Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Submission + - Rootkits: The next big security challenge

storagedude writes: Rootkits are becoming a critical security challenge, writes Henry Newman at Enterprise Storage Forum. The solution: a secure supply chain for firmware, and users need to be alert for any changes or insider threats.

'The only way I can see this working — and there is still risk — is if you have multiple employees inspecting the firmware to ensure it is indeed the manufacturer’s firmware. I would have at least two or more people get the firmware and validate the SHA256 hashes,' Newman writes.

Submission + - Object storage and POSIX should merge (

storagedude writes: Object storage’s low cost and ease of use have made it all the rage, but a few additional features would make it a worthier competitor to POSIX-based file systems, writes Jeff Layton at Enterprise Storage Forum. Byte-level access, easier application portability and a few commands like open, close, read, write and lseek could make object storage a force to be reckoned with.

‘Having an object storage system that allows byte-range access is very appealing,’ writes Layton. ‘It means that rewriting applications to access object storage is now an infinitely easier task. It can also mean that the amount of data touched when reading just a few bytes of a file is greatly reduced (by several orders of magnitude). Conceptually, the idea has great appeal. Because I'm not a file system developer I can't work out the details, but the end result could be something amazing.’

Submission + - Tech Vendors Say They Can Stop Hackers (

storagedude writes: A group of eleven tech vendors say they've developed a data infrastructure that can stop hackers in their tracks.

At the heart of the Multilevel Secure System (MLS) is a modified version of SELinux, with role-based access control with a policy for each role, so no one can get to the system root and the root can’t see user data. Policies are based on roles such as security admin, audit admin and sysadmin, and each file is tagged with a security level so some users can see it while others can’t.

Lockheed Martin, Seagate and Red Hat are among the vendors who developed the system, which was unveiled at last week's Geospatial Intelligence (GEOINT) conference in DC.

Submission + - Is The Era of Cheap Disk Storage Over? (

storagedude writes: Big Data, the Internet of Things and manufacturing and areal density limitations could combine to reverse the long-running trend of falling data storage prices, according to an article on InfoStor. With neither flash nor tape offering a viable alternative to bulk disk storage, users may have to turn to technologies such as deduplication, thin provisioning, RAID 1 and heat-assisted magnetic recording (HAMR) to meet demand.

Submission + - Is LTO tape on its way out? (

storagedude writes: With LTO media sales down by 50% in the last six years, is the end near for tape? With such a large installed base, it may not be imminent, but the time is coming when vendors will find it increaingly difficult to justify continued investment in tape technology, writes Henry Newman at Enterprise Storage Forum.

“If multiple vendors invest in a technology, it has a good chance of winning over the long haul,” writes Newman, a long-time proponent of tape technology. “If multiple vendors have a technology they’re not investing in, it will eventually lose over time. Of course, over time market requirements can change. It is these interactions that I fear that are playing out in the tape market.”

Submission + - No Easy Fix for Point-of-Sale Security (

poseur writes: Just about every retailer has experienced a data breach due to insecure point-of-sale systems. Why is PoS security so hard? Experts say it's a moving target. The good news, experts say, is that payment solutions like Apple Pay could render PoS systems largely obsolete.

Submission + - If your cloud vendor goes out of business, are you ready?

storagedude writes: With Amazon Web Services losing $2 billion a year, it’s not inconceivable that the cloud industry could go the way of storage service providers (remember them?). So any plan for cloud services must include a way to retrieve your data quickly in case your cloud service provider goes belly up without much notice (think Nirvanix). In an article at Enterprise Storage Forum, Henry Newman notes that recovering your data from the cloud quickly is a lot harder than you might think. Even if you have a dedicated OC-192 channel, it would take 11 days to move a petabyte of data – and that’s with no contention or other latency. One possible solution: a failover agreement with a second cloud provider – and make sure it’s legally binding.

Submission + - Blogger starts petition to fight data breaches

storagedude writes: A blogger is calling for an end to liability limits for companies that expose users' personal and financial information, saying that 'Only when the cost of losing data exceeds the cost of protecting data will anything likely change.'

Writing on InfoStor, Henry Newman said the security problem ‘is one hundred percent solvable with the right amount of motivation and the right amount of resources.’
His petition requests that if organizations with more than 1,000 employees fail to protect data, 'the organization becomes responsible for that loss with no exclusions and no liability limits.'

Submission + - Data archiving standards need to be future-proofed (

storagedude writes: Imagine in the not-too-distant future, your entire genome is on archival storage and accessed by your doctors for critical medical decisions. You'd want that data to be safe from hackers and data corruption, wouldn't you? Oh, and it would need to be error-free and accessible for about a hundred years too. The problem is, we currently don't have the data integrity, security and format migration standards to ensure that, according to Henry Newman at Enterprise Storage Forum. Newman calls for standards groups to add new features like collision-proof hash to archive interfaces and software.

'It will not be long until your genome is tracked from birth to death. I am sure we do not want to have genome objects hacked or changed via silent corruption, yet this data will need to be kept maybe a hundred or more years through a huge number of technology changes. The big problem with archiving data today is not really the media, though that too is a problem. The big problem is the software that is needed and the standards that do not yet exist to manage and control long-term data,' writes Newman.

Submission + - TrueCrypt gets a new life, new name (

storagedude writes: Amid ongoing security concerns, the popular open source encryption program TrueCrypt may have found new life under a new name, reports eSecurity Planet. Under the terms of the TrueCrypt license — which was a homemade open source license written by the authors themselves rather than a standard one — a forking of the code is allowed if references to TrueCrypt are removed from the code and the resulting application is not called TrueCrypt. Thus, CipherShed will be released under a standard open source license, with long-term ambitions to become a completely new product.

Submission + - The evolution of PTSD treatment since WWII

storagedude writes: In the course of writing an article on my father’s WWII experiences, it was interesting to note how PTSD treatment has evolved since then. For a crippling case of PTSD, my father received “sedation and superficial psychotherapy,” according to his military records, which seems to have been the standard practice of the day (and better than the lobotomies inflicted on roughly 2,000 soldiers).

Fast forward to today. A number of treatments have been developed that have had some success reducing the symptoms of PTSD. And a new book by former Washington Post Magazine editor Tom Shroder has noted some success from controlled treatment with psychedelic substances. PTSD is notoriously resistant to treatment, so it is encouraging to see new avenues explored, however taboo.

Submission + - Marten Mickos' Plan for OpenStack? Total Victory (

darthcamaro writes: Marten Mickos is not yet officially part of HP and it's OpenStack cloud (yet) but he will be soon. On Sept 11 Mickos' company Eucalyptus announced that it was being acquired by HP, though the deal has not yet officially closed. That's not stopping Mickos from making bold predictions about OpenStack — an effort that he has been a competitor against for most of the last four years. Speaking at the OpenStack Silicon Valley event Mickos laid out his plan

"For the last one and a half decades, I have been trying to reach full victory for open source," Mickos said.

Submission + - When Customer Dissatisfaction Is a Tech Business Model (

jammag writes: A new trend has emerged where tech companies have realized that abusing users pays big. Examples include the highly publicized Comcast harassing service call, Facebook "experiments," Twitter timeline tinkering, rude Korean telecoms — tech is an area where the term "customer service" has an Orwellian slant. Isn't it time customer starting fleeing abusive tech outfits?

Slashdot Top Deals

Make headway at work. Continue to let things deteriorate at home.