Toshito writes Desjardins Insurance has launched a smartphone app that tracks driver behaviour in return for the promise of substantial savings on car insurance. Two years ago, Desjardins began offering a telematic device that plugs into a vehicle's diagnostic port, to track acceleration, hard braking and the time of day you were driving, for instance. Now, there's no plug-in device required. With Desjardins's new Ajusto app, all you need is your smartphone. But this comes with great concerns over privacy, and problems have been reported where the device was logging data when the user was riding a bus instead of driving his own car.

Michael Ross writes As with any content management system, building a website using Drupal typically requires extensive use of its administrative interface, as one navigates through its menus, fills out its forms, and reads the admin pages and notifications — or barely skims them, as they have likely been seen by the site builder countless times before. With the aim of avoiding this tedium, speeding up the process, and making it more programmatic, members of the Drupal community created a "shell" program, Drush, which allows one to perform most of these tasks on the command line. At this time, there is only one current print book that covers this tool, Drush for Developers, Second Edition, which is ostensibly an update of its predecessor, Drush User's Guide. Read below for the rest of Michael's review.

benrothke writes Technology is neutral and amoral. It's the implementers and users who define its use. In Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It, author Marc Goodman spends nearly 400 pages describing the dark side of technology, and those who use it for nefarious purposes. He provides a fascinating overview of how every major technology can be used to benefit society, and how it can also be exploited by those on the other side. Keep reading for the rest of Ben's review.

jfruh writes PayPal may not be a bank, but it's still legally required to follow regulations on transferring money — but the company has admitted to a number of violations, including allowing transfers to an individual specifically sanctioned by the U.S. State Department for helping proliferate nuclear weapons. From Ars: "On Wednesday afternoon, PayPal reached a settlement with the US Treasury Department, agreeing that it would pay $7.7 million for allegedly processing payments to people in countries under sanction as well as to a man the US has listed as involved in the nuclear weapons black market. The company neither confirmed nor denied the allegations, but it voluntarily handed over its transaction data to the US Department of Treasury’s Office of Foreign Assets Control (OFAC)."

benrothke writes Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues that place increasing burden on security, systems and network administrators. This creates a large amount of information and log data without a formal mechanism to deal with it. This has led to many organizations creating a security operations center (SOC). A SOC in its most basic form is the centralized team that deals with information security incidents and related issues. In Designing and Building a Security Operations Center, author David Nathans provides the basics on how that can be done. Keep reading for the rest of Ben's review

The New York Times reports that Cablevision Systems plans to announce on Monday the start of a low-cost mobile phone service that will use Wi-Fi for connectivity rather than standard cellular networks, the first such service to be introduced by a cable operator. Called Freewheel, the service will offer unlimited data, talking and texting worldwide for $29.95 a month, or $9.95 a month for Cablevision’s Optimum Online customers — a steep discount compared with standard offerings from traditional cellular carriers. Freewheel customers initially must use a specific Motorola Moto G smartphone, which is being sold for $99.95. The service goes on sale next month, and no annual contract is required. (Reuters carries a similar story.)

samzenpus (5) writes "Alexander Stepanov is an award winning programmer who designed the C++ Standard Template Library. Daniel E. Rose is a programmer, research scientist, and is the Chief Scientist for Search at A9.com. In addition to working together, the duo have recently written a new book titled, From Mathematics to Generic Programming. Earlier this month you had a chance to ask the pair about their book, their work, or programming in general. Below you'll find the answers to those questions."

New submitter brynet tips this news from Theo de Raadt: Over the last two months Mike Larkin (mlarkin@) modified the amd64 kernel to follow the W^X principles. It started as a humble exercise to fix the .rodata segment, and kind of went crazy. As a result, no part of the kernel address space is writeable and executable simultaneously. At least that is the idea, modulo mistakes. Final attention to detail (which some of you experienced in buggy drafts in snapshots) was to make the MP and ACPI trampolines follow W^X, furthermore they are unmapped when not required. Final picture is many architectures were improved, but amd64 and sparc64 look the best due to MMU features available to service the W^X model. The entire safety model is also improved by a limited form of kernel ASLR (the code segment does not move around yet, but data and page table ASLR is fairly good."

HughPickens.com writes IMSI catchers, otherwise known as stingrays, are those surveillance tools that masquerade as cell towers and trick mobile phones into connecting, spewing private data in the process. Law-enforcement agencies have been using them for almost two decades, but there's never been a good way for individuals to detect them. Now Lily Hay Newman reports that SnoopSnitch scans for radio signals that indicate a transition to a stingray from a legitimate cell tower. "SnoopSnitch collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates." say German security researchers Alex Senier, Karsten Nohl, and Tobias Engel, creators of the app which is available now only for Android. The app can't protect people's phones from connecting to stingrays in the first place, but it can at least let them know that there is surveillance happening in a given area. "There's no one set of information, taken by itself, that allows you to detect an IMSI catcher," says Nohl. "But we do stream analysis of everything that happens on your phone, and can come out with a warning if it crosses a certain threshold."

Stingrays have garnered attention since a 2011 Arizona court case in which one agent admitted in an affidavit that the tool collaterally swept up data on "innocent, non-target devices" (U.S. v. Rigmaiden). The government eventually conceded in this case that the "tracking operation was a Fourth Amendment search and seizure," meaning it required a warrant. But given that the Justice Department has continued to claim that cellphone users have no reasonable expectation of privacy over their location data, it may take a Supreme Court judgement to settle the Stingray issue countrywide.

schwit1 writes After Obamacare required hospitals to convert all health records into electronic files, those records are now very vulnerable, and experts expect hackers to target them in the coming years. From the article: "Along with vast troves of credit card information and celebrity snapshots, hackers stole a record number of medical records from U.S. health-care facilities this year. In 2015, attacks targeting health data will become even more common, according to security researchers....The cause of the uptick isn't hard to diagnose. Medical organizations across the world are switching to electronic medical records, and computer security is not always a high enough priority during the process, says Leonard. Besides that, he says, easy and fast access to medical information often trumps security."

MojoKid writes To say that BioWare has something to prove with Dragon Age: Inquisition is an understatement. The first Dragon Age: Origins was a colossal, sprawling, unabashed throwback to classic RPGs. Conversely, Dragon Age: Inquisition doesn't just tell an epic story, it evolves in a way that leaves you, as the Inquisitor, leading an army. Creating that sense of scope required a fundamentally different approach to gameplay. Neither Dragon Origins or Dragon Age 2 had a true "open" world in the sense that Skyrim is an open world. Instead, players clicked on a location and auto-traveled across the map from Point A to Point B. Thus, a village might be contained within a single map, while a major city might have 10-12 different locations to explore. Inquisition keeps the concept of maps as opposed to a completely open world, but it blows those maps up to gargantuan sizes. Instead of simply consisting of a single town or a bit of wilderness, the new maps in Dragon Age: Inquisition are chock-full of areas to explore, side quests, crafting materials to gather, and caves, dungeons, mountain peaks, flowing rivers, and roving bands of monsters. And Inquisition doesn't forget the small stuff — the companion quests, the fleshed-out NPCs, or the rich storytelling — it just seeks to put those events in a much larger context across a broad geographical area. Dragon Age: Inquisition is one of the best RPGs to come along in a long time. Never has a game tried to straddle both the large-scale, 10,000-foot master plan and the small-scale, intimate adventure and hit both so well. In terms of graphics performance, you might be surprised to learn that a Radeon R9 290X has better frame delivery than a GeForce GTX 980, despite the similarity in the overall frame rate. The worst frame time for an Radeon R9 290X is just 38.5ms or 26 FPS while a GeForce GTX 980 is at 46.7ms or 21 FPS. AMD takes home an overall win in Dragon Age: Inquisition currently, though Mantle support isn't really ready for prime time. In related news, hypnosec sends word that Chinese hackers claim to have cracked Denuvo DRM, the anti-piracy solution for Dragon Age: Inquisition. A Chinese hacker group has claimed that they have managed to crack Denuvo DRM — the latest anti-piracy measure to protect PC games from piracy. Introduced for the first time in FIFA 15 for PC, the Denuvo anti-piracy solution managed to keep the FIFA 15 uncracked for 2 months and Dragon Age Inquisition for a month. However, Chinese hackers claim that they have managed to rip open the DRM after fifteen days of work. The hackers have uploaded a video to prove their accomplishment. A couple of things need to be pointed out here. First,the Chinese team has merely cracked the DRM and this doesn't necessarily mean that there are working cracks out there. Also, the crack only works with Windows 7 64-bit systems and won't work on Windows 8 or Windows 7 32-bit systems for now. The team is currently working to collect hardware data on processor identification codes.

HughPickens.com writes Most major American cities have long used a system to limit the number of operating taxicabs, typically a medallion system: Drivers must own or rent a medallion to operate a taxi, and the city issues a fixed number of them. Now Josh Barro reports at the NYT that in major cities throughout the United States, taxi medallion prices are tumbling as taxis face competition from car-service apps like Uber and Lyft. The average price of an individual New York City taxi medallion fell to $872,000 in October, down 17 percent from a peak reached in the spring of 2013, according to an analysis of sales data. "I'm already at peace with the idea that I'm going to go bankrupt," said Larry Ionescu, who owns 98 Chicago taxi medallions. As recently as April, Boston taxi medallions were selling for $700,000. The last sale, in October, was for $561,000. "Right now Uber has a strong presence here in Boston, and that's having a dramatic impact on the taxi industry and the medallion values," says Donna Blythe-Shaw, a spokeswoman for the Boston Taxi Drivers' Association. "We hear that there's a couple of medallion owners that have offered to sell at 425 and nobody's touched them."

The current structure of the American taxi industry began in New York City when "taxi medallions" were introduced in the 1930s. Taxis were extremely popular in the city, and the government realized they needed to make sure drivers weren't psychopaths luring victims into their cars. So, New York City required cabbies to apply for a taxi medallion license. Given the technology available in the 1930s, It was a reasonable solution to the taxi safety problem, and other cities soon followed suit. But their scarcity has made taxi medallions the best investment in America for years. Where they exist, taxi medallions have outperformed even the Standard & Poor's 500-stock index. In Chicago, their value has doubled since 2009. The medallion stakeholders are many and deep pockets run this market. The system in Chicago and elsewhere is dominated by large investors who rely on brokers to sell medallions, specialty banks to finance them and middle men to manage and lease them to drivers who own nothing at all. Together, they're fighting to protect an asset that was worth about $2.4 billion in Chicago last year. "The medallion owners seem to be of the opinion that they are entitled to indefinite appreciation of their asset," says Corey Owens, Uber's head of global public policy.. "The taxi medallion in the U.S. was the best investment you could have made in the last 30 years. Will it go up forever? No. And if they expected that it would, that was their mistake."

aarondubrow writes: As supercomputing becomes central to the work and progress of researchers in all fields, new kinds of computing resources and more inclusive modes of interaction are required. The National Science Foundation announced $16M in awards to support two new supercomputing acquisitions for the open science community. The systems — "Bridges" at the Pittsburgh Supercomputing Center and "Jetstream," co-located at the Indiana University Pervasive Technology Institute and The University of Texas at Austin's Texas Advanced Computing Center — respond to the needs of the scientific computing community for more high-end, large-scale computing resources while helping to create a more inclusive computing environment for science and engineering. Reader 1sockchuck adds this article about why funding for the development of supercomputers is more important than ever: America's high-performance computing (HPC) community faces funding challenges and growing competition from China and other countries. At last week's SC14 conference, leading researchers focused on outlining the societal benefits of their work, and how it touches the daily lives of Americans. "When we talk at these conferences, we tend to talk to ourselves," said Wilf Pinfold, director of research and advanced technology development at Intel Federal. "We don't do a good job communicating the importance of what we do to a broader community." Why the focus on messaging? Funding for American supercomputing has been driven by the U.S. government, which is in a transition with implications for HPC funding. As ComputerWorld notes, climate change skeptic Ted Cruz is rumored to be in line to chair a Senate committee that oversees NASA and the NSF.

Bennett Haselton writes: Social networking company Ello has converted itself to a Public Benefit Corporation, bound by a charter saying that they will not now, nor in the future, make money by running advertisements or selling user data. Ello had followed these policies from the outset, but skeptics worried that venture capitalist investors might pressure Ello to change those policies, so this binding commitment was meant to assuage those fears. But is the commitment really legally binding and enforceable down the road? Read on for the rest.

An anonymous reader writes: Verizon Wireless, the nation's largest wireless carrier, is now also a real-time data broker. According to a security researcher at Stanford, Big Red has been adding a unique identifier to web traffic. The purpose of the identifier is advertisement targeting, which is bad enough. But the design of the system also functions as a 'supercookie' for any website that a subscriber visits. "Any website can easily track a user, regardless of cookie blocking and other privacy protections. No relationship with Verizon is required. ...while Verizon offers privacy settings, they don’t prevent sending the X-UIDH header. All they do, seemingly, is prevent Verizon from selling information about a user." Just like they said they would.

concertina226 writes The U.K. branch of global defense firm General Dynamics is working on a futuristic state-of-the-art smart-tank to replace the British Army's aging armored vehicle fleet, to be delivered to the Ministry of Defense in 2020. The Scout SV armored vehicle is the first fully-digitized armored fighting vehicle to have been built for the British Army, and is far bigger and more durable than any of its existing tanks, which are now at least 20 years old. The tank comes in six variants that can be customized with a tools for different missions, and has numerous sensors, cameras, and sights to offer real-time intelligence on weather conditions, target acquisition, and reconnaissance — all crucial battlefield data required by commanders to access and direct situations. "With the capability in the Scout SV, we're really looking for the type of people who play Xbox games – tech-savvy people who are able to take in a lot of information and process it in the proper way," says Kevin Connell, the vice president for General Dynamic UK's Land Systems Regiment.

KentuckyFC writes: Machine learning algorithms use a training dataset to learn how to recognize features in images and use this 'knowledge' to spot the same features in new images. The computational complexity of this task is such that the time required to solve it increases in polynomial time with the number of images in the training set and the complexity of the "learned" feature. So it's no surprise that quantum computers ought to be able to rapidly speed up this process. Indeed, a group of theoretical physicists last year designed a quantum algorithm that solves this problem in logarithmic time rather than polynomial, a significant improvement.

Now, a Chinese team has successfully implemented this artificial intelligence algorithm on a working quantum computer, for the first time. The information processor is a standard nuclear magnetic resonance quantum computer capable of handling 4 qubits. The team trained it to recognize the difference between the characters '6' and '9' and then asked it to classify a set of handwritten 6s and 9s accordingly, which it did successfully. The team says this is the first time that this kind of artificial intelligence has ever been demonstrated on a quantum computer and opens the way to the more rapid processing of other big data sets — provided, of course, that physicists can build more powerful quantum computers.

Almost a year ago you had a chance to ask professor Kevin Fu about medical device security. A number of events (including the collapse of his house) conspired to delay the answering of those questions. Professor Fu has finally found respite from calamity, coincidentally at a time when the FDA has issued guidance on the security of medical devices. Below you'll find his answers to your old but not forgotten questions.

ckwu writes: Researchers have made the tiniest organic laser reported to date. The 8-micrometer-long, 440-nanometer-wide device, which looks like a suspended bridge riddled with holes, is carved into a silicon chip coated with an organic dye. Integrated into microprocessors, such tiny lasers could one day speed up computers by shuttling data using light rather than electrons. The new organic laser is optically pumped—that is, powered by pulses from another laser. But it has a very low threshold—the energy required to start lasing—of 4 microjoules per square centimeter. The low threshold brings the device closer to engineers' ultimate goal of creating an organic laser that can run on electric current, which would be key for on-chip use.

Advocatus Diaboli writes The U.S. government threatened to fine Yahoo $250,000 a day in 2008 if it failed to comply with a broad demand to hand over user data that the company believed was unconstitutional, according to court documents unsealed Thursday that illuminate how federal officials forced American tech companies to participate in the NSA's controversial PRISM program. The documents, roughly 1,500 pages worth, outline a secret and ultimately unsuccessful legal battle by Yahoo to resist the government's demands. The company's loss required Yahoo to become one of the first to begin providing information to PRISM, a program that gave the National Security Agency extensive access to records of online communications by users of Yahoo and other U.S.-based technology firms.