Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Submission + - ForgeRock Seem to be Distancing Themselves from Open Source (forgerock.org) 1

Guy Paddock writes: As recently reported on Hacker News, ForgeRock — the company who develops OpenAM, OpenDJ, and OpenIDM — has cut off public access to the latest CDDL code for their projects.

Based on revision history, ForgeRock quietly updated "How to Build" pages in Confluence on November 14th, 2016 to point to different, "public" repositories that only have source code from the last major version of each of their products. Then, in the early morning of November 29th, ForgeRock sealed off both source code and pull request access to all of the original repositories. Only the repositories containing the older, major release code are now available for public consumption.

The open source community is now left to speculate what role, if any, they will play in helping to shape the future of ForgeRock products. This may also have repercussions for small-shop deployments who rely on the open source edition for bug fixes and security updates.

To date, the company has made no formal press release or public statement about their plans, but rumblings in user forums have prompted Aaron Kozak, the Digital Marketing Coordinator for ForgeRock, to weight in.

Mr. Kozak responded to users' concerns by stating, "We apologise for any inconvenience our recent changes may have caused. We are preparing for the next major release of the ForgeRock Identity Platform and as part of this process, we are no longer providing public access to our nightly builds and source code for the upcoming platform release. Open source downloads are still available via https://backstage.forgerock.co...."

When asked whether access to the latest code (the "trunk") would be restored after the upcoming releases, Kozak did not speculate, and offered only a statement that, "I’m sure that more details will be made available with the new release in the near future, but unfortunately I do not have any more information at this time."

Submission + - Virginia spent over half a million on cell surveillance that mostly doesn't work (muckrock.com)

v3rgEz writes: In 2014, the Virginia State Police spent $585,265 on a specially modified Suburban outfitted with the latest and greatest in cell phone surveillance: The DRT 1183C, affectionately known as the DRTbox. But according to logs uncovered by public records website MuckRock, the pricey ride was only used 12 times — and only worked 7 of those times. Read the full DRTbox documents at MuckRock.

Submission + - The Lack of Women in Cybersecurity is a Problem and a Threat (securityledger.com) 1

chicksdaddy writes: The devaluation of traditionally “soft” skills like empathy, communication and collaboration in the information security space may be hampering the ability of IT security teams to respond to human-focused threats and attacks, according to this article at The Security Ledger. (https://securityledger.com/2016/12/cybers-lack-of-women-a-problem-and-threat/)

Failing to prioritize skills like empathy, communication, and collaboration and the people who have them (regardless of their gender) and focusing on "hard skills" (technical expertise) "limits our conceptions of security solutions and increases risks to our systems and users."

The problem goes beyond phishing attacks and social engineering, too. “Studies have shown that projects that embrace diversity are more successful. It’s a simple truth that people with different life backgrounds and life experiences bring unique perspectives to problem-solving,” says Amie Stepanovich, the U.S. policy manager at Access Now.

In short: "when we keep hiring technologists to solve problems, we get keep getting technical solutions." Too often, such technical fixes fail to account for the human environment in which they will be deployed. “It’s prioritizing a ‘tech first’—not a ‘human first’ or ‘empathy first’—perspective,” says Dr. Sara “Scout” Sinclair Brody, the executive director of Simply Secure.

This isn’t the first article to raise a red flag over the technology sector's glaring shortage of empathy. (http://www.newyorker.com/business/currency/silicon-valley-has-an-empathy-vacuum).

And while instilling empathy and compassion in adults who lack it might seem like a tall order, the piece argues that it isn't an unsolvable problem: there are entire fields—like user experience and human-centered design—dedicated to improving the way humans and technology interact. “Shockingly little of that,” says Brody, “has made it into the security domain.”

Comment Re:As soon as we get a legitimate source like Netf (Score 1) 69

Right, but most people aren't students, and $10/month for access to a library the size of Netflix is still vastly cheaper than buying everything a typical subscriber might watch there the way you had to before the streaming library services were around.

I might also wonder what anyone who is watching enough stuff to need $60+/month of subscriptions to that many different services at once is actually doing with their lives, but that's a different question.

Comment Product placement (Score 1) 66

There's no commercial free option for Sling, there's no commercial free version for PS Vue

Would you prefer $200 per month? Because that's what Sling and the like would cost if every channel were as expensive as HBO.

why pay for a service and still be saddled with commercials?

What would the film The Wizard be without commercials for NES games?

Comment Re:Apple problem mostl or platform-independent iss (Score 3, Informative) 118

The closest thing to "something inherent about the Apple design" is Apple's tighter control over production of devices with Lightning and MagSafe connectors through refusal to license relevant patents. Android devices, on the other hand, use standardized USB micro-B and USB C connectors. Licenses for patents that cover standard USB connectors are offered under "FRAND" (uniform royalty) conditions. So any safe USB charger is a safe Android charger.

Comment Re:Define "fit for business" (Score 1) 117

If we were talking about updates to the Enterprise version of 7 or 8.1, which organisations might already have deployed widely, presumably it would be tougher for those organisations to justify the switch. Maybe only those who were concerned about serious legal/regulatory issues would do so. But then in that situation, the sysadmins could just block the other updates they didn't want, so concerns about updates introducing ads or removing features or whatever don't really apply.

The thing with Windows 10 is that it's a big upgrade anyway. Enterprise-scale IT departments are already going to need plans for a full migration if they want to go to Win 10 Enterprise. They're already going to have to check compatibility with all the software they rely on, maybe upgrade some of their hardware, and so on. So the cost of accepting Windows 10 if Microsoft were also to push stuff like telemetry and automatic updates in the Enterprise edition would just be that much higher.

Comment Which Wikipedia pages you view may be sensitive (Score 1) 43

If you want to selectively block media types, you can do that using a browser extension installed on each PC. Or you can set up a proxy on localhost on each PC and have the browser installed on that PC trust that proxy's root certificate. Then you're back down to two parties being able to see the communication: the client and the localhost proxy, and the server. This regains blocking by media type but loses a shared cache.

It's also possible to configure your Squid proxy to behave differently on sites that are unusually privacy-sensitive using a stare rule. Log the SNI field of each ClientHello message from your proxy's clients. Build a list of which hostnames ought to be cached (high-traffic sites) or not (financial or medical sites), and be transparent with your users about the process of building this list. Bump (MITM) the high-traffic sites so that you can cache them, and splice (tunnel) the sensitive ones so that you can reassure users that your proxy isn't snooping this particular connection. The user will be able to tell whether a connection is through your proxy by looking at who issued the certificate. For example, in Firefox, one can click the lock in the URL bar, click the right arrow, and read "Verified by:".

On the other hand, see replies to bigjosh on Coding Horror Discourse, who expressed the same need for caching. One of the replies expresses a possibility that the fact of having read articles about a particular subject on Wikipedia might itself be sensitive even if Wikipedia is public and cacheable.

Submission + - The forgotten story of America's first toy robot (fastcompany.com) 2

harrymcc writes: In 1954, the Ideal Toy Company released Robert The Robot, the first toy robot made in the U.S. He was made of plastic instead of the more common tin, had a hand-cranked remote control and talked. And he not only became a bestseller, but appeared in a movie, inspired songs, and was generally a media superstar. And then everyone forgot about him. Over at Fast Company, Jared Newman chronicles his odd and interesting story.

Submission + - 6 seconds: How hackers only need moments to guess card number and security code (telegraph.co.uk) 1

schwit1 writes: Criminals can work out the card number, expiry date and security code for a Visa debit or credit card in as little as six seconds using guesswork, researchers have found.

Fraudsters use a so-called Distributed Guessing Attack to get around security features put in place to stop online fraud, and this may have been the method used in the recent Tesco Bank hack.

According to a study published in the academic journal IEEE Security & Privacy, that meant fraudsters could use computers to systematically fire different variations of security data at hundreds of websites simultaneously.

Within seconds, by a process of elimination, the criminals could verify the correct card number, expiry date and the three-digit security number on the back of the card.

Mohammed Ali, a PhD student at the university's School of Computing Science, said: "This sort of attack exploits two weaknesses that on their own are not too severe but, when used together, present a serious risk to the whole payment system.

Slashdot Top Deals

Suggest you just sit there and wait till life gets easier.

Working...