle Attack Reveals Details About Passwords From Encrypted Traffic (softpedia.com)

campuscodi writes: Dutch security researcher Guido Vranken has published a paper [PDF] in which he details a new attack on TLS/SSL-encrypted traffic, one that can potentially allow attackers to extract some information from HTTPS data streams. Attackers could extract the length of a password from TLS packets, and then use this information to simplify brute-force attacks. The new HTTPS Bicycle Attack can also be used retroactively on HTTPS traffic logged several years ago. Hello NSA!

Submission + - How Outsourcing Companies Are Gaming the Visa System (nytimes.com)

shakah writes: Pretty straightforward summary of how the H-1B Visa system is working in the United States. Particularly interesting for me was this clarification on the argument that "VISA holders have to make prevailing wages, so they won't depress wages":

Under federal rules, employers like TCS, Infosys and Wipro that have large numbers of H-1B workers in the United States are required to declare that they will not displace American workers. But the companies are exempt from that requirement if the H-1B workers are paid at least $60,000 a year. H-1B workers at outsourcing firms often receive wages at or slightly above $60,000, below what skilled American technology professionals tend to earn, so those firms can offer services to American companies at a lower cost, undercutting American workers.


Comment Re:Keep Using EncFS (Score 1) 107

I must agree, EncFS is a great way to go. I use SSHFS with Ubuntu, and can simply mount any encrypted volume (including a remote volume) as a local PC disk. Here's a simple GUI tool for Ubuntu: http://www.libertyzero.com/GEn... I am pleased to have learned of Windows & OSX versions of the same thing today. Thanks!!!

Comment Re:StartSSL ? (Score 2) 97

Gotta agree, StartSSL has a serious business model that really does work in their best interest. Yeah, sure they give out free certs, until/unless you have the slightest 'professional' website, (like a portfolio site, with the sole intent of landing a job for example), and as others have pointed out, revocations cost more then a certificate from someone else to begin with.

Why is that part about revocations an issue in the first place you might ask? Because their poor user interface lead you to making a mistake that can only be done with a revocation, of course. Stay away from StartSSL and just pay good money for a cheap cert somewhere; a wildcard cert. if need be.

I learned this lesson the hard way *trying* to use StartSSL myself, and I have serious regrets having done so, especially after having to cough up all the documentation like a scan of my passport and more. You have been warned.

In contrast, the new service from 'Let's Encrypt' looks like a well-deserved breath of fresh air, and I can appreciate their list of business partners, especially EFF, the Mozilla Foundation, and the Linux Foundation.

Submission + - In Turnabout, Disney Cancels Tech Worker Layoffs (nytimes.com) 2

An anonymous reader writes: It was previously reported that Disney made laid-off workers train their foreign replacements. The New York Times reports that Disney has reversed its decision to layoff tech workers after it caused an uproar with the public, two investigations by the Department of Labor into outsourcing firms, complaints to the Justice department and calls for an investigation into the H-1B Visa program by Senator Bill Nelson.

Slashdot Top Deals

"Card readers? We don't need no stinking card readers." -- Peter da Silva (at the National Academy of Sciencies, 1965, in a particularly vivid fantasy)

Working...