Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - Serious Flaws Detected in Oracle Database, May Lead to Data Leaks (siliconangle.com)

KristenNicole writes: "Some serious flaws have been identified in older Oracle databases that could lead to data and security breach. As discovered in Oracle Database 11g Releases 1 and 2, the flaw leaves databases open by sending the session key to the client before authentication is fully completed, this leaves the session open to enabling an attacker to guess the password. The Register has reported on this issue and it looks like a bit of a doozy.

Read full article here: http://siliconangle.com/blog/2012/09/26/serious-flaws-detected-in-oracle-database-may-lead-to-data-leaks/#"


Submission + - Statistical tools for detecting electoral fraud (pnas.org)

RockDoctor writes: A recent paper published in PNAS describes statistical techniques for clearly displaying the presence of two types of electoral fraud — "incremental fraud" (stuffing of ballot boxes containing genuine votes with ballots for the winning party) and "extreme fraud" (reporting completely contrived numbers, typically 100% turnout for a vote-counting region, with 100% voting for the winning party). While the techniques would require skill with statistical software to apply in real time, the graphs produced in the paper provide tools for the interested non-statistician to monitor an election "live".

Examples are discussed with both "normal" elections, fraud by the techniques mentioned, and cases of genuine voter inhomogeneity.

Other types of fraud, such as gerrymandering and inhibiting the registration of minority voters, are not considered.

The paper is open access, so anyone with the technology to access it can read it.

Comment Re:Article has it Right (Score 3, Interesting) 480

Because, at that time I lacked the business acumen to take advantage of it... I had led the development of postscript based high resolution mapping and even got our agency to receive national awards for the work. My first inclination was to give lectures to other GIS-folk on how to do it themselves. My first presentation was 20 minutes of me talking as fast as I could and a room full of people who looked like a pterodactyl had just swooped over their heads... complete and utter incomprehension

At that point, other ArcInfo users started hiring me on contract to apply the methods to their systems, and even then I horribly undercharged them for the work and spent my own time training their people to take it over

That is to say, I had no idea on how to profit from my knowledge and I missed on out on a prime opportunity because of it

Comment Re:Article has it Right (Score 2) 480

I'll agree with you that obscure hacks suck, even more so when they are rife with regular expressions and scant man pages like awk and sed...

My approach was to do things in a repeatable manner so that the next time that I ran into the problem I already had a solution in my head that I could either apply directly, or extend in a common manner to handle the problem at hand. I can not tell you how much it pisses me off to have a single developer apply a different solution each time they run into the same problem... The big things (many to many relationships and cursor processing) took me a couple of week-long headaches to get a handle on, but the pain resulted in re-usable code that I would apply repeatedly (eventually I switched from Infos to pl/sql and started making my work more reusable with calls to stored procedures). Honestly, when I read my own code it might as well just be comments because it is based on an internal approach that I already understand. With larger teams I have had to write (and ask others to write) more universal comments, but at least I can communicate to them the reasons for the effort and the benefits that they will receive

I really do feel sorry for the person who ran into the first dynamic segmentation project that I worked up... But, that was what the 'jerk' me wanted to happen anyways

Comment Re:easy (Score 1) 480

That depends, do you see PT Barnum as a 'lying weasel' or the most successful entrepreneur of his age?

You and I might know that there is never enough bandwidth... but try explaining to an accountant, stock analyst or other such ROI-based thinker that they should spend a few billion on an international, built from the ground up, communications network. It is a hard sale...

However, get Mr Crowe to float an article in Wired magazine about what it would take to deliver a retina-resolution immersive environment to tens of millions of users and BANG, Level3 was the darling of its era (and still alive today at 1% of it peak stock value)

So there you go, the planet's biggest, baddest network was funded on PT Barnum-like premises... Was that a bad thing? Do you like leasing 10GB Ethernet links for the same cost of a T3 under ATT's reign? Could a bad-ass engineer in a white shirt, clip-on tie and pocket protector have done a better job of it?

So yeah, we definitely need the PT Barnums, in my mind the issue is communicating to BOTH sides that they really do need each other

Comment Re:Article has it Right (Score 3, Interesting) 480

I have been the jerk and karma has certainly made me pay

About 20 years ago I was working on GIS for a local government. The challenge was to present our Pavement Management System data (from a beloved DG Mini) on our spiffy new GIS system. I proposed using dynamic segmentation (new concept in ArcInfo 6) and set about learning what needed to be done. My boss assigned his bestest buddy to ride along on this and even split the coding responsibilities down the middle... The bestest buddy decided to work in awk and sed instead of the software tools that were part of ArcInfo... Pissed me off so much that I kept all documentation in my head and set about finding another job. When I left, it took them about three years to get back on track...

As luck would have it, I walked into a new job where people had been pulling the same stunt for the last decade. Every day of my life was debugging undocumented code and re-creating wheels. These days I invest a lot of time into cross training, documentation and making certain that my developers are happy

Comment Re:easy (Score 5, Insightful) 480

I got mine about 3 years ago, it is part of my transition from technical 'jerk' to affable manager

A 'good' businessman is part PT Barnum and part Blackbeard the pirate, it takes a lot of puffery and cut throat decision making to get a business afloat and frankly, 20 odd years of writing code and jockeying servers really had not prepared me for it.

As a technical person I was looked at as essential to the success of the company, but it was a bit of a risk to bring me into business meetings since I might quote something out of Alice in Wonderland, identify the immediate failings of our business plan or rant about the need to spend a bunch of money to shore up security before doing anything else... stuff that business-people would rather ignore once that they are in PT Barnum mode

My solution is a technical one... put your technical jerks in a DMZ, control your ports of access in and out of the DMZ, give them the resources that they need and (if you really want to trot them out in public) invest a few years in preparing them to be 'seen' by non-techies

BTW, if you really think that all of the 'jerks' are technical and not the business people, then you are missing out on the other half of the story

Comment New kind of ethics in town (Score 4, Interesting) 123

and that is called, 'returning shareholder value'

Car manufacturers have always allowed defective products into the field, as long as the costs (lawsuits, bad press) do not outweigh the benefits (PROFIT!)

Of course, they already have lawyers on retainer, and 'good relationships' with the media outlets, so that can cover most complaints by simply quashing them with legal briefs and keeping the complainants from ever getting media coverage

There was a long period of time when MS seemed to follow that model, but they seemed to have gotten on their game in the past few years, hopefully this is not a sign that they are falling back to the lowest level of service that they can give to security issues without getting sued

Comment Re:Not at all (Score 4, Interesting) 348

Sorry, your explanation does not explain that mid-western product 'Dry Aged Beef'

Apparently it is very common in the mid-west to take a perfectly fine piece of beef and leave it laying about in a cold room so that the connective tissue starts to rot and the beef becomes more tender and tasty (or so my friends from that region claim)

As to your taste-theory of spice... there is pretty clear historical record of traditional Pepper being used to spice rotting meat in Europe (and thus the popularity of foreign spices in that region, and the Spanish calling chiles, peppers to build up sales), but the high use of chiles in 'local' cultures may have more to do with the rush of endorphins that it creates than anything else

Comment Re:Not at all (Score 1) 348

I chose fresh chiles, because too many thai food places just pile a bunch of dried cayenne on top of an existing dish when you want it 'thai spicy' instead of cooking the dish from the ground up with fresh thai chiles

That said, I do some relatively evil things with the habanero and caribbean hot peppers that I grow at home. So far my favorite is to blend the fresh chiles with lime juice and salt until it is a liquid paste and keep it in the fridge to add to everything from store-bought salsa to home cooking


Submission + - Undertaking the excellent use of conversion software (aimersoft.com)

YWcVB2rdass12 writes: "Press Release (6th September, 2012): While a lot of people from across the world do not have any particular idea about the different kinds of conversion factors that are necessary in order for you to convert the necessary videos into a file format, it is necessary for you to undertake the use of a software. There are a variety of features that would be available to you, and then you need to get the help of good enough features that can help you to bring about the necessary functionality available to you. This way, you would definitely be able to go for the required amount of conversion, as well as the copying of material from one source of media to another. If you have downloaded material from the Internet that is in a very specific format, then you need the help of software that would be able to help you convert the different kinds of videos and movies into a format that would be able to provide you with the necessary amount of relief. With such things in context, it is necessary for you to undertake the use of getting to know on how to convert QuickTime movie to DVD.

In the specific context is that can help you to gain the required amount of importance, it is necessary, as well as helpful for you to get the best possible features and resources that can help you out in all sorts of circumstances. Underneath the various propositions and prospects that would be available to you, the fact remains that you would definitely be able to gain the required amount of advantage without having any sources of circumstances that can help you out. Taking such things into account, it can actually be a very good idea on your behalf to ensure that you would be able to achieve the success of the different kinds of conversion factors that are necessary for a person to get the desired benefits. Under such functionalities it is always important for you to undertake the use of MTS converter for Mac free. In this manner, you would definitely be able to procure the best possible solutions, and you would be able to find yourself watching videos.

In case you find that the search for the software is proving to be a much better option of you, it would be good of you to visit the website http://www.aimersoft.com/tutorial/burn-itunes-movie-to-dvd.html"


Submission + - Romney 1040 returns ransomed (pastebin.com)

An anonymous reader writes: Somebody has laid claim that US Presidential candidate Mitt Romney's tax records have been stolen and has sent encrypted copies to the campaigns with a letter starting a bidding war to release the keys or destroy them

"Failure to do this before September 28, the entire world will be allowed to view the documents with a publicly released key to unlock everything."

Are these just more campaign hijinks, or is it a chance to have your voice heard by paying to have the records released?


Submission + - Top 10 things to monitor on your MySQL (webyog.com)

An anonymous reader writes: Monitoring MySQL servers is no rocket science provided you know what to monitor. MySQL gives a comprehensive list of variables to check your server’s health and performance. Let me walk you through the crucial variables you should be monitoring. Lets assume that you have one or more MySQL servers, which have been setup and running fine. Here are the top 10 things to monitor on your MySQL

Submission + - Space Station Saved by a Toothbrush?

Hugh Pickens writes writes: "Denise Chow reports that two spacewalking astronauts successfully replaced a vital power unit on the International Space Station today, defeating a stubborn bolt that prevented the astronauts from properly installing the power unit on the ISS's backbone-like truss with the help of some improvised tools made of spare parts and a toothbrush. Astronauts Sunita Williams and Akihiko Hoshide started by removing the power box, called a main bus switching unit (MBSU), from where it had been temporarily tied down with a tether, then spent several hours troubleshooting the unit and the two bolts that are designed to secure it in place on the space station's truss. After undoing the bolts, the spacewalkers examined them for possible damage, and used improvised cleaning tools and a pressurized can of nitrogen gas to clean out the metal shavings from the bolt receptacles. "I see a lot of metal shavings coming out," Hoshide said as he maneuvered a wire cleaner around one of the bolt holders. Williams and Hoshide then lubricated a spare bolt and manually threaded it into the place where the real bolt was eventually driven, in an effort to ensure that the receptacle was clear of any debris. Then the two applied grease to the sticky bolt as well as extra pressure and plain old jiggling until finally 4½ hours into the spacewalk, Hoshide reported: "It is locked." When Hoshide reported that the troublesome bolt was finally locked into place, the flight managers erupted in applause while astronaut Jack Fischer at Mission Control told the astonauts "that is a little slice of awesome pie.""

Comment Re:ssh (Score 1) 132

Kind of a shaggy dog story there, the alternative shaggy dog story to yours is that (as of 1999, I'm old) the only way to make a Windows NT server meet B2 security requirements was to remove the network card, keyboard and monitor and keep the machine in a locked room with no physical access.

In context to the story, the thing that slays your dragon (complex passwords, etc) is a token system like openid, which is aided in great length by integrated private key exchanges

The push back that you will get at this point is from executives (OpenID is EXPENSIVE) and BOFHs (key exchanges make your head hurt), but it is always fun to torment those groups, particularly after you discover that some knucklehead has used your SAN to store DVDs on

Slashdot Top Deals

Never call a man a fool. Borrow from him.