Forgot your password?
typodupeerror

+ - Australian law enforcement pushes against encryption, advocates data retention->

Submitted by angry tapir
angry tapir (1463043) writes "Australia is in the middle of a parliamentary inquiry examining telecommunications interception laws. Law enforcement organisations using this to resurrect the idea of a scheme for mandatory data retention by telcos and ISPs. In addition, an Australian peak law enforcement body is pushing for rules that would force telcos help with decryption of communications."
Link to Original Source

+ - OpenSSL: The New Face Of Technology Monoculture->

Submitted by chicksdaddy
chicksdaddy (814965) writes "In a now-famous 2003 essay, “Cyberinsecurity: The Cost of Monopoly” (http://cryptome.org/cyberinsecurity.htm) Dr. Dan Geer (http://en.wikipedia.org/wiki/Dan_Geer) argued, persuasively, that Microsoft’s operating system monopoly constituted a grave risk to the security of the United States and international security, as well. It was in the interest of the U.S. government and others to break Redmond’s monopoly, or at least to lessen Microsoft’s ability to ‘lock in’ customers and limit choice. “The prevalence of security flaw (sp) in Microsoft’s products is an effect of monopoly power; it must not be allowed to become a reinforcer,” Geer wrote.

The essay cost Geer his job at the security consulting firm AtStake, which then counted Microsoft as a major customer.(http://cryptome.org/cyberinsecurity.htm#Fired) (AtStake was later acquired by Symantec.)

These days Geer is the Chief Security Officer at In-Q-Tel, the CIA’s venture capital arm. But he’s no less vigilant of the dangers of software monocultures. Security Ledger notes that, in a post today for the blog Lawfare (http://www.lawfareblog.com/2014/04/heartbleed-as-metaphor/), Geer is again warning about the dangers that come from an over-reliance on common platforms and code. His concern this time isn’t proprietary software managed by Redmond, however, it’s common, oft-reused hardware and software packages like the OpenSSL software at the heart (pun intended) of Heartbleed.(https://securityledger.com/2014/04/the-heartbleed-openssl-flaw-what-you-need-to-know/)

“The critical infrastructure’s monoculture question was once centered on Microsoft Windows,” he writes. “No more. The critical infrastructure’s monoculture problem, and hence its exposure to common mode risk, is now small devices and the chips which run them," Geer writes.

What happens when a critical and vulnerable component becomes ubiquitous — far more ubiquitous than OpenSSL? Geer wonders if the stability of the Internet itself is at stake.

“The Internet, per se, was designed for resistance to random faults; it was not designed for resistance to targeted faults,” Geer warns. “As the monocultures build, they do so in ever more pervasive, ever smaller packages, in ever less noticeable roles. The avenues to common mode failure proliferate.”"

Link to Original Source

+ - Google breaks its own reCAPTCHA->

Submitted by ras
ras (84108) writes "Google researchers working on recognising street numbers for Street View pointed their creation at images generated by reCAPTCHA:

To further explore the applicability of the proposed system to broader text recognition tasks, we apply it to synthetic distorted text from reCAPTCHA. reCAPTCHA is one of the most secure reverse turing tests that uses distorted text to distinguish humans from bots. We report a 99.8% accuracy on the hardest category of reCAPTCHA.

"

Link to Original Source

+ - Microsoft Confirms It Is Dropping Windows 8.1 Support 1

Submitted by snydeq
snydeq (1272828) writes "Microsoft TechNet blog makes clear that Windows 8.1 will not be patched, and that users must get Windows 8.1 Update if they want security patches, InfoWorld's Woody Leonhard reports. 'In what is surely the most customer-antagonistic move of the new Windows regime, Steve Thomas at Microsoft posted a TechNet article on Saturday stating categorically that Microsoft will no longer issue security patches for Windows 8.1, starting in May,' Leonhard writes. 'Never mind that Windows 8.1 customers are still having multiple problems with errors when trying to install the Update. At this point, there are 300 posts on the Microsoft Answers forum thread Windows 8.1 Update 1 Failing to Install with errors 0x80070020, 80073712 and 800F081F. The Answers forum is peppered with similar complaints and a wide range of errors, from 800F0092 to 80070003, for which there are no solutions from Microsoft. Never mind that Microsoft itself yanked Windows 8.1 Update from the corporate WSUS update server chute almost a week ago and still hasn't offered a replacement.'"

Comment: Re:If you have to ask the question, the answer is (Score 1) 5

by stoborrobots (#46745225) Attached to: Do backups on Linux no longer matter?

To sum it up, if you don't realize that backups are needed...

He's saying that he realizes that backups are needed, but a core backup program has had the inability to restore from incremental backups for over 2 years, and no-one is screaming about it. So he's asking if everyone else is ignoring their backups.

Comment: Re:Oh great (Score 1) 64

by stoborrobots (#46745171) Attached to: Future Airline Safety Instructions Will Be Given By Game Apps

I fly between 4 and 6 sectors per month, on average. I can practically recite the various safety briefings for two different airlines, across 5 different aircraft types. Yes, I've heard them. Yes, I find it ridiculous that after 30 years of flying, I still have to listen to them telling people how to put on their seatbelt. And I'm certainly not a fan of blind adherance to authoritarian protocols.

However, I have had experience in designing risk minimisation procedures, and safety/security system design. And over the many flights I've been on, I've frequently thought about how I would re-design the process, if I was appointed benevolent dictator over the aviation industry.

Ultimately, the question is: what process will increase the chance that the average person on the average flight will do the right thing under emergency conditions? (With the secondary goal of providing the least annoyance to regular customers.)

* Some sort of opt-out for those who fly frequently on the same service? How would you record/manage it?

* Only taking new customers through the briefing? Now you have to do the spiel 25 times for 25 different passengers in different parts of the plane, rather than once for all 190 passengers.

* Pre-flight training? On that scale?

* Better designed spiels? What would need to be included? What could we take out?

* More detailed instructions? Then they'd be longer and even less interesting than at present...

* Humour? (Like the Independence Air celebrity safety briefings?)

And when I think through the options and all the implications, the best thing I can come up with amounts to little more than minor tweaking to the existing safety demonstration.

Comment: Re:Oh great (Score 1) 64

by stoborrobots (#46745123) Attached to: Future Airline Safety Instructions Will Be Given By Game Apps

Nothing I said is limited to landings on runways (other than my use of the phrase "touches down"). Yeah, my wording was a little sloppy, which made it sound like I was talking about a "taxiway fender-bender", but I meant in any situation where the pilot makes an unexpected landing, whether on land or water.

If the plane lands in a way which leads to the plane disintegrating, nothing will save you.

If the plane lands in a way which is unusual, but leaves large chunks of the plane undestroyed, following simple safety procedures will significantly reduce the amount of physical injury you experience.

The safety instructions contemplate the latter situation, not the former.

Comment: Re:Oh great (Score 5, Insightful) 64

by stoborrobots (#46722645) Attached to: Future Airline Safety Instructions Will Be Given By Game Apps

It's not like you're missing anything, if the plane comes crashing down having your tray table up won't safe you...

This is an example of where a lack of understanding of the risks involved leads to a lack of appreciation of the safety requirement.

You're right: in a "falling out of the air" crash where the aircraft is destroyed, having the tray table secured won't save you.

However, the vast majority of aircraft don't fall out of the sky.

Let's consider the real likely outcomes:

The plane touches down a little too fast, and decelerates particularly hard. Almost certainly all the passengers will survive. Having your tray table down allows it to fly upwards as a result of the braking force, hitting your chin on the way through and giving you either severe whiplash, a broken jaw, or a concussion. Having your tray table secured will ensure that none of those happen, and the worst possible outcome is moderate whiplash.

Similarly with having the seat back upright vs reclined: a passenger thrown forward as a result of the rapid deceleration is more likely to hit a reclined seat (which is thus closer to them) than an upright one.

Being in the brace position means that your body is as far forward as it physically can go, which reduces the likelihood that your head or arms are thrown forward into the seat in front.

The safety instructions are not there to help you survive a destructive crash, they're there to reduce the number of injuries you receive in a non-fatal crash.

+ - Feds want an expanded ability to hack criminal suspects' computers-> 1

Submitted by Advocatus Diaboli
Advocatus Diaboli (1627651) writes "What could go wrong?

"The U.S. Department of Justice is pushing to make it easier for law enforcement to get warrants to hack into the computers of criminal suspects across the country. The move, which would alter federal court rules governing search warrants, comes amid increases in cases related to computer crimes. Investigators say they need more flexibility to get warrants to allow hacking in such cases, especially when multiple computers are involved or the government doesn’t know where the suspect’s computer is physically located.""

Link to Original Source

+ - Google Sacrificed Innovation to Avoid Pissing Off Steve Jobs

Submitted by theodp
theodp (442580) writes "In addition to affecting one million employees, reports PandoDaily's Mark Ames, Apple and Google's wage-fixing cartel also sacrificed innovation so as not to anger Steve Jobs. "One the most interesting misconceptions I've heard about the 'Techtopus' conspiracy," writes Ames, "is that, while these secret deals to fix recruiting were bad (and illegal), they were also needed to protect innovation by keeping teams together while avoiding spiraling costs." Not so, argues Ames, who describes how Google cancelled plans to have former Apple employee Jean-Marie Hullot run a small engineering center in Paris after Jobs expressed his disapproval. A promise from Google Sr. VP of Knowledge Alan Eustace that "Jean-Marie will not be working on anything to do with cell phone handsets" wasn't good enough for Jobs, who told Eustace, "We’d strongly prefer that you not hire these guys [Hullot and his team]." Breaking the news to Hullot, Eustace wrote, "Steve is opposed to Google hiring these engineers. He didn't say why, and I don't think it is appropriate for me to go back for clarification. I can’t risk our relationship with Apple to make this happen over his objections." In a follow-up e-mail to Jobs, Eustace wrote, "Based on your strong preference that we not hire the ex-Apple engineers, Jean-Marie and I decided not to open a Google Paris engineering center. I appreciate your input into this decision, and your continued support of the Google/Apple partnership." Ames notes, "It's worth taking a moment to reflect, again, on what was happening here: in a field as critical and competitive as smartphones, Google's R&D strategy was being dictated, not by the company's board, or by its shareholders, but by a desire not to anger the CEO of a rival company." Jobs, who reportedly took glee in Google's only-too-eager termination of an employee who crossed his path, was apparently viewed as one not to be trifled with. Asked by lawyers last year to describe Steve Jobs' view on hiring in Silicon Valley, Google co-founder Sergey Brin responded, "I think Mr. Jobs' view was that people shouldn't piss him off. And I think that things that pissed him off were — would be hiring, you know — whatever.""

+ - Is There an Elegant Program?

Submitted by lxrslh
lxrslh (652069) writes "Since the dawn of computing, we have read about massive failed projects, bugs that are never fixed, security leaks, spaghetti code, and other flaws in the programs we use every day to operate the devices and systems upon which we depend. It would be interesting to read the code of a well-engineered, perfectly coded, intellectually challenging program. I would love to see the code running in handheld GPS units that first find a variable number of satellites and then calculate the latitude, longitude, and elevation of the unit. Do you have an example of a compact and elegant program for which the code is publicly available?"

Comment: Re: This is very exciting for indie devs (Score 1) 149

by stoborrobots (#46529253) Attached to: Unreal Engine 4 Launching With Full Source Code

I really don't know the indie game industry very well so I don't know what constitutes "mildly successful", but based on the numbers given, the break-even point is $5m-$10m (so that 5% is $250k-$500k)... So if your expected gross income from the game is less than $5 million, then this is a good deal, and if not, it's a bad deal.

Even if your expected gross is $10 million over the life of the game, if that's made up of $2 million a year for 5 years, this might be an attractive option given the following choices:

  • Spend $250,000 now, hope and pray that you make some money, gross $2 million in the first year (so that costed you 12.5%!!!!), then recoup the expense over the next few years, or
  • Spend $20 now, gross $2 million each year, then from that income spend $100,000 each year.

You end up spending more in the second situation, but you spend it after you've earned it, with the risk transferred to the vendor. Not always the right option, but often worth considering even if it's not the chosen path.

How much net work could a network work, if a network could net work?

Working...