Software week in review, July 18

Microsoft's layoffs are bad news for Nokia, Xbox Entertainment, and Windows phones that run Android. Google is going after zero-day threats and is fixing Chrome's security and power-hogging. And vulnerabilities have been found in everything from Teslas to the stock market to hotels. Read on for more updates, and to get the latest reviews and features from our editors in your inbox, subscribe to our weekly newsletters.

Microsoft

Last week Microsoft CEO Satya Nadella published a 3,100-word memo about "bold ambition" (or "turgid drivel," per linguist Geoff Pullum). This week another memo (also decried for failing to get to the point) predictably announced mass layoffs of up to 18,000 of Microsoft's staff worldwide, with about two-thirds of the cuts coming from Nokia. The other third will nick many divisions, from marketing to Windows testers, and Xbox Entertainment Studios will be shut down.

One product casualty of Microsoft's change in direction: Nokia X phones will no longer run a version of Android; it's all Windows Phone OS from now on.

Microsoft has emitted a few more hints about the next Windows, including a new Start menu. A few screenshots showing a Start menu -- perhaps for Threshold, aka Windows 9 -- appeared on a forum last weekend.

Apple

Americans can now use iTunes Pass to add money to their iTunes or App Store accounts. The catch: You have to go to a brick-and-mortar Apple Store to add credit to iTunes Pass.

Apple's going B2B in a new deal with IBM to create 100 enterprise apps exclusive to iPad and iPhone. The partnership is called IBM MobileFirst for iOS.

The latest iPhone 6 rumors: It may have a more potent and thinner battery and a 13-megapixel camera.

Looking even further ahead, Apple filed a patent for bump technology, which would allow device-to-device data transfers.

Following Google and Microsoft, Apple email is now encrypted, per Google's transparency report.

Google

A zero-day threat is any vulnerability that has no existing patch, and it's so called because the programmers whose code is under attack have zero days to fix it. This week Google announced Project Zero, an initiative to document and hunt down zero-day exploits. Ideally, the project would discover and preempt crises like the one caused by the Heartbleed vulnerability.

A Chrome bug makes the browser a battery assassin, says Ian Morris on Forbes. The bug's been around since 2010, but now that the issue's getting more attention, Google has assigned the ticket. Meanwhile, version 36 of Chrome came out this week, with security fixes and a new look for Incognito mode. The next beta for Windows, Chrome 37, is already underway and showing off sharper text rendering.

Reversing course, Google has ruled that you no longer need to use your real name to set up a Google+ account.

A new search feature: Detecting your device and letting you know in search results if you won't be able to view a webpage -- for example, if your device doesn't support Flash. So that saves you a click.

You can now flag apps as inappropriate on Google Play's website, as well as in the app.

For the typography geeks, a design team under the colorfully beshirted Matias Duarte is updating the New Roboto typeface to read better on mobile, including tiny watch screens.

Security

DDoS (direct denial of service) attacks have reached record highs in 2014. And Superman is more likely to hurt than save you. Don't trust Thor, either.

Software is everywhere, and that means vulnerabilities are everywhere. Bloomberg Businessweek reports that in 2010, the FBI found (and disrupted) attack code on Nasdaq servers from Russian hackers. Chinese hackers gained remote control of a Tesla S's locks and other controls -- fortunately the hack was for a contest, not malicious activity. The Secret Service says beware of keyloggers in hotel computers, and Wired says that it would be pretty easy to hack a hotel room.

You should use a password manager. But Ars Technica reports on UC Berkeley research that found critical flaws in five top password apps. LastPass, RoboForm, PasswordBox, and My1login have fixed their flaws, but NeedMyPassword has not responded.

If you have a WordPress site, make sure your plug-ins are the latest versions. Four plug-ins have vulnerabilities, including Disqus and WPTouch -- the latter could give a user admin privileges. For more on WordPress, ZDNet has a handy guide to the variants.

How to...

• Send or request money using Google Wallet (iOS, Android)

• Add an iTunes Pass to Passbook on iOS

• Get started with OneNote (Windows)

• Clean and speed up your Mac with these five tips

• Get started with iPhone podcast app Overcast (iOS)

• Get the new Google Maps with voice commands and elevation info for cyclists (Android)

There's an app for that? Srsly?

Three-ring genius Uboolean had created Entrance of the RoFo, a Chrome extension that plays clown music whenever Toronto mayor Rob Ford appears in your browser. Developers, start modding for candidates in the 2016 presidential primary debates.

There's a trend for apps that do practically nothing, so we should have expected a "Seinfeld"-themed iOS app. It's called Kramera, and it lets you share short videos with laugh tracks. If you send me one, no soup for you.

The Daily Dot has tested 10 ghost-hunting apps in the ookiest buildings in New York. Download one if you want, but I'd recommend watching "Ghostbusters" instead and raising a glass to the late Harold Ramis.

Finally, if you have $169 to spare, you can be the phantom playmate of an unsuspecting cat. Cat2See is a rig plus app that lets you watch, feed, and play with cats over the Web. Or you could just hand over the box that the gear comes in, which the cat would probably like better.

More Stories

• 7 back-to-school apps to help you make the grade

• Get in a "Mood Indigo" with Michel Gondry, director of "Eternal Sunshine of the Spotless Mind"

• Stream global TV and movies with these 8 apps