Slashdot Mirror

judgecorp writes "Germany's Chancellor Angela Merkel has given her backing to proposed European privacy regulations and demanded that U.S. firms should meet German privacy rules. Merkel's stance comes as U.S. firms lobby against strict E.U. privacy proposals — but also follows revelations from Edward Snowden through German newspaper Der Spiegel, that the German authorities are helping the NSA spy on German citizens."

An anonymous reader writes "Australian telecommunications giant Telstra has for a decade been storing huge volumes of electronic communications carried between Asia and America for surveillance by U.S. intelligence agencies. This includes not just the metadata, but the actual content of emails, online messages and phone calls. With the blessing of the Australian government Telstra agreed to route data through a 'U.S. point of contact through a secure storage facility on U.S. soil that was staffed exclusively by U.S. citizens.' The contract was prompted by Telstra's decision to expand its business in Asia by taking control of hundreds of kilometers of undersea telecommunications cables. The deal started under the Liberal Party and continued under Labor. The Greens have demanded an explanation."

hypnosec writes "The longstanding stalemate between the Government of India and BlackBerry (formerly RIM) is over after the government reportedly accepted the solution provided by BlackBerry regarding lawful interception of messages sent using BBM and internet emails sent using BlackBerry Internet Services (BIS). As a result of this, the government will now be able to monitor e-mails in real-time sent using BlackBerry services and messages on BlackBerry Messenger. According to Economic Times, which claims to have reviewed a copy of the internal Department of Telecom document, 'Baring a few minor points for improvement of viewers, the lawful interception system for BlackBerry Services is ready for use.' The initial demands of the government also included the ability to intercept and monitor emails and messages sent using BlackBerry Enterprise Server, but it seems that this demand have been shelved for now."

itwbennett writes "You can try to train them, you can try to streamline or automate the process, you can demand that all bug reports go through a middleman (i.e., a QA tester) or you can throw up your hands and accept that users will forever submit bug reports that in no way help you solve the problem. Like the stages of grief, you've probably tried or experienced all of these at some point. But have you found any approach that really works for getting useful bug reports from your users?"

darthcamaro writes "UEFI Secure Boot is a problem that only desktop users need to worry about right? Well kinda/sorta/maybe not. SeSE today is releasing SUSE Linux Enterprise 11 SP3 which will include for the first time — support for UEFI Secure Boot. Apparently SUSE sees market demand for Secure Boot on servers too. Quoting Matthias Eckermann, Senior Product Manager at SUSE: 'Our market analysis shows that UEFI Secure Boot is a UEFI extension that does not only cover desktops, but might very well also be deployed and even required on server systems going forward.'"

An anonymous reader writes "As physical book stores continue to struggle and disappear, the NY Times puts the changing book industry into perspective as a cost of the existence of Amazon. Further, it's a cost that hasn't been fully paid, as other effects of Amazon's ascendancy have yet to be felt. Quoting: 'One consequence of this shift is that soon no one will know what a book's "real" price is. Price will be determined by demand and perhaps by whim. The first seeds of this can be seen in the Justice Department's suit against the leading publishers, who felt that Amazon was pricing their e-books so low that it threatened their viability. The government accused the publishers of colluding to raise prices in an anti-consumer move. Amazon was not a party to the case, but it emerged the big winner.' Economists, publishers, and readers no longer have confidence that a book will cost the same amount this week as it did the last."

Nerval's Lobster writes "As the U.S. government continues to pursue former NSA contractor Edward Snowden for leaking some of the country's most sensitive intelligence secrets, the debate over federal surveillance seems to have abated somewhat — despite Snowden's stated wish for his revelations to spark transformative and wide-ranging debate, it doesn't seem as if anyone's taking to the streets to protest the NSA's reported monitoring of Americans' emails and phone-call metadata. Even so, will the recent revelations about the NSA cause a spike in demand for sophisticated privacy software, leading to a glut of new apps that vaporize or encrypt data? While there are quite a number of tools already on the market (SpiderOak, Silent Circle, and many more), is their presence enough to get people interested enough to install them? Or do you think the majority of people simply don't care? Despite some polling data that suggests people are concerned about their privacy, software for securing it is just not an exciting topic for most folks, who will rush to download the latest iteration of Instagram or Plants vs. Zombies, but who often throw up their hands and profess ignorance when asked about how they lock down their data."

Nerval's Lobster writes "Major IT vendors have been including custom-built wind- and solar-power farms in their datacenter construction plans. But while wind and solar power may be clean, they're often unreliable, especially by the standards of datacenters that need a way to keep operating through any unexpected surges or drops in power. How about saving the wind that generates the power? That might work, according to researchers at the federal Bonneville Power Administration (BPA), and U.S. Department of Energy's Pacific Northwest National Laboratory. A study published in February (PDF) outlined the potential benefit of pumping pressurized air into caverns deep underground as a way to store wind energy, then letting it out whenever demand spikes, or the wind drops, and the above-ground facilities need help spinning enough turbines to keep power levels steady. The technique, called Compressed Air Energy Storage (CAES) isn't new: existing CAES plants in Alabama and Huntorf, Germany (built in 1991 and 1978, respectively) store compressed air in underground salt caverns hollowed out by solution mining (pumping salt-saturated water out of concentrations of salt buried far underground and replacing it with fresh water). But implementing such a technique for datacenters might take a little work. The BPA and the Pacific Northwest National Laboratory have already identified, and are evaluating, sites in the Pacific Northwest that would be suitable for CAES underground reservoirs; the first, which could be located in Washington's Columbia Hills could—via existing CAES technology—store enough compressed air to generate a steady 207MW for 40 days of continuous usage, ultimately delivering 400 additional hours without adding any compressed air."

holy_calamity writes "U.S. citizens have historically been protected from government surveillance by technical limits, not legal ones, writes independent security researcher Ashkan Soltani at MIT Tech Review. He claims that recent leaks show that technical limits are loosening, fast, with data storage and analysis cheap and large Internet services taking care of data collection for free. 'Spying no longer requires following people or planting bugs, but rather filling out forms to demand access to an existing trove of information,' writes Soltani."

coondoggie writes "The Federal Trade Commission today said it has won a $7.5 million civil penalty – the largest ever — against Mortgage Investors Corporation, one of the nation's biggest refinancers of veterans' home loans for allegedly violating 'Do Not Call' requirements. According to the FTC’s complaint, Mortgage Investors Corporation called consumers on the Federal Trade Commission’s National Do Not Call Registry, failed to remove consumers from its company call list upon demand, and misstated the terms of available loan products during telemarketing calls."

OakDragon writes "A Franklin, Tennessee man has been indicted for his attempt to blackmail Mitt Romney. Michael Mancil Brown allegedly claimed his intent to release some of Romney's pre-2010 tax documents unless one million dollars was converted to Bitcoins and deposited into an account which he specified. Demand letters were sent to Republican and Democratic Party offices in Tennessee, and Pricewaterhouse Coopers (whom he claimed to have stolen the documents from). Pricewaterhouse Coopers denies that he ever obtained such documents. Brown was also attempting to "sell" the documents to others (presumably the Democrats or other interested parties) for the same amount. And yes, he was apparently well aware of the Dr. Evil reference."

Dupple writes with this excerpt from the BBC: "Drayson Racing Technologies has broken the world land speed record for a lightweight electric car. Its Lola B12 69/EV vehicle hit a top speed of 204.2mph (328.6km/h) at a racetrack at RAF Elvington in Yorkshire. ... The previous 175mph record was set by Battery Box General Electric in 1974. Drayson Racing is not the only electric vehicle-maker hoping to use motorsport to spur on adoption of the technology. Last week Nissan unveiled the Zeod RC (Zero Emission On Demand Racing Car), which can switch between electric and petrol power. The firm intends to enter the vehicle into next year's Le Mans 24 race saying the competition would act as a 'challenging test bed' for technologies that could eventually find their way into road cars." This video from last year introduces the Lola; Drayson's YouTube channel has plenty more footage, too.

An anonymous reader notes that the FTC has sent letters to search engine companies (PDF) telling them to make sure advertisements are clearly distinguishable from search results. "According to both the FTC staff's original search engine guidance and the updated guidance, failing to clearly and prominently distinguish advertising from natural search results could be a deceptive practice. The updated guidance emphasizes the need for visual cues, labels, or other techniques to effectively distinguish advertisements, in order to avoid misleading consumers, and it makes recommendations for ensuring that disclosures commonly used to identify advertising are noticeable and understandable to consumers. The letters note that the principles of the original guidance still apply, even as search and the business of search continue to evolve. The letters observe that social media, mobile apps, voice assistants on mobile devices, and specialized search results that are integrated into general search results offer consumers new ways of getting information. The guidance advises that regardless of the precise form that search takes now or in the future, paid search results and other forms of advertising should be clearly distinguishable from natural search results."

sagecreek writes "If you are in charge of a small network with just a few servers, you may still be doing configuration management primarily by hand. And you may take particular pride in maintaining that 'artisan' role. After all, it's mostly up to you to set up new users and their machines, fix current problems, manage the servers and their software, create databases and their user accounts, and try to keep the network and user configurations as uniform as possible despite running several different brands--and vintages--of hardware and software. However, warns infrastructure consultant John Arundel, '[b]eyond ten or so servers, there simply isn't a choice. You can't manage an infrastructure like this by hand. If you're using a cloud computing architecture, where servers are created and destroyed minute-by-minute in response to changing demand, the artisan approach to server crafting just won't work.' In his new book, Puppet 3 Beginner's Guide, Arundel emphasizes: 'Manual configuration management is tedious and repetitive, it's error-prone, and it doesn't scale well. Puppet is a tool for automating this process.'" Read below for the rest of sagecreek's review. Puppet 3 Beginner's Guide author John Arundel pages 184 publisher Packt Publishing rating 8 out of 10 reviewer sagecreek ISBN 978-1-78216-124-0 summary Learn how to fully utilize Puppet through simple, practical examples Actually, among "UNIX-like systems," there are at least three major configuration management (CM) packages — Puppet, Chef, and CFEngine — plus some other competitors, Arundel notes. He calls them "all great solutions to the CM problem...it's not very important which one you choose as long as you choose one." But he hopes, of course, you will check out Puppet and his new, well-written how-to book.

Puppet 3 Beginner's Guide is structured to help system administrators "start from scratch...and learn how to fully utilize Puppet through simple, practical examples."

Arundel's book places important emphasis on the rapidly closing "divide between 'devs,' who wrangle code, and 'ops,' who wrangle configurations. Traditionally, the skills sets of the two groups haven't overlapped much," he notes. "It was common until recently for system administrators not to write complex programs, and for developers to have little or no experience of building and managing servers."

Today, he points out, system admins are "facing the challenge of scaling systems to enormous size for the web, [and] have had to get smart about programming and automation." Meanwhile, "[d]evelopers, who now often build applications, services, and businesses by themselves, couldn't do what they do without knowing how to set up and fix servers."

Therefore, "[t]he term 'devops' has begun to be used to describe the growing overlap between these skill sets," Arundel emphasizes. "Devops write code, herd servers, build apps, scale systems, analyze outages, and fix bugs. With the advent of CM systems, devs and ops are now all just people who work with code."

Arundel's 184-page Puppet 3 Beginner's Guide has 10 chapters that are smoothly structured with numerous headings, subheadings, short paragraphs, code examples, and other illustrations. He has generated his code examples using the Ubuntu 12.04 LTS "Precise" distribution of Linux. But he explains how to load the software using "Red Hat Linux, CentOS, or another Linux distribution that uses the Yum package system," as well.

Chapter 1, "Introduction to Puppet," explains the software's basic architecture and shows how Puppet deals with large-scale configuration management problems.

In Chapter 2, "First Steps with Puppet," the author details how to install Puppet, create a simple manifest, and apply it to a machine. He also offers some basic Puppet language examples.

Chapter 3, "Packages, Files, and Services," focuses on "how to use these key resource types...and how they work together" and presents "a complete and useful example based on the Nginx web server."

In Chapter 4, "Managing Puppet with Git," Arundel shows "a simple and powerful way to connect machines together using Puppet, and to distribute your manifests and work on them together collaboratively using the version control system Git."

The emphasis in Chapter 5, "Managing Users," is on "good practices for user administration" and implementing them with Puppet. The chapter also covers "how to control access using SSH and manage user privileges using sudo."

The topics covered in Chapter 6, "Tasks and Templates," include using "Puppet's resource types to run commands, schedule regular tasks, and distribute large trees of files." Also covered: "how to insert values dynamically into files using templates."

In Chapter 7, "Definitions and Classes," Arundel explains "how to organize Puppet code into reusable modules and objects. We'll see how to create definitions and classes, and how to pass parameters to them."

Chapter 8, "Expressions and Logic," dives deeper into Puppet code. It "shows how to control flow using conditional statements and logical expressions, and how to build arithmetic and string expressions. It also covers operators, arrays, and hashes."

Chapter 9, "Reporting and Troubleshooting," deals with what the author terms "the practical side of working with Puppet," including diagnosing and solving common problems, debugging the software's operations, and understanding Puppet's error messages.

The final section, Chapter 10, "Moving on Up," wraps up with a range of topics, including how to make Puppet code "more elegant, more readable, and more maintainable." Arundel also offers "links and suggestions for further reading." And he describes nine projects to help you "improve your skills and your infrastructure at the same time." The projects, he says, "provide a series of stepping-stones from your first use of Puppet to a completely automated environment."

Puppet's maker, Puppet Labs, offers some virtual-machine options for learning the software. The choices are: (1) a VXM version recommended for VMware Fusion and VMware Workstation; and (2) an OVF version recommended for VirtualBox "and all other non-VMware virtualization software." Puppet Labs also offers a Puppet Enterprise version of its software that supports up to 10 nodes free.

Along with Linux, Puppet will run on other several platforms, including Windows and Macs,, but you will find little help for those in Arundel's book. You will need to use Puppet Lab's online Mac or Windows documentation. And Windows may not be the greatest of choices. As the documentation notes: "Windows nodes can't act as puppet masters or certificate authorities, and most of the ancillary Puppet subcommands aren't supported on Windows."

It can take a bit of work to get Puppet installed and configured. But once you have it running in a Linux environment, John Arundel's new book can be a solid guide to helping you become both a proficient Puppet user and a more efficient, knowledgeable, and versatile system administrator.

You can purchase Puppet 3 Beginner's Guide from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

BioTitan writes "New York City's plans to build its tech sector have turned out like a party gone wrong — someone inviting 100 people expecting 10 to show up, but finding that not only did everyone come, but they also brought their friends. New York City Mayor Michael Bloomberg wants to build NYC into the second Silicon Valley. Dedicated spaces complete with 3-D printers, workshops, and computers with design software are being built — with the Brooklyn Navy Yard leading the way — yet there is far from enough space to meet demand. Tucker Reed, president of the Downtown Brooklyn Partnership, said, 'Despite the presence of a considerable number of commercial buildings in downtown Brooklyn, longer term leases have tied up much of the current space over the next five years.'"

Zordak writes "When Jake Freivald received a questionable Cease and Desist letter from a big-firm attorney, demanding that he immediately relinquish rights to his website http://westorage.info, his pro-bono lawyer decided to treat the letter like the joke that it was. In a three-page missive, the lawyer points out the legal, constitutional, and ethical problems with the letter that led him to conclude that the letter was a joke. He concludes, in a postscript, with an unsubstantiated demand for $28,000 in overpaid property taxes, and offers to lease the city the domain name 'westorange.gov' in exchange."

MarkWhittington writes "Politico reports in a June 18, 2013 story that House Republicans have added a Mars base to its demands for a lunar base in the draft 2013 NASA Authorization bill. Both the Bush-era Constellation program and President Obama space plan envisioned eventual human expeditions to Mars. But if Politico is correct, the new bill will be the first time an official piece of legislation will call for permanent habitation of the Red Planet. The actual legislative language states, 'The [NASA] Administrator shall establish a program to develop a sustained human presence on the Moon and the surface of Mars.'"

colinneagle writes "A recent GigaOm report discusses Verizon's 'peering' practices, which involves the exchange of traffic between two bandwidth providers. When peering with bandwidth provider Cogent starts to reach capacity, Verizon reportedly isn't adding any ports to meet the demand, Cogent CEO Dave Schaffer told GigaOm. 'They are allowing the peer connections to degrade,' Schaffer said. 'Today some of the ports are at 100 percent capacity.' Why would Verizon intentionally disrupt Netflix video streaming for its customers? One possible reason is that Verizon owns a 50% stake in Redbox, the video rental service that contributed to the demise of Blockbuster (and more recently, a direct competitor to Netflix in online streaming). If anything threatens the future of Redbox, whose business model requires customers to visit its vending machines to rent and return DVDs, it's Netflix's instant streaming service, which delivers the same content directly to their screens."

Nerval's Lobster writes "In case you didn't catch it yesterday, AllThingsD ran a piece endorsing the idea of the software-defined data center. That's a venue where hordes of non-technical mid- and upper-level managers will see it and (because of the credibility of AllThingsD) will believe software-defined data centers are not only possible, but that they exist and that your company is somehow falling behind because you personally have not sketched up a topology on a napkin or brought a package of it to install. If mid-level managers in your datacenter or extended IT department have not been pinged at least once today by business-unit managers offering to tip them off to the benefits of software-defined data centers—or demand that they buy one—then someone should go check the internal phone system because not all the calls are coming through. Why was AllThingD's piece problematic? First, because it's a good enough publication to explain all the relevant technology terms in ways that even a non-technical audience can understand. Second, it's also a credible source, owned by Dow Jones & Co. and spun off by The Wall Street Journal. Third, software-defined data centers are genuinely happening—but it's in the very early stages. The true benefits of the platform won't arrive for quite some time—and there's too much to do in the meantime to talk about potential endpoints. Fortunately, there are a number of resources online to help tell hype from reality."

New submitter EdPbllips writes "Law enforcement officials nationwide are demanding the creation of a 'kill switch' that would render smartphones inoperable after they are stolen, New York's top prosecutor said Thursday in a clear warning to the world's smartphone manufacturers. Citing statistics showing that 1 in 3 robberies nationwide involve the theft of a mobile phone, New York Attorney General Eric Schneiderman announced the formation of a coalition of law enforcement agencies devoted to stamping out what he called an 'epidemic' of smartphone robberies. 'All too often, these robberies turn violent,' said Schneiderman, who was joined at a news conference by San Francisco District Attorney George Gascon. 'There are assaults. There are murders.'" Apple described a system like this in their presentation about iOS 7 at WWDC.