Slashdot Mirror

theodp writes: A year after it paid $2.5 billion to buy Minecraft, Microsoft has announced a partnership with Code.org that makes a Minecraft-themed introduction to programming a signature tutorial of this year's Hour of Code, which hopes to reach 200 million schoolchildren next month in what the Microsoft-funded nonprofit is billing as the largest learning event in history. "A core part of our mission to empower every person on the planet is equipping youth with computational thinking and problem-solving skills to succeed in an increasingly digital world," said Microsoft CEO Satya Nadella in a press release, which also notes that "Microsoft is gifting Windows Store credit to every educator who organizes an Hour of Code event worldwide." Of the Minecraft tutorial, Code.org CEO Hadi Partovi gushed, "Compared to what you would otherwise be doing for school, this is, like, the best thing ever."

puddingebola writes: The FAA is reporting a record number of laser strikes on aircraft for 2015. From the article: "The Federal Aviation Administration recorded 5,352 laser strikes through Oct. 16, up from 2,837 for all of 2010. ... Some airports have reported more than 100 laser strikes this year: Los Angeles had 197; Phoenix had 183; Houston had 151; Las Vegas had 132, and Dallas-Fort Worth had 115. On July 15, during a 90-minute period, 11 airliners and one military aircraft reported laser strikes near New York City-area airports. Those incidents remain under investigation by the FAA, FBI and New Jersey state police."

schwit1 writes with news about a vast wiretapping program and questions about its legality. USA Today reports: "Federal drug agents have built a massive wiretapping operation in the Los Angeles suburbs, secretly intercepting tens of thousands of Americans' phone calls and text messages to monitor drug traffickers across the United States despite objections from Justice Department lawyers who fear the practice may not be legal. Nearly all of that surveillance was authorized by a single state court judge in Riverside County, who last year signed off on almost five times as many wiretaps as any other judge in the United States. The judge's orders allowed investigators — usually from the U.S. Drug Enforcement Administration — to intercept more than 2 million conversations involving 44,000 people, federal court records show."

theodp writes: Mattel came under fire last November over its portrayal of Computer Engineer Barbie as incompetent. But the toymaker is now drawing kudos for its new Imagine the Possibilities Barbie ad campaign (video), which shows little girls pretending to be professionals in real-life settings, including a college professor lecturing students about the brain. Ad Age, however, is cynical of the empowering spin on Barbie, which it says "comes across as a manipulative way to silence criticism." Interestingly, some of that criticism may have come from the White House.

WH Visitor Records show that Barbie's brainy makeover came after Mattel execs — Evelyn Mazzocco, Julia Pistor, Heather Lazarus — were summoned to the White House last April to meet with the White House Council on Women and Girls. A little Googling suggests other attendees at the sit-down included representatives of the nation's leading toy makers (Disney Consumer, Nickelodeon, Hasbro, American Girl), media giants (Disney Channels, Viacom, TIME, Scholastic, Univision, Participant Media, Cartoon Network, Netflix), retailers (Walmart, Target), educators, scientists, the U.S. Dept. of Education (including the Deputy Director of Michelle Obama's Reach Higher Initiative), philanthropists (Rockefeller, Harnisch Foundations) — and Google. Representing Google was CS Education in Media Program Manager Julie Ann Crommett, who has worked with Disney to shape programming to inspire girls to pursue CS in conjunction with the search giant's $50 million Made With Code initiative.

The April White House meeting appears to be a reschedule of a planned March meeting that was to have included other Mattel execs, including Stephanie Cota, Venetia Davie, and Lori Pantel, to whom the task of apologizing for Computer Engineer Barbie fell last November. For the first time in over a decade, Barbie was no longer the most popular girls' toy last holiday season, having lost her crown to Disney Princesses Elsa and Anna, who coincidentally teamed up with Google-backed Code.org last December to "teach President Obama to code" at a widely-publicized White House event.

The New York Times reports that the European Parliament has voted to adopt "a nonbinding but nonetheless forceful resolution" urging the EU's member nations to recognize Edward Snowden as a whistleblower, rather than aid in prosecuting him on behalf of the United States government. From the article: Whether to grant Mr. Snowden asylum remains a decision for the individual European governments, and thus far, none have done so. Still, the resolution was the strongest statement of support seen for Mr. Snowden from the European Parliament. At the same time, the close vote — 285 to 281 — suggested the extent to which some European lawmakers are wary of alienating the United States. ... The resolution calls on European Union members to "drop any criminal charges against Edward Snowden, grant him protection and consequently prevent extradition or rendition by third parties." Also at Wired, USA Today and many others; Snowden himself has tweeted happily about the news.

schwit1 writes: Lessig has raised a million dollars, which is nothing to sneeze at, but he's being given the cold shoulder by the Democrats when it comes to participating in the debates. I think he's got a good argument for being included — he's certainly as serious a candidate as some of the others, and I'm hearing a lot about his campaign.

Why are they keeping Lessig out? According to Lessig, it's for the same reason he wants in: "My view is that if we can get this message [of reform] into the debate it would change the dynamics of this Democratic primary entirely. This issue framed in this way totally blows up the Democratic primary."

Hillary and Bernie, he says, are promising the moon to voters, but can't deliver. Lessig told me, "If I can get on that stage and say the rocket can't get off the ground, and we have to change this dynamic first," the narrative shifts in a way that the leading candidates can't address.

After getting caught cheating on emissions testing by means of software, Volkswagen could face up to $18 billion in fines, reports USA Today. That number is based on the company being assessed the maximum penalty of $37,500 per affected vehicle. That's not the only bad news for Volkswagen, which has halted sales of its 4-cylinder diesel cars; the linked article reports that the violations "could also invite charges of false marketing by regulators, a vehicle recall and payment to car owners, either voluntarily or through lawsuits. Volkswagen advertised the cars under the 'Clean Diesel' moniker. The state of California is also investigating the emissions violations."

theodp writes: An NSF-funded evaluation of the Microsoft TEALS program — which sends volunteer software engineers with no teaching experience into high schools to teach kids and their teachers computer science — isn't scheduled to be completed until 2018. But having declared a K-12 CS education emergency (which it's linked to an H-1B visa emergency), Microsoft is going full speed ahead and spending $75 million to boost computer science in schools. The software giant told USA today that it aims to put TEALS in 700 high schools in the next three years and in 4,000 over the next decade, focusing on urban and rural districts to reach more young women and minorities. "In the U.S. alone, the economy will create 1.4 million new computing jobs by the year 2022," wrote Microsoft President and Code.org Board member Brad Smith. "Yet, less than a quarter of U.S. high schools currently teach computer science. That's not enough and we're working with schools and policy-makers to change that."

JustAnotherOldGuy writes: Twittter is facing a new possible class action suit that accuses the company of violating user privacy. The lawsuit states that the company has been "systematically intercepting, reading, and altering" direct messages, most likely a reference to Twitter's long-standing practice of automatically shortening and redirecting any in-message links. The practice could be used to monitor or redirect any URLs included in a direct message, although it's generally seen as a benign extension of the company's broader link-shortening systems. In a statement to USA Today, Twitter, to nobody's surprise, insisted that the allegations are "meritless."

An anonymous reader writes: The people and agencies pushing for strict drone regulation have no trouble coming up with a list of dangerous drone-related incidents. This includes not only the recent drone crashes that have been picked up by the media, but also reports of "close calls," where drones have allegedly approached full-size aircraft. But a new study by drone hobbyists finds that most of these "close calls" were anything but. Of 764 such incidents reported to the FAA, only 27 were actually described as "near misses" by the pilots involved. None of the incidents involved mid-air collisions, and some have involved military drones rather than hobbyist ones. The people who did the study suggest that we should find a better way of classifying these drone-related situations so legislators have accurate information from which to design regulations.

An anonymous reader writes: USA TODAY obtained records through a Freedom of Information Act request indicating that the U.S. Department of Energy was targeted by over a thousand cyberattacks between October 2010 and October 2014. 159 of the attacks were successful in compromising some level of security. "Energy Department officials would not say whether any sensitive data related to the operation and security of the nation's power grid or nuclear weapons stockpile was accessed or stolen in any of the attacks, or whether foreign governments are believed to have been involved. ... The National Nuclear Security Administration, a semi-autonomous agency within the Energy Department responsible for managing and securing the nation's nuclear weapons stockpile, experienced 19 successful attacks during the four-year period, records show. ... Records show 53 of the 159 successful intrusions from October 2010 to October 2014 were 'root compromises,' meaning perpetrators gained administrative privileges to Energy Department computer systems."

HughPickens.com writes: John Koblin writes in the NY Times that there's a crisis in television programming felt among executives, viewers and critics, and it's the result of one thing: There is simply too much on television. John Landgraf, chief executive of FX Networks, reported at the Television Critics Association Summer Press Tour that the total number of original scripted series on TV in 2014 was 371. The total will surpass 400 in 2015. The glut, according to Landgraf, has presented "a huge challenge in finding compelling original stories and the level of talent needed to sustain those stories."

Michael Lombardo, president of programming at HBO, says it is harder than ever to build an audience for a show when viewers are confronted with so many choices and might click away at any moment. "I hear it all the time," says Lombardo. "People going, 'I can't commit to another show, and I don't have the time to emotionally commit to another show.' I hear that, and I'm aware of it, and I get it." Another complication is that shows not only compete against one another, but also against old series that live on in the archives of Amazon, Hulu or Netflix. So a new season of "Scandal," for example, is also competing against old series like "The Wire." "The amount of competition is just literally insane," says Landgraf.

Others point out that the explosion in programming has created more opportunity for shows with diverse casts and topics, such as "Jane the Virgin," "Transparent" and "Orange Is the New Black." Marti Noxon, the showrunner for Lifetime's "UnREAL" and Bravo's "Girlfriends' Guide to Divorce," says there has been a "sea change" in the last five years. "I couldn't have gotten those two shows on TV five years ago," says Noxon. "There was not enough opportunity for voices that speak to a smaller audience. Now many of these places are looking to reach some people — not all the people. That's opened up a tremendous opportunity for women and other people that have been left out of the conversation."

An anonymous reader writes: Google famously withdrew from mainland China in 2010 after fending off a series of cyberattacks from local sources. Now, according to a (paywalled) report from The Information, the company is working on plans to return. "As part of the deal Google is looking to strike, Google would follow the country's laws and block apps that the government objects to, one person told The Information." They're also seeking approval for a Chinese version of Google Play.

An anonymous reader writes: The Pentagon announced yesterday it is issuing a moratorium on work at nine different biodefense labs after live anthrax was discovered outside containment at Dugway Proving Ground in Utah. The facility was discovered to have been shipping live anthrax specimens — instead of dead ones — to other labs. Work can only begin again after the shuttered facilities are certain to be clean of anthrax and assured of safe conduct. "The review calls for the military labs to ensure that personnel are properly trained on lab safety procedures and that necessary maintenance is conducted on biosafety level 3 lab facilities that work with some of the most dangerous pathogens. It calls for validating record-keeping and inventories of the military's 'Critical Reagents Program' — including 'ensuring that all materials associated with the CRP are properly accounted for.'"

USA Today reports on the widespread use of stingray technology by police to track down even petty criminals and witnesses, as well as their equally widespread reluctance to disclose that use. The article focuses mostly on the city of Baltimore; by cross-checking court records against a surveillance log from the city’s Advanced Technical Team, the USA Today reporters were able to determine at least several hundred cases in which phony ("simulated") cell phone towers were used to snoop traffic. In court, though, and even in the information that the police department provides to the city's prosecutors, the use of these devices is rarely disclosed, thanks to a non-disclosure agreement with the FBI and probably a general reluctance to make public how much the department is using them, especially without bothering to obtain search warrants. From the article: In at least one case, police and prosecutors appear to have gone further to hide the use of a stingray. After Kerron Andrews was charged with attempted murder last year, Baltimore's State's Attorney's Office said it had no information about whether a phone tracker had been used in the case, according to court filings. In May, prosecutors reversed course and said the police had used one to locate him. "It seems clear that misrepresentations and omissions pertaining to the government's use of stingrays are intentional," Andrews' attorney, Assistant Public Defender Deborah Levi, charged in a court filing.

Judge Kendra Ausby ruled last week that the police should not have used a stingray to track Andrews without a search warrant, and she said prosecutors could not use any of the evidence found at the time of his arrest.

theodp writes: In Silicon Valley this week, Rep. Barbara Lee called on Apple and other holdouts among the nation's tech companies to release federal data on the diversity of their work forces. She was with other members of the Congressional Black Caucus to turn up the heat on the tech industry to hire more African Americans. "If they believe in inclusion," said Lee, "they have to release the data so the public knows that they are being transparent and that they are committed to doing the right thing." Apple has refused to make public the EEO-1 data that it routinely supplies to the U.S. Dept. of Labor on the demographics of their workers. In the absence of the race and gender data, which Apple and others historically argued were 'trade secrets' and thus not subject to release Freedom of Information requests, tech companies were free to make unchecked claims about their Black employee ranks (Google's 2007 Congressional testimony) until recent disclosures revealed otherwise. The National Science Foundation was even convinced to redirect NSF grant money specifically earmarked for getting African American boys into the computer science pipeline to a PR campaign for high school girls of all colors and economic backgrounds.

HughPickens.com writes: On July 20, Nigel Richards won the French-language world Scrabble championship. Richards does not speak a word of French. "He doesn't speak French at all, he just learnt the words," says Liz Fagerlund. "He won't know what they mean, wouldn't be able to carry out a conversation in French I wouldn't think." Richards reportedly memorized an entire French dictionary in the two months leading up to the competition. For living-room players, Scrabble is a test of vocabularies but for world-class players, it's about cold memorization and mathematical probabilities which is why top player are often computer programmers or mathematicians, not poets or novelists. Think of the dictionary as a giant rulebook of valid text strings not as a compendium of the beauty and complexity of the English language. A good competitive player will have memorized a sizeable chunk of the 83,667 words that are two letters to eight letters long. Great players will know a lot of the 29,150 nine-letter words as well.

To the uninitiated, a scrabble game played by top players looks like they had played in Martian. Here's a taste: In a single game in last year's Nationals, Richards played the following words: zarf (a metal holder for a coffee cup), waddy (to strike with a thick club), hulloed (to hallo, to shout), sajous (a capuchin, a monkey), qi (the vital force in Chinese thought), flyboats (a small, fast boat), trigo (wheat) and threaper (one that threaps, disputes). Richards has a photographic memory and is known for his uncanny gift for constructing impossible words by stringing his letters through tiles already on the board. "He is probably the best Scrabble player in the world at this point," says John D. Williams, Jr.. "He's got the entire dictionary memorized. He's pretty much a Scrabble machine, if such a thing exists." So, really, how does he do it? As Richards said in an interview posted on YouTube, "I'm not sure there is a secret. It's just a matter of learning the words." All 178,691 of them.

dkatana writes: Many European cities are moving toward a cashless economy. Some public services are not accepting cash anymore, such as parking meters, buses and transit, and city offices. (If you plan to visit Europe make sure your credit card has a chip, or you won't be able to use self-service machines.) Contactless cards, which allow people to pay easily for small transactions, are also gaining popularity. According to Finextra, a leading financial news service, "contactless is the new normal in Europe, with more than a billion tap-and-go purchases worth €12.6 billion on Visa cards in the last 12 months." In some places, cashless options are being pushed by mistrust of the banking system. At the same time, places like Germany are dead set on keeping cash as the preferred method of payment.

The L.A. Times reports that the strange spots spotted on the surface of Pluto by the New Horizons mission will be on the wrong side of the planet for the approaching fly-by that the craft will make of the smallest planet (or dwarf planet, depending) of our solar system. (The BBC makes a similar observation.) That doesn't mean that New Horizons' approach is anything short of "a spectacular event."

HughPickens.com writes: USA Today reports that the FBI is investigating at least 11 physical attacks on high-capacity Internet cables in California's San Francisco Bay Area dating back to at least July 6, 2014, including one early this week. "When it affects multiple companies and cities, it does become disturbing," says Special Agent Greg Wuthrich. "We definitely need the public's assistance." The pattern of attacks raises serious questions about the glaring vulnerability of critical Internet infrastructure, says JJ Thompson. "When it's situations that are scattered all in one geography, that raises the possibility that they are testing out capabilities, response times and impact," says Thompson. "That is a security person's nightmare."

Mark Peterson, a spokesman for Internet provider Wave Broadband, says an unspecified number of Sacramento-area customers were knocked offline by the latest attack. Peterson characterized the Tuesday attack as "coordinated" and said the company was working with Level 3 and Zayo to restore service. It's possible the vandals were dressed as telecommunications workers to avoid arousing suspicion, say FBI officials. Backup systems help cushion consumers from the worst of the attacks, meaning people may notice slower email or videos not playing, but may not have service completely disrupted. But repairs are costly and penalties are not stiff enough to deter would-be vandals. "There are flags and signs indicating to somebody who wants to do damage: This is where it is folks," says Richard Doherty. "It's a terrible social crime that affects thousands and millions of people."

A few weeks ago you had a chance to ask Brian Krebs about security, cybercrime and what it's like to be the victim of Swatting. Below you will find his answers to your questions. Cowards as affiliates
by japa

You appear dedicated on continuing reporting on cybercrime, even though it may result to harm you (swatting etc). How often have you come into situation where someone you work with states they don't want to work with you any longer as association to you may result them to being target for criminals or some such?

Krebs: I don't think I've had anyone unfriend me or stop talking to me because of what you describe, but it happens fairly often that I hear from strangers who have some information to impart but who are nervous about anyone finding out it was them who shared it.

Mostly, this comes from researchers who say they want to share some findings about something -- a specific cybercrime actor, site or service -- but in no way do they wish to be named, cited, credited or in any way referenced. It's impossible to know how many people decide it's not worth reaching out because of such concerns, but I hope it's not many.



Long term solutions?
by mlts

Right now, security is a purely defensive battle, at best we have the enemy at a stalemate, where their attacks are foiled. There is no way to "win", since the attacker usually is located in a country with little to no cyber-crime laws, or even in a hostile country that rewards it. At best, we tread water.

Would a long term solution be creating private networks like SIPRNet or NIPRNet, so that the barrier for entry is raised, so an attacker has to get onto that private network, and this might be something where physical access is needed. Not 100% secure, but it raises the bar so that attackers have to have "boots on the ground".

If not, what would be workable, other than just air-gapping as much as possible? Would it be wise for each nation to mimic China and have their own Great Firewall, so attacks have the ability to be be stopped well away from their intended targets?

Krebs: I think I understand the premise of your question, and the desire to wall everything off and/or start over. And do I detect what may be a passing reference to the money quote from Joshua in the excellent 1983 film War Games: "Strange game. The only winning move is not to play."

But, I'd have to respectfully agree with several of the commenters here in saying that I think creating a whole bunch more secret or separate networks is very much not the answer here. As someone already stated, this is actually the reality that we have today with corporate intranets, which everyone seems to have and these don't seem to do much to stop the data (s)pillage or malicious hackers getting in and having their way with the target and all of its information.

What would be wise is if the United States made it a national goal to become the world leader in developing software that is far more secure and robust than anywhere else. Unfortunately, this will probably never happen unless the market demands it, and the market generally responds to what consumers want, which is usually convenience (ease-of-use) over security.

Anyways...how about a nice game of chess?



Public Disclosure
by Anonymous Coward

Brian, Are you generally in the Responsible Disclosure camp or the Full Disclosure camp? And why? (I recognize that you may handle this on a case by case basis. In that event, what determines your approach?)

Krebs: Yeah, this definitely depends. I find it endlessly fascinating and frustrating at the same time to watch how differently organizations respond to reports about security vulnerabilities in their products, services and their own infrastructure. How they respond speaks volumes about their security maturity. Companies and organizations that lack a mature process for handling and responding to threats and vulnerabilities tend to react negatively -- lashing out at the individual reporting the weakness, ignoring the reporter, or even taking legal steps against the researcher.

Companies that have a mature process for handling this kind of thing can comparatively be a joy to work with, and are quite often grateful for anyone who privately reports their findings. The best manifestation of this is the bug bounty program, versions of which many companies are now beginning to embrace to varying degrees.

It seems like the the phrases "responsible disclosure" and "full disclosure" are sort of loaded terms at this point in the debate. It's the journalistic equivalent of framing the abortion debate in camps of "anti-abortion" and "pro-rights". Disclosure is a two-way street, and it starts with organizations taking responsibility for security holes in software and hardware that they create, sell and/or give away. When companies fail to do this in a timely manner, I think it's perfectly reasonable for researchers to disclose what they've found -- hopefully exercising a modicum of restraint in the process. The disclosure debate usually kicks into high gear when a company responsible for a serious bug in widely-used software behaves like a child when presented with research into a vulnerability in its products.

I've been fortunate enough to be a fly on the wall, if you will, in several of these vulnerability reports, watching in disbelief as the vendor hems and haws and generally stalls for time, protesting that the bug is not remotely exploitable or isn't that big of a deal for such-and-such reasons, etc. That's frustrating and again speaks to the maturity level of the organization. In my experience, most security researchers are quite content to be agreeable on disclosure timelines if they feel like the vendor is taking seriously the time and effort the researcher has spent on his findings.

Granted, there's a great deal of room for debate over what constitutes a "reasonable" amount of time to wait for the vendor to respond before going public, but I do think it's important to give the vendor at least a few weeks to respond. However, in cases where the vulnerability is actively being exploited, disclosing immediately, publicly and completely is always in the public interest.



Should We Trust Kaspersky?
by Kagato

As we seem to be heading back down into the familiar territory of the cold war I often wonder if nationalism is something we should consider when thinking about security. For instance I believe that Kaspersky is a very talented company but I can't help but to feel that they would be quite willing to turn a blind eye to malware from their own government. I hear commercials for Kaspersky threat detection software all the time but I would be hard pressed to actually use any of it. It certainly seems China, Russia and parts of Europe are taking country of origin into account when evaluating American security products. Am I wearing a tin-foil hat in feeling we should think twice about trusting Kaspersky?

Krebs: I don't think you necessarily have a tin-foil hat on. I should preface my remarks by saying that I'm sure every security firm has all kinds of dirty laundry they would prefer never saw the light of day. And I personally know many of the security researchers at Kaspersky and find them to be some of the best at what they do, and very good people as well. If it means anything, I have, for many years, used Kaspersky's software to protect my own networks. It's about the best at what it does.

That said, allow me to share an observation that really struck me on my visit to Moscow in 2011. I was a guest of Kaspersky Lab and they were very gracious and hospitable. However, I went there in large part in the hopes of rounding out some information I'd compiled about several big time cybercriminals that I was tracking at the time -- probably a dozen or so guys that I knew were definitely in Moscow and would almost certainly be known to anyone even moderately interested in cybercrime (on either side). I sat down with probably 8 or 9 different researchers at Kaspersky and in my interviews with them asked each about various individuals who were quite well known in the hacker scene in Russia but also abroad. To my surprise, nobody there would talk to me about these individuals. I have no idea if this was because of a corporate policy about it or what, but I found it singularly amazing that these experts would have so little interest in the actors who were so clearly operating under their noses.



Internet of Things
by Dr J. keeps the nerd

Hi Brian, Thanks for joining us. What are the worst mistakes we are already making on connected devices, and what should we be doing to make them less desirable as targets?

Krebs: You mean, besides connecting them in the first place? Seriously, the main reason I keep a software firewall installed on one of my machines is to learn which programs or gadgets on my home network are phoning home or who-knows-where. For the most part, we've shown ourselves to be incapable of designing or at least releasing software for mass commercial use that is not Swiss Cheese from a security perspective. So why should we expect things to be any different when we talk about network-aware devices and embedded appliances? All we've done in that case is take the buggy software and stuffed it into something that is even more difficult (if not impossible) to update.

What should we be doing to make all these devices less desirable as targets? Quit connecting them to the internet! Seriously. It would be nice if more companies that shipped devices made them disconnected from the Internet by default, or at least minimally so. But in most cases the opposite is true; the thing tries to get an IP address and you have to remember to disable a raft of features in said thing.

A lot of security is determined by the default settings, because the vast majority of users/customers never alter the defaults. With stuff that falls under the "internet of things" category, we'd all be much better off if they were more like "things with internet optional."



White vs Grey Hat
by Midnight_Falcon

Hey Brian, I'm wondering what side of the fence you think you are on. Your readership and affiliations seem to be the mainstream "white-hat" security community; but many of your tactics can be described as grey-hat at best -- e.g. doxxing hackers/malware authors/spammers, using social engineering to obtain information, etc. It seems as though this is justified because it is used against targets you perceive as being immoral, unethical, and/or worthy of such intrusion. My question is: do you feel you are a white-hat hacker, or do you think your use of black-hat tactics against black hats makes you something different?

Krebs: Not sure specifically what "grey hat" and "black hat" techniques you're referring to in particular. Also, I take issue with your assertion that I somehow practice social engineering to gain information. I'll admit to once or twice useing Spooftel to get someone who is dodging my calls to answer the phone, but I've never misrepresented myself or what I'm doing. In all of my reporting and investigation -- even with black hats -- I am up front about who I am and what I'm after.

Now, it is true that some of my reporting has been based on hacked cybercrime forums and hacked cybercriminals, but I can't recall an instance wherein I was the one responsible for the hacking. My first book, "Spam Nation," would not have been possible if two of the biggest cybercrime kingpins had not employed their top spammers and cybercrooks to break into each other’s networks and steal several years’ worth of banking and customer data, and then leak that data to Yours Truly and to the authorities. In my experience, the only thing cybercrooks like better than breaking into databases and stealing/selling data for financial gain is hacking each other for profit/amusement/insert reason here.

If I approach people on cybercrime forums, it is always just to learn more about the services and products they have to offer and are quite willing to talk about. Will I register on cybercrime forums under my own name? Of course not! Then again, nobody on those forums does that!

Actually, I *did* try to do that several years back, in two different cases. In one instance, when I told the admin in charge that I wanted the nickname "briankrebs," he laughed and said basically, "good one!" The other time I tried to claim that nickname, it was already taken.

I'll confess, though, that I've been guilty of a certain schadenfreude when it comes to writing about the arrest, conviction and or other demise of people who have -- apparently apropos of nothing -- targeted me and/or my family publicly and at the same time hidden behind an assumed veil of anonymity. These kinds of cowards consistently ruin the Internet for everyone, and I won't apologize for calling them out.

On a more philosophical note, I find it fascinating that so many involved in black hat activities online are so horrible at operational security. That probably has more to do with the general lack of consequences for most actors involved in this type of activity -- particularly those in certain Eastern European countries.



defining "computer security" for your clients
by globaljustin

Mr. Krebs, thank you for the time. My question is about defining "computer security" in relation to public perceptions vs technical facts. It was reported in 2006 that the NSA was keeping massive databases of American's phone calls and metadata. Obviously, Snowden's revelations were much more heavily reported, and contained more info, but the public was shocked at information that was already public. When it comes to cyber security customers, how do you explain and contextualize what service you are providing given the vast differences in perception of "security"?

Krebs: I try, as much as I am able, to focus on reporting stories that you won't find anywhere else. As an independent reporter, I have the luxury of not spending a great deal of time chasing other reporters' stories. Also, I try not to practice "churnalism," which is just regurgitating stories that other reporters have written. As for a "service" I might be offering, all I can say is that my goal is to communicate in as simple and straightforward way as I can news that is not getting enough attention or is not being well served by other outlets.

To your question about the differences in perception about security, I couldn't agree more. But to paraphrase Tip O'Neil, all security is local: Security as a news subject means little unless you can communicate the complex stuff in a way that mere mortals can comprehend, appreciate and do something about. If I am able to do that well and consistently, I hope that's a service of a kind.

USA Today reports that the weather looks good for Sunday morning's planned launch at 10:21, Florida time (14:21 GMT) of SpaceX's Dragon cargo capsule, loaded with a docking adapter intended for future manned-crew access to the International Space Station. An excerpt: "The forecast calls for a 90% chance of weather good enough to permit SpaceX's 208-foot Falcon 9 rocket to blast off from Cape Canaveral Air Force Station during an instantaneous launch window. ... "This is actually pretty cool, because it does play right into our next Crew Dragon program," [Hans] Koenigsmann, SpaceX's vice president for mission assurance, said of the docking adapter in a separate news briefing. "It's something that we bring up for our own future, and so we're really motivated to bring this up." Related: astroengine points out that as part of this launch, SpaceX will make another attempt at landing the first stage of its Falcon 9 rocket on a floating platform off the coast of Florida after sending the Dragon cargo vehicle to the International Space Station. Although SpaceX is hoping to achieve something the rocket industry has never done before (true usability of rocket engines, cutting costs), it's not the only game in town — Blue Origin, ULA and Airbus all have rocket return desires.

walterbyrd writes: Lexus has built a functional prototype of a hoverboard that hovers several centimeters off the ground. The "Slide" is for demonstration purposes only and works through magnetic levitation created by superconductors, a spokesperson says. USA Today reports: "As cool as that sounds, there are some major limitations. Since it operates magnetically, it only can hover over a steel surface. And it also only works as long as the liquid nitrogen holds out."

schwit1 writes: General Mills announced Monday that it will be removing artificial colors and flavoring from its cereal products over the next two to three years. The company said that Trix and Reese's Puffs will be some of the first cereals to undergo the changes adding that cereals like Lucky Charms that have marshmallows may take longer to reformulate. They say 90 percent of their cereals will have no artificial ingredients by the end of 2016. "We've continued to listen to consumers who want to see more recognizable and familiar ingredients on the labels and challenged ourselves to remove barriers that prevent adults and children from enjoying our cereals," said Jim Murphy, president of General Mills cereal division, in a statement.

itwbennett writes: Yes, it was just a matter of time before voicemail, the old office relic, the technology The Guardian's Chitra Ramaswamy called "as pointless as a pigeon with a pager," finally followed the fax machine into obscurity. Last week JPMorgan Chase announced it was turning off voicemail service for tens of thousands of workers (a move that CocaCola made last December). And if Bloomberg's Ramy Inocencio has the numbers right, the cost savings are significant: JPMorgan, for example, will save $3.2 million by cutting voicemail for about 136,000. As great as this sounds, David Lazarus, writing in the LA Times, warns that customer service will suffer.

An anonymous reader writes: Back in May, a report from the Associated Press pieced together information on car accidents that involved autonomous vehicles. Google, the company testing the most self-driving cars on public roads right now, said the automation technology was not at fault in any of the accidents. However, they took criticism for declining to provide any detail. Now, they've changed that stance, releasing specifics on all of the accidents involving their autonomous cars. They set up a new website for releasing monthly reports. According to their first report (PDF), there have been 12 accidents since 2010. The vast majority of them involved another car rear-ending the Google car while waiting at a stop sign/light. There was one incident where another car rolled a stop sign, one in which another car veered into the AV's lane, and one incident where a Google employee driving the car in manual mode rear-ended another car. None of the accidents resulted in an injury.

An anonymous reader writes: Early this morning, Elon Musk finally revealed Tesla's plans for the home: battery systems designed to store up to 10 kWh of power. The company is leveraging the battery technology they've developed for their electric cars to enable more people to switch to renewable power for their homes. There will be two models of the battery. The 10 kWh version will cost $3,500, and the 7 kWh version will cost $3,000. They can deliver power at a continuous rate of 2kW, with peaks up to 3 kW. Crucially, the batteries will be warrantied for 10 years. Musk thinks the market for home batteries will expand to at least two billion, eventually. But even a much smaller uptake for now will validate the creation of Tesla's "gigafactory."

"The gigafactory is the recipient of the largest incentive package ever given by Nevada at $1.3 billion, which followed a hotly contested tax incentive bidding war between various states to land the Tesla battery plant. For the investment to pay off, Tesla needs to convince hundreds of thousands of consumers per year to buy its cars and battery products, with the gigafactory serving as a cornerstone to the company's sales strategy. ... An early gigafactory rendering released by Tesla stated that the plant will have an annual battery pack output of 50 gigawatt hours — the bulk of which will go toward batteries for cars with most of the remainder to be allocated for stationary batteries, according to figures mentioned by Tesla's chief technology JB Straubel last year. The gigafactory's sheer scope makes other battery products a possibility as well."

According to Wikipedia, 'Project Ara is the codename for an initiative that aims to develop an open hardware platform for creating highly modular smartphones.' Google is the sponsor, and the project seems to be moving faster than some people expect it to. There's a Project Ara website, of course, a GitHub repository, a Facebook page, even an Ara subreddit. During his conversation with Timothy Lord, Ara firmware project lead (and spokesman) Marti Bolivar said it won't be long before prototype Ara modular phones start user testing. Meanwhile, if you want to see what Marti and his coworkers have been up to lately, besides this interview, you can read a transcription of his talk (including slides) from the January Project Ara Developers Conference in Singapore.

circletimessquare writes Dr. Mehmet Oz serves as vice chairman of Columbia University Medical Center's department of surgery. He is a respected cardiothoracic surgeon but his television show has been accused of pushing snake oil. Now other doctors at Columbia University want Dr. Oz kicked off the medical school faculty. Dr. Oz has responded on his Facebook account: "I bring the public information that will help them on their path to be their best selves. We provide multiple points of view, including mine which is offered without conflict of interest. That doesn't sit well with certain agendas which distort the facts. For example, I do not claim that GMO foods are dangerous, but believe that they should be labeled like they are in most countries around the world." In their letter, the doctors accuse Dr. Oz of quackery: "Dr. Oz has repeatedly shown disdain for science and for evidence-based medicine, as well as baseless and relentless opposition to the genetic engineering of food crops. Worst of all, he has manifested an egregious lack of integrity by promoting quack treatments and cures in the interest of personal financial gain."

schwit1 writes Starting in 1992, the Justice Department amassed logs of virtually all telephone calls from the USA to as many as 116 countries. The now-discontinued operation, carried out by the DEA's intelligence arm, was the government's first known effort to gather data on Americans in bulk, sweeping up records of telephone calls made by millions of U.S. citizens regardless of whether they were suspected of a crime. It was a model for the massive phone surveillance system the NSA launched to identify terrorists after the Sept. 11 attacks. That dragnet drew sharp criticism that the government had intruded too deeply into Americans' privacy after former NSA contractor Edward Snowden leaked it to the news media two years ago. More than a dozen current and former law enforcement and intelligence officials described the details of the Justice Department operation to USA TODAY. Most did so on the condition of anonymity because they were not authorized to publicly discuss the intelligence program, part of which remains classified. The operation had 'been approved at the highest levels of Federal law enforcement authority,' including then-Attorney General Janet Reno and her deputy, Eric Holder.

HughPickens.com writes Rachel Abrams reports at the NYT that six states have passed legislation to ban Palcohol, a freeze-dried, powdered alcohol developed by Mark Phillips who he says was inspired by a love of hiking but a distaste for carrying bottles of adult beverages uphill. "When I hike, kayak, backpack or whatever, I like to have a drink when I reach my destination. And carrying liquid alcohol and mixers to make a margarita for instance was totally impractical," says Phillips, who hopes to have Palcohol on store shelves by the summer. One packet of Palcohol equals one shot with each packet weighing 1 ounce and turning into liquid when mixed with 6 ounces of water. Phillips has vigorously defended his product, called Palcohol, saying it is no more dangerous than the liquid version sold in liquor stores and plans to release five flavors: vodka, rum, cosmopolitan, powderita (which is like a margarita) and lemon drop.

Critics are concerned people may try to snort the powder or mix it with alcohol to make it even stronger or spike a drink. "It's very easy to put a couple packets into a glass and have super-concentrated alcohol," says Frank Lovecchio. Amy George, a spokeswoman for Mothers Against Drunk Driving, said MADD did not typically take a stand on the dangers of specific alcohol products, but MADD is concerned about the colorful or playful packaging of such products that can sometimes appeal to children. Phillips dismisses concerns saying that they don't make sense if you think it through. "People unfortunately use alcohol irresponsibly. But I don't see any movement to ban liquid alcohol. You don't ban something because a few irresponsible people use it improperly," says Phillips. "They can snort black pepper. Do you ban black pepper?"

Lashdots writes: Electronic surveillance has raised concerns among Americans and pushed an estimated 30% of them to protect their privacy in some form. Artist Curtis Wallen has taken that effort to dramatic lengths, documenting how to create a "clandestine communications network" using pre-paid phones, Tor, Twitter, and encryption. The approach, which attempts to conceal any encryption that could raise suspicions, is "very passive" says Wallen, so "there's hardly any trace that an interaction even happened." This is not easy, of course. In fact, as he discovered while researching faulty CIA security practices, it's really, comically hard. "If the CIA can't even keep from getting betrayed by their cell phones, what chance do we have?" he says. Still, he believes his system could theoretically keep users' activities hidden, and while it's hard, it's not impossible.

HughPickens.com writes: When you become an actor, landing a role in a movie as big as Star Wars may seem like a dream come true. But Tatiana Siegel and Borys Kit report at The Hollywood Reporter that six movies in, the Star Wars franchise has only spawned one megastar: Harrison Ford, unusual for a series of this magnitude. Neither Ewan McGregor nor Liam Neeson was helped by the franchise and the list of acting careers that never took off is even longer, from original stars Mark Hamill and Carrie Fisher to Jake Lloyd (young Anakin Skywalker) and most notably Hayden Christensen, whose star was on the rise when he nabbed 2002's Attack of the Clones. Even Natalie Portman, who already had a hot career before Episodes I-III, admitted she struggled after the exposure. "Everyone thought I was a horrible actress," says Portman. "I was in the biggest-grossing movie of the decade, and no director wanted to work with me."

So what's the problem? "When you sign up for this, you're signing your life away, and you're keeping yourself from any other franchises out there," says an agent whose client is one of the stars of Episode VII. "They will not let you be in another franchise. They're going to be cranking out a new movie every year. These actors never get to read the script before signing on. They don't even know which [subsequent] one they are in. And then they become known for that role, and it's hard to see them in [another] kind of movie." Still, agents keep pursuing roles in the upcoming films even though newcomers can only command a meager $65,000 to $125,000 for Episode VII. "It secures all involved a place in film history," says agent Sarah Fargo, "and guarantees a huge global audience, enhancing an actor's marketability."

vivaoporto writes As reported by the New York Times, USA Today and other publications, a jury of six men and six women rejected current Reddit Inc CEO Ellen Pao's claims against her former employer, the venture capital firm Kleiner Perkins Caufield & Byers. Ms. Pao's suit, that alleged employment discrimination based on gender, workplace retaliation and failure to take reasonable steps to prevent gender discrimination, asked $16 million in compensatory damages plus punitive damages. The jury decided, after more than two days of deliberation and more than four weeks of testimony, that her formed employer neither discriminated against the former junior partner for her gender, nor fired the complainant because of a high-profile gender discrimination lawsuit against the firm in 2012. She alleged that Kleiner Perkins had promoted male partners over equally qualified women at the firm, including herself, and then retaliated against her for raising concerns about the firm's gender dynamics by failing to promote her and finally firing her after seven years at the firm after she filed her 2012 lawsuit.

HughPickens.com writes CNN reports that when asked how to offset the influence of big money in politics, President Barack Obama suggested it's time to make voting a requirement. "Other countries have mandatory voting," said Obama "It would be transformative if everybody voted — that would counteract money more than anything," he said, adding it was the first time he had shared the idea publicly. "The people who tend not to vote are young, they're lower income, they're skewed more heavily towards immigrant groups and minority groups. There's a reason why some folks try to keep them away from the polls." At least 26 countries have compulsory voting, according to the Institute for Democracy and Electoral Assistance. Failure to vote is punishable by a fine in countries such as Australia and Belgium; if you fail to pay your fine in Belgium, you could go to prison. Less than 37% of eligible voters actually voted in the 2014 midterm elections, according to The Pew Charitable Trusts. That means about 144 million Americans — more than the population of Russia — skipped out. Critics of mandatory voting have questioned the practicality of passing and enforcing such a requirement; others say that freedom also means the freedom not to do something.

An anonymous reader writes with this story at USA Today: The White House is removing a federal regulation that subjects its Office of Administration to the Freedom of Information Act, making official a policy under Presidents Bush and Obama to reject requests for records to that office. The White House said the cleanup of FOIA regulations is consistent with court rulings that hold that the office is not subject to the transparency law.

First time accepted submitter DrTJ writes Today is Pi day. This year is a bit more extraordinary as it is 3/14/15 (in American date format). To celebrate, USA Today has posted a number of videos of kids reciting Pi, one of them to 8,784 digits. The Washington Post highlights the story of a couple who decided to make it their special day. "Donahue, 33, a Legal Aid attorney, fell for Karmel’s geeky side as soon as they met. On a beach vacation with her friends in 2012, a psychic told her, 'You are about to meet your soulmate.' Three days later, she walked into Kostume Karaoke night at Solly’s Tavern along the U Street corridor and saw a man onstage croaking out the Backstreet Boys’s 'I Want It That Way.' By the end of the night, he would be serenading her with Cake’s 'The Distance' — the song the DJ will play when they cut the pie."

Penguinisto writes According to a scan by Qualys, Hillary Clinton's personal e-mail server, which has lately generated more than a little controversy in US political circles, has earned an "F" rating for security from the security vendor. Problems include SSL2 support, a weak signature, and only having support for older TLS protocols, among numerous other problems. Note that there are allegations that the email server was possibly already hacked in 2013. (Note: Mrs. Clinton plans on Giving a press conference to the public today on the issue.)

HughPickens.com writes The NYT reports that after a video was posted on YouTube that appeared to show members of the members Sigma Alpha Epsilon at University of Oklahoma singing a racist chant, the organization's board decided "with no mental reservation whatsoever that this chapter needed to be closed immediately." The video shows a group of young white people in formal wear riding a bus and singing a chant laden with antiblack slurs and at least one reference to lynching. A grinning young man wearing a tuxedo and standing in the aisle of the bus pumps his fist in the air as he chants, while a young woman seated nearby claps. The chant vows that African-Americans will "never" be allowed to join the campus chapter.

The nine-second video was uploaded to YouTube on Sunday by a student group, the Unheard Movement, that first identified the people in it as members of Sigma Alpha Epsilon, although the group did not indicate how it obtained the video or when it was filmed. University president, David Boren, said in an emailed statement that the administration was also investigating the video. "I have just been informed of the video, which purports to show students to show students engaging in a racist chant. We are investigating to determine if the video involved OU students. If O.U. students are involved, this behavior will not be tolerated and will be addressed very quickly," said Boren. "This behavior is reprehensible and contrary to all of our values." Students marched on the campus of the University of Oklahoma on Monday to protest the video.

mdsolar writes with bad news for France and its nuclear industry. "France's nuclear industry is in turmoil after the country's main reactor manufacturer, Areva, reported a loss for 2014 of 4.8 billion euros ($5.3 billion) — more than its entire market value. The government of France, the world's most nuclear dependent country, has a 29% stake in Areva, which is among the biggest global nuclear technology companies. The loss puts its future — and that of France as a leader in nuclear technology — at risk. Energy and Environment Minister Segolene Royal said Wednesday she asked Areva and utility giant Electricite de France to work together on finding solutions, amid reports of a possible merger or other link-up. The government said in a statement that it's working closely with Areva to restructure and secure financing, and would 'take its responsibility as a shareholder' in future decisions about its direction. Areva reported Wednesday 1 billion euros in losses on three major nuclear projects in Finland and France, among other hits. Areva has lost money for years, in part linked to delays on those projects and to a global pullback from nuclear energy since the 2011 Fukushima accident."

The K-Board won a "Best in Show" award at CES 2015. Plus, as Timothy said, "I always like pour and stomp demos." And it's totally cross-platform. If your computer, tablet or smartphone has a USB port and (almost) any kind of music software, it works. In theory, you could hook a K-Board to your Android or iOS device and use it to accompany yourself while you sing for spare change on a downtown corner. Or noodle around to get a handle on a theme you'll use in your next major symphony. Or...?

HughPickens.com writes Neil Irwin writes at the NYT that financially literate people like to complain that buying lottery tickets is among the silliest decisions a person could make but there are a couple of dimensions that these tut-tutted warnings miss, perhaps fueled by a class divide between those who commonly buy lottery tickets and those who choose to throw away money on other things like expensive wine or mansions. According to Irwin, as long as you think about the purchase of lottery tickets the right way — purely a consumption good, not an investment — it can be a completely rational decision. "Fantasizing about what you would do if you suddenly encountered great wealth is fun, and it is more fun if there some chance, however minuscule, that it could happen," says Irwin. "The $2 price for a ticket is a relatively small one to pay for the enjoyment of thinking through how you might organize your life differently if you had all those millions."

Right now the Multi-State Lottery Association estimates the chances of winning the grand prize at about 1 in 175 million, and the cash value of the prize at $337.8 million. The simplest math points to that $2 ticket having an expected value of about $1.93 so while you are still throwing away money when buying a lottery ticket, you are throwing away less in strictly economic terms when you buy into an unusually large Powerball jackpot. "I am the type of financial decision-maker who tracks bond and currency markets and builds elaborate spreadsheets to simulate outcomes of various retirement savings strategies," says Irwin. "I can easily afford to spend a few dollars on a Powerball ticket. Time to head to the convenience store and do just that."

Inland parts of Oregon and Washington, as well as Idaho, have experienced a strange, murky rain today that contains what seems to be volcanic ash, though ash from which volcano isn't completely clear. Experts said they are checking out several possible explanations including a recent volcanic eruption in Mexico and one in Russia. The weather service said the rainstorm may have passed through some dust or volcanic ash as it moved west. Walla Walla County's emergency management staff posted a statement on its Facebook page that the ash is likely from Volcano Shiveluch in Kamchatka Krai, Russia, some 3,000 miles away. Volcano Shiveluch spewed an ash plume about 22,000 feet high in late January, the statement said.... CNN meteorologist Derek Van Dam, meanwhile, pointed to an eruption Wednesday of a volcano in southwestern Colima, Mexico, as another potential source of the dirty rain. That volcano is more than 2,000 miles away from the region. Time points out that other theories include leftover ash from last year’s wildfires in Oregon in Idaho.

theodp writes On Wednesday, Washington State held a public hearing on House Bill 1445, which proposes a study "to allow two years of computer sciences to count as two years of world languages for the purposes of admission into a four-year institution of higher education." Among the questions posed by the House Higher Education Committee to a UW rep at the hearing was the following: "What's the case for...not just world language is good, world language is well-rounded, but world language is so super-duper-duper good that you should spend two years of your life doing them and specifically better than something else like coding?" The promise of programming jobs, promoted by Microsoft execs and other MS folks like ex-Program Manager Audrey Sniezek (ironically laid off last summer), has prompted Kentucky to ponder a similar measure.

The Atlanta Journal-Constitution reports that "Credible" bomb threats were made Saturday against two flights bound for Atlanta, an airport spokesman said. The flights landed safely after being escorted into Atlanta by military fighter jets. Hartsfield-Jackson International Airport spokesman Reese McCrainie told The Atlanta Journal-Constitution at 3 p.m. that both flights — Delta 1156 and Southwest 2492 — had landed and were sitting on a taxiway waiting to be swept by the Atlanta police Bomb Squad. ... Witnesses reported seeing multiple emergency vehicles on the tarmac, and the Federal Aviation Administration said just before 3 p.m. that departing flights were experiencing gate holds and delays of up to 30 minutes due to a bomb threat. USA Today says that the flights were on their way to Atlanta from, respectively, Portland, Oregon and Milwaukee, and adds that "NORAD Media Relations Specialist Preston Schlachter confirmed that two F-16 jets launched from McIntire Air Force Base in South Carolina as a precautionary measure."

WheezyJoe writes: If you've been holding out hope that FiOS would rescue you from your local cable monopoly, it's probably time to give up. Making good on their statements five years ago, Verizon announced this week it is nearing "the end" of its fiber construction and is reducing wireline capital expenditures while spending more on wireless.

The expense of replacing old copper lines with fiber has allegedly led Verizon to stop building in new regions and to complete wiring up the areas where it had already begun. The fiber network was profitable, but nowhere near as profitable as their wireless network. So, if Verizon hasn't started in your neighborhood by now, they never will, and you'd best ignore all those ads for FiOS.

mi writes At least 50 U.S. law enforcement agencies have secretly equipped their officers with radar devices that allow them to effectively peer through the walls of houses to see whether anyone is inside. The device the Marshals Service and others are using, known as the Range-R, looks like a sophisticated stud-finder. Its display shows whether it has detected movement on the other side of a wall and, if so, how far away it is — but it does not show a picture of what's happening inside. The Range-R's maker, L-3 Communications, estimates it has sold about 200 devices to 50 law enforcement agencies at a cost of about $6,000 each. Other radar devices have far more advanced capabilities, including three-dimensional displays of where people are located inside a building, according to marketing materials from their manufacturers. One is capable of being mounted on a drone. And the Justice Department has funded research to develop systems that can map the interiors of buildings and locate the people within them.

theodp writes Some of the world's leading Data Scientists are on the payrolls of Microsoft, Google, Facebook, Yahoo, and Apple. So, it'd be interesting to get their take on the infographics the tech giants have passed off as diversity data disclosures. Microsoft, for example, reported its workforce is 29% female, which isn't great, but if one takes the trouble to run the numbers on a linked EEO-1 filing snippet (PDF), some things look even worse. For example, only 23.35% of its reported white U.S. employee workforce is female (Microsoft, like Google, footnotes that "Gender data are global, ethnicity data are US only"). And while Google and Facebook blame their companies' lack of diversity on the demographics of U.S. computer science grads, CS grad and nationality breakouts were not provided as part of their diversity disclosures. Also, the EEOC notes that EEO-1 numbers reflect "any individual on the payroll of an employer who is an employee for purposes of the employers withholding of Social Security taxes," further muddying the disclosures of companies relying on imported talent, like H-1B visa dependent Facebook. So, were the diversity disclosure mea culpas less about providing meaningful data for analysis, and more about deflecting criticism and convincing lawmakers there's a need for education and immigration legislation (aka Microsoft's National Talent Strategy) that's in tech's interest?

hij writes A number of news reports are coming out the Radio Shack is ready to file for bankruptcy. The stock price has tanked on Wall Street. There are conflicting reports that they are seeking more credit and they may be bought for their assets. (The Wall Street Journal has the story, but paywalled.)

An anonymous reader writes: Over at Medium, Jon Peterson (author of Playing at the World) has put up a new in-depth article covering the internal process at TSR that created Dungeons & Dragons modules in the 1980s. The adventures created at that time (by the likes of Tracy Hickman, then a staff designer) paved the way for many later computer role-playing games, and this piece shows how TSR work was pitched, storyboarded, proofed, edited and organized. With the positive reception of the new 5th edition of D&D and the attention paid to the fortieth anniversary of the game, the historical record behind modern gaming gets ever more important.