Forgot your password?
typodupeerror

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

Networking

Ask Slashdot: Is Running Mission-Critical Servers Without a Firewall Common? 9

Posted by Soulskill
from the common-enough-to-make-you-sad dept.
An anonymous reader writes: I do some contract work on the side, and am helping a client set up a new point-of-sale system. For the time being, it's pretty simple: selling products, keeping track of employee time, managing inventory and the like. However, it requires a small network because there are two clients, and one of the clients feeds off of a small SQL Express database from the first. During the setup, the vendor disabled the local firewall, and in a number of emails back and forth since (with me getting more and more aggravated) they went from suggesting that there's no need for a firewall, to outright telling me that's just how they do it and the contract dictates that's how we need to run it. This isn't a tremendous deal today, but with how things are going, odds are there will be e-Commerce worked into it, and probably credit card transactions... which worries the bejesus out of me.

So my question to the Slashdot masses: is this common? In my admittedly limited networking experience, it's been drilled into my head fairly well that not running a firewall is lazy (if not simply negligent), and to open the appropriate ports and call it a day. However, I've seen forum posts here and there with people admitting they run their clients without firewalls, believing that the firewall on their incoming internet connection is good enough, and that their client security will pick up the pieces. I'm curious how many real professionals do this, or if the forum posts I'm seeing (along with the vendor in question) are just a bunch of clowns.
Space

The Milky Way Is Much Less Massive Than Previous Thought 17

Posted by Soulskill
from the galactic-atkins dept.
schwit1 writes: New research by astronomers suggests that the Milky Way is about half as massive as previously estimated. It was thought to be roughly the same mass as Andromeda, weighing in at approximately 1.26 x 10^12 solar masses (PDF). This new research indicates its mass is around half the mass of Andromeda. "Galaxies in the Local Group are bound together by their collective gravity. As a result, while most galaxies, including those on the outskirts of the Local Group, are moving farther apart due to expansion, the galaxies in the Local Group are moving closer together because of gravity. For the first time, researchers were able to combine the available information about gravity and expansion to complete precise calculations of the masses of both the Milky Way and Andromeda. ... Andromeda had twice as much mass as the Milky Way, and in both galaxies 90 percent of the mass was made up of dark matter."
Wikipedia

An Accidental Wikipedia Hoax 36

Posted by Soulskill
from the isaac-newton-invented-the-apple dept.
Andreas Kolbe writes: The Daily Dot's EJ Dickson reports how she accidentally discovered that a hoax factoid she added over five years ago as a stoned sophomore to the Wikipedia article on "Amelia Bedelia, the protagonist of the eponymous children's book series about a 'literal-minded housekeeper' who misunderstands her employer's orders," had not just remained on Wikipedia all this time, but come to be cited by a Taiwanese English professor, in "innumerable blog posts and book reports", as well as a book on Jews and Jesus. It's a cautionary tale about the fundamental unreliability of Wikipedia. And as Wikipedia ages, more and more such stories are coming to light.
The Military

Nuclear Missile Command Drops Grades From Tests To Discourage Cheating 49

Posted by Soulskill
from the D-for-darn-good dept.
An anonymous reader writes: Earlier this year, just over half of the military officers put in charge of U.S. nuclear launch facilities were implicated in an exam cheating scandal. The Air Force conducted regular exams to keep officers current on the protocols and skills required to operate some of the world's most dangerous weapons. But the way they graded the test caused problems. Anything below a 90% score was a fail, but the remaining 10% often dictated how a launch officer's career progressed. There might not be much functional difference between a 93% and a 95%, but the person scoring higher will get promoted disproportionately quicker. This inspired a ring of officers to cheat in order to meet the unrealistic expectations of the Air Force. Now, in an effort to clean up that Missile Wing, the Air Force is making the exams pass/fail. The officers still need to score 90% or higher (since it's important work with severe consequences for failure), but scores won't be recorded and used to compete for promotions anymore. The Air Force is also making an effort to replace or refurbish the aging equipment that runs these facilities.
The Courts

Ford, GM Sued Over Vehicles' Ability To Rip CD Music To Hard Drive 155

Posted by Soulskill
from the i-buy-a-car-every-time-i-want-to-steal-some-music dept.
Lucas123 writes: The Alliance of Artists and Recording Companies is suing Ford and General Motors for millions of dollars over alleged copyrights infringement violations because their vehicles' CD players can rip music to infotainment center hard drives. The AARC claims in its filing (PDF) that the CD player's ability to copy music violates the Audio Home Recording Act of 1992. The Act protects against distributing digital audio recording devices whose primary purpose is to rip copyrighted material. For example, Ford's owner's manual explains, "Your mobile media navigation system has a Jukebox which allows you to save desired tracks or CDs to the hard drive for later access. The hard drive can store up to 10GB (164 hours; approximately 2,472 tracks) of music." The AARC wants $2,500 for each digital audio recording device installed in a vehicle, the amount it says should have been paid in royalties.
Businesses

Comcast Confessions 125

Posted by Soulskill
from the beancounters-shouldn't-run-the-show dept.
An anonymous reader writes: We heard a couple weeks ago about an incredibly pushy Comcast customer service representative who turned a quick cancellation into an ordeal you wouldn't wish on your enemies. To try and find out what could cause such behavior, The Verge reached out to Comcast employees, hoping a few of them would explain training practices and management directives. They got more than they bargained for — over 100 employees responded, and they painted a picture of a corporation overrun by the neverending quest for greater profit. From the article: 'These employees told us the same stories over and over again: customer service has been replaced by an obsession with sales, technicians are understaffed and tech support is poorly trained, and the massive company is hobbled by internal fragmentation. ... Brian Van Horn, a billing specialist who worked at Comcast for 10 years, says the sales pitch gradually got more aggressive. "They were starting off with, 'just ask," he says. "Then instead of 'just ask,' it was 'just ask again,' then 'engage the customer in a conversation,' then 'overcome their objections.'" He was even pressured to pitch new services to a customer who was 55 days late on her bill, he says.'
Education

Reglue: Opening Up the World To Deserving Kids With Linux Computers 63

Posted by Soulskill
from the never-too-early-for-your-first-tux dept.
jrepin writes: Today, a child without access to a computer (and the Internet) at home is at a disadvantage before he or she ever sets foot in a classroom. The unfortunate reality is that in an age where computer skills are no longer optional, far too many families don't possess the resources to have a computer at home. Linux Journal recently had the opportunity to talk with Ken Starks about his organization, Reglue (Recycled Electronics and Gnu/Linux Used for Education) and its efforts to bridge this digital divide.
Communications

Airbnb Partners With Cities For Disaster Preparedness 38

Posted by Soulskill
from the going-wrong-the-right-way dept.
An anonymous reader writes: Every time a city- or state-wide disaster strikes, services to help the victims slowly crop up over the following days and weeks. Sometimes they work well, sometimes they don't. Today, city officials in San Francisco and Portland announced a partnership with peer-to-peer lodging service Airbnb to work out some disaster-preparedness plans ahead of time. Airbnb will locate hosts in these cities who will commit to providing a place to stay for people who are displaced in a disaster, and then set up alerts and notifications to help people find these hosts during a crisis. The idea is that if wildfires or an earthquake forces thousands of people to evacuate their homes, they can easily be absorbed into an organized, distributed group of willing hosts, rather than being shunted to one area and forced to live in a school gymnasium or something similar.
The Military

Hackers Plundered Israeli Defense Firms That Built 'Iron Dome' Missile Defense 133

Posted by Soulskill
from the intercepting-missiles-is-easier-than-learning-not-to-click-on-attachments dept.
An anonymous reader writes: Brian Krebs reports on information from Columbia, Md.-based threat intelligence firm Cyber Engineering Services Inc. that attackers thought to be operating out of China hacked into the corporate networks of three top Israeli defense technology companies. The attackers were seeking technical documents related to Iron Dome, Israel's air defense system. "IAI was initially breached on April 16, 2012 by a series of specially crafted email phishing attacks. ... Once inside the IAI’s network, [the attackers] spent the next four months in 2012 using their access to install various tools and trojan horse programs on systems throughout company’s network and expanding their access to sensitive files, CyberESI said. The actors compromised privileged credentials, dumped password hashes, and gathered system, file, and network information for several systems. The actors also successfully used tools to dump Active Directory data from domain controllers on at least two different domains on the IAI’s network. All told, CyberESI was able to identify and acquire more than 700 files — totaling 762 MB total size — that were exfiltrated from IAI’s network during the compromise. The security firm said most of the data acquired was intellectual property and likely represented only a small portion of the entire data loss by IAI." Most of the stolen material pertained to Arrow III missiles, UAVs, and ballistic rockets.
Mars

Opportunity Rover Sets Off-World Driving Record 35

Posted by Soulskill
from the rollin'-rollin'-rollin' dept.
schwit1 writes: "With a drive of 157 feet on Sunday, the Mars rover Opportunity broke the Soviet record, set by Lunokhod 2 in 1973, for the longest distance traveled by a vehicle on another planet. "If the rover can continue to operate the distance of a marathon — 26.2 miles (about 42.2 kilometers) — it will approach the next major investigation site mission scientists have dubbed "Marathon Valley." Observations from spacecraft orbiting Mars suggest several clay minerals are exposed close together at this valley site, surrounded by steep slopes where the relationships among different layers may be evident. The Russian Lunokhod 2 rover, a successor to the first Lunokhod mission in 1970, landed on Earth's moon on Jan. 15, 1973, where it drove about 24.2 miles (39 kilometers) in less than five months, according to calculations recently made using images from NASA's Lunar Reconnaissance Orbiter (LRO) cameras that reveal Lunokhod 2's tracks."
Transportation

University of Michigan Solar Car Wins Fifth Straight National Title 21

Posted by Soulskill
from the hail-to-the-victors dept.
An anonymous reader writes For the fifth consecutive year, the solar car team from the University of Michigan has won the American Solar Car Challenge. The event is an eight-day, 1,700-mile race with a total of 23 participating teams. The Umich victory comes in spite of a 20-30 minute delay when they had problems with the motor at the very beginning of the race. "They made the time up when team strategists decided to push the car to the speed limit while the sun was shining bright, rather than hold back to conserve energy." Footage of the race and daily updates on the car's performance are available from the team's website, as are the specs of the car itself. Notably, the current iteration of the car weighs only 320 pounds, a full 200 pounds lighter than the previous version.
Lord of the Rings

The Hobbit: the Battle of Five Armies Trailer Released 110

Posted by Soulskill
from the defining-chapter-in-a-very-literal-sense dept.
An anonymous reader writes: The first teaser trailer for the final installment of the Middle Earth saga, The Hobbit: The Battle of Five Armies, debuted at Comic-Con, and now Warner Bros have made it available online. While the trailer contains some nice shots on a visual level, very much in keeping with the Lord of the Rings trilogy, about 80% of the trailer's awesomeness is provided by the background music. Pippin's mournful song from Return of the King plays intercut with the doomed mission that Faramir leads on his father Denethor's orders.
Android

Old Apache Code At Root of Android FakeID Mess 113

Posted by Soulskill
from the write-once-run-anywhere dept.
chicksdaddy writes: A four-year-old vulnerability in an open source component that is a critical part of Android leaves hundreds of millions of mobile devices susceptible to silent malware infections. The vulnerability affects devices running Android versions 2.1 to 4.4 ("KitKat"), according to a statement released by Bluebox. The vulnerability was found in a package installer in affected versions of Android. The installer doesn't attempt to determine the authenticity of certificate chains that are used to vouch for new digital identity certificates. In short, Bluebox writes, "an identity can claim to be issued by another identity, and the Android cryptographic code will not verify the claim."

The security implications of this are vast. Malicious actors could create a malicious mobile application with a digital identity certificate that claims to be issued by Adobe Systems. Once installed, vulnerable versions of Android will treat the application as if it was actually signed by Adobe and give it access to local resources, like the special webview plugin privilege, that can be used to sidestep security controls and virtual 'sandbox' environments that keep malicious programs from accessing sensitive data and other applications running on the Android device. The flaw appears to have been introduced to Android through an open source component, Apache Harmony. Google turned to Harmony as an alternative means of supporting Java in the absence of a deal with Oracle to license Java directly.

Work on Harmony was discontinued in November, 2011. However, Google has continued using native Android libraries that are based on Harmony code. The vulnerability concerning certificate validation in the package installer module persisted even as the two codebases diverged.
The Almighty Buck

35% of American Adults Have Debt 'In Collections' 400

Posted by Soulskill
from the all-the-cool-kids-are-doing-it dept.
New submitter meeotch writes: According to a new study by the Urban Institute, 35% of U.S. adults with a credit history (91% of the adult population of the U.S.) have debt "in collections" — a status generally not acquired until payments are at least 180 days past due. Debt problems seem to be worse in the South, with states hovering in the 40%+ range, while the Northeast has it better, at less than 30%. The study's authors claim their findings actually underrepresent low-income consumers, because "adults without a credit file are more likely to be financially disadvantaged."

Oddly, only 5% of adults have debt 30-180 days past due. This latter fact is partially accounted for by the fact that a broader range of debt can enter "in collections" status than "past due" status (e.g. parking tickets)... But also perhaps demonstrates that as one falls far enough along the debt spiral, escape becomes impossible. Particularly in the case of high-interest debt such as credit cards — the issuers of which cluster in states such as South Dakota, following a 1978 Supreme Court ruling that found that states' usury laws did not apply to banks headquartered in other states.

Even taking into account the folks who lost a parking ticket under their passenger seat, 35% is a pretty shocking number. Anyone have other theories why this number is so much higher than the 5% of people who are just "late"? How about some napkin math on the debt spiral?
Businesses

EA Tests Subscription Access To Game Catalog 51

Posted by Soulskill
from the in-case-you-wanted-to-subscribe-to-yet-another-service dept.
An anonymous reader writes: Electronic Arts has announced a new program called "EA Access," a subscription-based service that will grant Xbox One users access to a small catalog of EA's popular games, as well as early trials of upcoming games. They're beta testing the service now, and the available games are FIFA 14, Madden NFL 25, Peggle 2, and Battlefield 4. (More titles will be added later.) They're charging $5 per month or $30 per year. It probably won't ever include their newest releases, but it's interesting to see such a major publisher experimenting with a Netflix-style subscription service.

"Just think of a computer as hardware you can program." -- Nigel de la Tierre

Working...