×
The Internet

Kickstarter Bets On 'Wired' Arduino-Compatible IoT Platform 103

L-One-L-One writes: Most IoT home projects today are based on Wi-Fi, Bluetooth, Zigbee, and friends. But this is not always the ideal solution: you end up swapping batteries frequently, which becomes annoying quite quickly. You also have to deal with signal strength issues and interferences. To address this problem, a new Kickstarter campaign called NoCAN is proposing an Arduino-compatible internet-of-things platform based on wired connections that combine networking and power in one cable. The platform uses a set of cheap Arduino-compatible nodes controlled through a Raspberry Pi. The network uses CAN-bus and offers a publish/subscribe mechanism like MQTT and over-the-network firmware updates. It can also be controlled by a smartphone or tablet. Even with such features, can it succeed in going against the all-wireless trend? We'll know in a few weeks.
Government

Senate Votes To Reinstate ZTE Ban That's Nearly Shut Down the Company (theverge.com) 112

The U.S. Senate has voted to reinstate a ban on ZTE that prevents the Chinese telecom company from buying U.S. components and using U.S. software. As The Verge notes, "it's still not clear if the reversal will make it into law: it has to clear a conference with the House, and then avoid a veto from President Trump, who advocated for cutting a deal that would lift the ban." From the report: ZTE was hit with the trade ban by the U.S. Commerce Department in April after failing to following through with a punishment for violating sanctions on Iran and North Korea. That ban essentially shut down ZTE, which relies on U.S. parts like Qualcomm processors. Shortly thereafter, Trump said he would cut a deal to revive the company, and a deal was reached -- with additional penalties that the department said were uniquely stringent -- earlier this month.

But senators on both sides of the aisle immediately threatened to stop the deal and reinstate the ban, citing ZTE as a national security risk. And ultimately, a bipartisan group worked to get legislation introduced. The Senate voted 85 to 10 in support of reinstating the ban. It was included as an amendment on the National Defense Authorization Act, a must-pass piece of legislation that has already moved through the House.

The Courts

The Supreme Court Will Decide If Apple's App Store Is a Monopoly (wired.com) 192

The Supreme Court will review a 2011 class-action lawsuit against Apple, accusing the company of operating an illegal monopoly by not allowing iPhone users to download mobile apps outside of its own App Store, reducing consumer choice. The case, being referred to as Apple Inc. v. Pepper., could have wide-reaching implications for consumers as well as other companies like Amazon. Wired reports: The dispute is over whether Apple, by charging app developers a 30 percent commission fee and only allowing iOS apps to be sold through its own store, has inflated the price of iPhone apps. Apple, supported by the Trump administration, argues that the plaintiffs in the case -- iPhone consumers -- don't have the right to sue under current antitrust laws in the U.S.

The case marks a rare instance in which the court has agreed not only to hear an antitrust case, but also one where no current disagreement exists in the circuit courts. The outcome could change decades of antitrust legal precedent -- either strengthening or weakening consumer protections against monopolistic power. The case also represents a huge source of revenue for Apple; the company raked in an estimated $11 billion last year in App Store commissions alone.
The lawsuit centers around another Supreme Court case from 1977, Illinois Brick Co. v. Illinois, "which established what is known as the Illinois Brick Doctrine," reports Wired. "That rule says you can't sue for antitrust damages if you're not the direct purchaser of a good or service."
IOS

iOS 12 Will Automatically Share Your iPhone Location With 911 Centers (phonedog.com) 59

Apple has revealed a new feature that's coming to the next version of iOS. With iOS 12, iPhone owners will be able to automatically share their location data when they dial 911. PhoneDog reports: Apple explains that it'll use RapidSOS's IP-based data pipeline to securely share an iPhone owner's HELO (Hybridized Emergency Location) info when they call 911 call centers. This system will integrate with many 911 call centers' existing software. HELO data estimates a 911 caller's location data using cell towers as well as features like GPS and Wi-Fi access points. Apple began using HELO in 2015, but by utilizing RapidSOS's tech, too, it should make it much easier and faster for a 911 call center to locate a caller.
Security

The 'World's Worst' Smart Padlock Is Even Worse Than Previously Thought (sophos.com) 126

Last week, cybersecurity company PenTest Partners managed to unlock TappLock's smart padlock within two seconds. They "found that the actual code and digital authentication methods for the lock were basically nonexistent," reports The Verge. "All someone would need to unlock the lock is its Bluetooth Low Energy MAC address, which the lock itself broadcasts." The company also managed to snap the lock with a pair of 12-inch bolt cutters.

Today, Naked Security reports that it gets much worse: "Tapplock's cloud-based administration tools were as vulnerable as the lock, as Greek security researcher Vangelis Stykas found out very rapidly." From the report: Stykas found that once you'd logged into one Tapplock account, you were effectively authenticated to access anyone else's Tapplock account, as long as you knew their account ID. You could easily sniff out account IDs because Tapplock was too lazy to use HTTPS (secure web connections) for connections back to home base -- but you didn't really need to bother, because account IDs were apparently just incremental IDs anyway, like house numbers on most streets. As a result, Stykas could not only add himself as an authorized user to anyone else's lock, but also read out personal information from that person's account, including the last location (if known) where the Tapplock was opened.

Incredibly, Tapplock's back-end system would not only let him open other people's locks using the official app, but also tell him where to find the locks he could now open! Of course, this gave him an unlocking speed advantage over Pen Test Partners -- by using the official app Stykas needed just 0.8 seconds to open a lock, instead of the sluggish two seconds needed by the lock-cracking app.

Google

Google Is Training Machines To Predict When a Patient Will Die (bloomberg.com) 120

A newly developed tool by Google can forecast a host of patient outcomes, including how long people may stay in hospitals, their odds of re-admission and chances they will soon die. Google documented some of this tool's abilities in May; in one instance, Google's tool estimated, by taking 175,639 data points into consideration, that a particular patient's odds at dying during her stay at the hospital was 19.9 percent, up from 9.3 percent that the hospital's computers had estimated. Now Bloomberg reports what Google intends to do with this new tool next. From the report: Google's next step is moving this predictive system into clinics, AI chief Jeff Dean told Bloomberg News in May. Dean's health research unit -- sometimes referred to as Medical Brain -- is working on a slew of AI tools that can predict symptoms and disease with a level of accuracy that is being met with hope as well as alarm. Inside the company, there's a lot of excitement about the initiative.

"They've finally found a new application for AI that has commercial promise," one Googler says. Since Alphabet's Google declared itself an "AI-first" company in 2016, much of its work in this area has gone to improve existing internet services. The advances coming from the Medical Brain team give Google the chance to break into a brand new market -- something co-founders Larry Page and Sergey Brin have tried over and over again. Software in health care is largely coded by hand these days. In contrast, Google's approach, where machines learn to parse data on their own, "can just leapfrog everything else," said Vik Bajaj, a former executive at Verily, an Alphabet health-care arm, and managing director of investment firm Foresite Capital. "They understand what problems are worth solving," he said. "They've now done enough small experiments to know exactly what the fruitful directions are."
The report adds that, among other things, Google's tool has the ability to sift through notes buried in PDFs or scribbled on old charts.
Amiga

New Commercial Amiga 500 Game Released 113

Mike Bouma writes: Pixelglass, known for their "Giana Sisters SE" game, has released a worthy new game for the Amiga 500, called "Worthy." Here's a description of this cute action puzzler: "Assume the role of a fearless boy and collect the required number of diamonds in each stage in order to win the girl's heart! Travel from maze to maze, kill the baddies, avoid the traps, collect beers (your necessary 'fuel' to keep you going), find the diamonds, prove to her you're WORTHY!" Time to dust off that classic Amiga or alternatively download a digital copy and use an UAE emulator for your platform of choice. Have a look at the release trailer.
Stats

Gaming Companies Remove Analytics App After Massive User Outcry (bleepingcomputer.com) 202

An anonymous reader writes: "Several gaming companies have announced plans to remove support for an analytics app they have bundled with their games," reports Bleeping Computer. "The decision to remove the app came after several Reddit and Steam users noticed that many game publishers have recently embedded a controversial analytics SDK (software development kit) part of recent updates to their games. The program bundled with all these games, and at the heart of all the recent controversy, is RedShell, an analytics package provided by Innervate, Inc., to game publishers."

The app is intended to collect information about the source of new game installs, and details about the gamer. Following a massive user outcry in the past two weeks, several game makers have given in to pressure and are removing this SDK. Game makers and games who announced they were removing RedShell include Bethesda (Elder Scrolls), All Total War games, Warhammer games, Magic the Gathering Arena, and more. [This Google Docs spreadsheet and Reddit thread have a list of games containing RedShell.]

The Almighty Buck

Venmo Is Going All In On Mobile Payments (appleinsider.com) 52

Venmo, the PayPal-owned, peer-to-peer payments app, is ending web support for its service. When the changes are all rolled out, users will only be able to make payments and charge users via the iOS or Android app. TechCrunch reports: The message to users was quietly shared in the body of Venmo's monthly transaction history email. It reads as follows: "NOTICE: Venmo has decided to phase out some of the functionality on the Venmo.com website over the coming months. We are beginning to discontinue the ability to pay and charge someone on the Venmo.com website, and over time, you may see less functionality on the website -- this is just the start. We therefore have updated our user agreement to reflect that the use of Venmo on the Venmo.com website may be limited."

The decision represents a notable shift in product direction for Venmo. Though best known as a mobile payments app, the service has also been available online, similar to PayPal, for many years.

Software

Machine Figures Out Rubik's Cube Without Human Assistance (technologyreview.com) 84

An anonymous reader quotes a report from MIT Technology Review: [Stephen McAleer and colleagues from the University of California, Irvine] have pioneered a new kind of deep-learning technique, called "autodidactic iteration," that can teach itself to solve a Rubik's Cube with no human assistance. The trick that McAleer and co have mastered is to find a way for the machine to create its own system of rewards. Here's how it works. Given an unsolved cube, the machine must decide whether a specific move is an improvement on the existing configuration. To do this, it must be able to evaluate the move. Autodidactic iteration does this by starting with the finished cube and working backwards to find a configuration that is similar to the proposed move. This process is not perfect, but deep learning helps the system figure out which moves are generally better than others. Having been trained, the network then uses a standard search tree to hunt for suggested moves for each configuration.

The result is an algorithm that performs remarkably well. "Our algorithm is able to solve 100% of randomly scrambled cubes while achieving a median solve length of 30 moves -- less than or equal to solvers that employ human domain knowledge," say McAleer and co. That's interesting because it has implications for a variety of other tasks that deep learning has struggled with, including puzzles like Sokoban, games like Montezuma's Revenge, and problems like prime number factorization.
The paper on the algorithm -- called DeepCube -- is available on Arxiv.
Open Source

Why OpenStreetMap Should Be a Priority for the Open Source Community (linuxjournal.com) 120

"Despite its low profile, OpenStreetMap is arguably one of the most important projects for the future of free software," argues Glyn Moody, author of Rebel Code: Linux And The Open Source Revolution, in a new Linux Journal article shared by long-time Slashdot reader carlie: The rise of mobile phones as the primary computing device for billions of people, especially in developing economies, lends a new importance to location and movement. Many internet services now offer additional features based on where users are, where they are going and their relative position to other members of social networks. Self-driving cars and drones are two rapidly evolving hardware areas where accurate geographical information is crucial. All of those things depend upon a map in critical ways, and they require large, detailed datasets. OpenStreetMap is the only truly global open alternative to better-known, and much better-funded geodata holdings, such as Google Maps.

The current dominance of the latter is a serious problem for free software -- and freedom itself. The data that lies behind Google Maps is proprietary. Thus, any open-source program that uses Google Maps or other commercial mapping services is effectively including proprietary elements in its code. For purists, that is unacceptable in itself. But even for those with a more pragmatic viewpoint, it means that open source is dependent on a company for data that can be restricted or withdrawn at any moment....

Although undoubtedly difficult, creating high-quality map-based services is a challenge that must be tackled by the Open Source community if it wants to remain relevant in a world dominated by mobile computing. The bad news is that at the moment, millions of people are happily sending crucial geodata to proprietary services like Waze, as well as providing free bug-fixes for Google Maps. Far better if they could be working with equal enthusiasm and enjoyment on open projects, since the resulting datasets would be freely available to all, not turned into corporate property. The good news is that OpenStreetMap provides exactly the right foundation for creating those open map-based services, which is why supporting it must become a priority for the Open Source world.

Robotics

Killer Robots Will Only Exist If We Are Stupid Enough To Let Them (theguardian.com) 143

Heritype quotes the Guardian's science correspondent: The idea of killer robots rising up and destroying humans is a Hollywood fantasy and a distraction from the more pressing dilemmas that intelligent machines present to society, according to one of Britain's most influential computer scientists. Sir Nigel Shadbolt, professor of computer science at the University of Oxford, predicts that AI will bring overwhelming benefits to humanity, revolutionising cancer diagnosis and treatment, and transforming education and the workplace. If problems arise, he said, it will not be because sentient machines have unexpectedly gone rogue in a Terminator-like scenario.

"The danger is clearly not that robots will decide to put us away and have a robot revolution," he said. "If there [are] killer robots, it will be because we've been stupid enough to give it the instructions or software for it to do that without having a human in the loop deciding...."

However, Prof Shadbolt is optimistic about the social and economic impact of emerging technologies such as machine learning, in which computer programmes learn tasks by looking for patterns in huge datasets. "I don't see it destroying jobs grim reaper style," he said. "People are really inventive at creating new things for humans to do for which will pay them a wage. Leisure, travel, social care, cultural heritage, even reality TV shows. People want people around them and interacting with them."

Security

Inside the Private Event Where Microsoft, Google, Salesforce and Other Rivals Share Security Secrets (geekwire.com) 48

News outlet GeekWire takes us inside Building 99 at Microsoft, where security professionals of the software giant, along with those of Amazon, Google, Netflix, Salesforce, Facebook (and others), companies that fiercely compete with one another, gathered earlier this week to share their learnings for the greater good. From the story: As the afternoon session ended, the organizer from Microsoft, security data wrangler Ram Shankar Siva Kumar, complimented panelist Erik Bloch, the Salesforce security products and program management director, for "really channeling the Ohana spirit," referencing the Hawaiian word for "family," which Salesforce uses to describe its internal culture of looking out for one another. It was almost enough to make a person forget the bitter rivalry between Microsoft and Salesforce. Siva Kumar then gave attendees advice on finding the location of the closing reception. "You can Bing it, Google it, whatever it is," he said, as the audience laughed at the rare concession to Microsoft's longtime competitor.

It was no ordinary gathering at Microsoft, but then again, it's no ordinary time in tech. The Security Data Science Colloquium brought the competitors together to focus on one of the biggest challenges and opportunities in the industry. Machine learning, one of the key ingredients of artificial intelligence, is giving the companies new superpowers to identify and guard against malicious attacks on their increasingly cloud-oriented products and services. The problem is that hackers are using many of the same techniques to take those attacks to a new level. "The challenge is that security is a very asymmetric game," said Dawn Song, a UC Berkeley computer science and engineering professor who attended the event. "Defenders have to defend across the board, and attackers only need to find one hole. So in general, it's easier for attackers to leverage these new techniques." That helps to explain why the competitors are teaming up.
In a statement, Erik Bloch, Director Security PM at Salesforce, said, "This is what the infosec and security industry needs more of. Our customers are shared, and so is our responsibility to protect them.
Security

17 Backdoored Images Downloaded 5 Million Times Removed From Docker Hub (bleepingcomputer.com) 36

An anonymous reader writes: "The Docker team has pulled 17 Docker container images that have been backdoored and used to install reverse shells and cryptocurrency miners on users' servers for the past year," reports Bleeping Computer. "The malicious Docker container images have been uploaded on Docker Hub, the official repository of ready-made Docker images that sysadmins can pull and use on their servers, work, or personal computers." The images, downloaded over 5 million times, helped crooks mine Monero worth over $90,000 at today's exchange rate. Docker Hub is now just the latest package repository to feature backdoored libraries, after npm and PyPl. Docker Hub is now facing criticism for taking months to intervene after user reports, and then going on stage at a developer conference and claiming they care about security.
EU

Kaspersky Halts Europol Partnership After Controversial EU Parliament Vote (bleepingcomputer.com) 104

An anonymous reader writes: Kaspersky Lab announced it was temporarily halting its cooperation with Europol following the voting of a controversial motion in the European Parliament. The Russian antivirus vendor will also stop working on the NoMoreRansom project that provided free ransomware decrypters for ransomware victims.

The company's decision comes after the EU Parliament voted a controversial motion that specifically mentions Kaspersky as a "confirmed as malicious" software and urges EU states to ban it as part of a joint EU cyber defense strategy. The EU did not present any evidence for its assessment that Kaspersky is malicious, but even answered user questions claiming it has no evidence. The motion is just a EU policy and has no legislative power, put it is still an official document. Kaspersky software has been previously banned from Government systems in the US, UK, Netherlands, and Lithuania.

Businesses

On The Sad State of Macintosh Hardware (rogueamoeba.com) 522

Quentin Carnicelli, the chief technology officer at Rogue Amoeba, a widely-reputed firm that produces several audio software for Apple's desktop operating system: With Apple recently releasing their first developer beta of MacOS 10.14 (Mojave), we've been installing it on various test machines to test our apps. The inevitable march of technology means Mojave won't install on all of our older hardware. There's no shock there, but the situation is rather distressing when it comes to spending money to purchase new equipment. Here is the situation, as reported by the wonderful MacRumor's Buyers Guide: At the time of the writing, with the exception of the $5,000 iMac Pro, no Macintosh has been updated at all in the past year. Here are the last updates to the entire line of Macs: iMac Pro: 182 days ago, iMac: 374 days ago, MacBook: 374 days ago, MacBook Air: 374 days ago, MacBook Pro: 374 days ago, Mac Pro: 436 days ago, and Mac Mini: 1337 days ago.

Worse, most of these counts are misleading, with the machines not seeing a true update in quite a bit longer. The Mac Mini hasn't seen an update of any kind in almost 4 years (nor, for that matter, a price drop). The once-solid Mac Pro was replaced by the dead-end cylindrical version all the way back in 2012, which was then left to stagnate. I don't even want to get started on the MacBook Pro's questionable keyboard, or the MacBook's sole port (USB-C which must also be used to provide power). It's very difficult to recommend much from the current crop of Macs to customers, and that's deeply worrisome to us, as a Mac-based software company.

Intel

Another Day, Another Intel CPU Security Hole: Lazy State (zdnet.com) 110

Steven J. Vaughan-Nichols, writing for ZDNet: The latest Intel revelation, Lazy FP state restore, can theoretically pull data from your programs, including encryption software, from your computer regardless of your operating system. Like its forebears, this is a speculative execution vulnerability. In an interview, Red Hat Computer Architect Jon Masters explained: "It affects Intel designs similar to variant 3-a of the previous stuff, but it's NOT Meltdown." Still, "it allows the floating point registers to be leaked from another process, but alas that means the same registers as used for crypto, etc." Lazy State does not affect AMD processors.

This vulnerability exists because modern CPUs include many registers (internal memory) that represent the state of each running application. Saving and restoring this state when switching from one application to another takes time. As a performance optimization, this may be done "lazily" (i.e., when needed) and that is where the problem hides. This vulnerability exploits "lazy state restore" by allowing an attacker to obtain information about the activity of other applications, including encryption operations.
Further reading: Twitter thread by security researcher Colin Percival, BleepingComputer, and HotHardware.
Microsoft

Microsoft is Working on Technology That Would Eliminate Cashiers and Checkout Lines From Stores, Says Report (reuters.com) 252

Microsoft is working on technology that would eliminate cashiers and checkout lines from stores, in a nascent challenge to Amazon.com's automated grocery shop, Reuters reported, citing six people familiar with the matter. From the report: The Redmond, Wash.-based software giant is developing systems that track what shoppers add to their carts, the people say. Microsoft has shown sample technology to retailers from around the world and has had talks with Walmart about a potential collaboration, three of the people said. Microsoft's technology aims to help retailers keep pace with Amazon Go, a highly automated store that opened to the public in Seattle in January. Amazon customers scan their smartphones at a turnstile to enter. Cameras and sensors identify what they remove from the shelves. When customers are finished shopping, they simply leave the store and Amazon bills their credit cards on file. Amazon Go, which will soon open in Chicago and San Francisco, has sent rivals scrambling to prepare for yet another disruption by the world's biggest online retailer. Some have tested programs where customers scan and bag each item as they shop, with mixed results.
Businesses

Cybercrime is Costing Africa's Businesses Billions (qz.com) 47

An anonymous reader shares a report: Sophisticated malware, software security breaches, mobile scams -- the list of cybercrime threats is growing. Yet African nations continue to fall short of protecting themselves and must constantly grapple with the impact. A new study from IT services firm Serianu shows the pervasive nature of cybercrime across the continent, affecting businesses, individuals, families, financial institutions, and government agencies. The study shows how weak security architectures, the scarcity of skilled personnel and a lack of awareness and strict regulations have increased vulnerability.

Cybercrime cost the continent an estimated $3.5 billion in 2017. The report found more than 90% of African businesses were operating below the cybersecurity "poverty line" -- meaning they couldn't adequately protect themselves against losses. At least 96% of online-related security incidents went unreported and 60% of organizations didn't keep up to date with cybersecurity trends and program updates. (In addition, at least 90% of parents didn't understand what measures to take to protect their children from cyber-bullying.)

Beer

Uber Seeks Patent For AI That Determines Whether Passengers Are Drunk (cnet.com) 103

In an effort to "reduce undesired consequences," Uber is seeking a patent that would use artificial intelligence to separate sober passengers from drunk ones. The pending application details a technology that would be used to spot "uncharacteristic user activity," including passenger location, number of typos entered into the mobile app, and even the angle the smartphone is being held. CNET reports: Uber said it had no immediate plans to implement the technology described in the proposed patent, pointing out the application was filed in 2016. "We are always exploring ways that our technology can help improve the Uber experience for riders and drivers," a spokesperson said. "We file patent applications on many ideas, but not all of them actually become products or features."

Slashdot Top Deals