"Google Chrome users have been contacting me wondering why they no longer could access the detailed status of Chrome https: connections, or view the organization and other data associated with SSL certificates for those connections," writes Slashdot reader Lauren Weinstein, adding "Google took a simple click in an intuitive place and replaced it with a bunch of clicks scattered around." Up to now for the stable version of Chrome, you simply clicked the little green padlock icon on an https: connection, clicked on the "Details" link that appeared, and a panel then opened that gave you that status, along with an obvious button to click for viewing the actual certificate data such as Organization, issuance and expiration dates, etc. Suddenly, that "Details" link no longer is present...

The full certificate data is available from the "Developers tools" panel under the "Security" label. In fact, that's where this info has been for quite some time, but since the now missing "Details" link took you directly to that panel, most users probably didn't even realize that they were deep in the Developers tools section of the browser.
On some systems you can just press F12, but the alternate route is to click on the three vertical dots in the upper right, then select "More Tools", and then "Developer Tools". (And if you don't then see "Security", click on the " >>".)

Elon Musk's SpaceX rocket company has been cleared to resume flying following a launch pad explosion four months ago, the U.S. Federal Aviation Administration said on Friday. From a report on Fortune: The decision clears SpaceX to attempt to launch a Falcon 9 rocket carrying 10 Iridium Communications satellites as early as Monday, a day later than originally planned. SpaceX, owned by Tesla Motors Chief Executive Officer Musk, on Friday declined to comment about what caused the delay. Liftoff from Vandenberg Air Force Base in California is targeted for around 10:26 a.m. PST/1:26 p.m. EST. The FAA, which oversees commercial U.S. space launches, oversaw SpaceX's investigation into why a Falcon 9 rocket burst into flames on a launch pad in Florida as it was being fueled for a routine, prelaunch test on Sept. 1. The accident destroyed the $62 million booster and a $200 million Israeli communications satellite that had been partly leased by Facebook to expand Internet access in Africa.

Reader Trailrunner7 writes: New research from a team at Johns Hopkins University shows that there are serious problems with the way Apple implemented encryption on its iMessage system, leaving it open to retrospective decryption attacks that can reveal the contents of all of a victim's past iMessage texts. The iMessage system, like much of what Apple does, is opaque and its inner workings have not been made available to outsiders. One of the key things that is known about the system is that messages are encrypted from end to end and Apple has said that it does not have the ability to decrypt users' messages. The researchers at JHU, led by Matthew Green, a professor of computer science at the school, reverse engineered the iMessage protocol and discovered that Apple made some mistakes in its encryption implementation that could allow an attacker who has access to encrypted messages to decrypt them.The team discovered that Apple doesn't rotate encryption keys at regular intervals (most encryption protocols such as OTR and Signal do). This means that the same attack can be used on iMessage historical data, which is often backed up inside iCloud. Apple was notified of the issue as early as November 2015 and it rolled out a patch for the iMessage protocol in iOS 9.3 and OS X 10.11.4.

Cory Doctorow, writes for BoingBoing: The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. EFF is representing two clients in its lawsuit: Andrew "bunnie" Huang, a legendary hardware hacker whose NeTV product lets users put overlays on DRM-restricted digital video signals; and Matthew Green, a heavyweight security researcher at Johns Hopkins who has an NSF grant to investigate medical record systems and whose research plans encompass the security of industrial firewalls and finance-industry "black boxes" used to manage the cryptographic security of billions of financial transactions every day. Both clients reflect the deep constitutional flaws in the DMCA, and both have standing to sue the US government to challenge DMCA 1201 because of its serious criminal provisions (5 years in prison and a $500K fine for a first offense).Doctorow has explained aspects of this for The Guardian today. You should also check Huang's blog post on this.

An anonymous reader writes: Alphabet's Google has quietly scored a major coup in its campaign to become an enterprise cloud computing powerhouse, landing Apple as a customer for the Google Cloud Platform, multiple sources with knowledge of the matter told CRN this week. Previously, Apple had acknowledge using Amazon Web Services (AWS) and Microsoft Azure's rival cloud computing platforms in addition to its own data centers. None of the services would have access to iCloud users' records. "The iCloud information is not at risk of being breached or otherwise observed by the ultimate owners of the platforms it resides on because of the very heavy encryption and partitioning technologies used," commended Chris Green, a tech expert at the consultancy Lewis. CRN has mentioned the agreement between the two companies was done late last year.

An anonymous reader writes with this bit of news from the Intercept. If you login to Windows 10 using your Microsoft account, your computer automatically uploads a copy of your recovery key to a Microsoft servers. From the article: "The fact that new Windows devices require users to backup their recovery key on Microsoft's servers is remarkably similar to a key escrow system, but with an important difference. Users can choose to delete recovery keys from their Microsoft accounts – something that people never had the option to do with the Clipper chip system. But they can only delete it after they've already uploaded it to the cloud.....As soon as your recovery key leaves your computer, you have no way of knowing its fate. A hacker could have already hacked your Microsoft account and can make a copy of your recovery key before you have time to delete it. Or Microsoft itself could get hacked, or could have hired a rogue employee with access to user data. Or a law enforcement or spy agency could send Microsoft a request for all data in your account, which would legally compel them to hand over your recovery key, which they could do even if the first thing you do after setting up your computer is delete it. As Matthew Green, professor of cryptography at Johns Hopkins University puts it, 'Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees.'"

New submitter Gaglia writes: PLAID, the Australian 'unbreakable' smart card identification protocol has been recently analyzed in this scientific paper (disclaimer: I am one of the authors, and this is a personal statement.)

Technically, the protocol is a disaster. In addition to many questionable design choices, we found ways for tracing user identities and recover card access capabilities. The attacks are efficient (few seconds on 'home' hardware in some cases), and involve funny techniques such as RSA moduli fingerprinting and... German tanks. See this entry on Matt Green's crypto blog for a pleasant-to-read explanation.

But the story behind PLAID's standardization is possibly even more disturbing. PLAID was pushed into ISO with a so-called "fast track" procedure. Technical loopholes made it possible to cut off from any discussion the ISO groups responsible for crypto and security analysis. Concerns from tech-savvy experts in the other national panels were dismissed or ignored. We contacted ISO and CERT Australia before going public with our paper, but all we got was a questionable and somewhat irate response (PDF) by PLAID's project editor (our reply here). Despite every possible evidence of bad design, PLAID is now approved as ISO standard, and is coming to you very soon inside security products which will advertise non-existing privacy capabilities.

The detailed story of PLAID in the paper is worth a read, and casts many doubts on the efficacy of the most important standardizing body in the world. It is interesting to see how a "cryptography" product can be approved at ISO without undergoing any real security scrutiny.

On a related note, the enthusiastic comments to PLAID's design made by a few readers in the old Slashdot story reminds us as a cautionary tale that you need cryptographers to assess the security of cryptography. Quoting Bruce Schneier: amateurs produce amateur cryptography.

New submitter tanstaaf1 writes: I was thinking about the whole tracking and privacy train-wreck and I'm wondering why specific information on how it is done, and how it can be micromanaged or undone by a decent programmer (at least), isn't vastly more accessible? By searching, I can only find information on how to erase cookies using the browser. Browser level (black box) solutions aren't anywhere near good enough; if it were, the exploits would be few and far between instead everywhere everyday. Read below for the rest of tanstaaf1's question.

vivaoporto writes: Techdirt reports on a plan to run an anti-Google smear campaign via the Today Show and the WSJ discovered in MPAA emails. Despite the resistance of the Hollywood studios to comply with the subpoenas obtained by Google concerning their relationship with Mississippi Attorney General Jim Hood (whose investigation of the company appeared to actually be run by the MPAA and the studios themselves) one of the few emails that Google have been able to get access to so far was revealed this Thursday in a filling. It's an email between the MPAA and two of Jim Hood's top lawyers in the Mississippi AG's office, discussing the big plan to "hurt" Google.

The lawyers from Hood's office flat out admit that they're expecting the MPAA and the major studios to have its media arms run a coordinated propaganda campaign of bogus anti-Google stories. One email reads: "Media: We want to make sure that the media is at the NAAG meeting. We propose working with MPAA (Vans), Comcast, and NewsCorp (Bill Guidera) to see about working with a PR firm to create an attack on Google (and others who are resisting AG efforts to address online piracy). This PR firm can be funded through a nonprofit dedicated to IP issues. The "live buys" should be available for the media to see, followed by a segment the next day on the Today Show (David green can help with this). After the Today Show segment, you want to have a large investor of Google (George can help us determine that) come forward and say that Google needs to change its behavior/demand reform. Next, you want NewsCorp to develop and place an editorial in the WSJ emphasizing that Google's stock will lose value in the face of a sustained attack by AGs and noting some of the possible causes of action we have developed."

As Google notes in its legal filing about this email, the "plan" states that if this effort fails, then the next step will be to file the subpoena (technically a CID or "civil investigatory demand") on Google, written by the MPAA but signed by Hood. This makes it pretty clear that the MPAA, studios and Hood were working hand in hand in all of this and that the subpoena had no legitimate purpose behind it, but rather was the final step in a coordinated media campaign to pressure Google to change the way its search engine works.

theodp writes: Microsoft is applauding the Senate's passage of the Every Child Achieves Act, a rewrite of the No Child Left Behind Act, saying the move will improve access to K-12 STEM learning nationwide. The legislation elevates Computer Science to a "core academic subject", opening the door to a number of funding opportunities. The major overhaul of the U.S. K-12 education system, adds Microsoft on the Issues, also "advances some of the goals outlined in Microsoft's National Talent Strategy," its "two-pronged" plan to increase K-12 CS education and tech immigration. Perhaps Microsoft is tackling the latter goal in under-the-radar White House visits with the leaders of Mark Zuckerberg's FWD.us PAC, like this one, attended by Microsoft's William "It's Our Way Or the Canadian Highway" Kamela and FWD.us President Joe "Save Us From Just-Sort-of-OK US Workers" Green.

An anonymous reader writes: Stephen Hawking is joining forces with Russian billionaire Yuri Milner to start a $100 million effort to search the skies for signs of alien life. The initiative is called Breakthrough Listen, which will pay for large amounts of access to the Green Bank Telescope and the Parkes Telescope to scan the skies for signals over the next 10 years. They say the search will be 50 times more sensitive than previous attempts, cover 10 times more of the sky, and scan a greater portion of the radio spectrum 100x faster. They add, "All data will be open to the public. This will likely constitute the largest amount of scientific data ever made available to the public. The Breakthrough Listen team will use and develop the most powerful software for sifting and searching this flood of data. All software will be open source." The project is also supported by Frank Drake, Ann Druyan, and Lord Martin Rees.

theodp writes: Their intentions are no doubt good, but some will be troubled by Google and Khan Academy's recently-concluded LearnStorm initiative, which pitted kids-against-kids, schools-against-schools, and cities-against-cities in a 3-month learning challenge for prizes based not only on students' mastery of math skills on Khan Academy, but also their perceived 'hustle' (aka 'grit'). "Points are earned by mastering math skills and also for taking on challenging new concepts and persevering," explained a Khan Academy FAQ. A blog entry further explained, "They've earned points and prizes not only for mastering math skills but also for showing 'hustle,' a metric we created to measure grit, perseverance, and growth. They competed over 200,000 hours of learning and 13.6 million standards-aligned math problems. In addition, thanks to the generosity of Google.org, DonorsChoose.org, and Comcast's Internet Essentials, 34 underserved schools unlocked new devices for their classrooms and free home internet service for eligible families, increasing student access to online learning tools like Khan Academy." Apparently funded by a $2 million Google grant, the Google, Khan Academy, and DonorsChoose grit-based classroom funding comes on the heels of the same organizations' gender-based classroom funding initiative. Supported by some of the world's wealthiest individuals and corporations, Khan Academy's Board members include a Google Board member (Diane Green), spouse of a Google Board member (Ann Doerr), and the Managing Partner of Bill Gates' bgC3 (Larry Cohen); former Board members include Google Executive Chairman Eric Schmidt.

Bismillah writes Opposition from the Green Party and independent members of parliament wasn't enough to stop the ruling conservative Liberal-National coalition from passing Australia's new law that will force telcos and ISPs to store customer metadata for at least two years. Journalists' metadata is not exempted from the retention law, but requires a warrant to access. The metadata of everyone else can be accessed by unspecified government agencies without a warrant however.

cold fjord writes The Local (DE) reports, "The Bundesnachrichtendienst (BND), Germany's foreign intelligence service, spied on some citizens living abroad, a former lawyer for the spies told MPs on Thursday. Dr Stefan Burbaum ... said that some Germans were targeted as "office holders," a legal loophole the spies used to circumvent the law that protects Germans citizens from being spied on by its own intelligence agency. ... the German spies argue that a citizen working for a foreign company abroad is only protected in his private life, not in his professional communications ... "The office holder is the legal person," Burbaum said. ... "This construct of an office holder is just as absurd in practice as it appears in the law," Konstantin von Notz of the Green party said. Further, foreigners' communications conducted abroad are not protected, even if they are in contact with German people or work for a German company. MPs ... criticized the BND's ability to operate in a "lawless zone" when it came to spying on foreigners. ... the BND regularly retains traffic which it had not received specific permission to investigate which it collects during such trawls. In this way, access acquired under the "G10 law" becomes a "foot in the door" to otherwise closed-off sources of data, Burbaum said." The parliamentary investigation was initiated by reports that Chancellor Merkel's phone was being tapped by NSA, but later it was found that at least five countries were tapping Merkel's phone.

grouchomarxist writes with word that "The 2014 Nobel Prize in Physics has been awarded to Isamu Akasaki, Hiroshi Amano and Shuji Nakamura, the inventors of the blue LED." From the organization's press release: When Isamu Akasaki, Hiroshi Amano and Shuji Nakamura produced bright blue light beams from their semi-conductors in the early 1990s, they triggered a fundamental transformation of lighting technology. Red and green diodes had been around for a long time but without blue light, white lamps could not be created. Despite considerable efforts, both in the scientific community and in industry, the blue LED had remained a challenge for three decades. They succeeded where everyone else had failed. Akasaki worked together with Amano at the University of Nagoya, while Nakamura was employed at Nichia Chemicals, a small company in Tokushima. Their inventions were revolutionary. Incandescent light bulbs lit the 20th century; the 21st century will be lit by LED lamps. White LED lamps emit a bright white light, are long-lasting and energy-efficient. They are constantly improved, getting more efficient with higher luminous flux (measured in lumen) per unit electrical input power (measured in watt). The most recent record is just over 300 lm/W, which can be compared to 16 for regular light bulbs and close to 70 for fluorescent lamps. As about one fourth of world electricity consumption is used for lighting purposes, the LEDs contribute to saving the Earth's resources. Materials consumption is also diminished as LEDs last up to 100,000 hours, compared to 1,000 for incandescent bulbs and 10,000 hours for fluorescent lights. The LED lamp holds great promise for increasing the quality of life for over 1.5 billion people around the world who lack access to electricity grids: due to low power requirements it can be powered by cheap local solar power.

A while ago you had the chance to ask amateur scientist, and author of the Getting Started in Electronics and the Engineer's Mini-Notebook series, Forrest Mims, a number of questions about science, engineering, and a lifetime of educating and experimenting. Below you'll find his detailed answers to those questions.

The FCC's plan to use fees collected from big telecom companies to expand Internet infrastructure in rural parts of the U.S. was given a green light yesterday in Denver, by the 10th Circuit Court of Appeals. Those telecoms maintained that the FCC's mandate did not extend to using the money to pay for Internet service, but a three-judge panel dismissed their challenge. From The Verge: "The FCC originally pitched the program as part of the Universal Service Fund in 2011, noting in a report a year earlier that approximately 14 million people did not have access to broadband. The Connect America Fund aimed to use a portion of customer bills in other areas of the country to build out broadband infrastructure, including cellular data networks in those areas. That would begin with $300 million at the start, and up to $500 million as part of an annual budget."

jfruh (300774) writes "Security vendors like Trustwave can make big bucks when major companies decide they don't have the internal resources to handle their cybersecurity needs. Unfortunately, when taking on security chores, you also take on security liabilities. In the wake of Target's massive credit card security breach, both Target and Trustwave are now on the receiving end of a class action lawsuit, in part backed by banks that had to issue thousands of new credit cards." The filing, and a bit more from El Reg: "It's against Target, however, that the most serious allegations are levelled. The class action led by Trustmark National Bank and Green Bank, say the retailer should not have allowed an outside contractor the access to its network that brought about the breach, and that it violated federal and state laws in storing the credit card data on its network."

Hugh Pickens DOT Com writes "Kate Murphy reports at the NYT about a growing number of so-called agrihoods, residential developments where a working farm is the central feature, in the same way that other communities may cluster around a golf course, pool or fitness center. At least a dozen projects across the country are thriving, enlisting thousands of home buyers who crave access to open space, verdant fields and fresh food. 'I hear from developers all the time about this,' says Ed McMahon. 'They've figured out that unlike a golf course, which costs millions to build and millions to maintain, they can provide green space that actually earns a profit.'

Agritopia, outside Phoenix, has sixteen acres of certified organic farmland, with row crops (artichokes to zucchini), fruit trees (citrus, nectarine, peach, apple, olive and date) and livestock (chickens and sheep). Fences gripped by grapevines and blackberry bushes separate the farm from the community's 452 single-family homes, each with a wide front porch and sidewalks close enough to encourage conversation. The hub of neighborhood life is a small square overlooking the farm, with a coffeehouse, farm-to-table restaurant and honor-system farm stand. The square is also where residents line up on Wednesday evenings to claim their bulging boxes of just-harvested produce, eggs and honey, which come with a $100-a-month membership in the community-supported agriculture, or CSA, program.

'Wednesday is the highlight of my week,' says Ben Wyffels. 'To be able to walk down the street with my kids and get fresh, healthy food is amazing.' Because the Agritopia farm is self-sustaining, no fees are charged to support it, other than the cost of buying produce at the farm stand or joining the CSA. Agritopia was among the first agrihoods — like Serenbe in Chattahoochee Hills, Ga.; Prairie Crossing in Grayslake, Ill.; South Village in South Burlington, Vt.; and Hidden Springs in Boise, Idaho. 'The interest is so great, we're kind of terrified trying to catch up with all the calls,' says Quint Redmond adding that in addition to developers, he hears from homeowners' associations and golf course operators who want to transform their costly-to-maintain green spaces into revenue-generating farms. Driving the demand, Redmond says, are the local-food movement and the aspirations of many Americans to be gentlemen (or gentlewomen) farmers. 'Everybody wants to be Thomas Jefferson these days.'" The city of Detroit is planning a 26.9-acre urban farm project on one of its vacant high school properties. Produce from the project will be included in meals for students in the district and later to the larger community.

benrothke writes "At first glance, The Art of the Data Center: A Look Inside the Worlds Most Innovative and Compelling Computing Environments appears like a standard coffee table book with some great visuals and photos of various data centers throughout the world. Once you get a few pages into the book, you see it is indeed not a light-read coffee table book, rather a insightful book where some of the brightest minds in the industry share their insights on data center design and construction." Read below for the rest of Ben's review.