Slashdot Mirror

New submitter tresf writes: In response to a Google+ post from the Gimp project claiming that "[Sourceforge] is now distributing an ads-enabled installer of GIMP," Sourceforge had this response: "In cases where a project is no longer actively being maintained, SourceForge has in some cases established a mirror of releases that are hosted elsewhere. This was done for GIMP-Win.

Submitter's note: Gimp is actively being maintained and the definition of "mirror" is quite misleading here as a modified binary is no longer a verbatim copy. Download statistics for Gimp on Windows show SourceForge as offering over 1,000 downloads per day of the Gimp software.

In an official response to this incident, the official Gimp project team reminds users to use official download methods. Slashdotters may remember the last time news like this surfaced (2013) when the Gimp team decided to move downloads from SourceForge to their own FTP service. "Therefore, we remind you again that GIMP only provides builds for Windows via its official Downloads page." Note: SourceForge and Slashdot share a corporate parent. Editor's note: I just got back from a busy weekend to see that a bunch of people are freaking out that we're "burying" this story, so here it is. Go hog wild. Sorry it took so long. (And for future reference, user submissions are easily found in the firehose, listed in the order they appear, newest first.)

Update: 06/01 22:37 GMT by T : The SourceForge blog has a welcome update; SourceForge, it says, has effective today "stopped presenting third party offers for unmaintained SourceForge projects. ... At this time, we present third party offers only with a few projects where it is explicitly approved by the project developer, or if the project is already bundling third party offers."

Ars Technica has a look at the experimental multi-window mode in the just-announced Android M. It's not a headlining feature yet: "buggy, busted, and buried, but intriguing nonetheless" is how Ars describes it. Android Police is similarly faint in its praise. All that might be true, but to many users even a partly working multi-window mode would be welcome, especially one blessed by Google. (Some Samsung users have had multi-window support for a while, but not built into the OS proper, and multi-window capabilities can be found via app, too.)

LuserOnFire writes: Google has sent out an email this morning that says in part: "Starting on June 27th, 2015, SMS notifications from Google Calendar will no longer be sent. SMS notifications launched before smartphones were available. Now, in a world with smartphones and notifications, you can get richer, more reliable experience on your mobile device, even offline." You can find the announcement on Google's support pages as well. "Richer" may be accurate, but I'm not sure that "more reliable" describes web-based notifications; that may be why the announcement linked does not apply for Google's "Work, Education and Government customers."

An anonymous reader writes with a report that Google yesterday announced at its I/O conference a photo-storage site known as Google Photos. Says the article: The new service is completely separate from Google+, something Google users have been requesting for eons. Google is declaring that Google Photos lets you backup and store "unlimited, high-quality photos and videos, for free." It's a bit creepy to see all the photos that Google still has on tap, including many that I've since deleted on my phone.

An anonymous reader writes: A judicial court in Italy has ordered the UberPop app to cease offering its services [original source, in Italian], as it constitutes "unfair competition" again the taxi sector (taxi licenses in Italy are numbered, each can cost more than $100k to obtain). This sentence should be valid at the national level and comes after an injunction from taxi drivers in Milan, where a Universal Exhibition is incidentally bringing in thousands visitors from all over the world on a daily basis. Sources mention a judicial request to "block" the app, though no one is sure how this sentence has to be enforced and what the fines would be in case of violations.

An anonymous reader writes: Senior researcher Scott Lester at Context Information Security has shown how someone can easily monitor and record Bluetooth Low Energy signals transmitted by many mobile phones, fitness monitors, and iBeacons. The findings have raised concerns about the privacy and confidentiality wearable devices may provide. “Many people wearing fitness devices don’t realize that they are broadcasting constantly and that these broadcasts can often be attributed to a unique device,” said Scott says. “Using cheap hardware or a smartphone, it could be possible to identify and locate a particular device – that may belong to a celebrity, politician or senior business executive – within 100 meters in the open air. This information could be used for social engineering as part of a planned cyber attack or for physical crime by knowing peoples’ movements.” The researchers have even developed an Android app that scans, detects and logs wearable devices.

theodp writes: Explaining the reasons for its less-than-diverse tech workforce, Google fingered bad parenting for its lack of women techies. From the interview with Google Director of Diversity and Inclusion Nancy Lee: "Q. What explains the drop [since 1984] in women studying computer science? A. We commissioned original research that revealed it's primarily parents' encouragement, and perception and access. Parents don't see their young girls as wanting to pursue computer science and don't steer them in that direction. There's this perception that coding and computer science is ... a 'brogrammer' culture for boys, for games, for competition. There hasn't been enough emphasis on the power computing has in achieving social impact. That's what girls are interested in. They want to do things that matter." While scant on details, the Google study's charts appear to show that, overall, fathers encourage young women to study CS more than mothers. Google feels that reeducation is necessary. "Outreach programs," advises Google, "should include a parent education component, so that parents learn how to actively encourage their daughters."

theodp writes: Explaining the reasons for its less-than-diverse tech workforce, Google fingered bad parenting for its lack of women techies. From the interview with Google Director of Diversity and Inclusion Nancy Lee: "Q. What explains the drop [since 1984] in women studying computer science? A. We commissioned original research that revealed it's primarily parents' encouragement, and perception and access. Parents don't see their young girls as wanting to pursue computer science and don't steer them in that direction. There's this perception that coding and computer science is ... a 'brogrammer' culture for boys, for games, for competition. There hasn't been enough emphasis on the power computing has in achieving social impact. That's what girls are interested in. They want to do things that matter." While scant on details, the Google study's charts appear to show that, overall, fathers encourage young women to study CS more than mothers. Google feels that reeducation is necessary. "Outreach programs," advises Google, "should include a parent education component, so that parents learn how to actively encourage their daughters."

theodp writes: Explaining the reasons for its less-than-diverse tech workforce, Google fingered bad parenting for its lack of women techies. From the interview with Google Director of Diversity and Inclusion Nancy Lee: "Q. What explains the drop [since 1984] in women studying computer science? A. We commissioned original research that revealed it's primarily parents' encouragement, and perception and access. Parents don't see their young girls as wanting to pursue computer science and don't steer them in that direction. There's this perception that coding and computer science is ... a 'brogrammer' culture for boys, for games, for competition. There hasn't been enough emphasis on the power computing has in achieving social impact. That's what girls are interested in. They want to do things that matter." While scant on details, the Google study's charts appear to show that, overall, fathers encourage young women to study CS more than mothers. Google feels that reeducation is necessary. "Outreach programs," advises Google, "should include a parent education component, so that parents learn how to actively encourage their daughters."

theodp writes: Their intentions are no doubt good, but some will be troubled by Google and Khan Academy's recently-concluded LearnStorm initiative, which pitted kids-against-kids, schools-against-schools, and cities-against-cities in a 3-month learning challenge for prizes based not only on students' mastery of math skills on Khan Academy, but also their perceived 'hustle' (aka 'grit'). "Points are earned by mastering math skills and also for taking on challenging new concepts and persevering," explained a Khan Academy FAQ. A blog entry further explained, "They've earned points and prizes not only for mastering math skills but also for showing 'hustle,' a metric we created to measure grit, perseverance, and growth. They competed over 200,000 hours of learning and 13.6 million standards-aligned math problems. In addition, thanks to the generosity of Google.org, DonorsChoose.org, and Comcast's Internet Essentials, 34 underserved schools unlocked new devices for their classrooms and free home internet service for eligible families, increasing student access to online learning tools like Khan Academy." Apparently funded by a $2 million Google grant, the Google, Khan Academy, and DonorsChoose grit-based classroom funding comes on the heels of the same organizations' gender-based classroom funding initiative. Supported by some of the world's wealthiest individuals and corporations, Khan Academy's Board members include a Google Board member (Diane Green), spouse of a Google Board member (Ann Doerr), and the Managing Partner of Bill Gates' bgC3 (Larry Cohen); former Board members include Google Executive Chairman Eric Schmidt.

An anonymous reader writes: A software glitch caused the crash of an Airbus A400M military transport aircraft, claims German newspaper Der Spiegel (Google translation). The accident, which happened in Seville on the vehicle's first production test flight on 9 May, killed four crew members. Airbus is investigating the system controlling the aircraft's engines. The early suspicions are that it was an installation problem, rather than a design problem.

benrothke writes: The infinite monkey theorem states that a monkey hitting random typewriter keys for an infinite amount of time will eventually be able to create the complete works of Shakespeare. Various scientists such as Nobel laureate Arno Penzias have shown how the theorem is mathematically impossible. Using that metaphor, if you took every member of United States Congress and House of Representatives and wrote their collected wisdom on Iraq, it's unlikely they could equal the astuteness of even a single chapter of author Malcolm W. Nance in The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014. It's Nance's overwhelming real-world experiential knowledge of the subject, language, culture, tribal affiliations and more which make this the overwhelming definitive book on the subject. Read below for the rest of Ben's review. The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014, 2nd Edition author Malcolm W. Nance pages 404 publisher CRC Press rating 10/10 reviewer Ben Rothke ISBN 978-1498706896 summary Definitive text on the Iraq War written by one of the few Americans who truly understand the issue Nance is a career intelligence officer, combat veteran, author, scholar and media commentator on international terrorism, intelligence, insurgency and torture. In 2014 he became the executive director of the counter-ideology think tank the Terror Asymmetrics Project on Strategy, Tactics and Radical Ideologies (TAPSTRI).

While it's debatable if most members of Congress could elucidate the difference between the Sunnis and Shiites; Nance knows all of the players in depth. He understands and describes who there are, what they are and how their methods work. His unique analysis provides an in-depth understanding of who these groups are and what they are fighting about.

The book details how the many terror groups formed to create the Iraqi insurgency that led to the rise of the Islamic State of Iraq and Syria (ISIS). Nance places the blame on the Bush administrations 2003 invasion of Iraq that lead to the destabilization of the country. While the war was based on faulty evidence, the insurgency was created by myriad mistakes, misperceptions and miscalculations by L. Paul Bremer, who lead the occupational authority of Iraq during the war.

A common theme Nance makes throughout the book is that the US ignored history and didn't learn the lessons of the Iraqi revolt against the British in 1920 or the events of the Vietnam War. Those lessons being that insurgents and foreign terrorist operations were much more effective despite the enormous manpower and firepower that the U.S. troops brought to bear in Iraq.

Nance details how much of the coalition's strategy was based on wishful thinking. He writes that Washington never had a realistic plan for post-war Iraq. Only Saddam Hussein, Abu Musab al-Zarqawi and the ex-Ba'athists has a definitive strategy for what to do in post-war Iraq. Unlike the Americans, they mobilized the right resources and persons for the job, with devastating and horrifying effects.

The book writes of the utterly depravity and evil nature of Saddam Hussein and his sons Uday and Qusay. Following the first Gulf War. Qusay revealed a brutality to match both his father's and brother's. The Hussein family was responsible for the death and torture of hundreds of thousands of innocent Iraq's and others.

The insurgency was and is made up of countless different groups. Some of these groups number under a hundred members, others in the tens of thousands. Nance details who these groups are, their makeup and leadership structure and what they hope to achieve.

Nance quotes Donald Rumsfeld and General Tommy Franks who described the insurgency as dead-enders; namely small groups dedicated to Hussein, and not large military formations or networks of attackers. Yet the reality was that Hussein started creating the insurgency in the months before the invasion. Rather than being a bunch of dead-enders, the insurgency was a group that was highly organized, heavily armed, with near unlimited funds based on looting hundreds of millions of dollars.

From a reporting perspective, the book details how the U.S. government made the same mistakes in Iraq as it did in Iran. Underreporting U.S. casualties, over reporting enemy losses, and obfuscating how terrible the situation on the ground was.

The term IED (improvised explosive device) became part of the vernacular during the Iraq War. The book details how the insurgency used the many different types of IED's (including human-based IED) at specific times and places for their political and propaganda goals.

Nance writes that the biggest gift the U.S. gave to Osama bin Laden was to invade Iraq. The invasion provided him with an opportunity for inspirational jihad. bin Laden envisioned a holy war with heroic men fights against desperate odds in the heart of historic Islam, just like the first battles of the Prophet Mohammed.

Nance spends a few chapters dealing with ISIS and how it came to be. There are multiple iterations of the group, which developed as the Iraq mess evolved.

The book closes with a disheartening overview of the current state. Nance writes that the Middle East is in far more danger from destabilizing collapse of states due to the effects of the American invasion today than it has ever been.

As ISIS is currently the dominant force in Iraq; Nance states that he fears ISIS will have no intention of going back to being a small insurgent group. It will attempt to consolidate captured terrain. It will offer the Sunni a chance to rule under it at the technocrat level, but that is when the pogroms will start.

In the end, Nance writes, the Islamic caliphate will attempt and fail at creating a popular Iraqi-Syrian nation out of stolen governorates. But unless confronted quickly and forcefully, it may become an isolated jihadistan from which no end of terror will spawn.

For those that want to truly understand the Iraq conflict, Nancy is eminently qualified and this book is uniquely superb. There is no better book than The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014 on the subject.

Reviewed by Ben Rothke.

You can purchase The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014, 2nd Edition from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

An anonymous reader writes with this excerpt from VentureBeat: Mozilla today launched Firefox 38 for Windows, Mac, Linux, and Android. Notable additions to the browser include Digital Rights Management (DRM) tech for playing protected content in the HTML5 video tag on Windows, Ruby annotation support, and improved user interfaces on Android. Firefox 38 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Note that there is a separate download for Firefox 38 without the DRM support. Our anonymous reader adds links to the release notes for desktop and Android.

Errorcod3 writes: Google has temporarily shut down Map Maker while it works on a way to stop people from inserting pranks into its maps. A statement from Google explains that the service isn't going away, just shutting down while a new moderation system is worked on. "Given the current state of the system, we have come to the conclusion that it is not fair to any of our users to let them continue to spend time editing. Every edit you make is essentially going to a backlog that is growing very fast," Google's Pavithra Kanakarajan wrote. "We believe that it is more fair to only say that if we do not have the capacity to review edits at roughly the rate they come in, we have to take a pause. We have hence decided to temporarily disable editing across all countries starting Tuesday, May 12, 2015, till we have our moderation system back in action."

Nate the greatest writes: Most ebook pirates simply upload ebooks to one of many pirate sites, but the entrepreneurial ones have opened storefronts in Google Play Books. They invent an author's name, and then upload dozens if not hundreds of pirated ebooks under that name, The names can range from Devad Akbak to Ispanyolca, but the really clever pirates choose a legit sounding name like Bestsellers — Books USA Press or Fort Press and then start selling ebooks.

Thanks to Google's indifference, the pirates can continue to sell ebooks no matter how many times copyright holders might complain. If Google takes a pirated ebook down in response to a DMCA notice, the pirates simply upload another copy of the same title.

Nate the greatest writes: Most ebook pirates simply upload ebooks to one of many pirate sites, but the entrepreneurial ones have opened storefronts in Google Play Books. They invent an author's name, and then upload dozens if not hundreds of pirated ebooks under that name, The names can range from Devad Akbak to Ispanyolca, but the really clever pirates choose a legit sounding name like Bestsellers — Books USA Press or Fort Press and then start selling ebooks.

Thanks to Google's indifference, the pirates can continue to sell ebooks no matter how many times copyright holders might complain. If Google takes a pirated ebook down in response to a DMCA notice, the pirates simply upload another copy of the same title.

Nate the greatest writes: Most ebook pirates simply upload ebooks to one of many pirate sites, but the entrepreneurial ones have opened storefronts in Google Play Books. They invent an author's name, and then upload dozens if not hundreds of pirated ebooks under that name, The names can range from Devad Akbak to Ispanyolca, but the really clever pirates choose a legit sounding name like Bestsellers — Books USA Press or Fort Press and then start selling ebooks.

Thanks to Google's indifference, the pirates can continue to sell ebooks no matter how many times copyright holders might complain. If Google takes a pirated ebook down in response to a DMCA notice, the pirates simply upload another copy of the same title.

Nate the greatest writes: Most ebook pirates simply upload ebooks to one of many pirate sites, but the entrepreneurial ones have opened storefronts in Google Play Books. They invent an author's name, and then upload dozens if not hundreds of pirated ebooks under that name, The names can range from Devad Akbak to Ispanyolca, but the really clever pirates choose a legit sounding name like Bestsellers — Books USA Press or Fort Press and then start selling ebooks.

Thanks to Google's indifference, the pirates can continue to sell ebooks no matter how many times copyright holders might complain. If Google takes a pirated ebook down in response to a DMCA notice, the pirates simply upload another copy of the same title.

An anonymous reader writes: A new report from Google has found that more than 5% of unique daily IP addresses accessing Google — tens of millions — are interrupted by ad-injection techniques, and that Superfish, responsible for a major controversy with Lenovo in February is the leading adware behind what is clearly now an industry. Amongst the report's recommendations to address the problem is the suggestion that browser makers "harden their environments against side-loading extensions or modifying the browser environment without user consent." Some of the most popular extensions for Chrome and Firefox, including ad-blockers, depend on this functionality.

qubezz writes: Security researcher Phar (Mike Davis/IOActive) gave his 30 days of disclosure notice to Cyberlock (apparently a company that makes electronic lock cylinders) that he would release a public advisory on vulnerabilities he found with the company's security devices. On day 29, their lawyers responded with a request to refrain, feigning ignorance of the previous notice, and invoking mention of the DMCA (this is not actually a DMCA takedown notice, as the law firm is attempting to suppress initial disclosure through legal wrangling). Mike's blog states: "The previous DMCA threats are from a company called Cyberlock, I had planned to do a fun little blog post (cause i ... hate blog posts) on the fun of how I obtained one, extracted the firmware bypassing the code protection and figured out its "encryption" and did various other fun things a lock shouldn't do for what its marketed as.. But before I could write that post I needed to let them know what issues we have deemed weaknesses in their gear.. the below axe grinderery is the results. (sic)" What should researchers do when companies make baseless legal threats to maintain their security-through-obscurity? Related: Bitcoin exchange company Coinbase has been accused of spying on a dark net researcher.

qubezz writes: Security researcher Phar (Mike Davis/IOActive) gave his 30 days of disclosure notice to Cyberlock (apparently a company that makes electronic lock cylinders) that he would release a public advisory on vulnerabilities he found with the company's security devices. On day 29, their lawyers responded with a request to refrain, feigning ignorance of the previous notice, and invoking mention of the DMCA (this is not actually a DMCA takedown notice, as the law firm is attempting to suppress initial disclosure through legal wrangling). Mike's blog states: "The previous DMCA threats are from a company called Cyberlock, I had planned to do a fun little blog post (cause i ... hate blog posts) on the fun of how I obtained one, extracted the firmware bypassing the code protection and figured out its "encryption" and did various other fun things a lock shouldn't do for what its marketed as.. But before I could write that post I needed to let them know what issues we have deemed weaknesses in their gear.. the below axe grinderery is the results. (sic)" What should researchers do when companies make baseless legal threats to maintain their security-through-obscurity? Related: Bitcoin exchange company Coinbase has been accused of spying on a dark net researcher.

jones_supa writes: Mozilla is officially beginning to phase out non-secure HTTP to prefer HTTPS instead. After a robust discussion on the mailing list, the company will boldly start removing capabilities of the non-secure web. There are two broad elements of this plan: setting a date after which all new features will be available only to secure websites, and gradually phasing out access to browser features for non-secure websites, especially regarding features that pose risks to users' security and privacy. This plan still allows for usage of the "http" URI scheme for legacy content. With HSTS and the upgrade-insecure-requests CSP attribute, the "http" scheme can be automatically translated to "https" by the browser, and thus run securely. The goal of this effort is also to send a message to the web developer community that they need to be secure. Mozilla expects to make some proposals to the W3C WebAppSec Working Group soon.

An anonymous reader writes: Google unveiled today a new cell phone service called Project Fi. It offers the same basic functionality as traditional wireless carriers, such as voice, text and Internet access, but at a lower price than most common plans. From the article: "Google hopes to stand out by changing the way it charges customers. Typically, smartphone owners pay wireless carriers like AT&T and Verizon a bulk rate for a certain amount of data. Google says it will let customers pay for only what data they use on their phones, from doing things like making calls, listening to music and using apps, potentially saving them significant amounts of money. For now, the program is invite-only and will only be available on Google's Nexus 6 smartphone."

PC Mag reports on changes to the YouTube API, which have rendered YouTube apps inoperable on older consoles, smart TVs, and other video streaming devices. They're doing this because the old version of the API doesn't support some of YouTube's newer features. Newer devices might be able to upgrade — Apple handhelds that can run iOS 7 or later will have no problem, nor will 3rd-gen Apple TVs and devices running Google TV 3 or 4. But earlier Apple TVs and Google TVs running version 2 or earlier will be out of luck.

Unknown Lamer writes: Microsoft and Cyanogen Inc have announced a partnership to bring Microsoft applications to Cyanogen OS. "Under the partnership, Cyanogen will integrate and distribute Microsoft's consumer apps and services across core categories, including productivity, messaging, utilities, and cloud-based services. As part of this collaboration, Microsoft will create native integrations on Cyanogen OS, enabling a powerful new class of experiences." Ars Technica comments, "If Cyanogen really wants to ship a Googleless Android, it will need to provide alternatives to Google's services, and this Microsoft deal is a small start. Microsoft can provide alternatives for Search (Bing), Google Drive (OneDrive and Office), and Gmail (Outlook). The real missing pieces are alternatives to Google Play, Google Maps, and Google Play Services."

Rather than distribute more proprietary services, how about ownCloud for Drive, K-9 Mail for Gmail, OsmAnd for Maps, and F-Droid for an app store? Mozilla and DuckDuckGo provide Free Software search providers for Android, too. With Google neglecting the Android Open Source Project and Cyanogen partnering with Microsoft, the future for Free Software Android as anything but a shell for proprietary software looks bleak.

First time accepted submitter Zape (303550) writes The Lollipop update has turned sour for me and several other Nexus 7, Gen 2 (and Nexus 5) owners. It seems that I'm not alone in having my tablet boot to the Google Logo since a couple of days after updating to Android 5.0.2. Now Nexus 5 owners are reporting a reboot loop in Android 5.1. My device, like many others, is a couple of months out of warranty, but worked great until the latest OTA update from Google. They branded it, and they updated it, but Google claims it is between the buyers and ASUS, the manufacturer.

theodp (442580) writes "If at first you don't succeed, lobby, lobby again. That's a lesson to be learned from Microsoft and Google, who in 2010 launched advocacy coalition Computing in the Core, which aimed "to strengthen K-12 computer science education and ensure that computer science is one of the core academic subjects that prepares students for jobs in our digital society." In 2013, Computing in the Core "merged" with Code.org, a new nonprofit led by the next door neighbor of Microsoft's General Counsel and funded by wealthy tech execs and their companies. When Code.org 'taught President Obama to code' in a widely-publicized White House event last December, visitor records indicate that Google, Microsoft, and Code.org execs had a sitdown immediately afterwards with the head of the NSF, and a Microsoft lobbyist in attendance returned to the White House the next day with Microsoft CEO Satya Nadella and General Counsel Brad Smith (who also sits on Code.org's Board) in tow. Looks like all of that hard work may finally pay off. Education Week reports that computer science has been quietly added to the list of disciplines defined as 'core academic subjects' in the Senate draft of the rewritten No Child Left Behind Act, a status that opens the doors to a number of funding opportunities. After expressing concern that his teenage daughters hadn't taken to coding the way he'd like, President Obama added, "I think they got started a little bit late. Part of what you want to do is introduce this with the ABCs and the colors." So, don't be too surprised if your little ones are soon focusing on the four R's — reading, 'riting, 'rithmetic, and Rapunzel — in school!"

theodp (442580) writes "If at first you don't succeed, lobby, lobby again. That's a lesson to be learned from Microsoft and Google, who in 2010 launched advocacy coalition Computing in the Core, which aimed "to strengthen K-12 computer science education and ensure that computer science is one of the core academic subjects that prepares students for jobs in our digital society." In 2013, Computing in the Core "merged" with Code.org, a new nonprofit led by the next door neighbor of Microsoft's General Counsel and funded by wealthy tech execs and their companies. When Code.org 'taught President Obama to code' in a widely-publicized White House event last December, visitor records indicate that Google, Microsoft, and Code.org execs had a sitdown immediately afterwards with the head of the NSF, and a Microsoft lobbyist in attendance returned to the White House the next day with Microsoft CEO Satya Nadella and General Counsel Brad Smith (who also sits on Code.org's Board) in tow. Looks like all of that hard work may finally pay off. Education Week reports that computer science has been quietly added to the list of disciplines defined as 'core academic subjects' in the Senate draft of the rewritten No Child Left Behind Act, a status that opens the doors to a number of funding opportunities. After expressing concern that his teenage daughters hadn't taken to coding the way he'd like, President Obama added, "I think they got started a little bit late. Part of what you want to do is introduce this with the ABCs and the colors." So, don't be too surprised if your little ones are soon focusing on the four R's — reading, 'riting, 'rithmetic, and Rapunzel — in school!"

Gr8Apes writes: The certificate for Google's intermediate certificate authority expired Saturday. The certificate was used to issue Gmail's certificate for SMTP, and the expiration at 11:55am EDT caused many e-mail clients to stop receiving Gmail messages. While the problem affected most Gmail users using PC and mobile mail clients, Web access to Gmail was unaffected. I guess Google Calendar failed to notify someone.

jones_supa writes Phoronix has noticed that the Visual Studio 2015 product page mentions that the new IDE can target Linux out of the box. Specifically the page says "Build for iOS, Android, Windows devices, Windows Server or Linux". What this actually means is not completely certain at this point, but it certainly laces nicely with the company opening up the .NET Framework. And speaking of cross-platform software: new submitter mccrew writes Google has released a tool that lets Android apps run on any machine that can run its Chrome browser. Called Arc Welder, the tool acts as a wrapper around Android apps so they can run on Windows, OS X and Linux machines. The software expands the places that Android apps can run and might make it easier for developers to get code working on different machines.

First time accepted submitter Legendary Teeth writes The makers of the Myo Gesture Control Armband (Thalmic Labs) have just released the specs for the Bluetooth protocol it uses. While there are already official SDKs for Windows, Mac, iOS and Android, this means that now anyone can roll their own support for other platforms like Linux or Arduino without needing to use one of the official platforms as a bridge. Anything you can write code for that that can act as a Bluetooth GATT client would now be possible, really. If you aren't familiar with the Myo armband, it's a Bluetooth Low Energy device with 8 EMG pods and an IMU that you wear on your arm. It can read your muscle activity to detect gestures you make with you hands, which you can then use to do things like fly drones, play games, or control music.

benrothke writes Technology is neutral and amoral. It's the implementers and users who define its use. In Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It, author Marc Goodman spends nearly 400 pages describing the dark side of technology, and those who use it for nefarious purposes. He provides a fascinating overview of how every major technology can be used to benefit society, and how it can also be exploited by those on the other side. Keep reading for the rest of Ben's review. Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It author Marc Goodman pages 400 publisher Doubleday rating 9/10 reviewer Ben Rothke ISBN 978-0385539005 summary In the rush to get everyone wired, they forget to secure it Technology breeds crime and in the book, Goodman users Crime, Inc. as a metaphor for the many entities and organizations that exist in the dark web and fringes of the Internet. Towards the end of the book, after describing all of the evils that the Internet creates, he suggests creation of a modern day Manhattan Project for cyber security. He writes that a major initiative such as that is what is required to secure the Internet and emerging technologies.

As to Crime, Inc., Goodman shows how they use technologies such as distributed computing, satellite communications, crowdsourcing, encrypted channels and other sophisticated mechanisms to carry out their actions. The premise of the book, and it's a compelling one, is that in the rush to wire every classroom, person and organization, we have failed to secure it appropriately.

The books 18 chapters are an easy and fascinating read. Goodman writes in detail about many major technologies trends and how its benefits can be subverted. The book is written for the non-technical reader and Goodman does an admirable job of minimize tech-talk and gibberish.

While the book obsesses on the dark side, it's important to note that Goodman is not an anti-technologist. The goal of the book is to make people aware of what they are clicking on, and how they often give away their personal life when using free mobile applications.

Chapter 6 on the surveillance economy is particularly interesting. While Snowden brought attention to the NSA's wholesale spying, what has gone under the radar is the lucrative surveillance economy that has developed. Goodman writes how firms like Acxion, Epsilon and others are part of the over $150 billion data brokerage industry. Their power is that they correlate information from myriad disparate sources, to create a powerful dossier that marketers are willing to pay for.

The chapter articulately details the unprecedented amounts of data people have shared with third-parties; that once shared, is almost impossible to control. The privacy implications are huge and the problem is only getting worse. Data brokers have no privacy incentives as they make money when they sell data, not when they protect it.

The book is a fascinating read, albeit a bit wordy at times. The book contains so many horror stories and examples of software and hardware gone badly, that the reader can be overwhelmed. Goodman on occasion makes some errors, such as when he writes that a six-terabyte hard drive could hold all of the music ever recorded anywhere in the world throughout history. At times, he overemphasizes things, such as when he writes that one billion users have posted their most intimate details on Facebook. While Facebook recently passed the 1 billion user mark, not every user posts intimate details of their live.

The book provides a superb overview of the security implications of the Internet of Things (IoT). Goodman details how the IoT can be used to create intelligent systems and networks that can detect and shutdown adversaries. But to secure the IoT will require an effort akin to the Manhattan Project. With that, Goodman advocates that the government fund a digital Manhattan Project, getting the best and brightest minds in the information security space together, to create a framework to better secure the Internet.

The problem is as he notes, that Washington simply does not see the need nor can they comprehend the urgency of the situation. It's only the government that can ostensibly get the private and public sectors together to work in concert, but that is unlikely to happen anytime soon. Which only serves to exacerbate an already tenuous information security problem.

An additional issue the book grapples with, it that the while government wants its citizens to be secure and touts the importance of personal privacy, it simultaneously spies on them. Also, providers such as Google and Facebook provide free services, at the cost of turning the user into a data customer. It's not just the criminals and terrorists the book warns about, rather government and free data collection services.

While the book paints an overly depressing picture of what the future holds for personal privacy, Goodman closes the book with his UPDATE protocol. He writes that while the worst is yet to come and that it's getting more and more difficult to gain control you're your personal data and metadata; there are six steps you can do. Goodman claims that these 6 steps can prevent 85% of digital attacks. The UPDATE steps are: Update frequently, Passwords, Download from safe sites only, Administrator accounts used with care, Turn off computers and Encrypt data.

Much of the problem is that people are clueless to what is going on. They use free services not knowing their data and personal privacy is what they are giving away. Finally, users don't know what good security looks like. The book is a valiant attempt to show users that while they think they are using the Internet in a pristine environment, it is simply a cesspool of malware, scammers and miscreants. Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It is a great wake-up call. Let just hope everyone wakes up and read it.

Reviewed by Ben Rothke.

You can purchase Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

rtoz writes: A group of scientists in California have successfully created eye drops that temporarily enable night vision. They use mixture of insulin and a chemical known as Chlorin e6 (Ce6) to enable the user to view objects clearly in darkness up to 50 meters away. Ce6 is found in some deep-sea fish and often used to treat night blindness. The solution starts to work within an hour of being applied to the user's eyes, and lasts for several hours afterward. The test subject's eyesight returned to normal the next day. The organization Science for the Masses has released a paper detailing the experiment on their website.

An anonymous reader writes Google has quietly released a Data Saver extension for Chrome, bringing the company's data compression feature to the desktop for the first time. You can download the extension, currently in beta, from the Chrome Web Store. We say "quietly" because there doesn't seem to be an announcement from Google. The extension was published on March 23 and appears to work exactly as advertised on the tin, based on what we've seen in our early tests.

Austin has a strong western heritage and more country and western music than you can shake a fiddle bow at. So when Timothy came back from SXSW with video clips from two home automation companies with different approaches to this question: "How can you work with a whole bunch of lights and thermostats and other IoT home automation pieces that all have different OSes and control APIs?" we obviously had to call the resulting video 'Dueling Home Automation Systems.'

The two companies shown in this video are called WigWag and Yonomi. WigWag sells you a "Relay," which they say "is a powerful mini computer that gives you control of your home's smart devices." The minimum pre-order buy-in for WigWag seems to be a $149 WigWag Relay. Their 'products' page his page shows the Relay -- and many other gadgets and kits that could easily run your total tab up to $1000 or more. Yonomi, on the other hand, "resides on your phone and in the Cloud. No need for a hub, controller box or other additional hardware. Yonomi magically finds and enhances your existing connected devices allowing them to interact with one another in ways never before possible."

Yonomi may start with a free Android app (iOS coming soon), but you still need to buy lights, speakers, thermostats, and other things that are Internet-aware, so you're not going to save much (if anything) over buying a WigWag relay and the rest of what you need to create your own, private Internet of Things. And what about good old X10 and other home control systems? They're still out there, still doing their thing in millions of homes even if they aren't getting all the IoT buzz. In any case, it's nice to see new home automation alternatives coming down the pike, even if their cloudness may make them easier to hack than an old-fashioned appliance like this coffeemaker.

mi writes: We've always suspected that Google might tweak its search algorithms to gain an advantage over its rivals — and, according to an FTC investigation inadvertently shared with the Wall Street Journal, it did. Quoting: "In a lengthy investigation, staffers in the FTC's bureau of competition found evidence that Google boosted its own services for shopping, travel and local businesses by altering its ranking criteria and "scraping" content from other sites. It also deliberately demoted rivals. For example, the FTC staff noted that Google presented results from its flight-search tool ahead of other travel sites, even though Google offered fewer flight options. Google's shopping results were ranked above rival comparison-shopping engines, even though users didn't click on them at the same rate, the staff found. Many of the ways Google boosted its own results have not been previously disclosed.

An anonymous reader writes A few days ago it appeared that Google began requiring new versions of the Linux kernel for the Chrome/Chromium web browser. To some people, such requirement smelled funny, and it turns out that those people had the right hunch. Google does not intend for there to be a hard requirement on the latest versions of the Linux kernel that expose SECCOMP_FILTER_FLAG_TSYNC, but instead many users are hitting an issue around it. A Chromium developer commented on the related bug: "Updating the title so that people who have been mislead into thinking non-TSYNC kernels were deprecated immediately understand that there is simply 'some unknown bug' hitting some users." Of course, a user having the TSYNC feature in his kernel will still get a security benefit.

benrothke writes Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, author Bruce Schneier could have justifiably written an angry diatribe full of vitriol against President Obama and the NSA for their wholesale spying on innocent Americans and violations of myriad laws. Instead, he was written a thoroughly convincing and brilliant book about big data, mass surveillance and the ensuing privacy dangers facing everyone. A comment like what's the big deal? often indicates a naiveté about a serious significant underlying issue. The idea that if you have nothing to hide you have nothing to fear is a dangerously narrow concept on the value of privacy. For many people the notion that the NSA was performing spying on Americans was perceived as not being a big deal, since if a person is innocent, then what do they have to worry about. In the book, Schneier debunks that myth and many others, and defends the importance of privacy. Keep reading for the rest of Ben's review. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World author Bruce Schneier pages 400 publisher W. W. Norton and Company rating 10/10 reviewer Ben Rothke ISBN 978-0393244816 summary Important defense of privacy and expose on the dangers of NSA domestic mass surveillance Schneier writes that privacy is an essential human need and central to our ability to control how we relate to the world. Being stripped of privacy is fundamentally dehumanizing and it makes no difference whether the surveillance is conducted by an undercover police officer following us around or by a computer algorithm tracking our every move.

The book notes that much of the data sharing is done voluntarily from users via social media and other voluntary sharing methods. But the real danger is that the NSA has unlawfully been conducting mass surveillance on Americans, in violation of the Constitution and other Federal laws. And with all of that, the book observed that after spending billions doing it, the NSA has very little to show for its efforts.

While the NSA has often said they were just collecting metadata; Schneier writes that metadata can often be more revealing than the data itself, especially when it's collected in the aggregate. And even more so when you have an entire population under surveillance. How big of a deal is metadata? Schneier quotes former NSA and CIA director Michael Hayden that "we kill people based on metadata".

The book spends chapters detailing the dangers of mass data collection and surveillance. It notes that the situation is exacerbated by the fact that we are now generating so much data and storing it indefinitely. People can now search 20 years back and find details that were long thought to have been forgotten. Today's adults were able to move beyond their youthful indiscretions; while today's young people will not have that freedom. Their entire life histories will be on the permanent record.

Another harm of mass government surveillance is the way it leads to people being categorized and discriminated against. Since much of the data is gathered in secret, citizens don't have the right to see or refute it. Schneier notes that this will intensify as systems start using surveillance data to make decisions automatically.

Schneier makes numerous references to Edward Snowden and views him as a hero. He views Snowden's act as being courageous since it resulted in the global conversation about surveillance being made available. Had it not been for Snowden, this book would never have been written.

Schneier does a good job of showing how many of the methods used by the NSA were highly questionable, and based on extremely broad readings of the PATRIOT ACT, Presidential directives and other laws.

The book notes that not only has mass surveillance on US citizens provided extremely little return on the tens of billions of dollars spent; the very strategy of basing security on irrational fears is dangerous. The book notes that many US agencies were faulted after 9/11 and the Boston Marathon bombing for not connecting the dots. But connecting the dots against terrorist plots is extraordinarily difficult, if not impossible. Given the rarity of these events, the book notes that they current systems produce so many false positives as to render them useless.

Schneier straight-out says that ubiquitous surveillance and data minding are not suited for finding dedicated criminals or terrorists. The US is wasting billions on these programs and not getting the security they have been promised. Schneier suggests using the money on investigations, intelligence and emergency response; programs whose tactics have been proven to work.

Schneier makes many suggestions on how to stop the mass surveillance by the NSA. His biggest suggestion is to separate espionage agencies from the surveillance agencies. He suggests that government surveillance of private citizens should only be done as part of a criminal investigation. These surveillance activities should move outside of the NSA and the military and should instead come under the auspices of the FBI and Justice Department, which will apply rules of probable cause, due process and oversight to surveillance activities in regular open courtrooms. As opposed to the secret United States Foreign Intelligence Surveillance courts.

Schneier notes that breaking up the NSA is a long-range plan, but it's the right one. He also suggests reducing the NSA's budget to pre-9/11 levels, which would do an enormous amount of good.

While Schenier comes down hard on mass surveillance, he is also rational enough to know that there are legitimate needs for government surveillance, both law enforcement and intelligence needs to do this and we must recognize that. He writes that we must support legitimate surveillance and work on ways for these groups to do what they need without violating privacy, subverting security and infringing on citizens' rights to be free of unreasonable suspicion and observation.

The book concludes with a number of things that can be done. At the personal level there is a lot people can legitimately do to stop sharing so much personal information. But for most people, they would rather reap the short-term benefits of sharing information on social media, with retailers and more; than the long-term privacy benefits.

The book also notes that much of the problem stems with federal agencies since keeping the fear stoked is big business. For those in the intelligence agencies, that is the basis of their influence and power. Schneier also lays some of the blame on the media who stoke the irrational fears in the daily news. By fixating on rare and spectacular events, the media conditions us to behave as if terrorism were much more common than it is and to fear it far out of proportion to its actual incidence.

This is an incredibly important book. Schenier is passionate about the subject, but provides an extremely reasonably set of arguments. Superbly researched, Schneier lays out the facts in a clear, concise and extremely readable manner. The book is at times disturbing, given the scope and breadth of the NSA surveillance program.

This is the perfect book to take with you on a long flight. It's a compelling and engrossing read, and important book and a major wake-up call. The NSA knows all about you via its many total information awareness programs. In Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, Bruce Schneier provides the total information awareness about what the NSA is doing, how your personal data is being mined, and what you can do about it.

While the NSA was never able to connect the dots of terrorists, Schneier has managed to connect the dots of the NSA. This is a book that must be read, for your freedom.

Reviewed by Ben Rothke.

You can purchase Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

An anonymous reader writes Google's Chrome/Chromium web browser does not support slightly older versions of the Linux kernel anymore. Linux 3.17 is now the minimum requirement. According to a thread on the Debian mailing list, a kernel feature called TSYNC is what makes the difference. When a backported patch for the Debian 8 kernel was requested, there were hostile replies about not wanting to support "Google spyware."

An anonymous reader writes As expected, YouTube today launched YouTube Kids for Android and iOS, described as a "family-friendly destination" and "the first Google product built from the ground up with little ones in mind." You can download the new app for free, available only in the U.S., directly from Google Play and Apple's App Store. The app's main selling point is that it only has content deemed appropriate for kids. In other words, the pitch to parents is very simple: This app will ensure that your kids can watch videos posted online without stumbling on clips you wouldn't want them to see.

lkcl writes The introduction of systemd has unilaterally created a polarization of the GNU/Linux community that is remarkably similar to the monopolistic power position wielded by Microsoft in the late 1990s. Choices were stark: use Windows (with SMB/CIFS Services), or use UNIX (with NFS and NIS). Only the introduction of fully-compatible reverse-engineered NT Domains services corrected the situation. Instructions on how to remove systemd include dire warnings that "all dependent packages will be removed", rendering a normal Debian Desktop system flat-out impossible to achieve. It was therefore necessary to demonstrate that it is actually possible to run a Debian Desktop GUI system (albeit an unusual one: fvwm) with libsystemd0 removed. The reason for doing so: it doesn't matter how good systemd is believed to be or in fact actually is: the reason for removing it is, apart from the alarm at how extensive systemd is becoming (including interfering with firewall rules), it's the way that it's been introduced in a blatantly cavalier fashion as a polarized all-or-nothing option, forcing people to consider abandoning the GNU/Linux of their choice and to seriously consider using FreeBSD or any other distro that properly respects the Software Freedom principle of the right to choose what software to run. We aren't all "good at coding", or paid to work on Software Libre: that means that those people who are need to be much more responsible, and to start — finally — to listen to what people are saying. Developing a thick skin is a good way to abdicate responsibility and, as a result, place people into untenable positions.

jones_supa writes: Linus Torvalds made this post about Linux version numbering: "So, I made noises some time ago about how I don't want another 2.6.39 where the numbers are big enough that you can't really distinguish them. We're slowly getting up there again, with 3.20 being imminent, and I'm once more close to running out of fingers and toes. I was making noises about just moving to 4.0 some time ago. But let's see what people think. So — continue with v3.20, because bigger numbers are sexy, or just move to v4.0 and reset the numbers to something smaller?" To voice your opinion, the Google+ post allows you to discuss the matter and cast a vote in a poll.

HughPickens.com writes Google has long offered a Pro version of Google Earth for $399 per year that includes some pretty cool extras not found in the free version. Now Rick Broida reports at Cnet that you can get Google Earth Pro absolutely free. All you have to do is download the installer, run it, then sign in using your e-mail address (as your username) and license code GEPFREE. Features include: Advanced measurements: Measure parking lots and land developments with polygon area measure, or determine affected radius with circle measure; High-resolution printing: Print images up to 4,800 x 3,200 pixel resolution; Exclusive pro data layers with Demographics and traffic count; Spreadsheet import: Ingest up to 2,500 addresses at a time, assigning place marks and style templates in bulk; and Movie-Maker: Export Windows Media and QuickTime HD movies, up to 1,920x1,080-pixel resolution. If you've ever been involved in a property dispute, you'll know how acrimonious they can get. Google Earth Pro includes parcel data that definitively defines property boundaries. "Do you really need this? Probably not, as Pro was created with business/enterprise users in mind," writes Broida. "Let's be honest, [Google Earth Pro has] entertainment value that's virtually impossible to measure."

jones_supa writes In an interesting Google+ post, the lieutenant Linux developer Greg Kroah-Hartman mentions him fully moving to rolling-release Linux distributions: 'Finally retired my last 'traditional' Linux distro box yesterday, it's all 'rolling-release' Linux systems for me. Feels good. And to preempt the ask, it's Arch Linux almost everywhere (laptop, workstation, cloud servers), CoreOS (cloud server), and Gentoo for the remaining few (laptop, server under my desk).' What's your experience? Would in the current situation a rolling-release operating system indeed be the optimal choice?

jones_supa writes Since 2010, Security Reward Programs have been one cornerstone of Google's relationship with the security research community. In 2014, the company rewarded 200 different researchers with a total amount of $1.5 million. Google wants to celebrate the participants' contributions to the company, and in turn, their contributions back to the researchers. For 2015, two additions to the programs are being announced. It has been noted that researchers' efforts through these programs, combined with Google's internal security work, have made it increasingly difficult to find bugs. Of course, that's good news, but it can also be discouraging when researchers invest their time and struggle to find issues. With this in mind, today Google is rolling out a new, experimental program: Vulnerability Research Grants. These are up-front awards that will be provided to researchers before they even submit a bug. To learn more about the current grants, and review your eligibility, have a look at the rules page. Second, also starting today, all mobile applications officially developed by Google on Google Play and iTunes will now be within the scope of the Vulnerability Reward Program.

An anonymous reader writes Microsoft today launched Outlook for Android and iOS. The former is available (in preview) for download now on Google Play and the latter will arrive on Apple's App Store later today. The pitch is simple: Outlook will let you manage your work and personal email on your phone and tablet as efficiently as you do on your computer. The app also offers calendar features, attachment integration (with OneDrive, Dropbox, Google Drive, Box, and iCloud), along with customizable swipes and actions so you can tailor it to how you specifically use email.

benrothke writes Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues that place increasing burden on security, systems and network administrators. This creates a large amount of information and log data without a formal mechanism to deal with it. This has led to many organizations creating a security operations center (SOC). A SOC in its most basic form is the centralized team that deals with information security incidents and related issues. In Designing and Building a Security Operations Center, author David Nathans provides the basics on how that can be done. Keep reading for the rest of Ben's review Designing and Building a Security Operations Center author David Nathans pages 276 publisher Syngress rating 8/10 reviewer Ben Rothke ISBN 978-0128008997 summary Good introduction to those looking to build their own security operations center An effective SOC provides the benefit of speed of response time to a security incident. Be it a DDoS attack or malware which can spread throughout a corporate network in minutes, and potentially knock out the network, every second counts in identifying these attacks and negating them before they can cause additional damage. Having a responsive SOC can make all the difference in how a firms deals with these security issues.

The book notes that the SOC is akin to an enterprise nervous system that can gather and normalize vast amounts of log and related data. This can provide continuous prevention, protection and detection by providing response capabilities against threats, remotely exploitable vulnerabilities and real-time incidents on the monitored network.

The 11 chapters provide a start for anyone considering building out their own SOC. Topics include required infrastructure, organizational structure, staffing and daily operations, to training, metrics, outsourcing and more.

When building a SOC, the choices are for the most part doing it yourself (DIY) or using an outsourced managed security service provider (MSSP). The book focuses primarily on the DIY approach, while chapter 10 briefly details the issues and benefits of using a MSSP. The book provides the pros and cons of each approach. Some firms have a hybrid approach where they perform some SOC activities and outsource others. But the book doesn't details that approach.

The book provides a large amount of details on the many tasks needed to create an internal SOC. The truth is that many firms simply don't have the staff and budget needed to support an internal SOC. They also don't have the budget for an MSSP. With that, Mike Rothman of Securosis noted that these firms are "trapped on the hamster wheel of pain, reacting without sufficient visibility, but without time to invest in gaining that much-needed visibility into threats without diving deep into raw log files".

One important topic the book does not cover is around SIM/SIEM/SEM software. SIEM software can provide a firm with real-time analysis of security alerts generated by network and security hardware, software and other applications.

Many benefits come from an effective SIEM tool being the backbone of the SOC. A SIEM tool consolidates all data and analyzes it intelligently and provides visualization into the environment. But selecting the appropriate SIEM and correctly deploying it is not a trivial endeavor.

Those looking for a good reference on SIEM should read: Security Information and Event Management (SIEM) Implementation, which I reviewed on Slashdot. That book does provide an excellent overview of the topic and will be of value to those reading looking for answer around SIEM. Those looking for a solid introduction to the world of SIEM should definitely get a copy.

The book notes that the most important part of a SOC, and often the most overlooked, is that of the SOC analyst. And with that, the book writes how it's important to be cognizant of the fact of SOC analyst burnout. SOC analysts can burnout and it's important for an organization to have a plan to address this, including aspects of training, management opportunities and job rotation.

Building an in-house SOC takes significant planning an attention to detail and the book details a lot of the particulars that are required for an effective SOC design.

The implementation of a SOC will cost a significant amount of money and management will often want to have metrics to let them know what the SOC is doing. The book spends a brief amount of time on SOC metrics; which is a topic that warrants a book in its own right. There are many metrics that can be created to measure SOC efficacy. Effective SOC metrics will measure how quickly incidents are handled by the SOC, and how incident are identified, addressed and handled.

The downside to metrics is that they must be used judiciously. It's important not to measure base performance of a SOC analyst simply on the number of events analyzed or recommendations written. Metrics used in that manner are akin to help desk where analysts are only concerned about getting calls finished, in order to meet their calls completed metrics.

As important as a SOC is, this is surprisingly the first book written on the topic. At under 250 pages, the book provides an introduction to the topic, but is not a comprehensive work on the topic. There are areas in SOC management that the book doesn't cover, such as SOC documentation, creating and using SOC operation run books, and more.

But even with those missing areas, Designing and Building a Security Operations Center is a good reference to start with. A SOC is a security component most organizations are in dire need of, and the book is a good way to get them started on that effort.

Reviewed by Ben Rothke.

You can purchase Designing and Building a Security Operations Center from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

benrothke writes Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues that place increasing burden on security, systems and network administrators. This creates a large amount of information and log data without a formal mechanism to deal with it. This has led to many organizations creating a security operations center (SOC). A SOC in its most basic form is the centralized team that deals with information security incidents and related issues. In Designing and Building a Security Operations Center, author David Nathans provides the basics on how that can be done. Keep reading for the rest of Ben's review Designing and Building a Security Operations Center author David Nathans pages 276 publisher Syngress rating 8/10 reviewer Ben Rothke ISBN 978-0128008997 summary Good introduction to those looking to build their own security operations center An effective SOC provides the benefit of speed of response time to a security incident. Be it a DDoS attack or malware which can spread throughout a corporate network in minutes, and potentially knock out the network, every second counts in identifying these attacks and negating them before they can cause additional damage. Having a responsive SOC can make all the difference in how a firms deals with these security issues.

The book notes that the SOC is akin to an enterprise nervous system that can gather and normalize vast amounts of log and related data. This can provide continuous prevention, protection and detection by providing response capabilities against threats, remotely exploitable vulnerabilities and real-time incidents on the monitored network.

The 11 chapters provide a start for anyone considering building out their own SOC. Topics include required infrastructure, organizational structure, staffing and daily operations, to training, metrics, outsourcing and more.

When building a SOC, the choices are for the most part doing it yourself (DIY) or using an outsourced managed security service provider (MSSP). The book focuses primarily on the DIY approach, while chapter 10 briefly details the issues and benefits of using a MSSP. The book provides the pros and cons of each approach. Some firms have a hybrid approach where they perform some SOC activities and outsource others. But the book doesn't details that approach.

The book provides a large amount of details on the many tasks needed to create an internal SOC. The truth is that many firms simply don't have the staff and budget needed to support an internal SOC. They also don't have the budget for an MSSP. With that, Mike Rothman of Securosis noted that these firms are "trapped on the hamster wheel of pain, reacting without sufficient visibility, but without time to invest in gaining that much-needed visibility into threats without diving deep into raw log files".

One important topic the book does not cover is around SIM/SIEM/SEM software. SIEM software can provide a firm with real-time analysis of security alerts generated by network and security hardware, software and other applications.

Many benefits come from an effective SIEM tool being the backbone of the SOC. A SIEM tool consolidates all data and analyzes it intelligently and provides visualization into the environment. But selecting the appropriate SIEM and correctly deploying it is not a trivial endeavor.

Those looking for a good reference on SIEM should read: Security Information and Event Management (SIEM) Implementation, which I reviewed on Slashdot. That book does provide an excellent overview of the topic and will be of value to those reading looking for answer around SIEM. Those looking for a solid introduction to the world of SIEM should definitely get a copy.

The book notes that the most important part of a SOC, and often the most overlooked, is that of the SOC analyst. And with that, the book writes how it's important to be cognizant of the fact of SOC analyst burnout. SOC analysts can burnout and it's important for an organization to have a plan to address this, including aspects of training, management opportunities and job rotation.

Building an in-house SOC takes significant planning an attention to detail and the book details a lot of the particulars that are required for an effective SOC design.

The implementation of a SOC will cost a significant amount of money and management will often want to have metrics to let them know what the SOC is doing. The book spends a brief amount of time on SOC metrics; which is a topic that warrants a book in its own right. There are many metrics that can be created to measure SOC efficacy. Effective SOC metrics will measure how quickly incidents are handled by the SOC, and how incident are identified, addressed and handled.

The downside to metrics is that they must be used judiciously. It's important not to measure base performance of a SOC analyst simply on the number of events analyzed or recommendations written. Metrics used in that manner are akin to help desk where analysts are only concerned about getting calls finished, in order to meet their calls completed metrics.

As important as a SOC is, this is surprisingly the first book written on the topic. At under 250 pages, the book provides an introduction to the topic, but is not a comprehensive work on the topic. There are areas in SOC management that the book doesn't cover, such as SOC documentation, creating and using SOC operation run books, and more.

But even with those missing areas, Designing and Building a Security Operations Center is a good reference to start with. A SOC is a security component most organizations are in dire need of, and the book is a good way to get them started on that effort.

Reviewed by Ben Rothke.

You can purchase Designing and Building a Security Operations Center from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

First we look at Skiva Technology and their Octofire 8-port USB charger that pulled in nearly five times the requested amount from a Kickstarter campaign. (The 'pulled in X times the requested Kickstarter amount' is becoming a common product boast, isn't it?) Then, for MacBook owners who are tired of having their chargers or charger cords break, we take a brief look at the Juiceboxx Charger Case. These two power-oriented products and WakaWaka, which we posted about on January 9, are just a tiny, random sample of the many items in this category that were on display at CES 2015. Timothy was the only Slashdot person working CES, so it's shocking that he managed to cover as many (hopefully interesting) products as he did, considering that even the biggest IT journo mills don't come close to total coverage of the overwhelming muddle CES has become in recent years. (Alternate Video Link)

Nerval's Lobster writes As previously rumored, Google has discontinued selling Google Glass, its augmented-reality headset... but it could be coming out with something new and (supposedly) improved. The company has placed a relentlessly positive spin on its decision: "Glass was in its infancy, and you took those very first steps and taught us how to walk," reads a posting on the Google+ page for Glass. "Well, we still have some work to do, but now we're ready to put on our big kid shoes and learn how to run." Formerly a project of the Google X research lab, Glass will now be overseen by Tony Fadell, the CEO of Google subsidiary (and Internet of Things darling) Nest; more than a few Glass users are unhappy with Google's decision. If Google's move indeed represents a quiet period before a relaunch, rather than an outright killing of the product, what can it do to ensure that Glass's second iteration proves more of a success? Besides costing less (the original Glass retailed for $1,500 from Google's online storefront), Google might want to focus on the GoPro audience, or simply explain to consumers why they actually need a pair of glasses with an embedded screen. What else could they do to make Glass 2.0 (whatever it looks like) succeed?