It's old news, but it's only being reported today: turns out, in 2010, Russian crackers exploited a zero-day vulnerability to install some malware on the Nasdaq stock exchange systems capable of derailing the stock exchange.

The October alert prompted the involvement of the National Security Agency, and just into 2011, the NSA concluded there was a significant danger. ... [The] National Cybersecurity and Communications Integration Center (NCCIC), whose mission is to spot and coordinate the government's response to digital attacks on the U.S. ... reviewed the FBI data and additional information from the NSA, and quickly concluded they needed to escalate. Thus began a frenzied five-month investigation that would test the cyber-response capabilities of the U.S. and directly involve the president. Intelligence and law enforcement agencies, under pressure to decipher a complex hack, struggled to provide an even moderately clear picture to policymakers. After months of work, there were still basic disagreements in different parts of government over who was behind the incident and why.

Bloomberg Businessweek does an excellent job of telling the story of competing security agencies, their different mandates, and how they cooperated and sometimes competed to deal with the intrusion.

The agents found little evidence of a broader attack. What they did find were systematic security failures riddling some of the most important U.S. financial institutions. It turned out that many on the list were vulnerable to the same attack that struck Nasdaq. They were spared only because the hackers hadn't bothered to try.

Bladerunner, the Jetsons, I, Robot: our fascination with a future world where robots serve (and sometimes kill) us continues unabated. But while most of us are just idly daydreaming what that world of automated companions would look like, or working on purpose-built robotics like Big Dog, Japan is aggressively pushing the envelope on robotics research. In fact, by most accounts, they've got us squarely in the Uncanny Valley, that awkward emotional malaise you feel when interacting with a robotic being that is almost, but not quite human.

CNN has published an interesting overview of the Robot Revolution in Japan¹. And it's pretty amazing. Start with the world's first virtual pop star, or Pepper, the first humanoid robot programmed with emotion. Freaky? Then check out Miraikan [Japanese], Japan's National Museum of Emerging Science and Innovation, where a lot of the magic is happening.

Here, visitors can interact with ASIMO, the Honda-developed android that can run, perform tasks, and interact with people. Honda first unveiled ASIMO a decade ago, and even today it remains a futuristic vision of what robotics may one day hope to achieve on a consumer scale. ... There's Otonaroid, who looks like a young Japanese woman with silicone skin, flowing hair, and blinking eyes. ... And then there's Kodomoroid, an android newscaster that reads headlines to museum visitors, and Telenoid, a creepy-looking communication device that allows you to "speak" to friends or loved ones who are far away -- and feel as if you are sitting with them. You can hold and hug the Telenoid, and it hugs you back with its little stubs for arms.

Curious to see what the future looks like? Now's your chance.


¹[Ed. note: This time, the "Robot Revolution" refers to spectacular advances in the science of designing and building robots. Next time though, it's going to mean we all hide in the hill caves before the Killer Robots overthrow and enslave us ...]

It seems popular opinion is relatively settled that breathing second-hand smoke is unhealthy, and that non-smokers who are exposed to it are at risk of illness. But the scientific evidence keeps piling up to support that theory, and even to extend the risks to another level: Third-hand Smoke!

Research into "third hand" smoke (residual tobacco smoke gases and particles that are deposited to surfaces and dust) has highlighted the potential cancer risk in non-smokers of non-dietary ingestion and dermal exposure to carcinogen N-nitrosamines and tobacco-specific nitrosamines (TSNAs) [Abstract].

Using a highly sensitive and selective analytical approach we have determined the presence of nicotine, eight N-nitrosamines and five tobacco-specific nitrosamines in forty-six settled dust samples from homes occupied by both smokers and non-smokers. Using observations of house dust composition, we have estimated the cancer risk by applying the most recent official toxicological information. Calculated cancer risks through exposure to the observed levels of TSNAs at an early life stage (1 to 6 years old) exceeded the upper-bound risk recommended by the USEPA in 77% of smokers' and 64% of non-smokers' homes.

[Ed. note: apparently, not only should you not stand next to someone smoking, but you shouldn't even walk through a place where someone has smoked, ever. Cancel my next trip to Paris, please.]

Our Monday poll is up, and it involves choice of programming languages in order to stay hire-able in a moving market.

Look 5-10 years into the future and give us the advice you'd give your son/daughter headed to an expensive university to learn computer programming. That doesn't mean: what language do you need to learn to get that job? It means: what languages (plural!) would not only facilitate employment but also provide a balanced understanding of systems and processes and even perhaps set the stage for learning and understanding other things? You might recommend Ruby for example, knowing full well that Ruby won't exist in 2019 but its likely successor will require a programmer to understand its origins in Ruby choices, for example.

This is an Approval Count poll, so you can - and should! - choose all or any of the languages you'd recommend. Obviously this list couldn't have been exhaustive, so if I've missed your favorite, add it into the comments.

The Mars Curiosity rover has sustained serious damage to its wheels. Photos reveal the damage was more extensive than expected, which may cause NASA to reconsider the route to Curiosity's primary goal, Mount Sharp. Nonetheless, scientists are confident the mission can still be completed, but the mission may need revamping. It has meant taking a much closer look at the proposed route to Mount Sharp, and driving backwards to prevent the front wheels from failing.

Curiosity is now traversing a section of ground en route to its goal that is particularly dangerous as it is the same type of surface that has caused the majority of the wheel damage. Cross your fingers for Curiosity and pay close attention: it's going to be a wild ride!

Windows 8 has been called the single biggest failure of a Windows release ever, and it's no secret that Redmond is scrambling to come up with something that will stem the flood of negative press and coax people off of Windows 7. A leaked screenshot of the Windows 9 start menu shows a conglomerate of the Windows 7 start menu and the Windows 8 Start Screen. Other improvements include a more cohesive approach to the "Modern interface" to allow users to ignore it.

But is this enough to woo people off of Windows 7 and get them to move to Windows 9?

The victims and beneficiaries of Microsoft CEO Satya Nadella's reorgnanization are now known, and among the casualties of today's big Microsoft layoffs will be original content planned for the Xbox: Xbox Entertainment Studios. As first reported by Re/Code, the shutdown will occur in the next few months, Xbox chief Phil Spencer wrote in a memo to staff.

Xbox Entertainment Studios was founded last year in order to produce original content for the Xbox platform. The L.A.-based, 125-person studio was led by former CBS television president Nancy Tellem, who remains "committed to new, original programming already in production," Spencer said today.

XBox Entertainment Studios had a short life. It was announced only a year ago, but design decisions led to poor reviews. Among its weaknesses, the software was bloated and slow, and Microsoft not only hobbled it with DDR3 memory but also needlessly restricted the games to using only 6 of the 8 cores.

[Author note: I have an AMD 8320 and Win8.1, it utilizes only 2% of the processor at idle. And the Xbox doesn't have full on Win8, but a stripped down, slower version running on two full cores. Win8.1, for all it's bad press, is very fast and works great for a gaming rig simply because it does have a smaller footprint and uses much less of the processor. Most of the biggest complaints have been corrected and there's always classic shell. So there is no reason a stripped down Win8 needs 2 full cores. Next Gen just isn't going to live up to it's promise. At least not on the Xbox One.]

[2014-07-21 11:10 Ed. note: corrected misspelled CEO's name.]

The Kerbal Space Program has just released an update called "First Contract," a name chosen by the popular indie game's active user community. It introduces the concept of funds and contracts to the basic science career mode, giving a sense of purpose to the space agency simulator.

Other new aspects to the game with this update include all new agency icons (they were all fan-created and voted on), and the new factor of reputation as well: keeping those little green dudes alive actually takes on importance.¹ The game has all the goodness of a fully functional career mode, and there is now 64 bit support for both Windows and Linux (the Linux version has been 64 bit capable for some time now). If you have been hiding in a cave for the last 3 years here is a link to their homepage. Available through the website or Steam. $26.99 US at this time.

So, go forth and build rockets! In the famous words of Jebidiah Kerman, 'Splosions are the sprinkles on your ice cream sundae.'

¹ If reputation is a factor, I am in trouble for certain.

It's been proposed before, but MIT takes it a step further and is fleshing out a system where users can take control of their own data. This would be a radical shift in how things work now.

In the latest issue of PLOS One, MIT researchers offer one possible answer. Their prototype system, openPDS - short for personal data store - stores data from your digital devices in a single location that you specify: It could be an encrypted server in the cloud, but it could also be a computer in a locked box under your desk. Any cellphone app, online service, or big-data research team that wants to use your data has to query your data store, which returns only as much information as is required.

Interestingly, the system involves sharing code, not data. They outline a music recommendation service that would make a recommendation to you not by requesting access to your music store, but by sending you an algorithm your datastore would run and return. There's more work to do here, but it seems like a step up from the "everyone owns your data except you" model in which we're currently living.

This week's Friday distro is Alpine Linux, a surprisingly interesting distro specialized for Routers, VPNs, VOIP service, and firewalls that takes an aggressive, proactive approach to security. It's therefore minimalist, so you can install it on a router, and includes the absolute minimum (no Perl, for example). It began life as a branch of the LEAF project, which wanted a router/vpn system that could be booted from a floppy disk and run from memory: the Alpine hackers decided that config was a bit too minimal and chose instead a slightly larger package set that also provided squid, samba, dansguardian, and some other heavier applications. I thought for sure I'd learn it was developed by a bunch of Swiss or Austrian hackers, but no: it simply stands for "A Linux Powered Integrated Network Engine." Distrowatch reports it comes originally from Norway.

Most interesting of all, Alpine incorporates two security enhancements I haven't yet found on any other distro: PaX and Buffer Overflow Protection (Stack Smashing Protection). PaX is a Linux kernel patch that implements least privilege protection for memory pages. It flags data memory as non-executable, program memory as non-writable and randomly arranges the program memory. Inclusion of these two systems kept Alpine Linux protected from the vmsplice 0-day Linux kernel vulnerability: even though the attack would crash the OS, there would be no system compromise.

If you're interested in trying it, it's easy: you can run it from a USB stick, back up your config to a single file, and its simple package management and init systems make it possible to be up and running in under 10 minutes.