Trailrunner7 writes: Mozilla is planning to add support for public-key pinning in its Firefox browser in an upcoming version. In version 32, which would be the next stable version of the browser, Firefox will have key pins for a long list of sites, including many of Mozilla's own sites, all of the sites pinned in Google Chrome and several Twitter sites. Public-key pinning has emerged as an important defense against a variety of attacks, especially man-in-the-middle attacks and the issuance of fraudulent certificates. The function essentially ties a public key, or set of keys, issued by known-good certificate authorities to a given domain. So if a user's browser encounters a site that's presenting a certificate that isn't included in the set of pinned public keys for that domain, it will then reject the connection. The idea is to prevent attackers from using fake certificates in order to intercept secure traffic between a user and the target site.
mrspoonsi sends this news from the BBC:
Fuji Xerox has developed a new robotic printer that can move around a lounge or office to bring documents to the person who printed them. The printer is designed to be used primarily in public places as a way to keep sensitive documents secure. Sensors on the machine prevent it from bumping into people on the way. However, some analysts argued that the idea was not cost effective when compared with other secure printing methods. Fuji Xerox — a joint venture between the two firms — has been testing the printer this month at a business lounge in Tokyo. Each desk in the lounge is given a unique web address from which to print. Users access the address and upload documents to be printed. Once the printer receives the job, it moves to the intended recipient who then has to display a smart card to activate printing.
crookedvulture writes: Intel has updated its high-end desktop platform with a new CPU-and-chipset combo. The Haswell-E processor has up to eight cores, 20MB of cache, and 40 lanes of PCI Express 3.0. It also sports a quad-channel memory controller primed for next-gen DDR4 modules. The companion X99 chipset adds a boatload of I/O, including 10 SATA ports, native USB 3.0 support, and provisions for M.2 and SATA Express storage devices. Thanks to the extra CPU cores, performance is much improved in multithreaded applications. Legacy comparisons, which include dozens of CPUs dating back to 2011, provide some interesting context for just how fast the new Core i7-5960X really is. Intel had to dial back the chip's clock speeds to accommodate the extra cores, though, and that concession can translate to slower gaming performance than Haswell CPUs with fewer, faster cores. Haswell-E looks like a clear win for applications that can exploit its prodigious CPU horsepower and I/O bandwidth, but it's clearly not the best CPU for everything.
Reviews also available from Hot Hardware, PC Perspective, AnandTech, Tom's Hardware, and HardOCP.
msm1267 writes: The IEEE's Center for Secure Design debuted its first report this week, a guidance for software architects called "Avoiding the Top 10 Software Security Design Flaws." Developing guidance for architects rather than developers was a conscious effort the group made in order to steer the conversation around software security away from exclusively talking about finding bugs toward design-level failures that lead to exploitable security vulnerabilities. The document spells out the 10 common design flaws in a straightforward manner, each with a lengthy explainer of inherent weaknesses in each area and how software designers and architects should take these potential pitfalls into consideration.
The retailer is also being boycotted by a handful of Japanese publishers who disagree with Amazon offering a rewards program to students. The retailer gives students 10% of a book's price as points, which can be used to buy more books. This skirts Japanese fixed-price book laws, so several smaller publishers pulled their books from Amazon in protest. Businesses are out to make money and not friends, but Amazon sure is a lightning rod for conflicts, isn't it?
Rick Zeman writes: The Center for Public Integrity has a comprehensive article showing how Big Telecom (aka, AT&T, Comcast, Charter, Time Warner) use lobbyists, paid-for politicians, and lawsuits (both actual and the threat thereof) in their efforts to kill municipal broadband. From the article: "The companies have also used traditional campaign tactics such as newspaper ads, push polls, direct mail and door-to-door canvassing to block municipal networks. And they've tried to undermine the appetite for municipal broadband by paying for research from think tanks and front groups to portray the networks as unreliable and costly."
sciencehabit writes: Our memories are annoyingly glitchy. Names, dates, birthdays, and the locations of car keys fall through the cracks, losses that accelerate at an alarming pace with age and in neurodegenerative diseases. Now, by applying electromagnetic pulses through the skull to carefully targeted brain regions, researchers have found a way to boost memory performance in healthy people. The new study (abstract) sheds light on the neural networks that support memories and may lead to therapies for people with memory deficits, researchers say.
Similar studies have been performed using electriccurrent.
An anonymous reader writes: Caffeine is a staple of most workplaces — it's rare to find an office without a coffee pot or a fridge full of soda. It's necessary (or at least feels like it's necessary) because many workers have a hard time staying awake while sitting at a desk for hours at a time, and the alternative — naps — aren't usually allowed. But new research shows it might be more efficient for employers to encourage brief "coffee naps," which are more effective at returning people to an alert state than either caffeine or naps alone. A "coffee nap" is when you drink a cup of coffee, and then take a sub-20-minute nap immediately afterward. This works because caffeine takes about 20 minutes to get into your bloodstream, and a 20-minute nap clears adenosine from your brain without putting you into deeper stages of sleep. In multiplestudies, tired participants who took coffee naps made fewer mistakes in a driving simulator after they awoke than the people who drank coffee without a nap or slept without ingesting caffeine.
An anonymous reader writes: On August 6, U.S. District Judge Anthony Trenga ordered the federal government to "explain why the government places U.S. citizens who haven't been convicted of any violent crimes on its no-fly database." Unsurprisingly, the federal government objected to the order, once more claiming that to divulge their no-fly list criteria would expose state secrets and thus pose a national security threat. When the judge said he would read the material privately, the government insisted that reading the material "would not assist the Court in deciding the pending Motion to Dismiss (PDF) because it is not an appropriate means to test the scope of the assertion of the State Secrets privilege." The federal government has until September 7 to comply with the judge's order unless the judge is swayed by the government's objection.
rtoz writes: Google's research division, Google X, is developing a fleet of drones to deliver goods. This drone delivery system is called "Project Wing," and Google X has been developing it in secret for the past two years. During a recent test in Australia, drones successfully delivered a first aid kit, candy bars, dog treats, and water to a couple of Australian farmers. The self-flying vehicle uses four electrically-driven propellers to get around, and it has a wingspan of about five feet. It weighs just under 19 pounds and can take off and land without a runway. Google's long-term goal is to develop drones that could be used for disaster relief by delivering aid to isolated areas.
snydeq writes Microsoft has re-released its botched MS14-045/KB 2982791 'Blue Screen 0x50' patch, only to introduce more problems, InfoWorld's Woody Leonhard reports. "Even by Microsoft standards, this month's botched Black Tuesday Windows 7/8/8.1 MS14-045 patch hit a new low. The original patch (KB 2982791) is now officially 'expired' and a completely different patch (KB 2993651) offered in its stead; there are barely documented revelations of new problems with old patches; patches that have disappeared; a 'strong' recommendation to manually uninstall a patch that went out via Automatic Update for several days; and an infuriating official explanation that raises serious doubts about Microsoft's ability to support Windows 9's expected rapid update pace."
Zothecula writes No one with red blood in their veins buys a sports car and hands the keys to a chauffeur, so one of the barriers to truly personal submarining has long been the need for a trained pilot, not to mention the massive logistics involved in transporting, garaging and launching the underwater craft ... until now. Pioneering underwater aviation company DeepFlight is set to show an entirely new type of personal submarine at the 2014 Monaco Yacht Show next week, launching the personal submarine era with a submersible that's reportedly so easy to pilot that it's likely to create a new niche in the tourism and rental market.
angry tapir writes The Australian Competition and Consumer Commission, a government funded watchdog organization, is taking Valve to court. The court action relates to Valve's Steam distribution service. According to ACCC allegations, Valve misled Australian consumers about their rights under Australian law by saying that customers were not entitled to refunds for games under any circumstances.
Andreas Kolbe writes Wikipedia is well known to have a very large gender imbalance, with survey-based estimates of women contributors ranging from 8.5% to around 16%. This is a more extreme gender imbalance than even that of Reddit, the most male-dominated major social media platform, and it has a palpable effect on Wikipedia content. Moreover, Wikipedia editor survey data indicate that only 1 in 50 respondents is a mother – a good proportion of female contributors are in fact minors, with women in their twenties less likely to contribute to Wikipedia. Wikimedia Foundation efforts to address this "gender gap" have so far remained fruitless. Wikipedia's demographic pattern stands in marked contrast to female-dominated social media sites like Facebook and Pinterest, where women aged 18 to 34 are particularly strongly represented. It indicates that it isn't lack of time or family commitments that keep women from contributing to Wikipedia – women simply find other sites more attractive. Wikipedia's user interface and its culture of anonymity may be among the factors leading women to spend their online time elsewhere.
schwit1 writes An investigation into the recent failed Soyuz launch of the EU's Galileo satellites has found that the Russian Fregat upper stage fired correctly, but its software was programmed for the wrong orbit. From the article: "The failure of the European Union’s Galileo satellites to reach their intended orbital position was likely caused by software errors in the Fregat-MT rocket’s upper-stage, Russian newspaper Izvestia reported Thursday. 'The nonstandard operation of the integrated management system was likely caused by an error in the embedded software. As a result, the upper stage received an incorrect flight assignment, and, operating in full accordance with the embedded software, it has delivered the units to the wrong destination,' an unnamed source from Russian space Agency Roscosmos was quoted as saying by the newspaper."
An anonymous reader writes IBM has announced the "Watson Discovery Advisor" a cloud-based tool that will let researchers comb through massive troves of data, looking for insights and connections. The company says it's a major expansion in capabilities for the Watson Group, which IBM seeded with a $1 billion investment. "Scientific discovery takes us to a different level as a learning system," said Steve Gold, vice president of the Watson Group. "Watson can provide insights into the information independent of the question. The ability to connect the dots opens up a new world of possibilities."
An anonymous reader writes with this Ars piece about the executive order that is the legal basis for the U.S. government's mass spying on citizens. One thing sits at the heart of what many consider a surveillance state within the US today. The problem does not begin with political systems that discourage transparency or technologies that can intercept everyday communications without notice. Like everything else in Washington, there's a legal basis for what many believe is extreme government overreach—in this case, it's Executive Order 12333, issued in 1981. “12333 is used to target foreigners abroad, and collection happens outside the US," whistleblower John Tye, a former State Department official, told Ars recently. "My complaint is not that they’re using it to target Americans, my complaint is that the volume of incidental collection on US persons is unconstitutional.” The document, known in government circles as "twelve triple three," gives incredible leeway to intelligence agencies sweeping up vast quantities of Americans' data. That data ranges from e-mail content to Facebook messages, from Skype chats to practically anything that passes over the Internet on an incidental basis. In other words, EO 12333 protects the tangential collection of Americans' data even when Americans aren't specifically targeted—otherwise it would be forbidden under the Foreign Intelligence Surveillance Act (FISA) of 1978.