By timothy from Slashdot's which-flavor-of-ice-cream? department
An anonymous reader writes "My eastern European tech-support job will be outsourced in 6 months to a nearby country. I do not wish to move, having relationship and roots here, and as such I stand at a crossroads. I could take my current hobby more seriously and focus on Java development. I have no degree, no professional experience in the field, and as such, I do not hold much market value for an employer. However, I find joy in the creative problem solving that programming provides. Seeing the cogs finally turn after hours invested gives me pleasures my mundane work could never do. The second option is Linux system administration with a specialization in VMware virtualisation. I have no certificates, but I have been around enterprise environments (with limited support of VMware) for 21 months now, so at the end of my contract with 27 months under my belt, I could convince a company to hire me based on willingness to learn and improve. All the literature is freely available, and I've been playing with VDIs in Debian already.
My situation is as follows: all living expenses except food, luxuries and entertainment is covered by the wage of my girlfriend. That would leave me in a situation where we would be financially alright, but not well off, if I were to earn significantly less than I do now. I am convinced that I would be able to make it in system administration, however, that is not my passion. I am at an age where children are not a concern, and risks seem to be, at first sight, easier to take. I would like to hear the opinion and experience of fellow readers who might have been in a similar situation."Read Replies (0)
By timothy from Slashdot's c'mon-fellas-lighten-up department
The Australian reports that "UN scientists are set to deliver their darkest report yet on the impacts of climate change
, pointing to a future stalked by floods, drought, conflict and economic damage if carbon emissions go untamed.
A draft of their report, seen by the news organisation AFP, is part of a massive overview by the Intergovernmental Panel on Climate Change, likely to shape policies and climate talks for years to come.
Scientists and government representatives will meet in Yokohama, Japan, from tomorrow to hammer out a 29-page summary. It will be unveiled with the full report on March 31.
'We have a lot clearer picture of impacts and their consequences ... including the implications for security,' said Chris Field of the US’s Carnegie Institution, who headed the probe.
The work comes six months after the first volume in the long-awaited Fifth Assessment Report declared scientists were more certain than ever that humans caused global warming. It predicted global temperatures would rise 0.3C-4.8C this century, adding to roughly 0.7C since the Industrial Revolution. Seas will creep up by 26cm-82cm by 2100. The draft warns costs will spiral with each additional degree, although it is hard to forecast by how much."Read Replies (0)
By timothy from Slashdot's why-not-an-enterprise-class-a-starship? department
:Hugh Pickens DOT Com (2995471)
writes "The NYT reports that US intelligence analysts studying satellite photos of Iranian military installations say that Iran is building a mock-up of an American nuclear-powered aircraft carrier with the same distinctive shape and style of the Navy's Nimitz-class carriers, as well as the Nimitz's number 68 neatly painted in white near the bow. Mock aircraft can be seen on the flight deck. The mock-up, which American officials described as more like a barge than a warship, has no nuclear propulsion system and is only about two-thirds the length of a typical 1,100-foot-long Navy carrier. Intelligence officials do not believe that Iran is capable of building an actual aircraft carrier. "Based on our observations, this is not a functioning aircraft carrier; it's a large barge built to look like an aircraft carrier," says Cmdr. Jason Salata. "We're not sure what Iran hopes to gain by building this. If it is a big propaganda piece, to what end?" Navy intelligence analysts surmise that the vessel, which Fifth Fleet wags have nicknamed the Target Barge, is something that Iran could tow to sea, anchor and blow up — while filming the whole thing to make a propaganda point, if, say, the talks with the Western powers over Iran's nuclear program go south. "It is not surprising that Iranian military forces might use a variety of tactics — including military deception tactics — to strategically communicate and possibly demonstrate their resolve in the region," said an American official who has closely followed the construction of the mock-up. The story has set off chatter about how weird and dumb Iran is for building this giant toy boat but according to Marcy Wheeler if you compare Iran's barge with America's troubled F-35 program you end up with an even bigger propaganda prop. "I'm not all that sure what distinguishes the F-35 except the cost: Surely Iran hasn't spent the equivalent of a trillion dollars — which is what we'll spend on the F-35 when it's all said and done — to build its fake boat," writes Wheeler. "So which country is crazier: Iran, for building a fake boat, or the US for funding a never-ending jet program?""Read Replies (0)
By timothy from Slashdot's from-the-minds-at-huawei department
An anonymous reader writes with this news from MIT's Technology Review: "Like other federal agencies, the NSA is compelled by law to try to commercialize its R&D
. It employs patent attorneys and has a marketing department that is now trying to license inventions
... The agency claims more than 170 patents ... But the NSA has faced severe challenges trying to keep up with rapidly changing technology. ... Most recently, the NSA's revamp included a sweeping effort to dismantle ... 'stovepipes,' and switch to flexible cloud computing ... in 2008, NSA brass ordered the agency's computer and information sciences research organization to create a version of the system Google uses to store its index of the Web and the raw images of Google Earth. That team was led by Adam Fuchs, now Sqrrl's
chief technology officer. Its twist on big data was to add 'cell-level security,' a way of requiring a passcode for each data point ... that's how software (like the infamous PRISM application) knows what can be shown only to people with top-secret clearance. Similar features could control access to data about U.S. citizens. 'A lot of the technology we put [in] is to protect rights," says Fuchs. Like other big-data projects, the NSA team's system, called Accumulo
, was built on top of open-source code because "you don't want to have to replicate everything yourself," ... In 2011, the NSA released 200,000 lines of code to the Apache Foundation. When Atlas Venture's Lynch read about that, he jumped—here was a technology already developed, proven to work on tens of terabytes of data, and with security features sorely needed by heavily regulated health-care and banking customers.'"Read Replies (0)
By timothy from Slashdot's that's-beeeeeellion department
writes "The first deep look into the security of the Android patch installation process, specifically its Package Management Service (PMS), has revealed a weakness that puts potentially every Android device at risk for privilege escalation attacks. Researchers from Indiana University and Microsoft published a paper that describes a new set of Android vulnerabilities they call Pileup flaws, and also introduces a new scanner called SecUP that detects malicious apps already on a device lying in wait for elevated privileges. The vulnerability occurs in the way PMS handles updates to the myriad flavors of Android in circulation today. The researchers say PMS improperly vets apps on lower versions of Android that request OS or app privileges that may not exist on the older Android version, but are granted automatically once the system is updated.
The researchers said they found a half-dozen different Pileup flaws within Android's Package Management Service, and confirmed those vulnerabilities are present in all Android Open Source Project versions and more than 3,500 customized versions of Android developed by handset makers and carriers; more than one billion Android devices are likely impacted, they said."
Handily enough, the original paper
paywalled.Read Replies (0)
By timothy from Slashdot's learned-it-from-watching-the-nsa department
After the recent Windows 8 leak
by recently arrrested
then-Microsoft employee Alex Kibkalo, Microsoft has tweaked its privacy policies, but also defended reading the email
of the French blogger to whom Kibkalo sent the software."The blogger in question, who remains unidentified, happened to use Hotmail—the investigation began in 2012 before Hotmail's Outlook.com transition—as his primary email account. So as part of its investigation, Microsoft peeked into the blogger's email account to read that person's correspondence with Kibkalo. ... Microsoft says it was justified in searching the blogger's email account, because it had probable cause to believe Kibkalo was funneling trade secrets to the blogger.The company also pointed out that even with its justification for searching the account, it would have been impossible to gain a court order."
"The legal system wouldn't have let us" seems a strange argument to defend any act of snooping.Read Replies (0)
By timothy from Slashdot's who-you-say-you-are department
writes "In recent months fake PGP keys have been found for at least two developers on well known crypto projects: Erinn Clark, a Tor developer and Gavin Andresen, the maintainer of Bitcoin. In both cases, these PGP keys are used to sign the downloads for popular pieces of crypto software. PGP keys are supposed to be verified through the web of trust, but in practice it's very hard to find a trust path between two strangers on the internet: one reply to Erinn's mail stated that despite there being 30 signatures [attached to] her key, [the respondent] couldn't find any trust paths to her. It's also very unclear whether anyone would notice a key substitution attack like this. This leaves three questions: who is doing this, why, and what can be done about it? An obvious candidate would be intelligence agencies, who may be trying to serve certain people with backdoored binaries via their QUANTUMTHEORY man-in-the-middle system. As to what can be done about it, switching from PGP to X.509 code signing would be an obvious candidate. Both Mac and Windows support it, obtaining a forged certificate is much harder than simply uploading a fake PGP key, and whilst X.509 certs can be issued in secret until Google's Certificate Transparency system is fully deployed, finding one would be strong evidence that an issuing CA had been compromised: something that seems plausible but for which we currently lack any evidence. Additionally, bad certificates can be revoked when found whereas beyond making blog posts, not much can be done about the fake PGP keys."Read Replies (0)