An anonymous reader writes "A Microsoft server accesses URLs sent in Skype chat messages, even if they are HTTPS URLs and contain account information. A reader of Heise publications notified Heise Security (link to German website, Google translation). They replicated the observation by sending links via Skype, including one to a private file storage account, and found that these URLs are shortly after accessed from a Microsoft IP address. When confronted, Microsoft claimed that this is part of an effort to detect and filter spam and phishing URLs."
Slashdot is powered by your submissions, so send in your scoop
MojoKid writes "For the past decade, AMD and Intel have been racing each other to incorporate more components into the CPU die. Memory controllers, integrated GPUs, northbridges, and southbridges have all moved closer to a single package, known as SoCs (system-on-a-chip). Now, with Haswell, Intel is set to integrate another important piece of circuitry. When it launches next month, Haswell will be the first x86 CPU to include an on-die voltage regulator module, or VRM. Haswell incorporates a refined VRM on-die that allows for multiple voltage rails and controls voltage for the CPU, on-die GPU, system I/O, integrated memory controller, as well as several other functions. Intel refers to this as a FIVR (Fully Integrated Voltage Regulator), and it apparently eliminates voltage ripple and is significantly more efficient than your traditional motherboard VRM. Added bonus? It's 1/50th the size." Update: 05/14 01:22 GMT by U L : Reader AdamHaun comments: "They already have a test chip that they used to power a ~90W Xeon E7330 for four hours while it ran Linpack. ... Voltage ripple is less than 2mV. Peak efficiency per cell looks like ~76% at 8A. They claim hitting 82% would be easy..." and links to a presentation on the integrated VRM (PDF).
First time accepted submitter He Who Has No Name writes "While the ATF appears to have no open objection to 3D printed firearms at this time, the Department of Defense apparently does. A short while ago, '#DEFCAD has gone dark at the request of the Department of Defense Trade Controls. Take it up with the Secretary of State' appeared on the group's site, and download links for files hosted there began to give users popups warning of the DoD takeover." Well, that didn't take long. Note: As of this writing, the site is returning an error, rather than the message above, but founder Cody Wilson has posted a similar message to twitter. At least the Commander in Chief is in town to deliver the message personally. Update: 05/09 21:17 GMT by T : Tweet aside, that should be Department of State, rather than Department of Defense, as many readers have pointed out. (Thanks!)
New submitter hutsell writes with this excerpt from MIT's Technology Review: "Richard Hughes and his associates at the Los Alamos National Laboratory in New Mexico announced today that they have been sending perfectly secure messages with their Quantum Internet that has been in operation for the last two and a half years." Original paper. Unlike current quantum networks that only allow point-to-point networking, the system at Los Alamos combines traditional and quantum links to route messages through a hub while retaining the security advantages of quantum networking.
crookedvulture writes "AMD has revealed more details about the unified memory architecture of its next-generation Kaveri APU. The chip's CPU and GPU components will have a shared address space and will also share both physical and virtual memory. GPU compute applications should be able to share data between the processor's CPU cores and graphics ALUs, and the caches on those components will be fully coherent. This so-called heterogeneous uniform memory access, or hUMA, supports configurations with either DDR3 or GDDR5 memory. It's also based entirely in hardware and should work with any operating system. Kaveri is due later this year and will also have updated Steamroller CPU cores and a GPU based on the current Graphics Core Next architecture." bigwophh writes links to the Hot Hardware take on the story, and writes "AMD claims that programming for hUMA-enabled platforms should ease software development and potentially lower development costs as well. The technology is supported by mainstream programming languages like Python, C++, and Java, and should allow developers to more simply code for a particular compute resource with no need for special APIs."
"Quirky.com has generated a lot of buzz," writes frequent contributor Bennett Haselton, "but it's hard to see how it could ever be more than a novelty unless they change two key features of their process. Fortunately, they already have all the infrastructure in place for bringing inventions to fruition, so that with these two changes, Quirky really could deliver on their early promise to change the way products get invented." Read on for Bennett's thoughts — which seem more sensible than quirky.
Should Boston have been put in a state of lockdown on Friday as police chased down Dzhokhar Tsarnaev? Pragmatic Bruce Schneier writes on his blog: "I generally give the police a lot of tactical leeway in times like this. The very armed and very dangerous suspects warranted extraordinary treatment. They were perfectly capable of killing again, taking hostages, planting more bombs -- and we didn't know the extent of the plot or the group. That's why I didn't object to the massive police dragnet, the city-wide lock down, and so on." Schneier links to some passionate counterarguments, though. It doesn't escape the originator of a recurring movie plot terrorism contest that the Boston events of yesterday were just "the sort of thing that pretty much only happens in the movies."
An anonymous reader links to an article at Ars explaining the dropping inventory of bridges available to users of the Tor project's encrypted messaging system. They're looking for more bridges, but that doesn't necessarily mean buying new hardware per se. From the article: "After campaigning successfully last year to get more volunteers to run obfuscated Tor bridges to support users in Iran trying to evade state monitoring, the network has lost most of those bridges, according to a message to the Tor relays mailing list by Tor volunteer George Kadiankakis. 'Most of those bridges are down, and fresh ones are needed more than ever,' [Tor volunteer George] Kadiankakis wrote in an e-mail, 'since obfuscated bridges are the only way for people to access Tor in some areas of the world (like China, Iran, and Syria).' For those who want to donate bridges to the Tor network, the easiest route is to use Tor Cloud, an Amazon Web Service Elastic Compute Cloud image created by the Tor Project that allows people to leverage Amazon's free usage tier to deploy a bridge."
benrothke writes "When I first heard about the book The Death of the Internet, it had all the trappings of a second-rate book; a histrionic title and the fact that it had nearly 50 contributors. I have seen far too many books that are pasted together by myriad disparate authors, creating a jerry-rigged book with an ISBN, but little value or substance. The only negative thing about the book is the over the top title, which I think detracts from the important message that is pervasive in it. Other than that, the book is a fascinating read. Editor Markus Jakobsson (Principal Scientist for Consumer Security at PayPal) was able to take the collected wisdom from a large cross-section of expert researchers and engineers, from different countries and nationalities, academic and corporate environments, and create an invaluable and unique reference." Read below for the rest of Ben's review.
An anonymous reader writes "That was quick. Mere hours after Facebook Home arrived on Google Play, the launcher has been modified to remove the device-specific limitation. This means you can use the latest Facebook service on any Android device. The brilliant hackers at XDA Developers have done it again. This particular hack was performed by XDA Senior Member theos0o; who provides details and download links."
chicksdaddy writes "Social Media Widget, a free plug-in for the WordPress blogging platform with more than a million downloads, was restored to WordPress's official plugin directory on Thursday, days after it was found injecting WordPress websites with spam links to web sites offering Pay Day Loans. In a post on a support forum for Social Media Widget (SMW), Samuel Wood, a WordPress administrator, said that WordPress was willing to give SMW and its owner a second chance after he claimed to have been the victim of a contract developer gone rogue. 'Naturally we do take a very hard line on spam, and obviously an author putting malicious code into a plugin is enough grounds for us to bring down the ban hammer,' Wood wrote on Friday. 'But there are natural circumstances where an author may not be at fault.' SMW appears to be such a case. It is one of the 20 most popular WordPress add-ons and allows WordPress web site operators to include links to their other social media accounts. Brendan Sheehan, the owner of SMW, said, 'We trusted the wrong people with our plugin code and take full responsibility. We are a marketing company at heart and are not actually developers, so in order to provide major updates and improvements, we had to seek outside help. Some of these people deceived us and abused our trust and naivety...We will not make this mistake again.' Wood said the folks at Wordpress decided to accept that story — but that they're watching SMW closely. 'Basically, the current maintainer is not a professional programmer, and put his trust in the wrong freelancers to do the coding work for him...We'll be watching the plugin for changes,' he said. 'The plugin is back up for now, and as long as it stays clean, it's fine.'"
adeelarshad82 writes "According to an 18-month study from German independent testing lab AV-Test, searches on Bing returned five times more links to malicious websites than Google searches. The study looked at nearly 40 million websites provided by seven different search engines. About 10 million results came from Bing and another 10 million from Google. 13 million sites were provided by the Russian service Yandex, with the rest coming from Blekko, Faroo, Teoma and Baidu respectively. Of these 40 million sites, AV-Test found 5,000 pieces of malware—and admittedly small percentage of websites."
First time accepted submitter matria writes "MODx is a free, open-source Content Management System and Framework, developed and supported by MODX LLC and a global community. The latest iteration of MODx, called Revolution, is entirely object-oriented. To take advantage of the power of MODx, the developer needs to learn how MODx works and how to use its building blocks to extend it to satisfy his purpose. While there is official documentation and a number of websites with tips and tutorials, as well as an active and friendly forum, for the dedicated developer one of the publications that it is good to be aware of is W. Shawn Wilkerson's MODX Revolution — Building the Web Your Way." Read below for the rest of matria's review.
another random user sends this excerpt from the BBC: "Two film studios have asked Google to take down links to messages sent by them requesting the removal of links connected to film piracy. Google receives 20 million 'takedown' requests, officially known as DMCA (Digital Millennium Copyright Act) notices, every month. They are all published online. Recent submissions by Fox and Universal Studios include requests for the removal of previous takedown notices. ... By making the notices available, Google is unintentionally highlighting the location of allegedly pirated material, say some experts. 'It would only take one skilled coder to index the URLs from the DMCA notices in order to create one of the largest pirate search engines available,' wrote Torrent Freak editor Ernesto Van Der Sar on the site."
New submitter AndyKrish links to the BBC's report that just two days after penning a "leave of presence" in which he says "I am not going away," Roger Ebert — "arguably the world's most famous film critic" — has died of cancer. Ebert was a long-time film critic for the Chicago Sun-Times, as well as (most famously along with Gene Siskel) for a string of television shows. In the course of dealing with persistent cancer that affected his thyroid and jaw, and which took away his voice, Ebert became a prolific blogger on movies as well as other topics, and drew on cutting edge technology to regain the power of speech.
theodp writes "'Someday, and that day may never come,' Don Corleone says famously in The Godfather, 'I'll call upon you to do a service for me.' Back in 2010, filmmaker Lesley Chilcott produced Waiting for 'Superman', a controversial documentary that analyzed the failures of the American public education system, and presented charter schools as a glimmer of hope, including the Bill & Melinda Gates Foundation-backed KIPP Los Angeles Prep. Gates himself was a 'Superman' cast member, lamenting how U.S. public schools are producing 'American Idiots' of no use to high tech firms like Microsoft, forcing them to 'go half-way around the world to recruit the engineers and programmers they needed.' So some found it strange that when Chilcott teamed up with Gates again three years later to make Code.org's documentary short What Most Schools Don't Teach, kids from KIPP Empower Academy were called upon to demonstrate that U.S. schoolchildren are still clueless about what computer programmers do. In a nice coincidence, the film went viral just as leaders of Google, Microsoft, and Facebook pressed President Obama and Congress on immigration reform, citing a dearth of U.S. programming talent. And speaking of coincidences, the lone teacher in the Code.org film (James, Teacher@Mount View Elementary), whose classroom was tapped by Code.org as a model for the nation's schools, is Seattle teacher Jamie Ewing, who took top honors in Microsoft's Partners in Learning (PiL) U.S. Forum last summer, earning him a spot on PiL's 'Team USA' and the chance to showcase his project at the Microsoft PiL Global Forum in Prague in November (82-page Conference Guide). Ironically, had Ewing stuck to teaching the kids Scratch programming, as he's shown doing in the Code.org documentary, Microsoft wouldn't have seen fit to send him to its blowout at 'absolutely amazingly beautiful' Prague Castle. Innovative teaching, at least according to Microsoft's rules, 'must include the use of one or more Microsoft technologies.' Fortunately, Ewing's project — described in his MSDN guest blog post — called for using PowerPoint and Skype. For the curious, here's Microsoft PiL's vision of what a classroom should be."
An anonymous reader writes "Security guru Bruce Schneier contends that money spent on user awareness training could be better spent and that the real failings lie in security design. 'The whole concept of security awareness training demonstrates how the computer industry has failed. We should be designing systems that won't let users choose lousy passwords and don't care what links a user clicks on,' Schneier writes in a blog post on Dark Reading. He says organizations should invest in security training for developers. He goes on, '... computer security is an abstract benefit that gets in the way of enjoying the Internet. Good practices might protect me from a theoretical attack at some time in the future, but they’re a bother right now, and I have more fun things to think about. This is the same trick Facebook uses to get people to give away their privacy. No one reads through new privacy policies; it's much easier to just click "OK" and start chatting with your friends. In short: Security is never salient.'"
MrAndrews writes "After reading a Slashdot story about adblocking and the lively discussion that followed, I got to wondering how else sites can support themselves, if paywalls and ads are both non-starters. Microtransactions have been floated for years, but never seem to take off, possibly because they come off as arbitrary taxation or cumbersome walled-garden novelties. Still, it seems like the idea of microtransactions is still appealing, it's just the wrapping that's always been flawed. I wanted to know how viable the concept really was, so I've created a little experiment to gather some data, to put some real numbers to it. It's a purely voluntary system, where you click 1, 2 or 3-cent links in your bookmark bar, depending on how much you value the page you're visiting. No actual money is involved, it's just theoretical. There's a summary page that tells you how much you would have spent, and I'll be releasing anonymized analyses of the data in the coming weeks. If you're game, please check out the experiment page for more information, and give it a go. Even if you only use it once and forget about it, that says something about the concept right there."
New submitter nifty-c writes "Singapore has invested heavily in higher education partnerships with the U.S. and launched an ambitious program of high-tech research with Western countries, but recent events have opened these links to controversy. Prof. Cherian George at Nanyang Technological University (NTU), Singapore, is a communication and information school professor and an outspoken critic of his government's censorship of the Internet. NTU recently fired him, sparking an outcry from critics who claim political interference. This week a group of faculty and affiliates at Harvard's Berkman Center for Internet & Society has 'strongly caution[ed]...colleagues working in the area of Internet and society in any dealings with Singaporean universities.'"