Slashdot Mirror

New submitter jack_babylon writes: On September 14th, Symantec's subsidiary certificate authority Thawte accidentally released a "small number" of " "inappropriately issued" security certificates, apparently intended for internal testing only. However, the fact that these were logged in the wild by Google (and, apparently, DigiCert) seems to indicate that they escaped the lab, at least far enough for a false google.com cert to raise the appropriate red flags. This sounds similar to the recent acts of poor judgement that got CNNIC's certs removed entirely from Firefox and Chrome, if more limited in scope and more quickly addressed (through, among other things, termination of some Symantec employees). (And like all reports one hopes go away quietly, these were released in the dead of a Friday night — h/t BoingBoing for noting this news.)

An anonymous reader writes: Over at the Escapist, games historian Jon Peterson (of Playing at the World) reviews a recently-unearthed copy of James Goldman's 1982 script for a Dungeons & Dragons movie. The synopsis sounds even worse than the Jeremy Irons Dungeons & Dragons film from 2000, if such a thing is possible. Given the resolution of recent legal problems paving the way for a new D&D cinematic universe, will we have better luck with the franchise today? How can you translate the interactive experience of D&D into a compelling movie?

An anonymous reader writes: Google is rolling out its digital payment system Android Pay in the U.S. today. The new system will allow users to make payments in stores using their phone. Existing users of the Google Wallet app can access Android Pay through an update. According to the blog post: "Android Pay works with all NFC-enabled Android devices (running KitKat 4.4+), on any mobile carrier, at every tap and pay ready location across the US. Android Pay will support credit and debit cards from the four major payment networks: American Express, Discover, MasterCard and Visa. These cards are issued by many of the most popular US banks and credit unions, including American Express, Bank of America, Discover, Navy Federal Credit Union, PNC, Regions Bank, USAA, and U.S. Bank. Wells Fargo will be available in the next few days, Capital One and Citi are coming soon, and we're adding new banks all the time."

esarjeant writes: For many Java developers, IntelliJ has been our predominant IDE. JetBrains is looking to make their tools easier easier to buy and use by switching to a subscription program. Their plan is to have people pay a monthly/yearly fee for access to the tools instead of upgrading when they're ready. Fortunately, if your subscription lapses it looks like you'll have 30 days to check all your stuff in. How does NetBeans look now? Many members of various developer communities are pushing back against this change: "For a developer with an unstable income, it might be perfectly fine to stay on an older version of the software until they've stashed enough cash to afford the upgrade. That will no longer work." JetBrains has acknowledged the feedback, and say they will act on it.

An anonymous reader writes: Yesterday, Google announced a logo change that many on Slashdot have probably already encountered. The logo, according to the technology supergiant, was updated to reflect the fact that people "interact with Google products across many different platforms, apps and devices—sometimes all in a single day." This differentiates from the past when people only used a desktop PC to access Google's services.

An anonymous reader writes: Google today launched Chrome 45 for Windows, Mac, Linux, and Android with some expected changes and new developer tools. First and foremost, Chrome now automatically pauses less important Flash content (rolling out gradually, so be patient). This has been a longtime coming from both Google and Adobe, with the goal to make Flash content more power-efficient in Chrome: In March, a setting was introduced to play less Flash content on the page, but it wasn't turned on by default, and in June, the option was enabled in the browser's beta channel. Now it's being turned on for everyone.

An anonymous reader writes: Google today launched Chrome 45 for Windows, Mac, Linux, and Android with some expected changes and new developer tools. First and foremost, Chrome now automatically pauses less important Flash content (rolling out gradually, so be patient). This has been a longtime coming from both Google and Adobe, with the goal to make Flash content more power-efficient in Chrome: In March, a setting was introduced to play less Flash content on the page, but it wasn't turned on by default, and in June, the option was enabled in the browser's beta channel. Now it's being turned on for everyone.

An anonymous reader writes that on Wednesday the Contiki team announced the release of Contiki 3.0, the latest version of the open source IoT operating system. The 3.0 release is a huge step up from the 2.x branch and brings support for new and exciting hardware, a set of new network protocols, a bunch of improvements in the low-power mesh networking protocols, along with a large number of general stability improvements. And, yes, the system still runs on the Commodore 64/128, Apple II, Atari.

lpress writes: Last quarter, Google made $16 billion on advertising and $1.7 billion on "other sales." I don't know how "other sales" breaks down, but a chunk of that is hardware devices like the Pixel Chromebook, Chromecast, Next thermostat, Nexus phone and, now, WiFi routers. Does the world need another $200 home router? Why would Google bother? I can think of a couple of strategic reasons — they hope it will become a home-automation hub (competing with the Amazon Echo) and it will enable them to dynamically configure and upgrade your home or small office network for improved performance (hence more ads).

An anonymous reader writes: Google has announced they're working with TP-LINK to build a new router they call OnHub. They say it's designed for the way we tend to use Wi-Fi in 2015, optimizing for streaming and sharing in a way that older routers don't. The router has a cylindrical design and comes with a simple, user-friendly mobile app. They say, "OnHub searches the airwaves and selects the best channel for the fastest connection. A unique antenna design and smart software keep working in the background, automatically adjusting OnHub to avoid interference and keep your network at peak performance. You can even prioritize a device, so that your most important activity — like streaming your favorite show — gets the fastest speed." The device will cost $200, it supports Bluetooth Smart Ready, Weave, and 802.15.4, and it will automatically apply firmware updates.

An anonymous reader writes: As they've done in the past, Google has revealed the name for the upcoming version of Android with a new statue in front of its headquarters. Android's sixth version will be called Marshmallow. Dave Burke, Android's VP of engineering, unveiled the statue on Twitter. Google has also released the Android 6.0 SDK and the final M preview.

lpress writes: Cuba has a second generation cellular network and Internet access is limited to about 5% of the population via work and school accounts and (mostly dial up) access in a few homes, so it was big news when they rolled out 35 public WiFi hotspots. Can they expand this public WiFi and skip 3G and 4G cell infrastructure until 5G equipment is available in about five years? By then, the US trade embargo will be gone, the Cuban economy will be improved and 5G and other wireless technologies will be available. Will they even need cell phone capability by then? The linked post has some interesting musings that apply to places other than Cuba, as well.

dkatana writes: The Cuban government is very active in reshaping the country's industry, not only focusing on leisure and cultural tourism. The biggest challenge, however, is the quality of Internet connections. Cuba's global ranking for Internet speed is 196 out of 200, averaging 1.6 Mbps, just ahead of Guinea, Gambia, Equatorial Guinea, and Niger. Another thing that Cuba lacks: free movement of currency, as reader lpress points out: Cuba has two paper currencies — the Peso and the Convertible Peso or CUC. CUCs are worth about $1 and Pesos, which are used for government salaries, are worth about $.04. But, what about Bitcoin? The first Cuban Bitcoin transaction is history. Will Bitcoin be used by Cubans and Americans to sell goods and services without the knowledge of their governments? Cuban offshore developers might be the first to use Bitcoin.

wiredmikey writes: Smartphone maker Samsung said on Wednesday that it soon will implement a new Android security update process that fast tracks mobile security patches over the air when security vulnerabilities are uncovered. The South Korea-based maker of popular Android smartphones said that it recently fast tracked security updates to its Galaxy devices in response to the recent Android "Stagefright" vulnerabilities uncovered late last month by security firm Zimperium. News of the initiative is great for Android users. For years, wireless carriers and phone manufacturers have been accused of putting profits over protection and dragging their feet on regular operating system updates, making Android users vulnerable to malware and other attacks. Nexus is also joining the monthly OTA update club.

theodp writes: While the CollegeBoard warned against drawing a causal link between learning computer science and improved learning in other subjects, Google has no such qualms. "CS is much more than computer programming and coding," writes the Google for Education blog in a post announcing a new gateway for Google's CS education opportunities. "It's a gateway to creativity and innovation not just in technology but in fields as diverse as music, sports, the arts, and health." Among the technology showcased at the gateway is Pencil Code, a programming tool for beginning coders that Google boasts is already helping kids attending the $43K-a-year Beaver Country Day School to brush up their Shakespeare by having students create interactive chatbots that play the part of characters like Lady Macbeth. "After completing this code I knew more and understood more of the play," begins one student's featured testimonial. "It allowed me to interpret Macbeth in a new way that I had never thought of before. I really enjoyed using Pencil Code because it made coding simpler for me and helped me try something new." Elsewhere on its CS gateway, Google laments that a new Google-Gallup Research Study shows that 'Blacks and low-income are less likely to have access' to such computer science opportunities.

Last month, French data protection agency CNIL ordered Google to comply with the European "right to be forgotten" order by delisting certain search results not just on the European versions of Google's search engine, but on all versions. Google has now publicly rejected that demand. CNIL has promised a response, and it's likely the case will go before local courts. Google says, This is a troubling development that risks serious chilling effects on the web. While the right to be forgotten may now be the law in Europe, it is not the law globally. Moreover, there are innumerable examples around the world where content that is declared illegal under the laws of one country, would be deemed legal in others: Thailand criminalizes some speech that is critical of its King, Turkey criminalizes some speech that is critical of Ataturk, and Russia outlaws some speech that is deemed to be "gay propaganda." If the CNIL's proposed approach were to be embraced as the standard for Internet regulation, we would find ourselves in a race to the bottom. In the end, the Internet would only be as free as the world's least free place.

An anonymous reader writes: After years of plugging Google+ into all of its services, today Google announced that your Google+ profile will no longer be your identity in all its products. The company says it will take a few months for all the changes to happen, but the first product to be uncoupled will be YouTube. Bradley Horowitz, Google's vice president of streams, photos, and sharing, says the changes are a response to user feedback: "We've also heard that it doesn't make sense for your Google+ profile to be your identity in all the other Google products you use."

An anonymous reader writes: After years of plugging Google+ into all of its services, today Google announced that your Google+ profile will no longer be your identity in all its products. The company says it will take a few months for all the changes to happen, but the first product to be uncoupled will be YouTube. Bradley Horowitz, Google's vice president of streams, photos, and sharing, says the changes are a response to user feedback: "We've also heard that it doesn't make sense for your Google+ profile to be your identity in all the other Google products you use."

An anonymous reader writes: A Google study of their own Google+ site and app found that 69% of visitors abandoned the page when presented with the app interstitial. Google said it was getting rid of them and asked others to do the same. TechCrunch reports: "It's worth noting that Google's study was small scale, since the company was only looking at how an interstitial promoting the Google+ social service native app performed (and we don't know how many people it surveyed). It may very well be the case that visitors really didn't want the Google+ app specifically — and that Google+ itself is skewing the data. (Sadly Google is not offering comparative stats with, say, the Gmail app interstitial, so we can but speculate.)"

An anonymous reader writes: Google has launched Chrome 44 for Windows, Mac, and Linux with new developer tools. Aside from a host of security fixes, this release focuses mainly on developer features. The API for push notifications was updated to match the specification, a new implementation of multi-column layout was added, and they've extended support for Unicode escapes in strings. The full changelog notes a number of performance improvements as well.

Mark Wilson writes: Spam is a problem that is not going away for anyone who receives email — and who doesn't? Over the years Google has taken steps to try to reduce the amount of junk that reaches Gmail inboxes and today the company is taking things a step further with Gmail Postmaster Tools and enhanced filter training for Gmail. Part of the problem with spam — aside from the sheer volume of it — is that the detection of it is something of an art rather than a science. It is all too easy for legitimate email to get consigned to the junk folder, and this is what Gmail Postmaster Tools aims to help with. Rather than helping recipients banish spam, it helps senders ensure that their messages are delivered to inboxes rather than filtered out.

lpress writes: Two Cuban universities have fiber links and fiber connections will be available to all Cuban universities in January 2016. One of the currently connected universities is in the west, near Havana (satellite ground station) and one in the east, near the undersea cable landing. Cuba will use Chinese equipment for DSL to the home and Wifi access points.

lpress writes: Two Cuban universities have fiber links and fiber connections will be available to all Cuban universities in January 2016. One of the currently connected universities is in the west, near Havana (satellite ground station) and one in the east, near the undersea cable landing. Cuba will use Chinese equipment for DSL to the home and Wifi access points.

lpress writes: Two Cuban universities have fiber links and fiber connections will be available to all Cuban universities in January 2016. One of the currently connected universities is in the west, near Havana (satellite ground station) and one in the east, near the undersea cable landing. Cuba will use Chinese equipment for DSL to the home and Wifi access points.

theodp writes: At the behest of Google, Carnegie Mellon University will largely replace formal lectures in a popular introductory Data Structures and Algorithms course this fall with videos and a social networking tool to accommodate more students. The idea behind the multi-year research project sponsored by Google — CMU will receive $200,000 in the project's first year — is to find a way to leverage existing faculty to meet a growing demand for computer science courses, while also expanding the opportunities for underrepresented minorities, high school students and community college students, explained Jacobo Carrasquel, associate teaching professor of CS. "As we teach a wider diversity of students, with different backgrounds, we can no longer teach to 'the middle,'" Carrasquel said. "When you do that, you're not aiming at the 20 percent of the top students or the 20 percent at the bottom." The move to a "teacherless classroom" for CS students at CMU [tuition $48K] comes on the heels of another Google CS Capacity Award-inspired move at Stanford [tuition $45K], where Pair Programming was adopted in a popular introductory CS class to "reduce the increasingly demanding workload for section leaders due to high enrollment and also help students to develop important collaboration skills."

jones_supa writes: Since 2009, Google has been beta testing a feature in Gmail called "Undo Send." It allows you to delay emails up to 30 seconds from when you press the "Send" button so you can take them back if you immediately decide it was a bad idea to press the send button. Google announced in a blog post that Undo Send is becoming an official feature. For users who already had the Undo Send beta enabled, the feature will remain on, and those who didn't can turn it on via the General tab under Settings. Users can choose if they want to hold their mail for 5, 10, 20 or 30 seconds.

lpress writes: OneWeb has announced that Airbus will manufacture their Internet-connectivity satellites and told us more about their plans and progress. Both OneWeb and their competitor SpaceX have the same goal — global Internet connectivity and backhaul using satellite constellations, but their technologies and organizational strategies are different. SpaceX will use many more satellites than OneWeb, but they will be smaller, shorter-lived, cheaper and orbit at a lower altitude. They are also keeping more of the effort in-house. This is competitive capitalism at its best — let's hope both succeed.

arctother writes: UberDRIVE—Uber's simulation/video game/recruiting tool—is, at best, just a poor copy of a much more interesting video game – driving for Uber. The main innovation of Uber, and other smartphone-enabled "e-hailing" car services, is the insertion of a new interface into the human-to-human, on-the-street interactions between drivers and passengers. Uber attempts to transform the cab-driving and -riding experience through the deployment of an allegorithm: the productive joining of a framing narrative (or "allegory") and software-mediated control (or "algorithm"). Understanding how allegorithms shape experience will become more and more important as they are increasingly deployed with mobile interfaces to reshape and "augment" social interactions. "Ingress," you are already thinking; but you should really think of "Uber."

An anonymous reader writes: Today Google announced a major new rival to Twitch.tv: YouTube Gaming. In addition to providing structure for the gaming content YouTube already serves (like walkthroughs, reviews, "Let's Plays," speed runs, etc), it'll also be a livestreaming hub for those who like broadcasting their games or watching other people play. Each video game will have its own dedicated page, and users will be able to add games to their "collection" to see other users's videos relating to those games. YouTube Gaming will have its own dedicated app, as well as being a part of the YouTube website. Google is also touting a recommendation engine that will help gamers find more content to watch.

lpress writes: The formation of the Unión de Informáticos de Cuba (UIC) was announced at a Havana conference and a 7,500 person teleconference (no mean feat in Cuba). My first reaction was "cool — like a Cuban ACM," but there are significant differences between ACM and UIC. For example, one must apply to the Ministry of Communication to be accepted into the UIC and the application form asks about membership in political organizations like the Communist Party or Young Communists League along with technical qualifications. A CS degree is required (sorry Bill Gates). UIC members must be Cuban, while ACM has chapters in 57 nations. ACM has student chapters, but they are less needed in Cuba, which has over 600 youth computer clubs where kids take classes and play games and promising students are tracked and channeled into technical schools.

An anonymous reader writes: Google today detailed a very interesting initiative in partnership with Adobe: The two have been working to make Flash content more power-efficient in Chrome. Available now in the browser's beta channel, Chrome will use less power by simply choosing to play less Flash content on the page. Here's how the feature works: Chrome beta will automatically pause Flash content that isn't "central to the webpage" while keeping central content playing without interruption. The company offers an obvious example: Animations on the side will be paused while the video you're trying to watch will be unaffected.

lpress writes: Elon Musk's SpaceX and Greg Wyler's OneWeb both hope to provide global Internet access using constellations of low-Earth orbit satellites. Neither company plans to be in operation for several years, but Musk's SpaceX is ready to test two satellites. They have applied for permission to launch two satellites that will orbit at 625 km. Time reports: "The application describes two satellites, the first of up to eight trial satellites that are each expected to last up to 12 months. The satellites will likely be built using the $1 billion that SpaceX raised mostly from Google earlier this year. For these first tests, the launch location will likely be Vandenberg Air Force Base on the California coast rather than Cape Canaveral in Florida, according to the orbital parameters in the application."

jfruh writes: Much of the history of computing products and services involves getting people desperate for better performance and faster results to pay a premium to get what they want. But Google has a new beta service that's going in the other direction — offering cheap cloud computing services for customers who don't mind waiting. Jobs like data analytics, genomics, and simulation and modeling can require lots of computational power, but they can run periodically, can be interrupted, and can even keep going if one or more nodes they're using goes offline.

fulldecent writes: Popular photo printing website Artisan State, which specializes in bound photo books mostly for weddings or other events, unintentionally makes all its uploaded user photos available publicly for download. This case study shows how their photos are able to be downloaded and discusses the things vendors should think about when considering security of seemingly private user content. The case study also discusses how this flaw was reported to the vendor, but unfortunately never fixed. This follows other articles on Slashdot discussing security disclosure. How do you report vulnerabilities to vendors? Do you support publishing them if they are not fixed in a reasonable time?

HughPickens.com writes: Google has announced Password Alert, a free, open-source Chrome extension that protects your Google Accounts from phishing attacks. Once you've installed it, Password Alert will show a warning if you type your Google password into a site that isn't a Google sign-in page. This protects you from phishing attacks and also encourages you to use different passwords for different sites, a security best practice. Once you've installed and initialized Password Alert, Chrome will remember a "scrambled" version of your Google Account password. It only remembers this information for security purposes and doesn't share it with anyone. If you type your password into a site that isn't a Google sign-in page, an alert will tell you that you're at risk of being phished so you can update your password and protect yourself.

An anonymous reader writes: Google has announced an experimental marketplace called the Patent Purchase Promotion, which aims to keep patents out of the hands of patent trolls. From the announcement: "By simplifying the process and having a concentrated submission window, we can focus our efforts into quickly evaluating patent assets and getting responses back to potential sellers quickly. Hopefully this will translate into better experiences for sellers, and remove the complications of working with entities such as patent trolls."

An anonymous reader writes: Google today launched Chrome 42 for Windows, Mac, and Linux with new developer tools. Chrome 42 offers two new APIs (Push API and Notifications API) that together allow sites to send notifications to their users even after the given page is closed. While this can be quite an intrusive feature for a browser, Google promises the users have to first grant explicit permission before they receive such a message.

New submitter arctother writes: Taxicab Subjects has posted a response to a Morgan Stanley analyst's recent take on how driverless cars will shape society in the future. From the article: [R]eally, 'autonomy' is still not the right word for it. Just as the old-fashioned 'automobile' was never truly 'auto-mobile,' but relied, not only on human drivers, but an entire concrete infrastructure built into cities and smeared across the countryside, so the interconnected 'autonomous vehicles' of the future will be even more dependent on the interconnected systems of which they are part. To see this as 'autonomy' is to miss the deeper reality, which will be control. Which is why the important movement reflected in the chart's up-down continuum is not away from 'Human Drivers' to 'Autonomous' cars, but from a relatively decentralized system (which relies on large numbers of people knowing how to drive) to an increasingly centralized system (relying on the knowledge of a small number of people)."

HughPickens.com writes Randy Olsen has a interesting article where he explores a data set of over 650,000 chess tournament games ranging back to the 15th century and looks at how chess has changed over time. His findings include:

Chess games are getting longer. Chess games have been getting steadily longer since 1970, increasing from 75 ply (37 moves) per game in 1970 to a whopping 85 ply (42 moves) per game in 2014. "This trend could possibly be telling us that defensive play is becoming more common in chess nowaday," writes Olsen. "Even the world's current best chess player, Magnus Carlsen, was forced to adopt a more defensive play style (instead of his traditional aggressive style) to compete with the world's elite."

The first-move advantage has always existed. White consistently wins 56% and Black only 44% of the games every year between 1850 and 2014 and the first-move advantage becomes more pronounced the more skilled the chess players are. "Despite 150+ years of revolutions and refinement of chess, the first-move advantage has effectively remained untouched. The only way around it is to make sure that competitors play an even number of games as White and Black."

Draws are much more common nowadays. Only 1 in 10 games ended in a draw in 1850, whereas 1 in 3 games ended in a draw in 2013. "Since the early 20th century, chess experts have feared that the over-analysis of chess will lead "draw death," where experts will become so skilled at chess that it will be impossible to decisively win a game any more." Interestingly chess prodigy and world champion Jose Raul Capablanca said in the 1920's that he believed chess would be exhausted in the near future and that games between masters would always end in draws. Capablanca proposed a more complex variant of chess to help prevent "draw death," but it never really seemed to catch on.

darthcamaro writes: Barely a week ago, Mozilla released Firefox 37, which had a key new feature called opportunistic encryption. The basic idea is that it will do some baseline encryption for data that would have otherwise been sent by a user via clear text. Unfortunately, Mozilla has already issued Firefox 37.0.1, which removes opportunistic encryption. A security vulnerability was reported in the underlying Alternative Services capability that helps to enable opportunistic encryption. "If an Alt-Svc header is specified in the HTTP/2 response, SSL certificate verification can be bypassed for the specified alternate server. As a result of this, warnings of invalid SSL certificates will not be displayed and an attacker could potentially impersonate another site through a man-in-the-middle, replacing the original certificate with their own." They plan to re-enable opportunistic encryption when this issue is investigated and fixed.

An anonymous reader writes: The YouTube engineering blog announced that they've begun encoding videos with Google's open VP9 codec. Their goal is to use the efficiency of VP9 to bring better quality video to people in low-bandwidth areas, and to spur uptake of 4K video in more developed areas. "[I]f your Internet connection used to only play up to 480p without buffering on YouTube, it can now play silky smooth 720p with VP9."

fsterman writes: Since the Snowden revelations, end-to-end web encryption has become trendy. There are browser add-ons that bolt a PGP client onto webmail and both Yahoo and Google are planning to support PGP directly. They attempt to prevent UI spoofing with icons similar to the site-authentication banks use to combat phishing.

The problem is that a decade of research shows that users habituate to these icons and come to ignore them. An attacker can pull off UI spoofing with a 90%+ success rate.

An anonymous reader writes: Today Google unveiled a new device: the Chromebit. It's a small compute stick that contains the Rockchip 3288 processor, 2GB RAM, and 16GB of storage — much like a low-end Chromebook. It connects to a TV or monitor through an HDMI port. (It also has a USB port for power and plugging in peripherals.) Google says the Chromebit is their solution for turning any display into a computer, and it will cost under $100. Google also announced a couple of new Chromebooks as well. Haier and Hisense models will cost $150, and an ASUS model with a rotating display will cost $250.

Today Mozilla began rolling out Firefox version 37.0 to release channel users. This update mostly focuses on behind-the-scenes changes. Security improvements include opportunistic encryption where servers support it and improved protection against site impersonation. They also disabled insecure TLS version fallback and added a security panel within the developer tools. One of the things end users will see is the Heartbeat feedback collection system. It will pop up a small rating widget to a random selection of users every day. After a user rates Firefox, an "engagement" page may open in the background, with links to social media pages and a donation page. Here are the release notes and full changelist.

Trailrunner7 writes: Google security engineers, investigating fraudulent certificates issued for several of the company's domains, discovered that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the unauthorized Google certificates, and could have issued certificates for virtually any domain. Google's engineers were able to block the fraudulent certificates in the company's Chrome browser by pushing an update to the CRLset, which tracks revoked certificates. The company also alerted other browser vendors to the problem, which was discovered on March 20. Google contacted officials at CNNIC, the Chinese registrar who authorized the intermediate CA, and the officials said that they were working with MCS to issue certificates for domains that it registered. But, instead of simply doing that, and storing the private key for the registrar in a hardware security module, MCS put the key in a proxy device designed to intercept secure traffic.

Meet Justin Whitehead. While a lot of his contemporaries were going to college, he became an Airborne soldier. After that he went to college, became an IT technian, got some experience as a Computer Forensic Analyst, and met people who looked like they were having a good time as penetration testers. So he took some recommended classes,got hired by One World Labs, and last week at B-Sides Austin, he and coworker Antonio Herraiz gave a talk titled 'Spanking the monkey/How pen testers can do it better.

Justin is 40, an age where a lot of people in the IT game worry about being over the hill and unemployable. But Justin's little video talk should give you hope -- whether you're a mature college student, have a stalled IT career or are thinking about a career change but want to keep working with computers and IT in general. It seems that there are decent IT-related jobs out there even if you're not a youngster; and even if you didn't start working with computers until you were in your 20s or 30s.

An anonymous reader writes GitHub has officially won. Google has announced that Google Code project creation has been disabled today, with the ultimate plan to kill off the service next year. On August 24, 2015, the project hosting service will be set to read-only. This means you will still be able to checkout/view project source, issues, and wikis, but nobody will be able to make changes or new commits. On January 25, 2016, Google Code will be shut down. Google says you will be able to download tarballs of project source, issues, and wikis "throughout the rest of 2016." After that, Google Code will be gone for good.

SpzToid writes Google is offering a new kind of data storage service – and revealing its cloud computing strategy against Amazon Web Services and Microsoft Azure. The company said on Wednesday that it would offer a service called Nearline, for non-essential data. Like an AWS product called Glacier, this storage costs just a penny a month per gigabyte. Microsoft's cheapest listed online storage is about 2.4 cents a gigabyte. While Glacier storage has a retrieval time of several hours, Google said Nearline data will be available in about three seconds. From the announcement: "Today, we're excited to introduce Google Cloud Storage Nearline, a simple, low-cost, fast-response storage service with quick data backup, retrieval and access. Many of you operate a tiered data storage and archival process, in which data moves from expensive online storage to offline cold storage. We know the value of having access to all of your data on demand, so Nearline enables you to easily backup and store limitless amounts of data at a very low cost and access it at any time in a matter of seconds."

New submitter netelder sends this excerpt from the Project Zero blog: 'Rowhammer' is a problem with some recent DRAM devices in which repeatedly accessing a row of memory can cause bit flips in adjacent rows. We tested a selection of laptops and found that a subset of them exhibited the problem. We built two working privilege escalation exploits that use this effect. One exploit uses rowhammer-induced bit flips to gain kernel privileges on x86-64 Linux when run as an unprivileged userland process. When run on a machine vulnerable to the rowhammer problem, the process was able to induce bit flips in page table entries (PTEs). It was able to use this to gain write access to its own page table, and hence gain read-write access (PDF) to all of physical memory.

An anonymous reader writes: Google has officially announced Android Lollipop 5.1. This is a small update to the mobile operating system, and focuses on stability and performance. The main new features include support for multiple SIM cards, high definition voice calls on supported devices, and the ability to join Wi-Fi networks and manage Bluetooth pairings through Quick Settings. The biggest new feature is "Device Protection." They say, "With Device Protection, your lost or stolen device will remain locked until you sign in with your Google account — even if someone resets your device to factory settings. This feature will be available on most Android phones and tablets shipped with Android 5.1 in addition to Nexus 6 and Nexus 9."