dstates writes: A team of researchers at the University of Michigan has realeased Zmap, a tool that allows an ordinary server to scan every address on the Internet in just 45 minutes. This is a task that used to take months, but now is accessible to anyone with a fast internet connection. In their announcement Friday, at the Usenix security conference in Washington they provide interesting examples tracking HTTPS deployment over time, the effects of Hurricane Sandy on Internet infrastructure, but also rapid identification of vulnerable hosts for security exploits. As Washington Post Blog discussing the work shows examples of the rate with which of computers on the Internet have been patched to fix Universal Plug and Play, “Debian weak key” and “factorable RSA keys” vulnerabilities. Unfortunately, in each case it takes years to deploy patches and in the case of UPnP devices, they found 2.56 million (16.7 percent) devices on the Internet and not yet upgraded years after the vulnerability had been described. Zero day exploits just became zero hour.
dstates writes: For most of Friday, police and firefighters in Detroit were forced to operate without their usual dispatch radio when the emergency dispatch system failed. The radio system used for communication between 911 dispatchers and Detroit's police, fire and EMS crews went down around 5:30 a.m. Friday morning, causing a backlog of hundreds of calls and putting public safety at risk. Michigan State Police allowed Detroit's emergency system to use the state's communication towers, but access was restricted to top priority calls out of fear of overloading the State system.
More than 60 priority 1 calls and more than 170 non-emergency calls were backed up. With no dispatch to communicate if something went wrong and backup was needed, police were forced to send officers out in pairs for safety concerns on priority 1 calls.
Detroit’s new police chief, James Craig, says he's "appalled" that a redundant system did not kick in. The outage occurred only days after Craig took office. The $131 million dollar Motorola system was installed in 2005 amid controversy over its funding. Spokesmen for Motorola said parts of the system were regularly maintained but acknowledged that backup systems had not been tested in the past two years. They said the problem was a hardware glitch in the link between dispatch and the individual radios. As of 9 p.m. Friday Motorola spokesman said that the system was stable and that the company would continue troubleshooting next week.
dstates writes: SAM (Systems for Awards Management) is a financial management system that the US government requires all contractors and grantees to use. This system has recently been rolled out to replace the older CCR system. Last night, thousands of SAM users received the following message:
"Dear SAM user
The General Services Administration (GSA) recently has identified a security vulnerability in the System for Award Management (SAM), which is part of the cross-government Integrated Award Environment (IAE) managed by GSA. Registered SAM users with entity administrator rights and delegated entity registration rights had the ability to view any entity’s registration information, including both public and non-public data at all sensitivity levels."
From March 8 to 10, any registered user who searched the system could view confidential information including account and social security numbers for any other user of the system. Oops! The Government Services administration says that they have fixed the problem, but this is a serious black eye for the Fed.
dstates writes: ProPublica, the award winning public interest journalism group and frequently cited Slashdot source has published an interesting guide to app technology for journalism and a set of data and style guides. Journalism presents unique challenges with potentially enormous but highly variable site traffic, the need to serve a wide variety of information, and most importantly, the need to quickly develop and vet interesting content, and ProPublica serves lots of data sets in addition to the news. They are also doing some cool stuff like using AI to generate specific narratives from tens of thousands of database entries illustrating how school districts and states often don't distribute educational opportunities to rich and poor kids equally. The ProPublica team focuses on some basic practical issues for building a team, rapidly and flexibly deploying technology and insuring that what they serve is correct. A great news app developer needs three key skills, the ability to do journalism, design acumen and the ability to write code quickly, and the last is the easiest to teach. To build a team they look to their own staff rather than competing with Google for CS grads. Most news organizations use either Ruby on Rails or Python/Django, but more important than which specific technology you choose, pick a server-side programming language and stick to it. Cloud hosting provides news organizations with incredible flexibility (like how do you increase your capacity ten fold for a few days around the election and then scale back the day after), but they're not as fast as real servers, and cloud costs can scale quickly relative to real servers. Maybe a news app is not the most massive"big data" application out there, but where else can you find the challenge of millions of users checking in several times a day for the latest news, and all you need to do is sort out which of your many and conflicting sources are providing you with straight information? Oh, and if you screw up, it will be very public.
The new HIPAA rules also greatly strengthen patient privacy, the ability of patients to control who sees their medical information, and increases the penalties for leaking medical records information. “Much has changed in health care since HIPAA was enacted over fifteen years ago,” said HHS Secretary Kathleen Sebelius. “The new rule will help protect patient privacy and safeguard patients’ health information in an ever expanding digital age.”
dstates writes: In just 6 weeks an MIT researcher created smart ice cubes that monitor your drinking. After an alcohol induced blackout motivated a bit of introspection, Dhairya Dand pulled together a coin cell battery, an ATtiny microcontroller, and an IR transceiver molded into gelatin to create self-aware glowing ice-cubes. The cubes glow and beat to the ambient music, but more importantly, they know how fast and how much you are drinking, and they change color from green to orange to finally red as you reach your safe limit. If things go too far, the ice cubes can connect to your smartphone and send a text message for a friend come get you. Of course, you have to remember not to swallow them. Interesting implications for addressing the input side of dieting, weight loss and moderation.
dstates writes: Retraction Watch reports that fake reviewer information was placed in Elsevier's peer review database allowing unethical authors to review their own or colleagues manuscripts. As a result, 11 scientific publications have been retracted. The hack is particularly embarrassing for Elsevier because the commercial publisher has been arguing that the quality of its review process justifies its restrictive access policies and high costs of the journals it publishes.
dstates writes: The FCC is considering one of the biggest regulatory changes in decades: allowing a newly available chunk of wireless spectrum to be leased by different users at different times and places, rather than being auctioned off to one high bidder. The plan is to open a new WiFi with spectrum in the 3.550 to 3.650 gigahertz band now used by radar systems. Under the proposed rule to be voted on Wednesday, users could reserve pieces of that spectrum in different regions and at different time managed by a central database. Spectrum sharing is a dramatic change with a potential to make bandwidth accessible to many users. The plan has met with mixed reviews from the cellular carriers.
dstates writes: Bloomberg reports that Google is using Bermuda shell companies to avoid paying billions of dollars in taxes world wide. By routing payments and recording profits in zero tax havens, multinational companies have been avoiding double digit corporate taxes in the US and Europe. Congressional hearings were held in July on the destructive consequences of off shoring profits. Why aren't the US and Europe exerting more diplomatic pressure on these tax havens that are effectively stealing from the US and European treasuries by allowing profits that did not result from activities in Bermuda or the Cayman Islands to be recorded as occurring there?
dstates writes: Apple plans to double the fuel cell generating capacity at its North Carolina data center. Ebay also has a fuel cell powered data center. Fuel cell powered data centers could ultimately become buffers for the power grid relying on the grid mainly for backup power and even selling excess power back to the utilities. Fuel cells offer high efficiency and avoid the ~7% transmission losses for long distance electrical transmission lines, and importantly for data centers, local generation is not susceptible to all the disruptions of the power grid.
dstates writes: Apple built tremendous customer loyalty based on a simple pact, “Buy our stuff, and it will do what you want it to without invading your life”. I.e., we won’t push advertising at you, we won’t push buggy half-baked illogical software at you, and we won’t use our stuff to invade your privacy or sell your data to the highest bidder. Increasingly, the user experience is dominated by third party apps, but these apps do not live up to the quality and design standards Apple has traditionally set for its own products. Apple just passed 1 million app approvals and 25 billion app downloads. Assuming 200 million iPhones have been sold, that comes to something like 125 app downloads per phone. The result of this deluge is a user experience fail. Free downloads dominate paid apps, but more and more freeware is laden with advertising and pushes to upgrade to paid versions. "In app purchases" has become a closely followed metric. I.e. the “without invading your life” part of the deal never really made it to the apps where users now spend the vast majority of their time. Reliability is also suffering. Many apps are buggy, including Apple’s, and even iCloud has crashed repeatedly in recent days. Bottom line, the App Store is destroying Apple’s core value proposition.
dstates writes: The human body is a complex system, and the bacteria in our gut modifies the way we process food. Taking antibiotics early in life changes which bacteria we carry and appears to increase lifetime risk of obesity. For many years, antibiotics have been added to animal feed to increase weight gain in farm animals. Looks like the same thing happens to us.
dstates writes: One Laptop Per Child reports encouraging results of a bold experiment to reach the millions of students worldwide who have no access to primary school. OLPC delivered tablets to two Ethiopian villages in unmarked boxes without instructions or instructors. Within minutes the kids were opening the boxes and figuring out how to use the Motorola Zoom tablets, within days they were playing alphabet songs and withing a few months how to hack the user interface to enable blocked camera functionality. With the Kahn Academy and others at the high school level and massive open online courses at the college level, the teaching profession is under assault as never before.