Nerval's Lobster writes "For the second time in a month, Hewlett-Packard has been forced to admit it built secret backdoors into its enterprise storage products. The admission, in a security bulletin posted July 9, confirms reports from the blogger Technion, who flagged the security issue in HP's StoreOnce systems in June, before finding more backdoors in other HP storage and SAN products. The most recent statement from HP, following another warning from Technion, admitted that 'all HP StoreVirtual Storage systems are equipped with a mechanism that allows HP support to access the underlying operating system if permission and access is provided by the customer.' While HP describes the backdoors as being usable only with permission of the customer, that restriction is part of HP's own customer-service rules—not a limitation built in to limit use of backdoors. The entry points consist of a hidden administrator account with root access to StoreVirtual systems and software, and a separate copy of the LeftHand OS, the software that runs HP's StoreVirtual and HP P4000 products. Even with root access, the secret admin account does not give support techs or hackers access to data stored on the HP machines, according to the company. But it does provide enough access and control over the hardware in a storage cluster to reboot specific nodes, which would 'cripple the cluster,' according to information provided to The Register by an unnamed source. The account also provides access to a factory-reset control that would allow intruders to destroy much of the data and configurations of a network of HP storage products. And it's not hard to find: 'Open up your favourite SSH client, key in the IP of an HP D2D unit. Enter in yourself the username HPSupport, and the password which has a SHA1 of 78a7ecf065324604540ad3c41c3bb8fe1d084c50. Say hello to an administrative account you didn't know existed,' according to Technion, who claims to have attempted to notify HP for weeks with no result before deciding to go public."
adeelarshad82 writes "Nokia's new phone, Lumia 1020, feels very similar in the hand to Nokia's Lumia 900 and 920, with one exception: it has a camera bump. The 41-megapixel uber-camera projects out very slightly as a black disc on the back. In terms of functionality, though, the camera provides for smooth zooming only a pinch away. However, it takes a noticeable amount of time to lock focus and save images. At one point during hands-on testing, the camera app crashed so hard that it required a phone reboot, which is hopefully just a pre-release firmware issue. The phone itself carries a brightly colored polycarbonate body that rolls around the edges to cradle a 4.5-inch, 1,280-by-768 screen. Lumia 1020 is powered by a dual-core, 1.5-GHz Qualcomm MSM8960 processor which plows through apps well. Speaking of apps, there's a ton of bloatware on here, as you'd expect from any AT&T device. AT&T adds four apps right at the top of the app list. Nokia Lumia is set to hit AT&T shelves on July 26th for $299."
transporter_ii writes "So what does it cost the government to snoop on us? Paid for by U.S. tax dollars, and with little scrutiny, surveillance fees charged by phone companies can vary wildly. For example, AT&T, imposes a $325 'activation fee' for each wiretap and $10 a day to maintain it. Smaller carriers Cricket and U.S. Cellular charge only about $250 per wiretap. But snoop on a Verizon customer? That costs the government $775 for the first month and $500 each month after that, according to industry disclosures made last year to Congressman Edward Markey."
An anonymous reader writes "Winthrop University in South Carolina is testing out iris scanning technology during freshman orientation this summer. Students had their eyes scanned as they received their ID cards in June. 'Iris scanning has a very high level of accuracy, and you don't have to touch anything, said James Hammond, head of Winthrop University's Information Technology department. 'It can be hands free security.'" I wouldn't want to be locked out a building because of a scratched lens or a system outage, though.
darthcamaro writes "Earlier today it, Slashdot had a story about DEF CON's position on not allowing U.S. Federal agents to attend the annual hacking conference. We're now starting to see the backlash from the hacker community itself with at least two well respected hackers pulling out of the DEF CON speaking sessions so far: "'The issue we are struggling with, and the basis of our decision, is that we feel strongly that DEF CON has always presented a neutral ground that encouraged open communication among the community, despite the industry background and diversity of motives to attend,' security researcher Kevin Johnson wrote. 'We believe the exclusion of the "feds" this year does the exact opposite at a critical time.'" Meanwhile, Black Hat welcomes Federal attendees; this year's conference will feature as a speaker former NSA head Keith Alexander.
First time accepted submitter HonorPoncaCityDotCom writes "Khadeeja Safdar reports in the WSJ that researchers who surveyed 655 incoming college students found that while math and science majors drew the most interest initially, not many students finished with degrees in those subjects. Students who dropped out didn't do so because they discovered an unexpected amount of the work and because they were dissatisfied with their grades. "Students knew science was hard to begin with, but for a lot of them it turned out to be much worse than what they expected," says Todd R. Stinebrickner, one of the paper's authors. "What they didn't expect is that even if they work hard, they still won't do well." The authors add that the substantial overoptimism about completing a degree in science can be attributed largely to students beginning school with misperceptions about their ability to perform well academically in science. ""If more science graduates are desired, the findings suggest the importance of policies at younger ages that lead students to enter college better prepared (PDF) to study science.""
An anonymous reader writes "As promised, Mozilla today announced the release of Firefox OS Simulator 4.0 with a focus on developers who want to make money in the Firefox Marketplace. You can download the new version now for Windows, Mac, and Linux from Mozilla Add-Ons. First and foremost, the new simulator supports test receipts for paid apps: each app's dashboard features a drop-down menu where you can select a receipt type. Choosing one of these will have the simulator add-on downloading a test receipt from a Marketplace receipt service and reinstalling the app using it. This lets developers test receipt verification with whatever receipts types they may require (valid, invalid, and refunded)."
Dan Kusnetzky and I started out talking about cloud computing; what it is and isn't, how "cloud" is often more of a marketing term than a technical one, and then gradually drifted to the topic of how IT managers, CIOs, and their various bosses make decisions and how those decisions are not necessarily rational. What you have here is an 18-minute seminar about IT decision-making featuring one of the world's most experienced IT industry analysts, who also writes a blog, Virtually Speaking, for ZDnet.
kaptink writes with the latest revelation from Edward Snowden: "Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal. The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail. The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide. Microsoft also worked with the FBI's Data Intercept Unit to 'understand' potential issues with a feature in Outlook.com that allows users to create email aliases. Skype, which was bought by Microsoft in October 2011, worked with intelligence agencies last year to allow Prism to collect video of conversations as well as audio. Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a 'team sport.'"
itwbennett writes "More people visit the OpenStack Web site from Beijing than any other city in the world and developers in China account for the second largest number of code commits. But beyond a high level of interest, there's another reason that the OpenStack Foundation might do well to host its next summit in Hong Kong: Avoiding fragmentation. China has a history of going its own way in technology. 'I watched it develop its own 3G technology, much to the dismay of global network and phone makers who were shut out of the market. More recently, Chinese companies have gleefully gone on their own with Android,' writes ITworld's Nancy Gohring. It seems like a long shot, but maybe by holding the next summit in Hong Kong, OpenStack can draw contributors into the fold."
ananyo writes "A navy-blue world orbiting a faraway star is the first exoplanet to have its colour measured. Discovered in 2005, HD 189733 b is one of the best-studied planets outside the Solar System, orbiting a star about 19 parsecs away in the Vulpecula, or Fox, constellation. Previous efforts to observe the planet focused on the infrared light it emits — invisible to the human eye. Astronomers have now used the Hubble Space Telescope to observe the planet and its host star. Hubble's optical resolution is not high enough to actually 'see' the planet as a dot of light separate from its star, so instead, the telescope receives light from both objects that mix into a single point source. To isolate the light contribution of the planet, the researchers waited for the planet to move behind the star during its orbit, so that its light would be blocked, and looked for changes in light colour. During the eclipse, the amount of observed blue light decreased, whereas other colours remained unaffected. This indicated that the light reflected by the planet's atmosphere, blocked by the star in the eclipse, is blue."
harrymcc writes "After slightly more than 30 years, PCWorld — one of the most successful computer magazines of all time — is discontinuing print publication. It was the last general-interest magazine for PC users, so it really is the end of an era. Over at TIME, I paused to reflect upon the end of the once-booming category, in part as a former editor at PCWorld, but mostly as a guy who really, really loved to read computer magazines."
hypnosec writes "The longstanding stalemate between the Government of India and BlackBerry (formerly RIM) is over after the government reportedly accepted the solution provided by BlackBerry regarding lawful interception of messages sent using BBM and internet emails sent using BlackBerry Internet Services (BIS). As a result of this, the government will now be able to monitor e-mails in real-time sent using BlackBerry services and messages on BlackBerry Messenger. According to Economic Times, which claims to have reviewed a copy of the internal Department of Telecom document, 'Baring a few minor points for improvement of viewers, the lawful interception system for BlackBerry Services is ready for use.' The initial demands of the government also included the ability to intercept and monitor emails and messages sent using BlackBerry Enterprise Server, but it seems that this demand have been shelved for now."
Okian Warrior writes with this news as reported by TechDirt: "The Washington Post revealed some of the code names for various NSA surveillance programs, including NUCLEON, MARINA and MAINWAY. Chris Soghoian has pointed out that a quick LinkedIn search for profiles with codenames like MARINA and NUCLEON happens to turn up profiles like this one which appear to reveal more codenames: 'Skilled in the use of several Intelligence tools and resources: ANCHORY, AMHS, NUCLEON, TRAFFICTHIEF, ARCMAP, SIGNAV, COASTLINE, DISHFIRE, FASTSCOPE, OCTAVE/CONTRAOCTAVE, PINWALE, UTT, WEBCANDID, MICHIGAN, PLUS, ASSOCIATION, MAINWAY, FASCIA, OCTSKYWARD, INTELINK, METRICS, BANYAN, MARINA.' TRAFFICTHIEF, eh? WEBCANDID? Hmm... Apparently, NSA employees don't realize that information they post online can be revealed."
James Gosling is probably best known for creating the Java programming language while working at Sun Microsystems. Currently, he is the chief software architect at Liquid Robotics. Among other projects, Liquid Robotics makes the Wave Glider, an autonomous, environmentally powered marine robot. James has agreed to take a little time from the oceangoing robots and answer any questions you have. As usual, ask as many as you'd like, but please, one question per post.
First time accepted submitter oritonic1 writes "Since 1980, several teams have tried (and failed) to build a human-powered helicopter that could win the elusive $250,000 Sikorsky prize. But a Canadian start-up, Aerovelo, has finally taken the crown with Atlas, a human-powered craft that managed to stay at least 10 feet in the air, for 60 seconds, within a 30'x30' area."
jfruh writes "The FCC's Universal Service Fund has a noble goal: using a small fee on all U.S. landlines to subsidize universal phone coverage throughout the country. But a recent report reveals that this early 20th centuryy program's design is wildly at odds with 21st century realities: Its main effect now is that poor people living in urban areas are subsidizing rich people living in the country. The FCC says that it's already enacted reforms to combat some of the worst abuses in the report — like subsidies to rural areas that add up to $24,000 per line — but even the $3,000 per line cap now in place seems absurd."
Razgorov Prikazka writes "The Russian Federal Guard Service (FSO), who are in charge of protecting high level politicians like president Putin (amongst others), are 'upgrading' to electric typewriters for writing sensitive documents. They have found out that computers pose a security risk and this is their answer to it. On first sight this seems like a very pragmatic and cost-efficient thing to do. However, the FSO has its roots in the KGB and those were the ones who placed keystroke loggers on the popular IBM Selectric electric typewriter 40 years ago! So how much safer does this make them?"
Nerval's Lobster writes "Microsoft's big reorganization has begun. Rumors had persisted for weeks that Microsoft CEO Steve Ballmer was planning a massive, once-in-a-lifetime reorganization of the company he's been running for quite some time. Now the plan is out in the open, and things are going to change in huge ways. Microsoft will coalesce around 'a single strategy as one company,' CEO Steve Ballmer wrote in a really lengthy memo posted on Microsoft's Website, 'not a collection of division strategies.' The company's product portfolio — from Windows and Xbox to enterprise applications — will be regarded and operated upon in a holistic manner. Ballmer wants this 'one company' approach to extend how Microsoft handles its advertising, marketing and consumer-service operations. Ballmer also wants to knock down the walls that have slowly grown between Microsoft's various divisions, at least as far as engineering's concerned. The new 'engineering culture' will apparently facilitate collaboration 'across the company,' with an emphasis on cross-group contributions (and maintaining secrecy, of course, for the giant projects). Read on for much more on how Microsoft is reorganizing all its internal groups, as well as a rundown of who's in and who's out on the executive level."
alphadogg writes "Japan's most famous mountain now has 4G coverage. An LTE network on Mount Fuji went live Thursday, providing download speeds of up to 75Mbps on its peak, mountain trails, and rest huts. NTT DoCoMo, Japan's largest mobile operator, will provide access to its subscribers as part of its 'Xi' service. DoCoMo said it will provide the service from Thursday through the end of August, to correspond with the mountain's busy climbing season. Tourists are expected to turn out in record numbers this year because Mount Fuji has been named a World Heritage site by Unesco."
darthcamaro writes "Last week, Rain Forrest Puppy (aka Jeff Forristal) first disclosed the initial public report about an Android Master Key flaw. Code was released earlier this week for attackers to exploit the flaw — but what about users? Google has claimed that it has patched the issue but how do you know if your phone/carrier is safe? Forristal's company now has an app for that. But even if your phone is not patched, don't be too worried that risks are limited if you still to a 'safe' app store like Google Play. 'The only way an Android user can be attacked via this master key flaw is if they download a vulnerable application. "It all comes down to where you get your applications from," Forristal said.'"
dryriver writes "Global personal computer (PC) sales have fallen for the fifth quarter in a row, making it the 'longest duration of decline' in history. Worldwide PC shipments totalled 76 million units in the second quarter, a 10.9% drop from a year earlier, according to research firm Gartner. PC sales have been hurt in recent years by the growing popularity of tablets. Gartner said the introduction of low-cost tablets had further hurt PC sales, especially in emerging economies. 'In emerging markets, inexpensive tablets have become the first computing device for many people, who at best are deferring the purchase of a PC,' said Mikako Kitagawa, principal analyst at Gartner, said in a statement."
colinneagle writes "At the Inside 3D Printing conference in Chicago, Microsoft senior product manager Jesse McGatha discussed why Microsoft recently announced that Windows 8.1 will support 3D printing, even giving a demo of a sample app for printing a design file. But in the presentation it became clear that Microsoft is capitalizing on the recent hype of 3D printing and positioning itself to capitalize on the future consumer markets for 3D printing. However, a Gartner analyst recently warned that 3D printing may not become the household consumer item that some are making it out to be. So, by capitalizing on the buzz, Microsoft may attract makers, innovators, and even enterprise customers that use 3D printing, but avoids any risk if the consumer market fails to reach its potential."
cylonlover writes "For a number of years now, police forces around the world have enlisted officers to pose as kids in online chat rooms, in an attempt to draw out pedophiles and track them down. Researchers at Spain's University of Deusto are now hoping to free those cops up for other duties, and to catch more offenders, via a chatbot that they've created. Its name is Negobot, and it plays the part of a 14 year-old girl." (Read the original source, in Spanish).
itwbennett writes "You can try to train them, you can try to streamline or automate the process, you can demand that all bug reports go through a middleman (i.e., a QA tester) or you can throw up your hands and accept that users will forever submit bug reports that in no way help you solve the problem. Like the stages of grief, you've probably tried or experienced all of these at some point. But have you found any approach that really works for getting useful bug reports from your users?"
tsu doh nimh writes "One of the more time-honored traditions at DEF CON — the massive hacker convention held each year in Las Vegas — is 'Spot-the-Fed,' a playful and mostly harmless contest to out undercover government agents that attend the show each year. But that game might be a bit tougher when the conference rolls around again next month: In an apparent reaction to recent revelations about far-reaching U.S. government surveillance programs, DEF CON organizers are asking feds to just stay away: 'I think it would be best for everyone involved if the feds call a "time-out" and not attend DEF CON this year,' conference organizer Jeff Moss wrote in a short post at Defcon.org. Krebsonsecurity writes that after many years of mutual distrust, the hacker community and the feds buried a lot of their differences in the wake of 911, with the director of NSA even delivering the keynote at last year's conference. But this year? Spot the fed may just turn into hack-the-fed."
Nerval's Lobster writes "Just in case you haven't been keeping up with the latest in five-dimensional digital data storage using femtocell-laser inscription, here's an update: it works. A team of researchers at the University of Southampton have demonstrated a way to record and retrieve as much as 360 terabytes of digital data onto a single disk of quartz glass in a way that can withstand temperatures of up to 1000 C and should keep the data stable and readable for up to a million years. 'It is thrilling to think that we have created the first document which will likely survive the human race,' said Peter Kazansky, professor of physical optoelectronics at the Univ. of Southampton's Optical Research Centre. 'This technology can secure the last evidence of civilization: all we've learnt will not be forgotten.' Leaving aside the question of how many Twitter posts and Facebook updates really need to be preserved longer than the human species, the technology appears to have tremendous potential for low-cost, long-term, high-volume archiving of enormous databanks. The quartz-glass technique relies on lasers pulsing one quadrillion times per second though a modulator that splits each pulse into 256 beams, generating a holographic image that is recorded on self-assembled nanostructures within a disk of fused-quartz glass. The data are stored in a five-dimensional matrix—the size and directional orientation of each nanostructured dot becomes dimensions four and five, in addition to the usual X, Y and Z axes that describe physical location. Files are written in three layers of dots, separated by five micrometers within a disk of quartz glass nicknamed 'Superman memory crystal' by researchers. (Hitachi has also been researching something similar.)"
michaelmalak writes "The annual ACM International Collegiate Programming Contest finished up last week for 2013, but for the first time since its inception in the 1970s, no U.S. college placed in the top 10. Through 1989, a U.S. college won first place every year, but there hasn't been one in first place since 1997. The U.S. college that has won most frequently throughout the contest's history, Stanford, hasn't won since 1991. The 2013 top 10 consists entirely of colleges from Eastern Europe, East Asia, and India."
vinces99 writes "The basics of how a muscle generates power remain the same: Filaments of myosin tugging on filaments of actin shorten, or contract, the muscle – but the power doesn't just come from what's happening straight up and down the length of the muscle, as has been assumed for 50 years. Instead, new research shows that as muscles bulge, the filaments are drawn apart from each other, the myosin tugs at sharper angles over greater distances, and it's that action that deserves credit for half the change in muscle force scientists have been measuring."