Ask Slashdot: Application Security Non-existent, Boss Doesn't Care. What To Do?
An anonymous reader writes
"I am a senior engineer and software architect at a fortune 500 company and manage a brand (website + mobile apps) that is a household name for anyone with kids. This year we migrated to a new technology platform including server hosting and application framework. I was brought in towards the end of the migration and overall it's been a smooth transition from the users' perspective. However it's a security nightmare for sysadmins (which is all outsourced) and a ripe target for any hacker with minimal skills. We do weekly and oftentimes daily releases that contain and build upon the same security vulnerabilities. Frequently I do not have control over the code that is deployed; it's simply given to my team by the marketing department. I inform my direct manager and colleagues about security issues before they are deployed and the response is always, 'we need to meet deadlines, we can fix security issues at a later point.' I'm at a loss at what I should do. Should I go over my manager's head and inform her boss? Approach legal and tell them about our many violations of COPPA? Should I refuse to deploy code until these issues are fixed? Should I look for a new job? What would you do in my situation?"
Retail Radeon R9 290X Graphics Cards Slower Than AMD's Press Samples
"AMD's recently introduced Radeon R9 290X is one of the fastest graphics cards around. However, the cards sent to reviewers differ somewhat from the retail units available for purchase. The press samples run at higher clock speeds and deliver better performance as a result. There's some variance in clock speeds between different press and retail cards, too. Part of the problem appears to be AMD's PowerTune mechanism, which dynamically adjusts GPU frequencies in response to temperature and power limits. AMD doesn't guarantee a base clock speed, saying only that the 290X runs at 'up to 1GHz.' Real-world clock speeds are a fair bit lower than that, and the retail cards suffer more than the press samples. Cooling seems to be a contributing factor. AMD issued a driver update that raises fan speeds, and that helps the performance of some retail cards. Retail units remain slower than the cards seeded to the press, though. Flashing retail cards with the press firmware raises clock speeds slightly, but it doesn't entirely close the gap, either. AMD hasn't explained why the retail cards are slower than expected, and it's possible the company cherry-picked the samples sent to the press. At the very least, it's clear that the 290X exhibits more card-to-card variance than we're used to seeing in a PC graphics product."
Fearing Government Surveillance, US Journalists Are Self-Censoring
"Suzanne Nossel, writing for CNN, reports that 'a survey of American writers done in October revealed that nearly one in four has self-censored for fear of government surveillance. They fessed up to curbing their research, not accepting certain assignments, even not discussing certain topics on the phone or via e-mail for fear of being targeted. The subjects they are avoiding are no surprise — mostly matters to do with the Middle East, the military and terrorism.' Yet ordinary Americans, for the most part, seem not to care: 'Surveillance so intrusive it is putting certain subjects out of bounds would seem like cause for alarm in a country that prides itself as the world's most free. Americans have long protested the persecution and constraints on journalists and writers living under repressive regimes abroad, yet many seem ready to accept these new encroachments on their freedom at home.'"
EV Owner Arrested Over 5 Cents Worth of Electricity From School's Outlet
"It seems you can be arrested in Georgia for drawing 5 cents of electricity from a school's outdoor receptacle. Kaveh Kamooneh was charged with theft for plugging his Nissan Leaf into a Chamblee Middle School 110V outlet; the same outlet one could use to charge a laptop or cellphone. The Leaf draws 1KW/hour while charging which works out to under $0.10 of electricity per hour. Mr Kamooneh charged his Leaf for less than 30 minutes, which works out to about a nickel. Sgt. Ernesto Ford, the arresting officer, pointed out, 'theft is a theft,' which was his argument for arresting Mr. Kamooneh. Considering the cost of the infraction, it does not seem a reasonable decision when considering how much this will cost the state in legal funds. Does this mean anyone charging a laptop or cell phone will be charged with theft as well?"
NASA Will Send Seeds to the Moon In 2015
Hugh Pickens DOT Com writes
"The Telegraph reports that NASA plans to send turnip, cress, and basil seeds to the Moon inside a specially constructed canister, known as the Lunar Plant Growth Chamber. The chamber will carry enough air for 10 days and NASA says the air in the chamber would be adequate to allow the seeds to sprout and grow for five days. It is hoped that the latest experiment will help to pave the way for astronauts to grow their own food while living on a lunar base. NASA says it will use natural sunlight to germinate the plants inside the chamber and the seeds will grow on pieces of filter paper laden with nutrients. 'If we send plants and they thrive, then we probably can. Thriving plants are needed for life support — food, air, water — for colonists. And plants provide psychological comfort, as the popularity of the greenhouses in Antarctica and on the Space Station show.' The Lunar Plant Growth Chamber is expected to weigh around 2.2lbs and will also carry 10 seeds each of basil and turnips. Upon landing on the Moon a trigger would release a small reservoir of water to wet the filter paper and initiate the germination of the seeds. Photographs of the seedlings would be taken at regular intervals to monitor their progress and compare them to seedlings being growing in similar conditions on Earth."
For First Three Years, Consumer Hard Drives As Reliable As Enterprise Drives
"Consumer hard drives don't fail any more often than enterprise-grade hardware — despite the price difference. That's according to online storage firm Backblaze, which uses a mix of both types of drive. It studied its own hardware, finding consumer hard-drives had a failure rate of 4.2%, while enterprise-grade drives failed at a rate of 4.6%. CEO Gleb Budman noted: 'It turns out that the consumer drive failure rate does go up after three years, but all three of the first three years are pretty good,' he notes. 'We have no data on enterprise drives older than two years, so we don't know if they will also have an increase in failure rate. It could be that the vaunted reliability of enterprise drives kicks in after two years, but because we haven't seen any of that reliability in the first two years, I'm skeptical.'"
Valve Joins the Linux Foundation
probain sent in this excerpt from Engadget
"In case Valve's multi-tiered investment in Linux gaming weren't clear enough from SteamOS, the Steam Controller, and Steam Machines, the company's also joining the ranks of The Linux Foundation membership. Valve Linux head Mike Sartain calls the news, 'one of the many ways Valve is investing in the advancement of Linux gaming;' he sees the move as yet another step for Valve toward its bigger goal of popularizing accessible Linux-based gaming." Cloudius Systems and the HSA Foundation also joined the Linux Foundation today.
Hotfile Settles With MPAA, Drops Countersuit Against Warner Bros
After winning the right to use the term perjury in regards to Warner Bros abuse of the DMCA takedown procedure, and successfully
blocking the MPAA from using the term "piracy" at their trial, Hotfile
settled out of court with the MPAA today (mere days before the trial was scheduled to begin). As part of the deal, they are dropping their
countersuit against Warner Bros, paying $80 million, and
halting all operations immediately. The Hotfile website has been
replaced by an MPAA message. From Torrent Freak:
"The settlement deal was rubber stamped by the U.S. District Court for the Southern District of Florida, ... The MPAA is happy with the outcome which it says will help to protect the rights of copyright holders on the Internet. 'This judgment by the court is another important step toward protecting an Internet that works for everyone,' MPAA boss Chris Dodd says."
Andy Rubin Is Heading a Secret Robotics Project At Google
"The creator of the most sought after 'Android' of the world has been secretly working on creating a robotics division within Google. The search engine giant has acquired over seven robotics companies recently to create the robotics unit which is being headed by none other than Andy Rubin himself. Andy made the disclosure in an interview given to the New York Times." Their initial goal is to automate the woefully manual process of electronics manufacturing.
Anonymous Member Sentenced For Joining DDoS Attack For One Minute
"One of the most potent aspects of Anonymous is, well, its anonymity — but that isn't absolute. Eric Rosol was caught by federal authorities participating in a DDoS attack on a company owned by Koch Industry; for knocking a website offline for 15 minutes, Rosol got two years of probation and had to pay $183,000 in restitution (the amount Koch paid to a security consultant to protect its website ater the attack)." The worst part? From the article: "Eric J. Rosol, 38, is said to have admitted that on Feb. 28, 2011, he took part in a denial of service attack
for about a minute on a Web page of Koch Industries..."
Yota Phone Launches With Secondary E-Ink Display
"Called the YotaPhone, the device pairs a traditional LCD color touch-screen on one side with a black-and-white, electronic-paper display on the other, allowing users to continuously view data in real time without having to constantly wake up their phones and drain their batteries. General interaction will be done through the LCD screen, but the e-paper display allows an image to be displayed at all times — from maps, airline boarding passes and family photos to Twitter messages and emails — but only uses power when the picture changes. BBC News interviewed the company's leader, Vlad Martynov, for a hands-on demonstration."
App Detects Neo-Nazis Using Their Music
"German newspaper Der Spiegel reported that the country's interior ministers will meet this week to discuss use of an app developed by local police in Saxony that has attracted the unofficial name of 'Nazi Shazam.' Just like Shazam works out what song you're hearing from just a few bars, the system picks up audio fingerprints of neo-Nazi rock so police can intervene when it's being played. The whole situation sounds pretty insane to an outsider, but apparently far-right music is a big problem in Germany, where it's considered a 'gateway drug' into the neo-Nazi scene. The Guardian reported that in 2004, far-right groups even tried to recruit young members by handing out CD compilations in schools. That sort of action is illegal in Germany, where neo-Nazi groups are outlawed and the Federal Review Board for Media Harmful to Minors is tasked with examining and indexing media — including films, games, music, and websites — that may be harmful to young people."
Death to the Trapezoid... Next USB Connector Will Be Reversible
"Extreme bandwidth is nice, intelligent power management is cool... but folks should be spilling into the streets in thankful praise that the next generation miniature USB connector will fit either way. All told — just how many intricate miracle devices have been scrapped in their prime — because a tiny USB port was mangled? For millennia untold chimpanzees and people have been poking termite mounds with round sticks. I for one am glad to see round stick technology make its way into consumer electronics. Death to the trapezoid, bring back the rectangle! So... since we're on roll here... how many other tiny annoyances that lead to big fails are out there?" The new connector will be smaller too.
The Desktop Is Dead, Long Live the Desktop!
"'The desktop or laptop is now in decline,' writes John Sall, 'squeezed from one side by mobile platforms and from the other side by the cloud. As a developer of desktop software [by choice not necessity], I believe it is time to address the challenges to our viability. Is software for the desktop PC now the living dead, or zombieware.' While conceding there's some truth to truisms about the death of the desktop, Sall believes there's still life in the old desktop dog, 'We live in a world of computing where dreams come true,' Sall concludes. 'The mainframe bows to the minicomputer. The minicomputer bows to the personal computer. The personal computer bows to the tablet and smart phone. It seems as if these will soon bow to the smart watch or smart glasses. But at each step along the way, some applications find their best home – and other applications as well as new applications find the more convenient and smaller home better...So let's keep our desktops and laptops, our PCs and Macs. They are amazingly good at what they do.'"
Ask Slashdot: How Do I Convince Management To Hire More IT Staff?
An anonymous reader writes
"I work at a manufacturing company. We have roughly 150 employees, 130 desktops, 8 physical servers, 20 virtual servers + a commercial SAN. We're a Windows shop with Exchange 2013. That's the first part. The second part is we have an ERP system that controls every aspect of our business processes. It has over 100 customizations (VB, but transitioning over to C#). We also have 20 or so custom-made support applications that integrate with the ERP to provide a more streamlined interface to the factory workers in some cases, and in other cases to provide a functionality that is not present in the ERP at all. Our IT department consists of: 1 Network Administrator (me), 4 Programmers (one of which is also the IT Manager). I finally convinced our immediate boss that we need another network support person to back me up (but he must now convince the CEO who thinks we have a large IT department already). I would like them to also hire dedicated help desk people. As it stands, we all share help desk duties, but that leads to projects being seriously delayed or put on hold while we work on more mundane problems. It also leads to a good amount of stress, as I can't really create the solid infrastructure I want us to have, and the developers are always getting pressure from other departments for projects they don't have the manpower to even start. I'm not really sure how to convince them we need more people. I need something rather concrete, but there are widely varying ratios of IT/user ratios in different companies, and I'm sure their research turned up with some generic rule of thumb that leads them to believe we have too many already. What can we do?"