Cellphones

Qualcomm's Snapdragon X55 Modem Is the 4G/5G Solution We've Been Waiting For (androidauthority.com) 59

Qualcomm has unveiled its latest 5G modem, the Qualcomm Snapdragon X55. The chip is the company's second-generation 5G modem and successor to the Snapdragon X50 that was announced back in 2017. "Headline features of this new chip include multi-mode 4G and 5G in a single chip, blazing fast 7Gbps speeds, and futureproof support for the 5G Standalone specification," reports Android Authority. From the report: Starting with 5G, the chip supports both mmWave and sub-6GHz spectrum, just like its predecessor. Theoretical peak speeds are boosted from 5Gbps to 7Gbps download and up to 3Gbps upload. However, you'll need a perfect alignment of network conditions and capabilities to reach such lofty speeds. More important is the introduction of 5G FDD support. This will be crucial in Europe and other places looking to free up low-frequency spectrum (600 to 900MHz) for 5G. The Snapdragon X55 also introduces 4G/5G spectrum sharing, 100MHz envelope tracking for better power management, and antenna tuning in the sub-6GHz region. All very handy improvements over its first generation 5G modem.

Perhaps the biggest point of all is that the X55 also supports the 5G Standalone (SA) specification. First-generation 5G networks and devices are all based on the earlier Non-Standalone (NSA) specification. Eventually, these will transition over to the SA standard. SA ditches the use of LTE networks for backend communication, transitioning over entirely to 5G. This opens up greater networking flexibility with Network Slicing and offers even lower latency for IoT and device-to-device communication. On the 4G side, the Snapdragon X55 supports the Category 22 LTE standard. This allows for peak throughput of 2.5Gbps, making it Qualcomm's most powerful 4G solution to date. The Snapdragon X55 also introduces Full Dimensional MIMO (FD-MIMO) for LTE. This includes 3D beamforming, allowing for improved elevation support to improve spectrum efficiency. Importantly, the Snapdragon X55 is built on a 7nm process rather than 10nm with the X50.
The new modem isn't expected to appear in devices until late 2019 at the earliest. Android Authority suggests that the X55 will be featured inside 2019's next-gen Snapdragon 8XX processor, which should be officially announced at the end of the year, close to when Qualcomm expects the first X55 products.

"In addition to the new modem, Qualcomm also announced its second-generation mmWave antenna and will be demoing its 5G technologies at MWC," reports Android Authority. "Dubbed the QTM525, the latest antenna module is slightly slimmer than the previous design and can be built into phones thinner than 8mm thick. It now covers 26, 28, and 39GHz mmWave spectrum and Qualcomm continues to suggest that three or four of these will be needed per 5G phone."
Advertising

18,000 Android Apps Track Users By Violating Advertising ID Policies (bleepingcomputer.com) 33

18,000 Android apps with tens or hundreds of millions of installs on the Google Play Store have been found to violate Google's Play Store Advertising ID policy guidance by collecting persistent device identifiers such as serial numbers, IMEI, WiFi MAC addresses, SIM card serial numbers, and sending them to mobile advertising related domains alongside ad IDs. Bleeping Computer reports: AppCensus is an organization based in Berkeley, California, and created by researchers from all over the world with expertise in a wide range of fields, ranging from networking and privacy to security and usability. The project is supported by "grants from the National Science Foundation, the Department of Homeland Security, and the Data Transparency Lab." By highlighting this behavior, AppCensus shows that while users are being offered the option to reset the advertising ID, doing so will not immediately translate into getting a new "identity" because app developers can also use a multitude of other identifiers to keep their tracking and targeting going.

Google did not yet respond to a report sent by AppCensus in September 2018 containing a list of 17,000 Android apps that send persistent identifiers together with ad IDs to various advertising networks, also attaching a list of 30 recipient mobile advertising related domains where the various IDs were being sent. While looking at the network packets sent between the apps and these 30 domains, AppCensus observed that "they are either being used to place ads in apps, or track user engagement with ads."
In a statement to CNET, a Google spokesperson said: "We take these issues very seriously. Combining Ad ID with device identifiers for the purpose of ads personalization is strictly forbidden. We're constantly reviewing apps -- including those listed in the researcher's report -- and will take action when they do not comply with our policies."

Some of the most popular applications found to be violating Google's Usage of Android Adverting ID policies include Clean Master, Subway Surfers, Flipboard, My Talking Tom, Temple Run 2, and Angry Birds Classic. The list goes on and on, and the last app in the "Top 20" list still has over 100 million installations.
Facebook

Interviews: Ask Social Network Minds.com CEO and Founder Bill Ottman a Question 84

As you may have noticed, Facebook is not cool anymore. The social juggernaut has been mired in controversies -- infamous privacy scandals or the company's ruthless "grow fast and break things" approach to gain users, to name a few. Luckily enough, some people are trying to build new social networks and are coming up with interesting original ideas. Minds.com is one such social network.

The open source social network, which has been operational since 2012, works on a point-earning/exchange system to give users full control over the reach of their posts. One of the complaints people have with Facebook and Twitter is that they feel their posts are not being seen by all of their friends. Minds.com lets users earn points and then trade those points to boost their posts on the platform. Users earn tokens by being active on the platform and engaging in uploading, voting, commenting and other similar activities. They can then use these tokens, which can be exchanged within the platform, to boost the reach of their posts. The company last year launched a cryptocurrency reward program based on the ethereum blockchain for all users on the platform. Minds says it does not determine what should be censored. Users are free to post whatever they want. (You can follow us on Minds.)

We are excited to announced that Minds founder and chief executive Bill Ottman has agreed to do an interview with us. If you have a question about Minds.com for him or his take on the current social networking space, feel free to ask it in the comments section below.
Privacy

83% Of Consumers Believe Personalized Ads Are Morally Wrong (forbes.com) 219

An anonymous reader quotes Forbes: A massive majority of consumers believe that using their data to personalize ads is unethical. And a further 76% believe that personalization to create tailored newsfeeds -- precisely what Facebook, Twitter, and other social applications do every day -- is unethical.

At least, that's what they say on surveys.

RSA surveyed 6,000 adults in Europe and America to evaluate how our attitudes are changing towards data, privacy, and personalization. The results don't look good for surveillance capitalism, or for the free services we rely on every day for social networking, news, and information-finding. "Less than half (48 percent) of consumers believe there are ethical ways companies can use their data," RSA, a fraud prevention and security company, said when releasing the survey results. Oh, and when a compan y gets hacked? Consumers blame the company, not the hacker, the report says.

Network

'You Need To Be Very, Very Cautious': US Warns European Allies Not To Use Chinese Gear For 5G Networks (reuters.com) 273

The United States sees the European Union as its top priority in a global effort to convince allies not to buy Huawei equipment for next-generation mobile networks, a U.S. State Department Official said on Tuesday. From a report: After meetings with the European Commission and the Belgian government in Brussels, U.S. officials are set to take a message to other European capitals that the world's biggest telecommunications gear maker poses a security risk, said the official, who declined to be named. "We are saying you need to be very, very cautious and we are urging folks not to rush ahead and sign contracts with untrusted suppliers from countries like China," the official said. The United States fears China could use the equipment for espionage -- a concern that Huawei Technologies says is unfounded. The push to sideline Huawei in Europe, one of its biggest markets, is likely to deepen trade frictions between Washington and Beijing.
Windows

Windows 7 Users Who Installed January Update Report Network Issues; Some Say the Update Has Also Incorrectly Flagged Their OS License as 'Not Genuine' (itpro.co.uk) 131

Some Windows 7 admins are feeling the pain of Microsoft's latest updates in this week's Patch Tuesday releases. From a report: Users who've installed this Tuesday's KB4480970 cumulative January update have been complaining of network connectivity issues on those devices based on a network that uses the SMBv2 file sharing protocol. Microsoft released its update to fix several identified vulnerabilities, including a remote execution flaw in PowerShell and to add robustness against side-channel attacks like those targeting the Meltdown and Spectre flaws. But a number of users immediately complained of networking issues, with Microsoft confirming there are now three known problems with the January patch. The other issues comprise an authentication error, and a file-sharing issue affecting some user accounts. ZDNet adds: Regarding the 'Not Genuine' Windows 7 error, Microsoft confirms that "some users are reporting the KMS Activation error, 'Not Genuine', 0xc004f200 on Windows 7 devices". "We are aware of this incident and are presently investigating it. We will provide an update when available," writes Microsoft on both KB4480960 and KB4480970.
The Internet

Lawrence Roberts, Who Helped Design Internet's Precursor, Dies at 81 (nytimes.com) 46

In late 1966, a 29-year-old computer scientist drew a series of abstract figures on tracing paper and a quadrille pad. Some resembled a game of cat's cradle; others looked like heavenly constellations; still others like dress patterns. Those curious drawings were the earliest topological maps of what we now know as the internet. The doodler, Lawrence G. Roberts, died on Dec. 26 at his home in Redwood City, Calif. He was 81. The New York Times: The cause was a heart attack, said his son Pasha. As a manager at the Pentagon's Advanced Research Projects Agency, or ARPA, Dr. Roberts designed much of the Arpanet -- the internet's precursor -- and oversaw its implementation in 1969. Dr. Roberts called upon a circle of colleagues who shared his interest in computer networking for help in creating the technical underpinnings of the Arpanet, integrating and refining many ideas for how data should flow. Dr. Roberts was considered the decisive force behind packet switching, the technology that breaks data into discrete bundles that are then sent along various paths around a network and reassembled at their destination. He decided to use packet switching as the underlying technology of the Arpanet; it remains central to the function of the internet.

And it was Dr. Roberts's decision to build a network that distributed control of the network across multiple computers. Distributed networking remains another foundation of today's internet. Dr. Roberts's interest in computer networking began when he was a graduate student at the Massachusetts Institute of Technology in the early 1960s. He paid close attention to the work of his longtime colleague, Leonard Kleinrock, who had done research on theoretical aspects of computer networks, analyzing the problem of data flow. Dr. Roberts also followed the ideas of J.C.R. Licklider, a prominent psychologist and predecessor of Dr. Roberts's at ARPA, who envisioned what he called an "intergalactic computer network."

Network

NVIDIA 'GeForce NOW Recommended Routers' Program Helps Gamers Choose Networking Gear (betanews.com) 126

NVIDIA has launched the "GeForce NOW Recommended Routers" program to help gamers choose the best router for them. From a report: "The GeForce NOW game-streaming service has transformed where and how you can enjoy your favorite high-performance games. We've rolled out enhancements during its beta period to improve the quality of service from our data centers to your home. With our recommended routers, in-home network congestion becomes a thing of the past, helping to keep your gameplay silky smooth," says NVIDIA. The gaming company also says, "The latest generation of routers allows you to configure settings to prioritize GeForce NOW before all other data. But we wanted to make it even easier. Recommended routers are certified as factory-enabled with a GeForce NOW quality of service (QoS) profile. It's automatically enabled when you're gaming with GeForce NOW."
China

Germany Refuses To Ban Huawei, Citing Lack of Real Evidence (phys.org) 127

hackingbear writes: Germany's IT watchdog has expressed skepticism about calls for a boycott of Chinese telecoms giant Huawei, saying it has seen no evidence the firm could use its equipment to spy for Beijing, news weekly Spiegel reported. "For such serious decisions like a ban, you need proof," the head of Germany's Federal Office for Information Security (BSI), Arne Schoenbohm, told Spiegel, adding that his agency had no such evidence. The U.S. has been pressuring German authorities for months to drop Huawei, according to people familiar with the matter, but the Germans have asked for more specific evidence to demonstrate the security threat. German authorities and telecom executives have yet to turn up any evidence of security problems with Chinese equipment vendors, according to a person familiar with the matter.

Separately, at a (secret lobster-themed) meeting in Canada in July 2018, espionage chiefs from Australia, Canada, New Zealand, the U.K. and the U.S. -- all signatories to a treaty on signals intelligence, and often referred to as the "Five Eyes" -- agreed to do their best to contain the global growth of Chinese telecom (vendor) Huawei, the Australian Financial Review reported (paywalled). On the other hand, documents leaked by WikiLeaks and Snowden claimed that the NSA, the leader of the Five Eyes, tapped German Chancellery for decades and bugged routers made by Cisco, the leading American networking equipment vendor.

Intel

Apple Is Making Its Own Modem To Compete With Qualcomm, Report Says (theverge.com) 80

An anonymous reader quotes a report from The Verge: Apple is apparently working on its own, in-house developed modem to allow it to better compete with Qualcomm, according to several new Apple job listings that task engineers to design and develop a layer 1 cellular PHY chip -- implying that the company is working on actual, physical networking hardware. Two of the job posts are explicitly to hire a pair of cellular modem systems architects, one in Santa Clara and one in San Diego, home of Qualcomm. That's alongside several other job postings Apple has listed in San Diego for RF design engineers. The Information, which spotted the first job posting, cites sources that go a step further, claiming that Apple is not only potentially working to develop its own modem, but is in fact specifically targeting it for use in future iPhones, with the company looking to leave longtime partner Intel behind in favor of its own, in-house solution.

According to The Information's report, the new modem would still be years away, with even Apple's purported 5G iPhone slated for 2020 using Intel's in-development 5G modem instead. It makes sense logically, too -- if Apple is only just starting to hire now, it'll take at least a few years before it'll actually be ready to ship hardware. But the move would have big ramifications for the mobile space, particularly for Qualcomm and Intel, two of the biggest modem suppliers in the world.

Intel

Intel Unveils Roadmaps For Core Architecture and Atom Architecture (anandtech.com) 60

Intel on Wednesday surprised a number of people when it shared not one roadmap on CPUs, but two. AnandTech: For the high performance Core architecture, Intel lists three new codenames over the next three years. To be very clear here, these are the codenames for the individual core microarchitecture, not the chip, which is an important departure from how Intel has previously done things. Sunny Cove, built on 10nm, will come to market in 2019 and offer increased single-threaded performance, new instructions, and 'improved scalability'.

Willow Cove looks like it will be a 2020 core design, most likely also on 10nm. Intel lists the highlights here as a cache redesign (which might mean L1/L2 adjustments), new transistor optimizations (manufacturing based), and additional security features, likely referring to further enhancements from new classes of side-channel attacks. Golden Cove rounds out the trio, and is firmly in that 2021 segment in the graph. Process node here is a question mark, but we're likely to see it on 10nm and or 7nm. Golden Cove is where Intel adds another slice of the serious pie onto its plate, with an increase in single threaded performance, a focus on AI performance, and potential networking and AI additions to the core design. Security features also look like they get a boost.

The lower-powered Atom microarchitecture roadmap is on a slower cadence than the Core microarchitecture, which is not surprising given its history. The upcoming microarchitecture for 2019 is called Tremont, which focuses on single threaded performance increases, battery life increases, and network server performance. Based on some of the designs later in this article, we think that this will be a 10nm design. Following Tremont will be Gracemont, which Intel lists as a 2021 product. Beyond this will be a future 'mont' core (and not month as listed in the image).

Network

Mapping the Spectral Landscape of IPv6 Networks (duo.com) 163

Trailrunner7 writes: Like real estate, we're not making any more IPv4 addresses. But instead of trying to colonize Mars or build cities under the sea, the Internet's architects developed a separate address scheme with an unfathomably large pool of addresses. IPv6 has an address space of 2^128, compared to IPv4's 2^32, and as the exhaustion of the IPv4 address space began to approach, registries started allocating IPv6 addresses and there now are billions of those addresses active at any given time. But no one really knows how many or where they are or what's behind them or how they're organized.

A pair of researchers decided to tackle the problem and developed a suite of tools that can find active IPv6 addresses both in the global address space and in smaller, targeted networks. Known as ipv666, the open source tool set can scan for live IPv6 hosts using a statistical model that the researchers built. The researchers, Chris Grayson and Marc Newlin, faced a number of challenges as they went about developing the ipv666 tools, including getting a large IPv6 address list, which they accumulated from several publicly available data sets. They then began the painful process of building the statistical model to predict other IPv6 addresses based on their existing list.

That may seem weird, but IPv6 addresses are nothing at all like their older cousins and come in a bizarre format that doesn't lend itself to simple analysis or prediction. Grayson and Newlin wanted to find as many live addresses as possible and ultimately try to figure out what the security differences are between devices on IPv4 and those on IPv6.

The Internet

Your 4K Netflix Streaming Is On a Collision Course With Your ISP's Data Caps (vice.com) 163

Household bandwidth consumption is soaring thanks to video streaming, new data suggests, and American consumers are about to run face-first into broadband usage limits and overage fees that critics say are unnecessary and anti-competitive. Motherboard reports: Cisco's 2018 Visual Networking Index (VNI) -- an annual study that tracks overall internet bandwidth consumption to identify future trends -- predicts that global IP traffic is expected to reach 396 exabytes per month by 2022. Cisco's report claims that's more traffic than has crossed global networks throughout the entire history of the internet thus far. The majority of this data growth is video; Cisco found that 75 percent of global internet traffic was video last year, up from 63 percent just two years earlier. Cisco says this number could climb to 82 percent in 2022, with 22 percent of overall video consumption coming from bandwidth-intensive 4K streaming. The problem: As monthly household bandwidth consumption soars courtesy of 4K Netflix streaming and other new services, many broadband users are likely to run into usage caps and overage fees that jack up their monthly rates. The report mentions Comcast imposes a terabyte usage cap on all of its service areas except the Northeast, but users can pay an additional $50 per month to avoid such limits.
Network

Germany Proposes Router Security Guidelines (zdnet.com) 62

German government would like to regulate what kind of routers are sold and installed across the country. From a report: The German government published at the start of the month an initial draft for rules on securing Small Office and Home Office (SOHO) routers. Published by the German Federal Office for Information Security (BSI), the rules have been put together with input from router vendors, German telecoms, and the German hardware community. Once approved, router manufacturers don't have to abide by these requirements, but if they do, they can use a special sticker on their products showing their compliance. The 22-page document, available in English here, lists tens of recommendations and rules for various router functions and features.
Google

Alphabet's Cybersecurity Group Touts Its New Open Source Private VPN (digitalocean.com) 106

An anonymous reader writes: Alphabet's cybersecurity division Jigsaw has designed a new open source private VPN aimed at journalists and the people sending them data. "Their work makes them more vulnerable to attack," said Santiago Andrigo, Jigsaw's product manager. "It can get really scary when they're outed and you're passing over information."

Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers, says one Jigsaw official. And you can't know for sure whether you can trust them, no matter what they say in the app store. "Journalists should be aware that their online activities might be subject to surveillance either by government agencies, their internet service providers or a hacker with malicious intent," said Laura Tich, technical evangelist for Code for Africa, a resource for African journalists. "As surveillance becomes ubiquitous in today's world, journalists face an increasing challenge in establishing secure communication in the digital space."

The new private VPN, dubbed "Outline", is specifically designed to be resistant to censorship — because it's harder to detect as a VPN (and therefore is less likely to be blocked). Outline uses an encrypted socks5 proxy that looks like normal internet traffic. Once the user chooses a server location, Outline spins up a DigitalOcean server on Ubuntu, installs Docker, and imports an image of the actual server.

It's been named Outline because in places where internet use may be restricted — it gives you a line out.

Hardware

Valve Quietly Discontinues Steam Link Hardware Production (arstechnica.com) 74

Valve is quietly discontinuing Steam Link, the in-home streaming box it first launched in late 2015. From a report: A low-key announcement on Valve's Steam Link news page suggests that production of new units has ceased and that Valve is currently selling off the rest of its "almost sold out" inventory in the US, after selling out completely in Europe. Valve says it will continue to offer support for existing Steam Link hardware.

The $50 Steam Link was designed for streaming games from a local gaming PC to an HDTV in the same house, a job it did pretty well provided your networking hardware was up to it. In recent months, though, Valve has shifted its focus away from dedicated streaming hardware and toward mobile apps that can provide the same feature.

Security

The F-35's Greatest Vulnerability Isn't Enemy Weapons. It's Being Hacked. (popularmechanics.com) 137

schwit1 shares a report: Every F-35 squadron, no matter the country, has a 13-server ALIS package that is connected to the worldwide ALIS network. Individual jets send logistical data back to their nation's Central Point of Entry, which then passes it on to Lockheed's central server hub in Fort Worth, Texas. In fact, ALIS sends back so much data that some countries are worried it could give away too much information about their F-35 operations. Another networking system is the Joint Reprogramming Enterprise, or JRE. The JRE maintains a shared library of potential adversary sensors and weapon systems that is distributed to the worldwide F-35 fleet. For example, the JRE will seek out and share information on enemy radar and electronic warfare signals so that individual air forces will not have to track down the information themselves. This allows countries with the F-35 to tailor the mission around anticipated threats -- and fly one step ahead of them.

Although the networks have serious cybersecurity protections, they will undoubtedly be targets for hackers in times of peace, and war. Hackers might try to bring down the networks entirely, snarling the worldwide logistics system and even endangering the ability of individual aircraft to get much-needed spare parts. Alternately, it might be possible to compromise the integrity of the ALIS data -- by, say, reporting a worldwide shortage of F-35 engines. Hackers could conceivably introduce bad data in the JRE that could compromise the safety of a mission, shortening the range of a weapon system so that a pilot thinks she is safely outside the engagement zone when she is most certainly not. Even the F-35 simulators that train pilots could conceivably leak data to an adversary. Flight simulators are programmed to mirror flying a real aircraft as much as possible, so data retrieved from a simulator will closely follow the data from a real F-35.

Facebook

Only 22% of Americans Now Trust Facebook's Handling of Personal Info (fortune.com) 75

An anonymous reader quotes Fortune: Facebook is the least trustworthy of all major tech companies when it comes to safeguarding user data, according to a new national poll conducted for Fortune, highlighting the major challenges the company faces following a series of recent privacy blunders. Only 22% of Americans said that they trust Facebook with their personal information, far less than Amazon (49%), Google (41%), Microsoft (40%), and Apple (39%)....

In question after question, respondents ranked the company last in terms of leadership, ethics, trust, and image... Public mistrust extended to Zuckerberg, Facebook's public face during its privacy crisis and who once said that Facebook has "a responsibility to protect your information, If we can't, we don't deserve it." The company subsequently fell victim to a hack but continued operating as usual, including debuting a video-conferencing device intended to be used in people's living rooms or kitchens and that further extends Facebook's reach into more areas outside of personal computers and smartphones. Only 59% of respondents said they were "at least somewhat confident" in Zuckerberg's leadership in the ethical use of data and privacy information, ranking him last among four other tech CEOS...

As for Facebook, the social networking giant may have a difficult time regaining public trust because of its repeated problems. Consumers are more likely to forgive a company if they believe a problem was an aberration rather than a systemic failure by its leadership, Harris Poll CEO John Gerzema said.

The article concludes that "For now, the public isn't in a forgiving mood when it comes to Facebook and Zuckerberg."
Security

Cisco Removed Its Seventh Backdoor Account This Year, and That's a Good Thing (zdnet.com) 102

An anonymous reader quotes a report from ZDNet: Cisco, the world's leading provider of top networking equipment and enterprise software, has released today 15 security updates, including a fix for an issue that can be described as a backdoor account. This latest patch marks the seventh time this year when Cisco has removed a backdoor account from one of its products. Five of the seven backdoor accounts were discovered by Cisco's internal testers, with only CVE-2018-0329 and this month's CVE-2018-15439 being found by external security researchers. The company has been intentionally and regularly combing the source code of all of its software since December 2015, when it started a massive internal audit. Cisco started that process after security researchers found what looked to be an intentional backdoor in the source code of ScreenOS, the operating system of Juniper, one of Cisco's rivals.

Juniper suffered a massive reputational damage following the 2015 revelation, and this may secretly be the reason why Cisco has avoided using the term "backdoor account" all year for the seven "backdoor account" issues. Instead, Cisco opted for more complex wordings such as "undocumented, static user credentials for the default administrative account," or "the affected software enables a privileged user account without notifying administrators of the system." It is true that using such phrasings might make Cisco look disingenuous, but let's not forget that Cisco has been ferreting these backdoor accounts mainly on its own, and has been trying to fix them without scaring customers or impacting its own stock price along the way.

Crime

Feds Expand Security Researchers' Ability To Hack Without Going To Jail (vice.com) 51

An anonymous reader quotes a report from Motherboard: Friday, the Librarian of Congress and U.S. Copyright Office renewed several key exemptions (and added a few new ones) to the Digital Millennium Copyright Act. This go round, they've extended some essential exemptions ensuring that computer security researchers won't be treated like nefarious criminals for their contributions to society. As part of an effort to keep the DMCA timely, Congress included a so-called "safety valve" dubbed the Section 1201 triennial review process that, every three years, mandates that activists and concerned citizens beg the Copyright Office and the Librarian of Congress to craft explicit exemptions from the law to ensure routine behavior won't be criminalized.

The exemptions still have some caveats. Specifically, the Copyright Office ruling only applies to "use exemptions," not "tools exemptions" -- meaning security researchers still can't release things like pen-testing tools that bypass DRM, or even publish technical papers exploring how to bypass bootloaders or other Trusted Platform Modules to test the security of the systems behind them. But other modest changes to the rules were incredibly helpful, notes Blake Reid, Associate Clinical Professor at Colorado Law. Specifically, the new exemption removes a "device limitation" from previous exemptions that potentially limited researchers to investigating software only on "consumer" devices; hindering their ability to investigate security vulnerabilities in things like the cryptographic hardware used in banking applications, networking equipment, and industrial control systems. The new exemption also modified the "controlled environment limitation" from the previous exemption, which was often read to imply that researchers had to conduct their work in a formal laboratory, potentially hindering research into things like integrated building systems like internet-connected HVAC systems.

Slashdot Top Deals