Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Comment: The cold hard reality is good agents not caught (Score 1) 102

by WillAffleckUW (#49622471) Attached to: How the NSA Converts Spoken Words Into Searchable Text

Anyone with a minimal level of training knows this, and uses methods that our intercepts won't catch.

We only catch the n00bZ.

And, in point of fact, the times we get people to give away things, they're not in the US, but in the Middle East (Saudi Arabia, Yemen, Pakistan mostly).

Intercepts in the US rarely catch anything useful, and have such a high level of red herrings we waste a lot of resources that would be otherwise used profitably overseas, not in the US itself.

Comment: Quick summary of the papers involved here. (Score 1) 200

The summary conflates two papers, a review paper in Science which summarizes the state of knowledge about fracking the Marcellus Shale (Vidic et al. 2013), and a study of an individual incident published this month in PNAS in which researcher purport to have found a single instance of minor contamination from a fracking well (Llewellyn et al. 2015). Neither paper is particularly damning or inflammatory, so at first blush it's not immediately obvious why the fracking PR flacks have gone to DEFCON 3 on this. The key is to read the review paper first. This is almost always the best way to start because review papers are supposed to give a full and balanced overview of the current state of scientific knowledge on a topic. TL;DR, I know, but stick with me for a few paragraphs and I think I can make the problem clear.

Vidic paints a rather favorable picture of the fracking industry's response to problems that have arisen during the fracking boom in the Marcellus shale. It absolves them of any responsibility for the infamous "burning tapwater" we've all seen in Youtube videos. It states they have been quick to respond to wastewater leaks and well blowouts before contamination could spread. It says the industry has redesigned wells in response to concerns that they might leak fracking water as they pass through the aquifer. And it says that fracking water that returns to the surface ("flowback") is treated and re-used for more fracking -- an expensive environmental "best practice".

Vidic does raise some important concerns, however, and the most important is this. At present recycling flowback into more fracking water is practical because production is booming. But at some point production will level off and begin to decline, and when that happens the industry will be producing more flowback than it can use economically. In Texas, where fracking was pioneered, flowback was disposed of in deep wells -- a process not without its drawbacks, but better than leaving the contaminated water on the surface. Pennsylvania doesn't have enough disposal capacity to handle today's flowback, which helps make recycling fracking water attractive at the present time.

We now have enough context to understand Llewellyn, and why Llewellyn is so upsetting to the industry. Llewellyn's paper documents a single instance of minor contamination which matched the chemical fingerprint of flowback from a nearby well. This contamination was well below a level that would be cause for any concern. Llewellyn concludes the most likely cause was a small spill from the flowback holding pit, although it can't rule out the possibility that the contamination occurred inside the well. Taken with the picture Vidic paints of an industry that is generally on top of stuff like this, the occurrence of a single mishap with negligible consequences is hardly damning. So why has the fracking industry unleashed its flying PR monkeys on this?

Because the fracking industry apparently has made no plans for when the day comes it can no longer recycle all the flowback it uses, and it doesn't want the public to think about that.

It would be sensible for them to prepare for the flowback problem now on the upswing of the boom, for the same reason the industry has been able to be so responsive to date: these are good times for the industry in the Marcellus Shale. They're flush. Although preparing for the problem now would be expensive, it wouldn't slow the boom appreciably, and it would add jobs. But... if the industry can kick the flowback can far enough down the road, we'll have to ask it to fix the problem while production and probably the regional economy is in decline. Doing something about the problem then will cost jobs and require money nobody will have.

  So if the industry isn't forced to do something about the looming problem soon, it will become politically if not financially impossible to make them do that ever. That's why the industry is allergic to the very mention that surface contamination from flowback is even possible. In the scheme of things the Llwewllyn incident is negligible, but when fracking starts producing more waste than the industry can use surface contamination is going to become a lot more common and a lot worse.

Vidic raises some other serious long term concerns. Nobody knows where most of the fracking water used goes. The geology of the area is complex enough, but it is further complicated by many old gas and oil wells, quite a few of which are not fully documented. Contamination of the aquifer is a quite plausible possibility that needs further scientific study -- study that has been hindered by lack of research funding and industry transparency. More research might lay this concern to bed; or it may require changes in the industry's operation. We don't know. But we do know that some day we'll have a wastewater problem, and if we wait to address that it will be politically impossible to do anything about.

CITATIONS

Vidic, R. D., et al. "Impact of shale gas development on regional water quality." Science 340.6134 (2013): 1235009.

Garth T. Llewellyn, Frank Dorman, J. L. Westland, D. Yoxtheimer, Paul Grieve, Todd Sowers, E. Humston-Fulmer, and Susan L. Brantley. "Evaluating a groundwater supply contamination incident attributed to Marcellus Shale gas development." PNAS 2015 ; published ahead of print May 4, 2015,

Comment: Why so difficult? (Score 2) 125

by Lumpy (#49622381) Attached to: USBKill Transforms a Thumb Drive Into an "Anti-Forensic" Device

Just set up a script on the machine looking for a specific USB device, start shutdown if the device is not present. This is pretty common stuff, hell my old Lenovo laptop has a smartcard slot in it that would do the same thing if the card was removed.

In fact if you look you can find the same thing all over the place for the last decade on many hacking sites, even back in the late 90's this kind of stuff was on the "scene" I had back to back modems in telcom rooms inside boxes that if the box was opened it dumped 110V into the modem logic boards so that when discovered they would self destruct.

Most "hackers" today probably dont even own a buttset.

Input Devices

The Challenge of Getting a Usable QWERTY Keyboard Onto a Dime-sized Screen 47

Posted by timothy
from the you-will-fail-at-that-task dept.
An anonymous reader writes: Researchers from Spain and Germany are building on Carnegie Mellon's work to attempt to create workable text-input interfaces for wearables, smartwatches and a new breed of IoT devices too small to accomodate even the truncated soft keyboards familiar to phone users. In certain cases, the screen area in which the keyboard must be made usable is no bigger than a dime. Of all the commercial input systems I've used, Graffiti seems like it might be the most suited to such tiny surfaces.

Comment: Re:No. (Score 2) 120

by mlts (#49622057) Attached to: Is It Worth Learning a Little-Known Programming Language?

On the other hand, once you learn a few programming languages, it becomes easier to know others, (assuming something that isn't completely different, such as a procedural language (C or Java) versus a functional programming language (Lisp, Scheme), versus assembly language.

If you know C, you can consult the camel and make functioning perl code. So, it might not hurt knowing a non mainstream language, and may not take too much of your time, relatively.

Programming

Is It Worth Learning a Little-Known Programming Language? 120

Posted by timothy
from the worth-it-to-whom? dept.
Nerval's Lobster writes: Ask a group of developers to rattle off the world's most popular programming languages, and they'll likely name the usual suspects: JavaScript, Java, Python, Ruby, C++, PHP, and so on. Ask which programming languages pay the best, and they'll probably list the same ones, which makes sense. But what about the little-known languages and skill sets (Dice link) that don't leap immediately to mind but nonetheless support some vital IT infrastructure (and sometimes, as a result, pay absurdly well)? is it worth learning a relatively obscure language or skill set, on the hope that you can score one of a handful of well-paying jobs that require it? The answer is a qualified yes—so long as the language or skill set in question is clearly on the rise. Go, Swift, Rust, Julia and CoffeeScript have all enjoyed rising popularity, for example, which increases the odds that they'll remain relevant for at least the next few years. But a language without momentum behind it probably isn't worth your time, unless you want to learn it simply for the pleasure of learning something new.

+ - Netflix Open-Sources Security Incident Management Tool->

Submitted by itwbennett
itwbennett writes: Netflix has released under an open-source license an internal tool it developed to manage a deluge of security alerts and incidents. Called FIDO (Fully Integrated Defense Operation), the tool is designed to research, score and categorize threats in order to speed up handling of the most urgent ones. FIDO is available on GitHub.
Link to Original Source

+ - The challenge of getting a usable QWERTY keyboard onto a dime-sized screen->

Submitted by Anonymous Coward
An anonymous reader writes: Researchers from Spain and Germany are building on Carnegie Mellon's work to attempt to create workable text-input interfaces [http://personales.upv.es/luileito/web/docs/papers/tinyqwerty-chi2015-preprint.pdf] for wearables, smartwatches and a new breed of IoT devices too small to accomodate even the truncated soft keyboards familiar to phone users. In certain cases, the screen area in which the keyboard must be made usable is no bigger than a dime.
Link to Original Source

+ - Bitcoin's Predecessors, Online Game Currencies, and What We Can Learn From Them

Submitted by HughPickens.com
HughPickens.com writes: Thomas Kim has an interesting paper at PLOS one that analyzes virtual currencies in online games that have been voluntarily managed by individuals since 1990s to study whether the recent price patterns and transaction costs of Bitcoin represent a general characteristic of decentralized virtual currencies. Kim's conclusions:

We find that more mature game currencies have a price volatility of one-third of that of Bitcoin, at a level similar to that of small size equities or gold. The decentralized structure of Bitcoin does not seem to be the cause of the recent price instability, as game currencies are also managed by non-government entities. We observe a similar price instability from the game currencies that are launched around the time when Bitcoin gained much of its current public attention (around the year 2011). The contrast between mature and newly introduced virtual currencies indicates that the Bitcoin price may stabilize over time.

The transaction costs of virtual currencies are sometimes lower than that of real currencies. With more competition among virtual currency exchanges, the transaction costs may drop further making virtual currencies a lower cost alternative to real currency transactions. Economists agree that a properly functioning currency should include a method of transaction, a unit of account, and store value (Yermack [3]). Bitcoin may meet the criteria if it can combine its low transaction costs with more stable prices.

However, there are a few caveats for our projection. Bitcoin is the first virtual currency that is attempting to substitute the role of real currencies. Until this point, other virtual currencies, like game currencies, remain as auxiliary currencies that aid in transactions that real currencies cannot easily do, such as transactions within an online game. Game currencies currently have considerable trading volume, but their role is tied to the gaming industry. It is difficult to estimate how widespread Bitcoin will be. Also, our analysis does not justify that virtual currencies should have greater value. A large volume of Bitcoin trading in these days is speculative trading, betting on the possible appreciation of Bitcoin prices. Speculative trades are necessary to discover the reasonable exchange rates of Bitcoin, but it is unknown when the market will reach the equilibrium. As we demonstrate from the comparison of exchanges with varying degrees of competition, various regulations imposed on Bitcoin exchanges may be a dragging factor in the price discovery process.

+ - Researcher: drug Infusion Pump is the 'least secure IP device' he's ever seen->

Submitted by chicksdaddy
chicksdaddy writes: This is a bad month for the medical equipment maker Hospira. First, security researcher Billy Rios finds a raft of serious and remotely exploitable holes in the company's MedNet software, prompting a vulnerability alert from ICS CERT. Now, one month later, ICS CERT is again warning of a "10 out of 10" critical vulnerability, this time in Hospira's LifeCare PCA drug infusion pump.(https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3459)

The problem? According to this report by Security Ledger (https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/) the main problem was an almost total lack of security controls on the device. According to independent researcher Jeremy Williams, the PCA pump listens on Telnet port 23. Connecting to the device via Telnet, he was brought immediately to a root shell account that gave him total, administrator level access to the pump without authentication. “The only thing I needed to get in was an interest in the pump,” he said.

Richards found other examples of loose security on the PCA 3: a FTP server that could be accessed without authentication and an embedded web server that runs Common Gateway Interface (CGI). That could allow an attacker to tamper with the pump’s operation using fairly simple scripts.

Also: The PCA pump stores wireless keys used to connect to the local (medical device) wireless network in plain text on the device. That means anyone with physical access to the Pump (which has an ethernet port) could gain access to the local medical device network and other devices on it.
The problems prompted Richards to call the PCA 3 pump “the least secure IP enabled device” he has ever worked with. (http://hextechsecurity.com/?p=123)

Hospira did not responded to requests for comment prior to publication.

Link to Original Source

+ - Is It Worth Learning a Little-Known Programming Language?->

Submitted by Nerval's Lobster
Nerval's Lobster writes: Ask a group of developers to rattle off the world’s most popular programming languages, and they’ll likely name the usual suspects: JavaScript, Java, Python, Ruby, C++, PHP, and so on. Ask which programming languages pay the best, and they’ll probably list the same ones, which makes sense. But what about the little-known languages and skill sets (Dice link) that don’t leap immediately to mind but nonetheless support some vital IT infrastructure (and sometimes, as a result, pay absurdly well)? is it worth learning a relatively obscure language or skill set, on the hope that you can score one of a handful of well-paying jobs that require it? The answer is a qualified yes—so long as the language or skill set in question is clearly on the rise. Go, Swift, Rust, Julia and CoffeeScript have all enjoyed rising popularity, for example, which increases the odds that they’ll remain relevant for at least the next few years. But a language without momentum behind it probably isn’t worth your time, unless you want to learn it simply for the pleasure of learning something new.
Link to Original Source
Security

USBKill Transforms a Thumb Drive Into an "Anti-Forensic" Device 125

Posted by timothy
from the content-scrambling-system dept.
Orome1 writes with a snippet from a report at net-security.org; a hacker going by Hephaestos has shared with the world a Python script that, when put on an USB thumb drive, turns the device in an effective kill switch for the computer to which it's plugged in. USBkill, as the programmer dubbed it, "waits for a change on your USB ports, then immediately kills your computer." The device would be useful "in case the police comes busting in, or steals your laptop from you when you are at a public library," Hephaestos explained.

Google News Sci Tech: SpaceX Dragon passenger capsule due to get key test - CNNMoney->

From feed by feedfeeder

CNNMoney

SpaceX Dragon passenger capsule due to get key test
CNNMoney
SpaceX plans a flight for its Dragon space capsule this week, a key step towards its plans to carry astronauts for NASA by 2017. The company run by Tesla Motors (TSLA) CEO Elon Musk is one of two companies working to develop the next generation of...
SpaceX Will Test Their Launch Abort System WednesdaySlate Magazine (blog)
SpaceX to test revolutionary Crew Dragon that will take astronauts to the ISS in ... Daily Mail
May 5, 2015 in News: Photos: Dragon prototype poised for abort testSpaceflight Now
Contra Costa Times-Ars Technica-Headlines & Global News
all 68 news articles

Link to Original Source

The clothes have no emperor. -- C.A.R. Hoare, commenting on ADA.

Working...