Government Cybersecurity Agencies Unite to Urge Secure Software Design Practices

Several government cybersecurity agencies united to urge secure-by-design and secure-by-default software. Releasing “joint guidance” for software manufactuers were two U.S. security agencies — the FBI and the NSA — joined with the U.S. Cybersecurity and Infrastructure Security Agency and the cybersecurity authorities of Australia, Canada, the United Kingdom, Germany, Netherlands, and New Zealand. “To create a future where technology and associated products are safe for customers,” they wrote in a joint statement, “the authoring agencies urge manufacturers to revamp their design and development programs to permit only secure-by-design and -default products to be shipped to customers.”

The Washington Post reports:
Software manufacturers should put an end to default passwords, write in safer programming languages and establish vulnerability disclosure programs for reporting flaws, a collection of U.S. and international government agencies said in new guidelines Thursday. [The guidelines also urge rigorous code reviews.]

The “principles and approaches” document, which isn’t mandatory but lays out the agencies’ views on securing software, is the first major step by the Biden administration as part of its push to make software products secure as part of the design process, and to make their default settings secure as well. It’s part of a potentially contentious multiyear effort that aims to shift the way software makers secure their products. It was a key feature of the administration’s national cybersecurity strategy, which was released last month and emphasized shifting the burden of security from consumers — who have to manage frequent software updates — to the companies that make often insecure products… The administration has also raised the prospect of legislation on secure-by-design and secure-by-default, but officials have said it could be years away….

The [international affairs think tank] Atlantic Council’s Cyber Statecraft Initiative has praised the Biden administration’s desire to address economic incentives for insecurity. Right now, the costs of cyberattacks fall on users more than they do tech providers, according to many policymakers. “They’re on a righteous mission,” Trey Herr, director of the Atlantic Council initiative, told me. If today’s guidelines are the beginning of the discussion on secure-by-design and secure-by-default, Herr said, “this is a really strong start, and an important one.”
“It really takes aim at security features as a profit center,” which for some companies has led to a lot of financial growth, Herr said. “I do think that’s going to rub people the wrong way and quick, but that’s good. That’s a good fight.”
In the statement CISA’s director says consumers also have a role to play in this transition. “As software now powers the critical systems and services we collectively rely upon every day, consumers must demand that manufacturers prioritize product safety above all else.”

Among other things, the new guidelines say that manufacturers “are encouraged make hard tradeoffs and investments, including those that will be ‘invisible’ to the customers, such as migrating to programming languages that eliminate widespread vulnerabilities.”

Read more of this story at Slashdot.

Should Managers Permanently Stop Requiring Degrees for IT Positions?

CIO magazine reports on “a growing number of managers and executives dropping degree requirements from job descriptions.”

Figures from the 2022 study The Emerging Degree Reset from The Burning Glass Institute quantify the trend, reporting that 46% of middle-skill and 31% of high-skill occupations experienced material degree resets between 2017 and 2019. Moreover, researchers calculated that 63% of those changes appear to be “‘structural resets’ representing a measured and potentially permanent shift in hiring practices” that could make an additional 1.4 million jobs open to workers without college degrees over the next five years.

Despite such statistics and testimony from Taylor and other IT leaders, the debate around whether a college education is needed in IT isn’t settled. Some say there’s no need for degrees; others say degrees are still preferred or required…. IBM is among the companies whose leaders have moved away from degree requirements; Big Blue is also one of the earliest, largest, and most prominent proponents of the move, introducing the term “new collar jobs” for the growing number of positions that require specific skills but not a bachelor’s degree….

Not all are convinced that dropping degree requirements is the way to go, however. Jane Zhu, CIO and senior vice president at Veritas Technologies, says she sees value in degrees, value that isn’t always replicated through other channels. “Though we don’t necessarily require degrees for all IT roles here at Veritas, I believe that they do help candidates demonstrate a level of formal education and commitment to the field and provide a foundation in fundamental concepts and theories of IT-related fields that may not be easily gained through self-study or on-the-job training,” she says. “Through college education, candidates have usually acquired basic technical knowledge, problem-solving skills, the ability to collaborate with others, and ownership and accountability. They also often gain an understanding of the business and social impacts of their actions.”
The article notes an evolving trend of “more openness to skills-based hiring for many technical roles but a desire for a bachelor’s degree for certain positions, including leadership.” (Kelli Jordan, vice president of IBMer Growth and Development tells CIO that more than half of the job openings posted by IBM no longer require degrees.)
Thanks to Slashdot reader snydeq for sharing the article.

Read more of this story at Slashdot.

Germany Quits Nuclear Power, Closes Its Final Three Plants

“Germany’s final three nuclear power plants close their doors on Saturday,” reports CNN, “marking the end of the country’s nuclear era that has spanned more than six decades….”
[D]espite last-minute calls to keep the plants online amid an energy crisis, the German government has been steadfast. “The position of the German government is clear: nuclear power is not green. Nor is it sustainable,” Steffi Lemke, Germany’s Federal Minister for the Environment and Consumer Protection and a Green Party member, told CNN.”We are embarking on a new era of energy production,” she said.

The closure of the three plants — Emsland, Isar 2 and Neckarwestheim — represents the culmination of a plan set in motion more than 20 years ago. But its roots are even older. In the 1970s, a strong anti-nuclear movement in Germany emerged. Disparate groups came together to protest new power plants, concerned about the risks posed by the technology and, for some, the link to nuclear weapons. The movement gave birth to the Green Party, which is now part of the governing coalition…

For critics of Germany’s policy, however, it’s irrational to turn off a low-carbon source of energy as the impacts of the climate crisis intensify. “We need to keep existing, safe nuclear reactors operating while simultaneously ramping up renewables as fast as possible,” Leah Stokes, a professor of climate and energy policy at the University of California, Santa Barbara, told CNN. The big risk, she said, is that fossil fuels fill the energy gap left by nuclear. Reductions in Germany’s nuclear energy since Fukushima have been primarily offset by increases in coal, according to research published last year.

Germany plans to replace the roughly 6% of electricity generated by the three nuclear plants with renewables, but also gas and coal…. Now Germany must work out what do with the deadly, high-level radioactive waste, which can remain dangerous for hundreds of thousands of years.

CNN also notes how other countries approach nuclear power:

Denmark passed a resolution in the 1980s not to construct nuclear power plants
Finland opened a new nuclear plant last year
Switzerland voted in 2017 to phase out nuclear power
France, which gets about 70% of its power from nuclear, is planning six new reactors.
Italy closed its last reactors in 1990

Read more of this story at Slashdot.

France Eyeing Antitrust Action Against Apple

The French Competition Authority is likely to move forward soon with an antitrust investigation into Apple over complaints tied to 2021 changes to its app tracking policies, Axios reported, citing sources. From the report: A formal investigation would mark the first major government move taken globally against Apple related to privacy rule changes that upended the digital advertising world. French regulators are favoring issuing a formal “Statement of Objections” to parties involved in the matter in coming weeks, sources told Axios.

That step would signal to groups that issued initial complaints about Apple’s actions and Apple that the authority found evidence of illegal anticompetitive behavior in its initial review of the complaints it received. The 2020 complaint argues that Apple’s app tracking changes did not adequately adhere to European Union privacy rules and that Apple failed to hold itself to the same ad targeting standards that it forced on its competitors because it targeted iOS users with ads from app tracking data. The complaint was filed jointly by four French advertising trade groups — IAB France, Mobile Marketing Association (MMA), SRI and UDECAM.

Read more of this story at Slashdot.

Apple To Invest Another $200 Million In Carbon Removal Fund

Apple said it will invest up to an additional $200 million in its Restore Fund, which was created in 2021 to remove carbon from the atmosphere. Reuters reports: The additional investment is expected to help the fund start new projects and carry forward its previously stated goal to remove about 1 million metric tons of carbon dioxide per year, the company said. Apple is making efforts to become carbon neutral through its entire supply chain and the life cycle of every product by 2030.

The fund, launched with Goldman Sachs Group Inc (GS.N) and nonprofit Conservation International, has invested in forest properties in Brazil and Paraguay in the last two years. The expanded fund will be managed by Climate Asset Management, a joint venture of HSBC Asset Management and Pollination, Apple added.

Read more of this story at Slashdot.

Make Something Wonderful: Steve Jobs in His Own Words

Steve Jobs Archive: The official ebook edition of Make Something Wonderful: Steve Jobs in his own words is free to read on Apple Books and from participating libraries through our partners at Libby. You can also download the book to view it on any compatible e-reader: our EPUB file works on almost all tablets, smartphones, desktop computers, and digital reading devices. From a speech in 2007: There’s lots of ways to be, as a person. And some people express their deep appreciation in different ways. But one of the ways that I believe people express their appreciation to the rest of humanity is to make something wonderful and put it out there.

And you never meet the people. You never shake their hands. You never hear their story or tell yours. But somehow, in the act of making something with a great deal of care and love, something’s transmitted there. And it’s a way of expressing to the rest of our species our deep appreciation. So we need to be true to who we are and remember what’s really important to us.”

Read more of this story at Slashdot.

Microsoft Is Experimenting With a Steam Deck-Friendly ‘Handheld Mode’ For Windows

Andrew Cunningham writes via Ars Technica: Microsoft is aware of the problems running Windows on the Steam Deck and other similar handheld Windows PCs, and at least some developers inside the company have spent time thinking of ways to address them. That’s the thrust of a leaked presentation (posted in two parts by Twitter user _h0x0d_) about a new “Handheld Mode” for Windows, developed as part of an internal Microsoft hackathon in September 2022.

As presented, Handheld Mode includes several components: a new first-time setup screen that simplifies driver installation and setup; an improved touchscreen keyboard that fits better on a 7-inch screen and can be controlled Xbox-style with the built-in buttons and joysticks; a simplified Nintendo Switch-esque game launcher; and improved OS-wide controller support thanks to the open source Steamdeck Windows Controller Driver (SWICD) project. The presentation also calls for other changes to Windows’ default behaviors, like always opening apps in full-screen mode when in Handheld Mode, better UI scaling for small screens, and “mapping of controls to common Windows functions.”

Read more of this story at Slashdot.

Universal Music Asks Streaming Services To Block AI Access To Its Songs

The world’s largest music company, Universal Music Group, is asking major streaming services like Spotify and Apple Music to block artificial intelligence companies from using its music to “train” their technology, according to a recent report in Financial Times. Variety reports: Confirming the report, a UMG spokesperson told the FT: “We have a moral and commercial responsibility to our artists to work to prevent the unauthorized use of their music and to stop platforms from ingesting content that violates the rights of artists and other creators. We expect our platform partners will want to prevent their services from being used in ways that harm artists.” The process involves the AI companies uploading copyrighted music from the platforms into their technology and thus enabling the bots to digest the lyrics and music and then essentially create songs or melodies in those styles. […]

UMG has been sending takedown requests to the streamers “left and right,” FT quoted an unnamed source as saying. “We have become aware that certain AI systems might have been trained on copyrighted content without obtaining the required consents from, or paying compensation to, the rightsholders who own or produce the content,” the company said in an email from last month, according to the report. “We will not hesitate to take steps to protect our rights and those of our artists.” The website drayk.it delivered users a custom Drake song, although it has since been shut down.

Read more of this story at Slashdot.

Scientists Create Eco-Friendly Paint That Keeps the Surface Beneath Cool

A team of researchers in Florida have created a way to mimic nature’s ability to reflect light and create beautifully vivid color without absorbing any heat like traditional pigments do. Debashis Chanda, a nanoscience researcher with the University of Central Florida, and his team published their findings in the journal Science Advances. NPR reports: Beyond just the beautiful arrays of color that structure can create, Chanda also found that unlike pigments, structural paint does not absorb any infrared light. Infrared light is the reason black cars get hot on sunny days and asphalt is hot to the touch in summer. Infrared light is absorbed as heat energy into these surfaces — the darker the color, the more the surface colored with it can absorb. That’s why people are advised to wear lighter colors in hotter climates and why many buildings are painted bright whites and beiges. Chanda found that structural color paint does not absorb any heat. It reflects all infrared light back out. This means that in a rapidly warming climate, this paint could help communities keep cool.

Chanda and his team tested the impact this paint had on the temperature of buildings covered in structural paint versus commercial paints and they found that structural paint kept surfaces 20 to 30 degrees cooler. This, Chanda said, is a massive new tool that could be used to fight rising temperatures caused by global warming while still allowing us to have a bright and colorful world. Unlike white and black cars, structural paint’s ability to reflect heat isn’t determined by how dark the color is. Blue, black or purple structural paints reflect just as much heat as bright whites or beige. This opens the door for more colorful, cooler architecture and design without having to worry about the heat.

It’s not just cleaner, Chanda said. Structural paint weighs much less than pigmented paint and doesn’t fade over time like traditional pigments. “A raisin’s worth of structural paint is enough to cover the front and back of a door,” he said. Unlike pigments which rely on layers of pigment to achieve depth of color, structural paint only requires one thin layer of particles to fully cover a surface in color. This means that structural paint could be a boon for aerospace engineers who rely on the lowest weight possible to achieve higher fuel efficiency. The possibilities for structural paint are endless and Chanda hopes that cans of structural paint will soon be available in hardware stores.

Read more of this story at Slashdot.

Amazon Now Charging a Fee For Some UPS Store Returns

Amazon has started charging a fee for some returns made at UPS stores. Insider reports: While customers used to be able to drop off their returns at a UPS Store free of charge, Amazon will now charge a $1 fee if customers have another free-return option the same distance away or closer. Customers can still visit those other drop-off locations — including Whole Foods, Kohl’s, and Amazon stores — and leave their packages for free. The company already charged customers to have UPS pick up returns from their homes or to drop off packages at UPS Access Points, which are located inside third-party businesses, The Information reported.
“We always offer a free option for customers to return their item,” Amazon spokesperson Steve Kelly told Insider by email. “If a customer would prefer to return their item at a UPS Store when there is a free option closer to their delivery address, a very small amount of customers may incur a $1 fee.”

Read more of this story at Slashdot.