Google today announced a preview of Advanced API Security, a new product headed to Google Cloud that's designed to detect security threats as they relate to APIs. TechCrunch reports: Built on Apigee, Google's platform for API management, the company says that customers can request access starting today. Short for "application programming interface," APIs are documented connections between computers or between computer programs. API usage is on the rise, with one survey finding that more than 61.6% of developers relied on APIs more in 2021 than in 2020. But they're also increasingly becoming the target of attacks. According to a 2018 report commissioned by cybersecurity vendor Imperva, two-thirds of organizations are exposing unsecured APIs to the public and partners.

Advanced API Security specializes in two tasks: identifying API misconfigurations and detecting bots. The service regularly assesses managed APIs and provides recommended actions when it detects configuration issues, and it uses preconfigured rules to provide a way to identify malicious bots within API traffic. Each rule represents a different type of unusual traffic from a single IP address; if an API traffic pattern meets any of the rules, Advanced API Security reports it as a bot. [...] With the launch of Advanced API Security, Google is evidently seeking to bolster its security offerings under Apigee, which it acquired in 2016 for over half a billion dollars. But the company is also responding to increased competition in the API security segment. "Misconfigured APIs are one of the leading reasons for API security incidents. While identifying and resolving API misconfigurations is a top priority for many organizations, the configuration management process is time consuming and requires considerable resources," Vikas Ananda, head of product at Google Cloud, said in a blog post shared with TechCrunch ahead of the announcement. "Advanced API Security makes it easier for API teams to identify API proxies that do not conform to security standards... Additionally, Advanced API Security speeds up the process of identifying data breaches by identifying bots that successfully resulted in the HTTP 200 OK success status response code."

Nkwe writes: Russians are searching for pirated Microsoft software online after the US tech giant halted sales in the country over its invasion of Ukraine, the Kommersant newspaper reported earlier this week. Russia-based web searches for pirated Microsoft software have surged by as much as 250% after the company suspended new sales on March 4, according to Kommersant. In June so far, there's been a 650% surge in searches for Excel downloads, the media outlet added. Microsoft said earlier this month it's significantly scaling down business in Russia, joining a long list of companies winding down businesses in the country amid sweeping sanctions over the war in Ukraine. The move hits Russia hard because the country relies on foreign software to power many of its manufacturing and engineering tech systems, Bloomberg reported on Tuesday. Russian government agencies, too, are switching from Microsoft's Windows to the Linux operating system, the Moscow Times reported last Friday. Developers of Russian systems based on the Linux open source operating system are also seeing more demand, Kommersant reported. Not all sectors are able to swap out their systems easily.

A trove of thousands of email records uncovered by Reuters reveals Indian cyber mercenaries hacking parties involved in lawsuits around the world -- showing how hired spies have become the secret weapon of litigants seeking an edge.

An employee working for OpenSea's email delivery vendor misused their customer data access to download and share email addresses with an "unauthorized external party," the NFT marketplace wrote in a company blog post Wednesday. The employee worked for Customer.io. From a report: OpenSea said customers who have shared their emails in the past "should assume" they were affected and will receive an email from opensea.io with more information. Customer.io launched an investigation into the issue, and the incident was reported to law enforcement. "Your trust and safety is a top priority," OpenSea wrote. "We wanted to share the information we have at this time, and let you know that we've reported the incident to law enforcement and are cooperating in their investigation."

An unusually advanced hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on Tuesday. From a report: So far, researchers from Lumen Technologies' Black Lotus Labs say they've identified at least 80 targets infected by the stealthy malware, infecting routers made by Cisco, Netgear, Asus, and DrayTek. Dubbed ZuoRAT, the remote access Trojan is part of a broader hacking campaign that has existed since at least the fourth quarter of 2020 and continues to operate. The discovery of custom-built malware written for the MIPS architecture and compiled for small office and home office routers is significant, particularly given its range of capabilities. Its ability to enumerate all devices connected to an infected router and collect the DNS lookups and network traffic they send and receive and remain undetected is the hallmark of a highly sophisticated threat actor.

Gmail is now rolling out a new user interface that will show Chat and Meet sections on the side pane by default. From a report: Google introduced this new integrated view earlier this year through opt-in options, so you had to manually enable Chat and Meet panes. However, as the new phase of the rollout is starting, the company will force you to opt out if you want the classic Gmail view. Google says the change is rolling out to Google Workspace customers and users with personal Google accounts alike. This includes Google Workspace Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Frontline and Nonprofits, as well as G Suite Basic and Business customers, and Google Workspace Individual users. Only Google Workspace Essentials customers will not see the change, or those Workspace customers that have only been provided access to Gmail and not other apps.

The Windows 11 22H2 update is working its way through Microsoft's Windows Insider testing channels, and we'd expect it to begin rolling out to Windows 11 PCs at some point in the next few weeks or months. But Microsoft has had almost nothing to say about the next major update to Windows 10 beyond the fact that the operating system will keep getting yearly updates for the foreseeable future. From a report: And the Windows 10 22H2 update is actually already out there for those who know how to install it. Neowin has published a list of commands that can be typed into the Command Prompt or Windows Terminal to turn a fully updated Windows 10 21H2 install into a 22H2 install. The commands use Microsoft's Deployment Image Servicing and Management (DISM) tool to make tweaks to your Windows install and require the optional KB5014666 update for Windows 10 to be installed first. The catch is that enabling Windows 10 22H2 doesn't actually seem to do much beyond incrementing the version number on the "About Windows" screen.

An anonymous reader shares a report: In February 2019, a large container ship sailing for New York identified a cyber intrusion on board that startled the US Coast Guard. Though the malware attack never controlled the vessel's movement, authorities concluded that weak defenses exposed critical functions to "significant vulnerabilities." A maritime disaster didn't happen that day, but a warning flare rose over an emerging threat to global trade: cyber piracy able to penetrate on-board technology that's replacing old ways of steering, propulsion, navigation and other key operations. Such leaps in hacking capabilities could do enormous economic damage, particularly now, when supply chains are already stressed from the pandemic and the war in Ukraine, experts including a top Coast Guard official said.

"We've been lucky so far," said Rick Tiene, vice president with Mission Secure, a cybersecurity firm in Charlottesville, Virginia. "More and more incidents are happening, and the hackers are getting a better understanding what they can do once they've taken over an operational technology system. In the case of maritime -- whether it be the ports or the vessels themselves -- there is a tremendous amount that could be done to harm both the network and physical operations." Rear Admiral Wayne Arguin, the Coast Guard's assistant commandant for prevention policy, said shipping faces cyber risks similar to those in other industries -- it's just that the stakes are so much higher given that almost 80% of global trade moves on the sea. While Arguin declined to put a number on the frequency of attempted break-ins, he said "I feel very confident that every day networks are being tested, which really reinforces the need to have a plan." "That universe includes not just ship operators but port terminals and the thousands of logistics links in global supply chains that are increasingly interconnected," the story adds.

Google has asked the Federal Election Commission to green light a program that could keep campaign emails from ending up in spam folders, according to a filing obtained by Axios. From a report: Google has come under fire that its algorithms unfairly target conservative content across its services, and that its Gmail service filters more Republican fundraising and campaign emails to spam. Republican leadership introduced a bill this month that would require platforms to share how their filtering techniques work and make it illegal to put campaign emails into spam unless a user asks. Google's pilot program, per the June 21 filing, would be for "authorized candidate committees, political party committees and leadership political action committees registered with the FEC." It would make campaign emails from such groups exempt from spam detection as long as they don't violate Gmail's policies around phishing, malware or illegal content. Instead, when users would receive an email from a campaign for the first time, they would get a âoeprominentâ notification asking if they want to keep receiving them, and would still have the ability to opt out of subsequent emails.

AMD said it is investigating a potential data breach after RansomHouse, a relatively new data cybercrime operation, claims to have extorted data from the U.S. chipmaker. From a report: An AMD spokesperson told TechCrunch that the company "is aware of a bad actor claiming to be in possession of stolen data," adding that "an investigation is currently underway." RansomHouse, which earlier this month claimed responsibility for a cyberattack on Shoprite, Africa's largest retailer, claims to have breached AMD on January 5 to steal 450 GB of data. The group claims to be targeting companies with weak security, and claimed it was able to compromise AMD due to the use of weak passwords throughout the organization.

"An era of high-end technology, progress and top security... there's so much in these words for the crowds. But it seems those are still just beautiful words when even technology giants like AMD use simple passwords to protect their networks from intrusion," RansomHouse wrote on its data leak site. "It is a shame those are real passwords used by AMD employees, but a bigger shame to AMD Security Department which gets significant financing according to the documents we got our hands on -- all thanks to these passwords." Brett Callow, a ransomware expert and threat analyst at Emsisoft, told TechCrunch there's no reason to doubt the group's claims.

Google is warning of a sophisticated new spyware campaign that has seen malicious actors steal sensitive data from Android and iOS users in Italy and Kazakhstan. Engadget reports: On Thursday, the company's Threat Analysis Group (TAG) shared its findings on RCS Labs, a commercial spyware vendor based out of Italy. On June 16th, security researchers at Lookout linked the firm to Hermit, a spyware program believed to have been first deployed in 2019 by Italian authorities as part of an anti-corruption operation. Lookout describes RCS Labs as an NSO Group-like entity. The firm markets itself as a "lawful intercept" business and claims it only works with government agencies. However, commercial spyware vendors have come under intense scrutiny in recent years, largely thanks to governments using the Pegasus spyware to target activists and journalists.

According to Google, Hermit can infect both Android and iOS devices. In some instances, the company's researchers observed malicious actors work with their target's internet service provider to disable their data connection. They would then send the target an SMS message with a prompt to download the linked software to restore their internet connection. If that wasn't an option, the bad actors attempted to disguise the spyware as a legitimate messaging app like WhatsApp or Instagram.

What makes Hermit particularly dangerous is that it can gain additional capabilities by downloading modules from a command and control server. Some of the addons Lookout observed allowed the program to steal data from the target's calendar and address book apps, as well as take pictures with their phone's camera. One module even gave the spyware the capability to root an Android device. Google believes Hermit never made its way to the Play or App stores. However, the company found evidence that bad actors were able to distribute the spyware on iOS by enrolling in Apple's Developer Enterprise Program. Apple told The Verge that it has since blocked any accounts or certificates associated with the threat. Meanwhile, Google has notified affected users and rolled out an update to Google Play Protect.

After sunsetting Google Hangouts for Workspace users in February, Google's now beginning the process of migrating free, personal Hangouts users to Chat. In an announcement posted to its blog, Google says people who still use the Hangouts mobile app will see a prompt to move to Chat. From a report: As for users who use Hangouts in Gmail on the web, Google says it won't start prompting users to make the switch to Chat until July. Hangouts will remain usable on its desktop site until November, and Google says it will warn users "at least one month" in advance before it starts pointing the Hangouts site to Chat.

Following the launch of Apple's new 13-inch MacBook Pro with the M2 chip, it has been discovered that the $1,299 base model with 256GB of storage has significantly slower SSD read/write speeds compared to the equivalent previous-generation model. From a report: YouTube channels such as Max Tech and Created Tech tested the 256GB model with Blackmagic's Disk Speed Test app and found that the SSD's read and write speeds are both around 1,450 MB/s, which is around 50% slower reading and around 30% slower writing compared to the 13-inch MacBook Pro with the M1 chip and 256GB of storage.

Disk Speed Test app numbers shared by Vadim Yuryev of Max Tech:
13-inch MacBook Pro (M1/256GB) Read Speed: 2,900
13-inch MacBook Pro (M2/256GB) Read Speed: 1,446
13-inch MacBook Pro (M1/256GB) Write Speed: 2,215
13-inch MacBook Pro (M2/256GB) Write Speed: 1,463

Yuryev disassembled the new 13-inch MacBook Pro and discovered that the 256GB model is equipped with only a single NAND flash storage chip, whereas the previous model has two NAND chips that are likely 128GB each. This difference likely explains why the new model has a slower SSD, as multiple NAND chips allows for faster speeds in parallel.

Today I learned Turkey's Scientific and Technological Research Council has a subsidiary developing a GNU/Linux distro called Pardus, "redesigned to be used in accordance with the practices and habits of users in Turkey."

And this week the Free Software Foundation published a post from the proud project leader of Pardus, explaining exactly why open source was chosen in the district of Eyüpsultan (on the European side of Istanbul) and how they got it implemented: After the municipal elections held in 2014, the new administration realized (through internal financial analysis reports) that a large amount of money was being spent on licensing proprietary software. Looking to cut costs, management asked for a study to be carried out for solutions. As the Eyüpsultan municipality's IT department, we recommended to replace Microsoft Windows with Pardus GNU/Linux instead. We described our preference to transition to free software as "the desire to be independent from a company as well as the savings to be gained from cutting hefty license fees."

Additionally, we spoke about how the four freedoms would improve things outside of the budget. For example, we told the administration that users, when using free software, can fully benefit from the rights they have over the programs running on their computers. We also informed everyone that, when the software they run is proprietary, it means that a company claims rights over the user, and that such a claim of ownership can place restrictions on users in how they may or may not use the software. We told them that this is unacceptable. Arguments such as these were among the deciding factors that influenced our transition to free software.

The plan was presented to the municipal administration and widely accepted.

The municipal administration approved the project, and in January, 2015, the Eyüpsultan municipality started using free software applications such as LibreOffice (e.g. Writer, Calc, Impress, etc.). Prior to the implementations, basic user training on LibreOffice software was provided to the personnel of the institution. Over time, users were gradually and steadily directed to free systems, and, notably, without receiving backlash from users.... Training was an important item in the transition to Pardus GNU/Linux.
Besides an online support forum, they've also set up a live call center to answer questions. "I think we may be the only distribution that helps with issues via a call center."

So how do they feel now about that transition, eight years later? Free software has many advantages, including flexibility, high performance, major cost savings from licensing fees, independence from any particular company, and compliance with interoperability standards. Therefore, the transition of Eyüpsultan municipality to free software has resulted in benefits that were both strategic and practical. We believe, in the near future, more organizations will need to understand the philosophy of free software and the opportunities that free software provides.

The municipal budget has freed up money as a result of the moving from proprietary software to free software. The savings from the "proprietary software licenses" line of the budget was applied to the district in the form of new projects. The money goes now to, among other things, increasing the number of new parks and gardens, bicycle paths, and security cameras in the parks. Additionally, by increasing the number of classes we provide technical training, we started to provide classes in robotics and computation to young people. The Eyüpsultan municipality is now increasing the opportunities for students to further develop their personalities, abilities, goals, and self-discovery. It introduces young people to technology and encourages them to produce new technologies.
One final effect of using free software? It encourages others to do the same: As a result of this brave decision, many of the Istanbul district municipalities have started working to switch or have already made the switch to the Pardus GNU/Linux operating system. Institutions in other cities of the country have also expressed growing interest by asking questions about the Pardus operating system and free software.

For Stack Overflow's annual survey, "Over 73,000 developers from 180 countries each spent roughly 15 minutes answering our questions," a blog post announces: The top five languages for professional developers haven't changed: JavaScript is still the most used, and Rust is the most loved for a seventh year. The big surprise came in the most loved web framework category. Showing how fast web technologies change, newcomer Phoenix took the most loved spot from Svelte, itself a new entry last year.... Check out the full results from this year's Developer Survey here.
In fact, 87% of Rust developers said that they want to continue using Rust, notes SD Times' summary of the results: Rust also tied with Python as the most wanted technology in this year's report, with TypeScript and Go following closely behind. The distinction between most loved and most wanted is that most wanted includes only developers who are not currently developing with the language, but have an interest in developing with it.
Slashdot reader logankilpatrick writes, "It should come as no surprise to those following the growth and expansion of the Julia Programming Language ecosystem that in this year's Stack Overflow developer survey, Julia ranked in the top 5 for the most loved languages (above Python — 6th, MatLab — Last, and R — 33rd)."

And the Register shares more highlights: Also notable in the 71,547 responses regarding programming languages was a switch again between Python and SQL. In 2021, Python pushed out SQL to be the third most commonly used language. This year SQL regained third place, just behind second placed HTML /CSS.

And the most hated...

Unsurprisingly, developers still dread that tap on the shoulder from the finance department for a tweak to that bit of code upon which the entire company depends. Visual Basic for Applications and COBOL still lurk within the top three most dreaded technologies.

The operating system rankings were little changed: Windows won out for personal and professional use, although for professional use Linux passed macOS to take second place with 40 percent of responses compared to Apple's 33 percent. Most notable was the growth of Windows Subsystem for Linux, which now accounts for 14 percent of personal use compared with a barely registering 3 percent in 2021.
But SD Times noted what may be the most interesting statistic: Only 15% of developers work on-site full time. Forty-three percent are fully remote and 42% are hybrid. Smaller organizations with 2-19 employees are more likely to be in-person, while large organizations with over 10k employees are more likely to be hybrid, according to the survey.
InfoWorld delves into what this means: "The world has made the decision to go hybrid and remote, I have a lot of confidence given the data I have seen that that is a one-way train that has left the station," Prashanth Chandrasekar, CEO of Stack Overflow told InfoWorld.

Chandrasekar says that flexibility and the tech stack developers get to work with are the most important contributors to overall happiness at work. "Many developers drop out of the hiring process because of the tech stack they will be working with," he said... Organizational culture is also shifting, and cloud-native techniques have taken hold among Stack Overflow survey respondents. Most professional developers (70%) now use some form of CI/CD and 60% have a dedicated devops function....

Lastly, Web3 still has software developers torn, with 32% of respondents favorable, 31% unfavorable, and 26% indifferent. Web3 refers to the emerging idea of a decentralized web where data and content are registered on blockchains, tokenized, or managed and accessed on peer-to-peer distributed networks.

Russia's invasion of Ukraine is "the first full-scale battle in which traditional and cyberweapons have been used side by side," reports the New York Times. But the biggest surprise is that "many of the attacks were thwarted, or there was enough redundancy built into the Ukrainian networks that the efforts did little damage... more than two-thirds of them failed, echoing its poor performance on the physical battlefield."

Microsoft president Brad Smith says the ultimate result is Russia's attempted cyberatacks get underreported, according to the Times: [A study published by Microsoft Wednesday] indicated that Ukraine was well prepared to fend off cyberattacks, after having endured them for many years. That was at least in part because of a well-established system of warnings from private-sector companies, including Microsoft and Google, and preparations that included moving much of Ukraine's most important systems to the cloud, onto servers outside Ukraine....

In many instances, Russia coordinated its use of cyberweapons with conventional attacks, including taking down the computer network of a nuclear power plant before moving in its troops to take it over, Mr. Smith said. Microsoft officials declined to identify which plant Mr. Smith was referring to. While much of Russia's cyberactivity has focused on Ukraine, Microsoft has detected 128 network intrusions in 42 countries. Of the 29 percent of Russian attacks that have successfully penetrated a network, Microsoft concluded, only a quarter of those resulted in data being stolen. Outside Ukraine, Russia has concentrated its attacks on the United States, Poland and two aspiring members of NATO, Sweden and Finland...

But Microsoft, other technology companies and government officials have said that Russia has paired those infiltration attempts with a broad effort to deliver propaganda around the world. Microsoft tracked the growth in consumption of Russian propaganda in the United States in the first weeks of the year. It peaked at 82 percent right before the Feb. 24 invasion of Ukraine, with 60 million to 80 million monthly page views. That figure, Microsoft said, rivaled page views on the biggest traditional media sites in the United States. One example Mr. Smith cited was that of Russian propaganda inside Russia pushing its citizens to get vaccinated, while its English-language messaging spread anti-vaccine content. Microsoft also tracked the rise in Russian propaganda in Canada in the weeks before a trucker convoy protesting vaccine mandates tried to shut down Ottawa, and that in New Zealand before protests there against public health measures meant to fight the pandemic.
Russians successfully "sabotaged a satellite communications network called Viasat in the opening days of the war," notes the Washington Post, "with the damage spilling over into other European countries. But Ukraine, working with private tech companies, Western intelligence and its own expert software engineers, has quickly fixed most of the damage..."

"The close partnerships that have emerged between U.S. technology companies and Western cybersecurity agencies is one of the unheralded stories of the war...." "Cyber responses must rely on greater public and private collaboration," argues Brad Smith, Microsoft's president, in a new study... published Wednesday on Microsoft's "lessons learned" from cyber conflict in Ukraine. A White House cyber official explains the new cooperative approach this way: "Where companies see destructive attacks, that has driven partnerships with the intelligence community and other government agencies to see how best we can share information to protect infrastructure around the world." The tech world's sympathies lie with the underdog, Ukraine. That applies to giant firms such as Microsoft and Google....

Ukraine's cybersecurity defense benefited from an early start. U.S. Cyber Command experts went to Ukraine months before the war started, according to its commander, Gen. Paul Nakasone. Microsoft and Google became involved even earlier. Microsoft began monitoring Russian phishing attacks against Ukrainian military networks in early 2021, and through the rest of last year observed increasingly aggressive hacks by six different attackers linked to Russia's three intelligence services, the GRU, SVR and FSB, according to a Microsoft report released in April. Microsoft has spent a total of $239 million on financial and technical assistance to Ukraine, a company official said....

Google, a part of Alphabet, has also helped Ukraine fend off threats. Back in 2014, prompted by Russia's use of DDOS ("distributed denial-of-service") malware in its seizure of Crimea and eastern Ukraine, Google began what it called "Project Shield." Software protected news sites, human rights groups and election sites against crippling DDOS floods of junk internet messages. Today, Project Shield is used by 200 sites in Ukraine and 2,300 others in 140 countries around the world, according to Jared Cohen, the chief executive of Google's Jigsaw unit.

Long-time Slashdot reader theodp writes: Back in 1998, Ellen Ullman wrote in Salon about The dumbing-down of programming: "My programming tools were full of wizards. Little dialog boxes waiting for me to click "Next" and "Next" and "Finish." Click and drag and shazzam! — thousands of lines of working code. No need to get into the "hassle" of remembering the language. No need to even learn it. It is a powerful siren-song lure: You can make your program do all these wonderful and complicated things, and you don't really need to understand."

Twenty-four years later, PVS-Studio has published a translation of Ivan Belokamentsev's cautionary tale of how modernizing his interviewing process from coding on paper to a computer led him to inadvertently hire 'Google Programmers', who dazzled him in interviews and initially on the job, but soon reached a plateau in productivity that puzzled him until he had a gobsmacking realization.
From their article: It was like somebody hit me on the head with a sack of flour. It took me about two days to process it. How is it really possible? The beautiful, well-optimized code they showed me at the first interview was from the Internet. The explosive growth of productivity in the first months was due to the solutions that they found on the Internet. Those answers to user questions after the magic "We'll call you back" from these guys — were found on the Internet. They were coding without understanding the basic constructs. No, they didn't write code — they downloaded it. No, that's not it, either. To download the code is like running "npm i", it's ok. They copy-pasted the code. Without knowing how to write it.

That's what angered me — what the...? Well, I understand when you surf the net to figure out how a new technology works. Or when you need to use some exotic feature and not to bloat your head with unnecessary information. But basic things! How can you copy-paste basic things from the Internet?!
The article meditates on the mindset of "Google" programmers. Rather than learning about basic objects, types, and the constructs of a programming language, "Any information is available to them, always and everywhere. They've learned how to find this information quickly — whether it's the address of a store with cookies, pants on sale or generating a query."

But long-time Slashdot reader AmiMoJo now pushes back: This is dumb. Not everyone has a great memory, and these days there are so many different tools and frameworks that nobody can remember them all anyway. Back in the day when it was all C, you could reasonably write useful code on paper. These days most of that code will probably be interacting with libraries that you have not committed to memory.

If your developers are not progressing, help them. Give them training or mentoring. Challenge them.
And there's also this advice from Slashdot reader Iamthecheese: "Stop selecting for low ethics in your hiring process." There is a stupid, stupid idea out there among the pointy hair types that it's possible to hire top tier candidates for peanuts. This idea has been put into their heads by massively over-promising companies selling HR solutions of all shapes... They're actively selecting people with just enough ability to pass these specific tests and who are unwilling to show their true levels of ability by hashing it out on their own. So you have these untrained people who look for easy ways past problems, but you were expecting "rock stars".
Their suggested solution? "Stop looking for easy, cheap, already trained people and start looking for trainable, people." And then, "show them a little loyalty. That way you'll have people to train new hires, who also know what they're doing on the job."

Phoronix reports a new change was merged into the soon-to-be-released Linux 5.19 on Tuesday, making the kernel's signature verification code compliant with the Federal Information Processing Standards known as FIPS: FIPS are public standards via the National Institute of Standards and Technology used by U.S. government agencies and contractors in the areas of computer security and interoperability... Known-answer self-tests are required for FIPS compliance at startup/reboot, but the Linux kernel's signature verification code has been lacking such tests.

The signature checking code is used for module signing, Kexec, and other functionality. With Linux 5.19 there will now be some basic self-tests at start.
The tests will make their debut in Linux 5.19-rc4.

Thanks to long-time Slashdot reader UnknowingFool for sharing the news!

Since its initial release over a decade ago (and even following Microsoft's 2014 acquisition of developer Mojang), Minecraft has let players create private servers where they're in full control of what behaviors (and players) are allowed. Next week, though, Microsoft is set to roll out a new update that lets it ban a Minecraft player from all online play, including private servers and those hosted on Microsoft's subscription-based Realms plan. From a report: Earlier this week, Microsoft launched a pre-release version of Update 1.19.1 for the Java Edition of Minecraft, which will go live for everyone on Tuesday, June 28. That update will add the ability to report users who abuse the game's chat system and allow for "reported players [to be] be banned from online play and Realms after moderator review." On a recently updated "Why Have I been Banned from Minecraft?" help page, Microsoft notes that banned players will also get a message when they "sign into Minecraft on any platform (non-Java Edition) [aka "Bedrock"]." That message will clarify that "banned players are not allowed to play on servers, join Realms, host or join multiplayer games, or use the marketplace. They are also not allowed to access Minecraft Earth. Xbox players will no longer have access to their worlds [emphasis added]."

Microsoft is preparing to send reminders to Windows 8.1 users that support will end on January 10th 2023. The software giant will start sending notifications to existing Windows 8.1 devices next month, as a first reminder leading up to the January 2023 support cutoff. From a report: The notifications will be similar to ones Microsoft has used in the past to remind Windows 7 users about end of support dates. Microsoft originally sunset Windows 8 support in 2016, but the Windows 8.1 update will cease support fully in January 2023. Microsoft will not be offering an Extended Security Update (ESU) program for Windows 8.1, so businesses won't be able to pay for additional security patches and will have to upgrade or accept the risk of running software without security updates.