snydeq writes "Changes in Microsoft's forthcoming upgrade to Windows 8 reveal the dark underbelly of Microsoft's evolving agenda, one that finds pieces of Windows 8 inexplicably disappearing and a new feature that allows Microsoft to track your local searches cropping up, InfoWorld's Woody Leonhard reports. 'As Windows 8.1 Milestone Preview testers push and prod their way into the dark corners of Windows 8.1 "Blue," they're finding a bunch of things that go bump in the night. From new and likely unwelcome features, to nudges into the Microsoft data tracking sphere, to entire lopped-off pieces of Windows 8, it looks like Microsoft is changing Windows to further its own agenda.'" A lot of the stuff the article gripes about are what Google has been doing for ages with Android: requiring a Microsoft account, funneling users to their services first, tracking your system usage, etc.
Catch up on stories from the past week (and beyond) at the Slashdot story archive
darthcamaro writes "UEFI Secure Boot is a problem that only desktop users need to worry about right? Well kinda/sorta/maybe not. SeSE today is releasing SUSE Linux Enterprise 11 SP3 which will include for the first time — support for UEFI Secure Boot. Apparently SUSE sees market demand for Secure Boot on servers too. Quoting Matthias Eckermann, Senior Product Manager at SUSE: 'Our market analysis shows that UEFI Secure Boot is a UEFI extension that does not only cover desktops, but might very well also be deployed and even required on server systems going forward.'"
chicksdaddy writes with news of a Proof-of-Concept exploit for the recent Android APK signature vulnerability. From the article: "Pau Oliva Fora, a security researcher for the firm Via Forensics, published a small, proof of concept module on GitHub that exploits the flaw in the way Android verifies the authenticity of signed mobile applications. The flaw was first disclosed last week by Jeff Forristal, the Chief Technology Officer at Bluebox Security, ahead of a presentation at the Black Hat Briefings in August. ... The simple program leverages APKTool, an open source tool for reverse engineering Android applications — decompiling and then recompiling their contents. His script allows a user to select and then decompile a legitimate Android application and then recompile it, creating an altered, 'malicious' APK that will have the same, cryptographic signature as the original file. In an e-mail statement, Google said that a patch for Forristal's vulnerability was provided to Google's OEM and carrier partners in March, and that some (Samsung) have already shipping a patched version of Android to customers. However, that response hasn't been universal — a reflection of Android's fragmented install base."
jfruh writes "In March of 2012 legendary game designers Tim Schafer and Ron Gilbert ran a Kickstarter to design a new adventure game, asked for $400,000, and came away with more than $3.3 million. Their promised delivery date was October 2012. Now it's July 2013, and the project still needs cash, which they plan to raise by selling an 'early release' version on Steam in January 2014. One possible lesson: radically overshooting your crowdfunding goal can cause you to wildly expand your ambitions, leading to a project that can't be tamed."
First time accepted submitter Kingston writes "In a radical change to the English National Curriculum, Michael Gove, the Education Secretary has announced ambitious changes to the technology syllabus. Children will be introduced to programming and debugging from the age of 5. Secondary schools (age 11 and up) will be required to have a 3D printer and introduce children to laser cutters and robotics in the design and technology course. The much derided ICT (Information and Communications Technology) subject will be overhauled to teach 'several' programming languages to children so that they can 'design, use and evaluate computational abstractions that model the state and behavior of real-world problems and physical systems.'"
Nerval's Lobster writes "The topic of dealing with insider threats has entered the spotlight in a big way recently thanks to Edward Snowden. A former contractor who worked as an IT administrator for the National Security Agency via Booz Allen Hamilton, Snowden rocked the public with his controversial (and unauthorized) disclosure of top secret documents describing the NSA's telecommunications and Internet surveillance programs to The Guardian. Achieving a layer of solid protection from insiders is a complex issue; when it comes to protecting a business's data, organizations more often focus on threats from the outside. But when a trusted employee or contractor uses privileged access to take company data, the aftermath can be as catastrophic to the business or organization as an outside attack. An administrator can block removal of sensitive data via removable media (Snowden apparently lifted sensitive NSA data using a USB device) by disabling USB slots or controlling them via access or profile, or relying on DLP (which has its own issues). They can install software that monitors systems and does its best to detect unusual employee behavior, but many offerings in this category don't go quite far enough. They can track data as it moves through the network. But all of these security practices come with vulnerabilities. What do you think the best way is to lock down a system against malicious insiders?"
cold fjord writes "From the Examiner: '...the second-largest employer in America is Kelly Services, a temporary work provider. ... part-time jobs are at an all-time high, with 28 million Americans now working part-time. ... There are now a record number of Americans with temporary jobs. Approximately 2.7 million, in fact. And the trend has been growing. ... Temp jobs made up about 10 percent of the jobs lost during the Great Recession, but now make up a tenth of the jobs in the United States. In fact, nearly one-fifth of all jobs gained since the recession ended have been temporary.' The NYT has a chart detailing the problem."
Michael Ross writes "As a hugely popular scripting language with an 18-year history, PHP has been the topic of countless computer language books. One of the most comprehensive offerings has been Programming PHP, published by O'Reilly Media. The first edition appeared in March 2002, and was written by Rasmus Lerdorf (the original developer of PHP) and Kevin Tatroe. A second edition was released in May 2006, and saw the addition of another co-author, Peter MacIntyre. With the many changes to the language during the past seven years, the book has again been updated, to cover all of the major new features made available in version 5 of PHP." Keep reading for the rest of Michael's review.
UT Austin tends not to do things by half measures, as illustrated by the Texas Advanced Computing Center, which has been home to an evolving family of supercomputing clusters. The latest of these, Stampede, was first mentioned here back in 2011, before it was actually constructed. In the time since, Stampede has been not only completed, but upgraded; it's just successfully completed a successful six months since its last major update — the labor-intensive installation of Xeon Phi processors throughout 106 densely packed racks. I visited TACC, camera in hand, to take a look at this megawatt-eating electronic hive (well, herd) and talk with director of high-performance computing Bill Barth, who has insight into what it's like both as an end-user (both commercial and academic projects get to use Stampede) and as an administrator on such a big system.
An anonymous reader writes "Apple on Monday released iOS 7 beta 3 for the iPhone, iPad and iPod touch to developers. Apple unveiled iOS 7 during its WWDC 2013 keynote in early June, and the new software was met with mixed responses. While some believe iOS 7 is a big leap forward in terms of innovation, BGR said that iOS 7 focused mainly on renovation rather than the introduction of innovative new features. Of course, Apple still may have some surprises in store for the release version of iOS 7 this fall, especially considering the next-generation iPhone 5S is expected to launch around the same time with an integrated fingerprint scanner."
cylonlover writes "Li-ion batteries may be ok for your smartphone, but when it comes to large-scale energy storage, the priorities suddenly shift from compactness and cycling performance (at which Li-ion batteries excel) to low cost and environmental feasibility (in which Li-ion batteries still have much room for improvement). A new 'wood battery' could allow the emerging sodium-ion battery technology to fit the bill as a long-lasting, efficient and environmentally friendly battery for large-scale energy storage."
First time accepted submitter Dr_Ish writes "The BBC is reporting that the opening ceremonies of last the Olympics last year were potentially subject to a cyber attack that could have cut all the lights and power. Of course, it did not happen. However, the interesting question is whether this is real, or whether this is a FUD story promoted by GCHQ to help shore up some credibility issues."
Bob the Super Hamste writes "CNN Money has an article on computerized trading; specifically, the non-public markets that are often used to execute orders. The company that the article discusses executes 1/8 of all stock trades in the U.S., or about 900 million trades a day. For comparison, the NYSE executes about 700 million trades. The article discusses 'dark pools,' or private markets where quotes aren't disclosed to the broader public markets. If the company is unable to fill an order from within its own dark pool, it will submit the order to the broader public market (13 public exchanges), as well as up to 20 other private dark pools. The quotes offered by the private dark pools, by law, have to be the same or a better quote than those offered on public exchanges. There have been recent questions about whether the quotes provided by dark pools have been the best for customers and there is a current investigation by FINRA into the methods used by market makers and dark pool operators to fill orders."
hypnosec writes "Nintendo has revealed that it has detected illicit logins in nearly 24,000 accounts on one of the main fan sites in Japan 'Club Nintendo' and account details such as real names, addresses, emails and phone numbers may have been accessed. According to Nintendo the mass login attempts have been made using a list of login credentials containing usernames and password obtained from some service other than Nintendo. The company revealed that it detected over 15 million login attempts out of which 23,926 were successful."
judgecorp writes "MIT's Immersion project sifts your Gmail, and constructs a map of your associations. Without opening a single message, it gives a clear view of who you connect with. It's a glimpse of some of what the NSA PRISM can do. From the article: 'You can assume that if the NSA is looking at your email, the information in Immersion is similar to what they will see. Consider that they probably see all of your email addresses (and not just Gmail) and that the metadata is examined along with the metadata from everyone you’ve corresponded with, and you can see just how much can be inferred from this data alone.'"