Slashdot Mirror

An anonymous reader links to this story at The Stack (based on this translated report) that "The Moscow authorities will begin using the signal from Muscovites' cell-phones in 2015 to research patterns of traffic and points of congestion, with a view to changes in travel infrastructure including roads, the Moscow metro and bus services. The tracking, which appears to opt all users in unilaterally, promises not to identify individual cell-phone numbers, and will use GSM in most cases, but also GPS in more densely-constructed areas of the old city. The system is already in limited use on the roads, but will be extended to pedestrians and subway users in 2015. The city of 11.5 million people has three main cell providers, all of whom cooperate fully with authorities' request for information. A representative of one, Beeline, said: "We prepare reports that detail where our subscribers work, live, move, and other aspects."

jones_supa writes The lack of a vertical tab strip (or "Tree Style Tab" as the Firefox extension is called) has been under a lot of discussion under Chrome/Chromium bug tracker. Some years ago, vertical tabs existed as an experimental feature enabled with a "secret" command line parameter, but that feature was eventually removed from the browser. Since then, Google has been rather quiet about whether such feature is still on the roadmap. Now, a Google engineer casts some light on the issue. He says that a tree-style interface for tabs would be overly complex as a native implementation, but Google would back the idea of improving the extensions interface to support a sidebar-like surface to render the tab UI on, if someone from the open source community would step forward to do the work to drive the feature to completion.

jones_supa writes The lack of a vertical tab strip (or "Tree Style Tab" as the Firefox extension is called) has been under a lot of discussion under Chrome/Chromium bug tracker. Some years ago, vertical tabs existed as an experimental feature enabled with a "secret" command line parameter, but that feature was eventually removed from the browser. Since then, Google has been rather quiet about whether such feature is still on the roadmap. Now, a Google engineer casts some light on the issue. He says that a tree-style interface for tabs would be overly complex as a native implementation, but Google would back the idea of improving the extensions interface to support a sidebar-like surface to render the tab UI on, if someone from the open source community would step forward to do the work to drive the feature to completion.

HughPickens.com writes Nicola Davis writes at The Guardian that a new exhibition at London's Science Museum tiitled Churchill's Scientists aims to explore how a climate that mingled necessity with ambition spurred British scientists to forge ahead in fields as diverse as drug-discovery and operational research, paving the way for a further flurry of postwar progress in disciplines from neurology to radio astronomy. Churchill "was very unusual in that he was a politician from a grand Victorian family who was also interested in new technology and science," says Andrew Nahum. "That was quite remarkable at the time." An avid reader of Charles Darwin and HG Wells, Churchill also wrote science-inspired articles himself and fostered an environment where the brightest scientists could build ground-breaking machines, such as the Bernard Lovell telescope, and make world-changing discoveries, in molecular genetics, radio astronomy, nuclear power, nerve and brain function and robotics. "During the war the question was never, 'How much will it cost?' It was, 'Can we do it and how soon can we have it?' This left a heritage of extreme ambition and a lot of talented people who were keen to see what it could provide." (More, below.) According to Cambridge Historian Richard Toye, Churchill was a "closet science-fiction fan" who borrowed the lines for one of his most famous speeches from H. G. Wells — to depict the rise of Hitler's Germany. "It's a bit like Tony Blair borrowing phrases from Star Trek or Doctor Who," says Toye. A close friend of Wells, Churchill said that The Time Machine was "one of the books I would like to take with me to Purgatory". Wells and Churchill met in 1902 and several times thereafter, and kept in touch in person and by letter until Wells' death in 1946. "We need to remember that there was a time when Churchill was a radical liberal who believed these things," Toye adds. "Wells is often seen as a socialist, but he also saw himself as a liberal, and he saw Churchill as someone whose views were moving in the right direction."

An anonymous reader writes: Just days after Google angered Microsoft by releasing information about a Windows security flaw, they've now released two more. "The more serious of the two allows an attacker to impersonate an authorized user, and then decrypt or encrypt data on a Windows 7 or Windows 8.1 device. Google reported that bug to Microsoft on Oct. 17, 2014, and made some background information and a proof-of-concept exploit public on Thursday. Project Zero is composed of several Google security engineers who investigate not only the company's own software, but that of other vendors as well. After reporting a flaw, Project Zero starts a 90-day clock, then automatically publicly posts details and sample attack code if the bug has not been patched." Microsoft says there's no evidence these flaws have been successfully exploited.

An anonymous reader sends this report from TorrentFreak: The much-praised Chilling Effects DMCA archive has taken an unprecedented step by censoring its own website. Facing criticism from copyright holders, the organization decided to wipe its presence from all popular search engines. A telling example of how pressure from rightsholders causes a chilling effect on free speech. ... "After much internal discussion the Chilling Effects project recently made the decision to remove the site’s notice pages from search engines," Berkman Center project coordinator Adam Holland informs TF. "Our recent relaunch of the site has brought it a lot more attention, and as a result, we’re currently thinking through ways to better balance making this information available for valuable study, research, and journalism, while still addressing the concerns of people whose information appears in the database."

HughPickens.com writes IMSI catchers, otherwise known as stingrays, are those surveillance tools that masquerade as cell towers and trick mobile phones into connecting, spewing private data in the process. Law-enforcement agencies have been using them for almost two decades, but there's never been a good way for individuals to detect them. Now Lily Hay Newman reports that SnoopSnitch scans for radio signals that indicate a transition to a stingray from a legitimate cell tower. "SnoopSnitch collects and analyzes mobile radio data to make you aware of your mobile network security and to warn you about threats like fake base stations (IMSI catchers), user tracking and over-the-air updates." say German security researchers Alex Senier, Karsten Nohl, and Tobias Engel, creators of the app which is available now only for Android. The app can't protect people's phones from connecting to stingrays in the first place, but it can at least let them know that there is surveillance happening in a given area. "There's no one set of information, taken by itself, that allows you to detect an IMSI catcher," says Nohl. "But we do stream analysis of everything that happens on your phone, and can come out with a warning if it crosses a certain threshold."

Stingrays have garnered attention since a 2011 Arizona court case in which one agent admitted in an affidavit that the tool collaterally swept up data on "innocent, non-target devices" (U.S. v. Rigmaiden). The government eventually conceded in this case that the "tracking operation was a Fourth Amendment search and seizure," meaning it required a warrant. But given that the Justice Department has continued to claim that cellphone users have no reasonable expectation of privacy over their location data, it may take a Supreme Court judgement to settle the Stingray issue countrywide.

An anonymous reader writes "Google's security research database has after a 90 day timeout automatically undisclosed a Windows 8.1 vulnerability which Microsoft hasn't yet patched. By design the system call NtApphelpCacheControl() in ahcache.sys allows application compatibility data to be cached for quick reuse when new processes are created. A normal user can query the cache but cannot add new cached entries as the operation is restricted to administrators. This is checked in the function AhcVerifyAdminContext(). Long story short, the aforementioned function has a vulnerability where it doesn't correctly check the impersonation token of the caller to determine if the user is an administrator. It hasn't been fully verified if Windows 7 is vulnerable. For a passer-by it is also hard to tell whether Microsoft has even reviewed the issue reported by the Google researcher. The database has already one worried comment saying that automatically revealing a vulnerability just like that might be a bad idea."

theodp writes: Marketing Land's Danny Sullivan has a pretty epic post on How Google Became A Santa Tracker Tradition To Rival NORAD, and wonders if future generations will think of Santa tracking as synonymous with Google, just as past ones have felt about NORAD. Until it split with Google in 2012 (for unknown reasons) and hooked up with Microsoft, Sullivan explains, NORAD had really been the only place to go for a serious, dependable Santa tracking service. "There's a big part of me that wishes Google had gotten out of Santa tracking when it split from NORAD," says Sullivan of the divorce. "The NORAD Santa tracker brings back memories from my childhood; it brings back memories of me being a father with young kids checking in on Santa's progress. In contrast, Google feels to me like an upstart interloper messing with my nostalgic memories. But maybe Google's a welcome alternative to others. It's not uncommon to see the occasional complaint about a NORAD "Santa Cam" video showing Santa being accompanied by fighter jets. Some might prefer a Santa tracker that's not connected to a military organization. Of course, some might not feel one connected to a giant company is necessarily preferable. Part of me is also sad that when I go to NORAD's own site, I get a big Internet Explorer icon in the top right corner, which effectively opens up an ad for Microsoft. I guess I feel it's too blatant. Of course, complaining about the commercialization of something Christmas-related, I suppose, is kind of useless." Sullivan adds, "Overall, I'm thankful to the many people who are involved with both operations [NORAD Tracks Santa and Google Santa Tracker], who work hard to make children smile on Christmas Eve.""

HughPickens.com writes: Jorge Lopez had always wanted an automatic cat litter box, and finally found one called the CatGenie, a fully automated self-washing litter box connected to water, electricity and the sewer that cleans itself with water and soap. "It's the Rolls Royce of cat litter boxes, a hefty device that scoops, cleans, and disposes of the waste all on it's own. It's completely automated, even senses when a cat poops and cleans up afterwards." But there's trouble in paradise. "Life with the CatGenie was great, but not quite perfect," writes Lopez, after discovering that CatGenie uses a smart cartridge that is only available from the manufacturer. "I found that the "Smart" in SmartCartridge is that it has an RFID chip inside of it to keep track of how much solution it has, and once it runs out, well, you can't refill. I honestly did not believe this and tore one of the cartridges apart, and there it was, looking back at me, a tiny chip holding up it's little metal finger." Fortunately there are some amazing people helping the CatGenie community who have released products like the custom firmware CatGenious and CartridgeGenius, which allows you to use whatever solution you want. "The cost savings is great, but isn't the biggest driver for me, it's mainly the principle that I don't own the device I paid for, and I'm really tired of having cat litter everything in my home."

HughPickens.com writes: Jorge Lopez had always wanted an automatic cat litter box, and finally found one called the CatGenie, a fully automated self-washing litter box connected to water, electricity and the sewer that cleans itself with water and soap. "It's the Rolls Royce of cat litter boxes, a hefty device that scoops, cleans, and disposes of the waste all on it's own. It's completely automated, even senses when a cat poops and cleans up afterwards." But there's trouble in paradise. "Life with the CatGenie was great, but not quite perfect," writes Lopez, after discovering that CatGenie uses a smart cartridge that is only available from the manufacturer. "I found that the "Smart" in SmartCartridge is that it has an RFID chip inside of it to keep track of how much solution it has, and once it runs out, well, you can't refill. I honestly did not believe this and tore one of the cartridges apart, and there it was, looking back at me, a tiny chip holding up it's little metal finger." Fortunately there are some amazing people helping the CatGenie community who have released products like the custom firmware CatGenious and CartridgeGenius, which allows you to use whatever solution you want. "The cost savings is great, but isn't the biggest driver for me, it's mainly the principle that I don't own the device I paid for, and I'm really tired of having cat litter everything in my home."

ErnieKey writes: A new Google+ feature for uploaded videos has been released that automatically enhances lighting, color, and stability. Soon, it'll also enhance speech in videos. "As more and more people now also take videos with their smartphones, it makes sense for Google to bring some of the technologies it has developed for photos (and YouTube) to these private videos, as well. Google has long offered a similar feature for YouTube users, so there is likely some overlap between the two systems here. While YouTube offers the option to 'auto-fix' videos, though, it doesn't automatically prompt its users to do this for them. YouTube also offers a number of manual tools for changing contrast, saturation and color temperature that Google+ doesn’t currently offer."

krakman writes: Researchers discovered security flaws in SS7 that allow listening to private phone calls and intercepting text messages on a potentially massive scale – even when cellular networks are using the most advanced encryption now available. The flaws, to be reported at a hacker conference in Hamburg this month, are actually functions built into SS7 for other purposes – such as keeping calls connected as users speed down highways, switching from cell tower to cell tower – that hackers can repurpose for surveillance because of the lax security on the network. It is thought that these flaws were used for bugging German Chancellor Angela's Merkel's phone.

Those skilled at the housekeeping functions built into SS7 can locate callers anywhere in the world, listen to calls as they happen or record hundreds of encrypted calls and texts at a time for later decryption (Google translation of German original). There is also potential to defraud users and cellular carriers by using SS7 functions, the researchers say. This is another result of security being considered only after the fact, as opposed to being part of the initial design.

An anonymous reader writes: Google's Chris DiBona told a London conference last week that ODF support was coming next year, but today the Google Drive team unexpectedly launched support for all three of the main variants — including long-absent Presentation files. You can now simply open ODT, ODS and ODP files in Drive with no fuss. It lacks support for comments and changes but at least it shows progress towards full support of the international document standard, something conspicuously missing for many years.

New submitter Admiral Jimbob McGif writes Even as a massive firestorm burns uncontrollably threatening to scorch the very foundations of the internet with AT&T indefinitely halting future GigaPower FTTH rollouts due to uncertainty over the future of net neutrality and the Obama administration proposing to regulate the internet under Title 2, highly suggestive jobs were recently added to Google Careers.

These Google Fiber related positions include: "City Manager", "Community Impact Manager" and "Plant Manager" in all potential Google Fiber cities. Perplexing inconsistences abound, such as Portland, Phoenix, San Jose and Atlanta positions being listed as local. Whereas San Antonio, Raleigh, Charlotte, and Nashville are listed as telecommute positions.

One is inclined to speculate as to what these job postings mean despite Google's disclaimer: "Not all cities where we're exploring hiring a team will necessarily become Google Fiber cities." Would Google post jobs as an act of posturing much like AT&T's supposed "Gigabit smoke screen" bluff? Or, should we expect to see these so called Fiber Huts springing up like so many mushrooms after a heavy rain in an additional 9 metro areas?

At the rate Google is going, is it too soon to speculate over Fiber Dojos popping up in Japan?

New submitter Admiral Jimbob McGif writes Even as a massive firestorm burns uncontrollably threatening to scorch the very foundations of the internet with AT&T indefinitely halting future GigaPower FTTH rollouts due to uncertainty over the future of net neutrality and the Obama administration proposing to regulate the internet under Title 2, highly suggestive jobs were recently added to Google Careers.

These Google Fiber related positions include: "City Manager", "Community Impact Manager" and "Plant Manager" in all potential Google Fiber cities. Perplexing inconsistences abound, such as Portland, Phoenix, San Jose and Atlanta positions being listed as local. Whereas San Antonio, Raleigh, Charlotte, and Nashville are listed as telecommute positions.

One is inclined to speculate as to what these job postings mean despite Google's disclaimer: "Not all cities where we're exploring hiring a team will necessarily become Google Fiber cities." Would Google post jobs as an act of posturing much like AT&T's supposed "Gigabit smoke screen" bluff? Or, should we expect to see these so called Fiber Huts springing up like so many mushrooms after a heavy rain in an additional 9 metro areas?

At the rate Google is going, is it too soon to speculate over Fiber Dojos popping up in Japan?

New submitter Admiral Jimbob McGif writes Even as a massive firestorm burns uncontrollably threatening to scorch the very foundations of the internet with AT&T indefinitely halting future GigaPower FTTH rollouts due to uncertainty over the future of net neutrality and the Obama administration proposing to regulate the internet under Title 2, highly suggestive jobs were recently added to Google Careers.

These Google Fiber related positions include: "City Manager", "Community Impact Manager" and "Plant Manager" in all potential Google Fiber cities. Perplexing inconsistences abound, such as Portland, Phoenix, San Jose and Atlanta positions being listed as local. Whereas San Antonio, Raleigh, Charlotte, and Nashville are listed as telecommute positions.

One is inclined to speculate as to what these job postings mean despite Google's disclaimer: "Not all cities where we're exploring hiring a team will necessarily become Google Fiber cities." Would Google post jobs as an act of posturing much like AT&T's supposed "Gigabit smoke screen" bluff? Or, should we expect to see these so called Fiber Huts springing up like so many mushrooms after a heavy rain in an additional 9 metro areas?

At the rate Google is going, is it too soon to speculate over Fiber Dojos popping up in Japan?

New submitter Admiral Jimbob McGif writes Even as a massive firestorm burns uncontrollably threatening to scorch the very foundations of the internet with AT&T indefinitely halting future GigaPower FTTH rollouts due to uncertainty over the future of net neutrality and the Obama administration proposing to regulate the internet under Title 2, highly suggestive jobs were recently added to Google Careers.

These Google Fiber related positions include: "City Manager", "Community Impact Manager" and "Plant Manager" in all potential Google Fiber cities. Perplexing inconsistences abound, such as Portland, Phoenix, San Jose and Atlanta positions being listed as local. Whereas San Antonio, Raleigh, Charlotte, and Nashville are listed as telecommute positions.

One is inclined to speculate as to what these job postings mean despite Google's disclaimer: "Not all cities where we're exploring hiring a team will necessarily become Google Fiber cities." Would Google post jobs as an act of posturing much like AT&T's supposed "Gigabit smoke screen" bluff? Or, should we expect to see these so called Fiber Huts springing up like so many mushrooms after a heavy rain in an additional 9 metro areas?

At the rate Google is going, is it too soon to speculate over Fiber Dojos popping up in Japan?

New submitter Admiral Jimbob McGif writes Even as a massive firestorm burns uncontrollably threatening to scorch the very foundations of the internet with AT&T indefinitely halting future GigaPower FTTH rollouts due to uncertainty over the future of net neutrality and the Obama administration proposing to regulate the internet under Title 2, highly suggestive jobs were recently added to Google Careers.

These Google Fiber related positions include: "City Manager", "Community Impact Manager" and "Plant Manager" in all potential Google Fiber cities. Perplexing inconsistences abound, such as Portland, Phoenix, San Jose and Atlanta positions being listed as local. Whereas San Antonio, Raleigh, Charlotte, and Nashville are listed as telecommute positions.

One is inclined to speculate as to what these job postings mean despite Google's disclaimer: "Not all cities where we're exploring hiring a team will necessarily become Google Fiber cities." Would Google post jobs as an act of posturing much like AT&T's supposed "Gigabit smoke screen" bluff? Or, should we expect to see these so called Fiber Huts springing up like so many mushrooms after a heavy rain in an additional 9 metro areas?

At the rate Google is going, is it too soon to speculate over Fiber Dojos popping up in Japan?

New submitter Admiral Jimbob McGif writes Even as a massive firestorm burns uncontrollably threatening to scorch the very foundations of the internet with AT&T indefinitely halting future GigaPower FTTH rollouts due to uncertainty over the future of net neutrality and the Obama administration proposing to regulate the internet under Title 2, highly suggestive jobs were recently added to Google Careers.

These Google Fiber related positions include: "City Manager", "Community Impact Manager" and "Plant Manager" in all potential Google Fiber cities. Perplexing inconsistences abound, such as Portland, Phoenix, San Jose and Atlanta positions being listed as local. Whereas San Antonio, Raleigh, Charlotte, and Nashville are listed as telecommute positions.

One is inclined to speculate as to what these job postings mean despite Google's disclaimer: "Not all cities where we're exploring hiring a team will necessarily become Google Fiber cities." Would Google post jobs as an act of posturing much like AT&T's supposed "Gigabit smoke screen" bluff? Or, should we expect to see these so called Fiber Huts springing up like so many mushrooms after a heavy rain in an additional 9 metro areas?

At the rate Google is going, is it too soon to speculate over Fiber Dojos popping up in Japan?

New submitter Admiral Jimbob McGif writes Even as a massive firestorm burns uncontrollably threatening to scorch the very foundations of the internet with AT&T indefinitely halting future GigaPower FTTH rollouts due to uncertainty over the future of net neutrality and the Obama administration proposing to regulate the internet under Title 2, highly suggestive jobs were recently added to Google Careers.

These Google Fiber related positions include: "City Manager", "Community Impact Manager" and "Plant Manager" in all potential Google Fiber cities. Perplexing inconsistences abound, such as Portland, Phoenix, San Jose and Atlanta positions being listed as local. Whereas San Antonio, Raleigh, Charlotte, and Nashville are listed as telecommute positions.

One is inclined to speculate as to what these job postings mean despite Google's disclaimer: "Not all cities where we're exploring hiring a team will necessarily become Google Fiber cities." Would Google post jobs as an act of posturing much like AT&T's supposed "Gigabit smoke screen" bluff? Or, should we expect to see these so called Fiber Huts springing up like so many mushrooms after a heavy rain in an additional 9 metro areas?

At the rate Google is going, is it too soon to speculate over Fiber Dojos popping up in Japan?

New submitter Admiral Jimbob McGif writes Even as a massive firestorm burns uncontrollably threatening to scorch the very foundations of the internet with AT&T indefinitely halting future GigaPower FTTH rollouts due to uncertainty over the future of net neutrality and the Obama administration proposing to regulate the internet under Title 2, highly suggestive jobs were recently added to Google Careers.

These Google Fiber related positions include: "City Manager", "Community Impact Manager" and "Plant Manager" in all potential Google Fiber cities. Perplexing inconsistences abound, such as Portland, Phoenix, San Jose and Atlanta positions being listed as local. Whereas San Antonio, Raleigh, Charlotte, and Nashville are listed as telecommute positions.

One is inclined to speculate as to what these job postings mean despite Google's disclaimer: "Not all cities where we're exploring hiring a team will necessarily become Google Fiber cities." Would Google post jobs as an act of posturing much like AT&T's supposed "Gigabit smoke screen" bluff? Or, should we expect to see these so called Fiber Huts springing up like so many mushrooms after a heavy rain in an additional 9 metro areas?

At the rate Google is going, is it too soon to speculate over Fiber Dojos popping up in Japan?

New submitter Admiral Jimbob McGif writes Even as a massive firestorm burns uncontrollably threatening to scorch the very foundations of the internet with AT&T indefinitely halting future GigaPower FTTH rollouts due to uncertainty over the future of net neutrality and the Obama administration proposing to regulate the internet under Title 2, highly suggestive jobs were recently added to Google Careers.

These Google Fiber related positions include: "City Manager", "Community Impact Manager" and "Plant Manager" in all potential Google Fiber cities. Perplexing inconsistences abound, such as Portland, Phoenix, San Jose and Atlanta positions being listed as local. Whereas San Antonio, Raleigh, Charlotte, and Nashville are listed as telecommute positions.

One is inclined to speculate as to what these job postings mean despite Google's disclaimer: "Not all cities where we're exploring hiring a team will necessarily become Google Fiber cities." Would Google post jobs as an act of posturing much like AT&T's supposed "Gigabit smoke screen" bluff? Or, should we expect to see these so called Fiber Huts springing up like so many mushrooms after a heavy rain in an additional 9 metro areas?

At the rate Google is going, is it too soon to speculate over Fiber Dojos popping up in Japan?

New submitter Admiral Jimbob McGif writes Even as a massive firestorm burns uncontrollably threatening to scorch the very foundations of the internet with AT&T indefinitely halting future GigaPower FTTH rollouts due to uncertainty over the future of net neutrality and the Obama administration proposing to regulate the internet under Title 2, highly suggestive jobs were recently added to Google Careers.

These Google Fiber related positions include: "City Manager", "Community Impact Manager" and "Plant Manager" in all potential Google Fiber cities. Perplexing inconsistences abound, such as Portland, Phoenix, San Jose and Atlanta positions being listed as local. Whereas San Antonio, Raleigh, Charlotte, and Nashville are listed as telecommute positions.

One is inclined to speculate as to what these job postings mean despite Google's disclaimer: "Not all cities where we're exploring hiring a team will necessarily become Google Fiber cities." Would Google post jobs as an act of posturing much like AT&T's supposed "Gigabit smoke screen" bluff? Or, should we expect to see these so called Fiber Huts springing up like so many mushrooms after a heavy rain in an additional 9 metro areas?

At the rate Google is going, is it too soon to speculate over Fiber Dojos popping up in Japan?

New submitter Admiral Jimbob McGif writes Even as a massive firestorm burns uncontrollably threatening to scorch the very foundations of the internet with AT&T indefinitely halting future GigaPower FTTH rollouts due to uncertainty over the future of net neutrality and the Obama administration proposing to regulate the internet under Title 2, highly suggestive jobs were recently added to Google Careers.

These Google Fiber related positions include: "City Manager", "Community Impact Manager" and "Plant Manager" in all potential Google Fiber cities. Perplexing inconsistences abound, such as Portland, Phoenix, San Jose and Atlanta positions being listed as local. Whereas San Antonio, Raleigh, Charlotte, and Nashville are listed as telecommute positions.

One is inclined to speculate as to what these job postings mean despite Google's disclaimer: "Not all cities where we're exploring hiring a team will necessarily become Google Fiber cities." Would Google post jobs as an act of posturing much like AT&T's supposed "Gigabit smoke screen" bluff? Or, should we expect to see these so called Fiber Huts springing up like so many mushrooms after a heavy rain in an additional 9 metro areas?

At the rate Google is going, is it too soon to speculate over Fiber Dojos popping up in Japan?

New submitter Admiral Jimbob McGif writes Even as a massive firestorm burns uncontrollably threatening to scorch the very foundations of the internet with AT&T indefinitely halting future GigaPower FTTH rollouts due to uncertainty over the future of net neutrality and the Obama administration proposing to regulate the internet under Title 2, highly suggestive jobs were recently added to Google Careers.

These Google Fiber related positions include: "City Manager", "Community Impact Manager" and "Plant Manager" in all potential Google Fiber cities. Perplexing inconsistences abound, such as Portland, Phoenix, San Jose and Atlanta positions being listed as local. Whereas San Antonio, Raleigh, Charlotte, and Nashville are listed as telecommute positions.

One is inclined to speculate as to what these job postings mean despite Google's disclaimer: "Not all cities where we're exploring hiring a team will necessarily become Google Fiber cities." Would Google post jobs as an act of posturing much like AT&T's supposed "Gigabit smoke screen" bluff? Or, should we expect to see these so called Fiber Huts springing up like so many mushrooms after a heavy rain in an additional 9 metro areas?

At the rate Google is going, is it too soon to speculate over Fiber Dojos popping up in Japan?

theodp writes To address the challenge of rapidly increasing CS enrollments and increasing diversity, reports the Computing Education Blog, Google in November put out an RFP to universities for its invite-only 3X in 3 Years: CS Capacity Award program, which aims "to support faculty in finding innovative ways to address the capacity problem in their CS courses." In the linked-to RFP document, Google suggests that "students that have some CS background" should not be allowed to attend in-person intro CS courses where they "may be more likely to create a non-welcoming environment," and recommends that they instead be relegated to online courses. According to a recent NSF press release, this recommendation would largely exclude Asian and White boys from classrooms, which seems to be consistent with a Google-CodeCademy award program that offers $1,000 bonuses to teachers who get 10 or more high school kids to take a JavaScript course, but only counts students from "groups traditionally underrepresented in computer science (girls, or boys who identify as African American, Latino, American Indian or Alaska Native)." The project suggested in the Google RFP — which could be worth $1.5 million over 3 years to a large CS department — seems to embrace-and-extend a practice implemented at Harvey Mudd College years ago under President Maria Klawe, which divided the intro CS offering into separate sections based upon prior programming experience to — as the NY Times put it — reduce the intimidation factor of young men, already seasoned programmers, who dominated the class. Google Director of Education and University Relations Maggie Johnson, whose name appears on the CS Capacity RFP, is also on the Board of Code.org (where Klawe is coincidentally an Advisory Board member), the K-12 learn-to-code nonprofit that has received $3+ million from Google and many millions more from other tech giants and their execs. Earlier this week, Code.org received the blessing of the White House and NSF to train 25,000 teachers to teach CS, stirring unease among some educators concerned about the growing influence of corporations in public schools.

theodp writes To address the challenge of rapidly increasing CS enrollments and increasing diversity, reports the Computing Education Blog, Google in November put out an RFP to universities for its invite-only 3X in 3 Years: CS Capacity Award program, which aims "to support faculty in finding innovative ways to address the capacity problem in their CS courses." In the linked-to RFP document, Google suggests that "students that have some CS background" should not be allowed to attend in-person intro CS courses where they "may be more likely to create a non-welcoming environment," and recommends that they instead be relegated to online courses. According to a recent NSF press release, this recommendation would largely exclude Asian and White boys from classrooms, which seems to be consistent with a Google-CodeCademy award program that offers $1,000 bonuses to teachers who get 10 or more high school kids to take a JavaScript course, but only counts students from "groups traditionally underrepresented in computer science (girls, or boys who identify as African American, Latino, American Indian or Alaska Native)." The project suggested in the Google RFP — which could be worth $1.5 million over 3 years to a large CS department — seems to embrace-and-extend a practice implemented at Harvey Mudd College years ago under President Maria Klawe, which divided the intro CS offering into separate sections based upon prior programming experience to — as the NY Times put it — reduce the intimidation factor of young men, already seasoned programmers, who dominated the class. Google Director of Education and University Relations Maggie Johnson, whose name appears on the CS Capacity RFP, is also on the Board of Code.org (where Klawe is coincidentally an Advisory Board member), the K-12 learn-to-code nonprofit that has received $3+ million from Google and many millions more from other tech giants and their execs. Earlier this week, Code.org received the blessing of the White House and NSF to train 25,000 teachers to teach CS, stirring unease among some educators concerned about the growing influence of corporations in public schools.

PC Magazine reports (citing a blog post from project manager Andrew Nartker) that Google's Cardboard -- first introduced to some laughter -- is growing up, with a small but growing collection of compatible apps and a recently announced SDK. And while Cardboard itself is pretty low-tech (cardboard, rubber band, a magnet) and consequently cheap, the resulting VR experience is pretty good, which explains why more than 500,000 of them have now shipped.

With the holidays coming up, Bennett Haselton has updated his geek-oriented gift guide for 2014. He says: Some of my favorite gifts to give are still the ones that were listed in several different previously written posts, while a few new cool gift ideas emerged in 2014. Here are all my current best recommendations, listed in one place. Read on for the list, or to share any suggestions of your own.

Most annual gift guides would only list new items. It would be considered a mortal sin of click-baiting to tell the reader, "Well, the coolest stuff we could tell you about, was stuff that we mentioned this time last year, so first and foremost we're just going to direct you to that."

Well, my job in writing a gift guide is not to dazzle people with "all new hottest gift item" recommendations, my job is to recommend the things that I think you would most enjoy giving and the recipient would most enjoy receiving, and the fact of the matter is that most of the gifts I would most highly recommend, were listed in different previously written articles. I'll provide that list in a second (with links back to the older articles describing them in more detail), but first some criteria for how I make the recommendations.

First, I'm assuming you want to go inexpensive. If you have unlimited cash, you don't need my help finding cool presents -- although for the record, the online store of New York's Museum of Modern Art has the best collection of things that incorporate "visual puns" that I really like, but which are usually overpriced for what the item does. (Check out this image of a set of nesting tables, for example -- which isn't even that much of a "neat idea", by their standards -- and try to guess how much they cost, before looking at the answer on the product page.) If you don't mind spending the money, they also sell a dandelion encased in acrylic ($375), a lamp in the shape of an open book ($190), a necklace of small rectangular mirrors creating an interesting 3D effect ($190), a porcelain vase that kind of looks like a crinkled paper bag ($120), a pair of candleholders that interlock without touching ($170), a serving tray that looks like the splash from a drop of water ($130), a clock that evokes an M.C. Escher "infinite staircase" optical illusion ($80), and a vase that exists in the shape of an outline ($65, which at this point sounds cheap). At the end of this gift guide I list some MoMA items that are somewhat more reasonably priced.

Second, I'm assuming you don't need help finding branded merchandise. I'm sure literally every combination of [Star Wars / LOTR / Game of Thrones / Star Trek / Hunger Games] and [coffee mug / beach towel / earrings / Christmas tree ornaments / shot glass / cufflinks] is available somewhere. It's not that these are bad gifts for the hardcore fan, it's that all you need to find them is to Google "Game of Thrones Christmas tree ornaments" and you'll find something. And occasionally you'll will find something in this "branded" category that jumps out as a pretty cool idea, like the TARDIS Tea Infuser or the Game of Thrones Dragonclaw Goblet or the light-up lightsaber chopsticks.

Third, I look mostly for novelty or decorative items that confound your senses or demonstrate some interesting scientific principle (or both), but that can still fit in to a semi-elegant environment without garishly calling attention to themselves. These color changing beads are kind of neat, but it would look weird having them lying around on top of a living room dresser along with a UV flashlight to demonstrate what they do. On the other hand, a Galileo thermometer can blend in pretty well the decorations on a mantlepiece.

The following are my current most-recommended gift ideas:

Custom Photomosaic

In this December 2013 post I described how to create a photomosaic (a patchwork of smaller pictures that, when viewed from a distance, take on the appearance of a larger picture) using two free (donation-supported) programs, one to download and save pictures en masse from a friend's Facebook profile, and the other to create the photomosaic using those photos. I still think they make amazing gifts, and the only cost is the cost of printing and framing it. You can even give the digital-only version as a gift that costs nothing at all, making a photomosaic from a friend's photos and sending it to them on the other side of the world, where they can print it themselves or use it as a desktop background. Everyone that I've given one of these to, has loved it.

Strandbeest kit

With this $35 kit, which I recommended as a Christmas gift last year, you can assemble a tabletop version of the legendary full-size Strandbeests, the eerily lifelike creatures created by Dutch artist Theo Jansen which walk across the beaches of Holland powered only by the wind. Assembly of the creature takes about 90 minutes, less if you make a family activity out of it and share the labor.

In the last year, a second model has been released, dubbed the "Rhinoceros Mini-Beest (technically, it was available a year ago, but the assembly instructions were only printed in Japanese; now it's available with English directions). I haven't assembled one of these myself yet, but it looks fine in the video.

There is also now a pre-assembled, motorized, remote-control version of the Strandbeest, although honestly, where's the fun in that? Part of the effect of the Strandbeest assembly kit is the feeling that you've breathed life into an inanimate object by putting it together from static parts. A remote-control toy that moves forwards and backwards on the ground is a little underwhelming when you can get an RC helicopter for the same price.

Levitron Revolution and Levitron Cherrywood

The Levitron Revolution ($70) consists of a circular magnetic disc that levitates about half an inch above an electrically powered square base, and can support up to a pound of weight on top of it while maintaining levitation. The Levitron Cherrywood ($35) consists of a top that has to be spun by hand, which levitates almost a full two inches above the cherrywood base containing an embedded magnet. As described in the first gift guide, the Levitron Cherrywood is more visually impressive because of the extra height of levitation, but the top almost always falls if you touch the top or move the base while the top is spinning. The Levitron Revolution only levitates the disc by half an inch, but you can embellish the appearance by placing other objects on top of it, like the pyrite crystal levitating in this video. (Also, the Levitron Revolution will continue levitating as long as power is supplied to it, making it a good decorative item; the Levitron Cherrywood has to be spun by hand and levitates for only about two minutes before air friction slows it down, so it works better as a toy or party activity.) Both of them take some practice to operate (the Levitron Cherrywood takes considerably more), but they're worth it.

Spare batteries for your friend's phone

I mentioned this in January 2013 as a life hack for smartphones and got pilloried for promoting what people called an "obvious" idea. But two years later, almost nobody that I know is carrying around fully charged extra batteries for their phones. It's easy, it works, and the spare batteries in my jacket pockets have gotten me out of a jam multiple times. If you know what type of phone your gift recipient uses, get them some extra batteries. (T-Mobile sent me extra batteries for my LG Optimus for free.)

The iPhone is the only phone I'm aware of that does not support this, because the battery is not meant to be removed or replaced by the user.

And yes, I know about the portable external battery products that can be used to charge a phone. These aren't as big or expensive as they used to be, but you still have to leave them plugged in to your phone while they're charging it, which is awkward if you're using your phone or carrying it in your pocket (compared to the 10 seconds it takes to swap out the battery).

Heat Wave car heater

This $40 device from Canadian company "Heat & Clean" sits on your dashboard and turns itself on at a pre-determined time, blowing hot air into the interior of the car for 20 minutes, all without starting the car. If all goes well, this means your car will be warm (or at least not as cold as it would have been) when you first get into it in the morning, and you don't have to wait several minutes for the air ventilation system to heat up. The Heat Wave is powered by the car's 12V charger, although Heat & Clean states that "has built-in circuitry to ensure that the health of the vehicle's battery is never compromised."

I can't vouch for the device's respect for your battery (the device unfortunately isn't sold on Amazon, which is usually where I go to find out if something does what it's supposed to), but I ordered one and verified that it works, then gave it to my aunt for her birthday. (If it kills her car, I will promptly make it up to her by taking it out of the gift guide.) Even though I tested the functionality, I didn't get the chance to see if the device actually helps much, because it's not cold enough yet here in Seattle to really feel the bite of the cold when you get into your car in the morning. (The other reason I personally won't get much benefit from this, is that I work from home and leave the house at a different time every day, so I never know in advance what time I'll be getting into my car the next morning.)

Most cars can be modified so they can be started remotely, so that they're warmed up by the time you go outside and get into them, but that modification usually costs a few hundred dollars. You might as well try the Heat Wave first to see if it does the job almost as well.

(To me, the obvious question is: Why not make a version of the Heat Wave that can be turned remotely, as well? For people like me who usually don't know the night before what time they'll be getting into their car the next day, but who often do know at least 20 minutes in advance, so they can turn it on remotely and start heating the car. The company does make a very different-looking product called the Heat Stick which can be activated remotely -- but at $300, that's more than it costs to add remote start to the actual car.)

It's Nuts 3D puzzle

Distributed by Grand Illusions in the UK, the It's Nuts 3D puzzle consists of a bolt and a pair of nuts threaded onto the bolt. As you can see in the video, when you rotate one nut, it moves in the direction that you'd expect, following the threading on the bolt -- but when you rotate the other nut the same way, it moves in the opposite direction. There are no hidden moving parts to make the illusion work, and you can unscrew both nuts right off of the bolt and examine them.

Having acquired one, I can say that the secret is a little bit easier to figure out when you're holding it in your hand and looking at it closely, than when you're watching the video. But it still makes a nice novelty conversation piece.

As a brain-tickler, this feels a bit overpriced at $40 - costing more than the aforementioned Levitron Cherrywood, which actually levitates. I bought It's Nuts mainly to fill out my collection off oddities since I already owned most of the other items in this list. Of course, unlike the Levitron, this takes no skill to operate (only a little bit of smarts to figure out the secret). I wouldn't foist the Levitron on my grandfather, but he would probably enjoy this one.

(Note that if you buy from the Grand Illusions website to ship to the United States, you'll pay the non-VAT rate -- but then you'll have to add about $14 in air mail shipping to the U.S. So you might want to combine this order with some other items from Grand Illusions -- search this article for "Grand Illusions" for the other recommended items, or browse their site and pick your own.)

Inverter Magnet

The Inverter Magnet, from Grand Illusions (also available from Amazon at a slightly higher price), consists of one disc magnet encased in rubber, which holds a second disc magnet in a permanent "force field" a few millimeters away when the two are slid across a table.

At $40, this might be more of a "collection filler-outer", since especially as a magnetic toy it compares unfavorably with the Levitron Cherrywood, which, to repeat, can actually fly. But again, the Inverter Magnet also takes no skill to operate.

Magna Nails

This nail polish (about $7 used on Amazon) forms a stripe pattern when you hold a magnet near your fingernail while the polish is trying. (There are many similar products on the market, searchable under "magnetic nail polish.") The appeal to young science geeks is that the iron filings in the nail polish align themselves along magnetic field lines in the vicinity of the magnet, forming the stripes.

I don't wear glittery nail polish (at least not as "Bennett Haselton"...), but I took one for the team to see if this works. It does. That's my thumb. (Apparently it looks better if you apply a "top coat" after the nail polish dries, but I didn't have any.) If you plan on testing it out before giving it as a gift, remember to pick up some nail polish remover to get it off.

A few things from MoMA that we can actually afford

• An appetizer serving dish complete with toothpick holder that looks like a porcupine ($28). This item probably has the highest price-to-cool-factor ratio of anything on this list, just barely within the limit of what I'd recommend, but it's elegant in addition to being funny, and the recipient would probably use it.
• A faux-wood cube clock ($38). This is interesting mostly for looking like a visual impossibility -- how can the digital numbers appear on the side of a block of wood, even fake wood? Unfortunately I think the photo is doctored, because this youtube video shows an undoctored shot of the cube clock, and you can easily see the un-illuminated LEDs on the side, which don't quite blend in with the wood. But it still makes for an elegant optical illusion.

Miscellaneous "Visual Puns"

• The ambiguous vase ($33) from Grand Illusions -- a real-life version of the Rubin vase optical illusion, where a vase suddenly takes on the appearance of two faces in profile.
• The glass water faucet ($50)
• The sliced grandfather clock ($36)
• Ulexite "television stones" ($10) - a rock that, when placed on a flat surface, will cause the markings on that surface to re-appear on the top face of the rock, due to the naturally occurring fiber optics in ulexite.

Of course, if you're now craving one of these items for yourself, order one and try it out before re-gifting, or set up an Amazon wish list in the last two weeks before Christmas. And remember to be good!

benrothke writes There are really two stories within Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door. The first is how Brian Krebs uncovered the Russian cybergangs that sent trillions of spam emails for years. As interesting and compelling as that part of the story is; the second storyline is much more surprising and fascinating. Brian Krebs is one of the premier cybersecurity journalists. From 1995 to 2009, he was a reporter for The Washington Post, where he covered Internet security, technology policy, cybercrime and privacy issues. When Krebs presented the Post with his story about the Russian spammers, rather than run with it, the Post lawyers got in the way and were terrified of being sued for libel by the Russians. Many of the stories Krebs ran took months to get approval and many were rejected. It was the extreme reticence by the Post to deal with the issue that ultimately led Krebs to leave the paper. Before Krebs wrote this interesting book and did his groundbreaking research, it was clear that there were bad guys abroad spamming American's with countless emails for pharmaceuticals which led to a global spam problem. Read below for the rest of Ben's review. Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door author Brian Krebs pages 256 publisher Sourcebooks rating 10/10 reviewer Ben Rothke ISBN 978-1402295614 summary Excellent expose on why cybercrime pays and what you can do about it Much of the story details the doings of two of the major Russian pharmacy spammer factions, Rx-Promotion and GlavMed. In uncovering the story, Krebs had the good fortune that there was significant animosity between Rx-Promotion and GlavMed, which lead to an internal employee leaking a huge amount of emails and documents. Krebs obtained this treasure trove which he used to get a deep look at every significant aspect of these spam organizations. Hackers loyal to the heads of Rx-Promotion and GlavMed leaked this information to law enforcement officials and Krebs in an attempt to sabotage each other.

Krebs writes that the databases offered an unvarnished look at the hidden but burgeoning demand for cheap prescription drugs; a demand that appears driven in large part by Americans seeking more affordable and discreetly available medications.

Like many, I had thought that much of the pharmaceutical spam it was simply an issue of clueless end-users clicking on spam and getting scammed. This is where the second storyline comes in. Krebs notes that the argument goes that if people simply stopped buying from sites advertised via the spam that floods our inboxes, the problem would for the most part go away. It's not that the spam is a technology issue; it's that the products fill an economic need and void.

Krebs shows that most people who buy from the spammers are not idiots, clueless or crazy. The majority of them are performing rational, if not potentially risky choices based on a number of legitimate motivations. Krebs lists 4 primary motivations as: price and affordability, confidentiality, convenience & recreation or dependence.

Most of the purchasers from the Russian spammers are based in the US, which has the highest prescription drug prices in the world. The price and affordability that the spammers offer is a tremendous lure to these US consumers, many of whom are uninsured or underinsured.

Krebs then addresses the obvious question that this begs: if the spammers are selling huge amounts of bogus pharmaceuticals to unsuspecting Americans, why doesn't the extremely powerful and well-to-do pharmaceutical industry do something about it. Krebs writes that the pharmaceutical industry is in fact keenly aware of the issue but scared to do anything about it. Should the reality be that the unauthorized pharmaceuticals are effective, then the pharmaceutical industry would be placed in a quandary. They have therefore decided to take a passive approach and do nothing.

The book quotes John Horton, founder and president of LegitScript, a verification and monitoring service for online pharmacies. Horton observed that only 1% of online pharmacies are legitimate. But worse than that, he believes that the single biggest reason neither the FDA nor the pharmaceutical industry has put much effort into testing, is that they are worried that such tests may show that the drugs being sold by many so-called rogue pharmacies are by and large chemically indistinguishable from those sold by approved pharmacies.

So while the Russian spammers may be annoying for many, they have found an economic incentive that is driving many people to become repeat customers.

As to the efficacy of these pharmaceuticals being shipped from India, Turkey and other countries, it would seem pretty straightforward to perform laboratory tests. Yet the university labs that could perform these tests have found their hands-tied. In order to test the pharmaceuticals, they would have to order them, which is likely an illegal act. Also, the vast amount of factories making these pharmaceuticals makes it difficult to get a consistent set of findings.

As to getting paid for the products, Krebs writes how the thing the spammers relied on most was the ability to process credit card payments. What they feared the most were chargebacks; which is when the merchant has to forcibly refund the customer. If the chargeback rate goes over a certain threshold, then the vendor is forced to pay higher fees to the credit card company or many find their merchant agreement cancelled. The spammers were therefore extremely receptive to customer complaints and would do anything to make a basic refund than a chargeback. This was yet another economic incentive that motivated the spammers.

As to the main storyline, the book does a great job of detailing how the spam operations worked and how powerful they became. The spammers became so powerful, that even with all the work firms like Blue Security Inc. did, and organizations such as Spamhaus tried to do, they were almost impossible to stop.

Krebs writes how spammers now have moved into new areas such as scareware and ransomware. The victims are told to pay the ransom by purchasing a prepaid debit card and then to send the attackers the card number to they can redeem it for cash.

The book concludes with Krebs's 3 Rules for Online Safety namely: if you didn't go looking for it, don't install it; if you installed it, update it and if you no longer need it, remove it.

The scammers and online attackers are inherent forces in the world of e-commerce and it's foolhardy to think any technology or regulation can make them go away. Spam Nation does a great job of telling an important aspect of the story, and what small things you can do to make a large difference, such that you won't fall victim to these scammers. At just under 250 pages, Spam Nation is a quick read and an important one at that.

Reviewed by Ben Rothke.

You can purchase Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to Your Front Door from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

HughPickens.com writes Frédéric Filloux reports at Monday Note that two groups of French publishers, the GESTE and the French Internet Advertising Bureau, are considering a lawsuit against AdBlockPlus creator Eyeo GmbH on grounds that it represents a major economic threat to their business. According to LesEchos.fr, EYEO, which publishes Adblock Plus, has developed a business model where they offer not to block publishers' advertisements for remuneration as long as the ads are judged non-intrusive (Google Translate, Original here). "Several criteria must be met as well: advertisements must be identified as such, be static and therefore not contain animation, no sound, and should not interfere with the content. A position that some media have likened to extortion."

According to Filloux the legal action misses the point. By downloading AdBlock Plus (ABP) on a massive scale, users are voting with their mice against the growing invasiveness of digital advertising. Therefore, suing Eyeo, the company that maintains ABP, is like using Aspirin to fight cancer. A different approach is required but very few seem ready to face that fact. "We must admit that Eyeo GmbH is filling a vacuum created by the incompetence and sloppiness of the advertising community's, namely creative agencies, media buyers and organizations that are supposed to coordinate the whole ecosystem," says Filloux. Even Google has begun to realize that the explosion of questionable advertising formats has become a problem and the proof is Google's recent Contributor program that proposes ad-free navigation in exchange for a fee ranging from $1 to $3 per month. "The growing rejection of advertising AdBlock Plus is built upon is indeed a threat to the ecosystem and it needs to be addressed decisively. For example, by bringing at the same table publishers and advertisers to meet and design ways to clean up the ad mess. But the entity and leaders who can do the job have yet to be found."

HughPickens.com writes Frédéric Filloux reports at Monday Note that two groups of French publishers, the GESTE and the French Internet Advertising Bureau, are considering a lawsuit against AdBlockPlus creator Eyeo GmbH on grounds that it represents a major economic threat to their business. According to LesEchos.fr, EYEO, which publishes Adblock Plus, has developed a business model where they offer not to block publishers' advertisements for remuneration as long as the ads are judged non-intrusive (Google Translate, Original here). "Several criteria must be met as well: advertisements must be identified as such, be static and therefore not contain animation, no sound, and should not interfere with the content. A position that some media have likened to extortion."

According to Filloux the legal action misses the point. By downloading AdBlock Plus (ABP) on a massive scale, users are voting with their mice against the growing invasiveness of digital advertising. Therefore, suing Eyeo, the company that maintains ABP, is like using Aspirin to fight cancer. A different approach is required but very few seem ready to face that fact. "We must admit that Eyeo GmbH is filling a vacuum created by the incompetence and sloppiness of the advertising community's, namely creative agencies, media buyers and organizations that are supposed to coordinate the whole ecosystem," says Filloux. Even Google has begun to realize that the explosion of questionable advertising formats has become a problem and the proof is Google's recent Contributor program that proposes ad-free navigation in exchange for a fee ranging from $1 to $3 per month. "The growing rejection of advertising AdBlock Plus is built upon is indeed a threat to the ecosystem and it needs to be addressed decisively. For example, by bringing at the same table publishers and advertisers to meet and design ways to clean up the ad mess. But the entity and leaders who can do the job have yet to be found."

First time accepted submitter neoritter writes "The Korean pop star PSY's viral music video "Gangnam Style" has reached the limit of YouTube's view counter. According to YouTube's Google+ account, "We never thought a video would be watched in numbers greater than a 32-bit integer (=2,147,483,647 views), but that was before we met PSY. 'Gangnam Style' has been viewed so many times we had to upgrade to a 64-bit integer (9,223,372,036,854,775,808)!"

An anonymous reader writes: Google has quietly updated its Android update policy for both Nexus and Google Play edition devices. In short, if you bought either type of smartphone or tablet from a carrier, you may experience delays that result in waiting longer than two weeks to get the latest version. Google has tweaked the "Android updates: Nexus & Google Play edition devices" support page to add, "Based on your carrier, it may take longer than two weeks after release to get an update." It's worth emphasizing this won't stop you from downloading a given Android update directly from Google or your device's manufacturer, and installing it yourself on your device. This is mainly for over-the-air updates, which carriers can choose to delay on their own networks.

New submitter lx76 writes: The International Telecommunications Union does research on telecommunications in society worldwide, from cellphones to internet use. Since 2009, on a yearly basis, they've released their research findings in a report called the Measuring Information Society Report. This year's report is over 200 pages long, illustrated with abundant graphs and tables (PDF). It's not a light read. But one of the interesting numbers is an index showing the divide in global connectivity. From the report: "Over the past year, the world witnessed continued growth in the uptake of ICT [Information and Communication Technology] and, by end 2014, almost 3 billion people will be using the Internet, up from 2.7 billion at end 2013..... Despite this encouraging progress, there are important digital divides that need to be addressed: 4.3 billion people are still not online, and 90 per cent of them live in the developing world."

The report continues, "As this report finds, ICT performance is better in countries with higher shares of the population living in urban areas, where access to ICT infrastructure, usage and skills is more favorable. Yet it is precisely in poor and rural areas where ICTs can make a particularly significant impact." Projects like Google's Project Loon have their work cut out for them."

benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review. Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications author Ivan Ristic pages 530 publisher Feisty Duck rating 10/10 reviewer Ben Rothke ISBN 978-1907117046 summary Tremendous guide on how to correctly deploy TLS by one of the top experts in the field Ristic is the author of the SSL Labs web site; a site dedicated to everything SSL, including extensive documents and tools.

One would think that it's impossible to write an interesting book about a security protocol. But for those who use SSL or just want to understand what it's all about, the book is not only quite practical, but a very interesting read.

The book provides a good balance of overview, protocol details, summary of vulnerabilities and weaknesses, and a large chunk of practical deployment guidance.

The first three chapters provide an excellent overview to SSL, TLS, PKI and cryptography. While chapter 2 may be a bit dry, the introduction is thorough and comprehensive.

Chapter 4 is particularly interesting in that the author notes that while the cryptography behind SSL and PKI is fundamentally secure, there is an inherent flaw in how PKI operates, in that any CA (certificate authority) is able to issue a certificate for any name without have to seek approval from the domain name owner. This trust dependency creates numerous attack vectors that can be exploited.

The chapter details a number of significant incidents that arose from this flaw, from the 2001 code signing certificate mistake; where Verisign mistakenly issued Class 3 code signing certificates to someone claiming to be a Microsoft employee, to the Flame malware, which was signed with a bogus certificate that was seemingly signed by Microsoft, to a number of other issues.

In chapter 5, the book details a number of HTTP and browser issues, and related TLS threats. Attacks such as sidejacking, cookie stealing, cookie manipulation and more are detailed.

The author wisely notes that cookies suffer from two main problems: that they were poorly designed to being with, allowing behavior that encourages security weaknesses, and that they are not in sync with the main security mechanisms browsers use today, namely same-origin policy (SOP).

The chapter also details a significant TLS weakness in that that certificate warnings generated often leaves the clueless user to make the correct decision on how to proceed.

Ristic writes that if you receive an alert about an invalid TLS certificate, the right thing to do is immediately abandon the connection attempt. But the browser won't do that. Browser vendors decided not to enforce TLS connection security; rather they push the problem down to the user in the form of a certificate warning.

The problem is that when a user gets a certificate warning error, they simply don't know what to do to determine how big of an issue it really is, and will invariably choose to override the warning, and proceed to the website.

The challenge the user face is that these certificate warning errors are pervasive. In 2010, Ristic scanned about 119 million domain names (.com, .net and .org) searching for TLS enables sites. He found that over 22 million or 19% of the sites hosted in roughly 2 million IP addresses. But only about 720,000 had certificates whose names matches the intended hostname.

The chapter also details that the biggest problem with security indicators, similar to the certificate warnings, is that most users don't pay attention to them and possible don't even notice them.

As valuable as the first half of the book is, its significance really comes alive starting in chapter 8 on deployment issues. The level of security TLS offers only works when it is deployed correctly, and the book details how to do that. Given that OpenSSL, which is the most widely used SSL/TLS library, is notorious for being poorly documented and difficult to use, the deployment challenges are a significant endeavor.

Another issue with TLS, is that it can create performance issues and chapter 9 provides a lot of insight on performance optimization. The author quotes research from Google that SSL/TLS on their email systems account for less than 1% of the CPU load, less than 10kb of memory per connection, and less than 2% of the network overheard. The author writes that his goal is to enable the reader to get as close as possible to Google's performance numbers.

SSL/TLS has a reputation for being slow, but that is more a remnant of years ago when CPU's were much slower. With better CPU's and the optimization techniques the book shows, there is no reason not to use TLS.

For those that want an initial look, the table of contents, preface, and chapter 1 are available here. Once you get a taste of what this book has to offer, you will want to read the entire book.

As noted earlier, OpenSSL is poorly documented. In Bulletproof SSL and TLS, Ivan Ristic has done the opposite: he has written the most readable and insightful book about SSL/TLS to date. TLS is not so difficult to deploy, but incredibly easy to deploy incorrectly. Anyone who is serious about ensuring that their SSL/TLS deployment is effective should certainly read this book.

Reviewed by Ben Rothke.

You can purchase Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review. Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications author Ivan Ristic pages 530 publisher Feisty Duck rating 10/10 reviewer Ben Rothke ISBN 978-1907117046 summary Tremendous guide on how to correctly deploy TLS by one of the top experts in the field Ristic is the author of the SSL Labs web site; a site dedicated to everything SSL, including extensive documents and tools.

One would think that it's impossible to write an interesting book about a security protocol. But for those who use SSL or just want to understand what it's all about, the book is not only quite practical, but a very interesting read.

The book provides a good balance of overview, protocol details, summary of vulnerabilities and weaknesses, and a large chunk of practical deployment guidance.

The first three chapters provide an excellent overview to SSL, TLS, PKI and cryptography. While chapter 2 may be a bit dry, the introduction is thorough and comprehensive.

Chapter 4 is particularly interesting in that the author notes that while the cryptography behind SSL and PKI is fundamentally secure, there is an inherent flaw in how PKI operates, in that any CA (certificate authority) is able to issue a certificate for any name without have to seek approval from the domain name owner. This trust dependency creates numerous attack vectors that can be exploited.

The chapter details a number of significant incidents that arose from this flaw, from the 2001 code signing certificate mistake; where Verisign mistakenly issued Class 3 code signing certificates to someone claiming to be a Microsoft employee, to the Flame malware, which was signed with a bogus certificate that was seemingly signed by Microsoft, to a number of other issues.

In chapter 5, the book details a number of HTTP and browser issues, and related TLS threats. Attacks such as sidejacking, cookie stealing, cookie manipulation and more are detailed.

The author wisely notes that cookies suffer from two main problems: that they were poorly designed to being with, allowing behavior that encourages security weaknesses, and that they are not in sync with the main security mechanisms browsers use today, namely same-origin policy (SOP).

The chapter also details a significant TLS weakness in that that certificate warnings generated often leaves the clueless user to make the correct decision on how to proceed.

Ristic writes that if you receive an alert about an invalid TLS certificate, the right thing to do is immediately abandon the connection attempt. But the browser won't do that. Browser vendors decided not to enforce TLS connection security; rather they push the problem down to the user in the form of a certificate warning.

The problem is that when a user gets a certificate warning error, they simply don't know what to do to determine how big of an issue it really is, and will invariably choose to override the warning, and proceed to the website.

The challenge the user face is that these certificate warning errors are pervasive. In 2010, Ristic scanned about 119 million domain names (.com, .net and .org) searching for TLS enables sites. He found that over 22 million or 19% of the sites hosted in roughly 2 million IP addresses. But only about 720,000 had certificates whose names matches the intended hostname.

The chapter also details that the biggest problem with security indicators, similar to the certificate warnings, is that most users don't pay attention to them and possible don't even notice them.

As valuable as the first half of the book is, its significance really comes alive starting in chapter 8 on deployment issues. The level of security TLS offers only works when it is deployed correctly, and the book details how to do that. Given that OpenSSL, which is the most widely used SSL/TLS library, is notorious for being poorly documented and difficult to use, the deployment challenges are a significant endeavor.

Another issue with TLS, is that it can create performance issues and chapter 9 provides a lot of insight on performance optimization. The author quotes research from Google that SSL/TLS on their email systems account for less than 1% of the CPU load, less than 10kb of memory per connection, and less than 2% of the network overheard. The author writes that his goal is to enable the reader to get as close as possible to Google's performance numbers.

SSL/TLS has a reputation for being slow, but that is more a remnant of years ago when CPU's were much slower. With better CPU's and the optimization techniques the book shows, there is no reason not to use TLS.

For those that want an initial look, the table of contents, preface, and chapter 1 are available here. Once you get a taste of what this book has to offer, you will want to read the entire book.

As noted earlier, OpenSSL is poorly documented. In Bulletproof SSL and TLS, Ivan Ristic has done the opposite: he has written the most readable and insightful book about SSL/TLS to date. TLS is not so difficult to deploy, but incredibly easy to deploy incorrectly. Anyone who is serious about ensuring that their SSL/TLS deployment is effective should certainly read this book.

Reviewed by Ben Rothke.

You can purchase Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

benrothke writes If SSL is the emperor's new clothes, then Ivan Ristic in Bulletproof SSL and TLS has shown that perhaps the emperor isn't wearing anything at all. There is a perception that if a web site is SSL secured, then it's indeed secure. Read a few pages in this important book, and the SSL = security myth is dispelled. For the first 8 of the 16 chapters, Ristic, one of the greatest practical SSL./TLS experts around, spends 230 pages showing countless weaknesses, vulnerabilities, attacks and other SSL weaknesses. He then spends the next 8 chapters showing how SSL can, if done correctly, be deployed to provide adequate security. Keep reading for the rest of Ben's review. Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications author Ivan Ristic pages 530 publisher Feisty Duck rating 10/10 reviewer Ben Rothke ISBN 978-1907117046 summary Tremendous guide on how to correctly deploy TLS by one of the top experts in the field Ristic is the author of the SSL Labs web site; a site dedicated to everything SSL, including extensive documents and tools.

One would think that it's impossible to write an interesting book about a security protocol. But for those who use SSL or just want to understand what it's all about, the book is not only quite practical, but a very interesting read.

The book provides a good balance of overview, protocol details, summary of vulnerabilities and weaknesses, and a large chunk of practical deployment guidance.

The first three chapters provide an excellent overview to SSL, TLS, PKI and cryptography. While chapter 2 may be a bit dry, the introduction is thorough and comprehensive.

Chapter 4 is particularly interesting in that the author notes that while the cryptography behind SSL and PKI is fundamentally secure, there is an inherent flaw in how PKI operates, in that any CA (certificate authority) is able to issue a certificate for any name without have to seek approval from the domain name owner. This trust dependency creates numerous attack vectors that can be exploited.

The chapter details a number of significant incidents that arose from this flaw, from the 2001 code signing certificate mistake; where Verisign mistakenly issued Class 3 code signing certificates to someone claiming to be a Microsoft employee, to the Flame malware, which was signed with a bogus certificate that was seemingly signed by Microsoft, to a number of other issues.

In chapter 5, the book details a number of HTTP and browser issues, and related TLS threats. Attacks such as sidejacking, cookie stealing, cookie manipulation and more are detailed.

The author wisely notes that cookies suffer from two main problems: that they were poorly designed to being with, allowing behavior that encourages security weaknesses, and that they are not in sync with the main security mechanisms browsers use today, namely same-origin policy (SOP).

The chapter also details a significant TLS weakness in that that certificate warnings generated often leaves the clueless user to make the correct decision on how to proceed.

Ristic writes that if you receive an alert about an invalid TLS certificate, the right thing to do is immediately abandon the connection attempt. But the browser won't do that. Browser vendors decided not to enforce TLS connection security; rather they push the problem down to the user in the form of a certificate warning.

The problem is that when a user gets a certificate warning error, they simply don't know what to do to determine how big of an issue it really is, and will invariably choose to override the warning, and proceed to the website.

The challenge the user face is that these certificate warning errors are pervasive. In 2010, Ristic scanned about 119 million domain names (.com, .net and .org) searching for TLS enables sites. He found that over 22 million or 19% of the sites hosted in roughly 2 million IP addresses. But only about 720,000 had certificates whose names matches the intended hostname.

The chapter also details that the biggest problem with security indicators, similar to the certificate warnings, is that most users don't pay attention to them and possible don't even notice them.

As valuable as the first half of the book is, its significance really comes alive starting in chapter 8 on deployment issues. The level of security TLS offers only works when it is deployed correctly, and the book details how to do that. Given that OpenSSL, which is the most widely used SSL/TLS library, is notorious for being poorly documented and difficult to use, the deployment challenges are a significant endeavor.

Another issue with TLS, is that it can create performance issues and chapter 9 provides a lot of insight on performance optimization. The author quotes research from Google that SSL/TLS on their email systems account for less than 1% of the CPU load, less than 10kb of memory per connection, and less than 2% of the network overheard. The author writes that his goal is to enable the reader to get as close as possible to Google's performance numbers.

SSL/TLS has a reputation for being slow, but that is more a remnant of years ago when CPU's were much slower. With better CPU's and the optimization techniques the book shows, there is no reason not to use TLS.

For those that want an initial look, the table of contents, preface, and chapter 1 are available here. Once you get a taste of what this book has to offer, you will want to read the entire book.

As noted earlier, OpenSSL is poorly documented. In Bulletproof SSL and TLS, Ivan Ristic has done the opposite: he has written the most readable and insightful book about SSL/TLS to date. TLS is not so difficult to deploy, but incredibly easy to deploy incorrectly. Anyone who is serious about ensuring that their SSL/TLS deployment is effective should certainly read this book.

Reviewed by Ben Rothke.

You can purchase Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

An anonymous reader writes Google [Thursday] shared an update from Project Loon, the company's initiative to bring high-speed Internet access to remote areas of the world via hot air balloons. Google says it now has the ability to launch up to 20 of these balloons per day. This is in part possible because the company has improved its autofill equipment to a point where it can fill a balloon in under five minutes. This is a major achievement, given that Google says filling a Project Loon balloon with enough air so that it is ready for flight is the equivalent of inflating 7,000 party balloons.

An anonymous reader writes: Everyone understands by now that ads fund most of the sites on the web. Other sites have put up paywalls or started subscription bonuses, with varying success. Google, one of the web's biggest ad providers, saw a problem with that: it's a huge pain for readers to manage subscriptions for all the sites they visit — often more trouble than it's worth. And, since so few people sign up, the subscription fees have to be pretty high. Now, Google has launched a service called Contributor to try to fix this situation.

The way Contributor works is this: websites and readers can opt in to the service (and sites like Imgur, The Onion, and ScienceDaily already have). Readers then pay a fee of $1-3 per month (they get to choose how much) to gain ad-free access to all participating sites. When the user visits one of the sites, instead of showing a Google ad, Google will just send a small chunk of that subscription money to the website instead.

rossgneumann writes Life gets pretty chill after creating 'Tetris' and escaping the KGB. A quick web search for "Alexey Pajitnov" brings up pages of articles and interviews that fixate only on his seminal creation—a work that remains, far and away, the best selling video game of all time. But clearly, there's more to the man than just Tetris. Meeting Pajitnov himself led me to wonder about, well, everything else. What was the Tetris-less life of Alexey Pajitnov?

Yesterday we ran video #1 of 2 about the Critical Materials Institute (CMI) at the Iowa State Ames Laboratory in Ames, Iowa. They have partners from other national laboratories, universities, and industry, too. Obviously there is more than enough information on this subject that Dr. King can easily fill two 15-minute videos, not to mention so many Google links that instead of trying to list all of them, we're giving you one link to Google using the search term "rare earths." Yes, we know Rare Earth would be a great name for a rock band. But the mineral rare earths are important in the manufacture of items ranging from strong magnets to touch screens and rechargeable batteries, so please watch the video(s) or at least read the transcript(s). (Alternate Video Link)

HughPickens.com writes Scientific American reports that simply breathing on money could soon reveal if it's the real deal or counterfeit thanks to a photonic crystal ink developed by Ling Bai and Zhongze Gu and colleagues at Southeast University in Nanjing, China that can produce unique color changing patterns on surfaces with an inkjet printer system which would be extremely hard for fraudsters to reproduce. The ink mimics the way Tmesisternus isabellae – a species of longhorn beetle – reversibly switches its color from gold to red according to the humidity in its environment. The color shift is caused by the adsorption of water vapor in their hardened front wings, which alters the thickness and average refractive index of their multilayered scales. To emulate this, the team made their photonic crystal ink using mesoporous silica nanoparticles, which have a large surface area and strong vapor adsorption capabilities that can be precisely controlled. The complicated and reversible multicolor shifts of mesoporous CPC patterns are favorable for immediate recognition by naked eyes but hard to copy. "We think the ink's multiple security features may be useful for antifraud applications," says Bai, "however we think the technology could be more useful for fabricating multiple functional sensor arrays, which we are now working towards."

CMI in this context is the Critical Materials Institute at the Iowa State Ames Laboratory in Ames, Iowa. They have partners from other national laboratories, universities, and industry, too. Rare earths, while not necessarily as rare as the word "rare" implies, are hard to mine, separate, and use. They are often found in parts per million quantities, so it takes supercomputers to suss out which deposits are worth going after. This is what Dr. King and his coworkers spend their time doing; finding concentrations of rare earths that can be mined and refined profitably.

On November 3 we asked you for questions to put to Dr. King. Timothy incorporated some of those questions into the conversation in this video -- and tomorrow's video too, since we broke this into two parts because, while the subject matter may be fascinating, we are supposed to hold video lengths down to around 10 minutes, and in this case we still ended up with two videos close to 15 minutes each. And this stuff is important enough that instead of lining up a list of links, we are giving you one link to Google using the search term "rare earths." Yes, we know Rare Earth would be a great name for a rock band. But the mineral rare earths are important in the manufacture of items from strong magnets to touch screens and rechargeable batteries. (Alternate Video Link)

An anonymous reader points out that Google plans to shut down Google Wallet API for third-party digital purchases. "Google has quietly revealed it plans to retire the Google Wallet API for digital goods on March 2, 2015. The company plans to continue supporting the sale of apps on Google Play as well as in-app payments, but users will not be able to purchase any virtual items offered on the Web through Google Wallet. We say "quietly" because there is no official announcement from Google. Furthermore, Google says it has no plans to proactively communicate the change to Google Wallet users; buyers will simply get 404 errors when trying to check out after support is pulled."

itwbennett writes: Germany's foreign intelligence agency reportedly wants to spend €300 million (about $375 million) in the next five years on technology that would let it spy in real time on social networks outside of Germany, and decrypt and monitor encrypted Internet traffic. The agency, which already spent €6.22 million in preparation for this online surveillance push, also wants to use the money to set up an early warning system for cyber attacks, the report said (Google translation of German original). A prototype is expected to be launched next June with the aim of monitoring publicly available data on Twitter and blogs.

benrothke writes A word to describe the book Takedown: The Pursuit and Capture of Americas Most Wanted Computer Outlaw was hyperbole. While the general storyline from the 1996 book was accurate, filler was written that created the legend of Kevin Mitnick. This in turn makes the book a near work of historical fiction. Much has changed in nearly 20 years and Countdown to Zero Day: Stuxnet and the Launch of the Worlds First Digital Weapon has certainly upped the ante for accurate computer security journalism. The book is a fascinating read and author Kim Zetters attention to detail and accuracy is superb. In the inside cover of the book, Kevin Mitnick describes this as an ambitious, comprehensive and engrossing book. The irony is not lost in that Mitnick was dogged by misrepresentations in Markoff's book. Keep reading for the rest of Ben's review. Countdown to Zero Day: Stuxnet and the Launch of the Worlds First Digital Weapon author Author: Kim Zetter pages 448 publisher Crown rating 10/10 reviewer Ben Rothke ISBN 978-0770436179 summary Outstanding narrative about Stuxnet and how it was developed, quarantined and debugged For those that want to know the basics about Stuxnet, its Wikipedia entry will suffice. The book take a detailed look at how the Stuxnet worm of 2010 came to be, how it was written, discovered and deciphered, and what it means for the future and provides nearly everything known to date about Stuxnet.

The need to create Stuxnet was the understanding that a nuclear Iran was dangerous to the world. The book notes that it just wasn't the US and Israel that wanted a nuclear free Iran; Egypt and Saudi Arabia were highly concerned about the dangers a nuclear Iran would bring to the region.

What is eminently clear is that Iran chronically lied about their nuclear intentions and actions (chapter 17 notes that former United Kingdom Prime Minister Gordon Brown told the international community that they had to do something over Iran's serial deception of many years) and that the United Nations International Atomic Energy Agency (IAEA) is powerless to do anything, save for monitoring and writing reports.

Just last week, President Obama said a big gap remains in international nuclear negotiations with Iran and he questioned whether talks would succeed. He further said "are we going to be able to close this final gap so that (Iran) can reenter the international community, sanctions can be slowly reduced and we have verifiable, lock tight assurances that they cant develop a nuclear weapon, there's still a big gap. We may not be able to get there". It's that backdrop to which Stuxnet was written.

While some may debate if Stuxnet was indeed the worlds first digital weapon, it's undeniable that it is the first piece of known malware that could be considered a cyber-weapon. Stuxnet was unlike any other previous malware. Rather than just hijacking targeted computers or stealing information from them, it created physical destruction on centrifuges the software controlled.

At just over 400 pages, the book is a bit wordy at times, but Zetter does a wonderful job of keeping the book extremely readable and the narrative enthralling. Writing about debugging virus code, Siemens industrial programmable logic controllers (PLC) and Step7 software (which was what Stuxnet was attacking) could easily be mind-numbingly boring, save for Zetter's ability to make it a compelling read.

While a good part of the book details the research Symantec, Kaspersky Lab and others did to debug Stuxnet, the book doesn't have any software code, which makes it readable for the non-programmer. The book is technical and Zetter gets into the elementary details of how Stuxnet operated; from reverse engineering, digital certificates and certificate authorities, cryptographic hashing and much more. The non-technical reader certainly won't be overwhelmed, but at the same time might not be able to appreciate what went into designing and making Stuxnet work.

As noted earlier, the book is extremely well researched and all significant claims are referenced. The book is heavily footnoted, which makes the book much more readable than the use of endnotes. Aside from the minor error of mistakenly calling Kurt Gödel a cryptographer on page 295, he was a logician; Zetter's painstaking attention to detail is to be commended.

Whoever wrote Stuxnet counted on the Iranians not having the skills to uncover or decipher the malicious attacks on their own. But as Zetter writes, they also didn't anticipate the crowdsourced wisdom of the hive — courtesy of the global cybersecurity community that would handle the detection and analysis for them. That detection and analysis spanned continents and numerous countries.

The book concludes with chapter 19 — Digital Pandora — which departs from the details of Stuxnet and gets into the bigger picture of what cyber-warfare means and its intended and unintended consequences. There are no simple answers here and the stakes are huge.

The chapter quotes Marcus Ranum who is outspoken on the topic of cyber-warfare. At the 2014 MISTI Infosec World Conference, Ranum gave a talk on Cyberwar: Putting Civilian Infrastructure on the Front Lines, Again. Be it the topic or Marcus just being Marcus, a third of the participants left within the first 15 minutes. But they should have stayed, as Ranum, agree with him or not, provided some riveting insights on the topic.

The book leaves two unresolved questions; who did it, and how did it get into the Nantanz enrichment facility. It is thought the US with some assistance from Israel created Stuxnet; but Zetter also writes that Germany and Great Britain may have done the work or at least provided assistance.

It's also unknown how Stuxnet got into the air-gapped facility. It was designed to spread via an infected USB flash drive. It's thought that since they couldn't get into the facility, what needed to be done was to infect computers belonging to a few outside firms that sold devices that would in turn be connected to the facility. The book identified a few of these companies, but it's still unclear if they were the ones, or the perpetrators somehow had someone on the inside.

As to zero day in the title, what was unique about Stuxnet is that it contained 5 zero day exploits. Zero day is also relevant in that Zetter describes the black and gray markets of firms that discover zero-day vulnerabilities who in turn sell them to law enforcement and intelligence agencies.

Creating Stuxnet was a huge challenge that took scores of programmers from a nation state many months to create. Writing a highly readable and engrossing book about the obscure software vulnerabilities that it exploited was also a challenge, albeit one that few authors could do efficaciously. In Countdown to Zero Day: Stuxnet and the Launch of the Worlds First Digital Weapon, Kim Zetter has written one of the best computer security narratives; a book you will likely find quite hard to put down.

Reviewed by Ben Rothke.

You can purchase Countdown to Zero Day: Stuxnet and the Launch of the Worlds First Digital Weapon from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

benrothke writes A word to describe the book Takedown: The Pursuit and Capture of Americas Most Wanted Computer Outlaw was hyperbole. While the general storyline from the 1996 book was accurate, filler was written that created the legend of Kevin Mitnick. This in turn makes the book a near work of historical fiction. Much has changed in nearly 20 years and Countdown to Zero Day: Stuxnet and the Launch of the Worlds First Digital Weapon has certainly upped the ante for accurate computer security journalism. The book is a fascinating read and author Kim Zetters attention to detail and accuracy is superb. In the inside cover of the book, Kevin Mitnick describes this as an ambitious, comprehensive and engrossing book. The irony is not lost in that Mitnick was dogged by misrepresentations in Markoff's book. Keep reading for the rest of Ben's review. Countdown to Zero Day: Stuxnet and the Launch of the Worlds First Digital Weapon author Author: Kim Zetter pages 448 publisher Crown rating 10/10 reviewer Ben Rothke ISBN 978-0770436179 summary Outstanding narrative about Stuxnet and how it was developed, quarantined and debugged For those that want to know the basics about Stuxnet, its Wikipedia entry will suffice. The book take a detailed look at how the Stuxnet worm of 2010 came to be, how it was written, discovered and deciphered, and what it means for the future and provides nearly everything known to date about Stuxnet.

The need to create Stuxnet was the understanding that a nuclear Iran was dangerous to the world. The book notes that it just wasn't the US and Israel that wanted a nuclear free Iran; Egypt and Saudi Arabia were highly concerned about the dangers a nuclear Iran would bring to the region.

What is eminently clear is that Iran chronically lied about their nuclear intentions and actions (chapter 17 notes that former United Kingdom Prime Minister Gordon Brown told the international community that they had to do something over Iran's serial deception of many years) and that the United Nations International Atomic Energy Agency (IAEA) is powerless to do anything, save for monitoring and writing reports.

Just last week, President Obama said a big gap remains in international nuclear negotiations with Iran and he questioned whether talks would succeed. He further said "are we going to be able to close this final gap so that (Iran) can reenter the international community, sanctions can be slowly reduced and we have verifiable, lock tight assurances that they cant develop a nuclear weapon, there's still a big gap. We may not be able to get there". It's that backdrop to which Stuxnet was written.

While some may debate if Stuxnet was indeed the worlds first digital weapon, it's undeniable that it is the first piece of known malware that could be considered a cyber-weapon. Stuxnet was unlike any other previous malware. Rather than just hijacking targeted computers or stealing information from them, it created physical destruction on centrifuges the software controlled.

At just over 400 pages, the book is a bit wordy at times, but Zetter does a wonderful job of keeping the book extremely readable and the narrative enthralling. Writing about debugging virus code, Siemens industrial programmable logic controllers (PLC) and Step7 software (which was what Stuxnet was attacking) could easily be mind-numbingly boring, save for Zetter's ability to make it a compelling read.

While a good part of the book details the research Symantec, Kaspersky Lab and others did to debug Stuxnet, the book doesn't have any software code, which makes it readable for the non-programmer. The book is technical and Zetter gets into the elementary details of how Stuxnet operated; from reverse engineering, digital certificates and certificate authorities, cryptographic hashing and much more. The non-technical reader certainly won't be overwhelmed, but at the same time might not be able to appreciate what went into designing and making Stuxnet work.

As noted earlier, the book is extremely well researched and all significant claims are referenced. The book is heavily footnoted, which makes the book much more readable than the use of endnotes. Aside from the minor error of mistakenly calling Kurt Gödel a cryptographer on page 295, he was a logician; Zetter's painstaking attention to detail is to be commended.

Whoever wrote Stuxnet counted on the Iranians not having the skills to uncover or decipher the malicious attacks on their own. But as Zetter writes, they also didn't anticipate the crowdsourced wisdom of the hive — courtesy of the global cybersecurity community that would handle the detection and analysis for them. That detection and analysis spanned continents and numerous countries.

The book concludes with chapter 19 — Digital Pandora — which departs from the details of Stuxnet and gets into the bigger picture of what cyber-warfare means and its intended and unintended consequences. There are no simple answers here and the stakes are huge.

The chapter quotes Marcus Ranum who is outspoken on the topic of cyber-warfare. At the 2014 MISTI Infosec World Conference, Ranum gave a talk on Cyberwar: Putting Civilian Infrastructure on the Front Lines, Again. Be it the topic or Marcus just being Marcus, a third of the participants left within the first 15 minutes. But they should have stayed, as Ranum, agree with him or not, provided some riveting insights on the topic.

The book leaves two unresolved questions; who did it, and how did it get into the Nantanz enrichment facility. It is thought the US with some assistance from Israel created Stuxnet; but Zetter also writes that Germany and Great Britain may have done the work or at least provided assistance.

It's also unknown how Stuxnet got into the air-gapped facility. It was designed to spread via an infected USB flash drive. It's thought that since they couldn't get into the facility, what needed to be done was to infect computers belonging to a few outside firms that sold devices that would in turn be connected to the facility. The book identified a few of these companies, but it's still unclear if they were the ones, or the perpetrators somehow had someone on the inside.

As to zero day in the title, what was unique about Stuxnet is that it contained 5 zero day exploits. Zero day is also relevant in that Zetter describes the black and gray markets of firms that discover zero-day vulnerabilities who in turn sell them to law enforcement and intelligence agencies.

Creating Stuxnet was a huge challenge that took scores of programmers from a nation state many months to create. Writing a highly readable and engrossing book about the obscure software vulnerabilities that it exploited was also a challenge, albeit one that few authors could do efficaciously. In Countdown to Zero Day: Stuxnet and the Launch of the Worlds First Digital Weapon, Kim Zetter has written one of the best computer security narratives; a book you will likely find quite hard to put down.

Reviewed by Ben Rothke.

You can purchase Countdown to Zero Day: Stuxnet and the Launch of the Worlds First Digital Weapon from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

theodp writes Sunday marks the 25th Anniversary of the Fall of the Berlin Wall, which Google commemorates in today's Doodle. "Seeking inspiration for this doodle," notes the Google Doodle Team, "we took a short bike ride from our Mountain View, California headquarters to our local public library to study an actual piece of the Berlin Wall" (the Berlin Wall segments are featured in the Doodle). Interestingly, the post doesn't mention Google's connection to how the two sections of the Berlin Wall wound up at the library. After Google bought the Bayside Business Plaza in 2012, where the 12-foot-tall remnants had been kept for decades by German-born businessman Frank Golzen before his death, it reportedly gave the Golzen family until summer 2013 to get the Berlin Wall off its lawn. "Although the donating family has until next summer to remove the installation from the current location," reads a 2012 City of Mountain View Staff Report, "their preference (and the preference of the new owner of the property) is to remove it sooner." A recommendation to relocate the seven ton concrete slabs to remote Charleston Park, adjacent to the Googleplex, was nixed by the City Council, who voted instead to move the Berlin Wall sections to its current home in front of a downtown public library.