Comment Re:At least its not Fetlife (Score 1) 25
For now maybe but they might be next, who knows?
Comment Re:Being paranoid (Score 1) 25
Maybe even personal data tied to an account should be encrypted by the account holder's password.
That would make it complicated to change the password wouldn't it? As a side effect, lose your password and you lose your data.
Submission + - Asteroid the size of a dwarf planet is lurking in our solar system (livescience.com)
fahrbot-bot writes: There's a giant asteroid somewhere out in the solar system, and it hurled a big rock at Earth. The evidence for this mystery space rock comes from a diamond-studded meteor that exploded over Sudan in 2008.
NASA had spotted the 9-ton (8,200 kilograms), 13-foot (4 meters) meteor heading toward the planet well before impact, and researchers showed up in the Sudanese desert to collect an unusually rich haul of remains. Now, a new study of one of those meteorites suggests that the meteor may have broken off of a giant asteroid — one more or less the size of the dwarf planet Ceres, the largest object in the asteroid belt — that formed in the presence of water under intermediate temperatures and pressures.
The mineral makeup of these space rocks offers clues about the "parent asteroid" that birthed a given meteor, researchers said in a statement.
NASA had spotted the 9-ton (8,200 kilograms), 13-foot (4 meters) meteor heading toward the planet well before impact, and researchers showed up in the Sudanese desert to collect an unusually rich haul of remains. Now, a new study of one of those meteorites suggests that the meteor may have broken off of a giant asteroid — one more or less the size of the dwarf planet Ceres, the largest object in the asteroid belt — that formed in the presence of water under intermediate temperatures and pressures.
The mineral makeup of these space rocks offers clues about the "parent asteroid" that birthed a given meteor, researchers said in a statement.
Submission + - Verizon's Nationwide 5G Can Be Slower Than Its LTE Network, Tests Show (theverge.com)
An anonymous reader writes: Verizon’s new nationwide 5G network is reportedly slower than its LTE network, to the point that users are apparently better off just disabling 5G entirely unless they’re near a mmWave network. The results come from testing done by PC Magazine’s Sascha Sagan, who points to Dynamic Spectrum Sharing, or DSS, as the culprit. The tech lets carriers run LTE and 5G networks side by side, which is useful if, like Verizon, you don’t yet have enough dedicated 5G spectrum. While the carrier has largely focused on its mmWave network until recently, it also has begun rolling out a mid-band nationwide 5G network, which promises to avoid mmWave’s range issues by using DSS. The only catch is that, with Verizon, it seems like this tech leads to worse performance in most cases for phones running in 5G mode.
The solution, at least for now, is to just turn 5G off if you’re a Verizon customer. If that has your concerned about speeds compared to your T-Mobile customer friends, don’t worry too much: in it’s nationwide speed test earlier this year, PC Magazine found that T-Mobile’s 5G can often still be slower than Verizon’s LTE, even though it uses dedicated 5G bands. That same nationwide test also revealed that AT&T’s 5G can be slower than its LTE as well — which makes sense, given that it also uses the DSS technology for it’s 5G network. The results from PC Magazine were only done in New York City, so if you have a 5G phone on Verizon, it may be worth checking to see if you’re actually getting faster speeds with 5G on. If you’re not, it may be worth turning it off entirely for now. This is also likely just a temporary issue — as Verizon continues to add dedicated 5G spectrum, their speeds are going to improve.
The solution, at least for now, is to just turn 5G off if you’re a Verizon customer. If that has your concerned about speeds compared to your T-Mobile customer friends, don’t worry too much: in it’s nationwide speed test earlier this year, PC Magazine found that T-Mobile’s 5G can often still be slower than Verizon’s LTE, even though it uses dedicated 5G bands. That same nationwide test also revealed that AT&T’s 5G can be slower than its LTE as well — which makes sense, given that it also uses the DSS technology for it’s 5G network. The results from PC Magazine were only done in New York City, so if you have a 5G phone on Verizon, it may be worth checking to see if you’re actually getting faster speeds with 5G on. If you’re not, it may be worth turning it off entirely for now. This is also likely just a temporary issue — as Verizon continues to add dedicated 5G spectrum, their speeds are going to improve.
Submission + - Australia Declares Its National Broadband Network Is 'Fully Operational' (theregister.com)
An anonymous reader writes: Australia has declared its national broadband network (NBN) is “built and fully operational," ending a saga that stretches back to the mid-2000s. Minister for communications, cyber safety and the arts Paul Fletcher declared the build complete in a Wednesday statement that admitted 35,000 premises remain unable to connect to the network, but seeing as that number was over 100,000 in August 2020 and over 11.86 million premises have been wired, he’s happy to say the job’s been done.
The statement also pointed out that legislation governing the NBN build requires a declaration the job is done before December 31st. “New premises are being built all the time,” the minister said. “This means that there will always be a number of premises around Australia that are not yet ‘ready to connect.' The fact that there is a certain number of premises which are not ready to connect is not of itself evidence that the network cannot be treated as ‘built and fully operational.'" Thus ends a saga that began in the mid-2000s when Australia figured out that ubiquitous broadband access was a good idea. Dominant telco Telstra proposed to build the network and operate as both a wholesaler to rivals and a retailer, but as that arrangement had stifled competition for years the government of the day wasn’t keen on the idea. At the 2007 election the left-of-center Australian Labor Party swept to power in part due to its plans to build a fast national broadband network. That promise evolved into a commitment to build a fibre-to-the-premises (FTTP) network...
The statement also pointed out that legislation governing the NBN build requires a declaration the job is done before December 31st. “New premises are being built all the time,” the minister said. “This means that there will always be a number of premises around Australia that are not yet ‘ready to connect.' The fact that there is a certain number of premises which are not ready to connect is not of itself evidence that the network cannot be treated as ‘built and fully operational.'" Thus ends a saga that began in the mid-2000s when Australia figured out that ubiquitous broadband access was a good idea. Dominant telco Telstra proposed to build the network and operate as both a wholesaler to rivals and a retailer, but as that arrangement had stifled competition for years the government of the day wasn’t keen on the idea. At the 2007 election the left-of-center Australian Labor Party swept to power in part due to its plans to build a fast national broadband network. That promise evolved into a commitment to build a fibre-to-the-premises (FTTP) network...
Submission + - DHS Is Looking Into Backdoors in Smart TVs by China's TCL 2
chicksdaddy writes: The acting head of the U.S. Department of Homeland Security said the agency was assessing the cyber risk of smart TVs sold by the Chinese electronics giant TCL, following reports last month in The Security Ledger and elsewhere that the devices may give the company “back door” access to deployed sets, The Security Ledger reports. (https://securityledger.com/2020/12/dhs-looking-into-cyber-risk-from-tcl-smart-tvs/)
Speaking at The Heritage Foundation, a conservative think tank, Acting DHS Secretary Chad Wolf said that DHS is “reviewing entities such as the Chinese manufacturer TCL.” (https://www.dhs.gov/news/2020/12/21/acting-secretary-chad-f-wolf-remarks-prepared-homeland-security-and-china-challenge)
“This year it was discovered that TCL incorporated backdoors into all of its TV sets exposing users to cyber breaches and data exfiltration. TCL also receives CCP state support to compete in the global electronics market, which has propelled it to the third largest television manufacturer in the world,” Wolf said, according to a version of prepared remarks published by DHS. His talk was entitled “Homeland Security and the China Challenge.”
As reported last month (https://securityledger.com/2020/11/security-holes-opened-back-door-to-tcl-android-smart-tvs/), independent researchers John Jackson, (@johnjhacking) -an application security engineer for Shutter Stock – and a researcher using the handle Sick Codes (@sickcodes) identified and described two serious software security holes affecting TCL brand television sets and would allow an unprivileged remote attacker on the adjacent network to download most system files from the TV set up to and including images, personal data and security tokens for connected applications. The flaw could lead to serious critical information disclosure, the researchers warned.
Both flaws affect TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below, according to the official CVE reports. In an interview with The Security Ledger, the researcher Sick Codes said that a TCL TV set he was monitoring was patched for the CVE-2020-27403 vulnerability without any notice from the company and no visible notification on the device itself.
In a statement to The Security Ledger, TCL disputed that account. (https://securityledger.com/2020/11/tv-maker-tcl-denies-back-door-promises-better-process/) By TCL’s account, the patched vulnerability was linked to a feature called “Magic Connect” and an Android APK by the name of T-Cast, which allows users to “stream user content from a mobile device.” T-Cast was never installed on televisions distributed in the USA or Canada, TCL said. For TCL smart TV sets outside of North America that did contain T-Cast, the APK was “updated to resolve this issue,” the company said. That application update may explain why the TCL TV set studied by the researchers suddenly stopped exhibiting the vulnerability.
In his address on Monday, Acting Secretary Wolf said the warning about TCL will be part of a broader “business advisory” cautioning against using data services and equipment from firms linked to the People’s Republic of China (PRC).
This advisory will highlight “numerous examples of the PRC government leveraging PRC institutions like businesses, organizations, and citizens to covertly access and obtain the sensitive data of businesses to advance its economic and national security goals,” Wolf said.
“DHS flags instances where Chinese companies illicitly collect data on American consumers or steal intellectual property. CCP-aligned firms rake in tremendous profits as a result,” he said.
Speaking at The Heritage Foundation, a conservative think tank, Acting DHS Secretary Chad Wolf said that DHS is “reviewing entities such as the Chinese manufacturer TCL.” (https://www.dhs.gov/news/2020/12/21/acting-secretary-chad-f-wolf-remarks-prepared-homeland-security-and-china-challenge)
“This year it was discovered that TCL incorporated backdoors into all of its TV sets exposing users to cyber breaches and data exfiltration. TCL also receives CCP state support to compete in the global electronics market, which has propelled it to the third largest television manufacturer in the world,” Wolf said, according to a version of prepared remarks published by DHS. His talk was entitled “Homeland Security and the China Challenge.”
As reported last month (https://securityledger.com/2020/11/security-holes-opened-back-door-to-tcl-android-smart-tvs/), independent researchers John Jackson, (@johnjhacking) -an application security engineer for Shutter Stock – and a researcher using the handle Sick Codes (@sickcodes) identified and described two serious software security holes affecting TCL brand television sets and would allow an unprivileged remote attacker on the adjacent network to download most system files from the TV set up to and including images, personal data and security tokens for connected applications. The flaw could lead to serious critical information disclosure, the researchers warned.
Both flaws affect TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 V373 and below, according to the official CVE reports. In an interview with The Security Ledger, the researcher Sick Codes said that a TCL TV set he was monitoring was patched for the CVE-2020-27403 vulnerability without any notice from the company and no visible notification on the device itself.
In a statement to The Security Ledger, TCL disputed that account. (https://securityledger.com/2020/11/tv-maker-tcl-denies-back-door-promises-better-process/) By TCL’s account, the patched vulnerability was linked to a feature called “Magic Connect” and an Android APK by the name of T-Cast, which allows users to “stream user content from a mobile device.” T-Cast was never installed on televisions distributed in the USA or Canada, TCL said. For TCL smart TV sets outside of North America that did contain T-Cast, the APK was “updated to resolve this issue,” the company said. That application update may explain why the TCL TV set studied by the researchers suddenly stopped exhibiting the vulnerability.
In his address on Monday, Acting Secretary Wolf said the warning about TCL will be part of a broader “business advisory” cautioning against using data services and equipment from firms linked to the People’s Republic of China (PRC).
This advisory will highlight “numerous examples of the PRC government leveraging PRC institutions like businesses, organizations, and citizens to covertly access and obtain the sensitive data of businesses to advance its economic and national security goals,” Wolf said.
“DHS flags instances where Chinese companies illicitly collect data on American consumers or steal intellectual property. CCP-aligned firms rake in tremendous profits as a result,” he said.
Comment Re:They notice that _now_? (Score 2) 60
To be effective, you have to nib them in the bid when they are still growing. Waiting until they peak and then waiting some more is not going to be effective in any way.
You must be new on this planet! Here, we always wait until it is almost too late to fix things. A good analogy would be that we always wait until a few deaths occurred before fixing something hazardous on our roads, like a dangerous crossing, curve, hill etc...
Comment Re:Need help (genuinely) to understand (Score 1) 140
How does someone at city level get to disorbey the President's orders?
Well there you go, if what you say is true, I guess the President should send the orders directly to them instead of putting them into orbit. People at the city level might not yet be connected to Space Force.
Comment Re:Solar City... (Score 2) 151
CROFLOL! "That ceremier guy", "cmr|mar" and now "modesto" which is a reference to being modest as well as a reference to California, thus completely ignoring where he really lives! You dudes are just hilarious!
Comment Re:Yeah, it broke. (Score 1) 88
Have a look at proxmox ve, up to par with VmWare ESX or whatever it is called nowadays I would say although some functionality is only available through the command line but this shouldn't be a problem if you are used to running Linux:
https://www.proxmox.com/
Free as in free beer, just change your repo for the dev one if you want to be able to update for free without any subscription. Of course, subscribe and support if you can.
Comment Re:Yeah, it broke. (Score 1) 88
There is no problems with auto-updating, it just lets you know which updates are available. I have all auto-upgrades disabled although. I just restrict access to the applications to sysadmins so clients can't enter new data into the system, take a snapshot or backup of the image if snapshots are not available, manually upgrade, test and put everything back online. Just rollback if anything goes wrong. This is a pretty standard scheme.
Comment Re:Left right (Score 2) 126
I am sure this depends on whether you use you right or left hand to do a specific body activity.
Comment Re:Good idea (Score 1) 44
Microsoft-owned GitHub has finally moved its snapshot of all active public repositories on the site to a vault in Norway. ZDNet reports:
Maybe Slashdot should store their backups there too?
You are right, backups is a more appropriate term. Snapshots only are useless without the complete file system content. As for Slashdot, it seems like they lost one or two days of content in the last outage.
Comment Re: Ramification (Score 1) 67
He said Web Application Firewall (WAF). I am surprised that an old timer like yourself never heard about it.
Nowadays, it is insane to run any websites without a WAF. A WAF will typically block more than 50% of the requests on any website, up to more than 90% on a low traffic website.
Of course, you need to fine tune it to avoid false positives. Basically, you simply remove some rules for some specific URLs after running the engine in detection only mode for a while.
You can do DNS blacklist lookup in order to block requests, block requests from countries where you have no customers, write your own custom rules, etc.
Have a look at mod_security module for apache for better knowledge, if your distro uses apt, apt install libapache2-mod-security2 or apt install libmodsecurity3 although newer and harder to setup and not as stable. I still use v2. This goes along with the crs rules, apt install modsecurity-crs.
mod_security:
https://www.modsecurity.org/ab...
crs:
https://github.com/coreruleset...
Comment Re:Bonus! (Score 1) 32
And it comes pre-equipped with support for zoombombing out of the box!
Please pay attention to proper grammar, it becomes irritating otherwise. Here is a more correct way to express your idea here on Slashdot:
"And it comes pre-equipped with zoombombing support for zoombombing out of the box!"
Just read the title as an indication:
Zoom Offering Hardware As a Service Offering
Slashdot Top Deals
She sells cshs by the cshore.
