Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - RSA conference attendees get hacked (esecurityplanet.com)

storagedude writes: Security testing company Pwnie Express scanned Wi-Fi access at the RSA conference and found multiple EvilAP attacks. What's worse, several attendees fell for these dummy Wi-Fi services that spoof well-known brands like Starbucks. The company also found a number of access points using outdated WEP encryption. So much for security pros...

Submission + - Needed: A universal file wrapper for data continuity (enterprisestorageforum.com)

storagedude writes: With thousands of file formats that quickly become incompatible and outdated, our data today likely won't have the staying power that hieroglyphs or even paper enjoyed. The solution:
a universal file wrapper agreed upon by standards bodies, writes Henry Newman on Enterprise Storage Forum.

' I would like to suggest that an ANSI, ISO or IEEE committee come together and create an open standard for self-describing data. This format must encompass all other formats that exist today in weather, multiple medical formats, geospatial, genetics and so on. This working group could meet and get agreement across various industries in pretty short order, I believe. Just like wrapping files that are already wrapped. This clearly doesn’t solve the whole problem with its long-term issues, but it does get us to a common agreed format. This could also be used for any other file type like a jpeg.'

Submission + - Google Fuchsia: Inside Google's new 'Fuchsia' OS (datamation.com)

jammag writes: Google is creating a new operating system, Fuchsia — but why? For IoT, mobile, world domination? The search giant remains remarkably tight-lipped about the project. Yet one thing's for sure: with Google behind it, Fuchsia will likely play a key role in development in the years ahead.

Submission + - Rootkits: The next big security challenge

storagedude writes: Rootkits are becoming a critical security challenge, writes Henry Newman at Enterprise Storage Forum. The solution: a secure supply chain for firmware, and users need to be alert for any changes or insider threats.

'The only way I can see this working — and there is still risk — is if you have multiple employees inspecting the firmware to ensure it is indeed the manufacturer’s firmware. I would have at least two or more people get the firmware and validate the SHA256 hashes,' Newman writes.

Submission + - Object storage and POSIX should merge (enterprisestorageforum.com)

storagedude writes: Object storage’s low cost and ease of use have made it all the rage, but a few additional features would make it a worthier competitor to POSIX-based file systems, writes Jeff Layton at Enterprise Storage Forum. Byte-level access, easier application portability and a few commands like open, close, read, write and lseek could make object storage a force to be reckoned with.

‘Having an object storage system that allows byte-range access is very appealing,’ writes Layton. ‘It means that rewriting applications to access object storage is now an infinitely easier task. It can also mean that the amount of data touched when reading just a few bytes of a file is greatly reduced (by several orders of magnitude). Conceptually, the idea has great appeal. Because I'm not a file system developer I can't work out the details, but the end result could be something amazing.’

Submission + - Tech Vendors Say They Can Stop Hackers (esecurityplanet.com)

storagedude writes: A group of eleven tech vendors say they've developed a data infrastructure that can stop hackers in their tracks.

At the heart of the Multilevel Secure System (MLS) is a modified version of SELinux, with role-based access control with a policy for each role, so no one can get to the system root and the root can’t see user data. Policies are based on roles such as security admin, audit admin and sysadmin, and each file is tagged with a security level so some users can see it while others can’t.

Lockheed Martin, Seagate and Red Hat are among the vendors who developed the system, which was unveiled at last week's Geospatial Intelligence (GEOINT) conference in DC.

Submission + - Is The Era of Cheap Disk Storage Over? (infostor.com)

storagedude writes: Big Data, the Internet of Things and manufacturing and areal density limitations could combine to reverse the long-running trend of falling data storage prices, according to an article on InfoStor. With neither flash nor tape offering a viable alternative to bulk disk storage, users may have to turn to technologies such as deduplication, thin provisioning, RAID 1 and heat-assisted magnetic recording (HAMR) to meet demand.

Submission + - Is LTO tape on its way out? (enterprisestorageforum.com)

storagedude writes: With LTO media sales down by 50% in the last six years, is the end near for tape? With such a large installed base, it may not be imminent, but the time is coming when vendors will find it increaingly difficult to justify continued investment in tape technology, writes Henry Newman at Enterprise Storage Forum.

“If multiple vendors invest in a technology, it has a good chance of winning over the long haul,” writes Newman, a long-time proponent of tape technology. “If multiple vendors have a technology they’re not investing in, it will eventually lose over time. Of course, over time market requirements can change. It is these interactions that I fear that are playing out in the tape market.”

Submission + - No Easy Fix for Point-of-Sale Security (esecurityplanet.com)

poseur writes: Just about every retailer has experienced a data breach due to insecure point-of-sale systems. Why is PoS security so hard? Experts say it's a moving target. The good news, experts say, is that payment solutions like Apple Pay could render PoS systems largely obsolete.

Submission + - If your cloud vendor goes out of business, are you ready?

storagedude writes: With Amazon Web Services losing $2 billion a year, it’s not inconceivable that the cloud industry could go the way of storage service providers (remember them?). So any plan for cloud services must include a way to retrieve your data quickly in case your cloud service provider goes belly up without much notice (think Nirvanix). In an article at Enterprise Storage Forum, Henry Newman notes that recovering your data from the cloud quickly is a lot harder than you might think. Even if you have a dedicated OC-192 channel, it would take 11 days to move a petabyte of data – and that’s with no contention or other latency. One possible solution: a failover agreement with a second cloud provider – and make sure it’s legally binding.

Submission + - Blogger starts Whitehouse.gov petition to fight data breaches

storagedude writes: A blogger is calling for an end to liability limits for companies that expose users' personal and financial information, saying that 'Only when the cost of losing data exceeds the cost of protecting data will anything likely change.'

Writing on InfoStor, Henry Newman said the security problem ‘is one hundred percent solvable with the right amount of motivation and the right amount of resources.’
His petition requests that if organizations with more than 1,000 employees fail to protect data, 'the organization becomes responsible for that loss with no exclusions and no liability limits.'

Submission + - Data archiving standards need to be future-proofed (enterprisestorageforum.com)

storagedude writes: Imagine in the not-too-distant future, your entire genome is on archival storage and accessed by your doctors for critical medical decisions. You'd want that data to be safe from hackers and data corruption, wouldn't you? Oh, and it would need to be error-free and accessible for about a hundred years too. The problem is, we currently don't have the data integrity, security and format migration standards to ensure that, according to Henry Newman at Enterprise Storage Forum. Newman calls for standards groups to add new features like collision-proof hash to archive interfaces and software.

'It will not be long until your genome is tracked from birth to death. I am sure we do not want to have genome objects hacked or changed via silent corruption, yet this data will need to be kept maybe a hundred or more years through a huge number of technology changes. The big problem with archiving data today is not really the media, though that too is a problem. The big problem is the software that is needed and the standards that do not yet exist to manage and control long-term data,' writes Newman.

Submission + - TrueCrypt gets a new life, new name (esecurityplanet.com)

storagedude writes: Amid ongoing security concerns, the popular open source encryption program TrueCrypt may have found new life under a new name, reports eSecurity Planet. Under the terms of the TrueCrypt license — which was a homemade open source license written by the authors themselves rather than a standard one — a forking of the code is allowed if references to TrueCrypt are removed from the code and the resulting application is not called TrueCrypt. Thus, CipherShed will be released under a standard open source license, with long-term ambitions to become a completely new product.

Slashdot Top Deals

No amount of genius can overcome a preoccupation with detail.