DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
NASA

NASA Launches Massive Digital Library For Space Video, Photos and Audio (space.com) 20

earlytime quotes a report from Space.com: NASA on Tuesday (March 28) unveiled a new online library that assembles the agency's amazing space photos, videos and audio files into a single searchable library. The NASA Image and Video Library, as the agency calls it, can be found at http://images.nasa.gov/ and consolidates space imagery from 60 different collections into one location. The new database allows users to embed NASA imagery in websites, includes image metadata like date, description and keywords, and offers multiple resolution sizes, NASA officials said. According to the NASA statement, other features include: Automatic scaling to suite the interface for mobile phones and tablets; EXIF/camera data that includes exposure, lens used and other information (when available from the original image); Easy public access to high resolution files; Downloadable caption files for all videos. The new NASA archive is not meant to be a complete archive of all of the space agency imagery. But it does aim to showcase what the space agency has to offer.
Businesses

DJI Proposes New Electronic 'License Plate' For Drones (digitaltrends.com) 61

linuxwrangler writes: Chinese drone maker DJI proposed that drones be required to transmit a unique identifier to assist law enforcement to identify operators where necessary. Anyone with an appropriate receiver could receive the ID number, but the database linking the ID with the registered owner would only be available to government agencies. DJI likens this to a license plate on a car and offers it as a solution to a congressional mandate that the FAA develop methods to remotely identify drone operators. "The best solution is usually the simplest," DJI wrote in a white paper on the topic, which can be downloaded at this link. "The focus of the primary method for remote identification should be on a way for anyone concerned about a drone flight in close proximity to report an identifier number to the authorities, who would then have the tools to investigate the complaint without infringing on operator privacy. [...] No other technology is subject to mandatory industry-wide tracking and recording of its use, and we strongly urge against making UAS the first such technology. The case for such an Orwellian model has not been made. A networked system provides more information than needed, to people who don't require it, and exposes confidential business information in the process."
Databases

Facial Recognition Database Used By FBI Is Out of Control, House Committee Hears (theguardian.com) 86

The House oversight committee claims the FBI's facial recognition database is out of control, noting that "no federal law controls this technology" and "no court decision limits it." At last week's House oversight committee hearing, politicians and privacy campaigners presented several "damning facts" about the databases. "About 80% of photos in the FBI's network are non-criminal entries, including pictures from driver's licenses and passports," reports The Guardian. "The algorithms used to identify matches are inaccurate about 15% of the time, and are most likely to misidentify black people than white people." From the report: "Facial recognition technology is a powerful tool law enforcement can use to protect people, their property, our borders, and our nation," said the committee chair, Jason Chaffetz, adding that in the private sector it can be used to protect financial transactions and prevent fraud or identity theft. "But it can also be used by bad actors to harass or stalk individuals. It can be used in a way that chills free speech and free association by targeting people attending certain political meetings, protests, churches, or other types of places in the public." Furthermore, the rise of real-time face recognition technology that allows surveillance and body cameras to scan the faces of people walking down the street was, according to Chaffetz, "most concerning." "For those reasons and others, we must conduct proper oversight of this emerging technology," he said.
Cloud

Apache Hadoop Has Failed Us, Tech Experts Say (datanami.com) 148

It was the first widely-adopted open source distributed computing platform. But some geeks running it are telling Datanami that Hadoop "is great if you're a data scientist who knows how to code in MapReduce or Pig...but as you go higher up the stack, the abstraction layers have mostly failed to deliver on the promise of enabling business analysts to get at the data." Slashdot reader atcclears shares their report: "I can't find a happy Hadoop customer. It's sort of as simple as that," says Bob Muglia, CEO of Snowflake Computing, which develops and runs a cloud-based relational data warehouse offering. "It's very clear to me, technologically, that it's not the technology base the world will be built on going forward"... [T]hanks to better mousetraps like S3 (for storage) and Spark (for processing), Hadoop will be relegated to niche and legacy statuses going forward, Muglia says. "The number of customers who have actually successfully tamed Hadoop is probably less than 20 and it might be less than 10..."

One of the companies that supposedly tamed Hadoop is Facebook...but according to Bobby Johnson, who helped run Facebook's Hadoop cluster before co-founding behavioral analytics company Interana, the fact that Hadoop is still around is a "historical glitch. That may be a little strong," Johnson says. "But there's a bunch of things that people have been trying to do with it for a long time that it's just not well suited for." Hadoop's strengths lie in serving as a cheap storage repository and for processing ETL batch workloads, Johnson says. But it's ill-suited for running interactive, user-facing applications... "After years of banging our heads against it at Facebook, it was never great at it," he says. "It's really hard to dig into and actually get real answers from... You really have to understand how this thing works to get what you want."

Johnson recommends Apache Kafka instead for big data applications, arguing "there's a pipe of data and anything that wants to do something useful with it can tap into that thing. That feels like a better unifying principal..." And the creator of Kafka -- who ran Hadoop clusters at LinkedIn -- calls Hadoop "just a very complicated stack to build on."
Crime

Your Hotel Room Photos Could Help Catch Sex Traffickers (cnn.com) 151

100,000 people people have already downloaded an app that helps fight human trafficking. dryriver summarizes a report from CNN: Police find an ad for paid sex online. It's an illegally trafficked underage girl posing provocatively in a hotel room. But police don't know where this hotel room is -- what city, what neighborhood, what hotel or hotel room. This is where the TraffickCam phone app comes in. When you're staying at a hotel, you take pictures of your room... The app logs the GPS data (location of the hotel) and also analyzes what's in the picture -- the furniture, bed sheets, carpet and other visual features. This makes the hotel room identifiable. Now when police come across a sex trafficking picture online, there is a database of images that may reveal which hotel room the picture was taken in.
"Technology drives everything we do nowadays, and this is just one more tool that law enforcement can use to make our job a little safer and a little bit easier," says Sergeant Adam Kavanaugh, supervisor of the St. Louis County Multi-Jurisdictional Human Trafficking Task Force. "Right now we're just beta testing the St. Louis area, and we're getting positive hits," he says (meaning ads that match hotel-room photos in the database). But the app's creators hope to make it available to all U.S. law enforcement within the next few months, and eventually globally, so their app is already collecting photographs from hotel rooms around the world to be stored for future use.
Security

Millions of Records Leaked From Huge US Corporate Database (zdnet.com) 66

Millions of records from a commercial corporate database have been leaked. ZDNet reports: The database, about 52 gigabytes in size, contains just under 33.7 million unique email addresses and other contact information from employees of thousands of companies, representing a large portion of the US corporate population. Dun & Bradstreet, a business services giant, confirmed that it owns the database, which it acquired as part of a 2015 deal to buy NetProspex for $125 million. The purchased database contains dozens of fields, some including personal information such as names, job titles and functions, work email addresses, and phone numbers. Other information includes more generic corporate and publicly sourced data, such as believed office location, the number of employees in the business unit, and other descriptions of the kind of industry the company falls into, such as advertising, legal, media and broadcasting, and telecoms.
Bitcoin

The Promise of Blockchain Is a World Without Middlemen (hbr.org) 73

dryriver writes: The Harvard Business Review has an interesting article about how Blockchain technology may bring down the cost of business transactions and enable new ways of doing things: "Consider the problem that small manufacturers have dealing with giants like Wal-Mart. To keep transaction costs and the costs of carrying each product line down, large companies generally only buy from companies that can service a substantial percentage of their customers. But if the cost of carrying a new product was tiny, a much larger number of small manufacturers might be included in the value network. Amazon carries this approach a long way, with enormous numbers of small vendors selling through the same platform, but the idea carried to its limit is eBay and Craigslist, which bring business right down to the individual level. While it's hard to imagine a Wal-Mart with the diversity of products offered by Amazon or even eBay, that is the kind of future we are moving into." "Decentralization" is the idea that a database works like a network "that's shared with everybody in the world, where anyone and anything can connect to it," writes Vinay Gupta for Harvard Business Review. "Decentralization offers the promise of nearly friction-free cooperation between members of complex networks that can add value to each other by enabling collaboration without central authorities and middle men." The proposition ultimately makes things "more efficient in unexpected ways." For example, "a 1% transaction fee may not seem like much, but down a 15-step supply chain, it adds up. [...] The decentralization that blockchain provides would change that, which could have huge possible impacts for economies in the developing world," writes Gupta.
Security

Huge Database Leak Reveals 1.37 Billion Email Addresses and Exposes Illegal Spam Operation (betanews.com) 141

One of the largest spam operations in the world has exposed its entire operation to the public, leaking its database of 1.37bn email addresses thanks to a faulty backup. From a report: A faulty backup has inadvertently exposed the entire working database of notorious spam operator River City Media (RCM). In all, the database contains more than 1.37 billion email addresses, and for some records there are additional details such as names, real-world addresses, and IP addresses. It's a situation that's described as "a tangible threat to online privacy and security." Details about the leak come courtesy of Chris Vickery from macOS security firm MacKeeper who -- with a team of helpers -- has been investigating since January. River City Media's database ended up online thanks to incorrectly-configured Rsync backups. In the words of Vickery: "Chances are you, or at least someone you know, is affected." The leaked, and unprotected, database is what's behind the sending of over a billion spam emails every day -- helped, as Vickery points out, by "a lot of automation, years of research, and fair bit of illegal hacking techniques." But it's more than a database that has leaked -- it's River City Media's entire operation.
Medicine

Researchers Suggest Using Blockchain For Electronic Health Records (hbr.org) 70

The CIO at a Boston teaching hospital and two MIT researchers write in the Harvard Business Review that blockchain "has the potential to enable secure lifetime medical record sharing across providers," calling it "a different construct, providing a universal set of tools for cryptographic assurance of data integrity, standardized auditing, and formalized 'contracts' for data access." An anonymous reader quotes their report: A vexing problem facing health care systems throughout the world is how to share more medical data with more stakeholders for more purposes, all while ensuring data integrity and protecting patient privacy... Today humans manually attempt to reconcile medical data among clinics, hospitals, labs, pharmacies, and insurance companies. It does not work well because there is no single list of all the places data can be found or the order in which it was entered...

Imagine that every electronic health record (EHR) sent updates about medications, problems, and allergy lists to an open-source, community-wide trusted ledger, so additions and subtractions to the medical record were well understood and auditable across organizations. Instead of just displaying data from a single database, the EHR could display data from every database referenced in the ledger. The end result would be perfectly reconciled community-wide information about you, with guaranteed integrity from the point of data generation to the point of use, without manual human intervention.

Crime

Local Police Departments Are Building Their Own DNA Databases (ap.org) 50

Slashdot reader schwit1 quotes the Associated Press: Dozens of police departments around the U.S. are amassing their own DNA databases to track criminals, a move critics say is a way around regulations governing state and national databases that restrict who can provide genetic samples and how long that information is held. The local agencies create the rules for their databases, in some cases allowing samples to be taken from children or from people never arrested for a crime. Police chiefs say having their own collections helps them solve cases faster because they can avoid the backlogs that plague state and federal repositories...

Frederick Harran, the public safety director in Bensalem Township, Pennsylvania...said he knows of about 60 departments using local databases... "The local databases have very, very little regulations and very few limits, and the law just hasn't caught up to them," said Jason Kreig, a law professor at the University of Arizona who has studied the issue.

One ACLU attorney cites a case where local police officers in California took DNA samples from children without even obtaining a court order first.
Security

Anthem's Historic Data Breach: What We Still Don't Know 2 Years Later (axios.com) 25

In February 2015, health insurer Anthem said its database had been compromised, exposing personal information for 78.8 million people, including 60 million to 70 million of its current and former customers and employees. Two years later, much of how it happened, who did it, and what consequences Anthem will face remain unanswered. From a report: Anthem has not disclosed the value of its cyber insurance policy, which defrays some of the costs. The hackers were most likely working on behalf of a foreign government. Many security experts believe it was China, but that has not been proven yet. The FBI would not comment on the pending investigation. It's unclear if Anthem will face a federal penalty. It's by far the largest health care data breach, and the Department of Health and Human Services has imposed fines in the past. We don't know for sure that Anthem was fully protected from this type of attack, and a separate federal agency that had a contract with Anthem previously said the insurer did not have controls in place "to prevent rogue devices...from connecting to its networks." Class-action lawsuits are still pending, and fact-finding discovery ended in December. Anthem could escape big damages if people can't show concrete harm.
Security

Severe SQL Injection Flaw Discovered In WordPress Plugin With Over 1 Million Installs (bleepingcomputer.com) 61

According to BleepingComputer, "A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database." The plugin's name is NextGEN Gallery, which has its own set of plugins due to how successful it is. From the report: According to web security firm Sucuri, who discovered the NextGEN Gallery security issues, the first attack scenario can happen if a WordPress site owner activates the NextGEN Basic TagCloud Gallery option on his site. This feature allows site owners to display image galleries that users can navigate via tags. Clicking one of these tags alters the site's URL as the user navigates through photos. Sucuri says that an attack can modify link parameters and insert SQL queries that will be executed by the plugin when the attacker loads the malformed URL. This happens due to improper input sanitization in the URL parameters, a common problem with many WordPress and non-WordPress web applications. The second exploitation scenario can happen if website owners open their site for blog post submissions. Because attackers can create accounts on the site and submit a blog post/article for review, they can also insert malformed NextGEN Gallery shortcodes. Sucuri says the plugin's authors fixed this flaw in NextGEN Gallery 2.1.79.
Databases

CloudPets IoT Toys Leaked and Ransomed, Exposing Kids' Voice Messages (androidpolice.com) 64

"According to security researcher Troy Hunt, a series of web-connected, app-enabled toys called CloudPets have been hacked," reports Android Police. "The manufacturer's central database was reportedly compromised over several months after stunningly poor security, despite the attempts of many researchers and journalists to inform the manufacturer of the potential danger. Several ransom notes were left, demanding Bitcoin payments for the implied deletion of stolen data." From the report: CloudPets allow parents to record a message for their children on their phones, which then arrives on the Bluetooth connected stuffed toy and is played back. Kids can squeeze the stuffed animal's paw to record a message of their own, which is sent back to the phone app. The Android app has been downloaded over 100,000 times, though user reviews are poor, citing a difficult interface, frequent bugs, and annoying advertising. Hunt and the researchers he collaborated with found that the central database for CloudPets' voice messages and user info was stored on a public-facing MongoDB server, with only basic hashes protecting user addresses and passwords. The same database apparently connected to the stored voice messages that could be retrieved by the apps and toys. Easy access and poor password requirements may have resulted in unauthorized access to a large number of accounts. The database was finally removed from the publicly accessible server in January, but not before demands for ransom were left.
Canada

Canada's Top Mountie Issues Blistering Memo On IT Failures (www.cbc.ca) 116

Reader Freshly Exhumed writes: RCMP Commissioner Bob Paulson has levelled a blistering memo obtained by the CBC on how critical IT failures have increased by 129 per cent since Shared Services Canada took over tech support for the entire government five years ago. Not only that, the memo says, the duration of each outage has increased by 98 per cent. "Its 'one size fits all' IT shared services model has negatively impacted police operations, public and officer safety and the integrity of the criminal justice system," reads the memo. A list of specific incidents includes an 11-hour network computer outage on Jan. 18 that downed every Mountie's BlackBerry, affected dispatching, and prevented the RCMP and 240 other police forces from accessing the Canadian Police Information Centre database.
Government

Security Lapse Exposed New York Airport's Critical Servers For a Year (zdnet.com) 45

An anonymous reader quotes a report from ZDNet: A security lapse at a New York international airport left its server backups exposed on the open internet for almost a year, ZDNet has found. The internet-connected storage drive contained several backup images of servers used by Stewart International Airport, but neither the backup drive nor the disk images were password protected, allowing anyone to access their contents. Since April last year, the airport had been inadvertently leaking its own highly-sensitive files as a result of the drive's misconfiguration. Vickery, who also posted an analysis of his findings, said the drive "was, in essence, acting as a public web server" because the airport was backing up unprotected copies of its systems to a Buffalo-branded drive, installed by a contract third-party IT specialist. When contacted Thursday, the contractor dismissed the claims and would not comment further. Though the listing still appears on Shodan, the search engine for unprotected devices and databases, the drive has since been secured. The files contained eleven disk images, accounting for hundreds of gigabytes of files and folders, which when mounted included dozens of airport staff email accounts, sensitive human resources files, interoffice memos, payroll data, and what appears to be a large financial tracking database. Many of the files we reviewed include "confidential" internal airport documents, which contain schematics and details of other core infrastructure.
Microsoft

Microsoft Creates Skype Lite Especially For India (cnet.com) 45

There's a new Skype app in town, and it is made just for India. According to a report on CNET: Microsoft is the latest US tech giant to help keep Indians connected. Skype Lite is a new version of the company's popular video and voice-calling app that's "built in India." Skype Lite functions much like its big brother Skype, but it's designed to work well on low-speed, 2G networks, which are still prevalent in India and many developing nations. It uses less data and battery power than the fully fledged app, and at 13MB it's around a third of the download size. Skype Lite, available for Android, also uses India's controversial Aadhaar biometric authentication.
AI

Microsoft Research Developing An AI To Put Coders Out of a Job (mspoweruser.com) 338

jmcbain writes: Are you a software programmer who voted in a recent Slashdot poll that a robot/AI would never take your job? Unfortunately, you're wrong. Microsoft, in collaboration with the University of Cambridge, is developing such an AI. This software "can turn your descriptions into working code in seconds," reports MSPoweruser. "Called DeepCoder, the software can take requirements by the developer, search through a massive database of code snippets and deliver working code in seconds, a significant advance in the state of the art in program synthesis." New Scientist describes program synthesis as "creating new programs by piecing together lines of code taken from existing software -- just like a programmer might. Given a list of inputs and outputs for each code fragment, DeepCoder learned which pieces of code were needed to achieve the desired result overall." The original research paper can be read here.
The Courts

SAP License Fees Also Due For Indirect Users, Court Rules (networkworld.com) 123

SAP's licensing fees "apply even to related applications that only offer users indirect visibility of SAP data," according to a Thursday ruling by a U.K. judge. Slashdot reader ahbond quotes Network World: The consequences could be far-reaching for businesses that have integrated their customer-facing systems with an SAP database, potentially leaving them liable for license fees for every customer that accesses their online store. "If any SAP systems are being indirectly triggered, even if incidentally, and from anywhere in the world, then there are uncategorized and unpriced costs stacking up in the background," warned Robin Fry, a director at software licensing consultancy Cerno Professional Services, who has been following the case...

What's in dispute was whether the SAP PI license fee alone is sufficient to allow Diageo's sales staff and customers to access the SAP data store via the Salesforce apps, or whether, as SAP claims, those staff and customers had to be named as users and a corresponding license fee paid. On Thursday, the judge sided with SAP on that question.

Open Source

MariaDB Fixes Business Source License, Releases MaxScale 2.1 (perens.com) 17

Creator of The Open Source Definition and longtime Slashdot reader Bruce Perens writes: MariaDB is releasing MaxScale 2.1, a new version of their database routing proxy, and has modified its timed-transition-to-Open-Source "Business Source License" to make it more acceptable to the Open Source community and more easily usable by other companies. I've blogged the issues I had with the license and how MariaDB has fixed them, and Kaj Arno has blogged the MariaDB side of the story. Here's an excerpt from Perens' blog post: "The BSL is a parameterized license. The licensor chooses the license which is transitioned to, the date of the transition, and the limitation. The problem with this is that it was so parameterized that if you told someone the license was 'BSL 1.0,' they would not have any idea what license they really had. It might transition to any of 100 Open Source licenses, or to a non-Open-Source license. The transition might happen in a month, or next century. The limitation might be that you could only have three commercial servers, or that you indentured your firstborn son (OK, that's going overboard, but you get the picture)." He continues, "So, I didn't like that 'BSL' didn't really say what the license did, and I didn't feel that was the best thing for the users or the community. I asked MariaDB to fix it. Together we have arrived at constraints on the parameters and minimum privileges that will take the new BSL much closer to being one license while still allowing licensors some latitude to choose parameters."
Databases

Story Of a Country Which Has Built a Centralized Biometrics Database Of 1.1B People But Appears To Be Mishandling It Now (mashable.com) 60

In a bid to get more Indians to have a birth certificate or any sort of ID card, India announced Aadhaar project in 2009. At the time, there were more Indians without these ID cards than those with. As a result of this, much of the government funding for the citizens were disappearing before they could see them. But according to several security experts, lawyers, politicians and journalists, the government is using poor security practices, and this is exposing the biometrics data -- photo, name, address, fingerprint, iris info -- of people at risk. More than 1.1 billion people -- and 99 percent of all adults -- in India have enrolled themselves to the system. From a report: "There are two fundamental flaws in Aadhaar: it is poorly designed, and it is being poorly verified," Member of Parliament and privacy advocate, Rajeev Chandrasekhar told Mashable India. Another issue with Aadhaar is, Chandrasekhar explains, there is no firm legislation to safeguard the privacy and rights of the billion people who have enrolled into the system. There's little a person whose Aadhaar data has been compromised could do. [...] "Aadhaar is remote, covert, and non-consensual," he told Mashable India, adding the existence of a central database of any kind, but especially in the context of the Aadhaar, and at the scale it is working is appalling. Abraham said fingerprint and iris data of a person can be stolen with little effort -- a "gummy bear" which sells for a few cents, can store one's fingerprint, while a high-resolution camera can capture one's iris data. The report goes on to say that the Indian government is also not telling how the data is being shared with private companies. Experts cited in the story have expressed concerns that those companies (some of which are run by people who were previously members of the team which designed the framework of Aadhaar) can store and create a parallel database of their own. On top of that, the government is making Aadhaar mandatory for availing several things including registration for nation-wide examinations, but in the beginning it promised Aadhaar will be used only to help poor get grocery at subsidized prices.

Slashdot Top Deals