Slashdot Mirror

An anonymous reader quotes a report from Ars Technica: Gamers of a certain age probably remember being wowed by the quick, smooth scaling and rotation effects of the Super Nintendo's much-ballyhooed "Mode 7" graphics. Looking back, though, those gamers might also notice how chunky and pixelated those background transformations could end up looking, especially when viewed on today's high-end screens. Emulation to the rescue. A modder going by the handle DerKoun has released an "HD Mode 7" patch for the accuracy-focused SNES emulator bsnes. In their own words, the patch "performs Mode 7 transformations... at up to 4 times the horizontal and vertical resolution" of the original hardware.

The results, as you can see in the above gallery and the below YouTube video, are practically miraculous. Pieces of Mode 7 maps that used to be boxy smears of color far in the distance are now sharp, straight lines with distinct borders and distinguishable features. It's like looking at a brand-new game. Perhaps the most impressive thing about these effects is that they take place on original SNES ROM and graphics files; DerKoun has said that "no artwork has been modified" in the games since the project was just a proof of concept a month ago. That makes this project different from upscaling emulation efforts for the N64 and other retro consoles, which often require hand-drawn HD texture packs to make old art look good at higher resolutions.

An anonymous reader quotes a report from Ars Technica: T-Mobile U.S. and Sprint are facing potential rejection of their proposed merger at the U.S. Department of Justice. DOJ staffers "have told T-Mobile US and Sprint that their planned merger is unlikely to be approved as currently structured," The Wall Street Journal reported today, citing people familiar with the matter. "In a meeting earlier this month, Justice Department staff members laid out their concerns with the all-stock deal and questioned the companies' arguments that the combination would produce important efficiencies for the merged firm," the Journal wrote. DOJ staffers' recommendations aren't the final word at the agency. The department's antitrust chief, Makan Delrahim, would decide whether to challenge or allow the merger.

The Justice Department's antitrust division is reviewing the merger and could file a lawsuit in federal court in an attempt to block the deal. Success isn't guaranteed, a fact the DOJ was reminded of when a U.S. District Court judge allowed AT&T to buy Time Warner despite DOJ opposition. The DOJ could also approve the merger with conditions, but that would require agreement with T-Mobile and Sprint on what those conditions would be. "T-Mobile and Sprint could offer concessions, such as assets sales, to address the government's concerns," the Journal wrote. Sprint shares "are trading at a roughly 20 percent discount to the price implied by the all-stock deal, signaling Wall Street doubts about the combination's chances," the report also said. T-Mobile CEO John Legere denied the report in a tweet, saying that "[t]he premise of this story... is simply untrue. Out of respect for the process, we have no further comment." Sprint Executive Chairman Marcelo Claure also claimed that the "article is not accurate," adding that Sprint "continue[s] to have discussions with regulators about our proposed merger."

According to a report by Brad Sams at Thurrott, Microsoft is going to expand its range of audio hardware with the introduction of a set of wireless earbuds. They will accompany the Surface Headphones, a premium-priced pair of wireless headphones that Microsoft released last year. Ars Technica reports: Microsoft has shipped earbuds before: the Zune media player came with earbuds with a feature that sounds simple but is actually ingenious: the earbuds were magnetic and would stick together back to back. The result? Much less cable tangling when you put them in your pocket or bag. Surface Headphones seem to be competitive with other noise-cancelling over-the-ear headphones: their wireless range is great, the noise cancelling is solid, and their volume and noise-cancelling dials are a joy to use, but their battery life and Bluetooth audio standard support are both weak. As such, Microsoft is not totally without experience in this area and has shown that it can engineer thoughtful, compelling designs. How the putative earbuds will stand out from the crowd remains to be seen, of course.

The existing Surface Headphones were codenamed Joplin, raising the question: Janis or Scott? The earbuds make the answer to that question clear; they're apparently codenamed Morrison, as in Jim, meaning that the over-the-ear headphones are clearly named for Janis. Sams says that "Surface Buds" has been mooted as their retail name, with a possible launch in 2019.

John Timmer from Ars Technica got a chance to take a look at Trek's new bicycle helmet that they claim offers "the first major change in helmet technology in years," and is backed up with peer-reviewed science. Here's an excerpt from Timmer's report: WaveCel is the product of orthopedic surgeon Steve Madey and a biomedical engineer named Michael Bottlang. The two had been working on a variety of ideas related to medical issues and protective gear, funded in part by federal grant money. When considering the idea of a lightweight material that could evenly distribute forces, Bottlang told Ars that they first focused on a honeycomb pattern. But they found that it was actually too robust -- the honeycomb wouldn't collapse until a lot of force had been applied, and then it would fail suddenly.

The design they eventually developed has a shape that allows flexing almost immediately when force is applied. "It starts to glide right away," Bottlang said. The manufacturing technique creates a clear point of failure that allows more extensive flexing once a certain level of force is exceeded -- part of the structure will fold over rather than experiencing a complete failure. Then, once folded, the polymer it's made of will allow neighboring cells to glide over each other. This provides some resistance even after the structure has collapsed. For the helmet, a patch of this material is attached to the inside of a more traditional EPS helmet, which provides impact resistance. But the WaveCel mesh is allowed to float within the helmet and can absorb much of the force of off-axis impacts. The thin strips of soft material that cushion the helmet where it rests on the head (also found in more traditional helmets) are attached directly to the WaveCel mesh.

It looks more uncomfortable than it is. Madey, the orthopedic surgeon, said they've done tests that show that, even if placed directly on the skin, the WaveCel mesh wouldn't break the skin under most impact forces. How does their new helmet work? According to a paper authored by Bottlang and Madey, helmets including the material reduced rotational acceleration from impacts by 73 percent compared to a normal helmet. A slip pad within a normal helmet (MIPS) only dropped acceleration by 22 percent, which seems like a substantial difference.

An anonymous reader quotes Vice: On Wednesday, the Illinois State Senate passed the Keep Internet Devices Safe Act, a bill that would ban manufacturers of devices that can record audio from doing so remotely without disclosing it to the customer. But after lobbying from trade associations that represent the interests of Google, Amazon -- makers of the microphone-enabled Google Home and Alexa smart speakers, respectively -- and Microsoft, among other companies, the interests of big tech won out... In its current, neutered form, the bill provides exclusive authority to the Attorney General to enforce the Act, which means regular citizens won't be able to bring forward a case regarding tech giants recording them in their homes.
Ars Technica notes the move comes after Amazon admitted thousands of their employees listen to Alexa recordings -- "something not mentioned in Echo's terms of service or FAQ pages."

Vice points out that sometimes those recordings are shared "even after users opt out of having their data used in the program."

An anonymous reader quotes a report from Ars Technica: In its annual Theatrical Home Entertainment Market Environment report, the Motion Picture Association of America described an immensely sharp drop-off of physical media sales over the past five years. According to the data, which was obtained from DEG and IHS Markit, global sales of video disc formats (which in this context means DVD, Blu-ray, and UltraHD Blu-ray) were $25.2 billion in 2014 but only $13.1 in 2018. That's a drop in the ballpark of 50 percent.

Don't expect 8K Blu-rays or other emerging quality-focused formats to turn the tide, either. Market data published by Forbes showed that the aging, low-definition DVD format still accounts for 57.9 percent of physical media sales, and 4K Blu-rays are only 5.3 percent. With drops that sharp, you'd expect apocalyptic financials for companies making and distributing movies. However, while there are certainly losers in this trend, the overall industry actually grew over the same period. Home entertainment spending grew 16 percent in 2018 thanks to surges in consumer spending on digital video services from players like Netflix, Amazon, and Hulu. The report says that subscriptions to online streaming services grew 27 percent globally to 613.3 million in 2018, surpassing cable subscriptions (at 556 million) for the first time ever. "However, cable still drives more overall revenue than streaming -- it was the highest revenue platform in 2018, with $118 billion globally," Ars notes.

Despite efforts from Tesla, Daimler, Nikola and Siemens to reduce emissions from heavy-duty, diesel-powered trucks, either by producing their own electric- or hydrogen-powered alternatives, "trucking in the U.S. is still driven by diesel-fueled, compression-ignition (CI), internal combustion engines," reports Ars Technica. According to a new paper from MIT researchers, "the best way forward is not to wait for all-electric or hydrogen-powered semis, but to build a plug-in hybrid electric (PHEV) truck with an internal combustion engine/generator that can burn either gasoline or renewable ethanol or methanol." From the report: Such a setup preserves the range and affordability that's expected of diesel long-haul trucks while significantly reducing the emissions associated with diesel. To boot, it's a near-term solution; no waiting for battery weight to fall or hydrogen refueling stations to be installed. [T]here are some distinct problems with all-electric and all-diesel trucks that a hybrid flex-fuel truck could solve. First, freight companies are looking for the cheapest way to transport goods from point A to point B, so expensive electric vehicles don't make short-term economic sense, especially if you're competing with other freight companies using cheaper diesel engines.

Using flex-fuel gasoline-alcohol engines has also been shown to reduce nitrogen oxide emissions by 90 percent, the MIT researchers wrote, if the emissions reduction system on the truck uses a three-way catalyst (TWC) instead of the diesel-focused selective catalytic reduction (SCR). (The paper notes that this isn't theoretical. A 90-percent reduction in tailpipe NOx from diesel has already been achieved in light-duty gas vehicles and in the heavy-duty Cummins Westport 9 liter natural gas engine.) A flex-fuel gasoline-alcohol engine could also help freight companies achieve "both the lowest air pollution and lowest greenhouse gas emissions when the internal combustion engine operates," the paper notes. In addition, "the relative use of battery power, gasoline power, and alcohol power can be optimized for meeting varying prices and availability of these energy sources as a long-haul truck travels through various regions."

An anonymous reader shares a report: Trucking in the US is still driven by diesel-fueled, compression-ignition (CI), internal combustion engines. Daniel Cohn and Leslie Bromberg, a pair of researchers from the Massachusetts Institute of Technology (MIT), published a paper with the Society of Automotive Engineers, suggesting that the best way forward is not to wait for all-electric or hydrogen-powered semis, but to build a plug-in hybrid electric (PHEV) truck with an internal combustion engine/generator that can burn either gasoline or renewable ethanol or methanol. Such a setup preserves the range and affordability that's expected of diesel long-haul trucks while significantly reducing the emissions associated with diesel. To boot, it's a near-term solution; no waiting for battery weight to fall or hydrogen refueling stations to be installed.

A hybrid heavy-duty system isn't a completely novel idea, though a PHEV system has yet to be widely applied and tested in long-haul heavy-duty trucking. A company called Hyliion introduced a hybrid electric-diesel truck in 2017, and San Diego uses a hybrid electric-compressed natural gas bus on its transit system, though the former still grapples with diesel emissions and the latter is not for long-haul use. But there are some distinct problems with all-electric and all-diesel trucks that a hybrid flex-fuel truck could solve. First, freight companies are looking for the cheapest way to transport goods from point A to point B, so expensive electric vehicles don't make short-term economic sense, especially if you're competing with other freight companies using cheaper diesel engines.

An anonymous reader quotes a report from Ars Technica: Sixteen months ago, researchers reported an unsettling escalation in hacks targeting power plants, gas refineries, and other types of critical infrastructure. Attackers who may have been working on behalf of a nation caused an operational outage at a critical-infrastructure site after deliberately targeting a system that prevented health- and life-threatening accidents. What was unprecedented in this attack -- and of considerable concern to some researchers and critical infrastructure operators -- was the use of an advanced piece of malware that targeted the unidentified site's safety processes. The malware was named Triton and Trisis, because it targeted the Triconex product line made by Schneider Electric. Its development was ultimately linked to a Russian government-backed research institute.

Now, researchers at FireEye -- the same security firm that discovered Triton and its ties to Russia -- say they have uncovered an additional intrusion that used the same malicious software framework against a different critical infrastructure site. As was the case in the first intrusion, the attackers focused most of their resources on the facility's OT, or operational technology, which are systems for monitoring and managing physical processes and devices. The discovery has unearthed a new set of never-before-seen custom tools that shows the attackers have been operational since as early as 2014. The existence of these tools, and the attackers' demonstrated interest in operational security, lead FireEye researchers to believe there may be other sites beyond the two already known where the Triton attackers were or still are present. "After establishing an initial foothold on the corporate network, the Triton actor focused most of their effort on gaining access to the OT network," FireEye researchers wrote in a report published Wednesday. "They did not exhibit activities commonly associated with espionage, such as using key loggers and screenshot grabbers, browsing files, and/or exfiltrating large amounts of information. Most of the attack tools they used were focused on network reconnaissance, lateral movement, and maintaining presence in the target environment."

An anonymous reader quotes a report from Ars Technica: Mirai, the "botnet" malware that was responsible for a string of massive distributed denial of service (DDoS) attacks in 2016 -- including one against the website of security reporter Brian Krebs -- has gotten a number of recent updates. Now, developers using the widely distributed "open" source code of the original have added a raft of new devices to their potential bot armies by compiling the code for four more microprocessors commonly used in embedded systems.

Researchers at Palo Alto Networks' Unit 42 security research unit have published details of new samples of the Mirai botnet discovered in late February. The new versions of the botnet malware targeted Altera Nios II, OpenRISC, Tensilica Xtensa, and Xilinx MicroBlaze processors. These processors are used on a wide range of embedded systems, including routers, networked sensors, base band radios for cellular communications and digital signal processors. The new variants also include a modified encryption algorithm for botnet communications and a new version of the original Mirai TCP SYN denial-of-service attack. Based on the signature of the new attack option, Unit 42 researchers were able to trace activity of the variants back as far as November 2018.

MDMurphy writes: While people have good and bad things to say about Tesla, one consistent thing has been that the cars emit zero emissions when operating. But in Europe, in exchange for cash, Tesla is merging its fleet with that of Fiat Chrysler Automobiles (FCA). The amount FCA is paying Tesla is presumably less than they would in fines if they were on their own. With this merging of the fleets, in Europe at least, a Tesla is no more clean than a diesel Fiat. "The Italian-American carmaker is behind on meeting the new standard, and the so-called open pool option available at the EU allows automakers to group their fleets together to meet the targets," reports Bloomberg. "Payments to Tesla, whose electric cars don't produce CO2 emissions, may amount to over 500 million euros, according to Jefferies."

Ars Technica reports on the strict new EU regulations: "From 2020, 95 percent of an automaker's new cars sold in the EU have to meet this target, with the remaining 5 percent falling under the law in 2021. And the penalties for failing are draconian: a $107 'excess emissions premium' per gram of CO2 over the target, for every single car registered in the EU that year. For some OEMs, this has the potential to be ruinous; if FCA's portfolio were the same in 2021 as it was in 2018, the automaker would have to pay some $3.12 billion, out of total net global profits of $4.1 billion."

An anonymous reader quotes a report from Ars Technica: After April 15, inmates at the Adult Detention Center in Lowndes County, Mississippi will no longer be allowed to visit with family members face to face. Newton County, Missouri, implemented an in-person visitor ban last month. The Allen County Jail in Indiana phased out in-person visits earlier this year. All three changes are part of a nationwide trend toward "video visitation" services. Instead of seeing their loved ones face to face, inmates are increasingly limited to talking to them through video terminals. Most jails give family members a choice between using video terminals at the jail -- which are free -- or paying fees to make calls from home using a PC or mobile device.

Even some advocates of the change admit that it has downsides for inmates and their families. Ryan Rickert, jail administrator at the Lowndes County Adult Detention Center, acknowledged to The Commercial Dispatch that inmates were disappointed they wouldn't get to see family members anymore. Advocates of this approach point to an upside for families: they can now make video calls to loved ones from home instead of having to physically travel to the jail. These services are ludicrously expensive. Video calls cost 40 cents per minute in Newton County, 50 cents per minute in Lowndes County, and $10 per call in Allen County. Outside of prison, of course, video calls on Skype or FaceTime are free. These "visitation" services are often "grainy and jerky, periodically freezing up altogether," reports Ars. As for why so many jails are adopting them, it has a lot to do with money. "In-person visits are labor intensive. Prison guards need to escort inmates to and from visitation rooms, supervise the visits, and in some cases pat down visitors for contraband. In contrast, video terminals can be installed inside each cell block, minimizing the need to move inmates around the jail." The video-visitation systems also directly generate revenue for jails.

A massive class-action lawsuit is accusing AT&T of lying to customers about DirecTV Now when it bought Time Warner. KCTV5 reprots: At the time, they promised customers and investors, they would be cutting prices for their streaming service called DirecTV Now. However, the lawsuit accuses the company of switching up TV packages, confusing customers by getting rid of the bundles it had been offering, charging higher prices for new types of bundles, and then bringing back the original bundles at a higher price. Investors were not happy about this because stock prices tanked. DirecTV Now was hemorrhaging customers, losing about 260,000 customers in December. "AT&T's registration statement 'touted yearly and quarterly growth trends... including quarterly subscriber gains in its DirecTV Now service sufficient to offset any decrease in traditional satellite DirecTV subscribers, such that AT&T was experiencing an ongoing trend of total video subscriber 'net additions,'" reports Ars Technica, citing a segment of the complaint.

"But in reality, 'DirecTV Now subscribers were leaving (i.e., not renewing) as soon as their promotional discount periods expired, while at the same time new potential DirecTV Now customers were unwilling to pay the higher prices and therefore not subscribing at all,' the complaint said. By the time AT&T bought Time Warner, 'AT&T's reported 'net additions' growth trend was already reversing into a severe 'net loss.' [T]he AT&T registration statement 'purported to warn of numerous risks that 'if' occurring 'may' or 'could' adversely affect the company while failing to disclose that these 'risks' had already materialized at the time of the acquisition,' the complaint said."

An anonymous reader quotes a report from Ars Technica: A New Zealand family that booked an Airbnb in Ireland recently discovered an undisclosed camera in the living room, and the family says that Airbnb initially cleared the host of any wrongdoing before finally banning the offender from its platform. "Once the family had unpacked, Andrew Barker, who works in IT security, scanned the house's Wi-Fi network," CNN reported today. "The scan unearthed a camera and subsequently a live feed. From the angle of the video, the family tracked down the camera, concealed in what appeared to be a smoke alarm or carbon monoxide detector." Nealie Barker posted an image on Facebook showing the location of the camera in the living room and a shot of the family from the sneaky video feed.

Based on the photo, the video of the Barkers seems to have been taken on March 3 and was viewable on the local Wi-Fi network at 192.168.0.4/video/livemb.asp. The family relocated to a hotel and contacted both Airbnb and the property host. The host initially hung up but later called back and told them, "The camera in the living room was the only one in the house," CNN wrote. It's not clear whether the host was recording the video, whether he was capturing audio, whether he was monitoring it remotely in real time, or whether he was using it for anything more than monitoring guests. [...] Airbnb temporarily suspended the listing and promised to investigate, CNN wrote. But when Barker contacted Airbnb again two weeks later, "the company told her that the host had been 'exonerated,' and the listing reinstated." Airbnb finally banned the host after Nealie Barker posted about the disturbing incident on Facebook on Monday this week. Barker's Facebook post said that Airbnb's "investigation which didn't include any follow-up with us exonerated the host, no explanation provided," and that "the listing (with hidden camera not mentioned) is still on Airbnb." Airbnb said in a statement to Ars Technica: "Our original handling of this incident did not meet the high standards we set for ourselves, and we have apologized to the family and fully refunded their stay."

Airbnb's policy states that hosts must disclose "any type of surveillance device" in listings, "even if it's not turned on or hooked up." Cameras are allowed in certain spaces if they are disclosed, but Airbnb "prohibit[s] any surveillance devices that are in or that observe the interior of certain private spaces (such as bedrooms and bathrooms) regardless of whether they've been disclosed. [...] If a host discloses the device after booking, Airbnb will allow the guest to cancel the reservation and receive a refund. Host cancellation penalties may apply."

The European Union Commission today accused BMW, Daimler, and Volkswagen Group (which makes VW, Audi, and Porsche vehicles) of colluding to limit emissions reduction technology in their diesel and gas vehicles. From a report: The commission accused the three manufacturers of coordinating to limit the size and refill ranges of AdBlue tanks on their diesel vehicles made between 2006 and 2014. AdBlue is a urea-based liquid that is injected into exhaust gas to reduce the amount of nitrogen oxides (NOx) that are released during diesel combustion. The commission also accused the three manufacturers of agreeing to avoid or delay the introduction of "Otto" particulate filters on gas-powered vehicles between 2009 and 2014.

After opening an investigation last September, the EU Commission today sent the three German automakers Statements of Objections, that is, a formal letter outlining the preliminary view that the manufacturers' behavior was illegal. "Such market behavior, if confirmed... would violate EU competition rules prohibiting cartel agreements to limit or control production, markets or technical development," an EU Commission press release read.

Google is testing a new "Pilot Program" that puts a row of advertisements on the Android TV home screen. XDA Developers, which was the first to report the program, says: "We're currently seeing reports that it has shown up in Sony smart TVs, the Mi Box 3 from Xiaomi, NVIDIA Shield TV, and others." Ars Technica reports: The advertising is a "Sponsored Channel" part of the "Android TV Core Services" app that ships with all Android TV devices. A "Channel" in Android TV parlance means an entire row of thumbnails in the UI will be dedicated to "sponsored" content. Google provided XDA Developers with a statement saying that yes, this is on purpose, but for now it's a "pilot program."

Sony has tersely worded a support page detailing the "Sponsored channel," too. There's no mention here of it being a pilot program. Sony's page, titled "A sponsored channel has suddenly appeared on my TV Home menu," says, "This change is included in the latest Android TV Launcher app (Home app) update. The purpose is to help you discover new apps and contents for your TV." Sony goes on to say, "This channel is managed by Google" and "the Sponsored channel cannot be customized." Sony basically could replace the entire page with a "Deal with it" sunglasses gif, and it would send the same message.

An anonymous reader quotes a report from Ars Technica: Democrats in the U.S. House of Representatives yesterday rejected Republican attempts to weaken a bill that would restore net neutrality rules. The House Commerce Committee yesterday approved the "Save the Internet Act" in a 30-22 party-line vote, potentially setting up a vote of the full House next week. The bill is short and simple -- it would fully reinstate the rules implemented by the Federal Communications Commission under then-Chairman Tom Wheeler in 2015, reversing the repeal led by FCC Chairman Ajit Pai in 2017.

Commerce Committee Republicans repeatedly introduced amendments that would weaken the bill but were consistently rebuffed by the committee's Democratic majority. "The Democrats beat back more than a dozen attempts from Republicans to gut the bill with amendments throughout the bill's markup that lasted 9.5 hours," The Hill reported yesterday. Republican amendments would have weakened the bill by doing the following: Exempt all 5G wireless services from net neutrality rules; Exempt all multi-gigabit broadband services from net neutrality rules; Exempt from net neutrality rules any ISP that builds broadband service in any part of the U.S. that doesn't yet have download speeds of at least 25Mbps and upload speeds of at least 3Mbps; Exempt from net neutrality rules any ISP that gets universal service funding from the FCC's Rural Health Care Program; Exempt ISPs that serve 250,000 or fewer subscribers from certain transparency rules that require public disclosure of network management practices; and Prevent the FCC from limiting the types of zero-rating (i.e., data cap exemptions) that ISPs can deploy. An additional Republican amendment "would have imposed net neutrality rules but declared that broadband is an information service, [preventing] the FCC from imposing any other type of common-carrier regulations on ISPs," reports Ars Technica. "The committee did approve a Democratic amendment to exempt ISPs with 100,000 or fewer subscribers from the transparency rules, but only for one year."

An anonymous reader quotes a report from Ars Technica: Google is releasing the second Android Q Beta today. As we learned with the first release, Android Q is bringing support for foldable smartphones, better privacy and permissions controls, and a grab bag of other features. We've yet to install the second beta on one of our own devices, but Google's release blog post promises "bug fixes, optimizations, and API updates," as well as a crazy new multitasking feature and an emulator for foldables. Android loves multitasking. So far we've had split screens and floating windows, and Android Q Beta 1 even had a hidden desktop mode. Beta 2 brings us a new multitasking feature called "Bubbles." Bubbles let you minimize an app into a little circle, which floats around on the screen above all your other apps. Tapping on a bubble will open a small UI. The only demo Google shows is one for a messaging app. Each bubble is a contact, and tapping on the bubble shows a small chat UI. If you remember Facebook's "Chat Head" UI for Messenger, Bubbles is that, but built into the OS. "Bubbles are great for messaging because they let users keep important conversations within easy reach," Google said in their blog post. "They also provide a convenient view over ongoing tasks and updates, like phone calls or arrival times. They can provide quick access to portable UI, like notes or translations, and can be visual reminders of tasks too."

The updated fifth-generation iPad mini has been torn apart by iFixit, revealing an "amalgamation of components and designs from other iPads -- the internals of a previous iPad mini, the camera system of an iPad Pro, and the exterior design of an iPad Air," reports Ars Technica. From the report: iFixit has published its teardown of the new, fifth-generation iPad mini -- the first update to Apple's smaller-sized tablet since 2015. The iFixit team -- which sells gear for repairing and servicing gadgets and uses these teardown series to promote said gearâ"noted that the iPad mini looks on the outside like a smaller version of the new iPad Air. But on the inside, it's an updated iPad mini 4, the team wrote.

On opening the tablet up, iFixit discovered a 19.32Wh battery -- the same capacity as the previous-generation iPad mini. But there are some notable changes. The front-facing camera module has been updated to a 7-megapixel Æ'/2.2, like the 10.5-inch iPad Pro. That's a marked improvement over the iPad mini 4. There's also Apple's A12 Bionic system-on-a-chip (the same found in the iPhone XS, XS Max, and XR) with 3GB of LPDDR4X DRAM. The updated microphone array has been moved near the selfie cam, and new ambient light sensors support the True Tone feature, which adjusts the white balance of the display based on ambient light conditions for user comfort. The repair site gave the 2019 iPad mini a score of two out of 10 for repairability. "The only positive cited was that a single Phillips screwdriver can deal with all the screws in the device," Ars reports. "However, replacing the battery is 'unnecessarily difficult,' there's adhesive everywhere, and removing the home button (no small feat) is required in order to replace the screen."

Boeing's promised software fix for its 737 Max planes involved in two deadly crashes since October has been pushed back several weeks after an internal review by engineers not connected to the aircraft raised additional safety questions. "The results of the 'non-advocate' review have not been revealed, but the Federal Aviation Administration confirmed on April 1 that the software needed additional work," reports Ars Technica. From the report: "The FAA expects to receive Boeing's final package of its software enhancement over the coming weeks for FAA approval," an FAA spokesperson said in a statement. "Time is needed for additional work by Boeing as the result of an ongoing review of the 737 MAX Flight Control System to ensure that Boeing has identified and appropriately addressed all pertinent issues." Just how far back the delivery of the MCAS patch has been pushed is uncertain. The New York Times reports that the update's schedule has been pushed back "several weeks." And after its delivery, an FAA spokesperson said, "the FAA will subject Boeing's completed submission to a rigorous safety review. The FAA will not approve the software for installation until the agency is satisfied with the submission."

This means it could be months before grounded Boeing 737 MAX aircraft are once again deemed airworthy. And that means more flight cancellations for airlines that have the aircraft in their inventory. Southwest Airlines, Boeing's largest 737 MAX customer, canceled all of its flights dependent on its 34 737 MAX aircraft through April 20 so far -- about 150 flights per day. And Boeing's delivery of new 737 MAX aircraft -- the company's best-seller -- has been indefinitely delayed.

An anonymous reader quotes a report from Ars Technica: Researchers have devised a simple attack that might cause a Tesla to automatically steer into oncoming traffic under certain conditions. The proof-of-concept exploit works not by hacking into the car's onboard computing system. Instead, it works by using small, inconspicuous stickers that trick the Enhanced Autopilot of a Model S 75 into detecting and then following a change in the current lane. Researchers from Tencent's Keen Security Lab recently reverse-engineered several of Tesla's automated processes to see how they reacted when environmental variables changed. One of the most striking discoveries was a way to cause Autopilot to steer into oncoming traffic. The attack worked by carefully affixing three stickers to the road. The stickers were nearly invisible to drivers, but machine-learning algorithms used by by the Autopilot detected them as a line that indicated the lane was shifting to the left. As a result, Autopilot steered in that direction.

The researchers noted that Autopilot uses a variety of measures to prevent incorrect detections. The measures include the position of road shoulders, lane histories, and the size and distance of various object. [A section of the researchers' 37-page report] showed how researchers could tamper with a Tesla's autowiper system to activate wipers on when rain wasn't falling. Unlike traditional autowiper systems -- which use optical sensors to detect moisture -- Tesla's system uses a suite of cameras that feeds data into an artificial intelligence network to determine when wipers should be turned on. The researchers found that -- in much the way it's easy for small changes in an image to throw off artificial intelligence-based image recognition (for instance, changes that cause an AI system to mistake a panda for a gibbon) -- it wasn't hard to trick Tesla's autowiper feature into thinking rain was falling even when it was not. So far, the researchers have only been able to fool autowiper when they feed images directly into the system. Eventually, they said, it may be possible for attackers to display an "adversarial image" that's displayed on road signs or other cars that do the same thing. In a statement, Tesla officials said that the vulnerabilities addressed in the report have been fixed via security update in 2017, "followed by another comprehensive security update in 2018, both of which we released before this group reported this research to us." They added: "The rest of the findings are all based on scenarios in which the physical environment around the vehicle is artificially altered to make the automatic windshield wipers or Autopilot system behave differently, which is not a realistic concern given that a driver can easily override Autopilot at any time by using the steering wheel or brakes and should always be prepared to do so and can manually operate the windshield wiper settings at all times."

An anonymous reader quotes a report from Ars Technica: The FTC can punish U.S. companies for unfair or deceptive practices. But in regard to net neutrality, this simply means that ISPs must disclose any behavior that would have violated the old net neutrality rules. "Under Section 5 of the FTC Act, we may prosecute unfair or deceptive acts or practices... Simply stated, we have a strong interest in ensuring that companies stand by their promises to consumers," FTC Chairman Joseph Simons said. The FTC would review whether ISPs keep their promises just as it reviews whether other companies keep their promises. "We would review ISPs' activities in the same way," Simons said. "For example, we could take action against ISPs if they block applications without adequately disclosing those practices or mislead consumers about what applications they block or how."

How would the FTC handle throttling of websites or online services? Simons explained: "To determine whether particular instances of throttling are deceptive, we would first evaluate what claims an ISP made to consumers about their services and how those claims are supported. We would look closely at any relevant research and evaluate the study's design, scope, and results and consider how a study relates to a particular claim. To evaluate whether a practice was unfair, we would consider whether the alleged throttling had countervailing benefits and whether there were reasonable steps consumers could have taken to avoid it. We would also consider consumer injury, the number of consumers affected, and the need to prevent future misconduct."

An anonymous reader quotes Ars Technica: People who find security vulnerabilities commonly run into difficulties when reporting them to the responsible company. But it's less common for such situations to turn into tense trade-show confrontations -- and competing claims of assault and blackmail. Yet that's what happened when executives at Atrient -- a casino technology firm headquartered in West Bloomfield, Michigan -- stopped responding to two UK-based security researchers who had reported some alleged security flaws. The researchers thought they had reached an agreement regarding payment for their work, but nothing final ever materialized. On February 5, 2019, one of the researchers -- Dylan Wheeler, a 23-year-old Australian living in the UK -- stopped by Atrient's booth at a London conference to confront the company's chief operating officer.

What happened next is in dispute. Wheeler says that Atrient COO Jessie Gill got in a confrontation with him and yanked off his conference lanyard; Gill insists he did no such thing, and he accused Wheeler of attempted extortion.

The debacle culminated in legal threats and a lot of mudslinging, with live play-by-play commentary as it played out on Twitter.
Ars Technica calls the story "practically a case study in the problems that can arise with vulnerability research and disclosure," adding "the vast majority of companies have no clear mechanism for outsiders to share information about security gaps."

A security research director at Rapid7 joked his first reaction was "man, I wish a vendor would punch me for disclosure. Boy, that beats any bug bounty." But they later warned, "It's on us as an industry not only to train corporate America on how to take disclosure, but also we need to do a little more training for people who find these bugs -- especially today, in an era where bug outings are kind of normal now -- to not expect someone to be necessarily grateful when one shows up."

After partnering with HTC to launch the Vive in 2016, Valve has moved ahead with plans to launch its own headset, called the Valve Index, in May 2019. Ars Technica reports: The news came on Friday in the form of a single teaser image, shown above, of a headset with the phrase "Valve Index" written on its front. The front of the headset is flanked by at least two sensors. This shadow-covered hardware matches the leaked headset reported by UploadVR in November of last year. That report hinted to Valve's headset supporting a wider, 135-degree field-of-view (FOV), as opposed to the roughly 110-degree FOV of the original HTC Vive and Oculus Rift.

Valve's dedicated website for the new device includes no other information than the above image and the date "May 2019." It does not include any mention of the new SteamVR Knuckles controllers, which Valve has advertised pretty heavily via developer outreach since their 2016 reveal and a later series of improved prototypes in 2018. This page also doesn't mention a series of three Valve-produced VR games that have been repeatedly advertised by Valve co-founder Gabe Newell since 2017. There's very little information about the headset, but after cranking up the brightness and contrast of the teaser image, Ars Technica's Sam Machkovech was able to find "a series of six dots on one of the headset's surfaces, [...] which may hint to this headset's use of an outside tracking sensor, a la the HTC Vive's infrared trackers." He adds: "Even so, those two giant lenses imply that 'inside-out' tracking, managed entirely by the headset without any extra webcams or sensors, may also be in the cards. Additionally, we can see a giant physical slider, which is likely linked to interpupillary distance (IPD), a precise measurement needed to ensure maximum VR comfort."

After tearing apart Apple's new second-generation AirPods, the repair guide site found that there is no practical way to service or repair them even at a professional shop. They labeled them as "disappointingly disposable." Ars Technica reports: iFixit had to go to almost comical lengths to open the AirPods up, and despite their expertise and tools, the iFixit team was unable to do so without permanently damaging the product. [...] That's disappointing, given that the batteries in the AirPods won't last longer than a few years with heavy use, and they're hard to recycle. Apple does offer to recycle headphones through partners as part of its Apple GiveBack program, but the GiveBack Web portal does not offer a product-specific category for AirPods to consumers like it does with most other Apple products. Consumers may simply select a general "headphones & speakers" category on the site.

The teardown also revealed some differences from the first-generation AirPods. The battery is the same size, but iFixit identified the new, Bluetooth 5-ready H1 chip in the earbuds themselves. The site also found some small differences likely related to Apple's efforts to increase the case's water resistance. For all the details, visit iFixit's teardown page for the product. All told, iFixit gave the AirPods a 0 out of 10 for repairability -- that's low even for Apple products. By contrast, the site also opened up Samsung's Galaxy Buds and gave them a 6 out of 10.

An anonymous reader quotes a report from Ars Technica: Microsoft has removed a trio of references to Markus "Notch" Persson, the creator of Minecraft, from the game's opening menu screen. Random messages known as "splash text" are printed in yellow on this screen, and they used to include "Made by Notch!", "The Work of Notch", and "110813!" (a reference to the day Persson got married), but now all three mentions are gone. Notch is still included in the game's credits, but the change means that Minecraft players will no longer be randomly referenced.

Persson first released the blocky building game in 2009. Five years later, after the game had become a global smash hit, he sold his company Mojang to Microsoft for $2.5 billion, giving Redmond ownership of Minecraft. The references to Notch have remained a feature until their removal in this latest patch. They're reported to have been removed both from the original Java edition played on PCs and the legacy console edition used on PlayStation 4. No official rationale has been offered for the change, but Persson has become something of a polarizing figure on Twitter...

Xiaomi is teasing a new 100W quick-charging solution for mobile phones that can fully charge a large 4,000mAh battery in just 17 minutes. Ars Technica reports: The video shows a charging race between two phones, Xiaomi's unnamed "100W" prototype and a phone with "50W" charging from "Brand O," which looks like it's an Oppo RX17 Pro. I put both of these wattage ratings in quotations because neither phone actually hits its rated charging speed. Xiaomi's video shows a live, in-line power reading, and the "100W" charging shows a sustained ~80W (18V / 4.5A) from about 5-30 percent, with a peak of 88W. The competing 50W Oppo quick-charge solution caps out at around 40W.

Branding aside, what matters is the actual charging speed, and Xiaomi's ability to fully charge a phone battery in 17 minutes is impressive. The test stops when the Xiaomi phone fills up, leaving the Oppo battery stuck at a mere 65 percent. Considering that Xiaomi was charging a 4000mAh battery and that Oppo only had a 3700mAh battery, Xiaomi's solution is about 1.6 times faster than Oppo's quick charge, which is currently the fastest charging scheme on the market. Unfortunately, Xiaomi didn't offer any specifics on how its charging solution works.

The International Energy Agency (IEA) released a report this week saying that in 2018, "global energy-related CO2 emissions rose by 1.7 percent to 33 Gigatonnes." That's the most growth in emissions that the world has seen since 2013. From a report: Coal use contributed to a third of the total increase, mostly from new coal-fired power plants in China and India. This is worrisome because new coal plants have a lifespan of roughly 50 years. But the consequences of climate change are already upon us, and coal's hefty emissions profile compared to other energy sources means that, globally, carbon mitigation is going to be a lot more difficult to tackle than it may look from here in the US.

Even in the US, carbon emissions grew by 3.1 percent in 2018, according to the IEA. (This closely tracks estimates by the Rhodium Group, which released a preliminary report in January saying that US carbon emissions increased by 3.4 percent in 2018.) "By country, China, the United States, and India together accounted for nearly 70 percent of the rise in energy demand," Reuters wrote.

An anonymous reader quotes a report from Ars Technica: Huawei officially announced the Huawei P30 Pro smartphone today. While it has a new Huawei-made SoC, an in-screen optical fingerprint reader, and lots of other high-end features, the highlight is definitely the camera's optical zoom, which is up to a whopping 5x. Not digital zoom. Real, optical zoom. Space, of course, is at a premium in smartphones. Imagine a smartphone sitting face down, and you would have to fit a vertical stack of the display, the CMOS sensor, and the lens all in about an 8mm height. There is just not a lot of room. But what if we didn't have to stack all the components vertically? The trick to Huawei's 5x optical zoom is that it uses a periscope design.

From the outside, it looks like a normal camera setup, albeit with a funky square camera opening. Internally, though, the components make a 90-degree right turn after the lens cover, and the zoom lens components and CMOS sensor are arranged horizontally. Now instead of having to cram a bunch of lenses and the CMOS chip into 8mm of vertical phone space, we have acres of horizontal phone space to play with. We've seen prototypes of periscope cameras from Oppo, but as far as commercial devices go, the Huawei P30 Pro is the first. While the optical zoom is the big new camera feature, there are four total cameras on the back of the P30 Pro. A 40MP main camera, a 20MP wide angle, the 8MP 5X telephoto, and a Time of Flight depth-sensing camera. The main 40MP camera uses a 1/1.7 inch-type sensor that, when measured diagonally, would make it 32 percent larger than the 1/2.55 inch-type sensors in the Galaxy S10 or iPhone XS. The P30 Pro also has a new "RYYB" pixel layout, which swaps out the two green pixels in most CMOS "RGGB" sensors for yellow pixels. "Huawei claims it can capture 40 percent more light, as the yellow filter captures green and red light," Ars Technica reports. "Of course, this will make the color wonky, but Huawei claims it can correct for that in software."

Other specifications include a Kirin 980 octa-core processor with 6GB or 8GB RAM, up to 512GB storage, IP68 water and dust resistance, NFC, wireless charging, 40W wired charging, and a 4,200mAh battery. It starts at a price of $1,125.

The music industry is suing Charter Communications, claiming that the cable Internet provider profits from music piracy by failing to terminate the accounts of subscribers who illegally download copyrighted songs. The lawsuit also complains that Charter helps its subscribers pirate music by selling packages with higher Internet speeds. Ars Technica reports: While the act of providing higher Internet speeds clearly isn't a violation of any law, ISPs can be held liable for their users' copyright infringement if the ISPs repeatedly fail to disconnect repeat infringers. The top music labelsâ"Sony, Universal, Warner, and their various subsidiariesâ"sued Charter Friday in a complaint filed in U.S. District Court in Colorado. While Charter has a copyright policy that says repeat copyright infringers may be disconnected, Charter has failed to disconnect those repeat infringers in practice, the complaint said: "Despite these alleged policies, and despite receiving hundreds of thousands of infringement notices from Plaintiffs, as well as thousands of similar notices from other copyright owners, Charter knowingly permitted specifically identified repeat infringers to continue to use its network to infringe. Rather than disconnect the Internet access of blatant repeat infringers to curtail their infringement, Charter knowingly continued to provide these subscribers with the Internet access that enabled them to continue to illegally download or distribute Plaintiffs' copyrighted works unabated. Charter's provision of high-speed Internet service to known infringers materially contributed to these direct infringements."

The complaint accuses Charter of contributory copyright infringement and vicarious copyright infringement. Music labels asked for statutory damages of up to $150,000 for each work infringed or for actual damages including any profit Charter allegedly made from allowing piracy. The complaint focuses on alleged violations between March 24, 2013 and May 17, 2016. During that time, plaintiffs say they sent infringement notices to Charter that "advised Charter of its subscribers' blatant and systematic use of Charter's Internet service to illegally download, copy, and distribute Plaintiffs' copyrighted music through BitTorrent and other online file-sharing services." The music industry's complaint repeatedly focused on BitTorrent and other peer-to-peer networks, saying that "online piracy committed via BitTorrent is stunning in nature, speed, and scope."

Several major ISPs in Australia temporarily blocked access to 8chan, along with "dozens" of web sites that hosted video of last week's mass shooting in Christchurch New Zealand, Ars Technica reports -- noting that the ISPs acted on their own in response to "community expectations."

Meanwhile, the Wall Street Journal reports that 8chan founder Fredrick Brennan (who "cut ties" with the site in December) is now criticizing 8chan moderators for their slowness in removing posts inciting violence, including last week's post from the Christchurch shooter Brenton Tarrant: Their reluctance to do so, along with the proliferation of posts on 8chan praising Tarrant's actions, have persuaded Brennan that the toxic, white-supremacist culture that lives on parts of the site could someday be linked to another mass shooting....

Brennan, 25 years old, expressed regret that the site had consumed so much of his life. "I didn't spend enough time making friends in real life," he said. High-school events and classes in upstate New York didn't matter to him at all. What mattered was the community of like-minded provocateurs, trolls, libertarians and conservative thinkers he discovered online as a boy and that formed his identity as a young man. "I just feel like I wasted too much time on this stuff," he said.
Washington Post reporter Drew Harwell (in a Post video) argues that 8chan "has grown from this central place for tech libertarians, trolls, just people looking to get a rise out of other people online, and it's really radicalized into this place of overt neo-Nazi, white supremacist, racist, sexist, anti-everything discourse...

"We haven't really reckoned with how to deal with the negative parts of easy and free and anonymous connectivity around the world, and there's no real good mechanism for solving a problem like that."

AmiMoJo shares a report from Ars Technica: The afternoon commute of Reddit user Beastpilot takes him past a stretch of Seattle-area freeway with a carpool lane exit on the left. Last year, in early April, the Tesla driver noticed that Autopilot on his Model X would sometimes pull to the left as the car approached the lane divider -- seemingly treating the space between the diverging lanes as a lane of its own. This was particularly alarming, because just days earlier, Tesla owner Walter Huang had died in a fiery crash after Autopilot steered his Model X into a concrete lane divider in a very similar junction in Mountain View, California.

Beastpilot made several attempts to notify Tesla of the problem but says he never got a response. Weeks later, Tesla pushed out an update that seemed to fix the problem. Then in October, it happened again. Weeks later, the problem resolved itself. This week, he posted dashcam footage showing the same thing happening a third time -- this time with a recently acquired Model 3. "The behavior of the system changes dramatically between software updates," Beastpilot told Ars. "Human nature is, 'if something's worked 100 times before, it's gonna work the 101st time.'" That can lull people into a false sense of security, with potentially deadly consequences.

An anonymous reader quotes a report from Ars Technica: Cable lobbyists don't want to be called cable lobbyists anymore. The nation's top two cable industry lobby groups have both dropped the word "cable" from their names. But the lobby groups' core mission -- the fight against regulation of cable networks -- remains unchanged. The National Cable & Telecommunications Association (NCTA) got things started in 2016 when it renamed itself NCTA-The Internet & Television Association, keeping the initialism but dropping the words it stood for. The group was also known as the National Cable Television Association between 1968 and 2001. The American Cable Association (ACA) is the nation's other major cable lobby. While NCTA represents the biggest companies like Comcast and Charter, the ACA represents small and mid-size cable operators. Today, the ACA announced that it is now called America's Communications Association or "ACA Connects," though the ACA's website still uses the americancable.org domain name.

"The new name reflects a leading position for the association in the fast-growing telecommunications industry, where technology is rapidly changing how information is provided to and used by consumers," the cable lobby said. "It's all about the communications and connections our members provide," said cable lobbyist Matthew Polka, who is CEO of the ACA. The "ACA Connects" moniker "explains what our association and members really do," Polka continued. "We connect, communicate, build relationships and work together with all, and that will never change."

Microsoft is bringing its Windows Defender anti-malware application to macOS -- and more platforms in the future -- as it expands the reach of its Defender Advanced Threat Protection (ATP) platform. From a report: To reflect the new cross-platform nature, the suite is also being renamed to Microsoft Defender ATP, with the individual clients being labelled "for Mac" or "for Windows." macOS malware is still something of a rarity, but it's not completely unheard of. Ransomware for the platform was found in 2016, and in-the-wild outbreaks of other malicious software continue to be found. Apple has integrated some malware protection into macOS, but we've heard from developers on the platform that Mac users aren't always very good at keeping their systems on the latest point release. Further reading: Microsoft launches previews of Windows Virtual Desktop and Defender ATP for Mac.

Back in 2009, the EU's European Commission said Microsoft was harming competition by bundling its browser -- Internet Explorer -- with Windows. Eventually Microsoft and the European Commission settled on the "browser ballot," a screen that would pop up and give users a choice of browsers. Almost 10 years later, the tech industry is going through this again, this time with Google and the EU. After receiving "feedback" from the European Commission, Google announced last night that it would offer Android users in the EU a choice of browsers and search engines. Ars Technica reports: In July, the European Commission found Google had violated the EU's antitrust rules by bundling Google Chrome and Google Search with Android, punishing manufacturers that shipped Android forks, and paying manufacturers for exclusively pre-installing Google Search. Google was fined a whopping $5.05 billion (which it is appealing) and then the concessions started. Google said its bundling of Search and Chrome funded the development and free distribution of Android, so any manufacturer looking to ship Android with unbundled Google apps would now be charged a fee. Reports later pegged this amount as up to $40 per handset.

We don't have many details on exactly how Google's new search and browser picker will work; there's just a single paragraph in the company's blog post. Google says it will "do more to ensure that Android phone owners know about the wide choice of browsers and search engines available to download to their phones. This will involve asking users of existing and new Android devices in Europe which browser and search apps they would like to use."

Microsoft announced its Xcloud game-streaming service last August, with the ambition of streaming console-quality games to gamers wherever they are. Yesterday, Google made its foray into the space with the announcement of Stadia. Google promises that Stadia will be "coming [in] 2019," potentially stealing a march on Xcloud, which is due only to enter public trials this year. But in an internal email sent to rally the troops, Phil Spencer, Microsoft's gaming chief, seemed unsurprised and apparently unconcerned. He wrote: We just wrapped up watching the Google announcement of Stadia as team here at GDC. Their announcement is validation of the path we embarked on two years ago.. Today we saw a big tech competitor enter the gaming market, and frame the necessary ingredients for success as Content, Community and Cloud. There were no big surprises in their announcement although I was impressed by their leveraging of YouTube, the use of Google Assistant and the new WiFi controller.

But I want get back to us, there has been really good work to get us to the position where we are poised to compete for 2 billion gamers across the planet. Google went big today and we have a couple of months until E3 when we will go big. We have to stay agile and continue to build with our customer at the center. We have the content, community, cloud team and strategy, and as I've been saying for a while, it's all about execution. This is even more true today. Energizing times.

Today, Apple will finally begin taking orders for newly refreshed 21- and 27-inch iMacs. The new versions don't change the basic design or add major new features, but they offer substantially faster configuration options for the CPU and GPU. From a report: The 21.5-inch iMac now has a 6-core, eighth-generation Intel CPU option -- up from a maximum of four cores before. The 27-inch now has six cores as the standard configuration, with an optional upgrade to a 3.6GHz, 9th-gen, 8-core Intel Core i9 CPU that Apple claims will double performance over the previous 27-inch iMac. The base 27-inch model has a 3GHz 6-core Intel Core i5 CPU, with intermediate configurations at 3.1GHz and 3.7GHz (both Core i5). The big news is arguably that both sizes now offer high-end, workstation-class Vega-graphics options for the first time. Apple added a similar upgrade option to the 15-inch MacBook Pro late last year. In this case, the 21.6-inch iMac has an option for the 20-compute-unit version of Vega with 4GB of HBM2 video memory. That's the same as the top-end 15-inch MacBook Pro option.

The 27-inch iMac can now be configured with the Radeon Pro Vega 48 with 8GB of HBM2. For reference, the much pricier iMac Pro has Vega 56 and Vega 64 options. Apple claims the Vega 48 will net a 50-percent performance improvement over the Radeon Pro 580, the previous top configuration. Speaking of the previous top configuration, the non-Vega GPU options are the same as what was available yesterday. The only difference is that they now have an "X" affixed to the numbers in their names, per AMD branding conventions -- i.e., Radeon Pro 580X instead of 580. RAM options are the same in terms of volume (up to 32GB for the 21.5-inch and 64GB for the 27-inch), but the DDR4 RAM is slightly faster now, at 2666MHz.

Russian President Vladimir Putin has signed two censorship bills into law Monday. One bans "fake news" while the other makes it illegal to insult public officials. Ars Technica reports on the details: Under one bill, individuals can face fines and jail time if they publish material online that shows a "clear disrespect for society, the state, the official state symbols of the Russian Federation, the Constitution of the Russian Federation, and bodies exercising state power." Insults against Putin himself can be punished under the law, The Moscow Times reports. Punishments can be as high as 300,000 rubles ($4,700) and 15 days in jail.

A second bill subjects sites publishing "unreliable socially significant information" to fines as high as 1.5 million rubles ($23,000). [T]he Russian government has "essentially unconstrained authority to determine that any speech is unacceptable. One consequence may be to make it nearly impossible for individuals or groups to call for public protest activity against any action taken by the state," [analyst Matthew Rojansky told the Post]

Google researcher James Forshaw discovered a new class of vulnerability in Windows before any bug had actually been exploited. The involved parts of the flaw "showed that there were all the basic elements to create a significant elevation of privilege attack, enabling any user program to open any file on the system, regardless of whether the user should have permission to do so," reports Ars Technica. Thankfully, Microsoft said that the flaw was never actually exposed in any public versions of Windows, but said that it will ensure future releases of Windows will not feature this class of elevation of privilege. Peter Bright explains in detail how the flaw works. Here's an excerpt from his report: The basic rule is simple enough: when a request to open a file is being made from user mode, the system should check that the user running the application that's trying to open the file has permission to access the file. The system does this by examining the file's access control list (ACL) and comparing it to the user's user ID and group memberships. However, if the request is being made from kernel mode, the permissions checks should be skipped. That's because the kernel in general needs free and unfettered access to every file. As well as this security check, there's a second distinction made: calls from user mode require strict parameter validation to ensure that any memory addresses being passed in to the function represent user memory rather than kernel memory. Calls from kernel mode don't need that same strict validation, since they're allowed to use kernel memory addresses.

Accordingly, the kernel API used for opening files in NT's I/O Manager component looks to see if the caller is calling from user mode or kernel mode. Then the API passes this information on to the next layer of the system: the Object Manager, which examines the file name and figures out whether it corresponds to a local filesystem, a network filesystem, or somewhere else. The Object manager then calls back in to the I/O Manager, directing the file-open request to the specific driver that can handle it. Throughout this, the indication of the original source of the request -- kernel or user mode -- is preserved and passed around. If the call comes from user mode, each component should perform strict validation of parameters and a full access check; if it comes from kernel mode, these should be skipped. Unfortunately, this basic rule isn't enough to handle every situation. For various reasons, Windows allows exceptions to the basic user-mode/kernel-mode split. Both kinds of exceptions are allowed: kernel code can force drivers to perform a permissions check even if the attempt to open the file originated from kernel mode, and contrarily, kernel code can tell drivers to skip the parameter check even if the attempt to open the file appeared to originate from user mode. This behavior is controlled through additional parameters passed among the various kernel functions and into filesystem drivers: there's the basic user-or-kernel mode parameter, along with a flag to force the permissions check and another flag to skip the parameter validation...

The state of Vermont has agreed to suspend enforcement of its net neutrality law pending the outcome of a lawsuit against the Federal Communications Commission. In October 2018, five industry groups representing major internet providers and cable companies sued Vermont seeking to block a state law barring companies that do not abide by net neutrality rules from receiving state contracts. But, as Ars Technica reports, "the lobby groups and state agreed to delay litigation and enforcement of the Vermont law in a deal that they detailed in a joint court filing yesterday." From the report: The delay will remain in place until after a final decision in the lawsuit seeking to reverse the FCC's net neutrality repeal and the FCC's preemption of state net neutrality laws. Vermont is one of 22 states that sued the FCC in that case in the U.S. Court of Appeals for the District of Columbia Circuit. Tech companies and consumer advocacy groups are also opposing the FCC in the same case. Oral arguments were held last month, and DC Circuit judges will likely issue a decision in the coming months.

An FCC loss in that case could entirely restore federal net neutrality rules, potentially making the Vermont law redundant. But a partial loss for the FCC could leave the federal repeal in place while allowing states to enforce their own net neutrality laws. The Vermont delay would remain in place until after all appeals are exhausted in the FCC case, which could potentially reach the U.S. Supreme Court.

Researchers from Checkpoint Software have identified a massive adware campaign that invaded the Google Play Store with more than 200 highly aggressive apps that were collectively downloaded almost 150 million times. "The 210 apps discovered by researchers from security firm Checkpoint Software bombarded users with ads, even when an app wasn't open," reports Ars Technica. "The apps also had the ability to carry out spearphishing attacks by causing a browser to open an attacker-chosen URL and open the apps for Google Play and third-party market 9Apps with a specific keyword search or a specific application's page. The apps reported to a command-and-control server to receive instructions on which commands to carry out." From the report: Once installed, the apps installed code that allowed them to perform actions as soon as the device finished booting or while the user was using the device. The apps also could remove their icon from the device launcher to make it harder for users to uninstall the nuisance apps. The apps all used a software development kit called RXDrioder, which Checkpoint researchers believe concealed its abusive capabilities from app developers. The researchers dubbed the campaign SimBad, because many of the participating apps are simulator games.

"With the capabilities of showing out-of-scope ads, exposing the user to other applications, and opening a URL in a browser, SimBad acts now as an Adware, but already has the infrastructure to evolve into a much larger threat," Checkpoint researchers wrote. The top 14 apps were collectively downloaded a whopping 75 million times, with the No. 1 app receiving 10 million installs and the next 13 getting 5 million downloads each. The next 53 each received 1 million downloads. The remainder received 500,000 or fewer downloads each. Checkpoint has a full list of all the apps here.

An anonymous reader quotes a report from Ars Technica: The Federal Aviation Administration issued an emergency order grounding all Boeing 737 MAX aircraft on March 13, citing new data that showed a possible link between the March 10 crash of an Ethiopian Airlines flight and the crash of a Lion Air flight off the coast of Indonesia last October. In an interview with NPR's David Greene this morning, acting FAA Director Dan Ewell said that "newly refined satellite data" from a flight telemetry system had led the agency to make the move. Both Ethiopian Airlines Flight 302 (ET302) and Lion Air Flight 610 (JT610) were recently acquired 737 MAX 8 aircraft, and both were lost with all aboard just minutes after take-off. According to the emergency order issued by the FAA, "new information from the wreckage concerning the aircraft's configuration just after takeoff that, taken together with newly refined data from satellite-based tracking of the aircraft's flight path, indicates some similarities between the ET302 JT610 accidents that warrant further investigation of the possibility of a shared cause for the two incidents that needs to be better understood and addressed."

The source of the data in question is a combination of telemetry feeds from the flights' Automatic Dependent Surveillance(ADS) system. Introduced in the US in 2001 and more widely worldwide in the wake of the crash of Malaysian Airlines flight 370 in 2014, Europe has required most aircraft to carry the UHF-band ADS-Broadcast (ADS-B) system since 2017, and the FAA has mandated ADS-B for most aircraft by 2020. While ADS-B data was initially meant to be picked up by other aircraft and ground stations, it is also tracked by satellites. Other, less-granular telemetry data sent in the subscription-based ADS-addressed/Contract (ADS-A/ADS-C) format, the Future Air Navigation System(FANS), and the Aircraft Communications Addressing and Reporting System (ACARS) are also picked up by satellite.

DarkRookie2 shares a report from Ars Technica: After a seemingly endless run of rumors, the news Halo fans have been waiting for is here: the series is finally coming back to PC, and in pretty big fashion. Halo: The Master Chief Collection will arrive on Windows PCs "later this year," according to the official Halo Waypoint site, and fans will be able to buy the collection either via Steam or the Windows Store. (Anybody who's dealt with Windows 10's UWP woes will appreciate this rare example of Microsoft launching one of its first-party games on Steam at the same time as Windows Store, as opposed to delaying a Steam version for a few months.)

The game's listing confirms that PC gamers can look forward to full mouse-and-keyboard control support, along with support for resolutions up to 4K and an HDR toggle. Whether this version will also include the kinds of tweaks that hardcore PC gamers crave -- including ultra-widescreen ratios, higher frame rates, and fully remappable controls -- remains to be seen. We highly doubt Microsoft will include official mod support beyond letting players use individual games' built-in "Forge" creation tools. Halo Reach will also join the MCC when it launches on PC. Unfortunately, there's no word on cross-platform play.

New Mexico's state House of Representatives passed the "Energy Transition Act" on Tuesday, where it's expected to be signed quickly by Governor Michelle Lujan Grisham. The bill "commits the state to getting 100 percent of its energy from carbon-free sources by 2045," reports Ars Technica. From the report: The bill includes interim goals mandating that 50 percent of the state's energy mix be renewable by 2030 and 80 percent of the energy mix be renewable by 2040. The state currently buys no nuclear power, which is not renewable but qualifies as a zero-carbon energy source. The bill passed yesterday does not require that 100 percent of the state's energy be renewable by 2045; it just specifies that no electricity come from a carbon-emitting source.

New Mexico is unique among these states because it is a relatively coal-heavy state, generating 1.5 gigawatts of coal-fired electricity as of November 2018. Last month, the state's Public Service Company of New Mexico had slated its 847MW San Juan coal plant for shut down by 2022, but a New York hedge fund called Acme Equities swooped in with an offer to buy the 46-year-old plant. According to Power Magazine, Acme intends to retrofit the plant with carbon capture and sequestration technology. If the deal goes through, Acme would use the captured carbon in enhanced oil recovery, where carbon is forced into older or weak oil wells to improve the pressure of the well and extract more oil. But with the passage of this bill, Acme's offer may not stand. New Mexico In Depth writes that the bill puts "$30 million toward the clean-up of the [San Juan] coal-fired power plant and the mine that supplies it and $40 million toward economic diversification efforts in that corner of the state and support for affected power plant employees and miners."

An anonymous reader quotes a report from Ars Technica: A report from Business Insider claims that Google has axed "dozens" of employees from its laptop and tablet division. BI's sources describe the move as "roadmap cutbacks" and also say that Google will likely "pare down the portfolio" in the future. Google's Hardware division is run by Rick Osterloh and is expected to launch a game streaming console later this month. The division is responsible for the Pixel phones, Google Home speakers, the Chromecast, Google Wi-Fi, and lately, the Nest smart home division.

You could also call the "laptop and tablet" division the "Chrome OS" division. Both the Pixelbook and Pixel Slate ran Chrome OS, and they are the company's only products supporting that operating system. Is Chrome OS going to be OK? BI notes that manufacturing roles in the hardware division haven't changed, so in the short-term, Google's product lineup is likely to keep going. The report says that Google had "a bunch of stuff in the works" that now probably won't see the light of day. The move comes after the group received pressure to turn Google Hardware into "a real business" from higher-ups at Google/Alphabet. It's easy to imagine that the laptops and tablets -- which are Google Hardware's most expensive products -- were selling the worst.

An anonymous reader quotes a report from Ars Technica: Comedian John Oliver is taking aim at the Federal Communications Commission again, this time demanding action on robocalls while unleashing his own wave of robocalls against FCC commissioners. In a 17-minute segment yesterday on HBO's Last Week Tonight, Oliver described the scourge of robocalls and blamed Pai for not doing more to stop them. Oliver ended the segment by announcing that he and his staff are sending robocalls every 90 minutes to all five FCC commissioners. "Hi FCC, this is John from customer service," Oliver's recorded voice says on the call. "Congratulations, you've just won a chance to lower robocalls in America today... robocalls are incredibly annoying, and the person who can stop them is you! Talk to you again in 90 minutes -- here's some bagpipe music."

When it came to robocalling the FCC, Oliver didn't need viewers' help. "This time, unlike our past encounters [with the FCC], I don't need to ask hordes of real people to bombard [the FCC] with messages, because with the miracle of robocalling, I can now do it all by myself," Oliver said. "It turns out robocalling is so easy, it only took our tech guy literally 15 minutes to work out how to do it," Oliver also said. He noted that "phone calls are now so cheap and the technology so widely available that just about everyone has the ability to place a massive number of calls." Under U.S. law, political robocalls to landline telephones are allowed without prior consent from the recipient. Such calls to cell phones require the called party's prior express consent, but Oliver presumably directed his robocalls to the commissioners' office phones. Oliver told the FCC commissioners: "if you want to tell us that you don't consent to be robocalled, that's absolutely no problem. Just write a certified letter to the address we buried somewhere within the first chapter of Moby Dick that's currently scrolling up the screen... find the address, write us a letter, and we'll stop the calls immediately."

"Japanese police have brought in, questioned, and charged a 13-year-old female student from the city of Kariya for sharing [links to] browser exploit code online," writes ZDNet. An anonymous reader shares their report: The code was a mere prank that triggered an infinite loop in JavaScript to show an "unclosable" popup when users accessed a certain link, Japanese news agency NHK reported yesterday. The popup could be closed in some browsers -- such as Edge and Firefox on desktop -- but couldn't be closed in others, such as Chrome on desktop and the majority of mobile browsers.

The popup was hosted in several places online, and police say the teenager helped spread the links... The teenage girl did not create the malicious code, which had been shared on online forums by multiple users for the past few years. NHK reported that police also searched the house of a second suspect, 47-year-old man from Yamaguchi, and are also looking at three other suspects for the same "crime" of sharing the link on internet forums.
Ars Technica found a tweet suggesting that the code was actually written in 2014.

An anonymous reader quotes a report from Ars Technica: Pai's claim was questionable from the beginning, as we detailed last month. The Federal Communications Commission data cited by Chairman Pai merely showed that deployment continued at about the same rate seen during the Obama administration. Despite that, Pai claimed that new broadband deployed in 2017 was made possible by the FCC "removing barriers to infrastructure investment." But even the modest gains cited by Pai rely partly on the implausible claims of one ISP that apparently submitted false broadband coverage data to the FCC, advocacy group Free Press told the FCC in a filing this week.

The FCC data is based on Form 477 filings made by ISPs from around the country. A new Form 477 filer called Barrier Communications Corporation, doing business as BarrierFree, suddenly "claimed deployment of fiber-to-the-home and fixed wireless services (each at downstream/upstream speeds of 940mbps/880mbps) to census blocks containing nearly 62 million persons," Free Press Research Director Derek Turner wrote. "This claimed level of deployment stood out to us for numerous reasons, including the impossibility of a new entrant going from serving zero census blocks as of June 30, 2017, to serving nearly 1.5 million blocks containing nearly 20 percent of the U.S. population in just six months time," Turner wrote. "We further examined the underlying Form 477 data and discovered that BarrierFree appears to have simply submitted as its coverage area a list of every single census block in each of eight states in which it claimed service: CT, DC, MD, NJ, NY, PA, RI, and VA." In reality, BarrierFree's website doesn't market any fiber-to-the-home service, and it advertises wireless home Internet speeds of up to just 25mbps, Free Press noted. BarrierFree appears to have ignored the FCC's instructions to report service only in census blocks in which an ISP currently offers service and instead simply "listed every single census block located in eight of the states in which it's registered as a CLEC [competitive local exchange carrier]."

As a result of BarrierFree's claimed level of deployment, it skewed the FCC's overall data significantly. "Pai claimed that the number of Americans lacking access to fixed broadband with speeds of at least 25Mbps down and 3Mbps up 'has dropped by over 25 percent, from 26.1 million Americans at the end of 2016 to 19.4 million at the end of 2017,'" reports Ars. "With BarrierFree's erroneous filing removed, 'the number of Americans lacking access to a fixed broadband connection at the 25Mbps/3Mbps threshold declined to 21.3 million, not 19.4 million,' Free Press wrote."

An anonymous reader quotes a report from Ars Technica: Pai's claim was questionable from the beginning, as we detailed last month. The Federal Communications Commission data cited by Chairman Pai merely showed that deployment continued at about the same rate seen during the Obama administration. Despite that, Pai claimed that new broadband deployed in 2017 was made possible by the FCC "removing barriers to infrastructure investment." But even the modest gains cited by Pai rely partly on the implausible claims of one ISP that apparently submitted false broadband coverage data to the FCC, advocacy group Free Press told the FCC in a filing this week.

The FCC data is based on Form 477 filings made by ISPs from around the country. A new Form 477 filer called Barrier Communications Corporation, doing business as BarrierFree, suddenly "claimed deployment of fiber-to-the-home and fixed wireless services (each at downstream/upstream speeds of 940mbps/880mbps) to census blocks containing nearly 62 million persons," Free Press Research Director Derek Turner wrote. "This claimed level of deployment stood out to us for numerous reasons, including the impossibility of a new entrant going from serving zero census blocks as of June 30, 2017, to serving nearly 1.5 million blocks containing nearly 20 percent of the U.S. population in just six months time," Turner wrote. "We further examined the underlying Form 477 data and discovered that BarrierFree appears to have simply submitted as its coverage area a list of every single census block in each of eight states in which it claimed service: CT, DC, MD, NJ, NY, PA, RI, and VA." In reality, BarrierFree's website doesn't market any fiber-to-the-home service, and it advertises wireless home Internet speeds of up to just 25mbps, Free Press noted. BarrierFree appears to have ignored the FCC's instructions to report service only in census blocks in which an ISP currently offers service and instead simply "listed every single census block located in eight of the states in which it's registered as a CLEC [competitive local exchange carrier]."

As a result of BarrierFree's claimed level of deployment, it skewed the FCC's overall data significantly. "Pai claimed that the number of Americans lacking access to fixed broadband with speeds of at least 25Mbps down and 3Mbps up 'has dropped by over 25 percent, from 26.1 million Americans at the end of 2016 to 19.4 million at the end of 2017,'" reports Ars. "With BarrierFree's erroneous filing removed, 'the number of Americans lacking access to a fixed broadband connection at the 25Mbps/3Mbps threshold declined to 21.3 million, not 19.4 million,' Free Press wrote."

An anonymous reader quotes a report from Ars Technica: Disney is rapidly preparing to launch its own streaming service, dubbed Disney+, later this year. While the debut date is still unknown, we now know that the service will include the entire Disney movie library shortly after the service launches. According to a report in Polygon, Disney CEO Bob Iger explained the strategy to investors at a meeting in St. Louis, Missouri, pointing at the retirement of Disney's longstanding "vault." "The service... is going to combine what we call library product, movies, and television, with a lot of original product as well, movies and television," Iger said. "And at some point fairly soon after launch, it will house the entire Disney motion picture library, so the movies that you speak of that traditionally have been kept in a 'vault' and brought out basically every few years will be on the service. And then, of course, we're producing a number of original movies and original television shows as well that will be Disney-branded."

The Disney Vault has been a marketing and sales strategy for years. After a film's initial release run, Disney would sequester the title in its vault for a long period of time. That meant that customers who didn't buy a physical copy of the movie immediately would be out of luck until Disney brought it out of the vault as a new edition or a special release run. This strategy allowed Disney to control film sales and drum up anticipation for titles that were coming out of the vault once the company decided the time was right. But it also frustrated customers who ended up paying high prices for copies of movies that were widely unavailable during their vault stints. This exclusivity will be an important factor for Disney as it competes with other streaming giants like Netflix, Hulu, and Amazon Prime Video.