Slashdot Mirror

Bennett Haselton writes My LG Optimus F3Q was the lowest-end phone in the T-Mobile store, but a cheap phone is supposed to suck in specific ways that make you want to upgrade to a better model. This one is plagued with software bugs that have nothing to do with the cheap hardware, and thus lower one's confidence in the whole product line. Similar to the suckiness of the Stratosphere and Stratosphere 2 that I was subjected to before this one, the phone's shortcomings actually raise more interesting questions — about why the free-market system rewards companies for pulling off miracles at the hardware level, but not for fixing software bugs that should be easy to catch. Read below to see what Bennett has to say.

How long would it have taken you to find these bugs, as a beta tester?

• The phone's auto-correct changes single-quotes to double-quotes in contractions -- for example, when you type you're, the phone auto-corrects it to you"re .

• When you backspace over part of a word that you've typed and then type the rest of the word, auto-correct corrects based on the letters that you type after you've finished backspacing, rather than the letters in the entire word that you've just completed. For example, if you type couchsurfing and the phone auto-corrects it to concurring, then backspace over all of the letters except the initial co, and then type "uch" followed by a space to form the word "couch", the Optimus changes "uch" to "such" to form "cosuch", because it thinks it's auto-correcting just the "uch" fragment and doesn't see the entire word "couch".

• Taking a screen capture still doesn't work, just like it didn't work on the Stratosphere 2. There are official directions on how to do it, but you can follow the steps and nothing happens.

• The first time I launched the voice mail application, the app prompted me to freely choose a new PIN code, and then sternly warned me, Mao-like, that my supposedly freely chosen PIN code was "incorrect". (I never got it working, and just called in to the voice mail number manually whenever I wanted to check my messages.)

• When I bought a movie on Google Play and wanted to "pin" it to the phone -- i.e. download a static, non-streamed copy so that I could watch it offline, e.g. on a plane ride -- the phone didn't have enough internal storage left to save a copy of the movie (1.27 GB, most of it taken up in 1-2 MB increments by crapware already loaded on to the phone, so that only about 200 MB was left). So I tried saving the movie to a 32 GB SD card that I had plugged into the phone, but ran into the problem that Google Play wouldn't let me save the movie to the SD card, a problem described in Joe Levi's 2013 article "Why does Google hate your SD card?" and still not fixed almost a year later. (The comments posted on his article indicate that lots of people are pissed.)

  Unlike the other bugs, this may be an example of stupidity not at the testing level but at the design specification level -- perhaps this was done in a misguided effort to prevent illegal copying. But, as Levi says of this theory, "If the DRM being used on Android is sufficient enough for content providers to accept it when media is saved internally, they should also accept it when media is saved to an SD card. Otherwise, the DRM isn't really that trustworthy, is it?" It's pointless from a copy-protection point of view, since anyone who wants to pirate a movie can just download it from various BitTorrent sites anyway; all this "feature" does is alienate people who are trying to pay for a movie legally.

• In the Messaging (i.e. texting) app, you cannot search for messages by the name of the sender. Your conversations are listed in reverse chronological order by the date of the most recent message in each conversation, but to find a conversation with a particular person, you have to scroll down the entire list of conversations and keep your eyes peeled for the person's name.

• On certain mobile website forms (the Fandango site, for instance, and some others that I don't remember -- it's not clear why this happens on some website forms but not others), the phone won't let me type "special characters", the ones that appear in the upper-right corner of the keyboard keys (so that you can type the "@" symbol by first hitting the "Fn" key to access special characters, and then pressing the "2" key). This means that since I can't type the "@" symbol, I can't log in to any form that requires an email address as a username. (The workaround is to open the Gmail app, find an email address in an email message, copy the "@" symbol from the email address to the clipboard, and then paste it back in the browser form -- yes, I have to do every time I log in to a mobile site that has this problem.)

In my previous phone-suck article about the Samsung Stratosphere, I listed as many problems as I could think of at the time, and I completely forgot the fact that the phone recorded videos without any sound. (I know it wasn't a hardware problem with the microphone, since the phone app picked up my voice fine.) As part of my research into how to ruin Burning Man forever by telling "tourists" how to get there easily, I wanted to post a video of the quintessential Burning Man spectacle that makes all the dust and thirst and heat worthwhile -- and I had to post it with no sound recording, because Samsung's product testing is done by the same drunken bonobos that worked on the LG Optimus.

And both products raise the same question, not rhetorically, but seriously: How did this happen? More specifically, in a theoretical free market, any product improvement that costs only a small amount compared to the benefit it brings to consumers, should be implemented (and consumers will reward the company by paying additional dollars for the improvement, in proportion to the benefit it brings them). While it doesn't always work out that way in practice, it's hard to believe LG couldn't spring for a few English-language testers to point out that the phone shouldn't be correcting you're to you"re.

I think the answer in both cases is that the free market optimizes mainly for things that are easily quantifiable, like camera resolution and network speed, because those can be listed on the packaging and compared against other products. But the amount of stupid s*#t you run into while actually using the phone, is hard to define on an objective scale, so that's the first thing that companies will cut corners on, even if it's something that consumers would be willing to pay money for.

So my solution is still essentially the same as what I proposed after trashing the Stratosphere: Some Consumer-Reports-type outlet should rate phones on a Stupid S*#t Index (along with speed, reception, etc.), based on how much stupid s*#t they run into in a week of typical usage. Ideally the Stupid S*#t Index should be reduced to a number so that you can do a quick comparison between different models. If a cheap phone has a lot of stupid s*#t problems, but you don't mind because you want to save money, that's a valid choice, and if you want to pay more for a phone with less stupid s*#t, that's fine too. But people should know what they're buying.

More generally, I think people vastly overestimate the ability of the free market to meet consumer demand, in cases where the demand is for something that can't be easily quantified. I've spent a fair amount of time in "entrepreneurial" circles (while bouncing back and forth myself between entrepreneurship and regular jobs) and have heard the faithful reciting a lot of platitudes like "The market rewards the best product," or "Focus on building the best product you can make, and the customers will come." But most of them evidently didn't even believe it themselves -- they spent most of their efforts on search engine optimization, running content farms, networking with important business contacts, and other activities that didn't directly relate to the quality of their products. And who could blame them? Since their products weren't competing on qualities that were precisely quantifiable, there was no reason for any of them to try to create the "best" product, or even a particularly good one. And that strategy worked quite well for several of them.

On the other hand, when you're competing on a quantifiable metric like price, the best product or service can shoot straight to the top without wasting any time on zero-sum games like SEO or networking ass-kissery. If you're selling external hard drives on Amazon for $0.01, you'll make a lot of sales. You'll go broke, but in the meantime, the free market will connect you quite effectively with your customers.

So, make the mobile phone Stupid S*@t Index into something quantifiable, and maybe we'll have less stupid s#*t. One review body could publish the average rating from several different reviewers, or several different review bodies could publish their ratings and consumers could weight the averages themselves.

Not that it's a panacea -- I bought the LG Optimus not because it was the cheapest or because I didn't expect it to have bugs, but because it was the only offering with a slide-out keyboard, and I've become addicted to the precision of physical keys. (It is so much easier to let your fingertip feel its way to the right key first, and then actually press the key in a separate motion, rather than having to hope your fingertip lands on the right spot in the first place.) So I never returned the phone, they kept my money, and I suppose that makes me part of the problem.

mpicpp (3454017) writes with news of a notoriously abused (basically "method of displaying images on a machine") software patent being declared invalid. From the article: The ruling from last week is one of the first to apply new Supreme Court guidance about when ideas are too "abstract" to be patented. ... The patents in this case describe a type of "device profile" that allows digital images to be accurately displayed on different devices. US Patent No. 6,128,415 was originally filed by Polaroid in 1996. After a series of transfers, in 2012 the patent was sold to Digitech Image Technologies, a branch of Acacia Research Corporation, the largest publicly traded patent assertion company. ... In the opinion, a three-judge panel found that the device profile described in the patent is a "collection of intangible color and spatial information," not a machine or manufactured object. "Data in its ethereal, non-physical form is simply information that does not fall under any of the categories of eligible subject matter under section 101," wrote Circuit Judge Jimmie Reyna on behalf of the panel.

An anonymous reader writes: Yesterday, word came down that Microsoft was starting to lay off some 18,000 workers. As of June 5th, Microsoft reported a total employee headcount of 127,005, so they're cutting about 15% of their jobs. That's actually a pretty huge percentage, even taking into account the redundancies created by the Nokia acquisition. Obviously, there's an upper limit to how much of your workforce you can let go at one time, so I'm willing to bet Microsoft's management thinks thousands more people aren't worth keeping around. How many employees does Microsoft realistically need? The company is famous for its huge teams that don't work together well, and excessive middle management. But they also have a huge number of software projects, and some of the projects, like Windows and Office, need big teams to develop. How would we go about estimating the total workforce Microsoft needs? (Other headcounts for reference: Apple: 80,000, Amazon: 124,600, IBM: 431,212, Red Hat: 5,000+, Facebook: 6,800, Google: 52,000, Intel: 104,900.)

An anonymous reader writes The investigation of a Malaysian passenger jet shot down over Ukrainian rebel held territory is heating up. U.S. and U.K. news organizations are studiously trying to spread the blame, Russian ITAR, which, just earlier today was celebrating the downing of a large aircraft by rebel missiles in Torez (Google cache) is reporting that the rebels do not have access to the missiles needed for such attacks. The rebel commander who earlier today reported the downing of the aircraft has also issued a correction to earlier reports that they had captured BUK air defense systems with Russian sources now stating that the rebels do not posses such air defenses. The Ukrainian president has been attempting to frame the incident as a "terrorist attack". President Obama made contact with Vladimir Putin and has been instead treating it as an accident, calling it a "terrible tragedy" and saying that the priority is investigating whether U.S. citizens were involved. With control of the black box and its own internet propaganda army Russia may be in a good position to win the propaganda war.

An anonymous reader writes When Google+ launched, it received criticism across the internet for requiring that users register with their real names. Now, Google has finally relented and removed all restrictions on what usernames people are allowed to use. The company said, "We know you've been calling for this change for a while. We know that our names policy has been unclear, and this has led to some unnecessarily difficult experiences for some of our users. For this we apologize, and we hope that today's change is a step toward making Google+ the welcoming and inclusive place that we want it to be."

On June 29, 2014, Timothy started a Slashdot post with these words: 'Last week at Google I/O, the company introduced Cardboard, its cheap-and-cheerful (it's made of cardboard, after all) approach to nearly instant VR viewing.' Several commenters noted that Viewmaster has been doing something similar for over 70 years; that you can get a slicker 3-D adapter for your smartphone from Durovis, with the Vrizzmo VR Goggles and vrAse coming soon; and that you can buy an iPhone/iPod Touch-only 3-D viewer for about $8 (at the time this was typed), which is a whole lot less than the price of most third-party Cardboard kits that are getting ready to hit the market. || The Google person behind The Cardboard is VP Clay Bavor, whose day job is overseeing Google apps. Clay says you are welcome to make your own Cardboard from scratch instead of buying one (or a kit) from someone else, and of course you can write all the software for it you like. || You may (or may not) remember that Timothy ended that June 29 post about Cardboard with a promise that before long we'd have 'a video introduction to Cardboard with Google VP Clay Bavor.' So here it is, as promised. (Alternate Video Link)

This interview with Googler Pete LePage took place at Google I/O 2014, where Pete and coworker Matt Gaunt set up a Device Lab with 46 different devices on their display wall. The point wasn't to show off Google's coolness as much as it was to let developers see how their websites displayed on as wide a range of mobile devices as possible. This is reminiscent of the last century's Any Browser campaign, which was set up to encourage developers to make sites that worked right in any browser instead of having a WWW full of sites "best viewed in Exploroscape" that displayed poorly in other browsers.

Today, the trick is to make a site that is fully functional across a wide range of devices with different size screens that a user might decide to view in landscape mode one day and portrait mode the next. Google is happy to share their MiniMobileDeviceLab with you to help set up multi-unit displays. Pete also suggests checking out PageSpeed Insights and Web Fundamentals even if you're a skilled and experienced Web designer, because those two Google sites are chock full of information on how to make sure your site works right on most devices and in most popular browsers. (Alternate Video Link)

This interview with Googler Pete LePage took place at Google I/O 2014, where Pete and coworker Matt Gaunt set up a Device Lab with 46 different devices on their display wall. The point wasn't to show off Google's coolness as much as it was to let developers see how their websites displayed on as wide a range of mobile devices as possible. This is reminiscent of the last century's Any Browser campaign, which was set up to encourage developers to make sites that worked right in any browser instead of having a WWW full of sites "best viewed in Exploroscape" that displayed poorly in other browsers.

Today, the trick is to make a site that is fully functional across a wide range of devices with different size screens that a user might decide to view in landscape mode one day and portrait mode the next. Google is happy to share their MiniMobileDeviceLab with you to help set up multi-unit displays. Pete also suggests checking out PageSpeed Insights and Web Fundamentals even if you're a skilled and experienced Web designer, because those two Google sites are chock full of information on how to make sure your site works right on most devices and in most popular browsers. (Alternate Video Link)

This interview with Googler Pete LePage took place at Google I/O 2014, where Pete and coworker Matt Gaunt set up a Device Lab with 46 different devices on their display wall. The point wasn't to show off Google's coolness as much as it was to let developers see how their websites displayed on as wide a range of mobile devices as possible. This is reminiscent of the last century's Any Browser campaign, which was set up to encourage developers to make sites that worked right in any browser instead of having a WWW full of sites "best viewed in Exploroscape" that displayed poorly in other browsers.

Today, the trick is to make a site that is fully functional across a wide range of devices with different size screens that a user might decide to view in landscape mode one day and portrait mode the next. Google is happy to share their MiniMobileDeviceLab with you to help set up multi-unit displays. Pete also suggests checking out PageSpeed Insights and Web Fundamentals even if you're a skilled and experienced Web designer, because those two Google sites are chock full of information on how to make sure your site works right on most devices and in most popular browsers. (Alternate Video Link)

This interview with Googler Pete LePage took place at Google I/O 2014, where Pete and coworker Matt Gaunt set up a Device Lab with 46 different devices on their display wall. The point wasn't to show off Google's coolness as much as it was to let developers see how their websites displayed on as wide a range of mobile devices as possible. This is reminiscent of the last century's Any Browser campaign, which was set up to encourage developers to make sites that worked right in any browser instead of having a WWW full of sites "best viewed in Exploroscape" that displayed poorly in other browsers.

Today, the trick is to make a site that is fully functional across a wide range of devices with different size screens that a user might decide to view in landscape mode one day and portrait mode the next. Google is happy to share their MiniMobileDeviceLab with you to help set up multi-unit displays. Pete also suggests checking out PageSpeed Insights and Web Fundamentals even if you're a skilled and experienced Web designer, because those two Google sites are chock full of information on how to make sure your site works right on most devices and in most popular browsers. (Alternate Video Link)

This interview with Googler Pete LePage took place at Google I/O 2014, where Pete and coworker Matt Gaunt set up a Device Lab with 46 different devices on their display wall. The point wasn't to show off Google's coolness as much as it was to let developers see how their websites displayed on as wide a range of mobile devices as possible. This is reminiscent of the last century's Any Browser campaign, which was set up to encourage developers to make sites that worked right in any browser instead of having a WWW full of sites "best viewed in Exploroscape" that displayed poorly in other browsers.

Today, the trick is to make a site that is fully functional across a wide range of devices with different size screens that a user might decide to view in landscape mode one day and portrait mode the next. Google is happy to share their MiniMobileDeviceLab with you to help set up multi-unit displays. Pete also suggests checking out PageSpeed Insights and Web Fundamentals even if you're a skilled and experienced Web designer, because those two Google sites are chock full of information on how to make sure your site works right on most devices and in most popular browsers. (Alternate Video Link)

OakDragon (885217) writes In the shadow of the "Net Neutrality" debate, Google's YouTube has created a service to report on your carrier's usage and speed, summarizing the data in a "Lower/Standard/High Definition" graph. You may see the service offered when a video buffers or stutters. A message could display under the video asking "Experiencing interruptions? Find out why." Find your own provider's grade here.

benrothke writes There is a not so fine line between data dashboards and other information displays that provide pretty but otherwise useless and unactionable information; and those that provide effective answers to key questions. Data-Driven Security: Analysis, Visualization and Dashboards is all about the later. In this extremely valuable book, authors Jay Jacobs and Bob Rudis show you how to find security patterns in your data logs and extract enough information from it to create effective information security countermeasures. By using data correctly and truly understanding what that data means, the authors show how you can achieve much greater levels of security. Keep reading for the rest of Ben's review. Data-Driven Security: Analysis, Visualization and Dashboards author Jay Jacobs and Bob Rudis pages 352 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 978-1118793725 summary Superb book for effective use of data for information security The book is meant for a serious reader who is willing to put in the time and effort to learn the programming necessary (mainly in Python and R) to truly understand what information exists deep in the recesses of their logs. As to R, it is a GNU project and a free software programming language and software environment for statistical computing and graphics. The R language is widely used among statisticians and data miners for developing statistical software and data analysis. For analysis the level of which Jacobs and Rudis prescribe, R is a godsend.

After completing the book, the reader will have the ability to know which questions to ask to gain security insights, and use that data to ensure the overall security of their data and networks. Getting to that level is not a trivial at all a trivial task; even if there are vendors who can promise to do that.

For many people performing data analysis, the dependable Excel spreadsheet is their basic choice for data manipulation. The book calls the spreadsheet a gateway tool between a text editor and programming. The book notes that spreadsheets work as long as the data is not too large or complex. The book quotes a 2013 report to shareholders from J.P. Morgan in which parts of their 2012 $6 billion in losses was due in part to problems with their Excel spreadsheets.

The authors suggest using Excel as a temporary solution for quick one-shot tasks. For those that have repeating analytical tasks or models that are used repeatedly, it's best to move to some type of structured programming language, specifically those that the book suggest and for provides significant amounts of code examples; all of which are available on the companion website here.

The goal of all data extraction is to use data analysis to answer real questions. A large part of the book focuses on how to ask the right question. In chapter 1, the authors write that every good data analysis project begins with setting a goal and creating one or more research questions. Without a well-formed question guiding the analysis, you may wasting time and energy seeking convenient answers in the data, or worse, you may end up answering a question that nobody was asking in the first place.

The value of the book is that it shows the reader how to focus on context and purpose of the data analysis by setting the research question appropriately; rather than simply parsing large amounts of data. It's ultimately irrelevant if you can use Hadoop to process petabytes of data if you don't know what you are looking for.

Visualization is a large part of what this book is about, and in chapter 6 — Visualizing Security Data, the book notes that the most efficient path to human understanding is via the visual sense. It goes on to details the many advantages data visualization has, and the key to making it work.

As important as visualization is, describing the data is equally important. In chapter 7, the book introduces the VERIS(Vocabulary for Event Recording and Incident Sharing) framework. VERIS is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner. VERIS helps organizations collect useful incident-related information and to share that information, anonymously and responsibly with others.

The book shows how you can use dashboards for effective data visualization. But the authors warn that a dashboard is not an art show. They caution that given the graphical nature of dashboards, it's easy to fall into the trap of making them look like pieces of modern or fringe art; when they are far more akin to architectural and industrial diagrams that require more controlled, deliberate and constrained design.

As to dashboards the authors do not like, they consider the Cyber Security Situational Awarenessto be glitzy but not informative. Personally, I thought the dashboard has a lot of good information.

The book uses the definition of dashboard according to Stephen Few, in that it's a "visual display of the most important information needed to achieve one or more objectives that has been consolidated in a single computer screen so it can be monitored at a glance". The book enables the reader to create dashboards like that.

Data-Driven Security: Analysis, Visualization and Dashboards is a superb book written by two experts who provide significant amounts of valuable information in every chapter. For those that are willing to put the time and effort into the serious amount of work that the book requires, they will find it a vital resource that will certainly help them achieve much higher levels of security.

Reviewed by Ben Rothke.

You can purchase Data-Driven Security: Analysis, Visualization and Dashboards from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

benrothke writes There is a not so fine line between data dashboards and other information displays that provide pretty but otherwise useless and unactionable information; and those that provide effective answers to key questions. Data-Driven Security: Analysis, Visualization and Dashboards is all about the later. In this extremely valuable book, authors Jay Jacobs and Bob Rudis show you how to find security patterns in your data logs and extract enough information from it to create effective information security countermeasures. By using data correctly and truly understanding what that data means, the authors show how you can achieve much greater levels of security. Keep reading for the rest of Ben's review. Data-Driven Security: Analysis, Visualization and Dashboards author Jay Jacobs and Bob Rudis pages 352 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 978-1118793725 summary Superb book for effective use of data for information security The book is meant for a serious reader who is willing to put in the time and effort to learn the programming necessary (mainly in Python and R) to truly understand what information exists deep in the recesses of their logs. As to R, it is a GNU project and a free software programming language and software environment for statistical computing and graphics. The R language is widely used among statisticians and data miners for developing statistical software and data analysis. For analysis the level of which Jacobs and Rudis prescribe, R is a godsend.

After completing the book, the reader will have the ability to know which questions to ask to gain security insights, and use that data to ensure the overall security of their data and networks. Getting to that level is not a trivial at all a trivial task; even if there are vendors who can promise to do that.

For many people performing data analysis, the dependable Excel spreadsheet is their basic choice for data manipulation. The book calls the spreadsheet a gateway tool between a text editor and programming. The book notes that spreadsheets work as long as the data is not too large or complex. The book quotes a 2013 report to shareholders from J.P. Morgan in which parts of their 2012 $6 billion in losses was due in part to problems with their Excel spreadsheets.

The authors suggest using Excel as a temporary solution for quick one-shot tasks. For those that have repeating analytical tasks or models that are used repeatedly, it's best to move to some type of structured programming language, specifically those that the book suggest and for provides significant amounts of code examples; all of which are available on the companion website here.

The goal of all data extraction is to use data analysis to answer real questions. A large part of the book focuses on how to ask the right question. In chapter 1, the authors write that every good data analysis project begins with setting a goal and creating one or more research questions. Without a well-formed question guiding the analysis, you may wasting time and energy seeking convenient answers in the data, or worse, you may end up answering a question that nobody was asking in the first place.

The value of the book is that it shows the reader how to focus on context and purpose of the data analysis by setting the research question appropriately; rather than simply parsing large amounts of data. It's ultimately irrelevant if you can use Hadoop to process petabytes of data if you don't know what you are looking for.

Visualization is a large part of what this book is about, and in chapter 6 — Visualizing Security Data, the book notes that the most efficient path to human understanding is via the visual sense. It goes on to details the many advantages data visualization has, and the key to making it work.

As important as visualization is, describing the data is equally important. In chapter 7, the book introduces the VERIS(Vocabulary for Event Recording and Incident Sharing) framework. VERIS is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner. VERIS helps organizations collect useful incident-related information and to share that information, anonymously and responsibly with others.

The book shows how you can use dashboards for effective data visualization. But the authors warn that a dashboard is not an art show. They caution that given the graphical nature of dashboards, it's easy to fall into the trap of making them look like pieces of modern or fringe art; when they are far more akin to architectural and industrial diagrams that require more controlled, deliberate and constrained design.

As to dashboards the authors do not like, they consider the Cyber Security Situational Awarenessto be glitzy but not informative. Personally, I thought the dashboard has a lot of good information.

The book uses the definition of dashboard according to Stephen Few, in that it's a "visual display of the most important information needed to achieve one or more objectives that has been consolidated in a single computer screen so it can be monitored at a glance". The book enables the reader to create dashboards like that.

Data-Driven Security: Analysis, Visualization and Dashboards is a superb book written by two experts who provide significant amounts of valuable information in every chapter. For those that are willing to put the time and effort into the serious amount of work that the book requires, they will find it a vital resource that will certainly help them achieve much higher levels of security.

Reviewed by Ben Rothke.

You can purchase Data-Driven Security: Analysis, Visualization and Dashboards from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

benrothke writes There is a not so fine line between data dashboards and other information displays that provide pretty but otherwise useless and unactionable information; and those that provide effective answers to key questions. Data-Driven Security: Analysis, Visualization and Dashboards is all about the later. In this extremely valuable book, authors Jay Jacobs and Bob Rudis show you how to find security patterns in your data logs and extract enough information from it to create effective information security countermeasures. By using data correctly and truly understanding what that data means, the authors show how you can achieve much greater levels of security. Keep reading for the rest of Ben's review. Data-Driven Security: Analysis, Visualization and Dashboards author Jay Jacobs and Bob Rudis pages 352 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 978-1118793725 summary Superb book for effective use of data for information security The book is meant for a serious reader who is willing to put in the time and effort to learn the programming necessary (mainly in Python and R) to truly understand what information exists deep in the recesses of their logs. As to R, it is a GNU project and a free software programming language and software environment for statistical computing and graphics. The R language is widely used among statisticians and data miners for developing statistical software and data analysis. For analysis the level of which Jacobs and Rudis prescribe, R is a godsend.

After completing the book, the reader will have the ability to know which questions to ask to gain security insights, and use that data to ensure the overall security of their data and networks. Getting to that level is not a trivial at all a trivial task; even if there are vendors who can promise to do that.

For many people performing data analysis, the dependable Excel spreadsheet is their basic choice for data manipulation. The book calls the spreadsheet a gateway tool between a text editor and programming. The book notes that spreadsheets work as long as the data is not too large or complex. The book quotes a 2013 report to shareholders from J.P. Morgan in which parts of their 2012 $6 billion in losses was due in part to problems with their Excel spreadsheets.

The authors suggest using Excel as a temporary solution for quick one-shot tasks. For those that have repeating analytical tasks or models that are used repeatedly, it's best to move to some type of structured programming language, specifically those that the book suggest and for provides significant amounts of code examples; all of which are available on the companion website here.

The goal of all data extraction is to use data analysis to answer real questions. A large part of the book focuses on how to ask the right question. In chapter 1, the authors write that every good data analysis project begins with setting a goal and creating one or more research questions. Without a well-formed question guiding the analysis, you may wasting time and energy seeking convenient answers in the data, or worse, you may end up answering a question that nobody was asking in the first place.

The value of the book is that it shows the reader how to focus on context and purpose of the data analysis by setting the research question appropriately; rather than simply parsing large amounts of data. It's ultimately irrelevant if you can use Hadoop to process petabytes of data if you don't know what you are looking for.

Visualization is a large part of what this book is about, and in chapter 6 — Visualizing Security Data, the book notes that the most efficient path to human understanding is via the visual sense. It goes on to details the many advantages data visualization has, and the key to making it work.

As important as visualization is, describing the data is equally important. In chapter 7, the book introduces the VERIS(Vocabulary for Event Recording and Incident Sharing) framework. VERIS is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner. VERIS helps organizations collect useful incident-related information and to share that information, anonymously and responsibly with others.

The book shows how you can use dashboards for effective data visualization. But the authors warn that a dashboard is not an art show. They caution that given the graphical nature of dashboards, it's easy to fall into the trap of making them look like pieces of modern or fringe art; when they are far more akin to architectural and industrial diagrams that require more controlled, deliberate and constrained design.

As to dashboards the authors do not like, they consider the Cyber Security Situational Awarenessto be glitzy but not informative. Personally, I thought the dashboard has a lot of good information.

The book uses the definition of dashboard according to Stephen Few, in that it's a "visual display of the most important information needed to achieve one or more objectives that has been consolidated in a single computer screen so it can be monitored at a glance". The book enables the reader to create dashboards like that.

Data-Driven Security: Analysis, Visualization and Dashboards is a superb book written by two experts who provide significant amounts of valuable information in every chapter. For those that are willing to put the time and effort into the serious amount of work that the book requires, they will find it a vital resource that will certainly help them achieve much higher levels of security.

Reviewed by Ben Rothke.

You can purchase Data-Driven Security: Analysis, Visualization and Dashboards from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

benrothke writes There is a not so fine line between data dashboards and other information displays that provide pretty but otherwise useless and unactionable information; and those that provide effective answers to key questions. Data-Driven Security: Analysis, Visualization and Dashboards is all about the later. In this extremely valuable book, authors Jay Jacobs and Bob Rudis show you how to find security patterns in your data logs and extract enough information from it to create effective information security countermeasures. By using data correctly and truly understanding what that data means, the authors show how you can achieve much greater levels of security. Keep reading for the rest of Ben's review. Data-Driven Security: Analysis, Visualization and Dashboards author Jay Jacobs and Bob Rudis pages 352 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 978-1118793725 summary Superb book for effective use of data for information security The book is meant for a serious reader who is willing to put in the time and effort to learn the programming necessary (mainly in Python and R) to truly understand what information exists deep in the recesses of their logs. As to R, it is a GNU project and a free software programming language and software environment for statistical computing and graphics. The R language is widely used among statisticians and data miners for developing statistical software and data analysis. For analysis the level of which Jacobs and Rudis prescribe, R is a godsend.

After completing the book, the reader will have the ability to know which questions to ask to gain security insights, and use that data to ensure the overall security of their data and networks. Getting to that level is not a trivial at all a trivial task; even if there are vendors who can promise to do that.

For many people performing data analysis, the dependable Excel spreadsheet is their basic choice for data manipulation. The book calls the spreadsheet a gateway tool between a text editor and programming. The book notes that spreadsheets work as long as the data is not too large or complex. The book quotes a 2013 report to shareholders from J.P. Morgan in which parts of their 2012 $6 billion in losses was due in part to problems with their Excel spreadsheets.

The authors suggest using Excel as a temporary solution for quick one-shot tasks. For those that have repeating analytical tasks or models that are used repeatedly, it's best to move to some type of structured programming language, specifically those that the book suggest and for provides significant amounts of code examples; all of which are available on the companion website here.

The goal of all data extraction is to use data analysis to answer real questions. A large part of the book focuses on how to ask the right question. In chapter 1, the authors write that every good data analysis project begins with setting a goal and creating one or more research questions. Without a well-formed question guiding the analysis, you may wasting time and energy seeking convenient answers in the data, or worse, you may end up answering a question that nobody was asking in the first place.

The value of the book is that it shows the reader how to focus on context and purpose of the data analysis by setting the research question appropriately; rather than simply parsing large amounts of data. It's ultimately irrelevant if you can use Hadoop to process petabytes of data if you don't know what you are looking for.

Visualization is a large part of what this book is about, and in chapter 6 — Visualizing Security Data, the book notes that the most efficient path to human understanding is via the visual sense. It goes on to details the many advantages data visualization has, and the key to making it work.

As important as visualization is, describing the data is equally important. In chapter 7, the book introduces the VERIS(Vocabulary for Event Recording and Incident Sharing) framework. VERIS is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner. VERIS helps organizations collect useful incident-related information and to share that information, anonymously and responsibly with others.

The book shows how you can use dashboards for effective data visualization. But the authors warn that a dashboard is not an art show. They caution that given the graphical nature of dashboards, it's easy to fall into the trap of making them look like pieces of modern or fringe art; when they are far more akin to architectural and industrial diagrams that require more controlled, deliberate and constrained design.

As to dashboards the authors do not like, they consider the Cyber Security Situational Awarenessto be glitzy but not informative. Personally, I thought the dashboard has a lot of good information.

The book uses the definition of dashboard according to Stephen Few, in that it's a "visual display of the most important information needed to achieve one or more objectives that has been consolidated in a single computer screen so it can be monitored at a glance". The book enables the reader to create dashboards like that.

Data-Driven Security: Analysis, Visualization and Dashboards is a superb book written by two experts who provide significant amounts of valuable information in every chapter. For those that are willing to put the time and effort into the serious amount of work that the book requires, they will find it a vital resource that will certainly help them achieve much higher levels of security.

Reviewed by Ben Rothke.

You can purchase Data-Driven Security: Analysis, Visualization and Dashboards from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

benrothke writes There is a not so fine line between data dashboards and other information displays that provide pretty but otherwise useless and unactionable information; and those that provide effective answers to key questions. Data-Driven Security: Analysis, Visualization and Dashboards is all about the later. In this extremely valuable book, authors Jay Jacobs and Bob Rudis show you how to find security patterns in your data logs and extract enough information from it to create effective information security countermeasures. By using data correctly and truly understanding what that data means, the authors show how you can achieve much greater levels of security. Keep reading for the rest of Ben's review. Data-Driven Security: Analysis, Visualization and Dashboards author Jay Jacobs and Bob Rudis pages 352 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 978-1118793725 summary Superb book for effective use of data for information security The book is meant for a serious reader who is willing to put in the time and effort to learn the programming necessary (mainly in Python and R) to truly understand what information exists deep in the recesses of their logs. As to R, it is a GNU project and a free software programming language and software environment for statistical computing and graphics. The R language is widely used among statisticians and data miners for developing statistical software and data analysis. For analysis the level of which Jacobs and Rudis prescribe, R is a godsend.

After completing the book, the reader will have the ability to know which questions to ask to gain security insights, and use that data to ensure the overall security of their data and networks. Getting to that level is not a trivial at all a trivial task; even if there are vendors who can promise to do that.

For many people performing data analysis, the dependable Excel spreadsheet is their basic choice for data manipulation. The book calls the spreadsheet a gateway tool between a text editor and programming. The book notes that spreadsheets work as long as the data is not too large or complex. The book quotes a 2013 report to shareholders from J.P. Morgan in which parts of their 2012 $6 billion in losses was due in part to problems with their Excel spreadsheets.

The authors suggest using Excel as a temporary solution for quick one-shot tasks. For those that have repeating analytical tasks or models that are used repeatedly, it's best to move to some type of structured programming language, specifically those that the book suggest and for provides significant amounts of code examples; all of which are available on the companion website here.

The goal of all data extraction is to use data analysis to answer real questions. A large part of the book focuses on how to ask the right question. In chapter 1, the authors write that every good data analysis project begins with setting a goal and creating one or more research questions. Without a well-formed question guiding the analysis, you may wasting time and energy seeking convenient answers in the data, or worse, you may end up answering a question that nobody was asking in the first place.

The value of the book is that it shows the reader how to focus on context and purpose of the data analysis by setting the research question appropriately; rather than simply parsing large amounts of data. It's ultimately irrelevant if you can use Hadoop to process petabytes of data if you don't know what you are looking for.

Visualization is a large part of what this book is about, and in chapter 6 — Visualizing Security Data, the book notes that the most efficient path to human understanding is via the visual sense. It goes on to details the many advantages data visualization has, and the key to making it work.

As important as visualization is, describing the data is equally important. In chapter 7, the book introduces the VERIS(Vocabulary for Event Recording and Incident Sharing) framework. VERIS is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner. VERIS helps organizations collect useful incident-related information and to share that information, anonymously and responsibly with others.

The book shows how you can use dashboards for effective data visualization. But the authors warn that a dashboard is not an art show. They caution that given the graphical nature of dashboards, it's easy to fall into the trap of making them look like pieces of modern or fringe art; when they are far more akin to architectural and industrial diagrams that require more controlled, deliberate and constrained design.

As to dashboards the authors do not like, they consider the Cyber Security Situational Awarenessto be glitzy but not informative. Personally, I thought the dashboard has a lot of good information.

The book uses the definition of dashboard according to Stephen Few, in that it's a "visual display of the most important information needed to achieve one or more objectives that has been consolidated in a single computer screen so it can be monitored at a glance". The book enables the reader to create dashboards like that.

Data-Driven Security: Analysis, Visualization and Dashboards is a superb book written by two experts who provide significant amounts of valuable information in every chapter. For those that are willing to put the time and effort into the serious amount of work that the book requires, they will find it a vital resource that will certainly help them achieve much higher levels of security.

Reviewed by Ben Rothke.

You can purchase Data-Driven Security: Analysis, Visualization and Dashboards from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

benrothke writes There is a not so fine line between data dashboards and other information displays that provide pretty but otherwise useless and unactionable information; and those that provide effective answers to key questions. Data-Driven Security: Analysis, Visualization and Dashboards is all about the later. In this extremely valuable book, authors Jay Jacobs and Bob Rudis show you how to find security patterns in your data logs and extract enough information from it to create effective information security countermeasures. By using data correctly and truly understanding what that data means, the authors show how you can achieve much greater levels of security. Keep reading for the rest of Ben's review. Data-Driven Security: Analysis, Visualization and Dashboards author Jay Jacobs and Bob Rudis pages 352 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 978-1118793725 summary Superb book for effective use of data for information security The book is meant for a serious reader who is willing to put in the time and effort to learn the programming necessary (mainly in Python and R) to truly understand what information exists deep in the recesses of their logs. As to R, it is a GNU project and a free software programming language and software environment for statistical computing and graphics. The R language is widely used among statisticians and data miners for developing statistical software and data analysis. For analysis the level of which Jacobs and Rudis prescribe, R is a godsend.

After completing the book, the reader will have the ability to know which questions to ask to gain security insights, and use that data to ensure the overall security of their data and networks. Getting to that level is not a trivial at all a trivial task; even if there are vendors who can promise to do that.

For many people performing data analysis, the dependable Excel spreadsheet is their basic choice for data manipulation. The book calls the spreadsheet a gateway tool between a text editor and programming. The book notes that spreadsheets work as long as the data is not too large or complex. The book quotes a 2013 report to shareholders from J.P. Morgan in which parts of their 2012 $6 billion in losses was due in part to problems with their Excel spreadsheets.

The authors suggest using Excel as a temporary solution for quick one-shot tasks. For those that have repeating analytical tasks or models that are used repeatedly, it's best to move to some type of structured programming language, specifically those that the book suggest and for provides significant amounts of code examples; all of which are available on the companion website here.

The goal of all data extraction is to use data analysis to answer real questions. A large part of the book focuses on how to ask the right question. In chapter 1, the authors write that every good data analysis project begins with setting a goal and creating one or more research questions. Without a well-formed question guiding the analysis, you may wasting time and energy seeking convenient answers in the data, or worse, you may end up answering a question that nobody was asking in the first place.

The value of the book is that it shows the reader how to focus on context and purpose of the data analysis by setting the research question appropriately; rather than simply parsing large amounts of data. It's ultimately irrelevant if you can use Hadoop to process petabytes of data if you don't know what you are looking for.

Visualization is a large part of what this book is about, and in chapter 6 — Visualizing Security Data, the book notes that the most efficient path to human understanding is via the visual sense. It goes on to details the many advantages data visualization has, and the key to making it work.

As important as visualization is, describing the data is equally important. In chapter 7, the book introduces the VERIS(Vocabulary for Event Recording and Incident Sharing) framework. VERIS is a set of metrics designed to provide a common language for describing security incidents in a structured and repeatable manner. VERIS helps organizations collect useful incident-related information and to share that information, anonymously and responsibly with others.

The book shows how you can use dashboards for effective data visualization. But the authors warn that a dashboard is not an art show. They caution that given the graphical nature of dashboards, it's easy to fall into the trap of making them look like pieces of modern or fringe art; when they are far more akin to architectural and industrial diagrams that require more controlled, deliberate and constrained design.

As to dashboards the authors do not like, they consider the Cyber Security Situational Awarenessto be glitzy but not informative. Personally, I thought the dashboard has a lot of good information.

The book uses the definition of dashboard according to Stephen Few, in that it's a "visual display of the most important information needed to achieve one or more objectives that has been consolidated in a single computer screen so it can be monitored at a glance". The book enables the reader to create dashboards like that.

Data-Driven Security: Analysis, Visualization and Dashboards is a superb book written by two experts who provide significant amounts of valuable information in every chapter. For those that are willing to put the time and effort into the serious amount of work that the book requires, they will find it a vital resource that will certainly help them achieve much higher levels of security.

Reviewed by Ben Rothke.

You can purchase Data-Driven Security: Analysis, Visualization and Dashboards from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books we have available from our review library please let us know.

Project Tango is part of Google's Advanced Technology and Projects group (ATAP), which Wikipedia says was "...formerly a division of Motorola." Tango's goal is "to give mobile devices a human-scale understanding of space and motion." We humans and our forebears have spent millions of years learning to sense our surroundings, not as a set of static 2D images, but in 3D with motion. This YouTube video starring Johnny Lee, the Tango project lead Tim interviewed at Google I/O 2014, gives you some decent insight into Project Tango's goals -- in addition to our video, that is. (Alternate Slashdot Video Link)

Project Tango is part of Google's Advanced Technology and Projects group (ATAP), which Wikipedia says was "...formerly a division of Motorola." Tango's goal is "to give mobile devices a human-scale understanding of space and motion." We humans and our forebears have spent millions of years learning to sense our surroundings, not as a set of static 2D images, but in 3D with motion. This YouTube video starring Johnny Lee, the Tango project lead Tim interviewed at Google I/O 2014, gives you some decent insight into Project Tango's goals -- in addition to our video, that is. (Alternate Slashdot Video Link)

Jim Hall (2985) writes "In a June 29, 1994 post in comp.os.msdos.apps on USENET, a physics student announced an effort to create a completely free version of DOS that everyone could use. That project turned into FreeDOS, 20 years ago! Originally intended as a free replacement for MS-DOS, FreeDOS has since advanced what DOS could do, adding new functionality and making DOS easier to use. And today in 2014, people continue to use FreeDOS to support embedded systems, to run business software, and to play classic DOS games!"

Last week at Google I/O, the company introduced Cardboard, its cheap-and-cheerful (it's made of cardboard, after all) approach to nearly instant VR viewing. It's no Oculus Rift — lacking the Rift's connection to a powerful backend PC, it can't do the same heavy lifting. In fact, it looks sort of like a prank, and the announcement at I/O that everyone at the conference would be getting "a piece of cardboard" drew a lot of chuckles. Gigaom argues that it's nonetheless extremely valuable, because it makes immersive viewing easy and cheap for anyone with a fairly capable smartphone — a pretty satisfying experience in itself, and a good taste of what even higher-end viewers can bring. "In addition to the Cardboard app," writes an anonymous reader, "Google has pushed out an updated version of Google Maps which includes a VR mode for Street View." And if you weren't blessed with an I/O pass, and aren't sure about your skills cutting one out of a pizza box, note that you can buy a kit for about $25, including the RF tag that will tell a phone to fire up the Cardboard app. (The linked article says an aluminum version is in the works from at least one company; I'd like to see one in corrugated plastic — strong but light — and with connection points for a headstrap.) If you've made something similar (or would like to), what would you improve in the design or feature set? (Look soon for a video introduction to Cardboard with Google VP Clay Bavor, too.)

First time accepted submitter Peter Hudson (3717535) writes Cory Doctorow writes on boingboing.net "BitLit works with publishers to get you free or discounted access to digital copies of books you own in print: you use the free app for Android and iOS to take a picture of the book's copyright page with your name printed in ink, and the publisher unlocks a free or discounted ebook version. None of the Big Five publishers participate as yet, but indies like O'Reilly, Berrett-Koehler, Red Wheel Weiser, Other Press, Greystone, Coach House, Triumph, Angry Robot, Chicago Review, Dundurn, and PM Press (publishers of my book The Great Big Beautiful Tomorrow) are all in."

schwit1 (797399) writes with word that, after revelations that Verizon assisted the NSA in its massive surveillance program, Germany is cutting ties with Verizon as their infrastructure provider. From the article: The Interior Ministry says it will let its current contract for Internet services with the New York-based company expire in 2015. The announcement comes after reports this week that Verizon and British company Colt provide Internet services to the German parliament and other official entities. ... Ministry spokesman Tobias Plate said Thursday that Germany wants to ensure it has full control over highly sensitive government communications networks.

Last fall, Newegg lost a case against patent troll TQP for using SSL with RC4, despite arguments from Diffie of Diffie-Hellman key exchange. Intuit was also targeted by a lawsuit for infringing the same patent, and they were found not to be infringing. mpicpp (3454017) sends this excerpt from Ars: U.S. Circuit Judge William Bryson, sitting "by designation" in the Eastern District of Texas, has found in a summary judgment ruling (PDF) that the patent, owned by TQP Development, is not infringed by the two defendants remaining in the case, Intuit Corp. and Hertz Corp. In a separate ruling (PDF), Bryson rejected Intuit's arguments that the patent was invalid. Not a complete victory (a clearly bogus patent is still not invalidated), but it's a start.

Google I/O, the company's annual developer tracking^wdevelopers conference, has opened today in San Francisco. This year the company has reduced the number of conference sessions to 80, but also promised a broader approach than in previous years -- in other words, there may be a shift in focus a bit from Google's best known platforms (Chrome/Chrome OS and Android). Given its wide-ranging acquisitions and projects (like the recent purchase of Nest, which itself promptly bought Dropcam, the ever smarter fleet of self-driving cars, the growing number of Glass devices in the wild, and the announcement of a 3D scanning high end tablet quite unlike the Nexus line of tablets and phones), there's no shortage of edges to focus on. Judging from the booths set up in advance of the opening (like one with a sign announcing "The Physical Web," expect some of the stuff that gets lumped into "the Internet of Things." Watch this space -- updates will appear below -- for notes from the opening keynote, or follow along yourself with the live stream, and add your own commentary in the comments. In the days to come, watch for some video highlights of projects on display at I/O, too. Update: 06/25 17:41 GMT by T : Updates rolling in below on Android, wearables, Android in cars, Chromecast, smart watches, etc.Keep checking back! (Every few minutes, I get another chunk in there.) Note: the notes below are taken live from the I/O keynote; they're rough, and they'll keep getting cleaned up throughout. Please add corrections, amplifications, etc. in the comments below!

Update 1:

After a a quick glance at a few of the viewing parties around the world (taking place in 85 countries, 6 continents -- We get a glance at London, Brazil, and an all-female delegation in Nigeria ) VP of Apps Sundar Pichai Sr presented a few stats:

First, phones: Last year, there were 538 million active Android phone users -- now, says Puchai, 1.1 billion active users (20 billion texts, 93M selfless of which he says "about 31 M "are not faces."); phones checked 100B times/day.

Android tablets, he says, are up this year from 46pct of global market share to 62pct in 2014, when it comes to shipments. (And looking at YouTube use as a proxy: 28%last year, 2014 42%. App installs: up 236%.

Another stat that got a big round of applause: this year's IO has 20% women, more than 1000, up from 8% last year.

Pichai introduces Android One initiative, to get Android phones to price-sensitive market : Stock Android (same stock bar as in Nexus phones), plus allow OEMs to add their own stuff, but all the updates for system software comes straight from (Example phone from Micromax: 4.5", SD car, dual sim, FM radio: "costs less than $100" "launching w 3 OEMs in India next year: Karbonn, micromax, and Spice.)

Update 2:

Preview of Upcoming L release: Matthias Duarte VP design, on the look:

What is pixels had not just color, but depth? What is they can change shape in response to touch? "Material design," says Duarte, is the new watchword. A material that can change shape physically is difficult; but now UI elements can use specified depth elements, and the Android framework will do things like apply virtual light sources to give the elements evident placement.

• Typography Introduces font consistency -- using the font "robot" -- so you can use the same one on all hardware (he mentions watch, TV, tablet
• Rich, animated touch feedback.
• Animated icons for printer, play, etc.
• In L, developers can create "seamless animation from any screen to any other, between activities, and even between apps."

• Introduces Polymer, which also brings the same features to desktop development.

• Unified set of style guidelines for developers and designers. First draft out today at google.com/design.

Update 3: Avni Shah on Mobile web experience

• Chrome on Mobile 27m last year, now 300m -- 10x growth
• "Material design" again; physical-ish card-based searching: search results smoothly animate, include intelligent suggestions.
• redesigned recents -- "Recent" list integrates both apps and Chrome tabs
• Search improvements: Searching integrates recent use of apps and tabs, too: opening Yelp or OpenTable can drag in a recent searches, so for instance a search for a restaurant in your recent history will take you instantly to a restaurant if you open a restaurant-related app.
• app indexing

Update 4: Dave Burke, on the features:

The short view:

• New material theme
• Lockscreen notifications
• Prioritized notifications
• Head up notifications

ART, the new runtime in L

• supports mix of AOT, JIT, and Interpreted
• truly cows platform: ARM, x86, etc.

64-bit compatible:

• larger number registers
• newer instruction sets/li>
• increased addressable memory space/li>
• cross platform/li>

Graphics -- big upgrades in Android extension pack:

• tessellation
• geometry tools
• improved shaders
• Unreal engine running on NVIDIA-based tablet -- impressive rendering

Project Volta:

• improved battery instrument ion (battery historian -- lets you match)
• Battery Saver -- can extend us up to 90 minutes "witina typical day's use"

Other bits:

• Starting in Fall, you'll see high-end ("PC gaming performance in your packet") tablets shipping.
• Increased battery life.
• New garbage collector, memory allocator
• Tomorrow morning, L previews for Nexus devices, and SDK available to developers.

• Update 5:
  Pichai takes a dig :Custom keyboards, widgets -- those things happened in Android 4-5 years ago." Google Play Services ship every 4-6 weeks. Wants voice to be a major source of input:

• context aware

• voice enabled alls

• seamless
• emphasizes phone as the entry point, since users "always have their phone."

Update 6:

David Singleton: Dire Engineering, Android, on Android wearables:

• 3 months ago, Android Wear SDK introduced.
• both square and round screens supported
• sensors for information, and " to help you reach your fitness goals"
• Demonstrates "stream of cards" interface
• emphasizes the "material design" of this: rich touch-based interaction; long presses, wipes, etc. can give the small surface a lot of flexibility.
• voice reminders: "Remind me to check my mail when I get home" -- "home" is a recognized location, too.
• slight demo failure in showing voice input on Google Wear watch, but "moving on, that note *would* have been saved "
• from wrist, quick replies can be sent, calls can be rejected / sent to voice mail; phone an also be set to Do Not Disturb with a single swipe.Can be used to control devices around you, with voice controls
• ("play some music" to control enabled devices, with playback display on wrist.)
• heartbeat sensors
• turn by turn dirs on the wrist, from Google maps
• Full Android Wear SDk out today: most API from Android available here, which means you can do things like read the sensors etc. to make apps that run on the watch itself, as well as ones that connect as an interface to a phone or other device.
• Demo of Eat24 shows (and gets oddly huge applause) ordering and paying for pizza straight from a phone; guess this a pro-pizza crowd. Bigger applause when he says this runs on the watch itself,
• apps can be synched such that reading text on phone scrolls in on watch and vice versa
• big applause for claim that all the new watches are water resistant, so not risky to cook with them. (Food references again ;))
• Lyft app: "Call me a car" into watch, gets location from phone, calls a driver. Pretty slick.
• LG watch: available to order later today
• Samsung joining the Android War set (also available later today); Moto 360 -- "later this summer" draws uniform groans from crowd.

Update 7: Patrick Brady on bringing Android to the car

• intros Android Auto - connected apps and service s drivers want in the car
• Andy Brenner, product manager, shows how a phone connected to a car's display can integrate with the phone, while the apps all run on the phone.
• simplified display, just a few app icons, simple control surfaces
• Navigation, audio controls
• Google maps: in Auto, local search, suggestions, live traffic, turn-by-turn nav
• Completely voice enabled: Demo: "How late is the de Young museum open?" gets a spoken reply, to which "Navigate there" does what you'd hope it would -- starts navigation, with map.
• Voice enabled messaging
• Big applause line: "Today we're announcing the Google Auto SDK."
• More than 40 automakers signed up for Open Automotive alliance, first cars "before the end of this year."

Update 8: Dave Burke back for Android in the living room:

• introduces Android TV: "not a new platform: just same level of attention as tablets and phones have gotten:" one SDK for all form factors
• In L, Live TV -- gives way to integrate sources like HDMI.
• Press Home, it overlays over the live content. Not quite Apple TV remote, but nicely simplified options.
• Basically just needs a D-pad style input device; an Android watch, phone, etc, works for this. Surely there will be dedicated devices, too.
• Voice a big one, incl. for complex searches ""Oscar nominated movies of 2012"
• 10-foot view UI emphasis
• Gameplay through Android TV on "the biggest screen in your house."
• You can also use it like a Chromecast -- play phone / tablet through TV, stereo, etc.
• Says new lines from Sony, Sharp, Philips, will all run it; more from Acer, Asus, etc. later.
• Console style gaming.
• SDK: ADT one, available to debs through sign-up page.

Update 9: Rishi Chandra on Chromecast:

• Google Cast, as mentioned, coming to Google TV devices
• Lots of Google Cast Ready Apple's: went from just a few (like NetFlix) to many dozens. Any developer (iOS, ChromeOS, Android) can extend their app to the Google Cast world through SDK.
• Today, announcing new list of apps at Chromecast.com/app
• Easy authentication (opt-in feature, so you can control, though), no complicated hassle of adding a new user who wants to show you a quick home movie.
• When TVs not being watched? New "GoogleCast "ambient" experience background pictures, etc. (Pretty, but wouldn't it be nice to save the electricity, in most cases?) Some nice eye candy in form of curated, "safe" pictures though, and fun geographic-centric ones, too, drawn from Google Earth.
• Emphasis on Voice search
• All android devices can be attached / streamed through it

Update 10: Sundar Pichae back again to talk ChromeOS and Android for Work:

• Top 10 highest rated lap opts on Amazon: all chromebooks 6x growth this year in k-12 schools
• notices from phone can now show up on Chromebooks
• apps, too: This seems to be couched in "some apps," *but* for those apps (like Evernote), "everything just works." On the Chromebook as it is on the phone or tablet, forever and ever, amen.
• Flipboard, too.
• Profiles: lets you use corporate stuff, but with full separation of data, and high security.
• For developers, no modification of existing apps needed.
• Gives a nod to Samsung for developing Knox, says that work is now integrated with the Android ecosystem.
• In fall, a certified Android to work program.
• Announces Native office editing within Google Docs suite of editors -- works on MS Office docs directly (nice!) rather than converting to Google Docs as intermediary.

Update 11: Urs Hoelzle on Google Cloud platform

(Delayed by lunch lines and network downtime -- sorry)

• Compute - compute engine, app engine
• Storage - cloud storage, cloud SQL
• App Service - Big Query, Cloud endpoints
• No need for constructs of upfront purchase
• New cloud debugging features: Cloud save, Debugger, Trace, Monitoring (comes from Stackdriver, recent Google acquisition)
• Announces Cloud Dataflow: managed service for analyzing arbitrarily large datasets, either batch or in real time. Eric Schmidt demos with World Cup data.

[Note: Hoelzle interrupted by protester: "You all work for a totalitarian company that builds robots to kill people."]

Update 12: Elllie Powers: Project Manager for Google Play

• Her domain: how Google helps developers create, distribute (including searchability), and monetize apps
• making testing easier: Announces that "the appurify team is joining Google"; cross-platform cloud testing service
• Google fit platform preview - single set of APIs to manage apps, sensors on cross-platform devices, incl. wearables. This is coming "in a few weeks."

Update 13: And finally ...

Google IO has a tradition of giving out cool hardware to attendees; this year, the first thing announced is low-key by any standards, never mind the glare of the tablets, phones, etc. that have been handed out are previous IOs: called Cardboard, it's the result of one of the "20 percent" projects that Google employees are encouraged to take part in: A chunk of cardboard slightly wider and slightly thinner than a trade paperback can be folded and velcroed in place to create a pair of goggles, into which a smartphone can be inserted. Instant movie viewing environment for the airplane, if you don't mind feeling curious stares. It's no Occulus Rift; maybe it's best used as a stereoscope.

The real swag at I/O this year, though, is a smart watch, or rather two of them: Samsung and LG watches will be given out tomorrow to the several thousand attendees (one each), and later in the summer, Motorola's will be, too. (By post.) Interesting: there aren't that many modern computing devices with round interfaces. (Not zero, but not many.)

benrothke (2577567) writes Having worked at the same consulting firm and also on a project with author J.J. Stapleton (full disclosure); I knew he was a really smart guy. In Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity, Stapleton shows how broad his security knowledge is to the world. When it comes to the world of encryption and cryptography, Stapleton has had his hand in a lot of different cryptographic pies. He has been part of cryptographic accreditation committees for many different standard bodies across the globe. Keep reading for the rest of Ben's review. Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity author J.J. Stapleton pages 355 publisher Auerbach Publications rating 8/10 reviewer Ben Rothke ISBN 978-1466592148 summary Great guide to enterprise authentication from an expert The premise of the author and the need for the book is that the traditional information security CIA triad (confidentiality, integrity, availability) has led to the situation where authentication has to a large part gotten short shrift. This is a significant issue since much of information security is built around the need for strong and effective authentication. Without effective authentication, networks and data are at direct risk for compromise.

The topic itself is not exactly compelling (that is, unless you like to read standards such as ANSI X9.42-2003: Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, ISO/IEC 9798-1:2010: Information technology — Security techniques — Entity authentication,etc.), so the book is more of a detailed technical reference. Those looking for a highly technical overview, interoperability guidance, and overall reference will find the book most rewarding.

For those who don't have a general background on the topic; it may be a book too deep and technical for those looking for something more in line of a CISSP preparation guide.

For those that want to know the deep underpinnings of how encryption algorithms work; they can simply read the RFC's and standards themselves. What the book brings to the table are details about how to effectively implement the standards and algorithms in the enterprise; be it in applications, policies; or the specific procedures to meet compliance and standards requirements. And that is where Stapleton's many decades of experience provide significant and inestimable value.

There are many reasons why authentication systems fail and many times it is due to interoperability issues. Stapleton details how to ensure to minimize those faults in order to achieve seamless authentication across multiple technologies and operating systems.

The 7 chapters cover a dense amount of information around the 3 core topics. The book is for the reader with a solid technical background. While it may be listed as an exploratory text, it is not like a For Dummies title.

As per its title, it covers confidentiality, authentication and integrity; in addition to other fundamental topics of non-repudiation, privacy and key management.

One of the ways Stapleton brings his broad experience to the book is in the many areas where he compares different types of cryptosystems, technologies and algorithms. This enables the reader to understand what the appropriate type of authentication is most beneficial for the specific requirement.

For example, in chapter 7, the book provides a really good comparison and summary of different cryptographic modules, including how they are linked to various standards from NIST, NSA, ANSI and ISO. It does the same for a comparison of cryptographic key strengths against various algorithms.

An interesting observation the book makes when discussing the DES encryption algorithm, is that all of the talk of the NSA placing backdoors in it are essentially false. To date, no known flaws have been found against DES, and that after being around for over 30 years, the only attack against DES is an exhaustive key attack. This type of attack is where an adversary has to try each of the possible 72 quadrillion key (256permutations – as the key is 56 bits long) until the right key is discovered.

That means that the backdoor rumors of the NSA shortening the length of the substitution ciphers (AKA s-boxes), was not to weaken it necessarily. Rather it was meant to block DES against specific types of cryptanalytic attacks.

While the book is tactical; the author does bring in one bit of trivia when he writes that the ISO, often known as the International Organization for Standardization, does not in truth realty stand for that. He notes that the organizations clearly states on its web page that because International Organization for Standardization would have different acronyms in different languages (IOS in English, OIN in French for Organization internationale de normalization, etc.); its founders decided to give it the short form ISO. ISO is derived from the Greek isos, meaning equal. Whatever the country, whatever the language, the short form of the name is always ISO.

While that is indeed ultimately a trivial issue, I have seen certification exams where they ask what that acronym stands for. Perhaps a lot of CISSP's need to have their credentials revoked.

While Stapleton modifies the CIA triad, the book is not one of a security curmudgeon, rather of a security doyen. For anyone looking for an authoritative text on how to fully implement cross-platform security and authentication across the enterprise, this is a valuable reference to get that job done.

Reviewed by Ben Rothke

You can purchase Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books are available from our review library please let us know.

benrothke (2577567) writes Having worked at the same consulting firm and also on a project with author J.J. Stapleton (full disclosure); I knew he was a really smart guy. In Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity, Stapleton shows how broad his security knowledge is to the world. When it comes to the world of encryption and cryptography, Stapleton has had his hand in a lot of different cryptographic pies. He has been part of cryptographic accreditation committees for many different standard bodies across the globe. Keep reading for the rest of Ben's review. Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity author J.J. Stapleton pages 355 publisher Auerbach Publications rating 8/10 reviewer Ben Rothke ISBN 978-1466592148 summary Great guide to enterprise authentication from an expert The premise of the author and the need for the book is that the traditional information security CIA triad (confidentiality, integrity, availability) has led to the situation where authentication has to a large part gotten short shrift. This is a significant issue since much of information security is built around the need for strong and effective authentication. Without effective authentication, networks and data are at direct risk for compromise.

The topic itself is not exactly compelling (that is, unless you like to read standards such as ANSI X9.42-2003: Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, ISO/IEC 9798-1:2010: Information technology — Security techniques — Entity authentication,etc.), so the book is more of a detailed technical reference. Those looking for a highly technical overview, interoperability guidance, and overall reference will find the book most rewarding.

For those who don't have a general background on the topic; it may be a book too deep and technical for those looking for something more in line of a CISSP preparation guide.

For those that want to know the deep underpinnings of how encryption algorithms work; they can simply read the RFC's and standards themselves. What the book brings to the table are details about how to effectively implement the standards and algorithms in the enterprise; be it in applications, policies; or the specific procedures to meet compliance and standards requirements. And that is where Stapleton's many decades of experience provide significant and inestimable value.

There are many reasons why authentication systems fail and many times it is due to interoperability issues. Stapleton details how to ensure to minimize those faults in order to achieve seamless authentication across multiple technologies and operating systems.

The 7 chapters cover a dense amount of information around the 3 core topics. The book is for the reader with a solid technical background. While it may be listed as an exploratory text, it is not like a For Dummies title.

As per its title, it covers confidentiality, authentication and integrity; in addition to other fundamental topics of non-repudiation, privacy and key management.

One of the ways Stapleton brings his broad experience to the book is in the many areas where he compares different types of cryptosystems, technologies and algorithms. This enables the reader to understand what the appropriate type of authentication is most beneficial for the specific requirement.

For example, in chapter 7, the book provides a really good comparison and summary of different cryptographic modules, including how they are linked to various standards from NIST, NSA, ANSI and ISO. It does the same for a comparison of cryptographic key strengths against various algorithms.

An interesting observation the book makes when discussing the DES encryption algorithm, is that all of the talk of the NSA placing backdoors in it are essentially false. To date, no known flaws have been found against DES, and that after being around for over 30 years, the only attack against DES is an exhaustive key attack. This type of attack is where an adversary has to try each of the possible 72 quadrillion key (256permutations – as the key is 56 bits long) until the right key is discovered.

That means that the backdoor rumors of the NSA shortening the length of the substitution ciphers (AKA s-boxes), was not to weaken it necessarily. Rather it was meant to block DES against specific types of cryptanalytic attacks.

While the book is tactical; the author does bring in one bit of trivia when he writes that the ISO, often known as the International Organization for Standardization, does not in truth realty stand for that. He notes that the organizations clearly states on its web page that because International Organization for Standardization would have different acronyms in different languages (IOS in English, OIN in French for Organization internationale de normalization, etc.); its founders decided to give it the short form ISO. ISO is derived from the Greek isos, meaning equal. Whatever the country, whatever the language, the short form of the name is always ISO.

While that is indeed ultimately a trivial issue, I have seen certification exams where they ask what that acronym stands for. Perhaps a lot of CISSP's need to have their credentials revoked.

While Stapleton modifies the CIA triad, the book is not one of a security curmudgeon, rather of a security doyen. For anyone looking for an authoritative text on how to fully implement cross-platform security and authentication across the enterprise, this is a valuable reference to get that job done.

Reviewed by Ben Rothke

You can purchase Security without Obscurity: A Guide to Confidentiality, Authentication and Integrity from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page. If you'd like to see what books are available from our review library please let us know.

think_nix (1467471) writes The EU Parliament is paving the way for EU Nation States to decide on banning or allowing GMO foods within their respective territories. An further article at Der Spiegel (German) (Google translation) quotes the German Health Minister's claim that if countries cannot specifically, scientifically argue for a ban, this would allow GMO companies to initiate legal actions against the banning ruling states. Furthermore it was noted, given EU Parliaments current stance on not reintroducing border and customs controls between member states, this will make checks and controls of GMO foods between member states even more difficult.

capedgirardeau writes: An update to the Google Play store now groups app permissions into collections of related permissions, making them much less fine grained and potentially misleading for users. For example, the SMS permissions group would allow an app access to both reading and sending SMS messages. The problem is that once an app has access to the group of permissions, it can make use of any of the allowed actions at any time without ever informing the user. As Google explains: "It's a good idea to review permissions groups before downloading an app. Once you've allowed an app to access a permissions group, the app may use any of the individual permissions that are part of that group. You won't need to manually approve individual permissions updates that belong to a permissions group you've already accepted."

Nexus Unplugged (2495076) writes 'On their security blog today, Google announced a new Chrome extension called "End-To-End" intended to make browser-based encryption of messages easier for users. The extension, which was rumored to be "underway" a couple months ago, is currently in an "alpha" version and is not yet available pre-packaged or in the Chrome Web Store. It utilizes a Javascript implementation of OpenPGP, meaning that your private keys are never sent to Google. However, if you'd like to use the extension on multiple machines, its keyring is saved in localStorage, which can be encrypted with a passphrase before being synced. The extension still qualifies for Google's Vulnerability Reward Program, and joins a host of PGP-related extensions already available for Chrome.' Google also published a report showing how much email is encrypted in transit between Gmail addresses and those from other providers.

Nexus Unplugged (2495076) writes 'On their security blog today, Google announced a new Chrome extension called "End-To-End" intended to make browser-based encryption of messages easier for users. The extension, which was rumored to be "underway" a couple months ago, is currently in an "alpha" version and is not yet available pre-packaged or in the Chrome Web Store. It utilizes a Javascript implementation of OpenPGP, meaning that your private keys are never sent to Google. However, if you'd like to use the extension on multiple machines, its keyring is saved in localStorage, which can be encrypted with a passphrase before being synced. The extension still qualifies for Google's Vulnerability Reward Program, and joins a host of PGP-related extensions already available for Chrome.' Google also published a report showing how much email is encrypted in transit between Gmail addresses and those from other providers.

Nexus Unplugged (2495076) writes 'On their security blog today, Google announced a new Chrome extension called "End-To-End" intended to make browser-based encryption of messages easier for users. The extension, which was rumored to be "underway" a couple months ago, is currently in an "alpha" version and is not yet available pre-packaged or in the Chrome Web Store. It utilizes a Javascript implementation of OpenPGP, meaning that your private keys are never sent to Google. However, if you'd like to use the extension on multiple machines, its keyring is saved in localStorage, which can be encrypted with a passphrase before being synced. The extension still qualifies for Google's Vulnerability Reward Program, and joins a host of PGP-related extensions already available for Chrome.' Google also published a report showing how much email is encrypted in transit between Gmail addresses and those from other providers.

Nexus Unplugged (2495076) writes 'On their security blog today, Google announced a new Chrome extension called "End-To-End" intended to make browser-based encryption of messages easier for users. The extension, which was rumored to be "underway" a couple months ago, is currently in an "alpha" version and is not yet available pre-packaged or in the Chrome Web Store. It utilizes a Javascript implementation of OpenPGP, meaning that your private keys are never sent to Google. However, if you'd like to use the extension on multiple machines, its keyring is saved in localStorage, which can be encrypted with a passphrase before being synced. The extension still qualifies for Google's Vulnerability Reward Program, and joins a host of PGP-related extensions already available for Chrome.' Google also published a report showing how much email is encrypted in transit between Gmail addresses and those from other providers.

Nexus Unplugged (2495076) writes 'On their security blog today, Google announced a new Chrome extension called "End-To-End" intended to make browser-based encryption of messages easier for users. The extension, which was rumored to be "underway" a couple months ago, is currently in an "alpha" version and is not yet available pre-packaged or in the Chrome Web Store. It utilizes a Javascript implementation of OpenPGP, meaning that your private keys are never sent to Google. However, if you'd like to use the extension on multiple machines, its keyring is saved in localStorage, which can be encrypted with a passphrase before being synced. The extension still qualifies for Google's Vulnerability Reward Program, and joins a host of PGP-related extensions already available for Chrome.' Google also published a report showing how much email is encrypted in transit between Gmail addresses and those from other providers.

Nexus Unplugged (2495076) writes 'On their security blog today, Google announced a new Chrome extension called "End-To-End" intended to make browser-based encryption of messages easier for users. The extension, which was rumored to be "underway" a couple months ago, is currently in an "alpha" version and is not yet available pre-packaged or in the Chrome Web Store. It utilizes a Javascript implementation of OpenPGP, meaning that your private keys are never sent to Google. However, if you'd like to use the extension on multiple machines, its keyring is saved in localStorage, which can be encrypted with a passphrase before being synced. The extension still qualifies for Google's Vulnerability Reward Program, and joins a host of PGP-related extensions already available for Chrome.' Google also published a report showing how much email is encrypted in transit between Gmail addresses and those from other providers.

theodp (442580) writes "Back in 2011, then-Google VP and now-Yahoo CEO Marissa Mayer brainstormed with BMW to sketch out an idea she had for self-driving 'little bubbles' that could ease office commutes. Here's Mayer's pitch from a BMW film short: 'All I really need is a little bubble that drives itself and when it runs into something, it doesn't hurt that much...and...you know, like it doesn't actually take up that much fuel because it's so lightweight and it's good for the environment for that reason.' So, with Google's newly-built, steering wheel-less self-driving car being described as a 'tiny bubble-car', one wonders if Google CEO Larry Page's "Tiny Bubble Car" has its roots in Mayer's 'Little Bubble Car,' especially considering the striking similarity of Mayer's concept car sketch and Google's built vehicle." Seems to me there's been plenty of concept art (as well as actual tiny bubble-like cars, even if they generallly have had steering wheels) for car designers to draw on.

theodp (442580) writes "In 2007, Congress asked Google, "How many [Google employees] are African-American?" "I don't actually have that data at my fingertips," replied Google HR Chief Laszlo Bock. Seven years later, Google finally disclosed diversity data for the first time ever, revealing that 17% of its tech workforce is female, and only 1% is Black. "Put simply," wrote Google's Bock, "Google is not where we want to be when it comes to diversity." To put things in perspective, it looks like the 1947 Brooklyn Dodgers — commemorated in last year's Google Doodle of Jackie Robinson — put up better Black diversity numbers than Google was able to muster 67 years later. Things could have been worse, but the EEOC doesn't ask for and Google chose not to disclose anything about the age makeup of its workforce, aside from a mention of the existence of Greyglers, a group "for Googlers 'of a certain age.'""

theodp (442580) writes "In 2007, Congress asked Google, "How many [Google employees] are African-American?" "I don't actually have that data at my fingertips," replied Google HR Chief Laszlo Bock. Seven years later, Google finally disclosed diversity data for the first time ever, revealing that 17% of its tech workforce is female, and only 1% is Black. "Put simply," wrote Google's Bock, "Google is not where we want to be when it comes to diversity." To put things in perspective, it looks like the 1947 Brooklyn Dodgers — commemorated in last year's Google Doodle of Jackie Robinson — put up better Black diversity numbers than Google was able to muster 67 years later. Things could have been worse, but the EEOC doesn't ask for and Google chose not to disclose anything about the age makeup of its workforce, aside from a mention of the existence of Greyglers, a group "for Googlers 'of a certain age.'""

theodp (442580) writes "In 2007, Congress asked Google, "How many [Google employees] are African-American?" "I don't actually have that data at my fingertips," replied Google HR Chief Laszlo Bock. Seven years later, Google finally disclosed diversity data for the first time ever, revealing that 17% of its tech workforce is female, and only 1% is Black. "Put simply," wrote Google's Bock, "Google is not where we want to be when it comes to diversity." To put things in perspective, it looks like the 1947 Brooklyn Dodgers — commemorated in last year's Google Doodle of Jackie Robinson — put up better Black diversity numbers than Google was able to muster 67 years later. Things could have been worse, but the EEOC doesn't ask for and Google chose not to disclose anything about the age makeup of its workforce, aside from a mention of the existence of Greyglers, a group "for Googlers 'of a certain age.'""

The EU's new rule (the result of a court case published May 13) requiring that online businesses remove on request information that is "inadequate, irrelevant or no longer relevant" has struck a chord with more than 12,000 individuals, a number that's rising fast. Other search engines, ISPs, and firms are sure to follow, but the most prominent reaction to the decision thus far, and one that will probably influence all the ones to come, is Google's implementation of an online form that users can submit to request that information related to them be deleted. The Daily Mail reports that the EU ruling "has already been criticised after early indications that around 12 per cent of applications were related to paedophilia. A further 30 per cent concern fraud and 20 per cent were about people's arrests or convictions"; we mentioned earlier this month one pedophile's request for anonymity. As the First Post story linked above puts it, the requirement that sites scrub their data on request puts nternet companies in the position of having to interpret the court’s broad criteria for information meeting the mandate's definition of "forgettable," "as well as developing criteria for distinguishing public figures from private individuals." Do you favor opt-out permissions for reporting facts linked to individuals? What data or opinions about themselves should people not be able to suppress? (Note: Google's form has this disclaimer: "We're working to finalize our implementation of removal requests under European data protection law as soon as possible. In the meantime, please fill out the form below and we will notify you when we start processing your request." That finalization may take some time, since there are 28 data-protection agencies across the EU to harmonize.)

An anonymous reader, tongue in cheek, writes"Facebook, Twitter, et al are tools for terrorists planning to do whatever terrorists do, Germany's BND has discovered. Inevitably, real-time monitoring of these sites is necessary and urgently required [original, in German], not least because that Snowden chap has shown we're running behind the U.S. and UK. And Spain. And Italy. In short, it's a national emergency — 300 million euros, presto please — and if we do this smartly, we could even get a sense of what the population outside Germany thinks. And while we're at it, why not throw in automated enemy face recognition too — and biometry and-and a program to deform the faces of our own spies' selfies, so the enemy cannot google them. Time to invest in national security startups."

An anonymous reader writes "We've known for a while now that Google is testing a new favoriting service called Google Stars, aimed at helping users save, share, and organize Web content. This is largely due to multiple leaks, detailing features as well as showing off the interface in a video and screenshots. Today, Google+ user Florian Kiersch, who has done the majority of the digging behind the service, has leaked the Google Stars extension for Google Chrome."

An anonymous reader writes "We've known for a while now that Google is testing a new favoriting service called Google Stars, aimed at helping users save, share, and organize Web content. This is largely due to multiple leaks, detailing features as well as showing off the interface in a video and screenshots. Today, Google+ user Florian Kiersch, who has done the majority of the digging behind the service, has leaked the Google Stars extension for Google Chrome."

mpicpp (3454017) writes "YouTube has released a tool that can show you how your video-streaming quality compares to your neighbor's. 'The Google Video Quality Report is available to people in the U.S. and Canada, where it launched in January. It compares your streaming video quality to three standards: HD Verified, when your provider can deliver HD video consistently at a resolution of at least 720p without buffering or interruptions; Standard Definition, for consistent video streaming at 360p; and Lower Definition, for videos that regularly play at less than 360p or often are interrupted."

jfruh (300774) writes "The revelations about the NSA's surveillance program caused particular outrage in Germany, a country that is closely allied with the United States but nevertheless found that its leader's cell phone was being snooped on. Nevertheless, the German federal prosecutor's office will not be bringing any charges against anyone, mostly because they lack enough evidence (Google translation). The decision is sparking anger among German privacy advocates."

benrothke (2577567) writes "The only negative thing to say about Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions is its title. A cursory look at it may lead the reader that this is a book for a script kiddie, when it is in fact a necessary read for anyone involved with payment systems. The book provides a wealth of information that is completely pragmatic and actionable. The problem is, as the book notes in many places, that one is constantly patching a system that is inherently flawed and broken." Keep reading for the rest of Ben's review. Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions author Slava Gomzin pages 312 publisher Wiley rating 10/10 reviewer Ben Rothke ISBN 978-1118810118 summary Superb book on POS, PCI and payment security Often after a major information security breach incidents, a public official (always in front of cameras and with many serious looking people standing in the wings) will go on TV and say something akin to "we have to make sure this never happens again".

Last year, Target was the major victim. This month, it's eBay. But after hundreds of millions of records breached, it's not that anyone is saying it won't happen again. Rather, it's inevitable it will happen many more times.

There are a number of good books on PCI, but this is the first one that looks at the entire spectrum of credit card processing. Author Slava Gomzin is a security and payments technologist at HP and as evident in the book, he lives and breathes payment technology and his expert knowledge is manifest in every chapter. His technical expertise is certain to make the reader much better informed and understand the myriad issues involved.

The book provides an excellent overview to the workings of payment systems and Gomzin is not shy about showing how insecure many payment systems are. Its 9 chapters provide a good combination of deep technical and general detail.

The reader comes out with a very good overview of how payment systems work and what the various parts of it are. For many people, this may be the first time they are made aware of entities such as processors, acquirers and gateways.

An interesting point the book raises is that it has been observed there are less breaches in Europe since they use EMV (also known as chip and pin) instead of insecure magnetic-stripe cards which are used in the US. This leads to a perception that EMV is by default much stronger. But the book notes that EMV was never designed to secure the cardholder data after the point of sale. The recent breaches at Target and Neiman Marcus were such that cardholder data was pilfered after it was in the system.

Another major weakness with EMV is it doesn't provide added security to web and online transactions. When a customer goes to a site and makes a transaction with an EMV card, it is fundamentally the same as if they would have used a magnetic stripe card. What many people don't realize also is that EMV is not some new technology. It's been around for a while. What it did was reduce the amount of fraud for physical use amongst European merchants. But the unintended consequence was that it simply moved the fraud online, where EMV is powerless.

As noted, the book provides the details and vulnerabilities of every aspect of the life of a payment card, including physical security. In chapter 4, he notes that there are numerous features that are supposed to distinguish between a genuine payment card from a counterfeited one. These include logo, embossed primary account number (PAN), card verification values and ultraviolet (UV) marks. Each one of them has their own set of limits. For the supposed security of UV marks, these are relatively easily replicated by a regular inkjet printer with UV ink.

In fact, Gomzin writes that all payment cards as they are in use today are insecure by design due to the fact that there are multiple physical security features that don't provide adequate protection from theft, and that the sensitive cardholder data information is encoded on a magnetic strip in clear text.

Gomzin has numerous PCI certifications and with all that, doesn't see PCI as the boon to payment card security as many do. He astutely observes that PCI places a somewhat myopic approach that data at rest is all that matters. Given that PCI doesn't require payment software vendors or users to encrypt application configuration data, which is usually stored in plaintext and opened to uncontrolled modification; this can allow payment application to be compromised through misconfiguration.

Even with PCI, Gomzin shows that credit card numbers are rather predictable in that their number space is in truth rather small, even though they may be 15-19 digits in length. This is due to the fact that PCI allows the first 6 and last 4 digits to be exposed in plaintext, so it's only 6 digits that need to be guessed. This enables a relatively easy brute force attack, and even easier if rainbow tables are used.

The Target breach was attributed to memory scraping and the book notes that as devastating an attack memory scraping is, there are no existing reliable security mechanisms that would prevent memory scraping.

The appendix includes a POS vulnerability rank calculator which can provide a quick and dirty risk assessment of the POS and associated payments application and hardware. The 20 questions in the calculator can't replace a formal assessment. But the initial results would likely mimic what that formal assessment would enumerate.

So what will it take to fix the mess that POS and payment systems are in now? The book notes that the system has to be completely overhauled for POS security to truly work. He notes that point-to-point encryption is one of the best ways to do that. What is stopping that is the huge costs involved in redoing the payment infrastructure. But until then, breaches will be daily news.

Hacking Point of Sale is an invaluable resource that it highly relevant to a wide audience. Be it those in compliance, information security, development, research or in your payment security group. If you are involved with payment systems, this is a necessary book.

When an expert like Slava Gomzin writes, his words should be listened to. He knows that payment breaches are inevitable. But he also shows you how to potentially avoid that tidal wave of inevitability.

Reviewed by Ben Rothke."

You can purchase Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions from amazon.com. Slashdot welcomes readers' book reviews (sci-fi included) -- to see your own review here, read the book review guidelines, then visit the submission page.

An anonymous reader writes "A Brown University project collected the background information of over 2,000 computer science professors in 51 top universities. The data shows a skew in their doctoral degrees, "Over 20% of professors received their Ph.D. from MIT or Berkeley, while more than half of professors received their Ph.D. from the [top] 10 universities." For those professors, fewer work in theoretical computer science and there is a growing trend of recent hires in systems and applications. The original data is also publicly-editable and available to download."

According to The Wall Street Journal, Google may be planning to commoditze 3-D scanning by building the tech of its Project Tango project (essentially, thus far, a phone-sized handheld with 3-D sensing capabilities) into tablets. The Register speculates: "Given that Google has already announced the Project Tango smartphone, it seems likely that it would extend the technology to tablets, and the seven-inch form factor would tie in nicely with the existing Nexus 7 design. ...Google is hoping that developers can build applications to use the scanning capabilities of the Tango hardware. Suggested topics include providing guides for visually impaired people, building gaming maps based on actual rooms, and possibly augmenting Google Maps with interior details – Street View becoming Home View perhaps?" Setting aside what brand it might bear, how would you employ a portable 3-D scanner?

An anonymous reader writes "OpenBeam USA is a Kickstarted company that builds open source aluminum construction systems (think high-quality erector sets). One of the main uses for the systems is building 3D printers, and creator Terence Tam is heavily involved in the 3D-printing community. He's now put up a blog post about some disturbing patents filed by MakerBot. In particular, he notes a patent for auto-leveling on a 3D printer. Not only is this an important upcoming technology for 3D printers, the restriction of which would be a huge blow to progress, it seems the patent was filed just a few short weeks after Steve Graber posted a video demonstrating such auto-leveling. There had also been a Kickstarter campaign for similar tech a few months earlier. Tam gives this warning: 'Considering the Stratasys — Afinia lawsuit, and the fact that Makerbot is now a subsidiary of Stratasys, it's not a stretch to imagine Makerbot coming after other open source 3D manufacturers that threaten their sales. After all, nobody acquires a patent warchest just to invite their competitors to sit around the campfire to sing Kumbaya. It is therefore vitally important that community developed improvements do not fall under Makerbot's (or any other company's) patent portfolio to be used at a later date to clobber the little guys.'"