Volume 17, Issue 23 Atari Online News, Etc. June 19, 2015 Published and Copyright (c) 1999 - 2015 All Rights Reserved Atari Online News, Etc. A-ONE Online Magazine Dana P. Jacobson, Publisher/Managing Editor Joseph Mirando, Managing Editor Rob Mahlert, Associate Editor Atari Online News, Etc. Staff Dana P. Jacobson -- Editor Joe Mirando -- "People Are Talking" Michael Burkley -- "Unabashed Atariophile" Albert Dayes -- "CC: Classic Chips" Rob Mahlert -- Web site Thomas J. Andrews -- "Keeper of the Flame" With Contributions by: Fred Horvat To subscribe to A-ONE, change e-mail addresses, or unsubscribe, log on to our website at: www.atarinews.org and click on "Subscriptions". OR subscribe to A-ONE by sending a message to: dpj@atarinews.org and your address will be added to the distribution list. To unsubscribe from A-ONE, send the following: Unsubscribe A-ONE Please make sure that you include the same address that you used to subscribe from. To download A-ONE, set your browser bookmarks to one of the following sites: http://people.delphiforums.com/dpj/a-one.htm Now available: http://www.atarinews.org Visit the Atari Advantage Forum on Delphi! http://forums.delphiforums.com/atari/ =~=~=~= A-ONE #1723 06/19/15 ~ Cardinals Hack Astros! ~ People Are Talking! ~ PS, Xbox Pre-E3 News ~ Shake-up at Microsoft! ~ Mac Keychain Major Flaw! ~ Emoji in Passwords? ~ Google vs Revenge Porn ~ Apple's New 'El Capitan' ~ New Bethesda Fallout! -* Net Neutrality Complaint Soon *- -* 80s Computer Controls GRPS Heat, AC *- -* Data Breach Tied to Chinese Intelligence *- =~=~=~= ->From the Editor's Keyboard "Saying it like it is!" """""""""""""""""""""""""" It's been another one of those weeks! As the weather gets better (Summer officially starts Sunday!), the news seems to start to slow down. Well, news that has a technology flavor that might interest you and I! I'm sure that you've had your fill of the "real" news, so I won't delve into it this week. Oh, and before I forget, Happy Father's Day to all of you to whom it applies! Until next time... =~=~=~= 1980s Computer Controls GRPS Heat and AC A 30-year-old computer that has run day and night for decades is what controls the heat and air conditioning at 19 Grand Rapids Public Schools. The Commodore Amiga was new to GRPS in the early 1980s and it has been working tirelessly ever since. GRPS Maintenance Supervisor Tim Hopkins said that the computer was purchased with money from an energy bond in the 1980s. It replaced a computer that was “about the size of a refrigerator.” The computer is responsible for turning the heat and the air conditioners on and off for 19 school buildings. “The system controls the start/stop of boilers, the start/stop of fans, pumps, [it] monitors space temperatures, and so on,” Hopkins explained. A Kentwood High School student programmed it when it was installed in the 1980s. Whenever the district has a problem with it, they go back to the original programmer who still lives in the area. Parts for the computer are difficult to find, Hopkins said. It is on its second mouse and third monitor. “It’s a very unique product. It operates on a 1200-bit modem,” said Hopkins. “How it runs, the software that it’s running, is unique to Commodore.” Hopkins said the system runs on a radio frequency that sends a signal to school buildings, which reply within a matter of seconds with the status of each building. The only problem is that the computer operates on the same frequency as some of the walkie-talkies used by the maintenance department. “Because they share the same frequency as our maintenance communications radios and operations maintenance radios — it depends on what we’re doing — yes, they do interfere,” Hopkins said. If that happens, “we have to clear the radio and get everyone off of it for up to 15 minutes.” If the computer stopped working tomorrow, a staff person would have to turn each building’s climate control systems on and off by hand. A new, more current system would cost between $1.5 and 2 million. If voters pass a $175 million bond proposal in November, the computer is on the list of things to be replaced. It wasn’t replaced with money from the 2011 Warm Safe and Dry bond because it just didn’t rise to the top of the list. “There’s a lot of projects, a lot of needs in the district, so there’s other priorities we have to put in place ahead of this,” Hopkins said. “This system is still running.” Bringing Stocking Elementary out of moth balls, replacing boilers and roofs, and removing asbestos were just some of the projects GRPS put on the Warm, Safe and Dry list before the Commodore computer. =~=~=~= ->In This Week's Gaming Section - Xbox, PlayStation Present New Games Ahead of E3! """"""""""""""""""""""""""""" New 'Fallout' Builds Bethesda Video Game Muscle! =~=~=~= ->A-ONE's Game Console Industry News - The Latest Gaming News! """""""""""""""""""""""""""""""""" Xbox, PlayStation Present New Games Ahead of E3 Conference Videogame console titans Microsoft and Sony vied for attention ahead of the industry's annual E3 conference, giving fans sneak peeks of the latest Xbox and PlayStation games. Microsoft also told gamers that new Xbox One consoles would have "backward compatibility", meaning they will also be able to play games made for the older Xbox 360. Fans were shown clips of upcoming Xbox games - "Halo 5: Guardians", "Rise of the Tomb Raider" and "Gears of War" - at an event at the University of Southern California Galen Center on Monday. Meanwhile Sony unveiled the newest games for its PlayStation 4 including "The Last Guardian" and "Horizon: Zero Dawn", at a separate event in Los Angeles. It also told fans a deal with Activision would allow PS4 owners to be the first to play the upcoming "Call of Duty: Black Ops III" this summer. The two console makers held the events ahead of the Electronic Entertainment Expo (E3), which took place on June 16-18 at the Los Angeles Convention Center. New 'Fallout' Builds Bethesda Video Game Muscle Bethesda Software unveiled the latest installment of its "Fallout" video game franchise late Sunday, flaunting a new line-up of powerhouse sequels to its blockbuster hits. The US video game publisher showed off the keenly awaited "Fallout 4" at its first-ever Electronic Entertainment Expo (E3) media event in the Dolby Theatre. It also released a free "Fallout Shelter" spin-off game in Apple's online App Store. "Fallout 4" opens with scenes showing a young family in a setting that blends 1950s America with the future. Nuclear bomb blasts send people racing for shelter, and the main character becomes the sole survivor, emerging two centuries after the devastation. A collector version of the game comes with a real-life Pip-Boy wrist-wear device, a gadget well-known by fans of "Fallout." The wearable Pip-Boy is designed to hold smartphones, and there will be an application to make it an extension of the game, according to Bethesda game studios director Todd Howard. "Fallout 4" will be released on November 10, with versions of the game tailored for play on Xbox One and PlayStation 4 consoles as well as on personal computers powered by Windows software. Bethesda also gave a preview of "Doom" and "Dishonored 2" video games that are slated for release early next year. The "Dishonored" sequel will let players return to roles as supernatural assassins. In "Doom," players take on the challenge of wiping out powerful demons in a research facility on Mars. "The foundation of any 'Doom' experience is centered around bad-ass demons, big guns and moving really fast," executive producer Marty Stratton said. The Bethesda event gave an unofficial start to E3, the video game industry's biggest trade show, which officially opens on Tuesday in the Los Angeles Convention Center. Blockbuster video games will be the main attraction, but in the wings attention will go to the promise of stepping into the games virtually and streaming them as spectator sport. "Like every year, E3 will be about the marquee video game titles that will take the world by storm," TechSavvy analyst Scott Steinberg told AFP on Saturday. "But, there are side battles going on." Analysts expect this E3 to be a coming-of-age of sorts for virtual reality, which has been around for decades but remained an unfulfilled promise for gamers eager to immerse themselves in fantasy worlds. Meanwhile Google-owned YouTube will be facing off with Amazon-owned Twitch, by previewing a version of its video-sharing platform tailored for gamers. San Francisco-based Twitch, which allows viewers to watch other people's live-streamed games, plans to live-stream press conferences, demos and interviews at E3. In keeping with years past, the day before E3 officially opens will be packed with theatrical media events revealing scenes from new versions of much-loved games on Xbox One, PlayStation 4 or Wii U consoles. Winning game franchises getting new installments will include "Batman," "Assassin's Creed," "Mass Effect" and "Call of Duty." =~=~=~= A-ONE's Headline News The Latest in Computer Technology News Compiled by: Dana P. Jacobson U.S. Employee Data Breach Tied to Chinese Intelligence The Chinese hacking group suspected of stealing sensitive information about millions of current and former U.S. government employees has a different mission and organizational structure than the military hackers who have been accused of other U.S. data breaches, according to people familiar with the matter.     While the Chinese People's Liberation Army typically goes after defense and trade secrets, this hacking group has repeatedly accessed data that could be useful to Chinese counter-intelligence and internal stability, said two people close to the U.S. investigation.     Washington has not publicly accused Beijing of orchestrating the data breach at the U.S. Office of Personnel Management (OPM), and China has dismissed as "irresponsible and unscientific" any suggestion that it was behind the attack.     Sources told Reuters that the hackers employed a rare tool to take remote control of computers, dubbed Sakula, that was also used in the data breach at U.S. health insurer Anthem Inc last year.     The Anthem attack, in turn, has been tied to a group that security researchers said is affiliated with China's Ministry of State Security, which is focused on government stability, counter-intelligence and dissidents. The ministry could not immediately be reached for comment.     In addition, U.S. investigators believe the hackers registered the deceptively named OPM-Learning.org website to try to capture employee names and passwords, in the same way that Anthem, formerly known as Wellpoint, was subverted with spurious websites such as We11point.com, which used the number "1" instead of the letter "l".     Both the Anthem and OPM breaches used malicious software electronically signed as safe with a certificate stolen from DTOPTOOLZ Co, a Korean software company, the people close to the inquiry said. DTOPTOOLZ said it had no involvement in the data breaches.     The FBI did not respond to requests for comment. People familiar with its investigation said Sakula had only been seen in use by a small number of Chinese hacking teams.     "Chinese law prohibits hacking attacks and other such behaviors which damage Internet security," China's Foreign Ministry said in a statement. "The Chinese government takes resolute strong measures against any kind of hacking attack. We oppose baseless insinuations against China."     Most of the biggest U.S. cyber attacks blamed on China have been attributed, with varying degrees of certitude, to elements of the Chinese army. In the most dramatic case two years ago, the U.S. Justice Department indicted five PLA officers for alleged economic espionage.     Far less is known about the OPM hackers, and security researchers have differing views about the size of the group and what other attacks it is responsible for.     People close to the OPM investigation said the same group was behind Anthem and other insurance breaches. But they are not yet sure which part of the Chinese government is responsible.     "We are seeing a group that is only targeting personal information," said Laura Gigante, manager of threat intelligence at FireEye Inc, which has worked on a number of the high-profile network intrusions.     CrowdStrike and other security companies, however, say the Anthem hackers also engaged in stealing defense and industry trade secrets. CrowdStrike calls the group "Deep Panda," EMC Corp's RSA security division dubs it "Shell Crew," and other firms have picked different names.     The OPM breach gave hackers access to U.S. government job applicants' security clearance forms detailing past drug use, love affairs, and foreign contacts that officials fear could be used for blackmail or recruiting.     In contrast to hacking outfits associated with the Chinese army, "Deep Panda" appears to be affiliated with the Ministry of State Security, said CrowdStrike co-founder Dmitri Alperovitch.     Information about U.S. spies in China would logically be a top priority for the ministry, Alperovitch said, adding that "Deep Panda's" tools and techniques have also been used to monitor democracy protesters in Hong Kong.     An executive at one of the first companies to connect the Anthem and OPM compromises, ThreatConnect, said the disagreements about the boundaries of "Deep Panda" could reflect a different structure than that in top-down military units.     "We think it's likely a cohort of Chinese actors, a bunch of mini-groups that are handled by one main benefactor," said Rich Barger, co-founder of ThreatConnect, adding that the group could get software tools and other resources from a common supplier.     "We think this series of activity over time is a little more distributed, and that is why there is not a broad consensus as to the beginning and end of this group." FCC Could Get First Net Neutrality Complaint Soon The Federal Communications Commission's new Net neutrality rules have been in effect for less than a week, and the agency is about to receive its first formal complaint from a company alleging harm. Commercial Network Services, a San Diego-based company that operates webcams and streams live video feeds, said it will soon file a formal complaint against cable giant Time Warner Cable for charging it to deliver its streaming videos to its broadband customers, according to Barry Bahrami, CEO of the company. The Washington Post first reported the news of the complaint. Bahrami accuses Time Warner Cable of "double dipping" by charging its broadband customers for access to the Internet and also charging companies, like Commercial Network Services, for delivering video to consumers who subscribe to Time Warner Cable's broadband service. Because Commercial Network Services has refused to pay the additional fee that Time Warner Cable is charging it to send traffic to its customers, Bahrami says that Time Warner Cable is directing Commercial Network Services' traffic through a congested connection that serves Time Warner's broadband customers. Bahrami says by doing this Time Warner Cable is severely degrading the quality of its streams, such as the San Diego Web Cam, which offers live streaming of the San Diego harbor. "This could all be changed in a few minutes if it were not for Time Warner greed," he said. Once filed, Commercial Network Services' complaint will be the first formal complaint that the FCC has received since its Net neutrality rules went into effect last week. Net neutrality is the principle that all Internet traffic be treated equally and that wireless carriers and Internet service providers not put businesses or customers at a disadvantage. Earlier this year, the FCC passed new rules to protect Net neutrality to replace rules that had been thrown out by a federal court in January 2014. As part of the new rules, the FCC expanded the scope of Net neutrality and in addition to formulating clear cut "bright line" rules that prevent broadband providers from blocking or slowing down traffic and prevents them from charging for so called "fast lanes," the new rules also for the first time allow the FCC to determine if commercial deals between private companies exchanging Internet traffic are "fair and reasonable" or whether these deals could harm consumers' access to the Internet. Instead of applying blanket restrictions on companies exchanging Internet traffic as the agency has in the "bright line" rules, the FCC will examine disputes over Internet "interconnection" on a case-by-case basis. While the FCC's ruling from one case to another could vary, how the agency handles this first complaint once it's filed could give broadband and other Internet companies a better sense of how far the FCC will go in terms of regulating the Internet. The dispute is similar to disagreements that streaming video provider Netflix has had with other broadband providers Comcast and Verizon. Netflix's CEO Reed Hastings publicized the disputes his company had with these two broadband providers last year. As a result, the FCC expanded the scope of its Net neutrality rules to include a provision that allowed it to examine these deals more closely. In a separate Net neutrality development today, the FCC said it plans to impose a fine up to $100 million fine on AT&T for allegedly misleading customers who subscribe to its unlimited data plans. The FCC has accused AT&T of violating the transparency rule of the agency's Net neutrality regulation. The transparency rule was the only part of the FCC's original 2010 Open Internet order that was not thrown out when the court ruled against the FCC in 2014. Critics, who oppose the FCC's new rules, say the FCC has overstepped its authority by even examining commercial agreements between companies exchanging Internet traffic. They fear the agency could try to use its authority to set rates on services or take other actions that could stifle competition. FCC Chairman Tom Wheeler has denied that this is the agency's aim. While defending the new rules in front of a congressional hearing in March, he said he looked forward to getting a Net neutrality complaint filed under this new complaint process so that he could show critics how high the the FCC has set the bar for intervening in such commercial deals. Commercial Network Services hasn't yet filed its formal complaint with the FCC, but Bahrami said the paperwork will be filed in the next few days. The FCC declined to comment. Time Warner Cable said in a statement that it is not violating the FCC's rule. It claims it does not charge companies exchanging traffic with it to pay fees so long as the amount of traffic the companies exchange is roughly equal. It said that under its policy, Commercial Network Services does not qualify for such an arrangement. It also denies that it is deliberating slowing down the company's traffic to its broadband customers. And Time Warner Cable is confident the FCC will side with it in this dispute. "Time Warner Cable's interconnection practices are not only 'just and reasonable' as required by the FCC, but consistent with the practices of all major ISPs and well-established industry standards," the company said in its statement. Nadella Conducts Biggest Microsoft Revamp Since Taking Over Former Nokia chief executive Stephen Elop is set to leave Microsoft as part of the most extensive executive reshuffle since Satya Nadella pipped him to the top job at the software company early last year. The changes announced Wednesday, which include the departures of other close allies of former chiefs Steve Ballmer and Bill Gates, also reflected a move by Mr Nadella to shore up two of its underperforming businesses. Mr Elop played a controversial role in Nokia's exit from the mobile handset industry it once dominated, and has done little to rejuvenate Microsoft's own hopes of getting a stronger foothold in the mobile computing industry now dominated by Apple and Google.  A former rising star at the software company, he quit to head the Finnish mobile telecoms company in 2010 and presided over a collapse in its sales before selling the handset division to Microsoft and rejoining the US group.  In an email to staff, Mr Nadella said Mr Elop was leaving as the result of an organisational reshuffle that would see the devices division he heads folded into the larger Windows group. Others poised to leave in the coming months include Mark Penn, a former political pollster for the Clinton White House who had been a long-time adviser to Mr Gates and was brought in by Mr Ballmer as head of marketing. He became best known for a series of barbed commercials attacking Google, before being sidelined in an earlier reshuffle a year ago. Separately, Mr Penn announced that he would head a new private equity firm that had raised $US250 million to invest in areas such as digital marketing, with Mr Ballmer listed as a "core investor". Eric Rudder, one of Microsoft's most senior technical executives and a protege of Mr Gates, would also leave after a transitional period, the company said. Mr Rudder had once been seen as a potential candidate to follow Mr Gates as Microsoft's top technical leader. Like Mr Penn, however, he had been left without direct responsibilities over any of Microsoft's main businesses after a 2013 reassignment into a strategy role. While Mr Nadella has made several other senior leadership appointments since taking over, the delay of nearly a year-and-a half in pushing through a broader reshuffle and the departure of executives who had been closely associated with Microsoft's former leadership marks an unusually long time for such a housecleaning. Microsoft often waits until around the end of its fiscal year, which takes place this month, to make executive or other strategic changes. The moves included folding another underperforming division, the Dynamics business applications unit, into the larger cloud and enterprise group. Kirill Tatarinov, head of the Dynamics applications business, would also leave, Microsoft said. The restructuring follows reports that Mr Nadella at one point weighed the idea of a giant acquisition of Salesforce.com to strengthen Microsoft's position in applications delivered from the cloud, before dropping the idea. Mr Nadella painted the moves as part of an intensified effort to align the company's engineering groups around its core product areas, rather than a sign of any strategic change.  Google To Remove 'Revenge Porn' From Search Results In a significant step to combat "revenge porn," Google will honor requests to remove from search results nude or sexually explicit images posted on the Internet without consent. Google says it will remove the search results the same way it does other sorts of highly sensitive personal information such as bank account numbers and Social Security numbers. "Our philosophy has always been that search should reflect the whole Web," Amit Singhal, senior vice president of Google Search said in a blog post provided to USA TODAY. "But revenge porn images are intensely personal and emotionally damaging, and serve only to degrade the victim — predominantly women." Victims will be able to submit requests through an online form in coming weeks, Google said. "We know this won't solve the problem of revenge porn — we aren't able, of course, to remove these images from the websites themselves — but we hope that honoring people's requests to remove such imagery from our search results can help," Singhal wrote. University of Maryland law professor Danielle Citron, an expert in online harassment and author of Hate Crimes in Cyberspace, applauded the move. The search engine used the world over has unparalleled influence over what people can and cannot find on the Internet. Google and other technology companies have come under growing public pressure to take down intimate photos posted without the subject's consent and remove links to that content. Rep. Jackie Speier (D-Calif.) is about to introduce federal legislation that would ban revenge porn. Comedian John Oliver is planning to feature the subject Sunday on his HBO show Last Week Tonight. "What we have seen in the last six months is this public consciousness about the profound economic and social impact of that posting nude images without someone's consent and often in violation of their trust can have on people's lives," Citron said. "What victims will often tell you and what they tell me is that what they want most is not to have search results where their employers, clients and colleagues can Google them and see these nude photos. It's not just humiliating, it wrecks their chances for employment. It makes them undatable and unemployable." She says Google's decision is consistent with its policies. "Some special narrow categories of sensitive personal information have no value to public debate and exact serious harm," Citron said. Google usually only removes search results with a valid legal request. It makes an exception for images of child sexual abuse and sensitive information such as bank account numbers and signatures. In Europe, under the right to be forgotten law, Google has removed nearly 1 million links. The ruling gives European residents the ability to demand that search engines remove links that appear in searches for an individual's name, but so far only in Europe. "Google has long been hesitant to mess with its search results and there are some good reasons for that. If you pull out one kind of content, other people will want you to pull out another kind of content and it can become a slippery slope," said Danny Sullivan, founding editor of SearchEngineLand.com. "Having said that, this is one of those cases where I think people would nod in agreement that yes, this is terrible, this stuff should be removed." Sullivan said Google's decision could have a deterrent effect. "If it's not in Google, does it actually exist? The answer is yes, it does exist but it's a heck of a lot harder to find. Even this won't make it impossible but it does make it more difficult and, when it's more difficult, it makes it less attractive for people to do this kind of behavior." Yet for years there was little anyone could do when intimate photos appeared online. Under a federal Internet law passed in 1996, Internet providers and websites aren't legally responsible for third party content posted by users as long as that content does not violate intellectual property laws or federal criminal laws. But government officials are now going after people who leak the images and the web sites that profit from them. New Jersey passed the first law addressing revenge porn in 2004. Since then, 18 states have passed laws criminalizing revenge porn — the most recent law was signed this week by Vermont governor Peter Shumlin. The Federal Trade Commission has also started cracking down. Earlier this year it announced a settlement with the operator of an alleged revenge porn site that banned him from publishing nude pictures of people without their consent and required him to destroy the photo collection. With the growing backlash against revenge porn, technology companies are also taking a stand. In March, Twitter became the latest Internet company to enact explicit rules that ban the posting of nude photographs and videos without the subject's permission. Facebook also banned revenge porn in March. Reddit banned it in February. Last year a 4Chan poster hacked into celebrities' iCloud accounts and posted naked photos of Jennifer Lawrence and Kate Upton among others on a Reddit subgroup, "The Fappening." Reddit allowed the photos to remain on the site. Some people don't think the policies go far enough because they still require women to police their own harassment. But, says Citron: "We have come to a cultural consensus that the exploitation of nude photos and videos without consent is unacceptable, harmful, and valueless and Google is recognizing it with its new position in search results. ... This is the next crucial, logical step." FBI Investigates Cardinals for Breaking into Astros' Database The FBI is investigating one of the best baseball teams in the US after it allegedly broke into a database belonging to one of the worst. Investigators told the New York Times that the FBI and Department of Justice (DOJ) prosecutors are accusing front-office staff of the St. Louis Cardinals of "hacking" into an internal network of the Houston Astros to steal closely guarded information about players, including internal discussions about trades, proprietary statistics and scouting reports. Calling it "hacking" is quite a stretch, given what we know about the deed, which allegedly involved: Using the old passwords Astros General Manager Jeff Luhnow used when he worked overseeing drafts for the Cardinals, which ... ...Luhnow never bothered to change when he got the job as general manager for the Astros. As well, the not-so-l337 H4x0rs... ...Allegedly accessed the Astros' database from their own home, making it simple as pie for the FBI to track them down. Why the Astros, a team known as a perennial loser? It sounds like a matter of bad blood between the rival teams. As the New York Times subsequently reported, Luhnow was a numbers guy who'd been influenced by the film "Moneyball" and focused that type of statistics expertise on acquiring players. It worked for the Cardinals: the team made it to three World Series and won two of them under Luhnow's management of its draft. He took his know-how over to the Astros in 2011, along with Sig Mejdal, a former NASA engineer whose title is director for decision sciences. Mejdal in turn used his work on astronauts' decision making to improve the team's drafting. Luhnow, with his data analytics approach to baseball, has apparently worked the same kind of magic at the once pathetic Astros that he pulled off in St. Louis: an achievement that Bloomberg Business called "a project unlike anything baseball has seen before", akin to what Mitt Romney used to do to steel companies while at Bain Capital: "stripped them down with ruthless efficiency to build them back up again, stronger and better than before." The Astros are now, in fact, in first place in the American League West division. This success can't feel good to the Cardinals, the team that Luhnow left behind. Theories about the motivation for Cardinals' front-office staff to allegedly trespass into the Astros' internal workings include resentment over Luhnow's departure; bad feelings from when he was with St. Louis, given that he was what the NYT calls a "polarizing figure"; or a suspicion that Luhnow took proprietary information with him to Houston. Luhnow reportedly built a computer network, called Redbird, while he was with the Cardinals. It housed all the intel on baseball operations, including scouting reports and player information. When he joined the Astros - taking some front-office personnel with him - he created a similar program and called it Ground Control. Investigators told the NYT that they believe that Cardinals' personnel, concerned that Luhnow had taken such proprietary baseball information to the Astros, examined a master list of passwords Luhnow and the other officials used while working for the Cardinals. Evidence is pointing to the Cardinals employees having used those same, evidently unchanged passwords to gain access to the Astros' network, investigators said. It wasn't hard to guess the password: after all, the Cardinals had a master list of passwords, which was proprietary information. That lack of password hygiene is likely what led to 10 months' worth of Astros' internal discussions about trades having been posted online at Anonbin, a site where users can anonymously share hacked or leaked information, a year ago. Major League Baseball notified the FBI, under the impression that the Astros had been hit by a rogue crook - certainly not by another major league baseball team. That's when the investigation started. It soon led to a computer at a home that some Cardinals employees had lived in. As Deadspin's Tom Ley tells it, every move in this "hacking" game reflects security fouls: reusing passwords (a major security sin), leaving a clear path to your home IP address because you don't have the brains to use an internet cafe to do your snooping, building a proprietary database and then just tucking it under your arm when you walk out the door, leaving two-factor authentication (2FA) out of the design of this precious repository of baseball knowledge (indeed, 2FA could have made this so-called "hack" impossible to pull off), and showing off your ill-gotten goods on a public paste site for all to see (not what you'd call subtle!). Who's on first? Nobody I'd hire for their security expertise! Major Mac Flaw Spills Your Passwords A crucial flaw found in Macs allows a malicious app to snatch the passwords from your Keychain - or even directly from other apps. That exposes the passwords to your iCloud account, notes, photos, email, banking, social media - everything. Indiana University computer science professor XiaoFeng Wang and his team of researchers found several ways a bad app could "cross over" into other apps. The researchers found that malicious software could slip into the Apple Keychain, delete old passwords, and wait for you to retype them in. When you do, it grabs them. They also found an issue with the way Apple categorizes Mac programs with a unique ID, called a BID. Hackers could assign an email app's BID to a piece of malware, then get scooped up into a "trusted" group of programs. The Indiana University team analyzed the top 1,612 Mac apps, and found that 89% of them were susceptible to these kinds of attacks. To prove that a hacker could pull off the attack, the research team sneaked a malicious app capable of stealing passwords into Apple's heavily guarded App Store. The malware was disguised as a daily-gag-delivering app called "Joke Everyday." Apple did not respond with a comment on Tuesday. However, people familiar with the company's practices said that Apple is working on restructuring how its Mac OS X operating system separates apps. But they say that would be a laborious process, requiring all independent Apple developers to establish new security measures and update every app. Fixing the Keychain will be even more difficult, that person said. Apple is also improving how it reviews incoming new programs to its App Store. The research team said it went public with its findings on Tuesday, because Apple took too long to fix it. They initially notified the company in October. Apple tweaked its operating system in January, they said, but the supposed fix didn't actually solve the problem. Fast-forward to June, and there's still no solution. "All these things are very serious," Wang said. "If we continued to keep silent, it's unfair to Apple users. It's very likely someone already knew this hack." When researchers find dangerous computer bugs, Apple's policy is to communicate with them sparsely and quietly fix things behind closed doors. Earlier this month, CNNMoney examined how Apple's approach to security needs improvement. Wang said this could have been avoided if Apple communicated more with the outside computer engineers who independently create popular software programs for Macs. "Apple needs to inform the app developers what they need to do," he said. "In some cases, Apple provides nothing for app developers to do a security check." Leading Indiana University student researcher, Luyi Xing, complained that, while Apple did respond to them at first, the company didn't actively work with security researchers - and share progress - until after they made their report public. "Now it's a couple of emails a day," Xing said. A person with knowledge of Apple's security policies said the company was partly caught by surprise with the sudden publication of this report, since Apple had been communicating with the researchers. "The problem may have already been fixed if they would have taken it more seriously," Professor Wang said. "Now they're actively talking to us. This is more evidence we should go public in some cases." The researchers might pay for their adventure. Apple typically revokes developer credentials for anyone who slips malware into the App Store - even for security research. Renowned security researcher Charlie Miller got a one-year suspension from the App Store in 2011 for that very reason. Wang hopes Apple will spare his six-person team. "I don't think it would be fair. Our intention is to help Apple," he said, adding this foreboding note: "We found more than we disclosed. There's another new attack that's pretty serious, and we didn't make it public." Apple’s New OS X 'El Capitan' Preview Is a Subtle, Fast Upgrade At its World Wide Developers Conference last week, Apple gave the assembled crowd of software coders some welcome news: The next annual release of OS X, called El Capitan, would be available to the public for free this fall—but an early version was available for developers to download immediately. There was good news for reviewers, too; Apple gave those of us in the Tech Writers’ Guild the same early access to the software. I’ve been scaling El Capitan for a few days, and I’m pleased to report that even this early version is slick and fast. But there’s a good deal of fine-tuning left to do, and some smaller-name programs have yet to be updated for compatibility (here’s a pretty good running list of which apps don’t work). None of the big-name programs (Microsoft, Adobe, etc.) have any problems that I could find. If you’re a Mac fan, here’s what you have to look forward to in the next version of your operating system. The top line: This is a no-brainer upgrade. Once it’s finished, you’ll want it. Once Apple ran out of jungle-cat names for its OS X releases (Panther, Lion, Leopard, etc), it started adopting the names of scenic California sites. Last year’s release, for example, was called Yosemite, after the national park. So what’s with El Capitan? Isn’t that the name of a mountain within Yosemite? Yes — and that should give you some hint as to the nature of this upgrade. It’s not a new operating system; it’s a refinement of the last one. Remember how Apple followed OS X Leopard with OS X Snow Leopard? Well, you can think of El Capitan as Snow Yosemite. It doesn’t look any different than Yosemite; instead, this year’s annual OS X upgrade is a compilation of all the little nips and tucks that Apple engineers wished they’d had time to put into the last version. The big-ticket items, Apple says, are all under the hood: speed and stability. Programs open up to 1.4 times as fast, which is especially noticeable in Photos, Apple’s recently introduced iPhoto replacement. Switching programs is twice as fast. Opening a PDF document, four times as fast.  Animations—for example, when you switch between virtual monitors in full-screen mode—feel smoother and faster, too. You’ll feel the difference in speed, and speed is good. As a handy bonus, you won’t need to upgrade your Mac to run El Capitan. It runs on almost any Mac that can now run Yosemite, or Mavericks before it, or Mountain Lion before that: •      iMacs made since mid-2007 •      MacBook since 2008 •      13-inch MacBook Pro since mid-2009 •      15-inch or 17-inch MacBook Pro since late 2007 •      MacBook Air since late 2008 •      Mac Mini since 2009 •      Mac Pro since 2008 A system-software version that still runs on 8-year-old machines? Nicely done, Apple. This time around, Apple isn’t boasting, “over 200 new features” as it usually does; “over 20 new features” would be more like it. They’re subtle. They’re motley. They’ll be welcomed by people already using Macs, but won’t do anything to sway someone who already loves Windows.  Here are a few of the biggies. (There’s also a basketful of 18 more, subtler improvements that Apple didn’t mention onstage and isn’t getting much press; click here to read about those.) Notes. After years of boringness, Apple’s Notes program has suddenly sprouted an array of formatting features that practically turn it into OneNote or EverNote. Now there’s full type formatting, bulleted lists, checklists, Web links, and pasted graphics, videos, or maps. (All of this will get synced automatically to your iPhone or iPad, too, once iOS 9 comes out this fall.) The new Attachments Browser lets you view a palette of all the photos, videos, maps, and Web links you’ve added in all your notes, which is surprisingly handy. A new New Note option appears in the Share menu of Safari and other apps.  Wiggle the cursor to magnify it. When you wake your Mac, you might be in the habit of rapidly scrubbing your trackpad (or wiggling your mouse), just so you can spot the cursor on screen. In El Capitan, whenever you rapidly wiggle the cursor, it momentarily becomes gigantic to draw your eye. Maps. Apple’s Maps takes a timid step toward overcoming Google Maps’ overwhelming superiority by adding public-transportation directions—for four U.S. cities (San Francisco, New York, Baltimore, and Washington DC). Google Maps, by contrast, has transit schedules and directions for every major city around the world—and offers walking directions, too. Split screen in full-screen mode. In full-screen mode, your document window fills the entire monitor, and the menu bar and window edges are hidden. In El Capitan, you can now split the screen between two full-screen apps, displaying them side-by-side, or move the dividing line between them.  (Where have we seen this sort of thing before? Oh yeah—Windows 8.) Redesigned Mission Control. Misson Control is a special view that helps you find one lost window among your ocean of them. It shrinks all of your open windows to miniatures, all simultaneously visible. In El Capitan, they’re no longer clumped by program; you can see them all spread out. (Mac veterans will recognize this effect as the old Exposé.) Redesigned Spaces. Spaces is a somewhat confusing power-user feature that lets you create several side-by-side “virtual monitors,” each with its own programs and windows. In El Capitan, the Spaces bar is more compact and easier to operate (you can see it above)—you don’t have to open System Preferences to make changes. You can just drag a window’s title bar to the top of your screen to add it to an existing Space or put it into a new one. Apple has put quite a bit of work into Spotlight, the Mac’s built-in search feature, adding the ability to find more kinds of information using natural language queries: More kinds of Web info. Into the Spotlight search bar, you can now type search terms for weather, sports, stocks, athletes, public transportation, and online videos. You can type, for example, “yankees schedule,” “lebron james,” “weather Tuesday London,” or “goog” (to find out Google’s stock price). You can type “jimmy fallon” to see the latest YouTube, Vimeo, or Vevo clips from that show. Or type “GrandCentral” or “7th ave subway” to see the current schedules for those trains. In each case, the search-results panel offers a tidy display of information on your query. Resize or move the Spotlight window. You can now make the Spotlight window taller, as shown above—but not, weirdly, wider. You can also drag it around your screen. For example, if you like to use Spotlight as a calculator (yes, you can type, for example, “37*12” into it to get the result), you can now park the window at the edge of your screen so you can keep working in your main program. (Undocumented tip: To restore the Spotlight window to its original size and position, hold the cursor down on the Spotlight icon—the magnifying-glass—at the top right of your screen.) Prose (“natural language”) searches. One more Spotlight upgrade: You can now type out queries that describe what you’re looking for – like “files I worked on in January,” or “slides from 2013 containing WidgeTech,” or “images from last year.” In general, the kinds of information Spotlight understands here are file types (“documents,” “movies,” “images,” “presentations,” “email” and so on), the words and phrases inside each file, dates and times, and the names of email senders or recipients. Mail, the built-in email program, received just a touch of love from Apple this year, with support for gestures, natural language searches, and instant reminders: Speed boost. Apple reworked the way Mail checks IMAP email accounts to make it feel faster, especially over slow connections. Gestures. You can now swipe to the right (two fingers on your trackpad) to mark a message as read or unread, and swipe to the left to delete it. This trick works even on messages in a background list, while a different message’s window is open in front. More natural-language searching. As with Spotlight, prose queries have now come to Mail. You can search for, for example, “mail from Chris I haven’t read,” or “messages with attachments from last week.” Calendar suggestions. If Mail detects that a message contains the details for an appointment or a flight, it offers to add it to your calendar, saving you a bunch of copying and typing (just as iOS 8 does now). Full-screen improvements. In Yosemite Mail’s Full-screen mode, if you were reading a message, it commandeered your screen; you couldn’t click another message in the list, or refer to another message, without closing the first one. But in El Capitan, if you click outside an open message, its window shrinks down into a tab at the bottom of the screen. You can accumulate a bunch of these tabs, just as you can in a Web browser: remove them, rearrange them, or drag attachments onto them. Obscure, but welcome to full-screen aficionados. Instant reminders. If you select some text in a message that should be a reminder (“Caulk the living room tomorrow”), you can right-click it, choose Share->Reminders from the shortcut menu, and presto: a new to-do item in your Reminders app. (You can click the Mail icon in that to-do item later to open the original Mail message.) Apple has brought a couple of new features to its Safari browser, too. For example: Pinned tabs. If you drag an open tab all the way to the left, it becomes a compact square pinned tab, one that will always be there, in every window (like the similar feature in Google Chrome). Handy for social-media sites or Web-based email or chat services. But also confusing; good luck trying to explain to a beginner the difference between a tab, a pinned tab, a Favorite, and a bookmark.  Mute audio. Don’t you hate it when some Safari window or tab is playing sound, but you can’t figure out which one? Now, whenever audio is playing, a Mute button appears at the top of the Safari window. Click it to shut up all browser windows (while preserving sound from the rest of your Mac, like alert tones and your music player). Or hold your cursor down on it to see a list of browser windows, so that you can mute just the one you don’t want.  The changes in El Capitan are, as you’re figuring out, very subtle. This new OS X won’t throw anyone for a loop. And there are two ways you might react. “You’ve had a whole year, Apple! What’re you doing—spending all your time on phones and watches?” Yeah, that’s one way. The other: “Technology moves too fast already. Why must there be a whole new operating system every single year? Give me some time to learn what I’ve already got! But if you want to make things faster and smoother, great—that doesn’t make me have to learn new stuff.” In any case, you won’t have to pay for El Capitan when it comes out this fall (or when it’s available in a public beta-testing version in July); it’s free for all. A big speedup and a small list of touch-ups, no charge? That sounds like a pretty good deal to me. Why Emoji May Be in Your Next Password Say goodbye to a string of numbers and hello to kissy face, dancing lady, diamond ring, soccer ball. Intelligent Environments, a mobile and online banking technologies company, has come up with a platform allowing users to ditch a traditional numerical pin code in favor of emoji. While the system hasn't been implemented yet by any banks, Intelligent Environments shared their plan to use the fun characters in a new video and underscored how the system could potentially be more secure than a numerical pin. With 44 emoji to choose from, there are a possible 3,498,308 permutations, according to the company. By comparison, Intelligent Environments said a pin comprised of numbers 0-9 has 7,290 non-repeating digit possibilities. The world's first Emoji passcode from Intelligent Environments on Vimeo. Robert Siciliano, an online safety expert to Intel Security, said the idea is a step in the right direction for password security. "Photos as passwords are a strong alternative to simple username and password," he said. "But we can't stop there. New developments in facial recognition will inevitably replace all current methods." =~=~=~= Atari Online News, Etc. is a weekly publication covering the entire Atari community. Reprint permission is granted, unless otherwise noted at the beginning of any article, to Atari user groups and not for profit publications only under the following terms: articles must remain unedited and include the issue number and author at the top of each article reprinted. Other reprints granted upon approval of request. Send requests to: dpj@atarinews.org No issue of Atari Online News, Etc. may be included on any commercial media, nor uploaded or transmitted to any commercial online service or internet site, in whole or in part, by any agent or means, without the expressed consent or permission from the Publisher or Editor of Atari Online News, Etc. Opinions presented herein are those of the individual authors and do not necessarily reflect those of the staff, or of the publishers. All material herein is believed to be accurate at the time of publishing.