itwbennett (1594911) writes "In a victory for the Electronic Frontier Foundation (EFF), which is suing to make the DOJ release information about surveillance on U.S. citizens, a California judge on Friday ordered the Department of Justice to produce 66 pages of documents for her review. The judge said the agency failed to justify keeping the documents secret and she will decide whether the documents, including one opinion and four orders by the U.S. Foreign Intelligence Surveillance Court (FISC), were improperly withheld from the public."
Link to Original Source
An anonymous reader writes "Ars Technica reports that for the first time in Bitcoin's five-year history, a single entity has repeatedly provided more than half of the total computational power required to mine new digital coins, in some cases for sustained periods of time. It's an event that, if it persists, signals the end of crypto currency's decentralized structure."
Steve Patterson (2850575) writes "It’s rumored that Amazon will launch its own 3D smartphone on June 18 Amazon will launch its own 3D smartphone on June 18. While it may be compelling, a sexy 3D feature won’t catapult Amazon into the lead of the cut-throat smartphone category. If this were true, the EVO 3D, introduced two years ago by HTC and the W960, introduced by Samsung four years ago, would have been top sellers rather than niche products. However, a smartphone that renders 3D images does present an internet retailing opportunity for Amazon. It would be useful to Amazon in selling tangible consumer merchandise, just like Amazon’s Kindle Fire tablet was designed to improve Amazon’s merchandizing of ebooks and video streaming products."
Link to Original Source
lpress (707742) writes "Google, along with Facebook, is a founding partner of Internet.org, which seeks "affordable internet access for the two thirds of the world not yet connected." Google is trying to pull it off — they have projects or companies working on Internet connectivity using high-altitude platforms and low and medium-earth orbit satellites. These extra-terrestrial approaches to connectivity have been tried before, without success, but Google is revisiting them using modern launch technology (public and private), antennas, solar power, radios and other electronics, as well as tuning of TCP/IP protocols to account for increased latency. For example, they just acquired Skybox Imaging, which has a low-earth orbit satellite for high resolution video imaging. In the short run, Skybox is about data, video and images, but the long range goal may be connectivity in developing nations and rural areas — substituting routers for telescopes. Skybox plans to operate a constellation of low-earth orbit satellites and that sounds a lot like Teledesic's attempt at providing connectivity in the mid 1990s, using the technology of 2014."
benrothke (2577567) writes ": Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity
Author: J.J. Stapleton
Publisher: Auerbach Publications
Reviewer: Ben Rothke
Summary: Great guide to enterprise authentication from an expert
Having worked at the same consulting firm and also on a project with author J.J. Stapleton (yes, that was full disclosure); I knew he was a really smart guy. In Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity, Stapleton shows how broad his security knowledge is to the world.
When it comes to the world of encryption and cryptography, Stapleton has had his hand in a lot of different cryptographic pies. He has been part of cryptographic accreditation committees for many different standard bodies across the globe.
The premise of the author and the need for the book is that the traditional information security CIA triad (confidentiality, integrity, availability) has led to the situation where authentication has to a large part gotten short shrift. This is a significant issue since much of information security is built around the need for strong and effective authentication. Without effective authentication, networks and data are at direct risk for compromise.
The topic itself is not exactly compelling (that is, unless you like to read standards such as ANSI X9.42-2003: Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, ISO/IEC 9798-1:2010: Information technology — Security techniques — Entity authentication,etc.), so the book is more of a detailed technical reference. Those looking for a highly technical overview, interoperability guidance, and overall reference will find the book most rewarding.
For those who don't have a general background on the topic; it may be a book too deep and technical for those looking for something more in line of a CISSP preparation guide.
For those that want to know the deep underpinnings of how encryption algorithms work; they can simply read the RFC's and standards themselves. What the book brings to the table are details about how to effectively implement the standards and algorithms in the enterprise; be it in applications, policies; or the specific procedures to meet compliance and standards requirements. And that is where Stapleton's many decades of experience provide significant and inestimable value.
There are many reasons why authentication systems fail and many times it is due to interoperability issues. Stapleton details how to ensure to minimize those faults in order to achieve seamless authentication across multiple technologies and operating systems.
The 7 chapters cover a dense amount of information around the 3 core topics. The book is for the reader with a solid technical background. While it may be listed as an exploratory text, it is not like a For Dummies title.
As per its title, it covers confidentiality, authentication and integrity; in addition to other fundamental topics of non-repudiation, privacy and key management.
One of the ways Stapleton brings his broad experience to the book is in the many areas where he compares different types of cryptosystems, technologies and algorithms. This enables the reader to understand what the appropriate type of authentication is most beneficial for the specific requirement.
For example, in chapter 7, the book provides a really good comparison and summary of different cryptographic modules, including how they are linked to various standards from NIST, NSA, ANSI and ISO. It does the same for a comparison of cryptographic key strengths against various algorithms.
An interesting observation the book makes when discussing the DES encryption algorithm, is that all of the talk of the NSA placing backdoors in it are essentially false. To date, no known flaws have been found against DES, and that after being around for over 30 years, the only attack against DES is an exhaustive key attack. This type of attack is where an adversary has to try each of the possible 72 quadrillion key (256permutations – as the key is 56 bits long) until the right key is discovered.
That means that the backdoor rumors of the NSA shortening the length of the substitution ciphers (AKA s-boxes), was not to weaken it necessarily. Rather it was meant to block DES against specific types of cryptanalytic attacks.
While the book is tactical; the author does bring in one bit of trivia when he writes that the ISO, often known as the International Organization for Standardization, does not in truth realty stand for that. He notes that the organizations clearly states on its web pagethat because International Organization for Standardizationwould have different acronyms in different languages (IOS in English, OIN in French for Organisation internationale de normalization, etc.); its founders decided to give it the short form ISO. ISO is derived from the Greek isos, meaning equal. Whatever the country, whatever the language, the short form of the name is always ISO.
While that is indeed ultimately a trivial issue, I have seen certification exams where they ask what that acronym stands for. Perhaps a lot of CISSP's need to have their credentials revoked.
While Stapleton modifies the CIA triad, the book is not one of a security curmudgeon, rather of a security doyen. For anyone looking for an authoritative text on how to fully implement cross-platform security and authentication across the enterprise, this is a valuable reference to get that job done.
Reviewed by Ben Rothke"
MarkWhittington (1084047) writes "According to a Saturday story in the Los Angeles Times, the recent revival of tensions between the United States and Russia, not seen since the end of the Cold War, may provide a shot in the arm for the American rocket engine industry. Due in part in retaliation for economic sanctions that were enacted in response to Russian aggression in the Ukraine, Russia announced that it would no longer sell its own RD-180 rocket engines for American military launches. This has had American aerospace experts scrambling to find a replacement.
The stakes for weaning American rockets off of dependency on Russian engines could not be starker, according to Space News. If the United States actually loses the RD-180, the Atlas V would be temporarily grounded, as many as 31 missions could be delayed, costing the United States as much as $5 billion. However SpaceX, whose Falcon family of launch vehicles has a made in the USA rocket engine, could benefit tremendously if the U.S. military switches its business from ULA while it refurbishes its own launch vehicles with new American made engines."
Link to Original Source
An anonymous reader writes "Yahoo Mail Service has been down since Wednesday for some users. It logs in fine with no password error and I am able to access other Yahoo Services except for Yahoo Mail. My other yahoo mail accounts work fine it is only one. Yahoo has not done anything yet since they posted the announcement on facebook and twitter 4 days ago.
Link to Original Source
Diggester (2492316) writes "Cambridge has finally finished a series of eighty studies involving half a million people and the conclusion they've reached is that saturated fats have little or no connection to heart disease. The study also says that "good" fats (vegetable fats mostly) do not lower the risk of a heart attack either. This new study is turning heads and confusing the hell out of diet enthusiasts who have constantly been obsessed over reducing their fat intake (admittedly just to stay wafer thin). Hasn't fat ALWAYS been the reason for heart failure? Well, apparently not."
Link to Original Source
An anonymous reader writes "Many years ago, I was a coder—but I went through my computer science major when they were being taught in Lisp and C. These days I work in other areas, but often need to code up quick data processing solutions or interstitial applications. Doing this in C now feels archaic and overly difficult and text-based. Most of the time I now end up doing things in either Unix shell scripting (bash and grep/sed/awk/bc/etc.) or PHP. But these are showing significant age as well.
I'm no longer the young hotshot that I once was—I don't think that I could pick up an entire language in a couple of hours with just a cursory reference work—yet I see lots of languages out there now that are much more popular and claim to offer various and sundry benefits.
I'm not looking to start a new career as a programmer—I already have a career—but I'd like to update my applied coding skills to take advantage of the best that software development now has to offer.
Ideally, I'd like to learn a language that has web relevance, mobile relevance, GUI desktop applications relevance, and also that can be integrated into command-line workflows for data processing—a language that is interpreted rather than compiled, or at least that enables rapid, quick-and-dirty development, since I'm not developing codebases for clients or for the general software marketplace, but rather as one-off tools to solve a wide variety of problems, from processing large CSV dumps from databases in various ways to creating mobile applications to support field workers in one-off projects (i.e. not long-term applications that will be used for operations indefinitely, but quick solutions to a particular one-time field data collection need).
I'm tired of doing these things in bash or as web apps using PHP and responsive CSS, because I know they can be done better using more current best-of-breed technologies. Unfortunately, I'm also severely strapped for time—I'm not officially a coder or anything near it; I just need to code to get my real stuff done and can't afford to spend much time researching/studying multiple alternatives. I need the time that I invest in this learning to count.