Hackers Steal Data Of 4.5 Million US Hospital Patients
First, SSNs themselves should not be "stored" in any database. They should be used dynamically for initial patient validation and stored as a salted hash. For that matter, you can do the same with DOB and other key identifiers that are not required for anything but for validation. Use an internal patient number as index for everything else. Second, use MAC (Mandatory Access Controls) for any app or microservice attempting to access specific portions of data. Any unauthorized attempt to access a record should be logged, and if you really want to catch the bad guys, do a transparent session forward to a honeypot with a fake database. Third, use 2 factor authentication for any remote access to the data. Fourth, all internal systems should run virtualized and accessed over VDI, no data on laptops, ever. Is it really that hard?
Airbus Patents Windowless Cockpit That Would Increase Pilots' Field of View
I was on a business trip once going from Lima, Peru, to Arica in Chile on a 727 when the pilot announced that the navigation system in the plane was basically dead. Instead of freaking out, he lowered the altitude and he visually followed the Iquitos river and other landmarks, piloting the plane the old fashion way, taking us to the destination safely.
In a windowless cockpit that would have been a non-starter. I for one, want to keep an "analog backup" as an option. Thank you.
Supreme Court Rules Against Aereo Streaming Service
I *want* to pay for a service like that. I'm eager to pay to watch what I like when I want it. But with decisions like that, they leave people like me NO choice but using "alternative" methods like Sickbeard + SABnzbd, forcing me into the underground. These guys are so far behind the times it's like watching a 1950s movie. Term limits!
OKCupid Warns Off Mozilla Firefox Users Over Gay Rights
I use the ReiserFS, you insensitive clod...
FWD.us Wants More H-1B Visas, But 50% Go To Offshore Firms
H1B visas serve only to drive down wages for US employees. Additionally, they end up training foreign talent that are later kicked out of the country (after 3 or 6 years, depending upon whether the visa is renewed).
Not necessarily. They system may be corrupted now, but I doubt that's the only reason why we created this program. I came to Silicon Valley 14 years ago specifically because I had skill sets that were required by my company at the time and were simply not available (like speaking specific languages and understand local cultures in specific countries, in additional to specific technical skills), so for all intents and purposes, it was completely legit. I was also very naive at the time and I openly discussed salaries with my co-workers (something pretty common where I come from) so I realized I was NOT being paid less than them. In some cases I was being paid more.
I didn't consider I was being "trained" either. In fact, I was doing most of the training, and when the time came to look at other opportunities outside the company, almost every potential employer that contacted me already knew they'd have to renew my H1-B in order to get me, and that wasn't considered an issue, just an annoyance.
A while after I met my wife and I became a citizen through marriage, but at least my experience was very different from what other people is discussing in this thread.
Canonical Shutting Down Ubuntu One File Services
Completely agree. Unfortunately, it's a normal part of the growth and maturity of a new industry. We tend to forget how new all this stuff is. Adjustments, consolidations and failures will occur, but they will collectively contribute to a more robust ecosystem down the road. Like with any technology, early adopters tend to get screwed, the difference is that people were treated as "consenting" early adopters when in reality they thought they were relying on a "permanent" service.
What I do find interesting though, it's the desire from Canonical to release the source code. That can be very beneficial for all of us and new services can be spawned from there. It will be good to see what did they use underneath (Csync2 may be?) and it will be good to have alternatives to ownCloud and other services.
Woman Attacked In San Francisco Bar For Wearing Google Glass
The real issue here is what's actually going on in SF. If you don't live here you probably don't know, but there has been a lot of soft aggression against tech workers regardless of the company all over the city, simply because more and more are moving in, driving up the prices of housing and attracting more higher-end businesses, effectively changing the nature of traditionally "working class" neighborhoods. Classic gentrification.
This bar in particular is more of a punk-type place, located exactly in one of those areas under rapid changing, so the presence of someone with GG was probably an in-your-face reminder (no pun intended) of the situation many of the locals are experiencing.
I can personally understand both sides, but I tend to side with history: everything changes over time and different forces will produce different changes. You can fight it only to a certain degree, but change is inexorable, and you can't forever cling to "the way things were before".
Electrical Engineering Lost 35,000 Jobs Last Year In the US
Reason why I left the programming world a long time ago and became a pre-sales engineer. Harder to outsource if the product being sold is highly technical, and it pays substantially better than a pure programming/engineering/IT/back-end job. I'm not saying it's impossible to outsource, but if you choose the segment right and you are good at it, chances are you can retire before you see these type of jobs getting pushed overseas as well.
User Alleges LG TVs Phone Home With Your Viewing Habits
Is this a surprise to anybody? why do you think all TV vendors are pushing for "Smart TV"? all this metadata could be a huge source of revenue to them in all kinds of areas, from advertising profiling to law enforcement.
Since we have more and more connected devices in our lives, you've got to take extra precautions. First and foremost, if your device doesn't need to be connected to the Internet, just don't. There is no reason your wired printer need Internet access, so block that MAC address for external access. If your device does need it, then make sure that it's in an isolated segment with no raw access to Ethernet frames from other systems in your house, and if it's WiFi-enabled, make sure you have guest isolation turned on. Then, setup a proxy, transparent or not, to make sure you have the chance to monitor that traffic for unexpected surprises. If you can, whitelist some specific sites that your application needs to access, like Netflix or VUDU for example and block access to everything else.
Finally, why use apps in the TV when you can have excellent open source software provide you with content, like XBMC or MythTV?
Nathan Myhrvold's $500 Cookbook Now an $80 iPhone App
Many of the comments here are from people who has not seen or read the books. Gourmet cooking at home is my hobby so I actually own both, the Modernist Cuisine and The Modernist Cuisine at Home. I've read them thoroughly and I've done many recipes from them, and I must say, I yet have to see another set of books as useful and complete as these. You learn the principle of things, the math, physics and chemistry associated with the processes, from smoking and grilling to sous vide and pressure cooking. It's amazing the wealth of knowledge in these books. Also, the photography alone makes it a work of art.
If you are in doubt, simply make one recipe: the Caramelized Carrot Soup. It will blow your mind (and your guests). This recipe works because by increasing the pH under pressure you achieve the Maillard reaction before the carrots can burn. You cannot achieve this result any other way, and that's the kind of knowledge behind these books. Also, check the Hyperdecanting trick with wine. You'll impress your friends at any party.
Nathan said in an interview that he wrote this because that's the kind of book that he'd wish he has had access to when he started cooking. There is nothing else out there like this. It's true it's not for everybody. It's for either chefs or very serious amateurs. I for one, welcome an app. As wonderful as the books are, they are complicated when you need to find something quickly. Unfortunately, I don't do iOS, so I'll have to wait for the Android version in the future or steal my wife's iPad when I need it.
Digital Revolution Will Kill Jobs, Inflame Social Unrest, Says Gartner
I've actually had the chance to see this myself. I started working for VMware in at the end of 2003, when virtualization was new. It slowly and gradually entered the datacenter, first in development and testing workloads and then production to mission critical apps. All this time I've seen the server to admin ratio change dramatically, first with tens to hundreds to now thousands of systems that can be managed by a single admin. This obviously means the gradual extinction of the traditional sysadmin, same way the operators disappeared with the decline of the mainframe.
Now automation tools and proactive analytics are gaining huge momentum and will doom yet another segment of the IT force, even managers who approve or deny decision can be replaced by software policies and self-service portals.
If any company would have the chance to run their whole IT as a single black box with a switch and no humans involved whatsoever, most would do it. It sucks, but denial won't help either.
My favorite brand of snake oil is ...
Since it was invented by a Magnetic Healer, I guess it's related, but it has grown as its own scam on its own.
My favorite reference site when these type of "topics" come up is Science-based Medicine.
Most Tor Keys May Be Vulnerable To NSA Cracking
I understand your thinking. Yet, once your eyes have been opened, you can't go back anymore. I know it's a cliche in this audience, but it's really like swallowing the red pill. We now know we were not crazy and there really is an extremely powerful entity out there attempting to break all our most trusted systems. We can 1) ignore it, 2) accept our fate and go kosher (according to 'the system') or 3) fight it. I've chosen 3, mostly because I think this is just the beginning and things can get really dark very fast if we let this stand. I also want to point out that the NSA hires really smart folks, but they are not superhuman. We, as a collective, can outsmart them all, and then we can create open source software easy enough for the masses to use. We've done it before and we can do it again. THEY are not infallible!
Wildfire Threatens Water and Power To San Francisco
I for one, am more concerned about the classic little towns like Groveland that live out of the tourism coming in and out of Yosemite. My wife and I go to Yosemite at least a couple of times per year, and we always stay in Groveland, a tiny town with such an old gold rush history and character. They've got the Iron Door Saloon, the oldest saloon in California dating from 1852, The Groveland Hotel that used to be a brothel and where every one of the rooms is named like "Lotta Crabtree", "Betty Fries Room" and "Just Juanita".
Right now I'm less concerned about our water supply vs. the lives and livelihood of their residents and rich history of all those places.
Microsoft Needs a Catch-Up Artist
What bothers me is that Microsoft has really good engineers but lacks a clear strategic direction. Their massive amount of legacy code plus some seriously bad "assumptions" about what the users want have sustained their decline in the last 10 years. It's a sad state of affairs, having used their products since Windows 1.0 when they were "the rebels".
I know it's just my opinion, but given their deep pockets, they should create an incubator unit or a completely separate start-up with huge funding for a re-acquisition later on (similar to what Cisco is doing with Insieme). The purpose of this group should be to go back to their roots, and re-think the way people and companies are expected to interact with computers in the next 10-20 years timeframe, and create a brand new OS with no legacy code, and anticipating the challenges and threats that will evolve overtime as much as possible.
I've always wondered why airplanes and MRI machines can have "mission critical" OSs and software while we all have to deal with crashes and uncertainty. They have the capability to create and bring to market a practical, usable EAL-7 OS. We know it has been done before, but Microsoft has the capability to make it commercially viable for everyone. And this is only ONE of the things they could do.
Transportation Designs For a Future That Never Came
The way this post was presented is totally idiotic. The fact that some of these ideas have been around for a very long time means only that technical feasibility was not there yet. Remember Jules Verne or DaVinci for that matter. Many of their ideas have become normal part of our lives, while many others were just product of a fertile imagination.
What I really like about the hyperloop is that the idea is old, but it's been re-thought from the perspective of the 21st century, by someone who has the credibility to make things that everyone else said were impossible a fact.
I, for one, think Elon Musk is one of the greatest minds of our generation, and not only because of the ideas, but because of his attitude of "why not" and "build it and they will come". I'd trust him with my tax dollars any day when I see what he has accomplished, vs. the bozos in the State Government.
TFA is correct that there isn't anything to patch per se. However, it's possible to mitigate the effects of this by using multiple completely isolated browser sessions for different purposes. Your banking VM should always be used for banking, nothing else. Clear cookies and browser history at the end of the session. All that while other VMs should be used for their own specific purposes with their own security configuration.
This is very well implemented in Qubes OS but can also be implemented via regular VMs. The guys at Bromium have also an interesting approach to this issue via microvirtualization using hardware.
Net/net, the important thing is to make sure that whatever the attacker can get, it's irrelevant in the big picture of things.
College Students Hijack $80 Million Yacht With GPS Signal Spoofing
Particularly bad timing since just today the San Francisco Chronicle is reporting that foreign airlines are now asked to use GPS for landings at SFO. What could possibly go wrong?
Software-Defined Data Centers Might Cost Companies More Than They Save
The whole idea of SDDC and Cloud Computing is to basically end up with "IT as a Service". The rest are just marketing words. The goal is to have a service pretty much like electricity: you don't necessarily care where it comes from or how it's delivered to your premises. All you care is that it's there, it's reliable, it's consistent and you know exactly how much you are paying for.
The problem I've seen in the 10 years I've been in this particular industry, is that very few large companies are doing chargeback from IT to their internal customers or business units. IT has been historically seen as a shared cost for the company which adds tremendous pressure every year to cut more and more and try to leverage economies of scale whenever possible. Once you implement chargeback (even if it starts as a showback only) you can effectively pass that cost to the internal customer so you end up shaping their behavior depending on their own funds allocation, not IT's.
The next step is to have accurate forecasting so you know exactly how much infrastructure to have available, particularly if you implement service tiering. This doesn't mean that IT will have a free ride, and it will still be expected to be competitive with external cloud providers, but at least is something more manageable than the status quo.
Wi-Fi-Enabled Tooth Sensor Rats You Out When You Smoke Or Overeat
It will explode with poisonous gas as soon as the sensor detects Duke Leto nearby!
Natales hasn't submitted any stories.
Natales has no journal entries.