Slashdot Mirror

← Back to Domains

Domain: techtarget.com

Stories and comments across the archive that link to techtarget.com.

Stories · 207

  1. Federal Shutdown May Send Millennial Workers To Exits (techtarget.com)

    Yro · Government · · posted by BeauHD · from the show-me-the-door dept. · 284 comments
    dcblogs writes: The federal government measures the "engagement" of its federal workforce once a year with a massive survey of 1.5 million employees. And what it has found is that most federal workers are very dedicated to their work. Its most recent survey -- the 2018 Federal Employee Viewpoint Survey -- asked employees if they are "willing to put in extra effort to get their job done," 96% of the survey takers responded affirmatively. Moreover, 91% agreed with the statement that they "look for ways to do their jobs better," and 90% "believe their work is important." But this job dedication is being tested by the U.S. government shutdown, and most at risk of leaving are Millennial-age workers. Less than 6% of federal employees are under the age of 30 and represent half of all people who leave an agency within the first two years. The best employees have options, and "a major concern is that the brightest, hardest-working, and most capable, dedicated government employees may opt out of government service and take jobs in the private sector," Talya Bauer, professor of management at Portland State University in Oregon and president of the Society for Industrial and Organizational Psychology, said. The shutdown could hurt the reputation of the government as a good place to work, she said.

  2. LinkedIn's Forthcoming Analytics Tool May Boost Job Poaching (techtarget.com)

    It · Business · · posted by BeauHD · from the quality-of-data dept. · 85 comments
    dcblogs writes: LinkedIn has developed a new analytics platform that should make it easier to poach job candidates. It will use its vast database of nearly 600 million profiles to help recruiters find pockets of talent, know the attrition rate and glean competitive data. The platform, due in September, was discussed at a recent HR conference. One attendee asked a LinkedIn official: "Does that set up an environment for poaching talent?" And then she immediately answered her own question. "I think the answer is yes. And so why would I sign off on that?" In response to the attendees' question, Eric Owski, the head of product for Talent Insights at LinkedIn, said there was nothing wrong with making this data available. The LinkedIn team concluded that "the world is becoming more transparent," and "very sophisticated teams at large companies were able to figure out a lot of the calculations that we're making available in this product," he said. "We think by packaging it up nicely, it levels the playing field," Owski said. "We feel like we're on safe ground."

  3. MIT Issued Blockchain Diplomas, But Doesn't Know If Employers Actually Use Them (techtarget.com)

    News · Education · · posted by EditorDavid · from the digital-diplomas dept. · 38 comments
    dcblogs writes: Last summer, MIT ran a pilot program creating verifiable, tamper-proof "digital diplomas" for a small number of graduates. But they don't know how the pilot turned out, and there's a lot of experimentation underway. Eventually, all your credentials -- resume, employment history, occupational licenses, diplomas -- may be in a blockchain. The use of blockchain enabled digital credentials is growing. This could speed employment verification, and make lying on resumes harder.
    The article points out that while a number of universities are exploring blockchain, MIT "has not heard of a case where a student's digital diploma was either consumed or accepted by an employer," although "Many certificates were verified..."

    "MIT's pilot illustrates the state of blockchain in HR. It is in a beta, proof-of-concept, experimental phase. Blockchain verification is currently not a practical option for employers and recruiters."

  4. Emotion Recognition Systems Could Be Used In Job Interviews (techtarget.com)

    It · Ai · · posted by EditorDavid · from the smile-when-you-call-me-that dept. · 145 comments
    dcblogs writes: Emotion recognition software identifies micro-expressions through video analysis. These are expressions that may be as fast as 1/25 of a second and invisible to the human eye, but a close analysis of video can detect them. These systems are being used in marketing research, but some employers may be interested in using them to assess job candidates.

    Vendors claim these systems can be used to develop a personality profile and discover a good cultural fit. The technology raises concerns, illustrated earlier this year who showed that face-reading technology could use photographs to determine sexual orientation with a high degree of accuracy.
    One company has already added face recognition into their iPad-based time clock, which the company's CEO thinks could be adapted to also detect an employee's mood when they're clocking out. Yet even he has his reservations. While he thinks it could provide more accurate feedback from employees, he also admits that "There's something very Big Brother about it."

  5. Following Equifax Breach, CEO Doesn't Know If Data Is Encrypted (techtarget.com)

    It · Encryption · · posted by BeauHD · from the coin-toss dept. · 104 comments
    An anonymous reader quotes a report from TechTarget: Equifax alerted the public in September 2017 to a massive data breach that exposed the personal and financial information -- including names, birthdays, credit card numbers and Social Security numbers -- of approximately 145 million customers in the United States to hackers. Following the Equifax breach, the former CEO Richard Smith and the current interim CEO Paulino do Rego Barros Jr. were called to testify before the Committee on Commerce, Science, and Transportation this week for a hearing titled "Protecting Consumers in the Era of Major Data Breaches." During the hearing, Sen. Cory Gardner (R-Colo.) questioned Smith and Barros about Equifax's use of -- or lack of -- encryption for customer data at rest. Smith confirmed that the company was not encrypting data at the time of the Equifax breach, and Gardner questioned whether or not that was intentional. "Was the fact that [customer] data remained unencrypted at rest the result of an oversight, or was that a decision that was made to manage that data unencrypted at rest?" Gardner asked Smith. Smith pointed out that encryption at rest is just one method of security, but eventually confirmed that a decision was made to leave customer data unencrypted at rest. "So, a decision was made to leave it unencrypted at rest?" Gardner pushed. "Correct," Smith responded.

    Gardner moved on to Barros and asked whether he has implemented encryption for data at rest since he took over the position on Sept. 26. Barros began to answer by saying that Equifax has done a "top-down review" of its security, but Gardner interrupted, saying it was a yes or no question. Barros stumbled again and said it was being reviewed as part of the response process and Gardner pushed again. "Yes or no, does the data remain unencrypted at rest?" "I don't know at this stage," Barros responded. "Senator, if I may. It's my understanding that the entire environment [in] which this criminal attack occurred is much different; it's a more modern environment with multiple layers of security that did not exist before. Encryption is only one of those layers of security," Smith said.

  6. Vendor Tracks LinkedIn Profile Changes To Alert Client Employers (techtarget.com)

    Yro · Business · · posted by BeauHD · from the heads-up dept. · 101 comments
    dcblogs shares a report from TechTarget: IT managers have long had the ability and right to monitor employee behavior on internal networks. Now, HR managers are getting similar capabilities thanks to cloud-based services -- but for tracking employee activity outside of their employer's network. A controversy and court fight is swelling over its potential impact on employee privacy. A San Francisco-based startup, hiQ Labs Inc., offers products based on its analysis of publicly available LinkedIn data. One is Keeper, which identifies employees at risk of being recruited away, and another is Skill Mapper, which analyzes employee skills. The profile data is collected by software bots. The clients of hiQ's service may learn whether a LinkedIn member is a flight risk thanks to an individual risk score: high (red), medium (yellow) or low (green), according to court papers. LinkedIn is in court fighting this, but so far it's losing. A federal judge recently took exception to the use of the CFAA in this case "to punish hiQ for accessing publicly available data." The judge warned such an interpretation "could profoundly impact open access to the internet."

  7. Microsoft Dumps Notorious Chinese Secure Certificate Vendor (zdnet.com)

    Tech · Microsoft · · posted by BeauHD · from the cut-ties dept. · 57 comments
    Soon, neither Internet Explorer nor Edge will recognize new security certificates from Chinese Certificate Authorities WoSign and its subsidiary StartCom. ZDNet reports: A CA is a trusted entity that issues X.509 digital certificates that verify a digital entity's identity on the internet. Certificates include its owner's public key and name, the certificate's expiration date, encryption method, and other information about the public key owner. Typically, these are used to secure websites with the https protocol, lock down internet communications with Secure Sockets Layer and Transport Layer Security (SSL/TLS), and secure virtual private networks (VPNs). A corrupted certificate is barely better than no protection at all. It can be used to easily hack websites and "private" internet communications.

    Microsoft has joined [Mozilla, Google and Apple] in abandoning trust in their certificates. A Microsoft representative wrote: "Microsoft has concluded that the Chinese CAs WoSign and StartCom have failed to maintain the standards required by our Trusted Root Program. Observed unacceptable security practices include back-dating SHA-1 certificates, mis-issuances of certificates, accidental certificate revocation, duplicate certificate serial numbers, and multiple CAB Forum Baseline Requirements (BR) [issuance and management rules for public certificates] violations." Microsoft will start "the natural deprecation of WoSign and StartCom certificates by setting a 'NotBefore' date of 26 September 2017. This means all existing certificates will continue to function until they self-expire. Windows 10 will not trust any new certificates from these CAs after September 2017."

  8. Linux.com Announces The Best Linux Distros for 2017 (linux.com)

    Linux · Debian · · posted by EditorDavid · from the Linux-lists dept. · 224 comments
    Friday Linux.com published their list of "what might well be the best Linux distributions to be found from the ever-expanding crop of possibilities... according to task." Here's their winners (as chosen by Jack Wallen), along with a short excerpt of his analysis.
    • Best distro for sysadmins : Parrot Linux. "Based on Debian and offers nearly every penetration testing tool you could possibly want. You will also find tools for cryptography, cloud, anonymity, digital forensics, programming, and even productivity."
    • Best lightweight distribution: LXLE. "Manages to combine a perfect blend of small footprint with large productivity."
    • Best desktop distribution: Elementary OS "I'm certain Elementary OS Loki will do the impossible and usurp Linux Mint from the coveted 'best desktop distribution' for 2017."
    • Best Linux for IoT: Snappy Ubuntu Core "Can already be found in the likes of various hacker boards (such as the Raspberry Pi) as well as Erle-Copter drones, Dell Edge Gateways, Nextcloud Box, and LimeSDR."
    • Best non-enterprise server distribution: CentOS. "Since 2004, CentOS has enjoyed a massive community-driven support system."
    • Best enterprise server distribution: SUSE. "Don't be surprised if, by the end of 2017, SUSE further chips away at the current Red Hat market share."

    Wallen also chose Gentoo for "Best distribution for those with something to prove," saying "This is for those who know Linux better than most and want a distribution built specifically to their needs... a source-based Linux distribution that starts out as a live instance and requires you to then build everything you need from source." And surprisingly, he didn't mention his own favorite Linux distro, Bodhi Linux, which he describes elsewhere as "a melding of Ubuntu and Enlightenment".


  9. Technology Is Making Doctors Feel Like Glorified Data Entry Clerks (fastcompany.com)

    Tech · · posted by BeauHD · from the side-effects dept. · 326 comments
    An anonymous reader writes from a report via Fast Company: The average day for a doctor consists of hours of data entry. Since the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 took effect in January of 2011, which incentivized providers to adopt electronic medical records, hospitals have spent millions, sometimes billions, on computer systems that weren't designed to help providers treat patients to begin with. The technology was supposed to reduce inefficiencies, make doctors' lives easier, and improve patient outcomes, but in fact it has done the opposite. "Frankly, the main incentive is to document exhaustively so you cover your ass and get paid," says Jay Parkinson, a New York-based pediatrician and the founder of health-tech startup Sherpa. The systems are flooding doctors with important and utterly meaningless alerts. One of the biggest problems is that the systems have made it very difficult for doctors to share information between one another, which is what the systems were intended to do all along. Why? "Because it doesn't help the bottom line of the biggest medical record vendors or the hospitals to make it easy for patients to change doctors," reports Fast Company. Since it often takes weeks, or months for data to be sent to and from facilities, that, according to Consumers Union staff attorney Dana Mendelsohn, increases the chances of doctors ordering duplicate tests. All of this reduces the time doctors have with their patients. A recent study shows that the average time doctors spend with their patients is about eight minutes and 12% of their time, down from 20% of their time in the late 1980s. "This group is 15 times more likely to burn out than professionals in any other line of work," reports Fast Company. "And much of the research on the topic concludes that 'documentation overload' is a key factor." To help alleviate this pain, medical groups are working to reduce the data-entry burden for doctors, so they can in turn spend more of their time with patients.

  10. Google-Backed SSD Endurance Research Shows MLC Flash As Reliable As SLC (hothardware.com)

    Hardware · Storage · · posted by timothy · from the utah-vs-oklahoma dept. · 62 comments
    MojoKid writes: Even for mainstream users, it's easy to feel the differences between using a PC that has an OS installed on a solid state drive versus a mechanical hard drive. Also, with SSD pricing where it is right now, it's also easy to justify including one in a new configuration for the speed boost. And there's obvious benefit in the enterprise and data center for both performance and durability. As you might expect, Google has chewed through a healthy pile of SSDs in its data centers over the years and the company appears to have been one of the first to deploy SSDs in production at scale. New research results Google is sharing via a joint research project now encompasses SSD use over a six year span at one of Google's data centers. Looking over the results led to some expected and unexpected findings. One of the biggest discoveries is that SLC-based SSDs are not necessarily more reliable than MLC-based drives. This is surprising, as SLC SSDs carry a price premium with the promise of higher durability (specifically in write operations) as one of their selling points. It will come as no surprise that there are trade-offs of both SSDs and mechanical drives, but ultimately, the benefits SSDs offer often far outweigh the benefits of mechanical HDDs.

  11. Google-Backed SSD Endurance Research Shows MLC Flash As Reliable As SLC (hothardware.com)

    Hardware · Storage · · posted by timothy · from the utah-vs-oklahoma dept. · 62 comments
    MojoKid writes: Even for mainstream users, it's easy to feel the differences between using a PC that has an OS installed on a solid state drive versus a mechanical hard drive. Also, with SSD pricing where it is right now, it's also easy to justify including one in a new configuration for the speed boost. And there's obvious benefit in the enterprise and data center for both performance and durability. As you might expect, Google has chewed through a healthy pile of SSDs in its data centers over the years and the company appears to have been one of the first to deploy SSDs in production at scale. New research results Google is sharing via a joint research project now encompasses SSD use over a six year span at one of Google's data centers. Looking over the results led to some expected and unexpected findings. One of the biggest discoveries is that SLC-based SSDs are not necessarily more reliable than MLC-based drives. This is surprising, as SLC SSDs carry a price premium with the promise of higher durability (specifically in write operations) as one of their selling points. It will come as no surprise that there are trade-offs of both SSDs and mechanical drives, but ultimately, the benefits SSDs offer often far outweigh the benefits of mechanical HDDs.

  12. A Primer on Data Backup for Small- to Medium-Sized Companies (Video)

    Tech · Internet · · posted by Roblimo · from the prepare-for-the-worst-days-and-the-best-days-will-take-care-of-themselves dept. · 76 comments
    This is a conversation with Jeff Whitehead and Lou Montulli, respectively Vice President of Technical Operations/CTO and Chief Scientist for Zetta.net, a company that specializes in online backup and disaster recovery service. Also, while this interview was arranged without his help, in the interest of full disclosure we'd like to tell you that Zetta's CEO is Ali Jenab, who used to be CEO of Slashdot's parent company. But this discussion isn't about Ali or Zetta.net, but about data backup, and what methods are best and most cost-effective for companies ranging from home-based businesses up to enterprise operations with thousands of employees. Among other things, we discussed the importance of multiple-site storage for important data, a factor that was drilled in to us yesterday by an article titled Another Iron Mountain Fire Points Up Shortcomings of Physical Storage by long-time tech journalist Sharon Fisher. And never forget: You don't know how effective your backup and data storage arrangements are until you try to retrieve your data -- and if you don't try to retrieve data until you need it, and things don't work, you are in big trouble. (Don't see the video? Here's a link.)

  13. Apple Has a Lot In Common With The Rolling Stones (Video)

    Apple · Cellphones · · posted by Roblimo · from the it's-only-a-smart-phone-but-I-like-it dept. · 147 comments
    Tech journalist Ron Miller (not a relative) wrote a piece titled Apple has a lot in common with The Rolling Stones, based on the song It's Only Rock 'N' Roll (But I Like It). In the article, Ron writes: "Much like the Rolling Stones, Apple has to get up on stage again and again and figure out a way to blow the audience away – and it’s not always easy." In fact, Apple's latest iPhone announcement seems to have been greeted with a massive "ho hum" instead of the frenzied interest some of their earlier product announcements have created. In today's video, Ron tells us why he thinks this is, and ruminates briefly about the future of Apple and what kinds of products might help people get excited about Apple again.

  14. How a Programmer Gets By On $16K/Yr: He Moves to Malaysia

    Developers · Money · · posted by timothy · from the wouldn't-be-for-everyone dept. · 523 comments
    An anonymous reader writes "If you can make $10 and hour doing remote work, you can afford to live in Malysia. Make it $15 or $20, you can work 30 hours a week. Real money? Make it ten. This article talks about how John Hunter did it." Malaysia's not the only destination for self-motivated ex-pat programmers, of course. If you've considered doing this kind of sabbatical, or actually have, please explain in the comments the from-where-to-where details and reasons.

  15. How to Become an IT Expert Companies Seek Out and Pay Well (Video)

    Developers · Business · · posted by Roblimo · from the every-day-in-every-way-you-are-getting-better-and-better dept. · 207 comments
    This video is an interview with Matt Heusser, who makes a good living as an independent IT consultant. He says many other people who are currently pounding out code or performing other routine computer-oriented tasks can become independent, too. He's not selling a course or anything here, just passing on some advice to fellow Slashdot readers. He's written up some of this advice in a series of four articles: Getting People to Throw Money At You; How to become IT Talent; That Last Step to Become ‘Talent’ In IT; and The Schwan’s Solution. He also gave a speech last November titled Building your reputation through creative disobedience. (The link is to a 50 minute video of that speech.) Anyway, we figure quite a few Slashdot readers are at least as smart as Matt and may want to take some career steps similar to the ones he has taken. In today's video, he gives you some ideas about how to stop being an IT worker and how to become IT talent instead.

  16. How to Become an IT Expert Companies Seek Out and Pay Well (Video)

    Developers · Business · · posted by Roblimo · from the every-day-in-every-way-you-are-getting-better-and-better dept. · 207 comments
    This video is an interview with Matt Heusser, who makes a good living as an independent IT consultant. He says many other people who are currently pounding out code or performing other routine computer-oriented tasks can become independent, too. He's not selling a course or anything here, just passing on some advice to fellow Slashdot readers. He's written up some of this advice in a series of four articles: Getting People to Throw Money At You; How to become IT Talent; That Last Step to Become ‘Talent’ In IT; and The Schwan’s Solution. He also gave a speech last November titled Building your reputation through creative disobedience. (The link is to a 50 minute video of that speech.) Anyway, we figure quite a few Slashdot readers are at least as smart as Matt and may want to take some career steps similar to the ones he has taken. In today's video, he gives you some ideas about how to stop being an IT worker and how to become IT talent instead.

  17. How to Become an IT Expert Companies Seek Out and Pay Well (Video)

    Developers · Business · · posted by Roblimo · from the every-day-in-every-way-you-are-getting-better-and-better dept. · 207 comments
    This video is an interview with Matt Heusser, who makes a good living as an independent IT consultant. He says many other people who are currently pounding out code or performing other routine computer-oriented tasks can become independent, too. He's not selling a course or anything here, just passing on some advice to fellow Slashdot readers. He's written up some of this advice in a series of four articles: Getting People to Throw Money At You; How to become IT Talent; That Last Step to Become ‘Talent’ In IT; and The Schwan’s Solution. He also gave a speech last November titled Building your reputation through creative disobedience. (The link is to a 50 minute video of that speech.) Anyway, we figure quite a few Slashdot readers are at least as smart as Matt and may want to take some career steps similar to the ones he has taken. In today's video, he gives you some ideas about how to stop being an IT worker and how to become IT talent instead.

  18. How to Become an IT Expert Companies Seek Out and Pay Well (Video)

    Developers · Business · · posted by Roblimo · from the every-day-in-every-way-you-are-getting-better-and-better dept. · 207 comments
    This video is an interview with Matt Heusser, who makes a good living as an independent IT consultant. He says many other people who are currently pounding out code or performing other routine computer-oriented tasks can become independent, too. He's not selling a course or anything here, just passing on some advice to fellow Slashdot readers. He's written up some of this advice in a series of four articles: Getting People to Throw Money At You; How to become IT Talent; That Last Step to Become ‘Talent’ In IT; and The Schwan’s Solution. He also gave a speech last November titled Building your reputation through creative disobedience. (The link is to a 50 minute video of that speech.) Anyway, we figure quite a few Slashdot readers are at least as smart as Matt and may want to take some career steps similar to the ones he has taken. In today's video, he gives you some ideas about how to stop being an IT worker and how to become IT talent instead.

  19. Do You Really Need a Smart Phone?

    News · Money · · posted by timothy · from the all-depends-on-the-context dept. · 851 comments
    Roblimo writes "My phone is as stupid as a phone can be, but you can drop it or get it wet and it will still work. My cellular cost per month is about $4, on average. I've had a cellular phone longer than most people, and I assure you that a smart phone would not improve my life one bit. You, too, might find that you are just as happy with a stupid phone as with a smart one. If nothing else, you'll save money by dumbing down your phone." I stuck with a dumb phone for a long time, but I admit to loving the versatility of my Android phone, for all its imperfections.

  20. Half Life of a Tech Worker: 15 Years

    Tech · Business · · posted by timothy · from the logan's-runtime dept. · 473 comments
    Hugh Pickens writes "Matt Heusser writes that when he went to work for Google all the people he met had a sort of early-twenties look to them. 'Like the characters in Microserfs, these were "firstees," young adults in the middle of the first things like life: First job out of college, first house, first child, first mini-van,' writes Heusser. 'This is what struck me: Where were the old dudes?' and then he realized something very important — you get fifteen years. 'That is to say, your half-life as a worker in corporate America is about age thirty-five. Around that time, interviews get tougher. Your obligations make you less open to relocation, the technologies on your resume seem less-current, and your ability find that next gig begins to decrease.' By thirty-five, half the folks who started in technology have gone on to something else — perhaps management, consulting, on to roles in 'the business' or in operations. 'Yet a few stick it out. Half of the half-life is fifty, and, sure, perhaps 25% of the folks who started as line technologists will still be doing that when they turn fifty,' adds Heusser. 'But by the time you turn thirty-five, you'd better have a plan.'"

  21. Promotion Or Job Change: Which Is the Best Way To Advance In IT?

    News · Journal · · posted by Roblimo · from the getting-ahead-one-way-or-another dept. · 247 comments

    I've had a couple of management consultants tell me that if you want to move into management, it's better to change jobs or change where you work within your current company than to stay where you are. What if you have to fire one of your old friends? Not cool. Or are you better off starting your management career surrounded by people who know and (hopefully) like you? Read the rest .

  22. Hot Aisle Or Cold Aisle For Containment?

    Ask · It · · posted by kdawson · from the contain-this dept. · 181 comments
    1sockchuck writes "Separating the hot and cold air in a data center is one of the keys to improving energy efficiency. But containment systems don't have to be fancy or expensive, as Google showed in a presentation Thursday, which discussed the use of clear vinyl curtains in isolating hot and cold aisles. Containment systems have been in use at least since 2004, but there's an ongoing debate about whether it is best to contain the hot aisle or cold aisle. Leading vendors are split as well, as APC advances hot aisle containment while Emerson/Liebert champions a cold aisle approach. What say Slashdot readers? Do you use containment in your data center? If so, do you contain the hot aisle or cold aisle?"

  23. Symantec To Acquire PGP and GuardianEdge

    It · Business · · posted by CmdrTaco · from the well-that's-different dept. · 160 comments
    An anonymous reader noticed the news that Symantec has bought PGP and Guardian Edge for $370 million. They plan to standardize their encryption stuff on PGP keys.

  24. Is OS/2 Coming Back?

    Linux · Ibm · · posted by CmdrTaco · from the high-school-flashback dept. · 432 comments
    mstansberry writes "Is IBM considering relaunching OS/2? One source close to IBM says Big Blue plans to repurpose OS/2 services atop a Linux core. IT managers ask, why now?" Hey, back in simpler times OS/2 was super badass. Both of the guys who ran it were hard core.

  25. Managing Young Sys Admins At Oregon State Open Source Lab

    It · Education · · posted by ScuttleMonkey · from the can't-beat-real-world-experience dept. · 141 comments
    mstansberry writes "Lance Albertson, architect and systems administrator at the Oregon State University Open Source Lab, uses a sys admin staff of 18-21-year-old undergrads to manage servers for some high-profile, open-source projects (Linux Master Kernel, Linux Foundation, Apache Software Foundation, and Drupal to name a few). In this Q&A, Albertson talks about the challenges of using young sys admins and the lab's plans to move from Cfengine to Puppet for systems management."

  26. Cybersecurity Czar Job Is Useless, Says Spafford

    It · Security · · posted by Soulskill · from the federal-whipping-czar dept. · 104 comments
    Trailrunner7 writes "It's been about seven months since Obama announced his plan to hire a cybersecurity coordinator, and the job is still vacant. Several prominent security experts have turned the position down, and in an interview on Threatpost, Purdue professor Gene Spafford says that the position is pointless. 'It won't have any statutory authority. It won't have any budgetary authority. That does not give it much authority of any kind. So when I hear that there are supposedly people who have been interviewed for this cyber coordinator job and didn't take it, I'm not surprised. It's not a winning position. I'm not at all surprised by the fact that it's empty. That position is a blame-taking position,' Spafford said."

  27. The Perils of Ramming Products Down IT's Throat

    It · Microsoft · · posted by ScuttleMonkey · from the how-bofh's-are-born dept. · 461 comments
    snydeq writes "InfoWorld's Paul Venezia takes issue with the all-too-familiar practice of management dictating IT solutions to admins savvy enough to know the fiat revolves around far inferior products, in this case Nissan North America's embracing of Microsoft's Hyper-V. 'Very rarely do unilateral decisions by CIOs make for solid IT infrastructures, and they are generally at odds with what the admins on the ground are communicating,' Venezia writes, noting that upper managers who succumb to vendor tricks face a far worse fate than an infrastructure based on inferior technology — one devoid of the kind of expertise necessary to make the best of their flawed purchasing decisions. 'If continuously faced with the specter of having to implement and support clearly inferior products due to baffling, uneducated management decisions, top-flight admins will simply head elsewhere.'"

  28. Microsoft-Backed Firm Says IBM Is Anticompetitive

    Tech · Microsoft · · posted by timothy · from the ibm's-suffered-under-the-antitrust-whip-before dept. · 174 comments
    BBCWatcher writes "Microsoft has long claimed that the mainframe is dead, slain by the company's Windows monopoly. Yet, apparently without any mirror nearby, Microsoft is now complaining through the Microsoft-funded Computer & Communications Industry Association that not only are mainframes not dead, but IBM is so anticompetitive that governments should intervene in the hyper-competitive server market. The Wall Street Journal reports that Microsoft is worried that the trend toward cloud computing is introducing competition to the Windows franchise, favoring better-positioned companies including IBM and Cisco. HP now talks about almost nothing but the IBM mainframe, with no Tukwila CPUs to sell until 2010. The global recession is encouraging more mainframe adoption as businesses slash IT costs, dominated by labor costs, and improve business execution. In 2008, IBM mainframe revenues rose 12.5% even whilst mainframe prices fell. (IBM shipped 25% more mainframe capacity than in 2007. Other server sales reports are not so good.) IBM mainframes can run multiple operating systems concurrently, including Linux and, more recently, OpenSolaris."

  29. Kaminsky On DNS Bugs a Year Later and DNSSEC

    It · Security · · posted by CmdrTaco · from the i-feel-safer-already dept. · 127 comments
    L3sPau1 writes "Network security researcher Dan Kaminsky has had a year to reflect on the impact of the cache poisoning vulnerability he discovered in the Domain Name System. In the time since, Kaminsky has become an advocate for improving security in DNS, and ultimately, trust on the Internet. One way to do this is with the widespread use of DNSSEC (DNS Security Extensions), which essentially brings PKI to website requests. In this interview, Kaminsky talks about how the implementation of DNSSEC would enable greater security and trust on the Net and provide a platform for the development of new security products and services."

  30. How Do You Document Technical Procedures?

    Ask · Business · · posted by timothy · from the mt-spokane-ski-patrol dept. · 401 comments
    ChadDa3mon writes "I work for a large MSSP type operation and we deal with a plethora of vendors, versions, and .... skill sets. We're facing a critical problem as we grow when trying to deal with these varying degrees of technical competency. The end result is we're getting to the point where we have to document every procedure and process, no matter how mundane or 'common sense' it may seem." How, ChadDa3mon wants to know, can complex skills be documented to account for various users? Read on for more details of what he's seeking. "I've got a picture of how I'd like this to work in my head, but I can't find any software out there that seems to go along with it. I'm a big fan of keeping things simple, so I'd like to start with high level overviews. Each step in the process would be a general statement like 'Look for valid traffic on the monitoring interface'. For those who already know what 'valid traffic' means, it's easy to follow. However, if there was someone who was unsure what it meant, there would be a link they could click on that would pop open a new window (or something similar) explaining in detail what we're looking for and how to find it. It's my hope that using this process, people aren't just blindly running commands, but gaining an understanding into what that command is, and why we use it, what to be aware of, etc.

    This seems like a job for a flow chart, but I don't like the setup of any of the ones I've used, such as Visio. It could also maybe fulfilled by a wiki, but there's so many out there I don't know where to start. I have to assume I'm not the only person who's facing a problem like this, so I'm hoping someone else out there can make some recommendations."

  31. The Mainframe World Is Alive, Even For Those Under 40

    Hardware · Ibm · · posted by timothy · from the onions-on-belts-and-snowshoe-flippers dept. · 361 comments
    willdavid writes with a link to a report by Jeff Gould at Interop Systems, about the definitely-still-around world of mainframe computing, from which he extracts: "Last week I had the occasion to visit SHARE, the premier mainframe conference, which was held in San Jose just down the road from where I live. Based on what I saw, there is one thing I can tell you for sure, and that is that Cobol is not dead. And neither is the mainframe. When I mentioned to one of my friends that I had been to SHARE, he joked that it must have looked like an AARP convention. But this turned out not to be so. While there were certainly a few 60-somethings strolling around the halls, the under 40 generation was also well represented. What struck me the most was not the advanced age of the people but the relative youth of a lot of the software being discussed." However, it's not all fountain of youth there, either. (Thanks, BDPrime.)

  32. Vista's Security Rendered Completely Useless

    It · Security · · posted by kdawson · from the bypassing-memory-protection-safeguards dept. · 415 comments
    scribbles89 sends in a story that originally ran in SearchSecurity; it sounds like it could be a game-changer. "While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren't based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista's fundamental architecture. According to Dino Dai Zovi..., 'the genius of this is that it's completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That's completely game over.'" Update: 08/08 14:23 GMT by KD : Changed the link, as the story first linked had been lifted without attribution.

  33. IE 8 To Include New Security Tools

    · posted by ryuzaki0 · from the hopefully-half-of-them-work dept. · 177 comments
    Trailrunner7 writes "Internet Explorer has been a security punching bag for years, and rightfully so. IE 6 was arguably the least secure browser of all time. But Microsoft has been trying to get their act together on security, and the new beta of IE 8, due in August, will have a slew of new security features, including protection against Type-1 cross-site scripting attacks, a better phishing filter and better security for ActiveX controls."

  34. Video Demo of Microsoft's "Containerized" Data Storage

    Hardware · Business · · posted by timothy · from the trailer-parks-have-always-been-ahead-of-their-time dept. · 82 comments
    BDPrime writes "Michael Manos, Microsoft's director of data center services, shows a 3-D rendering of the company's upcoming containerized data center, which is like a facility full of shipping containers. He also demos Scry, Microsoft's internal data center analytics tool that lets the company monitor the data center's energy use, carbon footprint and power bill. There are a few companies out there that are now touting the data center in a shipping container. Sun was one of the first with its Blackbox, now called the Sun MD, while others include Rackable Systems' ICE Cube and Verari's FOREST."

  35. Video Demo of Microsoft's "Containerized" Data Storage

    Hardware · Business · · posted by timothy · from the trailer-parks-have-always-been-ahead-of-their-time dept. · 82 comments
    BDPrime writes "Michael Manos, Microsoft's director of data center services, shows a 3-D rendering of the company's upcoming containerized data center, which is like a facility full of shipping containers. He also demos Scry, Microsoft's internal data center analytics tool that lets the company monitor the data center's energy use, carbon footprint and power bill. There are a few companies out there that are now touting the data center in a shipping container. Sun was one of the first with its Blackbox, now called the Sun MD, while others include Rackable Systems' ICE Cube and Verari's FOREST."

  36. IBM Leaks Details on New Mainframe

    It · Ibm · · posted by ScuttleMonkey · from the it's-all-about-the-benjamips dept. · 185 comments
    Mark writes "Big Blue inadvertently revealed details about its new z10 Enterprise Class mainframe set to launch on Feb. 26, as well as details on z/OS v1.10, a new version of the mainframe OS due out in September. 'According to an internal IBM document obtained by SearchDataCenter.com, the z10 Enterprise Class will come in five different models and feature 64-way chips, compared with the 54-way z9 mainframes and earlier 32-way models. In a conference call last month, IBM CFO Mark Loughridge told investors that the z10 would have 50% more capacity, which indicates that it will probably tap out at around 27,000 million instructions per second (MIPS) at the top end, compared with about 18,000 MIPS on the previous z9 Enterprise Class.'"

  37. IBM Leaks Details on New Mainframe

    It · Ibm · · posted by ScuttleMonkey · from the it's-all-about-the-benjamips dept. · 185 comments
    Mark writes "Big Blue inadvertently revealed details about its new z10 Enterprise Class mainframe set to launch on Feb. 26, as well as details on z/OS v1.10, a new version of the mainframe OS due out in September. 'According to an internal IBM document obtained by SearchDataCenter.com, the z10 Enterprise Class will come in five different models and feature 64-way chips, compared with the 54-way z9 mainframes and earlier 32-way models. In a conference call last month, IBM CFO Mark Loughridge told investors that the z10 would have 50% more capacity, which indicates that it will probably tap out at around 27,000 million instructions per second (MIPS) at the top end, compared with about 18,000 MIPS on the previous z9 Enterprise Class.'"

  38. OpenOffice.org 2.3 Review

    Linux · Software · · posted by Zonk · from the penguins-look-good-in-text dept. · 227 comments
    Peace Frog writes passed us a link to an in-depth review of the newest version of OpenOffice. Instead of just the normal bug fixes, 2.3 has added several new features. Examples include: "A bunch of new and enhanced features like restoring the user-defined movement path in Impress and applying better default print settings in Calc. Check the release notes for complete information from OpenOffice.org. A significantly different chart tool. New extensions provided by Sun and other vendors. You will need to run 2.3 for the extensions to work. Read more about the new extensions on the OpenOffice.org web site." The general impression from the review is that the OO team is doing an excellent job of responding to feedback from previous releases.

  39. Xbox Live Disallows Linux, Unix As Keywords

    Games · Microsoft · · posted by kdawson · from the way-beyond-childish dept. · 281 comments
    shafty023 writes "The Xbox Live online service disallows screen names like LINUXRULES, L I N U X, and other variations of these kinds. Other bloggers are reporting that variants of 'Unix' also result in the message: 'Your motto contains inappropriate language. Please try again.'" If this is an extension of Microsoft's anti-Linux campaign, perhaps it's time they gave it up.

  40. EPA Sends Data Center Power Study to Congress

    Hardware · Power · · posted by CmdrTaco · from the turns-out-we-use-a-lot-of-juice dept. · 127 comments
    BDPrime writes "We've all been hearing ad nauseum about power and cooling issues in the data center. Now the EPA has issued a final report to Congress detailing the problem and what might be done to fix it. Most likely what will happen is the EPA will add servers and data centers into its Energy Star program. If you don't feel like reading the entire 133-page report, the 14-page executive summary is a little easier to get through."

  41. New Hack Exploits Common Programming Error

    It · Security · · posted by ScuttleMonkey · from the gibson-unavailable-for-comment dept. · 255 comments
    buzzardsbay writes "TechTarget's security editor, Dennis Fisher is reporting that researchers at Watchfire Inc. have discovered a reliable method for exploiting a common programming error, which until now had been considered simply a quality problem and not a security vulnerability. According to the article, the researchers stumbled upon the method for remotely exploiting dangling pointers by chance while they were running the company's AppScan software against a Web server. The good folks at Watchfire will detail the technique in a presentation at the Black Hat Briefings in Las Vegas in August, Fisher writes."

  42. An eBay For Hackers

    It · Security · · posted by kdawson · from the can-you-spell-zero-bay dept. · 60 comments
    cyberdelicat writes to let us know about a Swiss security firm called WabiSabiLabi that is causing waves with its open auction for zero-day security vulnerabilities. While WSLabi claims they will thoroughly vet both buyers and sellers of vulnerabilities, many researchers are skeptical about how effectively they can do this. The Washington Post article mentions the guy who almost opened a similar auction site several years back, to be called Zero-Bay, but pulled the plug at the last minute. SearchSecutiry notes that some security researchers are now referring to WSLabi as "zerobay" as they undermine the auction site by reproducing and publishing vulnerabilities as soon as they appear for sale.

  43. Microsoft .NET Patch May Make PCs Go "Haywire"

    · posted by ryuzaki0 · from the danger-will-robinson-danger dept. · 212 comments
    yuna49 writes "Various people are reporting that the MS07-040 patch for .NET released on Tuesday can cause a variety of seemingly unrelated problems. According to the SANS Internet Storm Center 'the reports we got so far seem not to lead to any specific thing that happens in many cases, just various things going haywire.' Some commentators on The Register's report of this story indicate that the patch failed to install at all, while others report things like the mouse suddenly failing to work or long periods of hard drive thrashing. In some cases a hard reboot seems to fix the problem, but other reports suggest that a reinstallation of the .NET framework itself is required. The problems may be related to the MSCORSVW.EXE process which recompiles all the .NET assemblies when the patch is downloaded. While the recompilations are supposed to run as a background task, in some instances the recompilation will drive the processor to 100% usage."

  44. Red Hat Boosts SELinux With RHEL 5

    It · Security · · posted by kdawson · from the reducing-false-alarms dept. · 175 comments
    E. Stride writes "Many IT managers find Security Enhanced Linux, or SELinux, to be wildly complex. The mandatory access controls originally developed by the NSA have developed a reputation for being too complicated to deal with, and many IT shops simply turn the feature off. However, Red Hat's Dan Walsh says it's the only way to ensure 100% protection in the data center."

  45. NY Stock Exchange Moves To Linux

    Linux · Unix · · posted by kdawson · from the bye-bye-big-iron dept. · 272 comments
    An anonymous reader writes "Even the old mainframe strongholds, the financial markets, are moving away from big iron. The New York Stock Exchange is one of them, as it's leaving the mainframe for AIX and Linux. They're doing it to save money; it seems that transactions are going to cost half as much on Unix and Linux as they did on the mainframe." The first phase of the transition happened last Monday.

  46. Even My Mom Could Hack These Sites

    It · Security · · posted by CmdrTaco · from the figuratively-speaking-anyway dept. · 233 comments
    Frequent Slashdot Contributor Bennett Haselton's latest story is ready for your consumption. He starts "Recently, as an experiment, I wrote from my Hotmail account to ten different hosting companies that were each hosting some of my Web sites, asking for logins to change the domain settings. Even though I never provided any proof that the messages from the Hotmail account were really coming from me (the address they all had on file for me was a different one), half of them replied back and gave me the logins that I needed."

    I figured that if I wrote to them saying "I forgot my password, please mail it to me," that would be too obvious. Instead, at the time I had set up shop with these hosting companies, I entered a domain name at the time of creating my account, and asked them to register it on my behalf (long before I had this experiment in mind). Then when I wrote to them recently from my Hotmail address, I sent each of them a message saying: I need to transfer this domain somewhere else, can you give me the login at the registrar where you registered the domain, so I can change the domain settings. Five of the ten companies either (a) gave me the registrar login, (b) transferred the domain to my registrar account on request (even though I never provided any proof that the owner of that registrar account was really me, either), or (c) changed the domain to point to a new IP address that I specified -- all of which, of course, would allow an attacker to take over a site temporarily or even permanently, if it hadn't really been me writing from the Hotmail address.

    But slow down before you go off to try this out on Yahoo, eBay or Google hoping to get the same 50% success rate. First, these were all low-budget hosting companies, so the people handling my queries were likely not highly trained professionals who would have developed all the right habits about when to get suspicious. Second, this ruse only worked because the hosting companies registered the domains on my behalf. Most sites that are really worth taking over, are hosted on dedicated servers, and this trick wouldn't work on a dedicated hosting company because they usually don't register domains on behalf of customers; they assume that anybody buying an expensive dedicated server, knows enough to buy the domain and point it at the server that the company gives them.

    But even for small-time hosting, a 50% success rate for a trick like this is uncomfortably high. So what can we do about it? Well, every problem has a non-solution that requires changing human nature ("People should just stop buying from spammers and they'd go out of business!") and a non-solution that ignores the economics of the situation ("ISPs should devote more resources to stopping spammers on their own network!"). In this case, the corresponding non-solutions would be (a) "People who work for hosting companies should be less gullible" and (b) "ISPs should hire smarter people, without charging more to their hosting customers".

    The solution that doesn't require any cheating, though, is to have procedures in place for anything remotely security-related, and drum into employees' heads that they have to follow those procedures. Here's some good news: Of the five companies that fell for the ruse asking for my registrar login information, when I followed up with them saying "Hey, I forgot my account password, can you mail it to me", only two of them actually sent my password to the Hotmail account. To those two, I replied with some terse words about having a six-inch-thick steel door while leaving the window wide open. But at least it was only two out of ten that fell for that ruse, compared to five out of ten that fell for the registrar trick. The difference is that hosting companies have procedures in place to deal with password resets -- a script that sends the existing password, or sends a reset-password link, only to the customer's e-mail address on file.

    Similarly, any hosting company that registers domains on behalf of users, should have procedures in place for transferring the domains to users or letting them change domain settings. In fact, of the five companies that didn't fall for the ruse, most of them said "Go to the customer control panel here and log in" -- it wasn't that their guard went up because I was writing from a Hotmail account, it was that they already had procedures in place for a customer wanting to change domain settings, and what's what the idiot-proof book told them to do. Kevin Mitnick always said that the weakest link in any security chain was people. Sometimes the way for ISPs to tighten security is to make the people in the chain act more like machines.

    Until then, there are probably many sites out there that are this easy to "hack", using a method that could charitably be called low-tech. After seeing which hosting companies fell for the trick, I pointed out that they had sent the login information to an unverified address and admonished them to be more careful in the future, but I didn't storm out vowing to take all of my business elsewhere -- after all, if 50% of all low-budget hosting companies out there fall for this, what would be the point?

  47. AMD Promises Open Source Graphics Drivers

    Tech · Graphics · · posted by Zonk · from the feel-the-love-linux-gamers dept. · 264 comments
    MoxFulder writes "Henri Richard, AMD's VP of sales, has promised to deliver open-source drivers for ATI graphics cards (recently acquired by AMD) at the recent Red Hat Summit. A series of good news for proponents of open-source device drivers. In the last year, Intel, the leading provider of integrated graphics cards, has opened their drivers as well. But ATI and NVidia, the only two players in the market for high-performance discrete graphics cards, have so far released only closed-source drivers for their cards. This has created numerous compatibility, stability, and ethical problems for users of Linux and other open source OSes, and prompted projects like Nouveau to try and reverse-engineer NVidia drivers. Hopefully AMD's decision will put pressure on NVidia to release open-source drivers as well!"

  48. Time to End Microsoft's Patch Tuesday?

    It · Security · · posted by Zonk · from the plenty-of-time-for-trickery dept. · 256 comments
    buzzardsbay writes "Techtarget's resident security curmudgeon, Dennis Fisher, is calling for an end to Microsoft's monthly security patching cycle. Fisher points out that 'a hacker only needs one unpatched system, one little crack in the fence in order to launch a major attack on a given network. The sheer volume of the patches Microsoft releases each month makes it quite difficult for even the most conscientious IT department to get every patch out to all of the affected systems in a reasonable amount of time.'"

  49. TJX Is Biggest Data Breach Ever

    It · Security · · posted by kdawson · from the millions-and-milliions dept. · 104 comments
    jcatcw writes "Jaikumar Vijayan reports for Computerworld that TJX is finally offering more details about the extent of the compromise which, at 45.6M cards, is the biggest ever. He has been following the story since it started. The systems that were broken into processed payment card, checks, and returns for customers of T.J. Maxx, Marshalls, HomeGoods, and A.J. Wright stores in the U.S. and Puerto Rico, and customers of Winners and HomeSense stores in Canada and T.K. Maxx in the U.K. Customer names and addresses were not included in the stolen data. So far the company has spent about $5 million in connection with the breach. Several lawsuits that have been filed against the company, including a suit by the Arkansas Carpenters Pension Fund, one of its shareholders, for failure to divulge more details about the breach."

  50. Open Source Network Management Beats IBM and HP

    Tech · Software · · posted by ScuttleMonkey · from the slow-and-steady-going-for-the-win dept. · 100 comments
    mjhuot writes "Last week SearchNetworking.com announced their Product Leadership Awards for 2007. It was a pleasant surprise to see an open source project, OpenNMS, win the Gold in their Network and IT Management Platforms category. OpenNMS beat out the established players of Hewlett-Packard's OpenView and IBM's Tivoli. This was based on a user survey of all IT solutions, not just open source; it demonstrates that open source software is indeed making inroads into the enterprise."