Slashdot Mirror

An anonymous reader quotes a report from Ars Technica: To further increase its enterprise appeal, Chrome 63 -- which hit the browser's stable release channel yesterday -- includes a couple of new security enhancements aimed particularly at the corporate market. The first of these is site isolation, an even stricter version of the multiple process model that Chrome has used since its introduction. Chrome uses multiple processes for several security and stability reasons. On the stability front, the model means that even if a single tab crashes, other tabs (and the browser itself) are unaffected. On the security front, the use of multiple processes makes it much harder for malicious code from one site to steal secrets (such as passwords typed into forms) of another. [...]

Naturally, this greater use of multiple processes incurs a price; with this option enabled, Chrome's already high memory usage can go up by another 15 to 20 percent. As such, it's not enabled by default; instead, it's intended for use by enterprise users that are particularly concerned about organizational security. The other new capability is the ability for administrators to block extensions depending on the features those extensions need to use. For example, an admin can block any extension that tries to use file system access, that reads or writes the clipboard, or that accesses the webcam or microphone. Additionally, Google has started to deploy TLS 1.3, the latest version of Transport Layer Security, the protocol that enables secure communication between a browser and a Web server. In Chrome 63, this is only enabled between Chrome and Gmail; in 2018, it'll be turned on more widely.

ArsTechnica staff took to the streets in Washington DC, New York, and San Francisco to capture rallies in support for net neutrality, a week before the FCC is scheduled to take a historic vote rolling back network neutrality regulations. From their report: Protestors say those regulations, which were enacted by the Obama FCC in 2015, are crucial for protecting an open Internet. Organizers chose to hold most of the protests outside of Verizon cell phone stores. Ajit Pai, the FCC Chairman who is leading the agency's charge to repeal network neutrality, is a former Verizon lawyer, and Verizon has been a critic of the Obama network neutrality rules. The protest that got the most attention from FCC decision makers took place on Thursday evening in Washington DC. The FCC was holding a dinner event at the Hilton on Connecticut Avenue, just north of the city's Dupont Circle area. Protestors gathered on the street corner outside the hotel, waving pro-net neutrality posters to traffic, blaring chants, projecting pro-net neutrality messages on a building across the street, and telling personal stories about what net neutrality meant to them via a megaphone. The FCC's two Democratic commissioners also joined the demonstration, Mignon Clyburn and Jessica Rosenworcel. They both gave brief speeches to the protestors, rallying for the cause and discussing the importance of a neutral Internet.

In 2015, the Federal Communications Commission forced ISPs to be more transparent with customers about hidden fees and the consequences of exceeding data caps. Since the requirements were part of the net neutrality rules, they will be eliminated when the FCC votes to repeal the rules next week. Ars Technica reports: While FCC Chairman Ajit Pai is proposing to keep some of the commission's existing disclosure rules and to impose some new disclosure requirements, ISPs won't have to tell consumers exactly what everything will cost when they sign up for service. There have been two major versions of the FCC's transparency requirements: one created in 2010 with the first net neutrality rules, and an expanded version created in 2015. Both sets of transparency rules survived court challenges from the broadband industry. The 2010 requirement had ISPs disclose pricing, including "monthly prices, usage-based fees, and fees for early termination or additional network services." That somewhat vague requirement will survive Pai's net neutrality repeal. But Pai is proposing to eliminate the enhanced disclosure requirements that have been in place since 2015. Here are the disclosures that ISPs currently have to make -- but won't have to after the repeal:

-Price: the full monthly service charge. Any promotional rates should be clearly noted as such, specify the duration of the promotional period and the full monthly service charge the consumer will incur after the expiration of the promotional period.
-Other Fees: all additional one time and/or recurring fees and/or surcharges the consumer may incur either to initiate, maintain, or discontinue service, including the name, definition, and cost of each additional fee. These may include modem rental fees, installation fees, service charges, and early termination fees, among others.
-Data Caps and Allowances: any data caps or allowances that are a part of the plan the consumer is purchasing, as well as the consequences of exceeding the cap or allowance (e.g., additional charges, loss of service for the remainder of the billing cycle).

Pai's proposed net neutrality repeal says those requirements and others adopted in 2015 are too onerous for ISPs.

An anonymous reader quotes a report from Ars Technica: On Wednesday, a U.S. District judge in Detroit sentenced Oliver Schmidt, a former Volkswagen executive, to seven years in prison for his role in the Volkswagen diesel emissions scandal of 2015. Schmidt was also ordered to pay a criminal penalty of $400,000, according to a U.S. Department of Justice (DOJ) press release. The prison term and the fine together represent the maximum sentence that Schmidt could have received under the plea deal he signed in August. Schmidt, a German citizen who lived in Detroit as an emissions compliance executive for VW, was arrested in Miami on vacation last January. In August, he pleaded guilty to conspiracy and to making a false statement under the Clean Air Act. Schmidt's plea deal stated that the former executive could face up to seven years in prison and between $40,000 and $400,000 in fines.

Last week, Schmidt's attorneys made a last-minute bid requesting a lighter sentence for Schmidt: 40 months of supervised release and a $100,000 fine. Schmidt also wrote a letter to the judge, which surfaced over the weekend, in which the executive said he felt "misused" by his own company and claimed that higher-ranked VW executives coached him on a script to help him lie to a California Air Resources Board (CARB) official. Instead, Schmidt was sentenced to the maximum penalties outlined in the plea deal. Only one other VW employee has been sentenced in connection with the emissions scandal: former engineer James Liang, who received 40 months in prison and two years of supervised release as the result of his plea deal. Although six other VW Group executives have been indicted, none is in U.S. custody.

An anonymous reader quotes a report from Ars Technica: American victims of mysterious attacks in Cuba have abnormalities in their brains' white matter, according to new medical testing reported by the Associated Press. But, so far, it's unclear how or if the white-matter anomalies seen in the victims relate to their symptoms. White matter is made up of dense nerve fibers that connect neurons in different areas of the brain, forming networks. It gets its name from the light-colored electrical insulation, myelin, that coats the fibers. Overall, the tissue is essential for rapidly transmitting brain signals critical for learning and cognitive function.

In August, U.S. authorities first acknowledged that American diplomats and their spouses stationed in Havana, Cuba, had been the targets of puzzling attacks for months. The attacks were carried out by unknown agents and for unknown reasons, using a completely baffling weaponry. The attacks were sometimes marked by bizarrely targeted and piercing noises or vibrations, but other times they were completely imperceptible. Victims complained of a range of symptoms, including dizziness, nausea, headaches, balance problems, ringing in the ears (tinnitus), nosebleeds, difficulty concentrating and recalling words, permanent hearing loss, and speech and vision problems. Doctors have also identified mild brain injuries, including swelling and concussion. U.S. officials now report that 24 Americans were injured in the attacks but wouldn't comment on how many showed abnormalities in their white matter.

An anonymous reader quotes a report from Ars Technica: The Securities and Exchange Commission on Monday announced that it was taking action against an initial coin offering (ICO) that the SEC alleges is fraudulent. The announcement represents the first enforcement action by the SEC's recently created cyber fraud unit. In July, the agency fired a warning shot. It announced that a 2016 fundraising campaign had run afoul of securities law, but that the SEC would decline to prosecute those responsible. The hope was to get the cryptocurrency world to take securities laws more seriously without doing anything drastic. Now the SEC is taking the next step by prosecuting what it considers to be one of the most egregious scams in the ICO world. The SEC's complaint, filed in federal court in New York, is against Dominic Lacroix, whom the SEC describes as a "recidivist securities law violator." The SEC considers Lacroix's cryptocurrency project, PlexCoin, to be a "fast-moving Initial Coin Offering (ICO) fraud that raised up to $15 million from thousands of investors since August by falsely promising a 13-fold profit in less than a month." The PlexCoin website has a hilariously vague description of this supposedly revolutionary cryptocurrency. "The PlexCoin's new revolutionary operating structure is safer and much easier to use than any other current cryptocurrency," the site proclaims. "One of the many features of PlexBank will be to secure your cryptocurrency from market variation, which is highly volatile, and invest your money in a place where you can get interesting guaranteed returns." According to Ars, "The SEC isn't impressed and is arguing that PlexCoin has 'all of the characteristics of a full-fledged cyber scam.' The agency is seeking to freeze the assets of the PlexCoin project in hopes of getting investors' funds back to them."

"Cloudflare CEO Matthew Prince hated cutting off service to the infamous neo-Nazi site the Daily Stormer in August," reports Ars Technica. "And he's determined not to do it again. 'I'm almost a free-speech absolutist.' Prince said at an event at the New America Foundation last Wednesday. But in a subsequent interview with Ars, Prince argued that in the case of the Daily Stormer, the company didn't have much choice." From the report: Prince's response was to cut Daily Stormer off while laying the groundwork to make sure he'd never have to make a decision like that again. In a remarkable company-wide email sent shortly after the decision, Prince described his own actions as "arbitrary" and "dangerous." "I woke up this morning in a bad mood and decided to kick them off the Internet," Prince wrote in August. "It was a decision I could make because I'm the CEO of a major Internet infrastructure company." He argued that "it's important that what we did today not set a precedent." Prior to August, Cloudflare had consistently refused to police content published by its customers. Last week, Prince made a swing through DC to help ensure that the Daily Stormer decision does not, in fact, set a precedent. He met with officials from the Federal Communications Commission and with researchers at the libertarian Cato Institute and the left-of-center New America Foundation -- all in an effort to ensure that he'd have the political cover he needed to say no next time he came under pressure to take down controversial content.

The law is strongly on Cloudflare's side here. Internet infrastructure providers like Cloudflare have broad legal immunity for content created by their customers. But legal rights may not matter if Cloudflare comes under pressure from customers to take down content. And that's why Prince is working to cultivate a social consensus that infrastructure providers like Cloudflare should not be in the censorship business -- no matter how offensive its customers' content might be.

"Cloudflare CEO Matthew Prince hated cutting off service to the infamous neo-Nazi site the Daily Stormer in August," reports Ars Technica. "And he's determined not to do it again. 'I'm almost a free-speech absolutist.' Prince said at an event at the New America Foundation last Wednesday. But in a subsequent interview with Ars, Prince argued that in the case of the Daily Stormer, the company didn't have much choice." From the report: Prince's response was to cut Daily Stormer off while laying the groundwork to make sure he'd never have to make a decision like that again. In a remarkable company-wide email sent shortly after the decision, Prince described his own actions as "arbitrary" and "dangerous." "I woke up this morning in a bad mood and decided to kick them off the Internet," Prince wrote in August. "It was a decision I could make because I'm the CEO of a major Internet infrastructure company." He argued that "it's important that what we did today not set a precedent." Prior to August, Cloudflare had consistently refused to police content published by its customers. Last week, Prince made a swing through DC to help ensure that the Daily Stormer decision does not, in fact, set a precedent. He met with officials from the Federal Communications Commission and with researchers at the libertarian Cato Institute and the left-of-center New America Foundation -- all in an effort to ensure that he'd have the political cover he needed to say no next time he came under pressure to take down controversial content.

The law is strongly on Cloudflare's side here. Internet infrastructure providers like Cloudflare have broad legal immunity for content created by their customers. But legal rights may not matter if Cloudflare comes under pressure from customers to take down content. And that's why Prince is working to cultivate a social consensus that infrastructure providers like Cloudflare should not be in the censorship business -- no matter how offensive its customers' content might be.

"Cloudflare CEO Matthew Prince hated cutting off service to the infamous neo-Nazi site the Daily Stormer in August," reports Ars Technica. "And he's determined not to do it again. 'I'm almost a free-speech absolutist.' Prince said at an event at the New America Foundation last Wednesday. But in a subsequent interview with Ars, Prince argued that in the case of the Daily Stormer, the company didn't have much choice." From the report: Prince's response was to cut Daily Stormer off while laying the groundwork to make sure he'd never have to make a decision like that again. In a remarkable company-wide email sent shortly after the decision, Prince described his own actions as "arbitrary" and "dangerous." "I woke up this morning in a bad mood and decided to kick them off the Internet," Prince wrote in August. "It was a decision I could make because I'm the CEO of a major Internet infrastructure company." He argued that "it's important that what we did today not set a precedent." Prior to August, Cloudflare had consistently refused to police content published by its customers. Last week, Prince made a swing through DC to help ensure that the Daily Stormer decision does not, in fact, set a precedent. He met with officials from the Federal Communications Commission and with researchers at the libertarian Cato Institute and the left-of-center New America Foundation -- all in an effort to ensure that he'd have the political cover he needed to say no next time he came under pressure to take down controversial content.

The law is strongly on Cloudflare's side here. Internet infrastructure providers like Cloudflare have broad legal immunity for content created by their customers. But legal rights may not matter if Cloudflare comes under pressure from customers to take down content. And that's why Prince is working to cultivate a social consensus that infrastructure providers like Cloudflare should not be in the censorship business -- no matter how offensive its customers' content might be.

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission will move ahead with its vote to kill net neutrality rules next week despite an unresolved court case that could strip away even more consumer protections. FCC Chairman Ajit Pai says that net neutrality rules aren't needed because the Federal Trade Commission can protect consumers from broadband providers. But a pending court case involving AT&T could strip the FTC of its regulatory authority over AT&T and similar ISPs. A few dozen consumer advocacy groups and the City of New York urged Pai to delay the net neutrality-killing vote in a letter today. If the FCC eliminates its rules and the court case goes AT&T's way, there would be a "'regulatory gap' that would leave consumers utterly unprotected," the letter said. When contacted by Ars, Pai's office issued this statement in response to the letter: "This is just evidence that supporters of heavy-handed Internet regulations are becoming more desperate by the day as their effort to defeat Chairman Pai's plan to restore Internet freedom has stalled. The vote will proceed as scheduled on December 14."

An anonymous reader quotes Ars Technica's report on Russia's failed attempt to launch 19 satellites into orbit on Tuesday: Instead of boosting its payload, the Soyuz 2.1b rocket's Fregat upper stage fired in the wrong direction, sending the satellites on a suborbital trajectory instead, burning them up in Earth's atmosphere... According to normally reliable Russian Space Web, a programming error caused the Fregat upper stage, which is the spacecraft on top of the rocket that deploys satellites, to be unable to orient itself. Specifically, the site reports, the Fregat's flight control system did not have the correct settings for a mission launching from the country's new Vostochny cosmodrome. It evidently was still programmed for Baikonur, or one of Russia's other spaceports capable of launching the workhorse Soyuz vehicle. Essentially, then, after the Fregat vehicle separated from the Soyuz rocket, it was unable to find its correct orientation. Therefore, when the Fregat first fired its engines to boost the satellites into orbit, it was still trying to correct this orientation -- and was in fact aimed downward toward Earth. Though the Fregat space tug has been in operation since the 1990s, this is its fourth failure -- all of which have happened within the last 8 years.

"In each of the cases, the satellite did not reach its desired orbit," reports Ars Technica, adding "As the country's heritage rockets and upper stages continue to age, the concern is that the failure rate will increase."

An anonymous reader quotes Ars Technica's report on Russia's failed attempt to launch 19 satellites into orbit on Tuesday: Instead of boosting its payload, the Soyuz 2.1b rocket's Fregat upper stage fired in the wrong direction, sending the satellites on a suborbital trajectory instead, burning them up in Earth's atmosphere... According to normally reliable Russian Space Web, a programming error caused the Fregat upper stage, which is the spacecraft on top of the rocket that deploys satellites, to be unable to orient itself. Specifically, the site reports, the Fregat's flight control system did not have the correct settings for a mission launching from the country's new Vostochny cosmodrome. It evidently was still programmed for Baikonur, or one of Russia's other spaceports capable of launching the workhorse Soyuz vehicle. Essentially, then, after the Fregat vehicle separated from the Soyuz rocket, it was unable to find its correct orientation. Therefore, when the Fregat first fired its engines to boost the satellites into orbit, it was still trying to correct this orientation -- and was in fact aimed downward toward Earth. Though the Fregat space tug has been in operation since the 1990s, this is its fourth failure -- all of which have happened within the last 8 years.

"In each of the cases, the satellite did not reach its desired orbit," reports Ars Technica, adding "As the country's heritage rockets and upper stages continue to age, the concern is that the failure rate will increase."

An anonymous reader quotes Ars Technica: Previously, SpaceX founder Elon Musk has said he intends to launch the "silliest thing we can imagine" on the maiden launch of the Falcon Heavy. This is partly because the rocket is experimental -- there is a non-trivial chance the rocket will explode on the launch pad, or shortly after launch. It is also partly because Musk is a master showman who knows how to grab attention. On Friday evening, Musk tweeted what that payload would be -- his "midnight cherry Tesla Roadster."

And the car will be playing Space Oddity, by David Bowie; the song which begins, "Ground Control to Major Tom." Oh, and the powerful Falcon Heavy rocket will send the Tesla into orbit around Mars. "Will be in deep space for a billion years or so if it doesn't blow up on ascent," Musk added. Ars was able to confirm Friday night from a company source that this is definitely a legitimate payload. Earlier on Friday, Musk also said the Falcon Heavy launch would come "next month" from Launch Pad 39A at Kennedy Space Center in Florida, meaning in January.
"No private company has ever launched a spacecraft beyond low-Earth orbit, let alone to another planet," according to the article, adding that SpaceX's new rocket "could play a major role in any plans the agency has to send humans to the Moon." In addition, Musk added on Twitter, "Red car for a red planet."

UPDATE (12/2/17): Saturday Elon Musk told The Verge that he "totally made it up" about sending a Tesla Roadster to Mars. Then in "multiple emails" to Ars Technica --- sent Saturday afternoon -- "Musk confirmed that this plan is, indeed, real."

An anonymous reader quotes Ars Technica: Previously, SpaceX founder Elon Musk has said he intends to launch the "silliest thing we can imagine" on the maiden launch of the Falcon Heavy. This is partly because the rocket is experimental -- there is a non-trivial chance the rocket will explode on the launch pad, or shortly after launch. It is also partly because Musk is a master showman who knows how to grab attention. On Friday evening, Musk tweeted what that payload would be -- his "midnight cherry Tesla Roadster."

And the car will be playing Space Oddity, by David Bowie; the song which begins, "Ground Control to Major Tom." Oh, and the powerful Falcon Heavy rocket will send the Tesla into orbit around Mars. "Will be in deep space for a billion years or so if it doesn't blow up on ascent," Musk added. Ars was able to confirm Friday night from a company source that this is definitely a legitimate payload. Earlier on Friday, Musk also said the Falcon Heavy launch would come "next month" from Launch Pad 39A at Kennedy Space Center in Florida, meaning in January.
"No private company has ever launched a spacecraft beyond low-Earth orbit, let alone to another planet," according to the article, adding that SpaceX's new rocket "could play a major role in any plans the agency has to send humans to the Moon." In addition, Musk added on Twitter, "Red car for a red planet."

UPDATE (12/2/17): Saturday Elon Musk told The Verge that he "totally made it up" about sending a Tesla Roadster to Mars. Then in "multiple emails" to Ars Technica --- sent Saturday afternoon -- "Musk confirmed that this plan is, indeed, real."

An anonymous reader quotes a report from Ars Technica: A 60-year-old electrician in Perth, Western Australia had his termination upheld by a labor grievance commission when it was determined he had been abusing his position and technical knowledge to squeeze in some recreation during working hours. Tom Colella used mylar snack bags to block GPS tracking via his employer-assigned personal digital assistant to go out to play a round of golf -- more than 140 times -- while he reported he was offsite performing repairs.

In his finding against Colella, Australia Fair Work Commissioner Bernie Riordan wrote: "I have taken into account that Mr Colella openly stored his PDA device in an empty foil 'Twisties' bag. As an experienced electrician, Mr Colella knew that this bag would work as a faraday cage, thereby preventing the PDA from working properly -- especially the provision of regular GPS co-ordinate updates Mr. Colella went out of his way to hide his whereabouts. He was concerned about Aroona tracking him when the Company introduced the PDA into the workplace. He protested about Aroona having this information at that time. Mr Colella then went out of his way to inhibit the functionality of the PDA by placing it in a foil bag to create a faraday cage."

An anonymous reader quotes a report from Ars Technica: On Wednesday, the city of Chicago opened a Request for Qualifications (RFQ) for an express train that would take passengers from the city's O'Hare airport to downtown. The system would have to be completely privately funded -- Chicago says no taxpayer money would be used for it. Elon Musk's Boring Company -- a tunneling company that the SpaceX and Tesla CEO started last year -- will respond to the request. Musk hopes to get to the second round when bidding will take place. On Wednesday evening, he tweeted that his company "will compete to fund, build & operate a high-speed Loop connecting Chicago O'Hare Airport to downtown."

Musk's reference to a "Loop" is explained more clearly on The Boring Company's FAQ page: "Loop is a high-speed underground public transportation system in which passengers are transported on autonomous electric skates traveling at 125-150 miles per hour. Electric skates will carry between 8 and 16 passengers (mass transit), or a single passenger vehicle." Unlike Musk's idea for a Hyperloop, a Loop won't draw a vacuum. "For shorter routes, there is no technical need to eliminate air friction," The Boring Company states. The company also clarifies the concept of an "electric skate:" that is "a platform on wheels propelled by multiple electric motors." The platform would operate autonomously without a rail or rails to which the skate would connect. The skate would operate in the tunnel's main artery, and it would enter and exit from side tunnels. With this system, The Boring Company says, the skate's average speed would theoretically be able to operate close to maximum speed.

South Korean and U.S. officials have confirmed that North Korea has launched another ballistic missile into the sea of Japan. The ballistic missile test -- launched just after 3am Wednesday local time from Sin-ni in South Pyongyang -- is the first since an intermediate-range missile test in September. Ars Technica reports: In a statement to the press, a spokesperson for South Korea's Joint Chiefs of Staff said, "North Korea fired an unidentified ballistic missile early this morning from Pyongsong, South Pyongan [Province], to the east direction. South Korea's Joint Chiefs of Staff is analyzing more details of the missile with the U.S. side." The U.S. Department of Defense and the North American Aerospace Defense Command (NORAD) have made an initial assessment that the missile was an ICBM, according to Office of the Secretary of Defense spokesperson Col. Robert Manning. The missile traveled 1,000 kilometers, flew over Japan, and landed in the sea east of Japan within its exclusive economic zone.

An anonymous reader quotes a report from Ars Technica: Destiny 2, like its predecessor, depends largely on an open-ended "end game" system. Once you beat the game's primary "quest" content, you can return to previously covered ground to find remixed and upgraded battles, meant to be played ad nauseam alone or with friends. To encourage such replay, Bungie dangles a carrot of XP gain, which works more slowly than during the campaign stages. Players are awarded a "bright engram" every time they "level up" past the level cap; the engrams are essentially loot boxes that contain a random assortment of cosmetics and weapon mods. Everything you do in the game, from killing a weak bad guy to completing a major raid-related milestone, is supposed to reward you a fixed XP amount. As series fans gear up for the game's first expansion, slated to launch December 5 on PC, PlayStation 4, and Xbox One, its eagle-eyed fans at r/DestinyTheGame began questioning whether those rewards were really as fixed as claimed. Some players began to suspect that they were actually getting less XP than advertised each time they repeated certain in-game missions and tasks, such as the game's "Public Events."

With stopwatch in hand, a user named EnergiserX tracked the modes he played, keeping an eye on any shifts in XP gain over time. He put enough data together to confirm those suspicions: the XP gained in certain modes would shrink with each repetition. Worse, the game gave no indication of these diminishing returns. The XP-gain numbers that popped up above the game's XP bar didn't reflect the game's hidden scaling system. Thus, there was no way for a player to accurately calculate how their XP gain had been affected or scaled without going through EnergiserX's exhaustive process. With findings in hand, the tester posted on Reddit with calls to the developers for a response, which the community received on Saturday. Bungie confirmed its use of an "XP scaler" and added that it was "not performing the way we'd like it to," which meant the developer would remove that XP-scaling system upon the game's next patch. However, Bungie didn't clarify how the developers actually would have liked for this XP-scaling system to work, nor what factored into it announcing any changes beyond the system simply being discovered. Bungie issued a patch on Sunday that removed the XP-scaling systems, but it introduced another unannounced change to the XP system. "Bungie decided to tune the speed of XP gain by doubling the required XP needed to 'level up,' from 80,000 points to 160,000," reports Ars Technica. "Patch notes didn't mention this change; Bungie, once again, had to be questioned by its fanbase before confirming the exact amount of this XP-related change."

A new study from Purdue University uses detailed local traffic accident reports to suggest that Pokemon Go caused a marked increase in vehicle damages, injuries, and even deaths due to people playing the game while driving. Ars Technica reports: In the provocatively titled "Death by Pokemon Go" (which has been shared online but has yet to be peer-reviewed), Purdue professors Mara Faccio and John J. McConnell studied nearly 12,000 accident reports in Tippecanoe County, Indiana, in the months before and after Pokemon Go's July 6, 2016 launch. The authors then cross-referenced those reports with the locations of Pokestops in the county (where players visit frequently to obtain necessary in-game items) to determine whether the introduction of a Pokestop correlated with an increase in accident frequency, relative to intersections that didn't have them. While the incidence of traffic accidents increased across the county after Pokemon Go's introduction, that increase was a statistically significant 26.5 percent greater at intersections within 100 meters of a Pokestop, compared to those farther away. All told, across the county, the authors estimate 134 extra accidents occurred near Pokestops in the 148-day period immediately after the game came out, compared to the baseline where those Pokestops didn't exist. That adds up to nearly $500,000 in vehicle damage, 31 additional injuries, and two additional deaths across the county, based on extrapolation from the accident reports.

The study uses a regression model to account for potential confounding variables like school breaks and inclement weather, which could cause variation separate from Pokemon Go. The model also compares Pokestops to Pokegyms (where it was nearly impossible to play while driving) to account for the possibility that generally increased traffic to Pokemon Go locations was leading to more accidents, even among drivers who stopped and parked before playing. In all cases, though, being able to compare to intersections without a Pokestop and to the same dates the year before, helped provide natural control variables for the study.

An anonymous reader quotes a report from Ars Technica: For years, Comcast has been promising that it won't violate the principles of net neutrality, regardless of whether the government imposes any net neutrality rules. That meant that Comcast wouldn't block or throttle lawful Internet traffic and that it wouldn't create fast lanes in order to collect tolls from Web companies that want priority access over the Comcast network. This was one of the ways in which Comcast argued that the Federal Communications Commission should not reclassify broadband providers as common carriers, a designation that forces ISPs to treat customers fairly in other ways. The Title II common carrier classification that makes net neutrality rules enforceable isn't necessary because ISPs won't violate net neutrality principles anyway, Comcast and other ISPs have claimed.

But with Republican Ajit Pai now in charge at the Federal Communications Commission, Comcast's stance has changed. While the company still says it won't block or throttle Internet content, it has dropped its promise about not instituting paid prioritization. Instead, Comcast now vaguely says that it won't "discriminate against lawful content" or impose "anti-competitive paid prioritization." The change in wording suggests that Comcast may offer paid fast lanes to websites or other online services, such as video streaming providers, after Pai's FCC eliminates the net neutrality rules next month.

An anonymous reader quotes a report from Ars Technica: AT&T and Comcast have convinced a federal judge to nullify an ordinance that was designed to bring more broadband competition to Nashville, Tennessee. The Nashville Metro Council last year passed a "One Touch Make Ready" rule that gives Google Fiber or other new ISPs faster access to utility poles. The ordinance lets a single company make all of the necessary wire adjustments on utility poles itself, instead of having to wait for incumbent providers like AT&T and Comcast to send work crews to move their own wires. AT&T and Comcast sued the metro government in U.S. District Court in Nashville, claiming that federal and local laws preempt the One Touch Make Ready rule. Judge Victoria Roberts agreed with AT&T and Comcast in a ruling issued Tuesday. Google Fiber is offering service in Nashville despite saying last year that it was waiting for access to thousands of utility poles. "We're reviewing [the] court ruling to understand its potential impact on our build in Nashville," a Google spokesperson said this week, according to The Tennessean. "We have made significant progress with new innovative deployment techniques in some areas of the city, but access to poles remains an important issue where underground deployment is not a possibility."

AmiMoJo writes: In February, Facebook said it would step up enforcement of its prohibition against discrimination in advertising for housing, employment, or credit. Last week, ProPublica bought dozens of rental housing ads on Facebook but asked that they not be shown to certain categories of users, such as African-Americans,mothers of high school kids, people interested in wheelchair ramps, Jews, expats from Argentina, and Spanish speakers. All of these groups are protected under the federal Fair Housing Act. Violators can face tens of thousands of dollars in fines. Every single ad was approved within minutes. The only ad that took longer than three minutes to be approved by Facebook sought to exclude potential renters 'interested in Islam, Sunni Islam, and Shia Islam.' It was approved after 22 minutes.

An anonymous reader quotes a report from Ars Technica: In addition to ditching its own net neutrality rules, the Federal Communications Commission also plans to tell state and local governments that they cannot impose local laws regulating broadband service. This detail was revealed by senior FCC officials in a phone briefing with reporters today, and it is a victory for broadband providers that asked for widespread preemption of state laws. FCC Chairman Ajit Pai's proposed order finds that state and local laws must be preempted if they conflict with the U.S. government's policy of deregulating broadband Internet service, FCC officials said. The FCC will vote on the order at its December 14 meeting. It isn't clear yet exactly how extensive the preemption will be. Preemption would clearly prevent states from imposing net neutrality laws similar to the ones being repealed by the FCC, but it could also prevent state laws related to the privacy of Internet users or other consumer protections. Pai's staff said that states and other localities do not have jurisdiction over broadband because it is an interstate service and that it would subvert federal policy for states and localities to impose their own rules.

An anonymous reader quotes a report from Ars Technica: Press clover-space on a Mac (aka apple-space or command-space to Apple users) and you get a search box slap bang in the middle of the screen; type things into it and it'll show you all the things it can find that match. On Windows, you can do the same kind of thing -- hit the Windows key and then start typing -- but the results are shown in the bottom left of your screen, in the Start menu or Cortana pane. The latest insider build of Windows, build 17040 from last week, has a secret new search interface that looks a lot more Mac-like. Discovered by Italian blog Aggiornamenti Lumia, set a particular registry key and the search box appears in the middle of the screen. The registry key calls it "ImmersiveSearch" -- hit the dedicated key, and it shows a simple Fluent-designed search box and results. This solution looks and feels a lot like Spotlight on macOS.

FCC on Tuesday said it plans to dismantle landmark regulations that ensure equal access to the internet, clearing the way for companies to charge more and block access to some websites. From a report on the New York Times: The proposal, put forward by the F.C.C. chairman, Ajit Pai, is a sweeping repeal of rules put in place by the Obama administration that prohibited high-speed internet service providers from blocking or slowing down the delivery of websites, or charging extra fees for the best quality of streaming and other internet services for their subscribers. The clear winners from the move would be telecom giants like AT&T and Comcast that have lobbied for years against regulations of broadband and will now have more control over the online experiences of American consumers. The losers could be internet sites that will have to answer to telecom firms to get their content in front of consumers. And consumers may see their bills increase for the best quality of internet service. Note from the editor: the aforementioned link could be paywalled; consider the alternative sources: NPR, ArsTechnica, Associated Press, BBC, Axios, Reuters, TechCrunch, and Slate.

FTC Commissioner Terrell McSweeny criticized the move. She said, "So many things wrong here, like even if FCC does this FTC still won't have jurisdiction. But even if we did, most discriminatory conduct by ISPs will be perfectly legal. This won't hurt tech titans with deep pockets. They can afford to pay all the trolls under the bridge. But the entrepreneurs and innovators who truly make the Internet great won't be so lucky. It will be harder for them to compete. The FCC is upending the Internet as we know it, not saving it."

This is what the internet looks like when there is no net neutrality. Earlier today, news outlet Motherboard suggested we should build our own internet if we want to safeguard the essence of open internet.
In a statement, EFF said: It is worth reflecting on just how wildly unsupported by the public and wrong the FCC is on its effort to end an Open Internet. More than 1000 small businesses, investors, and technology startups in all 50 states have publicly opposed the proposal. More than 900 online video creators that produce content for more than 240 million viewers oppose the FCC plan. Over 200 international businesses and organizations have weighed in opposition. Fifty-two racial justice, civil rights, and human rights organizations have filed in support of the current rules. Dozens of ISPs across the country have told the FCC to leave the rules in place. Libraries, around 120,000 in total, from across the United States support retaining the Open Internet Order. Privacy organizations have told the FCC that its proposal would further degrade broadband user privacy and therefore oppose the proposal. State Attorneys General from Illinois, California, Connecticut, Hawaii, Iowa, Maine and Maryland, Massachusetts, Mississippi, Oregon, Vermont, Washington and DC support retaining the existing consumer protections. Sixty Mayors across the country have filed their opposition to the FCC plan. The National Association of Realtors expressed their support for keeping a legally enforceable Open Internet rule. And 1.52 million unique comments (as in people navigating the cumbersome FCC website directly to submit a statement rather than use a form letter website) were submitted in support of Title II and Network Neutrality versus only 23,000 supporting the FCC. A recent poll has found that 77 percent of Americans support retaining the current Network Neutrality rules (the poll broke it down to 73 percent of Republican voters, 80 percent of Democratic voters, and 76 percent of independents). The numbers are even higher when Americans are asked whether they support privacy protections, such as requiring ISPs to obtain consent from users before monetizing with third parties (85 percent Republicans, 82 percent Democrats, and 78 percent independents). So if the public and virtually every facet of Internet culture (including ISPs) oppose the FCC's plan, then why are we even going down this path? To put it simply: the FCC is not serving the public interest, but rather is serving the interests of the very few but massive vertically integrated ISPs that support the current agency's agenda.

From a report: Instacart shoppers and drivers -- the people who gather your groceries and deliver them to you after you order via the Instacart app -- are on strike. While independent contractors can't technically strike, via a Facebook group some of the company's thousands of employees have organized a "no delivery day" in the hopes of getting higher wages, the San Francisco Chronicle reports. The strike is only taking place in a few of the 154 cities nationwide that Instacart operates in. The action may be small, but the grievances are big. While Instacart, the 5-year-old San Francisco startup, is valued at $3.4 billion, it allegedly pays its workers as little as $1 per order. Ars Technica has a great breakdown of all the issues surrounding how Instacart employees get paid and it's complex, with three different income streams coming together Voltron-like to form a wage. The result, though, is that some shoppers are being paid less than the federal minimum wage, like a Jackson, Miss., worker who put in a 19-hour week in Jackson, Mississippi, that paid out $37.75 (roughly $2/hour). That's far below the $14/hour wage that Ars Technica says Instacart is targeting.

An anonymous reader quotes Ars Technica: Apple released iOS 11.1.2 for iPhones and iPads Thursday afternoon. It's a minor, bug-fix update that benefits iPhone X users who encountered issues after acquiring the new phone just under two weeks ago... The update fixes just two problems. The first is "an issue where the iPhone X screen becomes temporarily unresponsive to touch after a rapid temperature drop." Last week, some iPhone X owners began reporting on Reddit and elsewhere that their touchscreens became temporarily unresponsive when going outside into the cold... The update also "addresses an issue that could cause distortion in Live Photos and videos captured with iPhone X."
The article notes that the previous update "fixed a strange and widely mocked autocorrect bug that turned the letter 'i' into strange characters."

"To date, iOS 11's updates have largely been bug fixes."

An anonymous reader quotes Ars Technica: DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.

Finisterre found the security error after beginning to probe DJI's systems under DJI's bug bounty program, which was announced in August. But as Finisterre worked to document the bug with the company, he got increasing pushback -- including a threat of charges under the Computer Fraud and Abuse Act. DJI refused to offer any protection against legal action in the company's "final offer" for the data. So Finisterre dropped out of the program and published his findings publicly yesterday, along with a narrative entitled, "Why I walked away from $30,000 of DJI bounty money."
The company says they're now investigating "unauthorized access of one of DJI's servers containing personal information," adding that "the hacker in question" refused to agree to their terms and shared "confidential communications with DJI employees."

An anonymous reader writes: One of the more surprising stories of the past year was Microsoft's announcement that it was going to use the Git version control system for Windows development. Microsoft had to modify Git to handle the demands of Windows development but said that it wanted to get these modifications accepted upstream and integrated into the standard Git client. That plan appears to be going well. Yesterday, the company announced that GitHub was adopting its modifications and that the two would be working together to bring suitable clients to macOS and Linux. Microsoft says that, so far, about half of its modifications have been accepted upstream, with upstream Git developers broadly approving of the approach the company has taken to improve the software's scaling. Redmond also says that it has been willing to make changes to its approach to satisfy the demands of upstream Git. The biggest complexity is that Git has a very conservative approach to compatibility, requiring that repositories remain compatible across versions.

Microsoft and GitHub are also working to bring similar capabilities to other platforms, with macOS coming first, and later Linux. The obvious way to do this on both systems is to use FUSE, an infrastructure for building file systems that run in user mode rather than kernel mode (desirable because user-mode development is easier and safer than kernel mode). However, the companies have discovered that FUSE isn't fast enough for this -- a lesson Dropbox also learned when developing a similar capability, Project Infinite. Currently, the companies believe that tapping into a macOS extensibility mechanism called Kauth (or KAuth) will be the best way forward.

Astronomers have discovered a planet 35 percent more massive than Earth in orbit around a red dwarf star just 11 light years from the Sun. "The planet, Ross 128 b, likely exists at the edge of the small, relatively faint star's habitable zone even though it is 20 times closer to its star than the Earth is to the Sun," reports Ars Technica. "The study in the journal Astronomy & Astrophysics finds the best estimate for its surface temperature is between -60 degrees Celsius and 20 degrees Celsius." From the report: This is not the closest Earth-size world that could potentially harbor liquid water on its surface -- that title is held by Proxima Centauri b, which is less than 4.3 light years away from Earth and located in the star system closest to the Sun. Even so, due to a variety of factors, Ross 128 b is tied for fourth on a list of potentially most habitable exoplanets, with an Earth Similarity Index value of 0.86. In the new research, astronomers discuss another reason to believe that life might be more likely to exist on Ross 128 b. That's because its parent star, Ross 128, is a relatively quiet red dwarf star, producing fewer stellar flares than most other, similar-sized stars such as Proxima Centauri. Such flares may well sterilize any life that might develop on such a world.

An anonymous reader quotes a report from Ars Technica: The Republican attorney general of Missouri has launched an investigation into Google's business practices. Josh Hawley wants to know how Google handles user data. And he plans to look into whether Google is using its dominance in the search business to harm companies in other markets where Google competes. It's another sign of growing pressure Google is facing from the political right. Grassroots conservatives increasingly see Google as falling on the wrong side of the culture wars. So far that hasn't had a big impact in Washington policymaking. But with Hawley planning to run for the U.S. Senate next year, we could see more Republican hostility toward Google -- and perhaps other big technology companies -- in the coming years. The Hawley investigation will dig into whether Google violated Missouri's consumer-protection and antitrust laws. Specifically, Hawley will investigate: "Google's collection, use, and disclosure of information about Google users and their online activities," "Google's alleged misappropriation of online content from the websites of its competitors," and "Google's alleged manipulation of search results to preference websites owned by Google and to demote websites that compete with Google." States like Missouri have their own antitrust laws and the power to investigate company business conduct independently of the feds. So Hawley seems to be taking yet another look at those same issues to see if Google's conduct runs afoul of Missouri law.

We don't know if Hawley will get the Republican nomination or win his challenge to Sen. Claire McCaskill (D-Mo.) next year, but people like him will surely be elected to the Senate in the coming decade. Hawley's decision to go after Google suggests that he sees some upside in being seen as an antagonist to a company that conservatives increasingly view with suspicion. More than that, it suggests that Hawley believes it's worth the risk of alienating the GOP's pro-business wing, which takes a dim view of strict antitrust enforcement even if it targets a company with close ties to Democrats.

Timothy B. Lee via Ars Technica explains Bitcoin Gold: A new cryptocurrency called Bitcoin Gold is now live on the Internet. It aims to correct what its backers see as a serious flaw in the design of the original Bitcoin. There are hundreds of cryptocurrencies on the Internet, and many of them are derived from Bitcoin in one way or another. But Bitcoin Gold -- like Bitcoin Cash, another Bitcoin spinoff that was created in August -- is different in two important ways. Bitcoin Gold is branding itself as a version of Bitcoin rather than merely new platforms derived from Bitcoin's source code. It has also chosen to retain Bitcoin's transaction history, which means that, if you owned bitcoins before the fork, you now own an equal amount of "gold" bitcoins. While Bitcoin Cash was designed to resolve Bitcoin's capacity crunch with larger blocks, Bitcoin Gold aims to tackle another of Bitcoin's perceived flaws: the increasing centralization of the mining industry that verifies and secures Bitcoin transactions.

The original vision for Bitcoin was that anyone would be able to participate in Bitcoin mining with their personal PCs, earning a bit of extra cash as they helped to support the network. But as Bitcoin became more valuable, people discovered that Bitcoin mining could be done much more efficiently with custom-built application-specific integrated circuits (ASICs). As a result, Bitcoin mining became a specialized and highly concentrated industry. The leading companies in this new industry wield a disproportionate amount of power over the Bitcoin network. Bitcoin Gold aims to dethrone these mining companies by introducing an alternative mining algorithm that's much less susceptible to ASIC-based optimization. In theory, that will allow ordinary Bitcoin Gold users to earn extra cash with their spare computing cycles, just as people could do in the early days of Bitcoin.

EA has acquired the video game studio Respawn Entertainment. "The studio, co-founded by former Infinity Ward chiefs and Call of Duty co-creators in the wake of their departure from Activision, has been bought out in a deal whose total value could reach $455 million," reports Ars Technica. "The news by itself may seem odd, considering that EA shut down one of its other wholly owned studios, Visceral Games, only three weeks ago." From the report: A report from Kotaku sheds light on why EA made the move: as a response to another game publisher, Korea's Nexon, making a formal bid to buy Respawn outright. Nexon currently publishes a mobile spinoff of Respawn's Titanfall shooter series. Kotaku, citing sources close to the matter, claims that Nexon had bid to buy the company outright. EA exercised its contractual right to match the offer, Kotaku says, and it ultimately outbid Nexon. Among other things, the buyout preserves Respawn's continued work on an upcoming EA game set in the Star Wars universe; EA currently enjoys an exclusive license to making Star Wars-related video games, and any takeover by another company would have to resolve whether or how such a project would continue in production. Respawn's Star Wars project still does not have a title, a release date, or revealed gameplay footage. Respawn announced its work on an additional, unnamed VR game at Oculus Connect 4 last month; the EA statement says that project will continue apace, as well.

Antivirus suites expose a user's system to attacks that otherwise wouldn't be possible, a security researcher reported on Friday. From a report: On Friday, a researcher documented a vulnerability he had found in about a dozen name-brand AV programs that allows attackers who already have a toehold on a targeted computer to gain complete system control. AVGater, as the researcher is calling the vulnerability, works by relocating malware already put into an AV quarantine folder to a location of the attacker's choosing. Attackers can exploit it by first getting a vulnerable AV program to quarantine a piece of malicious code and then moving it into a sensitive directory such as C:\Windows or C:\Program Files, which normally would be off limits to the attacker. Six of the affected AV programs have patched the vulnerablity after it was privately reported. The remaining brands have yet to fix it, said Florian Bogner, a Vienna, Austria-based security researcher who gets paid to hack businesses so he can help them identify weaknesses in their networks. Bogner said he developed a series of AVGater exploits during several assignments that called for him to penetrate deep inside customer networks. Using malicious phishing e-mails, he was able to infect employee PCs, but he still faced a significant challenge. Because company administrators set up the PCs to run with limited system privileges, Bogner's malware was unable to access the password database -- known as the Security Account Manager -- that stored credentials he needed to pivot onto the corporate network.

An anonymous reader quotes a report from Ars Technica: Just two days after the FBI said it could not get into the Sutherland Springs shooter's seized iPhone, Politico Pro published a lengthy interview with a top Department of Justice official who has become the "government's unexpected encryption warrior." According to the interview, which was summarized and published in transcript form on Thursday for subscribers of the website, Deputy Attorney General Rod Rosenstein indicated that the showdown between the DOJ and Silicon Valley is quietly intensifying. "We have an ongoing dialogue with a lot of tech companies in a variety of different areas," he told Politico Pro. "There's some areas where they are cooperative with us. But on this particular issue of encryption, the tech companies are moving in the opposite direction. They're moving in favor of more and more warrant-proof encryption." "I want our prosecutors to know that, if there's a case where they believe they have an appropriate need for information and there is a legal avenue to get it, they should not be reluctant to pursue it," Rosenstein said. "I wouldn't say we're searching for a case. I''d say we're receptive, if a case arises, that we would litigate."

In the interview, Rosenstein also said he "favors strong encryption." "I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud," he explained. "And I'm in favor of that, because that means less business for us prosecuting cases of people who have stolen data and hacked into computer networks and done all sorts of damage. So I'm in favor of strong encryption." "This is, obviously, a related issue, but it's distinct, which is, what about cases where people are using electronic media to commit crimes? Having access to those devices is going to be critical to have evidence that we can present in court to prove the crime. I understand why some people merge the issues. I understand that they're related. But I think logically, we have to look at these differently. People want to secure their houses, but they still need to get in and out. Same issue here." He later added that the claim that the "absolutist position" that strong encryption should be by definition, unbreakable, is "unreasonable." "And I think it's necessary to weigh law enforcement equities in appropriate cases against the interest in security," he said.

An anonymous reader quotes a report from Ars Technica: Just two days after the FBI said it could not get into the Sutherland Springs shooter's seized iPhone, Politico Pro published a lengthy interview with a top Department of Justice official who has become the "government's unexpected encryption warrior." According to the interview, which was summarized and published in transcript form on Thursday for subscribers of the website, Deputy Attorney General Rod Rosenstein indicated that the showdown between the DOJ and Silicon Valley is quietly intensifying. "We have an ongoing dialogue with a lot of tech companies in a variety of different areas," he told Politico Pro. "There's some areas where they are cooperative with us. But on this particular issue of encryption, the tech companies are moving in the opposite direction. They're moving in favor of more and more warrant-proof encryption." "I want our prosecutors to know that, if there's a case where they believe they have an appropriate need for information and there is a legal avenue to get it, they should not be reluctant to pursue it," Rosenstein said. "I wouldn't say we're searching for a case. I''d say we're receptive, if a case arises, that we would litigate."

In the interview, Rosenstein also said he "favors strong encryption." "I favor strong encryption, because the stronger the encryption, the more secure data is against criminals who are trying to commit fraud," he explained. "And I'm in favor of that, because that means less business for us prosecuting cases of people who have stolen data and hacked into computer networks and done all sorts of damage. So I'm in favor of strong encryption." "This is, obviously, a related issue, but it's distinct, which is, what about cases where people are using electronic media to commit crimes? Having access to those devices is going to be critical to have evidence that we can present in court to prove the crime. I understand why some people merge the issues. I understand that they're related. But I think logically, we have to look at these differently. People want to secure their houses, but they still need to get in and out. Same issue here." He later added that the claim that the "absolutist position" that strong encryption should be by definition, unbreakable, is "unreasonable." "And I think it's necessary to weigh law enforcement equities in appropriate cases against the interest in security," he said.

Logitech recently informed customers that it will be discontinuing service for its popular Harmony Link remote system, which allows users to control home theater and sound equipment from a mobile app. "Customers received an email explaining that Logitech will 'discontinue service and support' for the Harmony Link as of March 16, 2018, adding that Harmony Link devices 'will no longer function after this date,'" reports Ars Technica. From the report: While Logitech is offering a one-time, 35-percent discount on its Harmony Hub to affected customers that are out of warranty, that's not enough for Harmony Link users who are expressing their dissatisfaction on Logitech support forums and Reddit. Users have not experienced major problems with the Harmony Link system that would indicate they are approaching end of life. Harmony Link customers do not pay a subscription or service fee to use the device, either. The only reason provided comes from a Logitech employee with the username Logi_WillWong, who explains in a response post from September 8, 2017 that Logitech will not be renewing a "technology certificate license" that expires in March. No details were provided about how this certificate license allows the Harmony Link to function, but it appears that without it, those devices will not work as promised. "The certificate will not be renewed as we are focusing resources on our current app-based remote, the Harmony Hub," Logi_WillWong added, which seems to indicate that the shutting down of the Harmony Link system is a way to get more customers on the newer Harmony Hub system.

An anonymous reader quotes a report from Ars Technica: A crippling flaw affecting millions -- and possibly hundreds of millions -- of encryption keys used in some of the highest-stakes security settings is considerably easier to exploit than originally reported, cryptographers declared over the weekend. The assessment came as Estonia abruptly suspended 760,000 national ID cards used for voting, filing taxes, and encrypting sensitive documents. The critical weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. When researchers first disclosed the flaw three weeks ago, they estimated it would cost an attacker renting time on a commercial cloud service an average of $38 and 25 minutes to break a vulnerable 1024-bit key and $20,000 and nine days for a 2048-bit key. Organizations known to use keys vulnerable to ROCA—named for the Return of the Coppersmith Attack the factorization method is based on—have largely downplayed the severity of the weakness.

On Sunday, researchers Daniel J. Bernstein and Tanja Lange reported they developed an attack that was 25 percent more efficient than the one created by original ROCA researchers. The new attack was solely the result of Bernstein and Lange based only on the public disclosure information from October 16, which at the time omitted specifics of the factorization attack in an attempt to increase the time hackers would need to carry out real-world attacks. After creating their more efficient attack, they submitted it to the original researchers. The release last week of the original attack may help to improve attacks further and to stoke additional improvements from other researchers as well.

Slashdot reader hackingbear writes: According to a statement from China Aerospace Science and Technology Corporation, China's reusable spaceplane will launch in 2020. The spaceplane will be launched vertically by a winged rocket to orbit and each of them will be returned to the ground horizontally, according to Chinese media reports. The system is designed to be reusable in 24 hours and for at least 20 times, cutting launch costs to 1/10 of the current price... "Currently China is developing its own reusable earth-to-orbit space vehicles that can take off and land horizontally," Liu Shiquan, vice director of the China Aerospace Science & Industry Corporation, said. "We have already finished several crucial ground tests for engines and [other key components], yielding remarkable achievements."

Long-time Slashdot reader Freshly Exhumed quotes Ars Technica: A federal appeals court has now partially ruled in favor of the SCO Group, breathing new life into a lawsuit and a company (now bankrupt and nearly dead) that has been suing IBM for nearly 15 years.

Last year, U.S. District Judge David Nuffer had ruled against SCO (whose original name was Santa Cruz Operation) in two summary judgment orders, and the court refused to allow SCO to amend its initial complaint against IBM. SCO soon appealed. On Monday, the 10th US Circuit Court of Appeals found that SCO's claims of misappropriation could go forward while also upholding Judge Nuffer's other two orders.
Here's Slashdot's first story about the trial more than 14 years ago, and a nice timeline from 2012 of the next nine years of legal drama.

An anonymous reader quotes a report from Ars Technica: The nascent market for electric cars will suffer a big setback if the Republican tax plan released on Thursday enters into law. Among the changes to the current tax code would be an end to the Plug-In Electric Drive Vehicle Credit. That's the tax incentive that currently means up to $7,500 back from the IRS when you purchase a new battery or plug-in hybrid electric vehicle. Since the start of 2010, the EV tax credit has been $2,500 for a plug-in vehicle with at least 5kWh battery capacity. Every extra kWh nets another $417 up to a maximum of $7,500, although you would need at least that amount in income tax liability -- the IRS won't cut you a check to make up the full amount. It was never meant to be permanent; once an automaker sells 200,000 qualifying vehicles (starting from January 1, 2010) its eligibility is phased out over a matter of months. But in the almost seven years since, no one has reached that limit yet. Tesla will almost certainly be first, with General Motors not far behind; between them, they've sold a lot of Model Ses and Chevrolet Volts. If this tax plan is enacted, it will surely mean pain for both companies, as well as anyone else hoping to sell a lot of EVs here in the U.S. The data is pretty clear -- tax incentives sell electric cars, and the market for EVs can dry up very fast when they're abolished, as Georgia's recent experience shows.

Yesterday, the U.S. Navy issued its report on the collisions of the USS Fitzgerald and USS John S. McCain this summer, which was the fourth U.S. Navy collision this year. "The Navy's investigation found that both collisions were avoidable accidents," reports Ars Technica. "And in the case of the USS McCain, the accident was in part caused by an error made in switching which control console on the ship's bridge had steering control. While the report lays the blame on training, the user interface for the bridge's central navigation control systems certainly played a role." From the report: According to the report, at 5:19am local time, the commanding officer of the McCain, Commander Alfredo J. Sanchez, "noticed the Helmsman (the watchstander steering the ship) having difficulty maintaining course while also adjusting the throttles for speed control." Sanchez ordered the watch team to split the responsibilities for steering and speed control, shifting control of the throttle to another watchstander's station -- the lee helm, immediately to the right (starboard) of the Helmsman's position at the Ship's Control Console. While the Ship's Control Console has a wheel for manual steering, both steering and throttle can be controlled with trackballs, with the adjustments showing up on the screens for each station. However, instead of switching just throttle control to the Lee Helm station, the Helmsman accidentally switched all control to the Lee Helm station. When that happened, the ship's rudder automatically moved to its default position (amidships, or on center line of the ship). The helmsman had been steering slightly to the right to keep the ship on course in the currents of the Singapore Strait, but the adjustment meant the ship started drifting off course.

At this point, everyone on the bridge thought there had been a loss of steering. In the commotion that ensued, the commanding officer and bridge crew lost track of what was going on around them. Sanchez ordered the engines slowed, but the lee helmsman only slowed the port (left) throttle, because the throttle controls on-screen were not "ganged" (linked) at the time as the result of the switch-over of control. The ship continued to turn uncontrolled to port -- putting the ship on a collision course with the Liberian-flagged chemical carrier Alnic MC.

An anonymous reader quotes a report from Ars Technica: Today, the Central Intelligence Agency posted a cache of files obtained from Osama Bin Laden's personal computer and other devices recovered from his compound in Abbottabad, Pakistan by Navy SEALs during the raid in which he was killed on May 2, 2011. The 470,000 files, 321 gigabytes in all, include documents, images, videos, and audio recordings, including Al Qaeda propaganda and planning documents, home videos of Bin Laden's son Hazma, and "drafts" of propaganda videos. There is also a lot of digital junk among the files.

The CIA site presents a raft of warnings about the content of the downloads: "The material in this file collection may contain content that is offensive and/or emotionally disturbing. This material may not be suitable for all ages. Please view it with discretion. Prior to accessing this file collection, please understand that this material was seized from a terrorist organization. While the files underwent interagency review, there is no absolute guarantee that all malware has been removed."

CBS has sued a photographer for copyright infringement for publishing a still image from a 59-year-old television show. From a report: The lawsuit against New York photojournalist Jon Tannen, filed on Friday, is essentially a retaliatory strike. Tannen sued CBS Interactive in February, claiming that the online division of CBS had used two of his photographs without permission. Now, CBS has sued Tannen back, claiming that he "hypocritically" used CBS' intellectual property "while simultaneously bringing suit against Plaintiff's sister company, CBS Interactive Inc., claiming it had violated his own copyright." "Without any license or authorization from Plaintiff, Defendant has copied and published via social media platforms images copied from the Dooley Surrenders episode of GUNSMOKE," write CBS lawyers. CBS is asking for $150,000 in damages for willful infringement.

"In July 2009, SpaceX launched its first commercial payload -- a 50kg Earth observation satellite for Malaysia -- which flew into space aboard a privately developed rocket," reports Ars Technica. "According to a new space investment report that will be published Tuesday by the Space Angels, an angel fund and a venture capital fund focused on space, which marked a key inflection point between the "governmental" space age and the "entrepreneurial" space age." From the report: "With that launch, SpaceX significantly lowered the barriers to entry in the space industry," the fund's chief executive, Chad Anderson, writes in the new report. "By vertically integrating, the company was able to drastically reduce the cost to get to orbit. But what deserves at least as much credit is their decision to publish their pricing, which fundamentally changed the way we do business in space. This transparency enabled would-be space entrepreneurs to develop a business plan and raise equity financing based on those cost assumptions."

From 2009 through September 2017, the report finds that $12 billion in equity investments have been made in space, with annual amounts increasing significantly in 2015 and beyond to more than $2 billion per year. At $10 billion, launch services, landers, and satellites have accounted for the bulk of this investment since 2009. Aside from the SpaceX launch that year, other data supports the year 2009 as the beginning of an entrepreneurial space age in which the private sector began making investments to return profits from space-based activities. About 250 space ventures have received non-government equity funding, the report states, and, of those, 88 percent have been funded since 2009.

An anonymous reader quotes a report from Ars Technica: On Monday, AMD's stock price plunged nearly 9 percent after a report by Morgan Stanley, a major investment bank, which found that "microprocessor momentum" has slowed. According to CNBC, a new report by analyst Joseph Moore found that "cryptocurrency mining driven sales for AMD's graphics chips will decline by 50 percent next year or a $250 million decline in revenue. He also forecasts video game console demand will decline by 5.5 percent in 2018." As per AMD's own SEC filings, the company lost over $2.8 billion from 2012 through 2016. However, new releases from AMD suggest that it may be on something of a resurgent track. As Ars reported last month, AMD's Ryzen and Threadripper processors re-established AMD's chips as competitive with Intel's.

Dan Goodin, writing for ArsTechnica: The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites. The latest examples came on Monday with the revelation from antivirus provider Trend Micro that at least two Android apps with as many as 50,000 downloads from Google Play were recently caught putting crypto miners inside a hidden browser window. The miners caused phones running the apps to run JavaScript hosted on Coinhive.com, a site that harnesses the CPUs of millions of PCs to mine the Monero crypto currency. In turn, Coinhive gives participating sites a tiny cut of the relatively small proceeds. Google has since removed the apps, which were known as Recitiamo Santo Rosario Free and SafetyNet Wireless App. Last week, researchers from security firm Sucuri warned that at least 500 websites running the WordPress content management system alone had been hacked to run the Coinhive mining scripts. Sucuri said other Web platforms -- including Magento, Joomla, and Drupal -- are also being hacked in large numbers to run the Coinhive programming interface.

SpaceX has managed to launch fifteen rockets this year as a result of its more efficient production flow over last year, a maturing Falcon 9 rocket, and an experienced workforce. On Monday, the company will go for its 16th launch of the year, doubling its previous record. It plans to launch its 19th rocket before year's end. Ars Technica reports: This year has seen a number of firsts for the company -- first reflight of a Falcon 9 booster, first reuse of a Dragon cargo spacecraft, first national security payload, and a remarkable dozen landings. But probably the biggest achievement has been finally delivering on the promise of a high flight rate. For years, competitors in the global launch industry have noted, with skepticism, that SpaceX has been unable to achieve higher flight rates and fly out its lengthy manifest. Those concerns appeared to have some merit, especially after SpaceX endured difficult financial years in 2015 and 2016, when the company lost two Falcon 9 rockets (one during launch and the other during a ground test) along with a payload. However, competitors worried, if SpaceX did ever figure things out, the company could become a "steamroller" with its lower cost flight opportunities.

On Monday, weather permitting, SpaceX will attempt to launch the Koreasat 5A communications satellite for a South Korean company. The launch window for the Kennedy Space Center-based liftoff opens at 3:34pm ET. After this, it's likely that SpaceX will launch two or three (possibly more) missions in 2017, bringing the company's tally for the year to 19 missions. (That would be one shy of the company's total for 2014, 2015, and 2016 combined).

An anonymous reader quotes a report from Ars Technica: Since 2014, a group of volunteers going by the name Revive Network have been working to keep online game servers running for Battlefield 2, Battlefield 2142, and Battlefield Heroes. As of this week, the team is shutting down that effort thanks to a legal request from publisher Electronic Arts. "We will get right to the point: Electronic Arts Inc.' legal team has contacted us and nicely asked us to stop distributing and using their intellectual property," the Revive Network team writes in a note on their site. "As diehard fans of the franchise, we will respect these stipulations."

EA's older Battlefield titles were a victim of the 2014 GameSpy shutdown, which disabled the online infrastructure for plenty of classic PC and console games. To get around that, Revive was distributing modified versions of the older Battlefield titles along with a launcher that allowed access to its own, rewritten server infrastructure. The process started with Battlefield 2 in 2014 and expanded to Battlefield 2142 last year, and Battlefield Heroes a few month ago. It's the distribution of modified copies of these now-defunct games that seems to have drawn the ire of EA's legal department. Revive claimed over 900,000 registered accounts across its games, including nearly 175,000 players for the recently revived Battlefield Heroes.

An anonymous reader quotes a report from Ars Technica: Since 2014, a group of volunteers going by the name Revive Network have been working to keep online game servers running for Battlefield 2, Battlefield 2142, and Battlefield Heroes. As of this week, the team is shutting down that effort thanks to a legal request from publisher Electronic Arts. "We will get right to the point: Electronic Arts Inc.' legal team has contacted us and nicely asked us to stop distributing and using their intellectual property," the Revive Network team writes in a note on their site. "As diehard fans of the franchise, we will respect these stipulations."

EA's older Battlefield titles were a victim of the 2014 GameSpy shutdown, which disabled the online infrastructure for plenty of classic PC and console games. To get around that, Revive was distributing modified versions of the older Battlefield titles along with a launcher that allowed access to its own, rewritten server infrastructure. The process started with Battlefield 2 in 2014 and expanded to Battlefield 2142 last year, and Battlefield Heroes a few month ago. It's the distribution of modified copies of these now-defunct games that seems to have drawn the ire of EA's legal department. Revive claimed over 900,000 registered accounts across its games, including nearly 175,000 players for the recently revived Battlefield Heroes.