Home Tags Earthquake

Tag: earthquake

Big data security is a big mess

Given the pace at which big data software is released, coupled with the sheer volume of data under management, the big data market is ripe for massive security breaches.
It’s only a matter of time. In fact, as a Gartner survey last year uncovered, very few companies have taken security seriously for essential infrastructure like Hadoop.

At that time, a mere 2 percent of respondents cited Hadoop security as a significant concern, causing Gartner analyst Merv Adrian to exclaim, “The nearly non-existent response to the security issue is shocking.” CIOs, in other words, may be willing to close their eyes and pray for big data security, but until they make it a priority, such “prayers” are vain. What, me worry? For years enterprises have taken a somewhat blase approach to security in big data infrastructure such as Hadoop, despite the size of big data leading to “origins [that] are not consistently monitored and tracked.” In early 2014, Adrian, noting a lack of interest in Hadoop security, queried, “Can it be that people believe Hadoop is secure? Because it certainly is not.

At every layer of the stack, vulnerabilities exist, and at the level of the data itself there numerous concerns.” A year later, Adrian’s colleague, Nick Heudecker, lamented, “Less than 5 percent of Hadoop inquiries covered by the Info Mgmt team in 2014 discussed security.

This has to change in 2015." It didn’t -- not much, anyway.

For example, one security engineer, Ray Burgemeestre, suggested that more and more people are asking, “After enabling all security settings in Hadoop/Spark, how would I know my cluster is actually secure?” The answer, he acknowledged, is “not completely satisfying,” insisting that “more work needs to be done in the Hadoop community to raise its security profile.” Another interested participant in Hadoop security, Bolke de Bruin, Head of Research & Development for ING bank, indicates that while the Hadoop community is increasingly aware of the need to protect data confidentiality within Hadoop clusters, it continues to give limited attention to data integrity (“maintaining and assuring the accuracy and completeness of data over its entire lifecycle”). He goes on to note that even the security native to Hadoop often doesn’t get implemented due to “perceived complexity” or is purposefully ignored because things like Apache Ranger are “slapped on security” that are “usable, but barely.” Worried yet? Hadoop is the godfather of big data infrastructure, with the most time and attention paid to it over the past few years.
If it can’t muster sufficient security, despite petabytes of sensitive data pouring into its clusters, then we have a very serious security problem across the board. Who has time? The problem is time ... or, rather, the lack thereof. As MobileIron highlights in a recent report on mobile security, “[W]ith any software, the longer it is in market, the more likely it is that vulnerabilities will be identified.” This should be particularly true of open source software, which offers the ability to dig into source code before or (more likely) after vulnerabilities emerge. The big data infrastructure market, however, doesn’t sit still long enough for these vulnerabilities to be found.
Indeed, in a December 2015 Gartner report, the authors advise enterprise buyers: “Don't base Hadoop assessment on analysis or trials more than a year old; existing pieces are maturing and new ones are emerging at a rapid pace.” While that “rapid pace” may sound great (innovation ftw!), it’s also ripe for security problems, as mentioned.

As Adrian warns, “We will see major problems as Hadoop goes mainstream.” And not only Hadoop: as enterprises build on Hadoop, Spark, Kafka, and a host of other exceptional, fast-moving data infrastructure, “[W]e are building skyscraper favelas in code -- in earthquake zones,” as Zeynep Tufekci has detailed. In response, we are already seeing the Hadoop vendors like Cloudera and Hortonworks seek to differentiate themselves based on security.
I suspect we’ll see this enterprise-grade security come with an enterprise-grade price tag, but it will be worth it.

Orlando shootings bring Facebook's safety check to US soil

Unlikely to be the last time In the wake of the murder of 49 people in Orlando on Sunday morning, Facebook users in the US got their first real taste of the company's Safety Check service. "Waking up this morning, I was deeply saddened to hear about the shooting in Orlando. My thoughts and prayers are with the victims, their families and the LGBT community," said Mark Zuckerberg. "We've activated Safety Check, but the biggest need over the next few days will be for people to continue to donate blood." Facebook introduced the system in 2014, and said it was inspired by the use of social media in the wake of the 2011 earthquake in Japan.
It automatically pings any users in the geographical area of a disaster reminding them that they might want to reassure their friends that they are OK. The feature has since been used for terrorist attacks and natural disasters more than a dozen times, and alerts were accidentally sent out in the US in March after a suicide bombing in Lahore, Pakistan.

But the tragic events in Orlando this weekend introduced US users to a real test of the system. At 2:00am on Sunday morning, a heavily armed American man entered the Pulse nightclub, a popular gay hotspot in Orlando, and began shooting using firearms he had purchased legally the week before.

The shooter, who called 911 and proclaimed he was acting on behalf of ISIS just before the attack, killed 49 party-goers and injured around 50 more before being shot by police. Social media started firing up within minutes of the attack Given the early hour, information about the victims was sketchy and rumor and misinformation swirled around. People hiding inside the club texted relatives and footage of the shootings in progress was broadcast on Snapchat. By 5:00am, when police stormed the building and shot the gunman, relatives were frantic, since so few of the victims had been identified.
It's hoped that features like Safety Check might have brought release to anxious friends. ® Sponsored: Rise of the machines

How Oracle’s fanciful history of the smartphone failed at trial

Aurich LawsonDespite a final verdict, the recent Oracle v.

Google trial leaves plenty of questions about the future of APIs, fair use, copyright, development, and more. While their views do not necessarily represent those of Ars Technica as a whole, our staffers wanted to take a look at the outcome and potential ramifications from both sides.

Below, Joe Mullin says Google's win sends a powerful message against a familiar legal tactic.

Elsewhere, Peter Bright argues that software is about to suffer. You can also find guest op-eds from professor Pamela Samuelson (pro-Google) and attorney Annette Hurst (pro-Oracle). Oracle v.

Google The Google/Oracle decision was bad for copyright and bad for software Google’s fair use victory is good for open source Op-ed: Oracle attorney says Google’s court victory might kill the GPL How Oracle made its case against Google, in pictures Oracle slams Google to jury: “You don’t take people’s property” View all…We may never know with certainty why the jury in Oracle v.

Google decided in Google's favor, but I can make a pretty good guess. Like the jury, I'm no expert.
I've been reporting on technology law for years, but becoming an experienced journalist is really just mastering the fine art of non-expertise. I have a pretty good conceptual idea of what an API is, derived entirely from listening to more knowledgeable people talk about this case.

But if you showed me a block of code, I couldn’t pick out the APIs or "declaring code" at issue. However, you didn’t need to be a computer expert to see through Oracle’s case.

Google and Oracle offered competing narratives about the early history of smartphones. Oracle tried to win by re-writing that history, and it just didn’t add up.

The brave new world it presented was contradicted most powerfully by the former CEO of Sun Microsystems, Jonathan Schwartz.
In the end, Oracle could not be saved, even by their crack team of JD’s and PhD’s.

By the end of trial, their case looked, to me, like an intellectually bankrupt loser’s lament. It was a hell of a show, though. Oracle was well-served by the new team of lawyers brought in from Orrick, Herrington & Sutcliffe.

The firm's New History of the Smartphone was a story well told. From the first minutes of opening statements, their case was simple and sharp, folksy and forceful. "I always have to think when I write this out, because I'm not used to writing billions," said Oracle lawyer Peter Bicks as he wrote out "3,000,000,000" on a white poster for the jury. Google had "made a deliberate business decision" to "copy Oracle's software illegally" and had reaped "huge profits," he said. It was a simple argument—and a dangerous one.

Accusing someone of wrongful copying has the visceral draw of a school-yard taunt, yet it's a crime that's well-understood, and seriously punished, in the adult world. Bicks knew Google would point out the APIs in question were just one-tenth of one percent of the massive Android codebase; he deftly belittled this argument before it was even made. "'We left a lot behind,' is what you'll hear," said Bicks, channelling his opponent. "'We took your property, but we didn't take all of it.'" This would be Google's "fair use excuse," he told the jury.

The 11,000 lines of code that Google would compare to a restaurant menu were powerful and creative works, Bicks assured them.

This was a story about hard work and just rewards. Just don't copy stuff.
Is that too much to ask? Do your own work. Google's lawyers would have to explain to a non-expert jury that, in the software industry, some kinds of copying are truly allowed, even vital.
It's a more complicated argument that requires some understanding of industry practices, and having to make it put Google at a disadvantage. The trial also had a fundamental structure that favored Oracle. The jury was regularly reminded, by a judge in black robes, that Oracle’s code was copyrighted.

The mere existence of a high-profile trial—the judge and his assistants, the room full of dark-suited lawyers, the coterie of reporters in back taking notes, the cryptic mention of "billions" at stake—it all drove home another point, a kind of subtext that favored Oracle.

The Java APIs at issue here were Very Important Things. All in all, Google had a high mountain to climb.
If I'd been forced to make a bet on which side would win the minute after opening arguments, I would have put my money on Oracle. Finding "fair" The 300-lb linebacker in Google's defense play was Schwartz, the ex-CEO of Sun Microsystems who was Google's second witness.

To my mind, it's impossible to imagine Google winning without Schwartz's support. If you don't understand code, it's still possible to understand Sun's economics, as explained by Schwartz.

Creating Java, a free and open software language, was a boon to Sun's hardware business.

The language was free for starving college students and free for millionaires—it was good for the world and good for Sun's bottom line. On the stand, Schwartz made it crystal clear: the "free and open" Java language included use of the 37 APIs that Oracle had, literally, made a federal case out of. From that moment on, Oracle was put on the defensive.
In Schwartz's cross-examination, Oracle gave the first glimpses of the alternative history it would try to piece together for the jury. There was no dispute that Schwartz had publicly celebrated Android, welcoming the new software in his 2007 blog post.

But hadn't Schwartz written that Android was "lame" in an e-mail? Didn't he write privately that Google was a company that played "fast and loose" with licensing rules, that it had little regard for copyright law? Yes, he'd done all that. He admitted it. But it was far from the "gotcha" moment that Oracle wanted.
Schwartz didn't come across as an altruist or an angel; he was a competitive guy, having a difficult time at a company that was flailing on his watch. He badly wanted a deal with Google to work together on Android, but it didn't happen.

The few e-mailed potshots he took at Google didn't make Schwartz look like a hypocrite; they made him look real and frustrated and honest. The unpredictability of asking a jury about the amorphous rules of fair use in copyright law also made for an interesting trial. On one level, the case was about the specifics of Google's behavior. On another level, it was about what it meant to do business "the right way" in America. Who were these men—and they were largely men—who had made so much money, so quickly? Android chief Andy Rubin talked about "wanting to win." On cross-examination, he was forced to acknowledge his own sizable share of the geyser of wealth produced by Google—$60 million in bonuses if he could deliver Android and deliver it fast. The effort to paint Rubin as someone in a greedy rush didn't hold much sway in the end. Despite his private frustrations, Schwartz had given Google an "A" for fair play without reservation. That meant Oracle had little choice but to engage in ritual denunciations of the former Sun CEO, which continued throughout the trial.
In closing arguments, Oracle lawyers showed the jury a slide depicting the "two faces of Jonathan Schwartz." The continued attempts to tear him down, like entering into evidence an Internet article naming him as one of the "ten worst CEOs," ended up looking like cheap put-downs.
Schwartz's answer about the articles could be understood by anyone who'd worked hard in tough times: the economy was in a recession, Sun was failing, and people were hurting. "I was upset, too," Schwartz said. Schwartz testified about his successes and failures, his company's competitions and compromises. He didn't describe a perfect world; he described something that sounded like reality.
Some projects don't work out; some deals can't be done; sometimes the other guy makes a whole lot more money than you, whether he deserves it or not.
Sometimes, life isn't fair. Rewriting history But Oracle, when its turn came to mount a case, was not about to accept this view.

Bicks' questioning clearly conveyed his client's righteous anger, the feeling of someone cheated of their rightful inheritance.

And Oracle executives painted a world in which the business of licensing Java to device-makers would be absolutely booming, if only those darned Android kids hadn't taken their sinister shortcuts. Believing in such a world requires a rejection of some basic business reasoning, quite outside knowledge of coding. Oracle CEO Safra Catz got on the stand and complained that because gadget-makers like Huawei and Amazon could get Android for free, they demanded massive discounts for Java mobile. Licensing deals that once would have been worth $40 million might have paid just $1 million post-Android, she said. Catz's testimony was quite stunning.
She, and other Oracle executives, openly admitted they didn't have a plan to actually create smartphones—but they believed in their right to keep owning some significant piece of "property" in the mobile universe, collecting payments while their product's popularity declined. Surely, no one likes competing with a cheater, which is the position Catz said she was in. Oracle argued that Google took an illicit "shortcut," but even Oracle couldn't deny that Android was something quite new and appealing. Leaving aside the iPhone, the feature-phones of 2006 simply didn't look or act like the Android smartphones of 2008. Oracle's "Java phone" project never even got off the ground. Oracle executives were complaining that Google had doped to win the race—but they hadn't even shown up to P.E. class in years. In the end, Oracle's argument looked less like a complaint about unfair competition and more like a complaint about the mere existence of competition, complete with Hollywood's trademark complaint about all things Internet-y: you can't compete with free. Though it's become one of the most clichéd terms in Silicon Valley, it applies here—Google had "disrupted the market" for Java licensing. Google gave away free stuff that connected people to the Internet and tacked advertising onto it. Like online users, companies could pay for products like Java if they wanted to—but it turned out, they'd rather not. The "free stuff" with ads strategy is an aggressive business strategy, one that's a pain to compete with. It can lead to products that are more garish than elegant, but it also has a 200-year-old tradition of being legal and fair.

For American readers and publishers, it dates back to the penny press. Oracle's experts and licensing execs drove their heads deeper into the sand, suggesting that things in feature-phone land were fine and dandy.

But that view strikes even a casual observer of tech as way off-base. One hardly needed a degree in computer science to remember the iPhone hitting the cell phone business like an earthquake.

Google was trying to catch up quick; Oracle and its Java-based system were much further behind. KIMIHIRO HOSHINO / AFP / Getty Images. Oracle CEO Safra Catz, speaking at Oracle OpenWorld in 2011. KIMIHIRO HOSHINO / AFP / Getty Images. Oracle CEO Safra Catz, speaking at Oracle OpenWorld in 2011. Noah Berger/Bloomberg via Getty Images Jonathan Schwartz in 2004 at the JavaOne conference. (Photo by Noah Berger/Bloomberg via Getty Images.) A kinder, gentler Google? Bicks had made a powerful promise in his opening: that Google's wrongful intent, its executives' greed and desire to win, would be shown by its own documents. "Their words, not mine," was the mantra he repeated throughout the trial when showing off Google's internal notes. Instead of a damning portrait of a cheater, however, the documents actually showcased a Google that was in some ways more appealing, more trustworthy, than the information behemoth we interact with today. Yes, Rubin got rich; yes, the Android programmers were successful, likely beyond their wildest dreams.

But in these early times, their e-mails had no tone of triumphalism.

These were the notes of a plucky underdog, a group of engineers who knew they were well behind Apple.

They knew their project could well have ended up in Google's heap of failures, another Knol or Buzz. Android programmer Dan Bornstein wrote long e-mails, some of which he perhaps regrets, caveated with these words: "HUGE DISCLAIMER: I AM NOT A LAWYER." But there were no smoking guns.

For the most part, the e-mails showed Bornstein following the rules as he saw them, which were pretty much how the whole industry saw them. Oracle's simple narrative about "copied code" ran into another all-American rule: you don't get to change the rules at halftime. Google's e-mails did reflect some uncertainty around IP licensing, which could be expected from any large group of engineers involved in such a massive endeavor.

But no Googler thought the company had done wrong or had cheated Sun—and it was Sun who created Java, Sun who owned the relevant IP. Yes, Android chief Andy Rubin at one point said "java.lang APIs are copyrighted" in an e-mail where he seemed more focused on casually badmouthing a competitor's idea.

But Oracle had pored through a mountain of internal communications, and if that was as good as it got, it wasn't much. When Oracle lawyer Annette Hurst suggested that Rubin's belief that APIs were free to use was no more than "folklore and industry stories," she had little to back it up. Rubin was utterly plausible. You could believe that he was right or that he was wrong, but it seemed clear that Google's people at least believed in what they were doing. And if they were doing the wrong thing, one would expect Sun would tell them so. How could Google be trespassing on Sun's front lawn when the CEO was effectively waving at them from the window? Of course, after Sun's sale to Oracle, Sun didn't own the copyrights anymore.

There was a new Java boss in town.
In Oracle's view, Google was way over the sidewalk, having usurped the front lawn, the garage, and half the living room without so much as knocking on the door. But Oracle's simple narrative about "copied code" ran into another all-American rule, and this one would favor Google: you don't get to change the rules at halftime. Origin stories Catz summed up with an anecdote in which she ran into Google General Counsel Kent Walker at a bat mitzvah, and she (as she recounted) was informed that the "old rules didn't apply" at Google. With that, she hoped to encapsulate the entitlement mentality at a company which, more than any other, has been flooded with Internet dollars. She scolded Walker, biblically: "Thou shalt not steal!" That's when I realized: Oracle's lawsuit bore some strong similarities to a well-executed patent troll case.

To be clear, I am absolutely not calling Oracle a patent troll.

The company employs thousands of people and provides real products and services.

But I've watched plenty of intellectual property trials, and it's impossible not to see the major overlaps in tactics and storytelling. While this trial was about copyright, it's telling that Oracle's original lawsuit also included patents. Like patent trolls, Oracle bought some "rights" (in this case from Sun) that no one really knew existed. Oracle then turned its legal firepower on a vastly successful company and tried to induce a jury to believe in a different reality, one where "we" failed because "they" cheated.

Their "building" is infringement; their "invention" is theft. When starting an argument over an invention becomes as lucrative as actually inventing things, we're headed down the wrong path. Yet ensuring the power and prominence of such disputes seems like it's practically the raison d'etre of the Federal Circuit, which singlehandedly created the whole API copyright mess to begin with.

For a decade now, most copyright and patent lawsuits have been filed by "trolls," repeat litigants who hope to make money from the legal system.

These entities claim society's idea-space and rent it back to us. Oracle v.

Google reminds us that the same alternate histories spun in court by shadowy shell companies can, and will, be used by the rich and powerful. I'd like to be optimistic, but these are powerful fantasies and lucrative for those in the system. Prosecuting and defending them draws in streams of our brightest and best-educated.
I fear they will be with us a long time. More from the Oracle v.

Google trial: Read the Ars Technica explainer on the trial's significance Jury selection took place on Monday, May 9 Lawyers gave opening statements for Oracle and Google on May 10 Ex-Google CEO Eric Schmidt testified on May 10 and 11 Ex-Sun CEO Jonathan Schwartz told jurors he had no problem with Android on May 11 Android chief Andy Rubin testified on Thursday May 12 Top Android programmer Dan Bornstein testified on May 13 and May 16 Google expert Owen Astrachan discussed APIs and fair use on May 16 Oracle CEO Safra Catz testified on May 16 and May 17 Sun's top Java architects and Oracle's expert spoke to the jury on May 17 Sun's Java licensing execs, an Apache programmer, and an economist testified May 18 Jurors heard Alphabet CEO Larry Page and Google's rebuttal case on May 19 Closing statements for Google and Oracle took place May 23 (see Oracle's visuals) The jury returned a verdict in Google's favor on May 26

US admits pirating military software

The US government has agreed to pay a $50m copyright infringement settlement after a software firm found thousands of unlicensed copies of its logistics programs on US military servers and devices. Texas-based Apptricity has provided logistics software to the US Army since 2004 and claims the US government unlawfully installed the software on 93 servers and approximately 9,000 devices. That means the US government got off extremely lightly with a $50m settlement when the licence fee for each server should cost $1.35m and $5,000 for each device, according to Ubergizmo. In a statement, Apptriciity said the settlement figure represents a fraction of the software’s negotiated contract value.

Apptricity had asked for $224m to cover costs, according to the BBC. However, the software supplier appears happy to continue its relationship with the US military and would use the settlement to expand the company. “Now that this process is behind us, it is envisioned the Apptricity and Army relationship will continue to grow exponentially,” said Tim McHale, an Apptricity senior advisor and retired major general. The Dallas Morning News reported that the US Department of Justice has confirmed the settlement, but would not comment. The revelation will come as an embarrassment to the US government, which has been leading a campaign against software piracy since 2010. According to Apptricity, its software allows troop movements to be tracked in real time across multiple time zones. “Tracking is granular to the level of an item’s location in a specific compartment on a particular ground or air transport vehicle or at its destination,” the company said. Apptricity said the US Army has used its integrated transportation logistics and asset management software across the Middle East and other theaters of operation. The Army has also used the software to coordinate emergency management initiatives, including efforts following the January 2010 earthquake in Haiti, the company said. Email Alerts Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox. By submitting you agree to receive email from TechTarget and its partners.

If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy Read More Related content from ComputerWeekly.com

Photojournalist gets $1.2 million in damages for images cribbed from Twitter

Jury maxed out statutory damage awards for eight photos.    

Chinese censorship might not be overreaching

A report into internet censorship in China indicates that it does not clamp down on free speech in the way that many westerners think. Harvard University social scientist Gary King said that while the Chinese censorship machine is comprehensive it does not kill off all comment. Talking to NPR, King said that the Chinese state does not censor everything.

There are millions of Chinese people who talk about millions of topics. But the effort to prune the internet of certain kinds of information is unprecedented. His studies refute popular ideas about what Chinese censors are after. King said that China actually permits "vitriolic criticism" of leaders and governmental policies. But the state comes down hard on any move to get people physically mobilised to act on such criticism. For example, King cited the case of a Chinese mother who once protested against a local official outside his hotel.

Her demonstration led to online fury on social media sites. But since the action was almost entirely online the posts went uncensored. Essentially, you can say what you like about the government, but if you try to get a demo together, you could be censored and have a knock on your door, King said. Susan Shirk, an expert on China at the University of California, San Diego said that the findings make a lot of sense. In an authoritarian state, Shirk says, leaders are unsure about public sentiment because there are no elections or public opinion polls to gauge popular views. Allowing criticism, she explains, is actually a smart intelligence-gathering move. If people protest against local officials, top leaders monitoring the criticism could have them removed, leading to greater faith in the regime. On the other hand after an earthquake damaged a nuclear power plant, people believed, wrongly, that eating salt could protect them against disorders linked to radiation.

There was a run on salt and people physically held meetings about the crisis. Media posts that catalogued these activities were censored, King said, because the online commentary corresponded to a physical, public result. Oddly, censorship of physical mobility was automatic, even if it was good for the government. If a citizen wrote a post suggesting having a big party for government officials who were doing a great job, that will also be censored because it means moving people to an event. The logic is that people with the capacity to generate turnout for a pro-government rally might develop the experience to run an anti-government protest. King said that if a government makes it impossible for people to learn about collective action events then people outside the government don't have the ability to move other people and the leaders can protect the regime.