An awful lot of people in this thread have quick and simple "just do this" solutions for NASA's data encryption challenges.

NASA isn't your standard corporate environment - there are serious challenges to any "Just do X" solution. They DO need to encrypt everything but its not a simple single-answer thing. They have to accommodate every scenario from "HR newbie with PII data in an office envrionment" to "Laptop collecting data on a C-130 as it flies through hurricanes" to "Laptops controlling robots in the desert during field tests sulating Martian environments".

In many of those cases a laptop with broken
encryption software means millions of wasted dollars if the experiment is a wash.

In other cases NOT having crypto means serious secrecy issues.

Anyway, there's no excuse for this loss but could we please stop pretending that NASA literally never considered DAR on mobile devices, and that simply doing {your favorite product} on everything would solve all the problems?

Thanks....

Wow, do you bring the servers with you when you go do field tests of your robot in the desert? Or on the plane when you're doing hurricane fly-through ops?

Wait, you don't have those kinds of complexities in your corp? Interesting.

I wonder if NASA is a really complicated and nuanced sort of place and how that might provide challenges for these sorts of seemingly trivial things.

Just to clarify for other readers, you post makes it sound like "NASA Doesn't do much" at NASA ARC.

I work at ARC, and it's a wonderful research facility! In just my short time here I've been involved with groups doing pioneering work in computer science and robotics, supercomputing, avionics, aviation safety, cockpit design, UAVs (for science, not war!), earth science, biology, astrophysics, planetary discovery, and so much more!!

NASA Kepler, which just found a "twin" earth (Google: Kepler 22-b) was begun here, and the science operations are still performed here.

Quite a lot of great stuff comes out of NASA Ames, for a very small overall price tag.

Hi all; I actually work for NASA as an IT Security guy.

While I can't answer specifics about this incident, you should remember that a great many things done by NASA are "General Science", and the data output from them is specifically and consciously made public.

It's possible that the FTP server is meant to be serving those files "to the public".

Why FTP instead of SFTP? Usually when you choose to make data public to the world, you don't bother implementing crypto on the data. And just because it's available via FTP for distribution, does not mean insecure FTP was used to *place* the data on the server.

You're quite right, actually. I didn't really want to go into all that detail with my post though, and knowing the "average" IT guy I think I'm still safe saying that they'd say "Hey, that should be in a datacenter!". ;)

Before everyone gets all spun up on government waste, inefficiency, etc - I'd like to point out that numbers like these are never accurate. (For the record, I work for the feds, in the IT field).

The problem with "The feds have X datacenters" as a metric is that various audits occur at different times and by different auditors. These auditors almost always have differing definitions for what a datacenter actually is.

In one audit, a group can come through and define "Datacenter" as a big room where servers are co-located and services run on behalf of others. They'll find 2 at my center. Then a year later, a different group comes in and defines "Datacenter" as anywhere that more than 5 computers are running and left on all night. They'll find 200 at my center. Yes, this actually happened! The auditors came through dozens of science labs, found project servers sitting in the labs, and labeled each lab a datacenter.

Now here is the trick to why the statistics are complete mush. A normal IT guy would walk through the lab and say "Hey, that server should be in a datacenter!" -- but the auditors make the reverse conclusion. "Hey, this lab is a datacenter".

Yes, there is waste in the federal sphere and we absolutely need to take action to be more efficient at all levels. However, this article is basically pushing a number that came from someones' imagination, and pretending it's meaningful.

Duh, how could I not think of a prompt + whitelist. :P

Then again, that presents the "NoScript" problem. While techies generally tend to use noscript, I pretty much see non-techies clicking "Temporarily allow all this page" on every page they visit that "doesn't work right" without even looking at the URL lists. So, a prompt to whitelist content would probably just get the same treatment. Better than status quo I suppose, but not a panacea either.

Wouldn't this feature also kill things like OpenID and other "Single Sign On" services?

Mod parent troll. The topic is 'Ask Slashdot', asshat. That's the purpose. It IS a forum discussion.

Whooosh!

This isn't that big a deal.

You're wrong. Blizzard's BNet2 keeps a profile of games you own, similar in a way to Steam's - once you activate your game, via CD key or whatever else, you own it. After that, what media your copy of the game came from (your own CD, your friend's, or download) ceases to matter. Your Battle.net account is what gets you access to the online game. I imagine that, in order to play only single player, you will simply need an internet connection to confirm the legitimacy of your copy every time you have to reinstall the game. Re-validating once per install isn't a real tax on a gamer's time or emotional stability.

http://xkcd.com/465/

If one strace's the chrome flash plugin process one discovers that in 10 seconds it issues 56,000 system calls -- 53,000 (95%) of them are useless gettimeofday() calls

Per my co-worker: That's probably why flash sucks so bad on MacOS. Apple won't give them the time of day!

Mark't's post should not have been marked troll. Pull your head out of your ass moderator. Mark T was merely sharing his EXPERIENCE with us; not trolling. This Slashdot system is being ABUSED in order to try to destroy the user named Mark-t.

SLASHDOT FAQ:

"Concentrate more on promoting (adding points) rather than on demoting (subtracting points). The real goal here is to find the juicy good stuff and let others read it. Do not promote personal agendas. Do not let your opinions factor in. Try to be impartial about this." "Simply disagreeing with a comment is not a valid reason to mark it down. Likewise, agreeing with a comment is not a valid reason to mark it up. The goal here is to share ideas. To sift through the haystack and find needles."