The Internet

Some Internet Outages Predicted For the Coming Month as '768k Day' Approaches (zdnet.com) 65

An internet milestone known as "768k Day" is getting closer and some network administrators are shaking in their boots fearing downtime caused by outdated network equipment. From a report: The fear is justified, and many companies have taken precautions to update old routers, but some cascading failures are still predicted. The term 768k Day comes from the original mother of all internet outages known as 512k Day. [...] Many legacy routers received emergency firmware patches that allowed network admins to set a higher threshold for the size of the memory allocated to handle the global BGP routing table. Most network administrators followed documentation provided at the time and set the new upper limit at 768,000 -- aka 768k.

CIDR Report, a website that keeps track of the global BGP routing table, puts the size of this file at 773,480 entries; however, their version of the table isn't official and contains some duplicates. A Twitter bot named BGP4-Table, which has also been tracking the size of the global BGP routing table in anticipation of 768K Day, puts the actual size of the file at 767,392, just a hair away from overflowing. ZDNet spoke today with Aaron A. Glenn, a networking engineer with AAGICo Berlin, and Jim Troutman, Director at the Northern New England Neutral Internet Exchange (NNENIX). Both estimate 768K Day happening within the next month. But unlike many network admins, they don't expect the event to cause internet-wide outages like in 2014. However, both Glenn and Troutman expect some companies and smaller, local ISPs to be affected. "I would be mildly surprised if there was any interruption or outage at any real scale," Glenn told ZDNet.

Security

Cyberspies Hijacked the Internet Domains of Entire Countries (wired.com) 98

Trailrunner7 shares a report: The discovery of a new, sophisticated team of hackers spying on dozens of government targets is never good news. But one team of cyberspies has pulled off that scale of espionage with a rare and troubling trick, exploiting a weak link in the internet's cybersecurity that experts have warned about for years: DNS hijacking, a technique that meddles with the fundamental address book of the internet. Researchers at Cisco's Talos security division on Wednesday revealed that a hacker group it's calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations.

In the process, they went so far as to compromise multiple country-code top-level domains -- the suffixes like .co.uk, or .ru, that end a foreign web address -- putting all the traffic of every domain in multiple countries at risk. The hackers' victims include telecoms, internet service providers, and domain registrars responsible for implementing the domain name system. But the majority of the victims and the ultimate targets, Cisco believes, were a collection of mostly governmental organizations including ministries of foreign affairs, intelligence agencies, military targets, and energy-related groups, all based in the Middle East and North Africa. By corrupting the internet's directory system, hackers were able to silently use "man-in-the-middle" attacks to intercept all internet data from email to web traffic sent to those victim organizations.

[...] Cisco Talos said it couldn't determine the nationality of the Sea Turtle hackers, and declined to name the specific targets of their spying operations. But it did provide a list of the countries where victims were located: Albania, Armenia, Cypress, Egypt, Iraq, Jordan, Lebanon, Libya, Syria, Turkey, and the United Arab Emirates. Cisco's Craig Williams confirmed that Armenia's .am top-level domain was one 'of the "handful" that were compromised, but wouldn't say which of the other countries' top-level domains were similarly hijacked.

Social Networks

To Stop Copycats, Snapchat Shares Itself (techcrunch.com) 29

"Snapchat pioneered Stories, the popular feature where users create and share ephemeral posts that disappear within 24 hours," reports Business Insider. "And now, it's taking them everywhere." Users are now able to share their Stories on third-party partner apps like Tinder -- and Snap is also sharing its Bitmoji's with Venmo and Fitbit.

TechCrunch reports: For 2.5 years, Snapchat foolishly tried to take the high road versus Facebook, with Evan Spiegel claiming "Our values are hard to copy". That inaction allowed Zuckerberg to accrue over 1 billion daily Stories users across Instagram, WhatsApp, and Facebook compared to Snapchat's 186 million total daily users. Meanwhile, the whole tech industry scrambled to build knock-offs of Snap's vision of an ephemeral, visual future.

But Snapchat's new strategy is a rallying call for the rest of the social web that's scared of being squashed beneath Facebook's boot. It rearranges the adage of "if you can't beat them, join them" into "to beat them, join us". As a unified front, Snap's partners get the infrastructure they need to focus on what differentiates them, while Snapchat gains the reach and entrenchment necessary to weather the war. Snapchat's plan is to let other apps embed the best parts of it rather than building their own half-rate copies. Why reinvent the wheel of Stories, Bitmoji, and ads when you can reuse the original?

A high-ranking Snap executive told me on background that this is indeed the strategy. If it's going to invent these products, and others want something similar, it's smarter to enable and partly control the Snapchatification than to try to ignore it. Otherwise, Facebook might be the one to platform-tize what Snap inspired everyone to want.

The article concludes that Snap "needs all the help it can get if the underdog is going to carve out a substantial and sustainable piece of social networking."
AMD

Could AMD's Upcoming EPYC 'Rome' Server Processors Feature Up To 162 PCIe Lanes? (tomshardware.com) 107

jwhyche (Slashdot reader #6,192) tipped us off to some interesting speculation about AMD's upcoming Zen 2-based EPYC Rome server processors. "The new Epyc processor would be Gen 4 PCIe where Intel is still using Gen 3. Gen 4 PCIe features twice the bandwidth of the older Gen 3 specification."

And now Tom's Hardware reports: While AMD has said that a single EPYC Rome processor could deliver up to 128 PCIe lanes, the company hasn't stated how many lanes two processors could deliver in a dual-socket server. According to ServeTheHome.com, there's a distinct possibility EPYC could feature up to 162 PCIe 4.0 lanes in a dual-socket configuration, which is 82 more lanes than Intel's dual-socket Cascade Lake Xeon servers. That even beats Intel's latest 56-core 112-thread Platinum 9200-series processors, which expose 80 PCIe lanes per dual-socket server.

Patrick Kennedy at ServeTheHome, a publication focused on high-performance computing, and RetiredEngineer on Twitter have both concluded that two Rome CPUs could support 160 PCIe 4.0 lanes. Kennedy even expects there will be an additional PCIe lane per CPU (meaning 129 in a single socket), bringing the total number of lanes in a dual-socket server up to 162, but with the caveat that this additional lane per socket could only be used for the baseboard management controller (or BMC), a vital component of server motherboards... If @RetiredEngineer and ServeTheHome did their math correctly, then Intel has even more serious competition than AMD has let on.

Network

Cloudflare Says Its New VPN Service Won't Slow You Down (wired.com) 73

Cloudflare has announced that it's adding a VPN service to its 1.1.1.1 DNS resolver app. The 1.1.1.1 service, which first came to mobile back in November, currently attempts to speed up mobile data speeds by using Cloudflare's network to resolve DNS queries faster than your existing mobile network. From a report: "We wanted to build a VPN service that my dad would install on his phone," says Cloudflare CEO Matthew Prince. "If you tell him that it will make his connection more private and secure, he'd never do it. But if you tell him it will make his connection faster, make his phone's battery last longer, and make his connections more private, then it would be something he'd install."

Mobile phone users can begin signing up for the service, dubbed Warp, through Cloudflare's mobile app 1.1.1.1 on Monday; Cloudflare says it hopes the service is working Monday, but it might take a few days. Regardless, Warp is a sign of things to come for the rest of the internet. The technology that Cloudflare is betting will make Warp fast is a protocol invented by Google called QUIC, and it could one day make the rest of the internet faster and more reliable. QUIC is essentially a substitute for TCP, the venerable protocol now used for most internet connections. TCP, introduced in 1981, made reliable internet connections possible, says Jana Iyengar, who worked on QUIC for Google; Iyengar is now a distinguished engineer at the cloud computing company Fastly working to help finalize QUIC with the Internet Engineering Task Force standards body.

Businesses

Huawei Tops $100 Billion Revenue For First Time Despite Political Headwinds (cnbc.com) 39

An anonymous reader quotes a report from CNBC: Huawei's revenue grew 19.5 percent in 2018, surpassing $100 billion for the first time, despite continuing political headwinds from around the world. Sales came in at 721.2 billion yuan ($107.13 billion) last year. Net profit reached 59.3 billion yuan, higher by 25.1 percent compared to a year ago. The revenue growth was faster than that seen in 2017, but the net profit rise was slightly slower.

Huawei's numbers are a bright spot for the firm, which has faced intense political pressure. The U.S. government has raised concerns that Huawei's network gear could be used by the Chinese government for espionage. Huawei has repeatedly denied those allegations. Sales in its carrier business, which is its core networking equipment arm, reached 294 billion yuan, slightly below the 297.8 billion yuan recorded in 2017. The real driver of growth was the consumer business, with revenue for that division rising 45.1 percent year-on-year to reach 348.9 billion yuan. For the first time, consumer business is now the biggest share of Huawei's revenue.

Security

Huawei's Equipment Poses 'Significant' Security Risks, UK Says (cnbc.com) 131

The U.K. government warned on Thursday Huawei's telecommunications equipment raises "significant" security issues, posing a possible setback to the Chinese tech firm as it looks to build out 5G networks. From a report: In 46-page report evaluating Huawei's security risks, British officials stopped short of calling for a ban of Huawei's 5G telecommunications equipment. But the assessment cited "underlying defects" in the company's software engineering and cybersecurity processes, citing "significantly increased risk to U.K. operators." The findings give weight to warnings from U.S. officials who have argued Huawei's networking equipment could be used for espionage by the Chinese government. Huawei has repeatedly said it does not pose any risk and insists it would not share customer data with Beijing. In a statement Thursday, Huawei said it takes the U.K. government's findings "very seriously."
Facebook

Facebook Says it Will Now Block White-Nationalist, White-Separatist Posts (washingtonpost.com) 402

Facebook will begin banning posts, photos and other content that reference white nationalism and white separatism, revising its rules in response to criticism that a loophole had allowed racism to thrive on its platform. From a report: Previously, Facebook only had prohibited users from sharing messages that glorified white supremacy -- a rhetorical discrepancy, in the eyes of civil rights advocates, who argued that white nationalism, supremacy and separatism are indistinguishable and that the policy undermined the tech giant's stepped-up efforts to combat hate speech online. Facebook now agrees with that analysis, [Editor's note: the link may be paywalled; alternative source] according to people who've been briefed on the decision. The new policy also applies to Instagram. The rise and spread of white nationalism on Facebook were thrown into sharp relief in the wake of the deadly neo-Nazi rally in Charlottesville, Virginia, in 2017, when self-avowed white nationalists used the social networking site as an organizing tool.
Botnet

New Mirai Malware Variant Targets Signage TVs and Presentation Systems (zdnet.com) 21

An anonymous reader quotes a report from ZDNet: Security researchers have spotted a new variant of the Mirai IoT malware in the wild targeting two new classes of devices -- smart signage TVs and wireless presentation systems. This new strain is being used by a new IoT botnet that security researchers from Palo Alto Networks have spotted earlier this year. The botnet's author(s) appears to have invested quite a lot of their time in upgrading older versions of the Mirai malware with new exploits. Palo Alto Networks researchers say this new Mirai botnet uses 27 exploits, 11 of which are new to Mirai altogether, to break into smart IoT devices and networking equipment. Furthermore, the botnet operator has also expanded Mirai's built-in list of default credentials, that the malware is using to break into devices that use default passwords. Four new username and password combos have been added to Mirai's considerable list of default creds, researchers said in a report published earlier today.

The purpose and modus operandi of this new Mirai botnet are the same as all the previous botnets. Infected devices scan the internet for other IoT devices with exposed Telnet ports and use the default credentials (from their internal lists) to break in and take over these new devices. The infected bots also scan the internet for specific device types and then attempt to use one of the 27 exploits to take over unpatched systems.
The new Mirai botnet is specifically targeting LG Supersign signage TVs and WePresent WiPG-1000 wireless presentation systems.
Open Source

Linux Foundation Launches New Tools Supporting The Open Source Community (sdtimes.com) 26

"The Linux Foundation is launching a new platform designed to sustain open-source communities," reports SD Times: CommunityBridge was announced at this week's Open Source Leadership Summit. The Linux Foundation plans to launch a number of tools to the open-source community throughout the next two years.

The platform is currently being released with Community Bridge Funding to help developers raise and spend funding; CommunityBridge Security for potential vulnerabilities and fixes; and CommunityBridge People for networking and making connections with mentors and mentees.

"In making the announcement, Jim Zemlin, executive director of the Linux Foundation, said on stage at the conference that the Linux Foundation would match funding for any organization that donated funds to CommunityBridge projects," reports FierceTelecom.

"Following up on those announcements, Microsoft-owned GitHub said it would donate $100,000 to CommunityBridge and invited maintainers of CommunityBridge projects to take part in GitHub's maintainer program."
Facebook

Facebook Readies AI Tech To Combat 'Revenge Porn' (reuters.com) 58

Facebook said on Friday it would use AI to combat the spread of intimate photos shared without people's permission, sometimes called "revenge porn," on its social networks. From a report: The new technology is in addition to a pilot program that required trained representatives to review offending images. "By using machine learning and artificial intelligence, we can now proactively detect near nude images or videos that are shared without permission," the social networking giant said in a blog post. "This means we can find this content before anyone reports it." A member of Facebook's community operations team would review the content found by the new technology, and if found to be an offending image, remove it or disable the account responsible for spreading it, the company added.
Network

Valve's Steam Link Will Let You Stream Your PC Games Anywhere (techcrunch.com) 7

Valve has announced the "early beta" release of Steam Link Anywhere, which will enable streamed gaming to any compatible device, and Steam Networking Sockets APIs, granting developers access to the technology and infrastructure that underlies CS:GO and Dota 2. PC Gamer reports: Steam Link Anywhere is an extension of Steam Link that will enable users to connect to their PCs and play games from anywhere (thus the name), rather than being limited to a local network. It's compatible with both the Steam Link hardware and app, and will be rolled out automatically (and freely) to everyone who owns the hardware with beta firmware installed, the Android app beta, or the Raspberry Pi app. You'll also need to be enrolled in the Steam client beta, and have the latest version installed. Assuming you've got all that covered, you'll see an "Other Computer" option on the screen when searching for computers to connect to via Steam Link. Select that, follow the instructions, and you'll be set. Valve didn't provide specific network requirements but said you'll need "a high upload speed from your computer and strong network connection to your Steam Link device" in order to use it.

Steam Networking Sockets APIs isn't as flashy (and that "flash" is definitely relative) but is aimed squarely at developers, and could be even more significant to Steam's fortunes given the pressure it's facing from the Epic Games Store: It enables developers to run their game traffic through Valve's own private gaming network, providing players "faster and more secure connections." It's free for developers, and "a large portion" of the API is now open source, which could be a pretty big draw for devs look to incorporate online play with a minimum of fuss. If that's your bag, you can get more detailed information at steamcommunity.com, and Valve will be talking about the new feature in-depth at a Game Developer's Conference panel next Thursday, March 21.

Facebook

Facebook is Down 185

Facebook, the world's largest social networking website, is down for many, users say. Third-party web monitoring tool DownDetector corroborates the claim, adding that more than 11,000 people have reported issues with accessing Facebook in the last 30 minutes or so.

Facebook's outage means social buttons and other Facebook functionalities that are embedded all over the web are also facing issue. Update: Instagram appears to be down, too, for some users.

Update 2: In a statement, a Facebook spokesperson said, "We're aware that some people are currently having trouble accessing the Facebook family of apps. We're working to resolve the issue as soon as possible."
Network

EU's Plan To Ban Sale of User-Moddable RF Devices Draws Widespread Condemnation (theregister.co.uk) 142

Reader simpz writes: The Register is reporting that the EU is looking to block users from tinkering the firmware/software of their RF devices. This seems to have been very under reported, with a fairly short consultation period that has now expired. It could force manufacturers to lock down phones and routers etc to stop you from installing the likes of Lineage OS or OpenWRT. The way this is written it could stop devices like laptops or Raspberry Pi's having their software changed. From the report: The controversy centres on Article 3(3)(i) of the EU Radio Equipment Directive, which was passed into law back in 2014. However, an EU working group is now about to define precisely which devices will be subject to the directive -- and academics, researchers, individual "makers" and software companies are worried that their activities and business models will be outlawed. Article 3(3)(i) states that RF gear sold in the EU must support "certain features in order to ensure that software can only be loaded into the radio equipment where the compliance of the combination of the radio equipment and software has been demonstrated." If the law is implemented in its most potentially harmful form, no third-party firmware could be installed onto something like a home router, for example.
Social Networks

'We Will Never Sell-out or Compromise Our Principles. That Would Be Like Murder': The Slashdot Interview With CEO and Founder of Minds.com Social Network 49

You asked, he answered!

Bill Ottman, founder and CEO of social networking site Minds.com, has answered more than a dozen questions that Slashdot readers sent his way. Ottman has addressed a wide-range of queries surrounding how Minds.com makes use of tokens; how many users the platform has; and, who is Minds.com aimed for. You can read his answers below. For those of you who are going to give Minds.com a try, you can find Slashdot there.
Facebook

Facebook Takes Down Fake Account Network Used To Spread Hate In UK (theguardian.com) 198

An anonymous reader quotes a report from The Guardian: Facebook has removed a network of more than 100 accounts and pages for "coordinated inauthentic behavior" on its social networks -- the first time it has done so for UK-based operations seeking to influence British citizens. The operation was spread over Facebook and Instagram and used a network of fake accounts to pose as both far-right activists and their opponents. It ran pages and groups whose names frequently changed in order to drum up more followers and operated fake accounts to engage in hate speech and spread divisive comments on both sides of UK political debate, Facebook says.

The pages, with names like "Anti Far Right Extremists", "Atheists Research Centre", and "Politicalized", attracted about 175,000 followers on Facebook, and a further 4,500 on Instagram, according to the company's head of cybersecurity policy, Nathaniel Gleicher. The pages shared content from mainstream news sources, such as the BBC and the New York Times, but also shared original content, even including administrators actively engaging in debate with users. "We are constantly working to detect and stop this type of activity because we don't want our services to be used to manipulate people," Gleicher said. "We're taking down these pages and accounts based on their behavior, not the content they posted. In each of these cases, the people behind this activity coordinated with one another and used fake accounts to misrepresent themselves, and that was the basis for our action.

Bitcoin

Facebook Is Working On a New Cryptocurrency For WhatsApp Payments (nytimes.com) 48

An anonymous reader quotes a report from The New York Times: Some of the world's biggest internet messaging companies are hoping to succeed where cryptocurrency start-ups have failed by introducing mainstream consumers to the alternative world of digital coins. The internet outfits, including Facebook, Telegram and Signal, are planning to roll out new cryptocurrencies over the next year that are meant to allow users to send money to contacts on their messaging systems, like a Venmo or PayPal that can move across international borders. The most anticipated but secretive project is underway at Facebook. The company is working on a coin that users of WhatsApp, which Facebook owns, could send to friends and family instantly.

The Facebook project is far enough along that the social networking giant has held conversations with cryptocurrency exchanges about selling the Facebook coin to consumers. Telegram, which has an estimated 300 million users worldwide, is also working on a digital coin. Signal, an encrypted messaging service that is popular among technologists and privacy advocates, has its own coin in the works. And so do the biggest messaging applications in South Korea and Japan, Kakao and Line. The messaging companies have a reach that dwarfs the backers of earlier cryptocurrencies. Facebook and Telegram can make the digital wallets used for cryptocurrencies available, in an instant, to hundreds of millions of users. Most of them appear to be working on digital coins that could exist on a decentralized network of computers, independent to some degree of the companies that created them.
Facebook reportedly has more than 50 engineers working on their cryptocurrency. Their project is being run by former president of PayPal, David Marcus, and started last year after Telegram raised $1.7 billion to fund its cryptocurrency project. "The five people who have been briefed on the Facebook team's work said the company's most immediate product was likely to be a coin that would be pegged to the value of traditional currencies," NYT reports, citing a report from Bloomberg. "A digital token with a stable value would not be attractive to speculators -- the main audience for cryptocurrencies so far -- but it would allow consumers to hold it and pay for things without worrying about the value of the coin rising and falling." The coin should come out in the first half of the year.
Businesses

'Prism, Prism on the Wall, Who is the Most Trustworthy of Them All?' Huawei Hits Back at US Over 5G Security Claims (zdnet.com) 170

The tension between Huawei and the U.S. government took a new turn Tuesday after the Chinese networking giant's rotating chairman Guo Ping poked fun at the massive surveillance programs maintained by the United States. "Prism, prism on the wall, who's the most trustworthy of them all?" Ping said onstage at Mobile World Congress tradeshow. From a report: Ping first appeared to attempt to make light of the ongoing row -- "There has never been more interest in Huawei, we must be doing something right," he said -- but later took a more direct aim at the US and some of its own issues with cybersecurity and surveillance. "Prism, Prism on the wall, who is the most trustworthy of them all?" he said, referencing the previously secret National Security Agency surveillance project, telling the audience to ask Edward Snowden -- the whistleblower who revealed the activity -- if they didn't understand what he meant. Ping also took aim at the US Cloud Act, arguing that the legislation allows the US government to demand access data held by US companies, even if it is stored in different countries. "The Cloud Act allows them to access data cross-borders. So for best technology and for greater security, please choose Huawei," he said.
Privacy

Cloudflare Expands Its Government Warrant Canaries (techcrunch.com) 120

An anonymous reader quotes a report from TechCrunch: When the government comes for your data, tech companies can't always tell you. But thanks to a legal loophole, companies can say if they haven't had a visit yet. These so-called "warrant canaries" -- named for the poor canary down the mine that dies when there's gas that humans can't detect -- are a key transparency tool that predominantly privacy-focused companies use to keep their customers aware of the goings-on behind the scenes. Where companies have abandoned their canaries or caved to legal pressure, Cloudflare is bucking the trend. The networking and content delivery network giant said in a blog post this week that it's expanding the transparency reports to include more canaries.

To date, the company: has never turned over their SSL keys or customers' SSL keys to anyone; has never installed any law enforcement software or equipment anywhere on their network; has never terminated a customer or taken down content due to political pressure; and has never provided any law enforcement organization a feed of customers' content transiting their network. Now Cloudflare's warrant canaries will include: Cloudflare has never modified customer content at the request of law enforcement or another third party; Cloudflare has never modified the intended destination of DNS responses at the request of law enforcement or another third party; and Cloudflare has never weakened, compromised, or subverted any of its encryption at the request of law enforcement or another third party. It has also expanded and replaced its first canary to confirm that the company "has never turned over our encryption or authentication keys or our customers' encryption or authentication keys to anyone." Cloudflare said that if it were ever asked to do any of the above, the company would "exhaust all legal remedies" to protect customer data, and remove the statements from its site.
According to Cloudflare's latest transparency report out this week, the company responded to just seven subpoenas of the 19 requests, affecting 12 accounts and 309 domains. Cloudflare also responded to 44 court orders of the 55 requests, affecting 134 accounts and 19,265 domains. They received between 0-249 national security requests for the duration, but didn't process any wiretap or foreign government requests for the duration.
United Kingdom

Britain and Germany Will Not Ban Huawei, Citing Lack of Spying Evidence (reuters.com) 240

An anonymous Slashdot reader writes from a report via Reuters: Despite persistent U.S. allegations of Chinese state spying, Britain said it is able to manage the security risks of using Huawei telecom equipments and has not seen any evidence of malicious activity by the company, a senior official said on Wednesday. Asked later whether Washington had presented Britain with any evidence to support its allegations, he told reporters: "I would be obliged to report if there was evidence of malevolence [...] by Huawei. And we're yet to have to do that. So I hope that covers it."

At the same time, German officials have told The Wall Street Journal that the country has made a "preliminary decision" to allow Huawei to bid on contracts for 5G networking. Catering to the surging populism, the U.S. has accused Huawei and other Chinese telecom equipments, along with European cars, as national security risks, even though the National Security Agency, American's cyber spying agency, was found to have wiretapped German Chancellor Angela Merkel, conducted economic espionage against France, and hacked into Chinese networks. Earlier this week, beleaguered Huawei founder Ren Zhengfei described the continued investigations by the U.S. into the Chinese firm -- including the arrest of his daughter and company CFO, Meng Wanzhou -- as politically motivated.

Slashdot Top Deals