Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

  • FBI Completes New Face Recognition System

    Advocatus Diaboli writes: According to a report from Gizmodo, "After six years and over one billion dollars in development, the FBI has just announced that its new biometric facial recognition software system is finally complete. Meaning that, starting soon, photos of tens of millions of U.S. citizen's faces will be captured by the national system on a daily basis. The Next Generation Identification (NGI) program will logs all of those faces, and will reference them against its growing database in the event of a crime. It's not just faces, though. Thanks to the shared database dubbed the Interstate Photo System (IPS), everything from tattoos to scars to a person's irises could be enough to secure an ID. What's more, the FBI is estimating that NGI will include as many as 52 million individual faces by next year, collecting identified faces from mug shots and some job applications." Techdirt points out that an assessment of how this system affects privacy was supposed to have preceded the actual rollout. Unfortunately, that assessment is nowhere to be found.

    Two recent news items are related. First, at a music festival in Boston last year, face recognition software was tested on festival-goers. Boston police denied involvement, but were seen using the software, and much of the data was carelessly made available online. Second, both Ford and GM are working on bringing face recognition software to cars. It's intended for safety and security — it can act as authentication and to make sure the driver is paying attention to the road.

    115 comments | yesterday

  • UK's National Health Service Moves To NoSQL Running On an Open-Source Stack

    An anonymous reader sends this news from El Reg: The U.K.'s National Health Service has ripped the Oracle backbone from a national patient database system and inserted NoSQL running on an open-source stack. Spine2 has gone live following successful redevelopment including redeployment on new, x86 hardware. The project to replace Spine1 had been running for three years with Spine2 now undergoing a 45-day monitoring period. Spine is the NHS’s main secure patient database and messaging platform, spanning a vast estate of blades and SANs. It logs the non-clinical information on 80 million people in Britain – holding data on everything from prescriptions and payments to allergies. Spine is also a messaging hub, serving electronic communications between 20,000 applications that include the Electronic Prescription Service and Summary Care Record. It processes more than 500 complex messages a second.

    198 comments | about a week ago

  • Privacy Vulnerabilities In Coursera, Including Exposed Student Email Addresses

    An anonymous reader writes Coursera, the online education platform with over 9 million students, appears to have some serious privacy shortcomings. According to one of Stanford's instructors, 'any teacher can dump the entire user database, including over nine million names and email addresses.' Also, 'if you are logged into your Coursera account, any website that you visit can list your course enrollments.' The attack even has a working proof of concept [note: requires Coursera account]. A week after the problems were reported, Coursera still hasn't fixed them.

    31 comments | about two weeks ago

  • First US Appeals Court Hears Arguments To Shut Down NSA Database

    An anonymous reader writes: The second of two lawsuits filed against the U.S. government regarding domestic mass surveillance, ACLU vs. Clapper, was heard on Tuesday by "a three-judge panel on the U.S. Court of Appeals for the 2nd Circuit." The proceeding took an unprecedented two hours (the norm is about 30 minutes), and C-SPAN was allowed to record the whole thing and make the footage available online (video). ACLU's lawyers argued that mass surveillance without warrants violates the 4th Amendment, while lawyers for the federal government argued that provisions within the Patriot Act that legalize mass surveillance without warrants have already been carefully considered and approved by all three branches of government. The judges have yet to issue their ruling.

    199 comments | about two weeks ago

  • US Government Fights To Not Explain No-Fly List Selection Process

    An anonymous reader writes: On August 6, U.S. District Judge Anthony Trenga ordered the federal government to "explain why the government places U.S. citizens who haven't been convicted of any violent crimes on its no-fly database." Unsurprisingly, the federal government objected to the order, once more claiming that to divulge their no-fly list criteria would expose state secrets and thus pose a national security threat. When the judge said he would read the material privately, the government insisted that reading the material "would not assist the Court in deciding the pending Motion to Dismiss (PDF) because it is not an appropriate means to test the scope of the assertion of the State Secrets privilege." The federal government has until September 7 to comply with the judge's order unless the judge is swayed by the government's objection.

    248 comments | about three weeks ago

  • How Red Hat Can Recapture Developer Interest

    snydeq writes: Developers are embracing a range of open source technologies, writes Matt Asay, virtually none of which are supported or sold by Red Hat, the purported open source leader. "Ask a CIO her choice to run mission-critical workloads, and her answer is a near immediate 'Red Hat.' Ask her developers what they prefer, however, and it's Ubuntu. Outside the operating system, according to AngelList data compiled by Leo Polovets, these developers go with MySQL, MongoDB, or PostgreSQL for their database; Chef or Puppet for configuration; and ElasticSearch or Solr for search. None of this technology is developed by Red Hat. Yet all of this technology is what the next generation of developers is using to build modern applications. Given that developers are the new kingmakers, Red Hat needs to get out in front of the developer freight train if it wants to remain relevant for the next 20 years, much less the next two."

    232 comments | about three weeks ago

  • Companies That Don't Understand Engineers Don't Respect Engineers

    An anonymous reader writes Following up on a recent experiment into the status of software engineers versus managers, Jon Evans writes that the easiest way to find out which companies don't respect their engineers is to learn which companies simply don't understand them. "Engineers are treated as less-than-equal because we are often viewed as idiot savants. We may speak the magic language of machines, the thinking goes, but we aren't business people, so we aren't qualified to make the most important decisions. ... Whereas in fact any engineer worth her salt will tell you that she makes business decisions daily–albeit on the micro not macro level–because she has to in order to get the job done. Exactly how long should this database field be? And of what datatype? How and where should it be validated? How do we handle all of the edge cases? These are in fact business decisions, and we make them, because we're at the proverbial coal face, and it would take forever to run every single one of them by the product people and sometimes they wouldn't even understand the technical factors involved. ... It might have made some sense to treat them as separate-but-slightly-inferior when technology was not at the heart of almost every business, but not any more."

    371 comments | about 1 month ago

  • Where are the Flying Cars? (Video; Part Two of Two)

    Yesterday we ran Part One of this two-part video. This is part two. To recap yesterday's text introduction: Detroit recently hosted the North American Science Fiction Convention, drawing thousands of SF fans to see and hear a variety of talks on all sorts of topics. One of the biggest panels featured a discussion on perhaps the greatest technological disappointment of the past fifty years: Where are our d@%& flying cars? Panelists included author and database consultant Jonathan Stars, expert in Aeronautical Management and 20-year veteran of the Air Force Douglas Johnson, author and founder of the Artemis Project Ian Randal Strock, novelist Cindy A. Matthews, Fermilab physicist Bill Higgins, general manager of a nanotechnology company Dr. Charles Dezelah, and astrobiology expert Dr. Nicolle Zellner. As it turns out, the reality of situation is far less enticing than the dream -- but new technologies offer a glimmer of hope. (Alternate Video Link)

    66 comments | about a month ago

  • Fugitive Child Sex Abuser Caught By Face-Recognition Technology

    mrspoonsi sends this BBC report: "A U.S. juggler facing child sex abuse charges, who jumped bail 14 years ago, has been arrested in Nepal after the use of facial-recognition technology. Street performer Neil Stammer traveled to Nepal eight years ago using a fake passport under the name Kevin Hodges. New facial-recognition software matched his passport picture with a wanted poster the FBI released in January. Mr Stammer, who had owned a magic shop in New Mexico, has now been returned to the U.S. state to face trial. The Diplomatic Security Service, which protects U.S. embassies and checks the validity of U.S. visas and passports, had been using FBI wanted posters to test the facial-recognition software, designed to uncover passport fraud. The FBI has been developing its own facial-recognition database as part of the bureau's Next Generation Identification program."

    232 comments | about a month ago

  • Where are the Flying Cars? (Video; Part One of Two)

    Detroit recently hosted the North American Science Fiction Convention, drawing thousands of SF fans to see and hear a variety of talks on all sorts of topics. One of the biggest panels featured a discussion on perhaps the greatest technological disappointment of the past fifty years: Where are our d@%& flying cars? Panelists included author and database consultant Jonathan Stars, expert in Aeronautical Management and 20-year veteran of the Air Force Douglas Johnson, author and founder of the Artemis Project Ian Randal Strock, novelist Cindy A. Matthews, Fermilab physicist Bill Higgins, general manager of a nanotechnology company Dr. Charles Dezelah, and astrobiology expert Dr. Nicolle Zellner. This video and the one you'll see tomorrow show their lively discussion about the economic, social, and political barriers to development and adoption of affordable flying cars. (Alternate Video Link)

    107 comments | about a month ago

  • Oracle Database Redaction Trivial To Bypass, Says David Litchfield

    msm1267 (2804139) writes "Researcher David Litchfield is back at it again, dissecting Oracle software looking for critical bugs. At the Black Hat 2014 conference, Litchfield delivered research on a new data redaction service the company added in Oracle 12c. The service is designed to allow administrators to mask sensitive data, such as credit card numbers or health information, during certain operations. But when Litchfield took a close look he found a slew of trivially exploitable vulnerabilities that bypass the data redaction service and trick the system into returning data that should be masked."

    62 comments | about a month ago

  • Massive Russian Hack Has Researchers Scratching Their Heads

    itwbennett writes Some security researchers on Wednesday said it's still unclear just how serious Hold Security's discovery of a massive database of stolen credentials really is. "The only way we can know if this is a big deal is if we know what the information is and where it came from," said Chester Wisniewski, a senior security advisor at Sophos. "But I can't answer that because the people who disclosed this decided they want to make money off of this. There's no way for others to verify." Wisniewski was referring to an offer by Hold Security to notify website operators if they were affected, but only if they sign up for its breach notification service, which starts at $120 per year.

    102 comments | about a month ago

  • 40% Of People On Terror Watch List Have No Terrorist Ties

    Advocatus Diaboli (1627651) writes with the chilling, but not really surprising, news that the U.S. government is aware that many names in its terrorist suspect database are not linked to terrorism in any way. From the article: Nearly half of the people on the U.S. government's widely shared database of terrorist suspects are not connected to any known terrorist group, according to classified government documents obtained by The Intercept. Of the 680,000 people caught up in the government's Terrorist Screening Database — a watchlist of "known or suspected terrorists" that is shared with local law enforcement agencies, private contractors, and foreign governments — more than 40 percent are described by the government as having "no recognized terrorist group affiliation." That category — 280,000 people — dwarfs the number of watchlisted people suspected of ties to al Qaeda, Hamas, and Hezbollah combined.

    256 comments | about a month and a half ago

  • Mozilla Dumps Info of 76,000 Developers To Public Web Server

    wiredmikey writes Mozilla warned on Friday that it had mistakenly exposed information on almost 80,000 members of its Mozilla Developer Network (MDN) as a result of a botched data sanitization process. The discovery was made around June 22 by one of Mozilla's Web developers, Stormy Peters, Director of Developer Relations at Mozilla, said in a security advisory posted to the Mozilla Security Blog on Friday. "Starting on about June 23, for a period of 30 days, a data sanitization process of the Mozilla Developer Network (MDN) site database had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server," Peters wrote. According to Peters, the encrypted passwords were salted hashes and they by themselves cannot currently be used to authenticate with the MDN. However, Peters warned that MDN users may be at risk if they reused their original MDN passwords on other non-Mozilla websites or authentication systems.

    80 comments | about a month and a half ago

  • Passport Database Outage Leaves Thousands Stranded

    linuxwrangler (582055) writes Job interviews missed, work and wedding plans disrupted, children unable to fly home with their adoptive parents. All this disruption is due to a outage involving the passport and visa processing database at the U.S. State Department. The problems have been ongoing since July 19 and the best estimate for repair is "soon." The system "crashed shortly after maintenance."

    162 comments | about a month and a half ago

  • Ask Slashdot: When Is It Better To Modify the ERP vs. Interfacing It?

    New submitter yeshuawatso writes I work for one of the largest HVAC manufacturers in the world. We've currently spent millions of dollars investing in an ERP system from Oracle (via a third-party implementor and distributor) that handles most of our global operations, but it's been a great ordeal getting the thing to work for us across SBUs and even departments without having to constantly go back to the third-party, whom have their hands out asking for more money. What we've also discovered is that the ERP system is being used for inputting and retrieving data but not for managing the data. Managing the data is being handled by systems of spreadsheets and access databases wrought with macros to turn them into functional applications. I'm asking you wise and experienced readers on your take if it's a better idea to continue to hire our third-party to convert these applications into the ERP system or hire internal developers to convert these applications to more scalable and practical applications that interface with the ERP (via API of choice)? We have a ton of spare capacity in data centers that formerly housed mainframes and local servers that now mostly run local Exchange and domain servers. We've consolidated these data centers into our co-location in Atlanta but the old data centers are still running, just empty. We definitely have the space to run commodity servers for an OpenStack, Eucalyptus, or some other private/hybrid cloud solution, but would this be counter productive to the goal of standardizing processes. Our CIO wants to dump everything into the ERP (creating a single point of failure to me) but our accountants are having a tough time chewing the additional costs of re-doing every departmental application. What are your experiences with such implementations?

    209 comments | about a month and a half ago

  • Ask Slashdot: Is Running Mission-Critical Servers Without a Firewall Common?

    An anonymous reader writes: I do some contract work on the side, and am helping a client set up a new point-of-sale system. For the time being, it's pretty simple: selling products, keeping track of employee time, managing inventory and the like. However, it requires a small network because there are two clients, and one of the clients feeds off of a small SQL Express database from the first. During the setup, the vendor disabled the local firewall, and in a number of emails back and forth since (with me getting more and more aggravated) they went from suggesting that there's no need for a firewall, to outright telling me that's just how they do it and the contract dictates that's how we need to run it. This isn't a tremendous deal today, but with how things are going, odds are there will be e-Commerce worked into it, and probably credit card transactions... which worries the bejesus out of me.

    So my question to the Slashdot masses: is this common? In my admittedly limited networking experience, it's been drilled into my head fairly well that not running a firewall is lazy (if not simply negligent), and to open the appropriate ports and call it a day. However, I've seen forum posts here and there with people admitting they run their clients without firewalls, believing that the firewall on their incoming internet connection is good enough, and that their client security will pick up the pieces. I'm curious how many real professionals do this, or if the forum posts I'm seeing (along with the vendor in question) are just a bunch of clowns.

    348 comments | about a month and a half ago

  • Oracle Offers Custom Intel Chips and Unanticipated Costs

    jfruh (300774) writes "For some time, Intel has been offering custom-tweaked chips to big customers. While most of the companies that have taken them up on this offer, like Facebook and eBay, put the chips into servers meant for internal use, Oracle will now be selling systems running on custom Xeons directly to end users. Those customers need to be careful about how they configure those systems, though: in the new Oracle 12c, the in-memory database option, which costs $23,000 per processor, is turned on by default."

    97 comments | about 1 month ago

  • For Now, UK Online Pirates Will Get 4 Warnings -- And That's It

    New submitter Tmackiller writes with an excerpt from VG247.com: The British government has decriminalised online video game, music and movie piracy, scrapping fuller punishment plans after branding them unworkable. Starting in 2015, persistent file-sharers will be sent four warning letters explaining their actions are illegal, but if the notes are ignored no further action will be taken. The scheme, named the Voluntary Copyright Alert Programme (VCAP), is the result of years of talks between ISPs, British politicians and the movie and music industries. The UK's biggest providers – BT, TalkTalk, Virgin and Sky – have all signed up to VCAP, and smaller ISPs are expected to follow suit. VCAP replaces planned anti-piracy measures that included cutting users' internet connections and creating a database of file-sharers. Geoff Taylor, chief executive of music trade body the BPI, said VCAP was about "persuading the persuadable, such as parents who do not know what is going on with their net connection." He added: "VCAP is not about denying access to the internet. It's about changing attitudes and raising awareness so people can make the right choice." Officials will still work to close and stem funding to file-sharing sites, but the news appears to mean that the British authorities have abandoned legal enforcement of online media piracy. Figures recently published by Ofcom said that nearly a quarter of all UK downloads were of pirated content." Tmackiller wants to know "Will this result in more private lawsuits against file sharers by the companies involved?"

    143 comments | about 2 months ago

  • Activist Group Sues US Border Agency Over New, Vast Intelligence System

    An anonymous reader writes with news about one of the latest unanswered FOIA requests made to the Department of Homeland Security and the associated lawsuit the department's silence has brought. The Electronic Privacy Information Center (EPIC) has sued the United States Customs and Border Protection (CBP) in an attempt to compel the government agency to hand over documents relating to a relatively new comprehensive intelligence database of people and cargo crossing the US border. EPIC's lawsuit, which was filed last Friday, seeks a trove of documents concerning the 'Analytical Framework for Intelligence' (AFI) as part of a Freedom of Information Act (FOIA) request. EPIC's April 2014 FOIA request went unanswered after the 20 days that the law requires, and the group waited an additional 49 days before filing suit. The AFI, which was formally announced in June 2012 by the Department of Homeland Security (DHS), consists of "a single platform for research, analysis, and visualization of large amounts of data from disparate sources and maintaining the final analysis or products in a single, searchable location for later use as well as appropriate dissemination."

    83 comments | about 2 months ago

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>