Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re:Wow... (Score 3, Interesting) 179

I dunno. This story just makes me feel better about not buying Apple products. I can buy any cable I like and not have to worry about this bullshit.

"OMG. You didn't buy a genuine monster cable! Quick, toss it out before it EXPLODES!"

Which bullshit? The bulishit of shoddy cables destroying your laptop?

Comment Re:Which NSA employees also face prosecution? (Score 1) 88

re "A few times a month I trip an alarm in my normal work and have to justify my actions to our compliance group."

Internally the NSA don't have an alarm for that. Nobody could do any gov work if "alarms" or encryption got installed at that level and had to be cleared every few hours.

Why not? If private companies are expected to have access controls and adequate auditing for sensitive data and face fines for data breaches, then why isn't the NSA held to the same standard when they have access to much more sensitive data? if a private company has a breach, it can face multi-million dollar fines. What's the punishment when the NSA (who has access to far more data than many people prefer) loses that data because they can't be bothered to secure it out of "convenience". When a hospital has a data breach and your medical records are available for download, would you accept "Well, we could never do any medica work if we had any access controls or auditing for access to your medical data." At least in the case of a hospital, they have a good excuse - it literally is a matter of life-and-death - if the ER doctor can't pull up your medical records, you may die while waiting for treatment. But convenience and expediency is not excuse, even for a hospital.

Everything is decrypted and reduced to plain text. Thats the mission to decrypt and read, sort and index. The select humans allowed in to read and search the material are the "security".

So the NSA *requires* invasive access to all sorts of personal data, but they can't protect it at all? Every employee with some sort of clearance needs access to everything with no access controls at all?

Somehow that seems unlikely, and is not the level of care most people expect for such databases.

A random contractor should not be allowed to walk out with 50TB worth of data.

The select humans allowed in to read and search the material are the "security".

Note that there are about 5 million people with some sort of security clearance, 1.4M have a "top secret" clearance, so how select is that group? The NSA is estimated to have 40 - 50 thousand employees (the exact number is, ironically, secret), if even just half of them have access to data, that's not a very select group of employees, and there are guaranteed to be more leaks.

The idea is to allow the NSA workers to dig deep into all the raw data and find the gems that every other branch of the US gov and mil missed due to a lack of skill or clearance.

East Germany faced such a walk out of all their spies in the West as raw data in the 1950's. They fixed it by splitting the data up so no one person could ever see all the data lists alone again. A complex buddy and the need for senior staff to be present if such data was requested stopped walk outs

The GCHQ faced the issue of a cleared person with access to photocopier without a counter and daily uncounted paper refills. The ability to just copy secret vault material was limited only by the size of a folder to carry paperwork home in everyday. The GCHQ fixed the issue by securing the hardware and been more staff aware.

In the digital age the NSA has to trust its staff, contractors and people the contractors offer as trusted or who other agencies pass as trusted.

So this problem was solved 50 years ago, yet the NSA can't manage to solve it with modern computer systems?

The skilled staff ratio to material gathered is just getting so complex, jargon packed or in need of translation that a lot of contractors have to be ready to look. Its all plain text to help that work flow of a global collect it all policy. Then add in the sorting of the domestic collection.

That's a common criticism of the NSA -- they already have a haystack of data and can't find the needles they are looking for.

The fix is to encrypt internally and only trust tested NSA staff again. That would remove the contractors funding and they have political friends to get their access and contracts back.

You said they already only allow a select group of people have access to the data and that's their security model, now you say that the way to fix the problem is to only allow access to trusted staff? Who is this "select group" if it's not "trusted staff"? A select group of untrusted staff?

Comment Which NSA employees also face prosecution? (Score 1) 88

Who at the NSA will also face prosecution for such poor access controls that a *contractor* (not even a full employee) could steal 50TB of "highly classified documents" unnoticed?

I have full admin rights to every system at my employer, and even with those admin rights, I could not steal data unnoticed. A few times a month I trip an alarm in my normal work and have to justify my actions to our compliance group.

And we don't even store classified documents, just run of the mill business documents for our customers.

Comment Are they asking to be hacked? (Score 3, Informative) 415

Seems like they just put out a call to be hacked:

The Trump Organisation responded to Beaumont’s criticism by putting out a statement to the media saying that its web setup is shielded behind a firewall.

The Trump Organization deploys best in class firewall and anti-vulnerability technology with constant 24/7 monitoring. Our infrastructure is vast and leverages multiple platforms which are consistently monitored and upgraded using current cyber security best practices.

Comment OSX is better for laptops (Score 2, Interesting) 258

I have been a hard-core LInux user for over 15 years, running it on desktops, laptops, everything, completely eschewing the WIndows ecosystem (except for some occasional Wine use). Then I moved to an employer that is 100% OSX based. Running Linux on a bare metal Macbook was not an option due to the necessity of running security software mandated by their compliance department (along with a security token for MFA that doesn't work with Linux).

So I switched to OSX and run Linux in a VM, ssh'ing to it as needed.

I was reluctant to make the switch at first, but now am quite happy with OSX as my main OS -- everything works, the laptop sleeps and wakes up as it should, the integrated touchpad and camera work flawlessly, it switches from a single monitor to my double desktop monitors without a problem, then switches back to the laptop display when I unplug. Presentation mode works well when I plug in the projector.

While running running Linux on my thinkpad, I've experienced lots of problems -- sometimes the laptop would fail to suspend -- I'd pull it out of my backpack and it'd be hot with a nearly dead battery after continuing to run while the lid was closed, sometimes it would fail to wake up and I'd have to power cycle it. Sound was a recurring problem, I'd have to restart the sound daemon at least once a week, and plugging in an external monitor was always an exercise in finding out where my windows scattered to and hoping that it found the right resolution for my monitor.

On the server side, I'm a big fan of Linux, but on the desktop, I'm become a fan of OSX.

Comment Re:Should be recording all the time (Score 1) 65

point being that if it's not in the original budget then getting an extra couple of mil isn't an "only" thing.

otherwise "a few percent" salalry increase for the cops wouldn't be an issue now would it?

Point being that it should be in the budget -- having police cameras that the police can decide when to turn on protects the police more than it protects citizens.

Comment Re:Should be recording all the time (Score 1) 65

The video would be an official record, which means retention schedules kick in - you can't just delete it because no one has asked for it yet.
It could quite easily be required to be kept for 2 / 6 /10 years.
Oh and they need to be managed, so you can search for the time/date/officer/location.

That 1TB per officer per fortnight could end up being a billion dollar information management system...

They are already discarding the videos after 31 days:

The new cameras are turned on by officers as necessary during dealings with the public or attendance at crime scenes, and automatically upload stored video when reconnected to a dock later at the station. Videos saved are discarded after 31 days unless earmarked as evidence, and any affected member of the public may request a copy of the video within that time-period.

Comment Why not public works programs? (Score 1) 883

Instead of giving away money to everyone, provide jobs for every one. If you can't find a job at a private company, then the government can bring back public jobs programs. The unemployed can work on habitat for humanity style homes, maintaining public parks and other landscaping, etc. Those that can't hand the physical labor can sew hats for stray kittens or some other low-impact work.

Paying people to do nothing just seems like incentive to do nothing.

Comment Re:Should be recording all the time (Score 1) 65

> only around 1TB of storage per officer

so with 30000+ officers that's "only" 30 petabytes of storage they'll need.

Right. Is that a lot of storage these days? Anything times 30,000 is a large number, if a police officer's badge costs $100 to make, it costs over $3M just to outfit the force with badges.

A TB of enterprise storage, including backups costs around $500 - $2000/year these days (Amazon will rent you 1 TB of triple replicated storage for around $300/year) -- just a few percent of an officer's salary, and if the camera keeps the officer out of court just once for a false claim of abuse, it will have more than paid for itself.

Comment Should be recording all the time (Score 1) 65

If it has a 30 second buffer to let the camera capture events that have already passed, then it must be recording all the time.

So why not save recorded video all the time? A GoPro can record 4 hours on a 32GB flash card, so a 128GB card would hold 12 hours of video -- more then enough for a shift.

The video doesn't need to be saved forever, it can be held on a storage system for 2 weeks (which is only around 1TB of storage per officer) to allow requests for video to be held for investigation.

Comment Re:Stability and performance? (Score 1) 26

I don't need more features. I want a functional tablet.

Source: Have Nexus 9 that crashes almost daily after 7 update.

And I don't want "stickers or GIFs" in my keyboard app -- in fact, I'd really like to drop the emoticon button from the keyboard and replace it with a more useful key.

Comment Re:Removable Battery! (Score 1) 251

All phone manufacturers should wake up and realize they could have easily run into the same issue from their battery supplier.

Going back to removable batteries would reduce the risk of such a costly recall and give consumers what they want.

Do many customers really *want* removable batteries? Sure, some do, but overall, there doesn't seem to be much demand for them given the popularity of phones without easily replaced batteries.

Slashdot Top Deals

"If you can, help others. If you can't, at least don't hurt others." -- the Dalai Lama