The Media

Walt Mossberg's Last Column Calls For Privacy and Security Laws (recode.net) 33

70-year-old Walt Mossberg wrote his last weekly column Thursday, looking back on how "we've all had a hell of a ride for the last few decades" and revisiting his famous 1991 pronouncement that "Personal computers are just too hard to use, and it isn't your fault." Not only were the interfaces confusing, but most tech products demanded frequent tweaking and fixing of a type that required more technical skill than most people had, or cared to acquire. The whole field was new, and engineers weren't designing products for normal people who had other talents and interests. But, over time, the products have gotten more reliable and easier to use, and the users more sophisticated... So, now, I'd say: "Personal technology is usually pretty easy to use, and, if it's not, it's not your fault." The devices we've come to rely on, like PCs and phones, aren't new anymore. They're refined, built with regular users in mind, and they get better each year. Anything really new is still too close to the engineers to be simple or reliable.
He argues we're now in a strange lull before entering an unrecognizable world where major new breakthroughs in areas like A.I., robotics, smart homes, and augmented reality lead to "ambient computing", where technology itself fades into the background. And he uses his final weekly column to warn that "if we are really going to turn over our homes, our cars, our health and more to private tech companies, on a scale never imagined, we need much, much stronger standards for security and privacy than now exist. Especially in the U.S., it's time to stop dancing around the privacy and security issues and pass real, binding laws."
United States

Leaked 'Standing Rock' Documents Reveal Invasive Counterterrorism Measures (theintercept.com) 99

An anonymous reader writes: "A shadowy international mercenary and security firm known as TigerSwan targeted the movement opposed to the Dakota Access Pipeline with military-style counterterrorism measures," reports The Intercept, decrying "the fusion of public and private intelligence operations." Saying the private firm started as a war-on-terror contractor for the U.S. military and State Department, the site details "sweeping and invasive" surveillance of protesters, citing over 100 documents leaked by one of the firm's contractors.

The documents show TigerSwan even havested information about the protesters from social media, and "provide extensive evidence of aerial surveillance and radio eavesdropping, as well as infiltration of camps and activist circles... The leaked materials not only highlight TigerSwan's militaristic approach to protecting its client's interests but also the company's profit-driven imperative to portray the nonviolent water protector movement as unpredictable and menacing enough to justify the continued need for extraordinary security measures... Internal TigerSwan communications describe the movement as 'an ideologically driven insurgency with a strong religious component' and compare the anti-pipeline water protectors to jihadist fighters."

The Intercept reports that recently "the company's role has expanded to include the surveillance of activist networks marginally related to the pipeline, with TigerSwan agents monitoring 'anti-Trump' protests from Chicago to Washington, D.C., as well as warning its client of growing dissent around other pipelines across the country." They also report that TigerSwan "has operated without a license in North Dakota for the entirety of the pipeline security operation."
Android

Malicious Apps Brought Ad-Clicking 'Judy' Malware To Millions Of Android Phones (fortune.com) 24

An anonymous reader quotes Fortune: The security firm Checkpoint on Thursday uncovered dozens of Android applications that infected users' devices with malicious ad-click software. In at least one case, an app bearing the malware was available through the Google Play app store for more than a year. While the actual extent of the malicious code's spread is unknown, Checkpoint says it may have reached as many as 36.5 million users, making it potentially the most widely-spread malware yet found on Google Play... The nefarious nature of the programs went unnoticed in large part, according to Checkpoint, because its malware payload was downloaded from a non-Google server after the programs were installed. The code would then use the infected phone to click on Google ads, generating fraudulent revenue for the attacker.
Networking

New Privacy Vulnerability In IOT Devices: Traffic Rate Metadata (helpnetsecurity.com) 16

Orome1 quotes Help Net Security: Even though many IoT devices for smart homes encrypt their traffic, a passive network observer -- e.g. an ISP, or a neighborhood WiFi eavesdropper -- can infer consumer behavior and sensitive details about users from IoT device-associated traffic rate metadata. A group of researchers from the Computer Science Department of Princeton University have proven this fact by setting up smart home laboratory with a passive network tap, and examining the traffic rates of four IoT smart home devices: a Sense sleep monitor, a Nest Cam Indoor security camera, a WeMo smart outlet, and an Amazon Echo smart speaker... "Once an adversary identifies packet streams for a particular device, one or more of the streams are likely to encode device state. Simply plotting send/receive rates of the streams revealed potentially private user interactions for each device we tested," the researchers noted. [PDF]
In addition, the article notes, "Separating recorded network traffic into packet streams and associating each stream with an IoT device is not that hard."
Transportation

New Details On Sergey Brin's Plan For The World's Largest Aircraft (theguardian.com) 105

An anonymous reader shares The Guardian's report on plans for a new aircraft that's two-and-a-half times the size of a 747. Google co-founder Sergey Brin is building a hi-tech airship in Silicon Valley destined to be the largest aircraft in the world, according to multiple sources with knowledge of the project. "It's going to be massive on a grand scale," said one, adding that the airship is likely to be nearly 200 meters [656 feet] long... Brin wants the gargantuan airship, funded personally by the billionaire, to be able to deliver supplies and food on humanitarian missions to remote locations. However, it will also serve as a luxurious intercontinental "air yacht" for Brin's friends and family.

One source put the project's price tag at $100m to $150m. Igor Pasternak, an airship designer who was involved in the early stages of the project, believes airships could be as revolutionary for the trillion-dollar global cargo market as the internet was for communications. "Sergey is pretty innovative and forward looking," he said. "Trucks are only as good as your roads, trains can only go where you have rails, and planes need airports. Airships can deliver from point A to point Z without stopping anywhere in between."

The Guardian quips that while Brin's plans may stay secret for a while, "the good news is that the first flight test of such an enormous aircraft will be impossible to hide."
Chrome

Even For Businesses, Chrome Is The Top Browser (computerworld.com) 76

An anonymous reader shares Computerworld's interview with David Michael Smith of Gartner. "Most enterprises still have a 'standard' browser, and most of the time, that's something from Microsoft. These days it's IE11. But we've found that people actually use Chrome more than IE... It's the most-used browser in enterprise," he said... IE retains a sizable share -- Smith called it "a significant presence" -- largely because it's still required in most companies. "There are a lot of [enterprise] applications that only work in IE, because [those apps] use plug-ins," Smith said, ticking off examples like Adobe Flash, Java and Microsoft's own Silverlight. "Anything that requires an ActiveX control needs IE."

Many businesses have adopted the two-prong strategy that Gartner and others began recommending years ago: Keep a "legacy" browser to handle older sites, services and web apps, but offer another for everything else... Chrome, said Smith, is now the "overwhelming choice" as the modern enterprise browser... Smith wasn't optimistic that Edge would supplant Chrome, even when Windows 10 is widely deployed on corporate computers in the next few years. "Edge certainly will have opportunities" once Windows 10 is the enterprise-standard OS, "but I would say that Chrome has a lot of momentum, largely for the fact that it is so popular on the internet."

While a year ago Chrome and Microsoft's browsers both held 41% of the browser market share, now Chrome holds 59% to just 24% for both IE and Edge combined.
Iphone

Working Theory In Jet Crash: IPhone In Cockpit Is To Blame (appleinsider.com) 116

Apple Insider reports: Apple on Friday said that it's open to cooperation with French authorities, who are exploring the possibility that two of the company's devices were linked to the crash of EgyptAir Flight 804 in 2016. The flight's first officer may have plugged an iPhone 6s and an iPad mini 4 into the wrong socket in the jet's cockpit, French officials told Le Parisien. That may have triggered runaway heat, in turn sparking a fire.

At the moment, the investigation is being helped by an engineer from the French National Center for Scientific Research, as well as two people fron the French defense ministry, including a physics professor and an engineer specializing in batteries. Results from the investigation should be submitted by Sept. 30. Apple told the Parisien that it wasn't aware of evidence linking its devices to the EgyptAir disaster.

AI

Google Go-Playing A.I. Retires To Focus On Energy Conservation And Medicine (engadget.com) 115

After "narrowly" beating the world's top Go player, what's left for Google's AlphaGo AI? Engadget reports: Now that it has nothing left to prove, the AI is hanging up its boots and leaving the world of competitive Go behind. AlphaGo's developers from Google-owned DeepMind will now focus on creating advanced general algorithms to help scientists find elusive cures for diseases, conjure up a way to dramatically reduce energy consumption and invent new revolutionary materials. Before they leave Go behind completely, though, they plan to publish one more paper later this year to reveal how they tweaked the AI to prepare it for the matches against Ke Jie. They're also developing a tool that would show how AlphaGo would respond to a particular situation on the Go board with help from the world's number one player. While you'll have to wait a while for those two, you'll soon be able to watch 50 games AlphaGo played against itself when it was training
The first ten games that AlphaGo played against itself are already online. Shi Yue, 9 Dan Professional and World Champion, described them as "Like nothing I've ever seen before -- they're how I imagine games from far in the future." Google announced that this week's competition "has been the highest possible pinnacle for AlphaGo as a competitive program. For that reason, the Future of Go Summit is our final match event with AlphaGo... We hope that the story of AlphaGo is just the beginning."
Microsoft

Security Analyst Concludes Windows 10 Enterprise 'Tracks Too Much' (xato.net) 251

A viral Twitter rant about Windows 10 Enterprise supposedly ignoring users' privacy settings has since been clarified. "I made mistakes on my original testing and therefore saw more connections than I should have," writes IT security analyst Mark Burnett, "including some to Google ads." But his qualified results -- quoted below -- are still critical of Microsoft:
  • You can cut back even more using the Windows Restricted Traffic Limited Functionality Baseline but break many things.
  • Settings can be set wrong if you aren't paying attention. Also, settings are not consistent and can be confusing to beginners.
  • You are opted-in to just about everything by default and have to set hundreds of settings to opt out, even on an Enterprise Windows system. Sometimes multiple settings for the same feature. Most Microsoft documentation discourages opting out and warns of a less optimal experience... But you can't completely opt-out. Windows still tracks too much.
  • Home and Professional users are much worse off due to limitations of some settings and lack of an IT staff... I'm not saying ditch Windows. I'm saying let's fix this. If we can't fix it, then we ditch Windows.

Opera

Opera Says Their iOS Updates Are Still Coming - Just Slowly (twitter.com) 33

Slashdot reader BrianFagioli has posted an update about his communication with Opera over their plans for iOS. They'd originally tweeted Thursday that "at this moment we don't have a team working on IOS which is why we haven't released any updates." But Friday they clarified that "It does not mean we give up development on iOS. It's just that now our resources are on Android." They reiterated that point in an email. We would like to clarify that Opera does not abandon iOS... We plan to keep developing it as Opera Min[i] provides unique features that other browsers do not have, such as data saving for both webpages and video, ad-blocking, built-in newsfeed etc. And people love using it. As most of the engineering resources are now on Android, our update on iOS is slow at this moment. Please bear with us and do stay tune for our next updates.
The tweet Friday also emphasized that "We will update iOS for sure."
Power

New Solar Plane Plans Non-Stop Flight Around The World (bloomberg.com) 34

An anonymous reader quotes Bloomberg: [A] Russian tycoon and his Renova Group plan a record-breaking effort to send a plane around the world nonstop using only the power of the sun. If all goes well, a single pilot will fly for five days straight at altitudes of up to 10 miles, about a third higher than commercial airliners. The project isn't just a stunt. The glider-style airplane with a 36-meter (120-foot) wingspan will be a test of technologies that are set to be used to build new generations of autonomous craft for the military and business, say aerospace experts. They will fly continuously, have far greater reach and control than satellites and expand broadcast, communication and spying capabilities around the globe... "Our flight should prove that it's possible to make long-distance flights using solar energy," said Mikhail Lifshitz, Renova's director of high-tech asset development and a qualified pilot-instructor. A "flying laboratory" test-plane will be ready by year-end, Lifshitz said in an interview.
The plane will conserve power by slowly gliding down from the high altitudes at night -- without ever touching the ground. In comparison a solar plane (partially funded by Google) already circled the earth last year -- but it took 22 days, and made 17 different stops.
Transportation

IT Crash Causes British Airways To Cancel All Flights (cnbc.com) 191

An anonymous reader quotes CNBC: British Airways canceled all flights from London's Heathrow and Gatwick airports on Saturday as a global IT failure upended the travel plans of tens of thousands of people on a busy U.K. holiday weekend. The airline said it was suffering a "major IT systems failure" around the world. Chief executive Alex Cruz said "we believe the root cause was a power-supply issue and we have no evidence of any cyberattack." He said the crash had affected "all of our check-in and operational systems." BA operates hundreds of flights from the two London airports on a typical day -- and both are major hubs for worldwide travel. Several hours after problems began cropping up Saturday morning, BA suspended flights up to 6 p.m. because the two airports had become severely congested. The airline later scrapped flights from Heathrow and Gatwick for the rest of the day.
Open Source

Alpine Linux 3.6.0 Released (alpinelinux.org) 58

An anonymous reader quotes DistroWatch: Natanael Copa has announced the release of Alpine Linux 3.6.0. Alpine Linux is an independent, minimal operating system that is well suited to running servers, routers and firewalls. Version 3.6.0 introduces support for 64-bit POWER machines, 64-bit IBM z Systems computers and features many up to date packages, including PHP 7.1, LLVM 4.0 and version 6.3 of the GNU Compiler.
"Noteworthy new packages" include Rust 1.17.0 and Cargo 0.18.0, as well as Julia 0.5.2, as we ll as "significant updates" like Go 1.8, Python 3.6, and Ruby 2.4. And in addition, "MD5 and SHA-1 hashes have been removed from APKBUILDs, being obsoleted by SHA-512."
Bug

Wormable Code-Execution Bug Lurked In Samba For 7 Years (arstechnica.com) 79

Long-time Slashdot reader williamyf was the first to share news of "a wormable bug [that] has remained undetected for seven years in Samba verions 3.5.0 onwards." Ars Technica reports: Researchers with security firm Rapid7...said they detected 110,000 devices exposed on the internet that appeared to run vulnerable versions of Samba. 92,500 of them appeared to run unsupported versions of Samba for which no patch was available... Those who are unable to patch immediately can work around the vulnerability by adding the line nt pipe support = no to their Samba configuration file and restart the network's SMB daemon. The change will prevent clients from fully accessing some network computers and may disable some expected functions for connected Windows machines.
The U.S. Department of Homeland Security's CERT group issued an anouncement urging sys-admins to update their systems, though SC Magazine cites a security researcher arguing this attack surface is much smaller than that of the Wannacry ransomware, partly because Samba is just "not as common as Windows architectures." But the original submission also points out that while the patch came in fast, "the 'Many eyes' took seven years to 'make the bug shallow'."
Government

Investigation Demanded Over Fake FCC Comments Submitted By Dead People (bbc.com) 135

An anonymous reader writes: Fight for the Future has found another issue with the fake comments submitted to the FCC opposing net neutrality. "The campaign group says that some of the comments were posted using the names and details of dead people," according to the BBC. The exact same comment was also submitted more than 7,000 times using addresses in Colorado, where a reporter discovered that contacting the people at those addresses drew reactions which included "I have never seen this before in my life" and "No, I did not post this comment. In fact, I disagree with this comment." Fight for the Future also knocked on doors in Tampa, Florida, where the few people who answered "were shocked to hear that their name and address were publicly listed alongside a political message they did not necessarily understand or agree with." An alleged commenter in Montana told a reporter she didn't even know what net neutrality was.

14 people have already signed Fight for the Future's official complaint to the FCC, which calls for notification of all people affected, an investigation, and the immediate removal of all fake comments from the public docket. "Based on numerous media reports, nearly half a million Americans may have been impacted by whoever impersonated us," states the letter, "in a dishonest and deceitful campaign to manufacture false support for your plan to repeal net neutrality protections."

Fight for the Future says they've already verified "dozens" of instance of real people discovering a fake comment was submitted in their name -- and that in addition, more than 2,400 people have already used their site to contact their state Attorneys General demanding an investigation. They note the FCC has taken no steps to remove the fake comments from its docket, "risking the safety and privacy of potentially hundreds of thousands of people," while a campaign director at Fight for the Future added, "For the FCC's process to have any legitimacy, they simply cannot move forward until an investigation has been conducted."
Google

Accused of Underpaying Women, Google Says It's Too Expensive To Get Wage Data (theguardian.com) 387

An anonymous reader quotes a report from The Guardian: Google argued that it was too financially burdensome and logistically challenging to compile and hand over salary records that the government has requested, sparking a strong rebuke from the U.S. Department of Labor (DoL), which has accused the Silicon Valley firm of underpaying women. Google officials testified in federal court on Friday that it would have to spend up to 500 hours of work and $100,000 to comply with investigators' ongoing demands for wage data that the DoL believes will help explain why the technology corporation appears to be systematically discriminating against women. Noting Google's nearly $28 billion annual income as one of the most profitable companies in the U.S., DoL attorney Ian Eliasoph scoffed at the company's defense, saying, "Google would be able to absorb the cost as easy as a dry kitchen sponge could absorb a single drop of water."
Amiga

A New Amiga Arrives On the Scene -- the A-EON Amiga X5000 (arstechnica.com) 115

dryriver writes: It is 2017 and the long dead Amiga platform has suddenly been resurrected. The new Amiga X5000 costs about $1,800 and is an exotic mix of PC parts and completely new custom chips, including "Xena," an XMOS 16-core programmable 32-bit 500 MHz coprocessor that can be configured by software to act as any type of custom chip imaginable. It is connected to a special "Xorro" slot that has the same physical connection as a PCIe x8 expansion card, but it is dedicated to adding more Xena chips as desired. Amiga X5000 can run all legacy Amiga software, including software written for later PowerPC Amigas. It boots from a U-Boot BIOS. The OS is AmigaOS 4.1, but the X5000 can also boot into MorphOS or Linux. The test system used by Ars came with a ATI Radeon R9 270X video card.
Displays

UCF Research Could Bring 'Drastically' Higher Resolution To Your Phone and TV (ucf.edu) 104

New submitter cinemetek quotes a report from University of Central Florida: Researchers at the University of Central Florida have developed a new color changing surface tunable through electrical voltage that could lead to three times the resolution for televisions, smartphones and other devices. Current LCD's are made up of hundreds of thousands of pixels that display different colors. With current technology, each of these pixels contain three subpixels -- one red, one green, one blue. UCF's NanoScience Technology Center (Assistant Professor Debashis Chanda and physics doctoral student Daniel Franklin) have come up with a way to tune the color of these subpixels. By applying differing voltages, they are able to change the color of individual subpixels to red, green or blue -- the RGB scale -- or gradations in between. By eliminating the three static subpixels that currently make up every pixel, the size of individual pixels can be reduced by three. Three times as many pixels means three times the resolution. That would have major implications for not only TVs and other general displays, but augmented reality and virtual-reality headsets that need very high resolution because they're so close to the eye.
Encryption

10 Years Later: FileZilla Adds Support For Master Password That Encrypts Your Logins (bleepingcomputer.com) 79

An anonymous reader writes: "Following years of criticism and user requests, the FileZilla FTP client is finally adding support for a master password that will act as a key for storing FTP login credentials in an encrypted format," reports BleepingComputer. "This feature is scheduled to arrive in FileZilla 3.26.0, but you can use it now if you download the 3.26.0 (unstable) release candidate from here." By encrypting its saved FTP logins, FileZilla will finally thwart malware that scrapes the sitemanager.xml file and steals FTP credentials, which were previously stolen in plain text. The move is extremely surprising, at least for the FileZilla user base. Users have been requesting this feature for a decade, since 2007, and they have asked it many and many times since then. All their requests have fallen on deaf ears and met with refusal from FileZilla maintainer, Tim Kosse. In November 2016, a user frustrated with Koose's stance forked the FileZilla FTP client and added support for a master password via a spin-off app called FileZilla Secure.
Facebook

Facebook Bans Sale of Piracy-Enabling Set-Top Boxes 66

Lirodon quotes a report from Variety: Facebook has joined the fight against illegal video-streaming devices. The social behemoth recently added a new category to products it prohibits users to sell under its commerce policy: Products or items that "facilitate or encourage unauthorized access to digital media." The change in Facebook's policy, previously reported by The Drum, appears primarily aimed at blocking the sale of Kodi-based devices loaded with software that allows unauthorized, free access to piracy-streaming services. Kodi is free, open-source media player software. The app has grown popular among pirates, who modify the code with third-party add-ons for illegal streaming. Even with the ban officially in place, numerous "jail-broken" Kodi-enabled devices remain listed in Facebook's Marketplace section, indicating that the company has yet to fully enforce the new ban. A Facebook rep confirmed the policy went into effect earlier this month. In addition, the company updated its advertising policy to explicitly ban ads for illegal streaming services and devices.

Slashdot Top Deals