Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - ForgeRock Seem to be Distancing Themselves from Open Source (forgerock.org) 1

Guy Paddock writes: As recently reported on Hacker News, ForgeRock — the company who develops OpenAM, OpenDJ, and OpenIDM — has cut off public access to the latest CDDL code for their projects.

Based on revision history, ForgeRock quietly updated "How to Build" pages in Confluence on November 14th, 2016 to point to different, "public" repositories that only have source code from the last major version of each of their products. Then, in the early morning of November 29th, ForgeRock sealed off both source code and pull request access to all of the original repositories. Only the repositories containing the older, major release code are now available for public consumption.

The open source community is now left to speculate what role, if any, they will play in helping to shape the future of ForgeRock products. This may also have repercussions for small-shop deployments who rely on the open source edition for bug fixes and security updates.

To date, the company has made no formal press release or public statement about their plans, but rumblings in user forums have prompted Aaron Kozak, the Digital Marketing Coordinator for ForgeRock, to weight in.

Mr. Kozak responded to users' concerns by stating, "We apologise for any inconvenience our recent changes may have caused. We are preparing for the next major release of the ForgeRock Identity Platform and as part of this process, we are no longer providing public access to our nightly builds and source code for the upcoming platform release. Open source downloads are still available via https://backstage.forgerock.co...."

When asked whether access to the latest code (the "trunk") would be restored after the upcoming releases, Kozak did not speculate, and offered only a statement that, "I’m sure that more details will be made available with the new release in the near future, but unfortunately I do not have any more information at this time."

Submission + - Virginia spent over half a million on cell surveillance that mostly doesn't work (muckrock.com)

v3rgEz writes: In 2014, the Virginia State Police spent $585,265 on a specially modified Suburban outfitted with the latest and greatest in cell phone surveillance: The DRT 1183C, affectionately known as the DRTbox. But according to logs uncovered by public records website MuckRock, the pricey ride was only used 12 times — and only worked 7 of those times. Read the full DRTbox documents at MuckRock.

Submission + - The Lack of Women in Cybersecurity is a Problem and a Threat (securityledger.com) 1

chicksdaddy writes: The devaluation of traditionally “soft” skills like empathy, communication and collaboration in the information security space may be hampering the ability of IT security teams to respond to human-focused threats and attacks, according to this article at The Security Ledger. (https://securityledger.com/2016/12/cybers-lack-of-women-a-problem-and-threat/)

Failing to prioritize skills like empathy, communication, and collaboration and the people who have them (regardless of their gender) and focusing on "hard skills" (technical expertise) "limits our conceptions of security solutions and increases risks to our systems and users."

The problem goes beyond phishing attacks and social engineering, too. “Studies have shown that projects that embrace diversity are more successful. It’s a simple truth that people with different life backgrounds and life experiences bring unique perspectives to problem-solving,” says Amie Stepanovich, the U.S. policy manager at Access Now.

In short: "when we keep hiring technologists to solve problems, we get keep getting technical solutions." Too often, such technical fixes fail to account for the human environment in which they will be deployed. “It’s prioritizing a ‘tech first’—not a ‘human first’ or ‘empathy first’—perspective,” says Dr. Sara “Scout” Sinclair Brody, the executive director of Simply Secure.

This isn’t the first article to raise a red flag over the technology sector's glaring shortage of empathy. (http://www.newyorker.com/business/currency/silicon-valley-has-an-empathy-vacuum).

And while instilling empathy and compassion in adults who lack it might seem like a tall order, the piece argues that it isn't an unsolvable problem: there are entire fields—like user experience and human-centered design—dedicated to improving the way humans and technology interact. “Shockingly little of that,” says Brody, “has made it into the security domain.”

Comment Re:DEA already has rescheduled and overruled itsel (Score 1) 147

Actually, their constitutional authority to exist is that the Executive Branch calls them into existence to execute the provisions of laws passed by the Legislative branch.

It took a constitutional amendment to ban alcohol, and that amendment has been repealed. This leaves no authority for any branch of the government to prohibit the manufacture, sale, or use of any drug. Any act of the congress that purports to do so is not a law at all, it is as James Madison would describe it, a usurpation.

-jcr

Comment Re:LOL (Score 1) 76

Yeah, because that is exactly what I said.

Let me ask you a simple question, does any regulation state its goals, and if it doesn't (or no longer) reach those goals, is it repealed?

I don't know of ANY regulation that has a repeal clause in it if it doesn't meet its goals.

I don't know of ANY regulation that has a cost benefit analysis requirement before being employed.

I don't know ANY regulation that self monitors for effectiveness.

I don't know ANY regulation that was revoked when it was found to be ... ineffectual. Just more regulations to fix the broken bits of the previous (and bad) regulation.

So, yeah, "No" regulation is an option. AND not all regulations need to apply everywhere in a "one size fits all" over the top method.

I'll give a really good example of bad regulations that can be completely avoided by changing the term of the problem, CableTV (and Internet) franchise agreements. The whole "Net Neutrality" is a top down draconian implementation of regulations that is completely avoidable if you change where the problem exists; the last mile. Fix the last mile problem (monopolistic franchise agreements) AND you don't need a whole bunch of Government red tape on how Internet traffic is handled.

Freedom is expensive, and tyranny comes with a costly price tag. So, yes, I err on the side of Liberty.

Submission + - The forgotten story of America's first toy robot (fastcompany.com) 2

harrymcc writes: In 1954, the Ideal Toy Company released Robert The Robot, the first toy robot made in the U.S. He was made of plastic instead of the more common tin, had a hand-cranked remote control and talked. And he not only became a bestseller, but appeared in a movie, inspired songs, and was generally a media superstar. And then everyone forgot about him. Over at Fast Company, Jared Newman chronicles his odd and interesting story.

Submission + - 6 seconds: How hackers only need moments to guess card number and security code (telegraph.co.uk) 1

schwit1 writes: Criminals can work out the card number, expiry date and security code for a Visa debit or credit card in as little as six seconds using guesswork, researchers have found.

Fraudsters use a so-called Distributed Guessing Attack to get around security features put in place to stop online fraud, and this may have been the method used in the recent Tesco Bank hack.

According to a study published in the academic journal IEEE Security & Privacy, that meant fraudsters could use computers to systematically fire different variations of security data at hundreds of websites simultaneously.

Within seconds, by a process of elimination, the criminals could verify the correct card number, expiry date and the three-digit security number on the back of the card.

Mohammed Ali, a PhD student at the university's School of Computing Science, said: "This sort of attack exploits two weaknesses that on their own are not too severe but, when used together, present a serious risk to the whole payment system.

Comment Re:Still a need for what he was origally doing (Score 4, Insightful) 73

There is a strong vision in something like CyanogenMod, and that can be leveraged into "profits" given the right view.

I personally thought the original vision of Cyanogen Inc was towards the right track. However, once they kicked OnePlus to the curb for "more" (India) they lost almost all credibility they had in going that route. No real Handset Maker would ever do business with them after that.

The rest of whatever credibility they had left over , was gone the moment they were "bought" by Microsoft and started to Bing up the joint.

I don't care what the reasons were for either of those two "missteps", they killed Cyanogen Inc.

There are two valid moves Steve can make at this point, both I've seen mentioned elsewhere. First is take CM, and put it under a 501.c.3 Umbrella, and crowd source development. The other option is to "restart" the Company, but without a douchebag running it, and focus on taking lagging older handsets and getting them patched and updated, with (preferably) the blessings of the maker (good PR for both) or without.

IMHO these are not mutually exclusive either. The latter is going to take some time to get trust rebuilt, but it would pay huge if he found someone who knew the vision and could keep the focus tight (I volunteer, but I rather doubt anyone would take me up on it). There is still a need for custom/slim ROMs out there that aren't branded Nexus/Pixel/Chrome/Whatever

Slashdot Top Deals

UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn

Working...