Slashdot Mirror

crookedvulture (1866146) writes "Microsoft unveiled its Surface Pro 3 tablet at a press event in New York this morning. The device has a larger 12" screen with a 2160x1440 display resolution and a novel 3:2 aspect ratio. Intel Core processors provide the horsepower, starting with the Core i3 in the base model and extending all the way up to Core i7 in pricier variants. The tablet is just 9.1 mm thick, which Microsoft claims is the thinnest ever for a Core-based device. Microsoft developed a new radial fan that's suppose to distribute airflow evenly inside the chassis without generating audible noise. The tablet weights 800 g, shaving 100 g off the Surface Pro 2, and it's supposed to have longer battery life, as well. Microsoft has also rolled out new keyboard accessories, a pressure-sensitive stylus, and a docking station that supports 4K video output. The Surface Pro 3 is scheduled to be available tomorrow with prices starting at $799." Update: 05/20 17:12 GMT by T : Mary Jo Foley points out at ZDNet that one thing not announced today is an ARM-powered Mini version.

Velcroman1 (1667895) writes "Microsoft Research finally earned some long-overdue headlines last week, when ZDNet's Mary Jo Foley reported on a 'Special Projects' group that would tackle disruptive technology and ultimately Google X. Peter Lee, head of the division and its 1,100 researchers, told Digital Trends he's not frustrated by all of that glowing press for Google's researchers and the lack of attention for MSR. 'Frustrating is not quite the right word,' Lee said, in an interview ahead of the ribbon-cutting ceremony for MSR's New York City office. 'I like Google X. The people there are good friends of mine. Astro [Teller, "Captain of Moonshots" with Google X] took classes from me at Carnegie Mellon, he's a great guy doing great stuff. But the missions are different. We want to make things better and ship them. That will always be primary for us. It will be secondary for them.'"

An anonymous reader writes "As some of you may know, the OpenBSD team has started cleaning up the OpenSSL code base. LibreSSL is primarily developed by the OpenBSD Project, and its first inclusion into an operating system will be in OpenBSD 5.6. In the wake of Heartbleed, the OpenBSD group is creating a simpler, cleaner version of the dominant OpenSSL. Theo de Raadt, founder and leader of OpenBSD and OpenSSH, tells ZDNet that the project has already removed 90,000 lines of C code and 150,000 lines of content. The project further promises multi-OS support once they have proper funding and the right portability team in place. Please consider donating to support LibreSSL via the OpenBSD foundation."

An anonymous reader writes with this announcement: "Ubuntu Linux version 14.04 LTS (code named "Trusty Tahr") has been released and available for download. This updated version includes the Linux kernel v3.13.0-24.46, Python 3.4, Xen 4.4, Libreoffice 4.2.3, MySQL 5.6/MariaDB 5.5, Apache 2.4, PHP 5.5, improvements to AppArmor allow more fine-grained control over application, and more. The latest release of Ubuntu Server is heavily focused on supporting cloud and scale-out computing platforms such as OpenStack, Docker, and more. As part of the wider Ubuntu 14.04 release efforts the Ubuntu Touch team is proud to make the latest and greatest touch experience available to our enthusiast users and developers. You can install Ubuntu on Nexus 4 Phone (mako), Nexus 7 (2013) Tablet (flo), and Nexus 10 Tablet (manta) by following these instructions. On a hardware front, ARM multiplatform support has been added, enabling you to build a single ARM kernel image that can boot across multiple hardware platforms. Additionally, the ARM64 and Power architectures are now fully supported. See detailed release notes for more information. A quick upgrade to a newer version of Ubuntu is possible over the network."

First time accepted submitter Niranjan Nallapothula writes in with news of an agreement between the UK and Germany to develop 5G technology, as well as boost momentum for the Internet of Things. "Britain and Germany will team up to work on developing the next super-fast mobile network, 5G, United Kingdom Prime Minister David Cameron told the opening of the world's biggest high-tech fair. Cameron said the initiative is one of three areas that he wants Britain and Germany to collaborate on to "pool ideas, share data, innovate, and to lead on the next big ideas" in what he dubbed as being 'a world on fast forward.'"

sfcrazy writes "It's not The Onion: Red Hat has partnered with Uhuru Software to bring Microsoft .NET Apps and SQL server capabilities to Red Hat's Platform-as-a-Service solution OpenShift." This brings OpenShift to Windows, and not .NET applications to GNU/Linux OpenShift installations. RedHat customers have apparently been asking for this for a while. The source is available: "The consistent model for managing both Linux and Windows systems that OpenShift provides allow organizations to achieve greater efficiency and agility. Windows is now a full-fledged member of the Open Source world of OpenShift. In keeping with the spirit of Open Source, Uhuru has made all of its OpenShift integration software for Windows available to the community and is working to have it officially integrated into OpenShift Origin."

In related news (OpenShift is usually used on top of OpenStack), darthcamaro writes "The OpenStack cloud platform keeps on gaining new converts. The latest is GoDaddy which today announced it is now officially supporting the OpenStack Foundation. How GoDaddy came to officially join the OpenStack Foundation is interesting, apparently the OpenStack Foundation found out that GoDaddy was using OpenStack though job postings."

An anonymous reader writes "Apple announced today a system called CarPlay, which integrates your iPhone with your car, with Siri voice control. CarPlay will be offered in Ferrari, Mercedes-Benz and Volvo vehicles this year, and others 'down the road.' From the press release: 'CarPlay makes driving directions more intuitive by working with Maps to anticipate destinations based on recent trips via contacts, emails or texts, and provides routing instructions, traffic conditions and ETA. You can also simply ask Siri and receive spoken turn-by-turn directions, along with Maps, which will appear on your car’s built-in display.'

An anonymous reader writes "By 'buying out' the most obvious lunch spot nearest the RSA conference yesterday, opponents and truth-seekers regarding RSA's alleged deal with the NSA raised awareness amongst attendees in the most brutal way possible: by taking away tacos and tequila drinks. Robert Imhoff, Vegas 2.0 co-founder, says, 'RSA could begin to fix this by going on the record with a detailed response about the accusations.'" I tried to get attendees of the conference to comment on camera — even a little bit — on what they thought of the NSA spying revelations, and not a single person I approached would do so. The pained facial expressions when they refused were interesting, though, and reflect the problem with a surveillance society in a nutshell. Especially at a conference where the NSA is surrounded by vendors who sell the hardware and software that enables your "mere" metadata to be captured and sifted, plenty of the people on the floor know that the companies they work for are or might one day be seeking contracts to do all that capturing and sifting, even if they'd rather not be subject to it personally, so their don't want their face shown saying so.

cold fjord writes with news that Red Flag Software, makers of China's Red Hat derivative Red Flag Linux, has halted operations. From the article: "Once the world's second-largest Linux distributor, Red Flag Software has shuttered reportedly due to mismanagement and after owing employees months in unpaid wages. China's state-funded answer to global software giants like Microsoft ... filed for liquidation over the weekend and terminated all employee contracts. Set up in late-1999 amid the dot-com boom, Red Flag was touted as an alternative to Windows ... It thrived in the early days, inking deals with partners such as Oracle and Dell which products were certified to support and shipped with Red Flag Software. The Beijing-based vendor was primarily funded by the Chinese Academy of Sciences' Institute of Software Research, and later received additional funding from state-owned Shanghai NewMargin Venture Capital and the Ministry of Information Industry's VC arm ... 'A lack of brand awareness and sustained investments, coupled with the rise of rivals including Red Hat Enterprise Linux and SuSE Linux Enterprise, led to its downfall,' Eric Peng, Beijing-based research manager with IDC, said ... Peng noted that, during its hey days, Red Flag had enjoyed high adoption among government agencies, state-owned organizations, and schools.""

_0x783czar writes "Starting this April, South Korea will require all phone vendors to allow pre-installed bloatware to be uninstalled. That's right, they will be able to get rid of all that pesky software without having to root their phones. According to press release by the Ministry of Science, ICT and Future Planning, 'The move aims to rectify an abnormal practice that causes inconvenience to smartphone users and causes unfair competition among industry players.' They hope this will also increase the users' data storage and battery life. From the article: 'Under the new guidelines, telcos are required to make most of their pre-installed apps deletable except for four necessary items related to Wi-Fi connectivity, near-field communication (NFC), the customer service center and the app store.' It'd be nice if similar legislation were passed in the U.S. and elsewhere."

Slashdot contributor Bennett Haselton writes: "A California company called Shape Security claims that their network box can disable malware attacks, by using polymorphism to rewrite webpages before they are sent to the user's browser. Most programmers will immediately spot several ways that the system can be defeated, but it may still slow attackers down or divert them towards other targets." Read on for the rest of Bennett's thoughts.

When a ShapeShifter appliance is installed in a datacenter alongside a web server, it takes the website's content and rewrites it before sending it to the user's browser, using techniques to obfuscate the contents such as changing the names of various form fields, or perhaps using obfuscated JavaScript to generate the page contents. (Many Slashdotters will understand these terms, but if you're not sure what I mean by "changing form fields" or "obfuscated JavaScript," it's a bit too technical to explain within this article. Suffice to say that obfuscated JavaScript is itself not a new idea; you can see a demonstration here, which takes simple JavaScript code and rewrites it in such a way that it's much harder to scan automatically, but the code still does the same thing.) The idea is that by obscuring the webpage contents, ShapeShifter makes it harder for bots and malware to conduct automated attacks against the website, since the bots now have to be smart enough to parse the obfuscated JavaScript or decipher the renamed form fields.

The idea has attracted glowing reviews from tech writers, including some who say they can "barely stay awake for a lot of startup pitches" but who were evidently enthralled by this one. My first reaction was that it's not hard to think of ways that this system can be defeated, and some readers will have thought of some ways to attack it even before finishing the previous paragraph. However, the attacks will perhaps require some malware and bot writers to rewrite their malicious programs to target websites in new ways. It remains to be seen how long that will take, and whether Shape will have a countermove after bots evolve to defeat their systems.

If you watch the video on Shape Security's website and pay close attention to their claims, note that they never actually say that ShapeShifter can stop malware from stealing a user's credentials — perhaps a deliberate omission for honesty's sake, since their technology, as they've described it, cannot prevent that. If your machine is infected with malware, and you're filling out a form on a website, the malware can eavesdrop at the level of the user interface to watch what you're typing into a form -- and if you fill out a form which contains a password field, or which contains a string of numbers that pass the credit card number checksum, the malware can capture the entire form contents and silently transmit it back to the attacker. No amount of obfuscation and shapeshifting in the HTML can stop the malware from capturing your password at the user interface level.

Now consider, instead, two of the claims actually made in the ShapeShifter video:

"Financial sites face man-in-the-browser attacks. This kind of bot waits for a legitimate user to authenticate, and then manipulates financial transactions. By disrupting the scripts that Man-in-the-Browser bots rely on, the ShapeShifter allows banks to safely serve their customers, even when their customers are infected with malware."

and

"On e-commerce sites, account takeover has evolved into a serious source of losses. 60% of users use the same password across multiple sites. When user credentials on one site are compromised, attackers program bots to test user credentials on other sites. The ShapeShifter prevents bots from testing stolen credentials on your website."

What both of these claims are essentially saying that once your credentials have been stolen, ShapeShifter can mitigate the damage by preventing a bot from executing transactions using those stolen credentials, or from testing those credentials on other sites. However, I would argue that once your credentials have been stolen successfully, 90% of the damage has been done. ShapeShifter can't do anything to stop a human from testing your stolen credentials manually, and if the attacker has already infected your machine, they can use your machine as a proxy when testing out your credentials, so that the target website doesn't even notice a login from an unusual IP address.

And is it even true that ShapeShifter can stop bots from automating an attack against a target website? Even if a website relayed through ShapeShifter has its HTML obfuscated with JavaScript and re-named form fields, it's still easy to write scripts that automate the act of launching a web browser and filling content into those form fields — such as entering a username and password into two fields, and submitting them to see if the website accepts the login. I'm not sure (it's been a long time since I've written browser automation code, using frameworks like Selenium), but I think you can even automate the interaction "silently," without actually opening up a visible browser window. Which, of course, means you can do it on a user's machine that has been conscripted into a botnet, without the user knowing what's going on.

Now, automating interaction with a website through the browser, may be harder than writing a script to interact with the website at the network level. But as long as someone figures out a way to do it, they can sell the method and the toolkit to others. (The credit card security breach at Target was carried out using software that a 17-year-old wrote and sold off-the-shelf on the black market.)

What about straight denial-of-service attacks, where an attacker doesn't care about breaking into a website or stealing data, but simply wants to take it offline by flooding it with traffic? Could ShapeShifter protect against those types of attacks? It depends on the type of attack. If you're trying to take down a website simply by sending an overwhelming number of requests for the website's front page, and nothing else, then ShapeShifter wouldn't be able to mitigate this attack, since every incoming front-page request still has to be passed through to the web server being protected, and if that's too much for the web server to handle, it will still go down. On the other hand, some denial-of-service attacks use more sophisticated tricks, like running a search query on the target website — knowing that handling a search query requires a lot more processing power than simply serving up the site's front page, so it would take a smaller number of requests to effectively tie up the webserver. If ShapeShifter can effectively stop bots from logging in to a website, running search queries, or performing other actions that are resource-intensive, then that type of denial-of-service attack could be stopped or slowed down.

So, at least based on the product description from the company itself, can ShapeShifter stop malware from stealing your users' logins on your site? Definitely not. Can ShapeShifter stop a botnet from conducting automated attacks against your user interface? For some types of botnets, maybe, but probably not in the long run. Will ShapeShifter be able to evolve a defense against bots that use browser automation? It's hard to see what they could possibly do in response. One of the company founders says, "We are populating our roadmap for the next five, six or seven steps cybercriminals will make and figuring out a countermove," but without knowing what those countermoves are, we only have their word to go on.

But in spite of my misgivings, I wouldn't predict on that basis that the product won't sell a lot of units. Some companies may buy the box without realizing that it does nothing to prevent their users' credentials from being compromised by malware, and that it provides only limited protection against automated attacks. Some companies may realize the limitations of the protection, but decide to buy it anyway because it looks good to their investors or their cybersecurity insurance underwriters. In such situations, even just the appearance of proactivity can be worth a million dollars a year.

Slashdot contributor Bennett Haselton writes: "A California company called Shape Security claims that their network box can disable malware attacks, by using polymorphism to rewrite webpages before they are sent to the user's browser. Most programmers will immediately spot several ways that the system can be defeated, but it may still slow attackers down or divert them towards other targets." Read on for the rest of Bennett's thoughts.

When a ShapeShifter appliance is installed in a datacenter alongside a web server, it takes the website's content and rewrites it before sending it to the user's browser, using techniques to obfuscate the contents such as changing the names of various form fields, or perhaps using obfuscated JavaScript to generate the page contents. (Many Slashdotters will understand these terms, but if you're not sure what I mean by "changing form fields" or "obfuscated JavaScript," it's a bit too technical to explain within this article. Suffice to say that obfuscated JavaScript is itself not a new idea; you can see a demonstration here, which takes simple JavaScript code and rewrites it in such a way that it's much harder to scan automatically, but the code still does the same thing.) The idea is that by obscuring the webpage contents, ShapeShifter makes it harder for bots and malware to conduct automated attacks against the website, since the bots now have to be smart enough to parse the obfuscated JavaScript or decipher the renamed form fields.

The idea has attracted glowing reviews from tech writers, including some who say they can "barely stay awake for a lot of startup pitches" but who were evidently enthralled by this one. My first reaction was that it's not hard to think of ways that this system can be defeated, and some readers will have thought of some ways to attack it even before finishing the previous paragraph. However, the attacks will perhaps require some malware and bot writers to rewrite their malicious programs to target websites in new ways. It remains to be seen how long that will take, and whether Shape will have a countermove after bots evolve to defeat their systems.

If you watch the video on Shape Security's website and pay close attention to their claims, note that they never actually say that ShapeShifter can stop malware from stealing a user's credentials — perhaps a deliberate omission for honesty's sake, since their technology, as they've described it, cannot prevent that. If your machine is infected with malware, and you're filling out a form on a website, the malware can eavesdrop at the level of the user interface to watch what you're typing into a form -- and if you fill out a form which contains a password field, or which contains a string of numbers that pass the credit card number checksum, the malware can capture the entire form contents and silently transmit it back to the attacker. No amount of obfuscation and shapeshifting in the HTML can stop the malware from capturing your password at the user interface level.

Now consider, instead, two of the claims actually made in the ShapeShifter video:

"Financial sites face man-in-the-browser attacks. This kind of bot waits for a legitimate user to authenticate, and then manipulates financial transactions. By disrupting the scripts that Man-in-the-Browser bots rely on, the ShapeShifter allows banks to safely serve their customers, even when their customers are infected with malware."

and

"On e-commerce sites, account takeover has evolved into a serious source of losses. 60% of users use the same password across multiple sites. When user credentials on one site are compromised, attackers program bots to test user credentials on other sites. The ShapeShifter prevents bots from testing stolen credentials on your website."

What both of these claims are essentially saying that once your credentials have been stolen, ShapeShifter can mitigate the damage by preventing a bot from executing transactions using those stolen credentials, or from testing those credentials on other sites. However, I would argue that once your credentials have been stolen successfully, 90% of the damage has been done. ShapeShifter can't do anything to stop a human from testing your stolen credentials manually, and if the attacker has already infected your machine, they can use your machine as a proxy when testing out your credentials, so that the target website doesn't even notice a login from an unusual IP address.

And is it even true that ShapeShifter can stop bots from automating an attack against a target website? Even if a website relayed through ShapeShifter has its HTML obfuscated with JavaScript and re-named form fields, it's still easy to write scripts that automate the act of launching a web browser and filling content into those form fields — such as entering a username and password into two fields, and submitting them to see if the website accepts the login. I'm not sure (it's been a long time since I've written browser automation code, using frameworks like Selenium), but I think you can even automate the interaction "silently," without actually opening up a visible browser window. Which, of course, means you can do it on a user's machine that has been conscripted into a botnet, without the user knowing what's going on.

Now, automating interaction with a website through the browser, may be harder than writing a script to interact with the website at the network level. But as long as someone figures out a way to do it, they can sell the method and the toolkit to others. (The credit card security breach at Target was carried out using software that a 17-year-old wrote and sold off-the-shelf on the black market.)

What about straight denial-of-service attacks, where an attacker doesn't care about breaking into a website or stealing data, but simply wants to take it offline by flooding it with traffic? Could ShapeShifter protect against those types of attacks? It depends on the type of attack. If you're trying to take down a website simply by sending an overwhelming number of requests for the website's front page, and nothing else, then ShapeShifter wouldn't be able to mitigate this attack, since every incoming front-page request still has to be passed through to the web server being protected, and if that's too much for the web server to handle, it will still go down. On the other hand, some denial-of-service attacks use more sophisticated tricks, like running a search query on the target website — knowing that handling a search query requires a lot more processing power than simply serving up the site's front page, so it would take a smaller number of requests to effectively tie up the webserver. If ShapeShifter can effectively stop bots from logging in to a website, running search queries, or performing other actions that are resource-intensive, then that type of denial-of-service attack could be stopped or slowed down.

So, at least based on the product description from the company itself, can ShapeShifter stop malware from stealing your users' logins on your site? Definitely not. Can ShapeShifter stop a botnet from conducting automated attacks against your user interface? For some types of botnets, maybe, but probably not in the long run. Will ShapeShifter be able to evolve a defense against bots that use browser automation? It's hard to see what they could possibly do in response. One of the company founders says, "We are populating our roadmap for the next five, six or seven steps cybercriminals will make and figuring out a countermove," but without knowing what those countermoves are, we only have their word to go on.

But in spite of my misgivings, I wouldn't predict on that basis that the product won't sell a lot of units. Some companies may buy the box without realizing that it does nothing to prevent their users' credentials from being compromised by malware, and that it provides only limited protection against automated attacks. Some companies may realize the limitations of the protection, but decide to buy it anyway because it looks good to their investors or their cybersecurity insurance underwriters. In such situations, even just the appearance of proactivity can be worth a million dollars a year.

An anonymous reader writes "Oracle is posting patches for all its products next Tuesday, which include 36 exploits for Java alone and over 140 for all Oracle products currently supported, included over 80 that require no authentication to execute.These patches look to be critical for any administrator. Java 6 users who use equipment or programs that rely on older versions are SOL unless they sign up for a very expensive support contract, as these patches are for Java 7 only."

Hugh Pickens DOT Com writes "ZDNet reports that at least eight security researchers or policy experts have withdrawn from RSA's annual security conference in protest over the sponsor's alleged collaboration with the National Security Agency. Last month, it was revealed that RSA had accepted $10 million from the NSA to use a flawed default cipher in one of its encryption tools. The withdrawals from the highly regarded conference represent early blowback by experts who have complained that the government's surveillance efforts have, in some cases, weakened computer security, even for innocent users. Jeffrey Carr, a security industry veteran who works in analyzing espionage and cyber warfare tactics, took his cancellation a step further calling for a boycott of the conference, saying that RSA had violated the trust of its customers. 'I can't imagine a worse action, short of a company's CEO getting involved in child porn,' says Carr. 'I don't know what worse action a security company could take than to sell a product to a customer with a backdoor in it.' Organizers have said that next month's conference in San Francisco will host 560 speakers, and that they expect more participants than the 24,000 who showed up last year. 'Though boycotting the conference won't have a big impact on EMC's bottom line, the resulting publicity will,' says Dave Kearns. 'Security is hard enough without having to worry that our suppliers — either knowingly or unknowingly — have aided those who wish to subvert our security measures.'"

hypnosec writes "The Chinese government has officially banned Battlefield 4, stating that Electronic Arts has developed a game that not only threatens national security of the country, but is also a form of cultural invasion. The country's Ministry of Culture has issued a notice banning all material retailed to the game in any form, including the game itself, related downloads, demos, patches and even news reports. According to PCGames.com.cn [Chinese language], Battlefield 4 has been characterized as illegal game on the grounds that the game endangers national security and cultural aggression."

Hugh Pickens DOT Com writes "Shona Ghosh writes at PC Pro that the final deadline for Windows XP support in April 2014 will act as the starting pistol for developing new exploits as hackers reverse-engineer patches issued for Windows 7 or Windows 8 to scout for XP vulnerabilities. "The very first month that Microsoft releases security updates for supported versions of Windows, attackers will reverse-engineer those updates, find the vulnerabilities and test Windows XP to see if it shares [them]," says Tim Rains, the director of Microsoft's Trustworthy Computing group. Microsoft says that XP shared 30 security holes with Windows 7 and Windows 8 between July 2012 and July 2013. Gregg Keizer says that if a major chunk of the world's PCs remains tied to XP, as seems certain, Microsoft will face an unenviable choice: Stick to plan and put millions of customers at risk from malware infection, or backtrack from long-standing policies and proclamations." (Read on for more.) "In either case, it will face a public relations backlash, whether from customers who complain they've been forsaken or those angry at Microsoft for pushing them to upgrade when, in the end, they didn't need to." Microsoft makes little or no revenue from customers with old PCs, and desperately wants them to buy a new Windows system of some sort. "It's very easy to say 'just upgrade,' but not all business can do so," says Lawrence Pingree, citing money, resources and mission-critical software. "One of the main reasons why people cannot leave XP is compatibility with other software." Nor is Microsoft blameless. XP has hung around because of the mistakes Microsoft made with Windows Vista, the OS flop that outgoing CEO Steve Ballmer copped to as his biggest regret. If Vista had been more like Windows 7, or had shipped at its original "Longhorn" timetable of 2004, then been followed three years later by Windows 7, XP would not have had the opportunity to lock up the ecosystem for a decade. Pingree has a suggestion for Microsoft. ""If it's such a big problem, maybe they should offer an 'Extended Life' [support] subscription and charge for it.""

An anonymous reader writes "There's a chronic shortage of tech savvy teacher all over Africa, and at the same time a strong belief that the tech economy is vital to growth. Enter Afrimakers, a crowdfunded project to visit tech hubs in seven continents and leave behind Arduino boards, Raspberry Pis, soldering kits and — most importantly — the smarts to use them. The Indiegogo fund opened up a week or so ago, and they've managed to raise enough for the first two countries so far."

symbolset writes "Zach Whittaker over at ZDNet covers an IDC report. In it the 2013 9.7% forecast decline in PC shipments is advanced to 10.1%. Further, IDC's longer-term forecast turns quite grim: contracting 23% from 2012 levels by 2017. There is also a projection of future Windows tablet sales, and a statement that total Windows tablet sales for 2013 are expected to be 'less than 7.5 million units.'"

Nerval's Lobster writes "Microsoft once demanded that its managers place their subordinates on a scale from 'top' to 'poor,' a practice that fueled some epic backstabbing within divisions. Last year, a Microsoft contractor with knowledge of the company's internal review processes told Slashdot that Microsoft was actively working to fix that system; just this week, the company announced that stack ranking was well and truly dead (and that's certainly one way to fix it). 'Lisa Brummel, head of human resources for the company, sent an e-mail to employees notifying them of the change today, according to my contacts,' ZDNet's Mary Jo Foley wrote. According to the memo, there are 'no more ratings,' 'no more curves,' and 'Managers and leaders will have flexibility to allocate rewards in the manner that best reflects the performance of their teams and individuals, as long as they stay within their compensation budget.' They're trying to encourage more teamwork and collaboration throughout the company. As we discussed on Saturday, Yahoo is adopting this method just as Microsoft is abandoning it."

wjcofkc writes "The United States Government has officially called in the calvary over the problems with Healthcare.gov. Tech titans Oracle, Red Hat and Google have been tapped to join the effort to fix the website that went live a month ago, only to quickly roll over and die. While a tech surge of engineers to fix such a complex problem is arguably not the greatest idea, if you're going to do so, you might as well bring in the big guns. The question is: can they make the end of November deadline?"

stry_cat writes "Ed Bot makes the case against Gmail: 'Gmail was a breath of fresh air when it debuted. But this onetime alternative is showing signs that it's past its prime, especially if you want to use the service with a third-party client. That's the way Google wants it, which is why I've given up on Gmail after almost a decade.' Personally, I've always thought it odd that no other email provider ever adopted Gmails "search not sort" mentality. I've been a Gmail user since you needed an invitation to get an account. However Gmail has been steadily moving towards a more traditional email experience. Plus there's the iGoogle disaster that got me looking into alternatives to everything Google."

destinyland writes "A glitch in iOS7 has cost "a significant number" of Apple users their Wi-Fi access, according to ZDNet. But they also report that Apple is now censoring posts in their "Apple Support Communities" forums where users suggest possible responses to their loss of WiFi capabilities (including exercising their product warranty en masse). "We understand the desire to share experiences in your topic, 'Re: wifi greyed out after update to ios7,'" read one warning sent to Lawrence Lessig, "but because these posts are not allowed on our forums, we have removed it." Lessig — who co-founded Creative Commons (and was a board member of the Free Software Foundation) has been documenting the ongoing "comments slaughter" on his Twitter feed, drawing attention to what he says is the Borg-like behavior of Apple as a corporation. Lessig "is now part of an angry mob in Apple's forums who upgraded to iOS 7 and lost Wi-Fi connectivity," ZDNet notes, adding that as of this morning their reporter has been unable to obtain an official response from Apple."

llebeel writes "Canonical announced its free Ubuntu 13.10 Linux operating system (OS) release, on the same day as Microsoft's remedial Windows 8.1 service pack update. We speak to Canonical founder and Ubuntu creator Mark Shuttleworth who tells us what to expect." Adds reader jrepin: "Kubuntu Linux 13.10 has just been released and is available for download. It comes with KDE Software Compilation 4.11, a new application for discovering and installing software, a simpler way to manage your system users. and a new Network Manager applet gives a simpler UI for connecting to a range of network types. You can now setup Wifi networking from the installer making it easier to install updates and extra packages during the install." ZDNet has a fairly tepid review of the incremental rather than startling improvements of the new release, and notes "Ubuntu 14.04 LTS, due for release on 17 April next year, will now perhaps come as even more of a shock if its promised big changes are fully realised."

sl4shd0rk writes "Adobe Systems Inc. is expected to announce today that hackers broke into its network and stole source code for an as-yet undetermined number of software titles, including its ColdFusion Web application platform, and possibly its Acrobat family of products. The company said hackers also accessed nearly three million customer credit card records, and stole login data for an undetermined number of Adobe user accounts."

An anonymous reader writes "Microsoft has demoed a prototype gesture-controlled PC using an augmented version of its Kinect motion sensing system. The rig detects 16 gestures and can be used to navigate Windows 8. Microsoft said it wants gestures to complement what is possible using mouse and keyboard, rather than replacing them, and the system favors simple gestures made just above the keyboard, rather than more elaborate Minority Report-style gestures. '[A] window is maximized by clenching a fist to "grab" it and then opening the hand while moving towards the top of the keyboard. Performing the same series of gestures in reverse minimize the window. Repeating the gesture while moving the hand to the left or right edge of the keyboard docks the window with the left or right edge of the screen. The same series of gestures while moving the hand to the top left and right corners of the keyboard will throw the window to the left or right of screen, but not dock it with the edge. Bringing hands together in the middle of the keyboard and then moving them to the keyboard's left and right edge with palms down and fingers splayed will show the desktop. Repeating the gesture restores the original view.'"

An anonymous reader writes "What do you do with old public phone boxes hardly anyone uses? Convert them into a national network of WiFi hotspots is the answer in New Zealand. While others have converted their old phone booths into libraries, toilets, showers and even smoking booths, in New Zealand 700 hotspots will be live by 7 October with a target of 2000 by the middle of 2014. 1Gb of data will be free to customers of the incumbent operator, others have to pay for monthly access."

mystikkman writes "In what is a serious bug, GMail Chat/GTalk/Google Hangouts is sending messages to unintended recipients. ZDNet has confirmed first-hand that the glitch is present within Google Apps for Business accounts, including those that have not yet switched over to Google's new Hangouts platform. Messages appear to be visible on the mobile version of Hangouts. There are multiple reports of this issue."

Hugh Pickens DOT Com writes "ZDNet reports that Oracle's Larry Elison kicked off Oracle OpenWorld 2013 promising a 100x speed-up querying OTLP database or data warehouse batches by means of a 'dual format' for both row and column in-memory formats for the same data and table. Using Oracle's 'dual-format in-memory database' option, every transaction is recorded in row format simultaneously with writing the same data into a columnar database. 'This is pure in-memory columnar technology,' said Ellison, explaining that means no logging and very little overhead on data changes while the CPU core scans local in-memory columns. Ellison followed up with the introduction of Oracle's new M6-32 'Big Memory Machine,' touted to be the fastest in-memory machine in the world, hosting 32 terabytes of DRAM memory and up to 384 processor cores with 8-threads per core."

An anonymous reader writes "Attempts to build a new telecommunications cable between the US, New Zealand and Australia have become a nexus for the growing rivalry between the U.S. and China in the Pacific. The U.S. is reportedly creating a technology ring fence to match its military one and contain China's ambitions in the Pacific. The U.S. military could even help pay for any planned new cable to link its bases in American Samoa with its expanding military presence in Australia's Northern Territory. It has been made 'very clear' U.S. authorities would not allow significant Chinese investment in one cable project and it followed that they would not tolerate the use of Chinese gear in its construction. 'It was made very clear. These are cables connecting whole countries. These are very political things,' one insider said."

Hugh Pickens DOT Com writes "Adrian Kingsley-Hughes says it's not just because Apple likes bragging about being first and because a 64-bit processor sounds cooler than 32-bits that Apple used the 64-bit A7 chip in the new iPhone 5s. A shift from a 32-bit processor to a 64-bit part paves the way for iPhones to be fitted out with 4GB+ of RAM down the line, but more importantly the move brings iOS and OS X apps much closer. The architecture for 64-bit apps on iOS will be almost identical to the architecture for OS X apps, making it easy to create a common code base that runs in both operating systems. 'Apple has slowly been bringing iOS-like features to Mac OS for years now: think of Launchpad and Gatekeeper,' writes Sascha Segan. 'The ultimate prize, of course, would be to bring the million-plus iOS apps to Macs. Apple could do that with an ARM-compatible virtual machine on Mac hardware, but it would want the VM, the OS and the associated apps to play nicely in the much larger memory space available on Macs. That means moving the whole system over to 64 bit.' By unifying iOS and Mac OS with Xcode developer tools in a 64-bit space, Apple could once again leap ahead of Microsoft and Google, says Segan. Microsoft hasn't yet been able to leverage its desktop strengths to achieve success as a mobile OS. The 64-bit chips for Android devices aren't ready, and neither is Android itself."

cold fjord writes "ZDNet reports, 'Seagate on Monday took the wraps off a hard drive designed for tablets that brings 7x the storage capacity of a 64GB device with the same performance as a Flash drive. The drive, the Seagate Ultra Mobile HDD, uses software to boost performance. The idea is that Android tablet manufacturers will use the Seagate drive, along with the company's mobile enablement kit and caching software, to up the storage. The 2.5-inch drive is 5 mm thin and weighs 3.3 ounces. As for capacity, the drive has 500GB---enough for 100,000 photos and 125,000 songs.' More at The Wall Street Journal."

An anonymous reader writes "The former chief designer of Nokia explains how the company's success and its corporate culture stopped it from taking risks and left it open to being beaten by Apple. He now sees the same warning signs emerging at Apple. Quoting: 'I look back and I think Nokia was just a very big company that started to maintain its position more than innovate for new opportunities. All of the opportunities were in front of them and Nokia was working on them, but the key word is a sense of urgency. While things were in play there was a real sense of saying "we will get to that eventually."' He worries Apple is now in a similar place: 'Nokia became more of a maintainer, more of an iterator, whereas innovation only comes in re-invention and Nokia waited too long to make the next big bold move ... that is now Apple’s challenge. Apple has arrived at a very safe place, it is responsible for something everybody loves, so it feels it has to keep it going.'" Oddly enough, this comes alongside news that a different former insider, Thomas Zilliacus (who was Nokia’s former Asia-Pacific CEO), has founded a company called "Newkia" in the wake of Microsoft's acquisition of Nokia. His goal is to take on former Nokia engineers and set them to building phones again — this time, running Android.

An anonymous reader writes "America may be the land of the free, but upon arrival millions of visitors cross a legal purgatory at the U.S. border. It is an international legal phenomenon that is left much to the discretion of host countries. In some cases, this space between offers travelers far fewer rights than some of the least democratic and free countries on Earth. Limited access to legal counsel, unwarranted searches, and questionable rights to free speech to name a few. One of the more controversial — and yet still legally a contested grey area — are the rights travelers have in regards to electronics and device searches."

Nerdfest writes with news that New Zealand has, after going back and forth a couple of times, finally banned software patents. From the article: "New Zealand has finally passed a new Patents Bill that will effectively outlaw software patents after five years of debate, delay, and intense lobbying from multinational software vendors. Aptly-named Commerce Minister Craig Foss welcomed the modernization of patents law, saying it marked a 'significant step towards driving innovation in New Zealand'. An IITP poll of members at the time showed 94% of those with a view were in favor of banning software patents."

Nerval's Lobster writes "Any number of executives could take Ballmer's place, including a few he unceremoniously kicked to the curb over the years. Whoever steps into that CEO role, however, faces a much greater challenge than if Ballmer had quietly resigned several years ago. Ballmer famously missed the boat on tablets and smartphones; Windows 8 isn't selling as well as Microsoft expected; and on Websites and blogs such as Mini-Microsoft (which had a brilliant posting about Ballmer's departure), employees complain bitterly about the company's much-maligned stack-ranking system, its layers of bureaucracy, and its inability to innovate. Had Ballmer left years ago, replaced by someone with the ability to more keenly anticipate markets, the company would probably be in much better shape to face its coming challenges. In its current form, Microsoft often feels like it's struggling in the wake of Amazon, Google, Apple, and Facebook." In an interview with ZDNet, Ballmer said his biggest regret as CEO was in how Windows Vista was developed. Opinions are divided on both the nature of his resignation and what it will mean for Microsoft. While the stock price is up, BusinessWeek and others suggest the purpose of the transition is to find somebody better able to anticipate future trends. That would certainly lead to more organizational changes within Microsoft, something employees suffered through just last month. Ben Kuchera at the Penny Arcade Report points out that this could mean Microsoft will try to re-enter markets it has abandoned. He asks the company to "stay the hell away from PC gaming."

An anonymous reader writes "New revelations about Ministerial orders requiring backdoors into online services in New Zealand are fueling nationwide protests against new surveillance powers to be granted to the Government Communications Services Bureau. Speaking at one large protest meeting, Kim Dotcom described the 'Five Eyes' X-Keyscore surveillance system as 'Google for spies'. He told protesters he first noticed he was being spied on when his internet speed slowed by '20 to 30 milliseconds'. 'As a gamer, I noticed,' he said."

An anonymous reader writes "This article takes a look at whether web apps will ever match desktop and mobile apps in terms of performance and usability. Jo Rabin, who's leading the push by web standards body W3C to get web app performance up to scratch, is optimistic web apps will eventually be the default choice for building the majority of commercial and business apps, while the article weighs up just how much web technologies need to be improved before this could happen. Quoting: 'Native apps are generally first to gain access to new platform-specific hardware features — be it navigating using a phone's GPS and accelerometer or taking pictures with a phone's camera. But if a particular hardware feature becomes popular, standards to implement that feature in the browser will always follow, Rabin said. Work is taking place within W3C to standardise APIs for web technologies to access many of the features found on modern smartphones. Ongoing work this year includes setting out a system-level API to allow a web app to manage a device's contacts book, a messaging API for sending and receiving SMS and MMS, new mechanisms for capturing photos and recordings, new event triggers that could handle mouse, pen and touch inputs, a new push API to allow web apps to receive messages in the background, new media queries for responsive web design, an API for exchanging information using NFC and precise control over resource loading times in a web document.'"

New submitter used2win32 writes with news that at least one investor is unhappy with the Surface inventory write off, claiming that Microsoft mislead investors who purchased stock during Q2 and Q3 by not announcing just how slow inventory was moving at the time "The class action lawsuit claims false and misleading information regarding sales performance of Windows RT based tablets. Microsoft has earned a U.S. $900 million write off and a market share of less that 1% to show for its Windows RT endeavors. Asus, Lenovo, HP, Samsung and HTC discontinued their models leaving Dell as the only OEM producing a Windows RT tablet."

SmartAboutThings writes "It seems that Microsoft is relying even more on the opportunities provided by the cloud technology. The Redmond behemoth is preparing to come up with a cloud operating system that is specially meant for government purposes. Government agencies already use two of Microsoft's basic cloud products: Windows Azure and Windows Server. But now it seems that Microsoft is working on a modified version of its somewhat new Cloud OS that could bear the name 'Fairfax.' Compared to Windows Azure, the 'Fairfax' cloud operating system would provide enhanced security, relying on physical servers on site at government locations. Given that CEO Steve Ballmer is striving to make Microsoft much more than a powerful software giant, such a project makes sense, especially because it would help in their lobby activities."

Lavabit may no longer be an option, but recent events have driven interest in email and other ways to communicate without exposing quite so much, quite so fast, to organizations like the NSA (and DEA, and other agencies). Kim Dotcom as usual enjoys filling the spotlight, when it comes to shuttling bits around in ways that don't please the U.S. government, and Dotcom's privacy-oriented Mega has disclosed plans to serve as an email provider with an emphasis on encryption. ZDNet features an interview with Mega's CEO Vikram Kumar about the complications of keeping email relatively secure; it's not so much the encryption itself, as keeping bits encrypted while still providing the kind of features that users have come to expect from modern webmail providers like Gmail: "'The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side,' Kumar said. 'If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That’s] not quite impossible but very, very hard. That’s why even Silent Circle didn’t go there.'"

An anonymous reader writes to this short feature featuring "Andrew 'Bunnie' Huang on why he decided to build an open source laptop, how the slowing of Moore's Law is making it easier for individuals and small outfits to compete against major corporations in the computer hardware market and what hobbyist hardware makers in the U.S. could learn from China's Shanzhai, famed for their cheap clones of the iPhone and other popular handsets."

An anonymous reader writes with a link to the observation from ZDNet's Mary Jo Foley of Windows NT's 20th birthday (it came out on July 27th, 1993): ""In 1993, Microsoft launched Windows NT 3.1. It was followed up by NT 3.5, 3.51 and 4.0. Microsoft's Windows releases still rely on NT-inspired numbering conventions. Windows 7's build numbers commenced with 6.1; Windows 8's with 6.2; and Windows 8.1 with 6.3." The article also reminds us that "NT's not ancient history, in spite of its age. The NT 'core' is what's inside Windows 8, Windows Server 2012, Windows Phone 8, Windows Azure and the Xbox One.""

coolnumbr12 writes "When Yahoo purchased Tumblr in May, Tumblr founder David Karp said Tumblr wouldn't be changing, and Yahoo CEO Marissa Mayer said, 'Part of our strategy here is to let Tumblr be Tumblr.' But a new search policy went into effect Thursday that excludes all adult blogs from Google, Bing, Yahoo and other search engines by disabling indexing of anything it tags as 'adult.' The policy effectively makes the content and 10 percent of Tumblr users completely invisible."

puddingebola writes "A number of different websites are commenting on NPD's consumer research numbers that claim Chromebooks are getting 20-25% of the sub-$300 PC market. From the article: 'The NPD says that Google's Chromebook has now gained 20 to 25 percent of the sub-$300 laptop market in the U.S. That's a huge gain for a computer that's only been on the market for two years. It's even more impressive when you consider that Chromebooks were seen as nothing but a self-serving experiment on the part of Google for the first year of their existence.' Stephen Vaughan-Nichols is also blogging about this over at ZDnet. While the PC market shrank again in the second quarter of 2013, Chromebooks seem to have grown."

Dan Kusnetzky and I started out talking about cloud computing; what it is and isn't, how "cloud" is often more of a marketing term than a technical one, and then gradually drifted to the topic of how IT managers, CIOs, and their various bosses make decisions and how those decisions are not necessarily rational. What you have here is an 18-minute seminar about IT decision-making featuring one of the world's most experienced IT industry analysts, who also writes a blog, Virtually Speaking, for ZDnet.

theodp writes "The 1976 science fiction film Logan's Run depicts a dystopian future society where life must end at the age of 30. So, it's a world that kind of resembles today's Silicon Valley, where the NY Times reports that the median age of workers is 29 years old at Google and 28 years old at Facebook. The report that technology workers are young — really young — comes on the heels of other presumably-unrelated stories that Silicon Valley execs can't find enough skilled workers and no one would fund Doug Engelbart in the last four decades of his life. On the bright side, at least old techies don't die in Silicon Valley — they just can't get hired."

New submitter egladil writes "As seen previously here on Slashdot, the European Parliament was to vote on 'whether existing data sharing agreements between the two continents should be suspended, following allegations that U.S. intelligence spied on E.U. citizens.' With the votes now having been cast, the result is 483 in favor of the resolution and 98 against, while 65 abstained. The resolution in question in part called for the U.S. 'to suspend and review any laws and surveillance programs that "violate the fundamental right of E.U. citizens to privacy and data protection," as well as Europe's "sovereignty and jurisdiction."' It also decided that the E.U. should investigate the surveillance of E.U. citizens, and finally gave backing to the European Commision in case they should decide to suspend the data sharing deals currently in place with the U.S., such as the Passenger Name Record and Terrorist Finance Tracking Program agreements. The question now is whether the E.U. commision will go through with suspending these deals or not."

New submitter badzilla writes with a story from ZDnet that says a vote is scheduled in the European Parliament for today, U.S. Independence Day, on "whether existing data sharing agreements between the two continents should be suspended, following allegations that U.S. intelligence spied on EU citizens." One interesting scenario outlined by the article is that it may disrupt air travel between the U.S. and EU: "In the resolution, submitted to the Parliament on Tuesday, more than two-dozen politicians from a range of political parties call the spying 'a serious violation of the Vienna Convention on Diplomatic Relations,' and call on the suspension of the Passenger Name Records (PNR) system. Prior to leaving the airport, airlines must make passenger data available to the U.S. Names, dates of birth, addresses, credit or debit card details and seat numbers are among the data — though critics say the information has never helped catch a suspected criminal or terrorist before. Should the PNR system be suspended, it could result in the suspension of flights to the U.S. from European member states."

otaku244 writes "Since 1998, Microsoft TechNet has been a mainstay for all system developers attached to the Microsoft platform, given the ease of access to almost every product the company has produced. Unfortunately, the days of a cheap, unlimited Microsoft development stack are coming to an end."

Nerval's Lobster writes "Once upon a time, Salesforce CEO Marc Benioff and Oracle CEO Larry Ellison took what seemed like inordinate amounts of pleasure in firing off verbal broadsides at each other. In 2011, for example, Ellison referred to Salesforce as 'the roach motel of clouds' and 'a very bad security model.' But Benioff's given as good as he's gotten, swiping at Oracle's early cloud efforts as 'cloud in a box' and 'just another server.' But oh, how things change: Ellison and Benioff have revealed that their firms would come together in a joint effort. They were on their best behavior during a conference call this week. 'The Oracle database has been a key part of Salesforce's infrastructure from the very beginning of our company 14 years ago,' Benioff told Ellison at one point, according to a transcript posted on ZDNet. 'Absolutely the best decision we ever made was to go with Oracle.' Why the sudden reversal? Simply put, after years of sticking with a hardware-and-software model, Oracle now has cloud religion. For Salesforce, the benefits are a little murkier, but some analysts think that Salesforce will be able to leverage Oracle's name to gain a heightened profile with businesses. But can Benioff and Ellison continue to play nice?"