By timothy from Slashdot's c'mon-fellas-lighten-up department
The Australian reports that "UN scientists are set to deliver their darkest report yet on the impacts of climate change
, pointing to a future stalked by floods, drought, conflict and economic damage if carbon emissions go untamed.
A draft of their report, seen by the news organisation AFP, is part of a massive overview by the Intergovernmental Panel on Climate Change, likely to shape policies and climate talks for years to come.
Scientists and government representatives will meet in Yokohama, Japan, from tomorrow to hammer out a 29-page summary. It will be unveiled with the full report on March 31.
'We have a lot clearer picture of impacts and their consequences ... including the implications for security,' said Chris Field of the US’s Carnegie Institution, who headed the probe.
The work comes six months after the first volume in the long-awaited Fifth Assessment Report declared scientists were more certain than ever that humans caused global warming. It predicted global temperatures would rise 0.3C-4.8C this century, adding to roughly 0.7C since the Industrial Revolution. Seas will creep up by 26cm-82cm by 2100. The draft warns costs will spiral with each additional degree, although it is hard to forecast by how much."Read Replies (0)
By timothy from Slashdot's why-not-an-enterprise-class-a-starship? department
:Hugh Pickens DOT Com (2995471)
writes "The NYT reports that US intelligence analysts studying satellite photos of Iranian military installations say that Iran is building a mock-up of an American nuclear-powered aircraft carrier with the same distinctive shape and style of the Navy's Nimitz-class carriers, as well as the Nimitz's number 68 neatly painted in white near the bow. Mock aircraft can be seen on the flight deck. The mock-up, which American officials described as more like a barge than a warship, has no nuclear propulsion system and is only about two-thirds the length of a typical 1,100-foot-long Navy carrier. Intelligence officials do not believe that Iran is capable of building an actual aircraft carrier. "Based on our observations, this is not a functioning aircraft carrier; it's a large barge built to look like an aircraft carrier," says Cmdr. Jason Salata. "We're not sure what Iran hopes to gain by building this. If it is a big propaganda piece, to what end?" Navy intelligence analysts surmise that the vessel, which Fifth Fleet wags have nicknamed the Target Barge, is something that Iran could tow to sea, anchor and blow up — while filming the whole thing to make a propaganda point, if, say, the talks with the Western powers over Iran's nuclear program go south. "It is not surprising that Iranian military forces might use a variety of tactics — including military deception tactics — to strategically communicate and possibly demonstrate their resolve in the region," said an American official who has closely followed the construction of the mock-up. The story has set off chatter about how weird and dumb Iran is for building this giant toy boat but according to Marcy Wheeler if you compare Iran's barge with America's troubled F-35 program you end up with an even bigger propaganda prop. "I'm not all that sure what distinguishes the F-35 except the cost: Surely Iran hasn't spent the equivalent of a trillion dollars — which is what we'll spend on the F-35 when it's all said and done — to build its fake boat," writes Wheeler. "So which country is crazier: Iran, for building a fake boat, or the US for funding a never-ending jet program?""Read Replies (0)
By timothy from Slashdot's from-the-minds-at-huawei department
An anonymous reader writes with this news from MIT's Technology Review: "Like other federal agencies, the NSA is compelled by law to try to commercialize its R&D
. It employs patent attorneys and has a marketing department that is now trying to license inventions
... The agency claims more than 170 patents ... But the NSA has faced severe challenges trying to keep up with rapidly changing technology. ... Most recently, the NSA's revamp included a sweeping effort to dismantle ... 'stovepipes,' and switch to flexible cloud computing ... in 2008, NSA brass ordered the agency's computer and information sciences research organization to create a version of the system Google uses to store its index of the Web and the raw images of Google Earth. That team was led by Adam Fuchs, now Sqrrl's
chief technology officer. Its twist on big data was to add 'cell-level security,' a way of requiring a passcode for each data point ... that's how software (like the infamous PRISM application) knows what can be shown only to people with top-secret clearance. Similar features could control access to data about U.S. citizens. 'A lot of the technology we put [in] is to protect rights," says Fuchs. Like other big-data projects, the NSA team's system, called Accumulo
, was built on top of open-source code because "you don't want to have to replicate everything yourself," ... In 2011, the NSA released 200,000 lines of code to the Apache Foundation. When Atlas Venture's Lynch read about that, he jumped—here was a technology already developed, proven to work on tens of terabytes of data, and with security features sorely needed by heavily regulated health-care and banking customers.'"Read Replies (0)
By timothy from Slashdot's that's-beeeeeellion department
writes "The first deep look into the security of the Android patch installation process, specifically its Package Management Service (PMS), has revealed a weakness that puts potentially every Android device at risk for privilege escalation attacks. Researchers from Indiana University and Microsoft published a paper that describes a new set of Android vulnerabilities they call Pileup flaws, and also introduces a new scanner called SecUP that detects malicious apps already on a device lying in wait for elevated privileges. The vulnerability occurs in the way PMS handles updates to the myriad flavors of Android in circulation today. The researchers say PMS improperly vets apps on lower versions of Android that request OS or app privileges that may not exist on the older Android version, but are granted automatically once the system is updated.
The researchers said they found a half-dozen different Pileup flaws within Android's Package Management Service, and confirmed those vulnerabilities are present in all Android Open Source Project versions and more than 3,500 customized versions of Android developed by handset makers and carriers; more than one billion Android devices are likely impacted, they said."
Handily enough, the original paper
paywalled.Read Replies (0)
By timothy from Slashdot's learned-it-from-watching-the-nsa department
After the recent Windows 8 leak
by recently arrrested
then-Microsoft employee Alex Kibkalo, Microsoft has tweaked its privacy policies, but also defended reading the email
of the French blogger to whom Kibkalo sent the software."The blogger in question, who remains unidentified, happened to use Hotmail—the investigation began in 2012 before Hotmail's Outlook.com transition—as his primary email account. So as part of its investigation, Microsoft peeked into the blogger's email account to read that person's correspondence with Kibkalo. ... Microsoft says it was justified in searching the blogger's email account, because it had probable cause to believe Kibkalo was funneling trade secrets to the blogger.The company also pointed out that even with its justification for searching the account, it would have been impossible to gain a court order."
"The legal system wouldn't have let us" seems a strange argument to defend any act of snooping.Read Replies (0)
By timothy from Slashdot's who-you-say-you-are department
writes "In recent months fake PGP keys have been found for at least two developers on well known crypto projects: Erinn Clark, a Tor developer and Gavin Andresen, the maintainer of Bitcoin. In both cases, these PGP keys are used to sign the downloads for popular pieces of crypto software. PGP keys are supposed to be verified through the web of trust, but in practice it's very hard to find a trust path between two strangers on the internet: one reply to Erinn's mail stated that despite there being 30 signatures [attached to] her key, [the respondent] couldn't find any trust paths to her. It's also very unclear whether anyone would notice a key substitution attack like this. This leaves three questions: who is doing this, why, and what can be done about it? An obvious candidate would be intelligence agencies, who may be trying to serve certain people with backdoored binaries via their QUANTUMTHEORY man-in-the-middle system. As to what can be done about it, switching from PGP to X.509 code signing would be an obvious candidate. Both Mac and Windows support it, obtaining a forged certificate is much harder than simply uploading a fake PGP key, and whilst X.509 certs can be issued in secret until Google's Certificate Transparency system is fully deployed, finding one would be strong evidence that an issuing CA had been compromised: something that seems plausible but for which we currently lack any evidence. Additionally, bad certificates can be revoked when found whereas beyond making blog posts, not much can be done about the fake PGP keys."Read Replies (0)
By timothy from Slashdot's pinkie-swear department
:Hugh Pickens DOT Com (2995471)
writes "Dana Goldstein writes in The Atlantic that while one of the central tenets of raising kids in America is that parents should be actively involved in their children's education — meeting with teachers, volunteering at school, and helping with homework — few parents stop to ask whether they're worth the effort. Case in point: In the largest-ever study of how parental involvement affects academic achievement researchers combed through nearly three decades' worth of longitudinal surveys of American parents and tracked 63 different measures of parental participation in kids' academic lives, from helping them with homework, to talking with them about college plans, to volunteering at their schools. What they found surprised them. Most measurable forms of parental involvement seem to yield few academic dividends for kids, or even to backfire — regardless of a parent's race, class, or level of education. Once kids enter middle school, parental help with homework can actually bring test scores down, an effect Robinson says could be caused by the fact that many parents may have forgotten, or never truly understood, the material their children learn in school. 'As kids get older—we're talking about K-12 education — parents' abilities to help with homework are declining,' says Keith Robinson. 'Even though they may be active in helping, they may either not remember the material their kids are studying now, or in some cases never learned it themselves, but they're still offering advice. And that means poor quality homework.'"
(More, below.)Read Replies (0)