Forgot your password?
typodupeerror

Comment: Re:They've obviously obfusticated the data, obviou (Score 1) 182

by NTT (#37605044) Attached to: SAIC Loses Data of 4.9 Million Patients

Retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure

-Who wants to bet that all you need to pull the data out is something like: dd if=/dev/tape | strings, perhaps with conv=ascii given to dd... and maybe gunzip or bunzip2. Sigh. Specific hardware: tape drive and a scsi card. Software: any recent unix would do. Knowledge of data structure: they obviously Huffman-coded all their SQL dumps, right? Haha.

I'd take that bet.

Its not Unix, its OpenVMS.
The software is written in MUMPS.
When code looks like this http://www.hardhats.org/history/chcs4.htm you certainly do need to have specific knowledge of the system and datastructure.

Again, assuming this is the old system that has been in place for 30+ years because with the new system all data is sent to DISA Alabama.

Comment: Why no encryption? This is why... (Score 1) 182

by NTT (#37603934) Attached to: SAIC Loses Data of 4.9 Million Patients

Speaking as a former sysadmin at an Army hospital...
The tapes in question were probably these: http://en.wikipedia.org/wiki/Digital_Linear_Tape
Running backups on a cluster of these babies: http://en.wikipedia.org/wiki/DEC_AlphaServer#AlphaServer_SC

This is essentially a 30 year old platform. Back then, nobody ever imagined identity theft would be such a problem or guessed there would be legislation for HIPPA/PII like we have today.

Linux

+ - First 3.0 Kernel Prepatch is out->

Submitted by mvar
mvar (1386987) writes "Linus has announced the availability of the 3.0-rc1 kernel prepatch: Yay! Let the bikeshed painting discussions about version numbering begin (or at least re-start). I decided to just bite the bullet, and call the next version 3.0. It will get released close enough to the 20-year mark, which is excuse enough for me, although honestly, the real reason is just that I can no longe rcomfortably count as high as 40. The whole renumbering was discussed at last years Kernel Summit, and there was a plan to take it up this year too. But let's face it — what's the point of being in charge if you can't pick the bike shed color without holding a referendum on it? So I'm just going all alpha-male, and just renumbering it. You'll like it. Now, my alpha-maleness sadly does not actually extend to all the scripts and Makefile rules, so the kernel is fighting back, and is calling itself 3.0.0-rc1. We'll have the usual 6-7 weeks to wrestle it into submission, and get scripts etc cleaned up, and the final release should be just "3.0". The -stable team can use the third number for their versioning."
Link to Original Source

Comment: Re:Registry (Score 1) 303

by Soko (#34344998) Attached to: New Windows Kernel Vulnerability Bypasses UAC

Really? Switching to text files would magically fix this??

This flaw is not related to how the registry is loaded and/or interpreted, actually it's not the fault of the registry at all - it's a kernel exploit. The mitigation is to tweak *permissions* on a couple of reg keys that should have been tightened up in the first place. It's akin to allowing SUID root on the sudoers file and a kernel vulnerability that allows $BAD_GUY to use that fact - it's not the file itself.

Whether the info is in a database of binary values or a database composed of text files laying around a hard disk is immaterial - the permissions to change said config info would have made this a non issue.

Yes, Microsoft have been idiots, but they are trying to clean up thier act. If you're going to dis them, dis them for missing the reg key permissions, not the registry itself - al much more valid argument.

Comment: I prefer printed and bound. With a side of modern. (Score 1) 390

by Soko (#31470182) Attached to: I prefer my (non-technical) books to be ...

The UI is simple and elegant - you need no help file in order to operate it. The DRM stops immediately after you pay for the book. If you take proper steps, it will be preserved for a very long time, with no worries as to whose digital format it's in. The device can work with the power of one candle. Printed and bound books are timeless.

That being said, I like electronic versions too - the speed at which they can be copied are unmatched, they go wherever you do fairly conveniently and can be updated very quickly. You can zoom in and make the text as big as you want. Annotation and quotation are a breeze.

The best of both worlds would be a hardcover book, with a sleeve on the inside cover that has a USB type device that you can get the contents digitally to whatever device you want. Hell - if Bluetooth gets cheap enough, you could get it wirelessly from the book itself.

Hey, a man can dream.

Comment: Re:This isn't a DOS attack. (Score 1) 292

by Soko (#29885129) Attached to: Facebook To Preserve Accounts of the Dead

Snuffing it on facebook before your time is not much of an issue, as they explicitly don't disable the account's ability to actually log in. If you wake up one day to find out you're dead, you can still log in, and that provides a pretty decent avenue for contesting the claim.

And I'd rather not go into how I know.

Lemme guess - You're Jesus and after Your resurrection Facebook screwed you over?

"Marriage is like a cage; one sees the birds outside desperate to get in, and those inside desperate to get out." -- Montaigne

Working...