No, you backoff on backdoors or else

Speaking at #SXSW, President Obama threatened the tech community, telling us to backdoor our encryption ourselves or else congress will mandate a worse solution later.

No, Mr. President, it works the other way around. You'd better backoff on your encryption demands, or else the tech community will revolt, That's what's already happen with Apple's encryption efforts, as well as app developers like Signal and Wickr. Every time you turn the screws, we techies increase the encryption.

It's not a battle you can win without going full police-state. Sure, you can force Apple to backdoor its stuff, but then what about the encrypted apps? You'd have to lock them down as well. But what about encrypted apps developed in foreign countries? What about software I write myself? You aren't going to solve the "going dark" problem until you control all crypto.

If you succeed in achieving your nightmare Orwellian scenario, I promise you this: I'll emigrate to an extradition-free country, to continue the fight against the American government.

Your crypto backdoors creates a police-state beyond what even police-state advocates like Michael Hayden and Linsdey Graham can tolerate. Your point on "balance" is a lie. We've become radically unbalanced toward mass Continue reading

DARPA: Show us how to weaponize benign technologies

The Defense Advanced Research Projects Agency was created years ago because the US didn’t want to be surprised again by any major new technological developments (specifically in response to the surprise launch of Sputnik in 1958) and ensure that the US should do any surprising.+More on Network World: The weirdest, wackiest and coolest sci/tech stories of 2015+With that in mind the agency is launching a potentially scary program called “Improv” that looks at what DARPA calls today’s “bustling tech marketplace with an inventor’s eye and imagine how easily purchased, relatively benign technologies might be converted into serious security threats.”To read this article in full or to leave a comment, please click here

Microsoft slips Windows 10 upgrade ads into Internet Explorer security patch

Microsoft is adding a new weapon to its aggressive Windows 10 push—or at least it appears that it is.Earlier in the week, Microsoft added what sounds a lot like an advertisement for Windows 10 to its Patch Tuesday release for Internet Explorer, bundling it in with a critical security patch. The new update affects only Windows 7 and 8.1 PCs and brings an upgrade prompt to Internet Explorer 11.In its description of update KB3146449, Microsoft says it “adds functionality to Internet Explorer 11 on some computers that lets users learn about Windows 10 or start an upgrade to Windows 10.” Or as we common folk call it, an ad.To read this article in full or to leave a comment, please click here

Stuff The Internet Says On Scalability For March 11th, 2016


The circle of life. Traffic flow through microservices at Netflix (Rob Young)

 

If you like this sort of Stuff then please consider offering your support on Patreon.
  • 400Gbps: DDoS attack; 50,000: frames per second Mythbusters films in HD; 3,900: pages Paul Klee’s Personal Notebooks; 1 terabit: satellites deliver in-flight Internet access at hundreds of megabits per second; 18%: overall mobile market revenue increase; 21 TB: amount of date the BBC writes daily to S3; $300 million: Snapchat revenue; 

  • Quotable Quotes:
    • Dark Territory:  Yes, he told them, the NORAD computer was supposed to be closed, but some officers wanted to work from home on the weekend, so they’d leave a port open.
    • @davefarley77: If heartbeat was a clock cycle, retrieving data from fastest SSD is equivalent to crossing whole of London on foot  @__Abigor__ #qconlondon
    • @fiddur: "Legacy is everything you wrote before lunch." - @russmiles #qconlondon
    • @BarryNL: Persistent memory could be the biggest change to computer architecture in 50 years. #qconlondon
    • @mpaluchowski: "You can tell which services are too big. That's the ones developers don't want to work with." #qconlondon @SteveGodwin
    • @danielbryantuk: "I'm not going to say how big Continue reading

How to use deep learning AI to detect and prevent malware and APTs in real-time  

This column is available in a weekly newsletter called IT Best Practices.  Click here to subscribe.  The number of new malware variations that pop up each day runs somewhere between 390,000 (according to AV-TEST Institute) and one million (according to Symantec Corporation). These are new strains of malware that have not been seen in the wild before.Even if we consider just the low end figure, the situation is still dire. Especially when it comes to advanced persistent threats (APTs), which are the most sophisticated mutations of viruses and malware, which are very effective at going completely undetected by many of the cybersecurity technologies in use today. Even security experts tell organizations to be prepared for "when" and not "if" an attack is successful.To read this article in full or to leave a comment, please click here

Facebook’s Open Compute Project helps competitors build hyperscale data centers together

The conversion from free to paid registration and a spike in Open Compute Project Summit keynote attendance signaled that open hardware innovation is trending up. Summit attendees are companies like Facebook that buy land, build big data center buildings and fill them with commodity computing and networking hardware. Their mission is to build hyperscale, hyperefficient infrastructure that is flexible in handling workloads and agile in delivering new services in minutes. Jason Taylor, OCP CEO, introduced Google’s Vice President of Infrastructure Urz Hölz as a surprise last OCP Summit keynote with Apple-like “wait there’s still more” showmanship. Hölz presented his team's open source hardware submissions, a new approach to powering the ocean of servers used in hyperscale web company data centers operated by Facebook and Google at a more power efficient 45V instead of 12V and a new rack design.To read this article in full or to leave a comment, please click here

Two-year-old Java flaw re-emerges due to broken patch

A patch for a critical Java flaw released by Oracle in 2013 is ineffective and can be easily bypassed, security researchers warn. This makes the vulnerability exploitable again, paving the way for attacks against PCs and servers running the latest versions of Java.The flaw, tracked as CVE-2013-5838 in the Common Vulnerabilities and Exposures (CVE) database, was rated by Oracle 9.3 out of 10 using the Common Vulnerability Scoring System (CVSS). It can be exploited remotely, without authentication, to completely compromise a system's confidentiality, integrity and availability.To read this article in full or to leave a comment, please click here

Justice Department slams Apple’s ‘corrosive’ rhetoric in its latest court filing

UPDATE: March 10, 2016, 3:46 p.m. Pacific—In a conference call Thursday afternoon, Apple’s SVP and chief legal counsel Bruce Sewell said, “The tone of the brief reads like an indictment,” and in 30 years he’s never seen a brief trying so hard “to smear” someone. “It should be deeply offensive to everyone who reads it.”“Corrosive rhetoric” could be this week’s “dormant cyber pathogen,” the latest salvo in the government’s attempt to paint Apple as unreasonable for refusing to craft a new version of iOS so law enforcement can brute-force an iPhone 5c used by San Bernardino shooter Syed Rizwan Farook.To read this article in full or to leave a comment, please click here

The top 12 cloud security threats

Enterprises are no longer sitting on their hands, wondering if they should risk migrating applications and data to the cloud. They're doing it -- but security remains a serious concern.The first step in minimizing risk in the cloud is to identify the top security threats.[ Deep Dive: How to rethink security for the new world of IT. | Discover how to secure your systems with InfoWorld's Security newsletter. ] As the RSA Conference last week, the CSA (Cloud Security Alliance) listed the “Treacherous 12,” the top 12 cloud computing threats organizations face in 2016. The CSA released the report to help both cloud customers and providers focus their defensive efforts.To read this article in full or to leave a comment, please click here

1 3,098 3,099 3,100 3,101 3,102 3,841