Slashdot Mirror

An anonymous reader quotes a report from Ars Technica: On Wednesday, [Reddit] announced a new policy clarifying its rules against content that incites violence. "We will take action against any content that encourages, glorifies, incites, or calls for violence or physical harm against an individual or a group of people," Reddit administrator landoflobsters wrote. Promoting harm to animals is also against the rules. Within minutes, moderators started to ban a long list of controversial subreddits, including /r/Nazi, /r/DylannRoofInnocent, /r/SexWithDogs, /r/WhitesAreCriminals, and /r/PicsOfDeadKids. The bounds of propriety remain fairly wide at Reddit, however. Commenters pointed out that /r/WatchPeopleDie -- which is exactly what it sounds like -- is still around. Landoflobsters said that site administrators have "no plans to remove it for now." The self-explanatory -- and horrifying -- /r/CuteFemaleCorpses is also still active. Evidently, merely depicting violence is fine as long as people in a subreddit don't glorify violence. In practice, of course, the line between these things is pretty thin. A subreddit devoted to merely discussing violent acts is naturally going to attract people who like to promote violent acts -- especially after bans of related subreddits where those people previously hung out. Reddit's new policy seems like the basis for an endless game of Whac-A-Mole as the Internet's creeps search for new places to exchange disturbing content.

Sam Machkovech from Ars Technica reviews the game Engare, describing it as a "clever, deceptively simple, and beautiful rumination on geometry and Islamic art-making traditions." The game consists of relatively simple puzzles and a freeform art toy that unlocks its puzzles' tools to allow you to make whatever patterns you please. From the report: The game, made almost entirely by 23-year-old Iranian developer Mahdi Bahrami, starts with a 2D scene of a circle repeatedly traveling along a line. Above this, an instructional card shows a curved-diagonal line. Drop a dot on the moving circle, the game says, and it will generate a bold line, like ink on a page. As the ball (and thus, your dot) rolls, the inked line unfurls; if you put the dot on a different part of the circle, then your inked line may have more curve or angle to it, based on the total motion of the moving, rotating circle. Your object is to recreate this exact curved-diagonal line. If your first ink-drop doesn't do the trick, try again. Each puzzle presents an increasingly complex array of moving and rotating shapes, lines, and dots. You have to watch the repeating patterns and rotations in a particular puzzle to understand where to drop an ink dot and draw the demanded line. At first, you'll have to recreate simple turns, curves, and zig-zags. By the end, you'll be making insane curlicues and rug-like super-patterns.

But even this jaded math wiz-kid couldn't help but drop his jaw, loose his tongue, and bulge his eyes at the first time Engare cracked open its math-rich heart. One early puzzle (shown above) ended with its seemingly simple pattern repeating over and over and over and over. Unlike other puzzles, this pattern kept drawing itself, even after I'd fulfilled a simple line-and-turn pattern. And with each pass of the drawing pattern, driven by a spinning, central circle, Engare drew and filled a new, bright color. This is what the game's creator is trying to shout, I thought. This is his unique, cultural perspective. This looks like the Persian rugs he saw his grandmother weave as a child.

After dealing with all sorts of screen issues, another problem with Google's flagship smartphone is popping up. This time it's an audio issue: users on Google's official forums and elsewhere are reporting odd sounds coming from the Pixel 2 speakers. Ars Technica reports: Customers are complaining of "clicking" and a "high-pitched whine" coming from the Pixel 2 and Pixel 2 XL. Most reports on the forums say the noises are coming from the top or bottom speaker on the Pixel 2 and Pixel 2 XL. Some reports say the sounds come through during calls, while other users say the speaker noises happen any time the screen is on. A user made a recording of the sound, which can be heard here. Most users are being told to return their devices after contacting support, but at least one person claims they were told this issue would be patched in an upcoming update. One possible workaround is to turn off NFC, which some users say stops or lowers the noises.

An anonymous reader quotes a report from Ars Technica: Two House committees announced Tuesday that they would conduct a joint probe into the FBI's handling of the Clinton e-mail investigation. The Clinton investigation concluded with no charges being levied against the former secretary of state who was running for president under the Democratic ticket. House Oversight and Government Reform Committee Chairman Trey Gowdy (R-S.C.) and House Judiciary Committee Chairman Bob Goodlatte (R-Va.) said in a joint statement that they are unsatisfied with how the probe into Clinton's private e-mail server concluded. Among other things, the chairmen want to know why the bureau publicly said it was investigating Clinton while keeping silent that it was looking into President Donald Trump's campaign associates and their connections to Russia.

"Our justice system is represented by a blind-folded woman holding a set of scales. Those scales do not tip to the right or the left; they do not recognize wealth, power, or social status," Goodlatte and Gowdy said in a joint statement. "The impartiality of our justice system is the bedrock of our republic, and our fellow citizens must have confidence in its objectivity, independence, and evenhandedness. The law is the most equalizing force in this country. No entity or individual is exempt from oversight."

An anonymous reader quotes Ars Technica: [O]ne of the most prominent institutions, New York's Flatiron School, will be shelling out $375,000 to settle charges brought by New York Attorney General Eric Schneiderman's office. The AG said the school operated for a period without the proper educational license, and it improperly marketed both its job placement rates and the salaries of its graduates. New York regulators didn't find any inaccuracies in Flatiron's "outcomes report," a document the company is proud of. However, the Attorney General's office found that certain statements made on Flatiron's website didn't constitute "clear and conspicuous" disclosure.

For instance, Flatiron claimed that 98.5 percent of graduates were employed within 180 days of graduation. However, only by carefully reading the outcomes report would one find that the rate included not just full-time employees, but apprentices, contract workers, and freelancers. Some of the freelancers worked for less than 12 weeks. The school also reported an average salary of $74,447 but didn't mention on its website that the average salary claim only applied to graduates who achieved full-time employment. That group comprised only 58 percent of classroom graduates and 39 percent of those who took online courses.
The school's courses last 12 to 16 weeks, and cost between $12,000 and $15,000, according to a statement from the attorney general's office [PDF]. (Or $1,500 a month for an onine coding class). Eligible graduate can claim their share of the $375,000 by filing a complaint within the next thee months.

An anonymous reader quotes a report from Ars Technica: In the beginning of 2017, Twitter said it would take on harassment and hate speech. CEO Jack Dorsey said the company would embrace a "completely new approach to abuse on Twitter" with open dialogue along the way. For months, though, the company has offered few details about what it would do, or when. That changed late yesterday, when Twitter posted a timeline with specific promises on actions it will take. The changes begin next week. On October 27, Twitter will expand what types of "non-consensual nudity" (aka "revenge porn") that it takes action against. The company will already act when a victim complains, but Twitter will soon act even in cases where the victims may not be aware images were taken, instances like upskirt photos and hidden webcams. "Anyone we identify as the original poster of non-consensual nudity will be suspended immediately," the October entry reads. On November 3, Twitter will ban hate imagery in profile headers and avatars, and the service will start suspending accounts "for organizations that use violence to advance their cause." The same day it will institute a policy of stopping "Unwanted Sexual Advances," although the company says it has already been taking enforcement actions on this front. Later in November, Twitter will ban "hateful display names."

Denuvo, an anti-tamper technology and digital rights management scheme, isn't doing a very good job preventing PC games from being copied. According to Ars Technica, Denuvo releases are being publicly cracked within a day of their launch. From the report: This week's release of South Park: The Fractured but Whole is the latest to see its protections broken less than 24 hours after its release, but it's not alone. Middle Earth: Shadow of War was broken within a day last week, and last month saw cracks for Total War: Warhammer 2 and FIFA 18 the very same day as their public release. Then there's The Evil Within 2, which reportedly used Denuvo in prerelease review copies but then launched without that protection last week, effectively ceding the game to immediate potential piracy. Those nearly instant Denuvo cracks follow summer releases like Sonic Mania, Tekken 7, and Prey, all of which saw DRM protection cracked within four to nine days of release. But even that small difference in the "uncracked" protection window can be important for game publishers, who usually see a large proportion of their legitimate sales in those first few days of availability. The presence of an easy-to-find cracked version in that launch window (or lack thereof) could have a significant effect on the initial sales momentum for a big release. If Denuvo can no longer provide even a single full day of protection from cracks, though, that protection is going to look a lot less valuable to publishers.

The world's first floating offshore wind farm began delivering electricity to the Scottish grid today. "The 30MW installation, situated 25km (15.5mi) from Peterhead in Aberdeenshire, Scotland, will demonstrate that offshore wind energy can be harvested in deep waters, miles away from land, where installing giant turbines was once impractical or impossible," reports Ars Technica. "At peak capacity, the wind farm will produce enough electricity to power 20,000 Scottish homes." From the report: The installation, called Hywind Scotland, is also interesting because it was built by Statoil, a Norwegian mega-corporation known for offshore oil drilling. Statoil has pursued offshore wind projects in recent years, using the companyâ(TM)s experience building and managing infrastructure in difficult open sea conditions to its advantage. Hywind Scotland began producing power in September, and today it starts delivering electricity to the Scottish grid. Now, all that's left is for Statoil and its partner company Masdar to install a 1MWh lithium-ion battery, charmingly called âoeBatwind,â on shore. Batwind will help the offshore system regulate power delivery and optimize output. After a number of small demonstration projects, the five 6MW turbines are the first commercial turbines to lack a firm attachment to the seafloor. They're held in place using three giant suction anchors, which are commonly used in offshore oil drilling. Essentially, an enormous, empty, upside-down âoebucketâ is placed on the seafloor, and air is sucked out of the bucket, which forces the bucket downward, further into the seafloor sediment. The report mentions a 2013 video that shows how offshore wind farms work.

AnalogDiehard writes: The recent -- and questionable -- practice of technological and pharmaceutical companies selling their patents to U.S. native Indian tribes (where they enjoy "sovereign immunity" from the inter partes review (IPR) process of the PTO) and then the tribes licensing them back to the companies is drawing scrutiny from a federal court and has inspired a new U.S. bill outlawing the practice. The IPR process is a "fast track" (read: much less expensive) process through the PTO to review the validity of challenged patents -- it is loved by defendants and hated by patent holders. Not only has U.S. Circuit Judge William Bryson invalidated Allergan's pharmaceutical patents due to "obviousness," he is questioning the legitimacy of the sovereign immunity tactic. The judge was well aware that the tactic could endanger the IPR process, which was a central component of the America Invents Act of 2011, and writes that sovereign immunity "should not be treated as a monetizable commodity that can be purchased by private entities as part of a scheme to evade their legal responsibility." U.S. Senator Claire McCaskill (D-Mo.) -- no stranger to abuses of the patent system -- has introduced a bill that would outlaw the practice she describes as "one of the most brazen and absurd loopholes I've ever seen and it should be illegal." Sovereign immunity is not absolute and has been limited by Congress and the courts in the past. The bill would apply only to the IPR proceedings and not to patent disputes in federal courts.

Movies studios, Netflix, and Amazon have teamed up to file a lawsuit against a streaming media player called TickBox TV. The device in question runs Kodi on top of Android 6.0, and searches the internet for streams that it can make available to users without actually hosting any of the content itself. An anonymous reader quotes a report from Ars Technica: The complaint (PDF), filed Friday, says the TickBox devices are nothing more than "tool[s] for mass infringement," which operate by grabbing pirated video streams from the Internet. The lawsuit was filed by Amazon and Netflix Studios, along with six big movie studios that make up the Motion Picture Association of America: Universal, Columbia, Disney, Paramount, 20th Century Fox, and Warner Bros.

"What TickBox actually sells is nothing less than illegal access to Plaintiffs' copyrighted content," write the plaintiffs' lawyers. "TickBox TV uses software to link TickBox's customers to infringing content on the Internet. When those customers use TickBox TV as Defendant intends and instructs, they have nearly instantaneous access to multiple sources that stream Plaintiffs' Copyrighted Works without authorization." The device's marketing materials let users know the box is meant to replace paid-for content, with "a wink and a nod," by predicting that prospective customers who currently pay for Amazon Video, Netflix, or Hulu will find that "you no longer need those subscriptions." The lawsuit shows that Amazon and Netflix, two Internet companies that are relatively new to the entertainment business, are more than willing to join together with movie studios to go after businesses that grab their content.

An anonymous reader quotes a report from Ars Technica: The system formerly known as Hurricane Ophelia is moving into Ireland on Monday, bringing "status red" weather throughout the day to the island. The Irish National Meteorological Service, Met Eireann, has warned that, "Violent and destructive gusts of 120 to 150km/h are forecast countrywide, and in excess of these values in some very exposed and hilly areas. There is a danger to life and property." Ophelia transitioned from a hurricane to an extra-tropical system on Sunday, but that only marginally diminished its threat to Ireland and the United Kingdom on Monday, before it likely dissipates near Norway on Tuesday. The primary threat from the system was high winds, with heavy rains. Forecasters marveled at the intensification of Ophelia on Saturday, as it reached Category 3 status on the Saffir-Simpson scale and became a major hurricane. For a storm in the Atlantic basin, this is the farthest east that a major hurricane has been recorded during the satellite era of observations. Additionally, it was the farthest north, at 35.9 degrees north, that an Atlantic major hurricane has existed this late in the year since 1939.

Slovak and Czech researchers have found a vulnerability that leaves government and corporate encryption cards vulnerable to hackers to impersonate key owners, inject malicious code into digitally signed software, and decrypt sensitive data, reports ArsTechnica. From the report: The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest. The flaw is the one Estonia's government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. On Monday, officials posted this update. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations.

An anonymous reader quotes Ars Technica: Equifax isn't the only credit-reporting behemoth with a website redirecting visitors to fake Adobe Flash updates. A security researcher from AV provider Malwarebytes said transunioncentroamerica.com, a TransUnion site serving people in Central America, [was] also sending visitors to the fraudulent updates and other types of malicious pages... Malwarebytes security researcher Jerome Segura says he was able to repeatedly reproduce a similar chain of fraudulent redirects when he pointed his browser to the transunioncentroamerica.com site. On some occasions, the final link in the chain would push a fake Flash update. In other cases, it delivered an exploit kit that tried to infect computers with unpatched browsers or browser plugins... "This is not something users want to have," Segura told Ars...

Equifax on Thursday was quick to say that its systems were never compromised in the attacks. TransUnion said much the same thing. This is an important distinction in some respects because it means that the redirections weren't the result of attackers having access to restricted parts of either company's networks. At the same time, the incidents show that visitors to both sites remain much more vulnerable to malicious content than they should be.
Both sites hosted fireclick.js, an old script from a small web analytics company which pulls pages from sites like Akamai, SiteStats.info, and Ostats.net. "It appears that attackers have compromised the third-party library," writes BankInfoSecurity, adding that Malwarebytes estimates over a 1,000 more sites are using the same library.

An anonymous reader quotes a report from Ars Technica: The lack of clear information about what Microsoft does with the data that Windows 10 collects prevents consumers from giving their informed consent, says the Dutch Data Protection Authority (DPA). As such, the regulator says that the operating system is breaking the law. To comply with the law, the DPA says that Microsoft needs to get valid user consent: this means the company must be clearer about what data is collected and how that data is processed. The regulator also complains that the Windows 10 Creators Update doesn't always respect previously chosen settings about data collection. In the Creators Update, Microsoft introduced new, clearer wording about the data collection -- though this language still wasn't explicit about what was collected and why -- and it forced everyone to re-assert their privacy choices through a new settings page. In some situations, though, that page defaulted to the standard Windows options rather than defaulting to the settings previously chosen. In the Creators Update, Microsoft also explicitly enumerated all the data collected in Windows 10's "Basic" telemetry setting. However, the company has not done so for the "Full" option, and the Full option remains the default. The DPA's complaint doesn't call for Microsoft to offer a complete opt out of the telemetry and data collection, instead focusing on ensuring that Windows 10 users know what the operating system and Microsoft are doing with their data. The regulator says that Microsoft wants to "end all violations," but if the software company fails to do so, it faces sanctions.

For several hours on Wednesday Equifax's website was compromised again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers, reports Dan Goodin at Ars Technica. From the report: Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to contest what he said was false information he had just found on his credit report. Eventually, his browser opened up a page on the domain hxxp:centerbluray.info. He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the control of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he'd see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once. Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. Update: Equifax said on Thursday it was taking one of its web pages offline as its security team looks into reports of another potential cyber breach.

Jon Brodkin reports via Ars Technica: A Federal Communications Commission decision to eliminate price caps imposed on some business broadband providers should be struck down, advocacy groups told federal judges last week. The FCC failed to justify its claim that a market can be competitive even when there is only one Internet provider, the groups said. Led by Chairman Ajit Pai, the FCC's Republican majority voted in April of this year to eliminate price caps in a county if 50 percent of potential customers "are within a half mile of a location served by a competitive provider." That means business customers with just one choice are often considered to be located in a competitive market and thus no longer benefit from price controls. The decision affects Business Data Services (BDS), a dedicated, point-to-point broadband link that is delivered over copper-based TDM networks by incumbent phone companies like AT&T, Verizon, and CenturyLink.

But the FCC's claim that "potential competition" can rein in prices even in the absence of competition doesn't stand up to legal scrutiny, critics of the order say. "In 2016, after more than 10 years of examining the highly concentrated Business Data Services market, the FCC was poised to rein in anti-competitive pricing in the BDS market to provide enterprise customers, government agencies, schools, libraries, and hospitals with much-needed relief from monopoly rates," Phillip Berenbroick, senior policy counsel at consumer advocacy group Public Knowledge said. But after Republicans gained the FCC majority in 2017, "the commission illegally reversed course without proper notice and further deregulated the BDS market, leaving consumers at risk of paying up to $20 billion a year in excess charges from monopolistic pricing," Berenbroick said.

An anonymous reader quotes a report from Ars Technica: For fans of the platform, the official confirmation that Windows on phones isn't under active development any longer -- security bugs will be fixed, but new features and new hardware aren't on the cards -- isn't a big surprise. This is merely a sad acknowledgement of what we already knew. Last week, Microsoft also announced that it was getting out of the music business, signaling another small retreat from the consumer space. It's tempting to shrug and dismiss each of these instances, pointing to Microsoft's continued enterprise strength as evidence that the company's position remains strong. And certainly, sticking to the enterprise space is a thing that Microsoft could do. Become the next IBM: a stable, dull, multibillion dollar business. But IBM probably doesn't want to be IBM right now -- it has had five straight years of falling revenue amid declining relevance of its legacy businesses -- and Microsoft probably shouldn't want to be the next IBM, either. Today, Microsoft is facing similar pressures -- Windows, though still critical, isn't as essential to people's lives as it was a decade ago -- and risks a similar fate. Dropping consumer ambitions and retreating to the enterprise is a mistake. Microsoft's failure in smartphones is bad for Windows, and it's bad for Microsoft's position in the enterprise as a whole.

An anonymous reader quotes a report from Ars Technica: Back in April, Facebook published a report called "Information Operations and Facebook" that detailed the company's efforts to combat fake news and other misinformation campaigns on the site. The report was released in the midst of an uproar over potential Russian meddling in the 2016 presidential campaign. But the report doesn't mention Russia by name, saying only that Facebook's data "does not contradict" a January report by the Obama administration detailing Russian meddling in the election. On Friday, The Wall Street Journal reported that the decision not to mention Russia was hotly debated inside Facebook. An earlier draft of the report discussed what Facebook knew at that time about Russian meddling, but that material was ultimately removed from the report before publication. "Some at Facebook pushed to not include a mention of Russia in the report because the company's understanding of Russian activity was too speculative, according to one of the people," according to the Journal.

An anonymous reader quotes a report from Ars Technica: Americans bought more electric vehicles in September than any other month this year. According to Inside EV's monthly sales report, 21,325 battery EVs and plug-in hybrid EVs found homes last month. That's 20 percent more than this time last year and the second highest number ever. 2017 looks like it will be a record year; a total of 159,614 EVs were sold, a figure that should easily be eclipsed by the end of October. Tesla leads the pack, thanks to healthy increases in both Model S and Model X sales this month. Tesla may suffer some good-natured teasing about frequently missed deadlines, but you could set your watch by the regularity of its quarter-ending jump in deliveries. Barring some unforeseen circumstance, the Model S will remain the best-selling EV for the third year running. Like the overall trend, sales for the startup EV maker are up compared to last year, and even if the Model 3 continues to frustrate, we expect it to break the 50,000 car barrier by year-end.

General Motors is the only other company within reach of Tesla, whether we're talking about range or sales volume. The Chevrolet Bolt EV is now on sale in all 50 states and finding traction -- 2,632 sold in September and more than 14,000 on the road in 2017 so far. That still only gets it to fifth overall on the score chart, and there are three months left to go. The Chevy Volt, the Bolt's plug-in hybrid EV stablemate, is still the second-most popular EV among American buyers, but its sales have leveled off for the last few months. Toyota is the only other OEM to make the top five, less than 300 units behind the Volt.

At its hardware event today, Google debuted new wireless earbuds, dubbed "Pixel Buds." These are Google's first wireless earbuds that give users access to Google Translate so they can have conversations with people who speak a different language. Ars Technica reports: Unlike Apple's AirPods, the Pixel Buds have a wire connecting the two earpieces. However, that wire doesn't connect to a smartphone or other device. Pixel Buds will pair via Bluetooth to the new Pixel smartphones -- and presumably any other devices that accept Bluetooth wireless earbuds. All of the Pixel Buds' controls are built in to the right earpiece, which is a common hardware solution on wireless earbuds. You can access Google Assistant by tapping or pressing on the right earbud, and the Assistant will be able to read notifications and messages to you through the Buds.

But the most intriguing feature of the Pixel Buds is the integrated Google Translate feature. Demoed on stage at Google's event today, this feature lets two Pixel Bud wearers chat in their native languages by translating conversations in real time. In the demo, a native English speaker and a native Swedish speaker had a conversation with each other, both using their native languages. Google Translate translated the languages for each user. There was barely any lag time in between the speaker saying a phrase and the Buds' hearing those words and translating them into the appropriate language. The Pixel Buds will use Google Translate to comprehend conversations in 40 different languages. Some other features include a 5-hour battery life, and a charging case that can hold up to 24 hours of battery life. They're available for preorder today for $159.

AnalogDiehard writes: Congress created the Inter Partes Review (IPR) in 2012 within the U.S. Patent Office Patent Trials and Appeals Board (PTAB) as a faster and cheaper way to challenge and invalidate bad patents. The IPR expense is a fraction of the cost of a multimillion dollar patent court trial; it is loved by patent challengers and hated by patent owners. The pharmaceutical company Allergen has exploited a novel tactic to evade the IPR process: they hand them to a Native American Indian tribe for safekeeping. Under the arrangement, the tribes earn millions in royalties as long as the patents are valid, they license them back to Allergan, and the patents under the tribes' ownership is immune from lawsuits via sovereign immunity. Under the colonial-era concept of "sovereign immunity" which is codified in the 11th amendment, certain groups like states, universities, and tribes are immune from lawsuits, thus the drug patents are shielded from the IPR process leaving only a full blown multimillion dollar court trial for generic drug companies. This tactic is also attracting the attention of non-practicing entities -- the polite term for "patent trolls" -- and one such NPE company has already exploited sovereign immunity with the intention to sue Apple for infringement.

But court cases have limited the scope of sovereign immunity (especially for commercial activity), and now Congress is investigating Allergan over the tactic that has Congress not only greatly concerned about competition in the drug industry (and exorbitant prices of pharmaceuticals), but also the questionable use of the sovereign immunity law. The four lawmakers who signed the letter to Allergan state: "The unconventional maneuver has received considerable criticism from the generic competitors challenging the drug's patents under the process Congress created (IPR) to enable timelier review of such challenges (read: a fraction of the cost of a court trial)." The letter also notes that the key ingredient in the patent was set to expire in 2014 and that Allergan had filed more patents to extend patent protection to 2024, a signal that Congress is watching for exploitation of patent law to enable "perpetual patents" widely used by the pharmaceuticals.

AnalogDiehard writes: Congress created the Inter Partes Review (IPR) in 2012 within the U.S. Patent Office Patent Trials and Appeals Board (PTAB) as a faster and cheaper way to challenge and invalidate bad patents. The IPR expense is a fraction of the cost of a multimillion dollar patent court trial; it is loved by patent challengers and hated by patent owners. The pharmaceutical company Allergen has exploited a novel tactic to evade the IPR process: they hand them to a Native American Indian tribe for safekeeping. Under the arrangement, the tribes earn millions in royalties as long as the patents are valid, they license them back to Allergan, and the patents under the tribes' ownership is immune from lawsuits via sovereign immunity. Under the colonial-era concept of "sovereign immunity" which is codified in the 11th amendment, certain groups like states, universities, and tribes are immune from lawsuits, thus the drug patents are shielded from the IPR process leaving only a full blown multimillion dollar court trial for generic drug companies. This tactic is also attracting the attention of non-practicing entities -- the polite term for "patent trolls" -- and one such NPE company has already exploited sovereign immunity with the intention to sue Apple for infringement.

But court cases have limited the scope of sovereign immunity (especially for commercial activity), and now Congress is investigating Allergan over the tactic that has Congress not only greatly concerned about competition in the drug industry (and exorbitant prices of pharmaceuticals), but also the questionable use of the sovereign immunity law. The four lawmakers who signed the letter to Allergan state: "The unconventional maneuver has received considerable criticism from the generic competitors challenging the drug's patents under the process Congress created (IPR) to enable timelier review of such challenges (read: a fraction of the cost of a court trial)." The letter also notes that the key ingredient in the patent was set to expire in 2014 and that Allergan had filed more patents to extend patent protection to 2024, a signal that Congress is watching for exploitation of patent law to enable "perpetual patents" widely used by the pharmaceuticals.

AnalogDiehard writes: Congress created the Inter Partes Review (IPR) in 2012 within the U.S. Patent Office Patent Trials and Appeals Board (PTAB) as a faster and cheaper way to challenge and invalidate bad patents. The IPR expense is a fraction of the cost of a multimillion dollar patent court trial; it is loved by patent challengers and hated by patent owners. The pharmaceutical company Allergen has exploited a novel tactic to evade the IPR process: they hand them to a Native American Indian tribe for safekeeping. Under the arrangement, the tribes earn millions in royalties as long as the patents are valid, they license them back to Allergan, and the patents under the tribes' ownership is immune from lawsuits via sovereign immunity. Under the colonial-era concept of "sovereign immunity" which is codified in the 11th amendment, certain groups like states, universities, and tribes are immune from lawsuits, thus the drug patents are shielded from the IPR process leaving only a full blown multimillion dollar court trial for generic drug companies. This tactic is also attracting the attention of non-practicing entities -- the polite term for "patent trolls" -- and one such NPE company has already exploited sovereign immunity with the intention to sue Apple for infringement.

But court cases have limited the scope of sovereign immunity (especially for commercial activity), and now Congress is investigating Allergan over the tactic that has Congress not only greatly concerned about competition in the drug industry (and exorbitant prices of pharmaceuticals), but also the questionable use of the sovereign immunity law. The four lawmakers who signed the letter to Allergan state: "The unconventional maneuver has received considerable criticism from the generic competitors challenging the drug's patents under the process Congress created (IPR) to enable timelier review of such challenges (read: a fraction of the cost of a court trial)." The letter also notes that the key ingredient in the patent was set to expire in 2014 and that Allergan had filed more patents to extend patent protection to 2024, a signal that Congress is watching for exploitation of patent law to enable "perpetual patents" widely used by the pharmaceuticals.

An anonymous reader quotes a report from Ars Technica: The federal judge presiding in the Waymo v. Uber lawsuit has delayed trial for another two months after castigating lawyers on both sides of the case for being dishonest and telling "half-truths." "I'm going to give you a schedule, and we're not going to argue about it," U.S. District Judge William Alsup said after a one-hour hearing today. "We're going to pick the jury on November 29. We will start the trial on December 4, and it will run until December 20." The trial will decide whether Uber has misappropriated trade secrets from Waymo, Google's self-driving car spinoff.

Over the course of a 90-minute hearing today, the two sides had a heated dispute over what documents were produced and when depositions happened. Waymo lawyer Charles Verhoeven said that tens of thousands of documents were only handed over after the U.S. Court of Appeals for the Federal Circuit recently ruled that Uber must hand over the "due diligence" report produced by Stroz Friedberg. "To say that this volume is surprising is an understatement," said Verhoeven. "It's shocking. It's unbelievable."

An anonymous reader quotes a report from Ars Technica: The federal judge presiding in the Waymo v. Uber lawsuit has delayed trial for another two months after castigating lawyers on both sides of the case for being dishonest and telling "half-truths." "I'm going to give you a schedule, and we're not going to argue about it," U.S. District Judge William Alsup said after a one-hour hearing today. "We're going to pick the jury on November 29. We will start the trial on December 4, and it will run until December 20." The trial will decide whether Uber has misappropriated trade secrets from Waymo, Google's self-driving car spinoff.

Over the course of a 90-minute hearing today, the two sides had a heated dispute over what documents were produced and when depositions happened. Waymo lawyer Charles Verhoeven said that tens of thousands of documents were only handed over after the U.S. Court of Appeals for the Federal Circuit recently ruled that Uber must hand over the "due diligence" report produced by Stroz Friedberg. "To say that this volume is surprising is an understatement," said Verhoeven. "It's shocking. It's unbelievable."

An anonymous reader shares a report: Real driverless cars could come to the Phoenix area this year, according to a Monday report from The Information's Amir Efrati. Two anonymous sources have told Efrati that Google's self-driving car unit, Waymo, is preparing to launch "a commercial ride-sharing service powered by self-driving vehicles with no human 'safety' drivers as soon as this fall." Obviously, there's no guarantee that Waymo will hit this ambitious target. But it's a sign that Waymo believes its technology is very close to being ready for commercial use. And it suggests that Waymo is likely to introduce a fully driverless car network in 2018 if it doesn't do so in the remaining months of 2017. [...] According to a report on The Information, Waymo's service is likely to launch first in Chandler, a Phoenix suburb where Waymo has done extensive testing. Waymo chose the Phoenix area for its favorable weather, its wide, well-maintained streets, and the relative lack of pedestrians. Another important factor was the legal climate. Arizona has some of the nation's most permissive laws regarding self-driving vehicles. "Arizona's oversight group has met just twice in the last year, and found no reason to suggest any new rules or restrictions on autonomous vehicles, so long as they follow traffic laws," the Arizona Republic reported in June. "The group found no need to suggest legislation to help the deployment." According to the Arizona Republic, a 2015 executive order from Gov. Doug Ducey "allows universities to test vehicles with no driver on board so long as a licensed driver has responsibility for the cars and can take control remotely if the vehicle needs assistance." Waymo is getting ready to take the same approach.

According to Reuters, Equifax said about 2.5 million additional U.S. consumers may have been impacted by a cyber attack at the company last month. Last month, the company disclosed that personal details of up to 143 million U.S. consumers were accessed by hackers between mid-May and July.

As for what led to the breach, Ars Technica reports it was "a series of costly delays and crucial errors." From the report: Chief among the failures: an Equifax e-mail directing administrators to patch a critical vulnerability in the open source Apache Struts Web application framework went unheeded, despite a two-day deadline to comply. Equifax also waited a week to scan its network for apps that remained vulnerable. Even then, the delayed scan failed to detect that the code-execution flaw still resided in a section of the sprawling Equifax site that allows consumers to dispute information they believe is incorrect. Equifax said last month that the still-unidentified attackers gained an initial hold in the network by exploiting the critical Apache Struts vulnerability.

T-Mobile says it will continue to claim it has the country's fastest LTE network even after the National Advertising Division, a telecom industry watchdog group, "recommended" that it stop doing so in print, TV, and web advertisements. In a statement given to Ars Technica, "NAD previously recognized third-party crowdsourced data as a way to look at network performance, so we looked at the latest results, and verified what we already knew. T-Mobile is still the fastest LTE network and we'll continue to let consumers know that." The Verge reports: The dispute arose earlier this year as part of a T-Mobile ad campaign that insinuated that Verizon's network was older and slower, and that its service did not feature unlimited plans. Verizon then filed a complaint with the NAD, which is a self-regulatory body of the telecom industry designed to settle disputes, avoid litigation, and protect against unwanted government regulation. Verizon said at the time that because T-Mobile was relying on crowdsourced data from third-party speed test providers Ookla and OpenSignal, the data was skewed in favor of T-Mobile. The data was pulled from a one-month period after Verizon first reintroduced its unlimited plans. Verizon's logic wasn't super bulletproof: the company claimed that because it had never before offered unlimited plans, T-Mobile customers -- who were familiar with the concept of throttling after a certain data threshold -- were more likely to be sampled in the crowdsourced data set provided to the NAD. Still, T-Mobile discontinued the disputed commercial, and the NAD felt the need to offer guidelines last week, advising the company not to claim its network was faster or newer. In addition, the NAD also told T-Mobile to modify its claim that it covered 99.7 percent of Verizon customers to make clear that the coverage is by population and not geographic area.

An anonymous reader quotes a report from Ars Technica: Kim Dotcom's civil forfeiture case will not be heard before the Supreme Court this term, America's highest court ruled on Monday. The civil forfeiture case was brought 18 months after 2012 American criminal charges related to alleged copyright infringement against Dotcom and his now-shuttered company, Megaupload. In the forfeiture case, prosecutors specifically outlined why the New Zealand seizure of Dotcom's assets on behalf of the American government was valid. Seized items include millions of dollars in various seized bank accounts in Hong Kong and New Zealand, the Dotcom mansion, several luxury cars, four jet skis, two 108-inch TVs, three 82-inch TVs, a $10,000 watch, and a photograph by Olaf Mueller worth over $100,000.

"We are disappointed in the denial of the cert petition -- it is a bad day for due process and international treaties," Ira Rothken, Dotcom's chief global counsel, told Ars. "Kim Dotcom has never been to the United States, is presumed innocent, and is lawfully opposing extradition under the United States-New Zealand Treaty -- yet the United States by merely labeling him as a fugitive gets a judgement to take all of his assets with no due process," Rothken said. "The New Zealand and Hong Kong courts, who have authority over the assets, will now need to weigh in on this issue and we are cautiously optimistic that they will take a dim view of the Fugitive Disentitlement Doctrine and oppose US efforts to seize such assets."

One of the most popular jobs on TaskRabbit, a service that lets you hire workers for quick gigs, is assembling Ikea furniture. So perhaps it's no surprise that the Swedish retail giant has acquired the startup for an undisclosed price. From a report: For now, TaskRabbit services -- where each worker sets their own rates but the company takes 20 percent -- are available in 40 American cities and in London. The majority of its American workers (or "taskers" as the company dubs them) do not receive any health or retirement benefits, as is typical in so-called "gig economy" jobs. While TaskRabbit itself has not been sued in federal court by any of its workers so far, other companies in the industry have been -- numerous labor cases filed against Uber were recently heard at the 9th US Circuit Court of Appeal in San Francisco. It seems unlikely that Swedish business culture will have any impact on TaskRabbit's workers, the overwhelming majority of whom are ad hoc contractors. Sweden, which generally lacks a similar "gig economy" environment, boasts universal public health care and housing and child care subsidies. Employees in Sweden are required to be provided a minimum of five weeks paid annual leave, and wages are typically set by annual collective bargaining. According to Ikea's statement, TaskRabbit will remain an independent company and will remain in San Francisco -- as such, its taskers aren't considered to be employees.

The latest version of Internet Explorer has a bug that leaks the addresses, search terms, or any other text typed into the address bar. The flaw was disclosed Tuesday by security researcher Manual Caballero. Ars Technica reports: The bug allows any currently visited website to view any text entered into the address bar as soon as the user hits enter. The technique can expose sensitive information a user didn't intend to be viewed by remote websites, including the Web address the user is about to visit. The hack can also expose search queries, since IE allows them to be typed into the address bar and then retrieved from Bing or other search services. The proof-of-concept makes it transparent that the attacking website is viewing the entered text. The hack, however can easily be modified to make the information theft completely stealthy. A proof-of-concept site shows the exploit in action.

Owners at the Model 3 Owners Club compiled a list of over 80 different features of the Model 3 they're curious about, including questions about how the car operates (does the card unlock all the doors, where does the UI show you that your turn signals are active), physical aspects of the car (what does the tow hitch attachment look like, how much stuff can you fit in the front and rear cargo areas), and subjective details (how aggressive is the energy regeneration, does that wood trim cause glare). Ars Technica reports: So far, we've learned a few interesting facts. For instance, the windshield wipers are turned on and off by a stalk like just about every other car on the market, but changing the speed (slow/fast/intermittent) is handled by a menu on the touchscreen. The stalk also does double duty turning on the headlights, and there are no rain sensors for the wipers. The touchscreen UI really is the only way to interact with every other function, according to owners, even the rear air vents are controlled from up front (although there are USB ports in the back). Rear seat passengers also won't get seat heaters from what we gather -- unless Tesla plans to activate them in a later software update -- and the steering wheel is not heated either. The two buttons on the steering wheel do not appear to be user-configurable. Instead, the left button primarily deals with audio functions (scroll up and down for volume, left and right to change track) while the other one is for adjusting the mirrors and steering wheel position while in those menus in the UI. Additionally it appears that as of now, there's no way to tab through a different part of the UI without taking your hands off the steering wheel.

An anonymous reader quotes the New York Post: It was nearly Black Hawk down over Staten Island -- when an Army chopper was struck by an illegally flying drone over a residential neighborhood, authorities said Friday. The UA60 helicopter was flying 500 feet over Midland Beach alongside another Black Hawk, when the drone struck the chopper at around 8:15 p.m. Thursday, causing damage to its rotor blades. The uninjured pilot was able to land safely at nearby Linden Airport in New Jersey... "Our aircraft was not targeted, this was a civilian drone," said Army Lieutenant Colonel Joe Buccino, the spokesman for the 82nd Airborne... "One blade was damaged [and] dented in two spots and requires replacement and there is a dented window"... The NYPD and the military are investigating -- but no arrests have been made.
The same day a federal judge struck down an ordinance banning drone flights over private property that had been passed by the city of Newton, Massachusetts. But local law enforcement warned that "an out of control helicopter could have crashed into residential homes causing numerous injuries and even fatalities," while the Post reports that drones have also crashed into a power plant and into the 40th floor of the Empire State Building.

"In February, a GoPro drone crashed through a Manhattan woman's 27th floor window and landed just feet away from her as she sat in her living room."

An anonymous reader quotes a report from Ars Technica: Verizon Wireless is giving a reprieve to some rural customers who are scheduled to be booted off their service plans, but only in cases when customers have no other options for cellular service. Verizon recently notified 8,500 customers in 13 states that they will be disconnected on October 17 because they used roaming data on another network. But these customers weren't doing anything wrong -- they are being served by rural networks that were set up for the purpose of extending Verizon's reach into rural areas. Today, Verizon said it is extending the deadline to switch providers to December 1. The company is also letting some customers stay on the network -- although they must switch to a new service plan. "If there is no alternative provider in your area, you can switch to the S (2GB), M (4GB), 5GB single-line, or L (8GB) Verizon plan, but you must do so by December 1," Verizon said in a statement released today. These plans range from $35 to $70 a month, plus $20 "line fees" for each line. The 8,500 customers who received disconnection letters have a total of 19,000 lines. Verizon sells unlimited plans in most of the country but said only those limited options would be available to these customers. Verizon also reiterated its promise that first responders will be able to keep their Verizon service even though some public safety officials received disconnection notices. "We have become aware of a very small number of affected customers who may be using their personal phones in their roles as first responders and another small group who may not have another option for wireless service," Verizon said. "After listening to these folks, we are committed to resolving these issues in the best interest of the customers and their communities. We're committed to ensuring first responders in these areas keep their Verizon service."

Researchers caught the bacteria Mycoplasma hyorhinis hiding out among cancer cells, thwarting chemotherapy drugs intended to treat the tumors they reside in. The findings have been published this week in Science. Ars Technica reports: Drug resistance among cancers is a "foremost challenge," according to the study's authors, led by Ravid Straussman at the Weizmann Institute of Science. Yet the new data suggest that certain types of drug-resistant cancers could be defeated with a simple dollop of antibiotics alongside a chemotherapy regimen. Dr. Straussman and his colleagues got a hunch to look for the bacteria after noticing that, when they grew certain types of human cancer cells together in lab, the cells all became more resistant to a chemotherapy drug called gemcitabine. This is a drug used to treat pancreatic, lung, breast, and bladder cancers and is often sold under the brand name Gemzar. The researchers suspected that some of the cells may secrete a drug-busting molecule. So they tried filtering the cell cultures to see if they could catch it. Instead, they found that the cell cultures lost their resistance after their liquid broth passed through a pretty large filter -- 0.45 micrometers. This would catch large particles -- like bacteria -- but not small molecules, as the researchers were expecting.

Looking closer, the researchers noticed that some of their cancer cells were contaminated with M. hyorhinis. And these bacteria could metabolize gemcitabine, rendering the drug useless. When the researchers transplanted treatable cancer cells into the flanks of mice -- some with and some without M. hyorhinis -- the bacteria-toting tumors were resistant to gemcitabine treatment.

Artem Tashkinov writes: The World Wide Web Consortium (W3C), the industry body that oversees development of HTML and related Web standards, has today published the Encrypted Media Extensions (EME) specification as a Recommendation, marking its final blessing as an official Web standard. Final approval came after the W3C's members voted 58.4 percent to approve the spec, 30.8 percent to oppose, with 10.8 percent abstaining. EME provides a standard interface for DRM protection of media delivered through the browser. EME is not itself a DRM scheme; rather, it defines how Web content can work with third-party Content Decryption Modules (CDMs) that handle the proprietary decryption and rights-management portion. The principal groups favoring the development of EME have been streaming media companies such as Netflix and Microsoft, Google, and Apple, companies that both develop browsers and operate streaming media services. Following the announcement, EFF wrote a letter to W3C director, chief executive officer and team, in which it expressed its disappointment and said it was resignation from the W3C.

An anonymous reader quotes BleepingComputer: The Slovak National Security Office (NBU) has identified ten malicious Python libraries uploaded on PyPI -- Python Package Index -- the official third-party software repository for the Python programming language. NBU experts say attackers used a technique known as typosquatting to upload Python libraries with names similar to legitimate packages -- e.g.: "urlib" instead of "urllib." The PyPI repository does not perform any types of security checks or audits when developers upload new libraries to its index, so attackers had no difficulty in uploading the modules online.

Developers who mistyped the package name loaded the malicious libraries in their software's setup scripts. "These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code," NBU explained. Experts say the malicious code only collected information on infected hosts, such as name and version of the fake package, the username of the user who installed the package, and the user's computer hostname. Collected data, which looked like "Y:urllib-1.21.1 admin testmachine", was uploaded to a Chinese IP address. NBU officials contacted PyPI administrators last week who removed the packages before officials published a security advisory on Saturday."
The advisory lays some of the blame on Python's 'pip' tool, which executes arbitrary code during installations without requiring a cryptographic signature.

Ars Technica also reports that another team of researchers "was able to seed PyPI with more than 20 libraries that are part of the Python standard library," and that group now reports they've already received more than 7,400 pingbacks.

Ars Technica's health reporter argues that a new study suggesting sitting will kill you "is kind of a raging dumpster fire. It's funded by Big Soda and riddled with weaknesses -- including not measuring sitting." An anonymous reader quotes this report: Let's start with the money: It was funded in part by Coca-Cola... [I]t's hard to look past the fact that this is exactly the type of health and nutrition research Coke wants. In fact, Coca-Cola secretly spent $1.5 million to fund an entire network of academic researchers whose goal was to shift the national health conversation away from the harms of sugary beverages. Instead, their research focused on the benefits of exercise -- i.e., the health risks of sedentary and inactive lifestyles. The research network disbanded after The New York Times published an investigation on the network's funding in 2015...

It didn't actually measure sitting... In their words, "Our study has several limitations. First, the Actical accelerometer cannot distinguish between postures (such as sitting vs. standing); thus, we relied on an intensity-only definition of sedentary behavior." The "intensity-only" definition of sedentary behavior is based on metabolic equivalents, basically units defined by how much oxygen a person uses up doing various activities. But those definitions are also not cut and dried. There are no clear lines between lying down, sitting, standing in place, or light movement... Then there's the participant data: It's not representative -- like, at all... At the time of wearing the accelerometer, the most active group's mean age was 65. The mean age of the least active group: 75.
Groups were assigned based on just a week's worth of data -- or less. And the people placed in the least-active group were already more likely to be smokers, to have diabetes and hypertension, and to have a history of coronary heart disease and stroke.

An anonymous reader quotes a report from Ars Technica: Verizon is disconnecting another 8,500 rural customers from its wireless network, saying that roaming charges have made certain customer accounts unprofitable for the carrier. The 8,500 customers have 19,000 lines and live in 13 states (Alaska, Idaho, Iowa, Indiana, Kentucky, Maine, Michigan, Missouri, Montana, North Carolina, Oklahoma, Utah, and Wisconsin), a Verizon Wireless spokesperson told Ars today. They received notices of disconnection this month and will lose access to Verizon service on October 17. Verizon said in June that it was only disconnecting "a small group of customers" who were "using vast amounts of data -- some as much as a terabyte or more a month -- outside of our network footprint." But one customer, who contacted Ars this week about being disconnected, said her family never used more than 50GB of data across four lines despite having an "unlimited" data plan. We asked Verizon whether 50GB a month is a normal cut-off point in its disconnections of rural customers, but the company did not provide a specific answer. "These customers live outside of areas where Verizon operates our own network," Verizon said. "Many of the affected consumer lines use a substantial amount of data while roaming on other providers' networks and the roaming costs generated by these lines exceed what these consumers pay us each month. We sent these notices in advance so customers have plenty of time to choose another wireless provider."

An anonymous reader quotes a report from Ars Technica: The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers. AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service." The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer's personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

An anonymous reader quotes a report from Ars Technica: The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers. AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service." The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer's personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

In what will surely be disappointing news for a host of start-ups promising to deliver marijuana by drone like MDelivers and Eaze, California's Bureau of Cannabis Control has recently unveiled new regulatory rules that will ban drones from delivering marijuana. "The Bureau is currently developing regulation surrounding weed use and sales under the Medicinal and Adult-Use Cannabis Regulation and Safety Act (MAUCRSA) after recreational marijuana was legalized in California," reports The Verge. From the report: "Cannabis goods will be required to be transported inside commercial vehicles or trailers," the proposed program description reads. "Transportation may not be done by aircraft, watercraft, rail, drones, human powered vehicles, or unmanned vehicles." Under the rules, deliveries can only be made by licensed retailers, "in person by enclosed motor vehicle," and the vehicles used for deliveries must have a GPS that allows the seller to track the package. The Bureau also specifically states that those delivering the cannabis aren't allowed to consume the substance while out on the delivery. Further reading: Ars Technica

An anonymous reader quotes a report from Ars Technica: China has become the latest country to publicly discuss plans to ban the production and sale of gasoline- or diesel-powered vehicles. In July, both France and the UK published plans to phase out sales of conventionally powered vehicles by 2040. China will now add another nail to the coffin of the internal combustion engine. However, unlike the French or British plans, in this case there's no target date -- yet. The news comes from an automotive policy forum in Tianjin. China's vice minister of industry and information technology, Xin Guobin, said that his ministry has begun work on a timetable to phase out fossil fueled vehicles. The Xinhua news agency also reports that Xin told automakers they need to begin to "readjust their strategies" accordingly. For foreign car companies hoping to sell EVs in China, that will mean investing in the country, as imported vehicles come with stiff import duties attached.

An anonymous reader quotes a report from Ars Technica: The manufacturer of EpiPen devices failed to address known malfunctions in its epinephrine auto-injectors even as hundreds of customer complaints rolled in and failures were linked to deaths, according to the Food and Drug Administration. The damning allegations came to light today when the FDA posted a warning letter it sent September 5 to the manufacturer, Meridian Medical Technologies, Inc. The company (which is owned by Pfizer) produces EpiPens for Mylan, which owns the devices and is notorious for dramatically raising prices by more than 400 percent in recent years. The auto-injectors are designed to be used during life-threatening allergic reactions to provide a quick shot of epinephrine. If they fail to fire, people experiencing a reaction can die or suffer serious illnesses. According to the FDA, that's exactly what happened for hundreds of customers. In the letter, the agency wrote: "In fact, your own data show that you received hundreds of complaints that your EpiPen products failed to operate during life-threatening emergencies, including some situations in which patients subsequently died."

The agency goes on to lambast Meridian Medical for failing to investigate problems with the devices, recall bad batches, and follow-up on problems found. For instance, a customer made a complaint in April 2016 that an EpiPen failed. When Meridian disassembled the device, it found a deformed component that led to the problem -- the exact same defect it had found in February when another unit failed.

The breach Equifax reported Thursday is very possibly is the most severe of all for a simple reason: the breath-taking amount of highly sensitive data it handed over to criminals. Dan Goodin of ArsTechnica writes: By providing full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers, it provided most of the information banks, insurance companies, and other businesses use to confirm consumers are who they claim to be. The theft, by criminals who exploited a security flaw on the Equifax website, opens the troubling prospect the data is now in the hands of hostile governments, criminal gangs, or both and will remain so indefinitely. Hacks hitting Yahoo and other sites, by contrast, may have breached more accounts, but the severity of the personal data was generally more limited. And in most cases the damage could be contained by changing a password or getting a new credit card number. What's more, the 143 million US people Equifax said were potentially affected accounts for roughly 44 percent of the population. When children and people without credit histories are removed, the proportion becomes even bigger. That means well more than half of all US residents who rely the most on bank loans and credit cards are now at a significantly higher risk of fraud and will remain so for years to come. Besides being used to take out loans in other people's names, the data could be abused by hostile governments to, say, tease out new information about people with security clearances, especially in light of the 2015 hack on the US Office of Personnel Management, which exposed highly sensitive data on 3.2 million federal employees, both current and retired. Meanwhile, if you accept Equifax's paltry "help" you forfeit the right to sue the company, it has said. In its policy, Equifax also states that it won't be helping its customers fix hack-related problems.

UPDATE (9/9/17): Equifax has now announced that "the arbitration clause and class action waiver included in the Equifax and TrustedID Premier terms of use does not apply to this cybersecurity incident."

Bloomberg reported on Friday that a class action seeking to represent 143 million consumers has been filed, and it alleges the company didn't spend enough on protecting data. The class-action -- filed by the firm Olsen Daines PC along with Geragos & Geragos, a celebrity law firm known for blockbuster class actions -- will seek as much as $70 billion in damages nationally.

Disney CEO Bob Iger announced on Thursday that his company will pull the full catalog of films from the Star Wars franchise and Marvel universe from Netflix after 2019. Last month, Disney announced it would be pulling a number of Disney titles from the Netflix catalog, but left the door open to keeping the Star Wars franchise and Marvel films. That door has since been slammed shut, "choosing instead to use movies like Iron Man, Captain America, and the forthcoming Star Wars: Episode IX as a draw to a new Disney-owned streaming service," reports Ars Technica. From the report: It's not clear exactly which films are affected by Iger's announcement. A Netflix spokesperson told The Verge last month that "we continue to do business with the Walt Disney Company on many fronts, including our ongoing deal with Marvel TV." That refers to a collaboration between Disney and Netflix to produce several live-action television series based on lesser-known Marvel characters Daredevil, Jessica Jones, Iron Fist, and Luke Cage. Some of those series are still being actively developed. It's a high-risk gamble for Disney. It makes sense for Disney to bring its best-known franchises back under its own roof to give the Disney streaming service the best possible chance of success. But Disney is leaving a lot of money on the table by not doing a deal with Netflix or one of its competitors. It could be an expensive mistake if the Disney streaming service doesn't get traction.

A federal judge in Massachusetts has dismissed a libel lawsuit filed earlier this year against tech news website Techdirt. From a report: The claim was brought by Shiva Ayyadurai, who has controversially claimed that he invented e-mail in the late 1970s. Techdirt (and its founder and CEO, Mike Masnick) has been a longtime critic of Ayyadurai and institutions that have bought into his claims. "How The Guy Who Didn't Invent Email Got Memorialized In The Press & The Smithsonian As The Inventor Of Email," reads one Techdirt headline from 2012. One of Techdirt's commenters dubbed Ayyadurai a "liar" and a "charlatan," which partially fueled Ayyadurai's January 2017 libel lawsuit. In the Wednesday ruling, US District Judge F. Dennis Saylor found that because it is impossible to define precisely and specifically what e-mail is, Ayyadurai's "claim is incapable of being proved true or false."

An anonymous reader quotes a report from Ars Technica: Google's got a hot new ride. The company has a new Street View car with updated cameras, and -- surprisingly -- a set of Lidar (Light, Detection and Ranging) cans! Google doesn't have anything up officially about this, but Wired has the scoop on the new vehicles. The camera system upgrade -- the first in eight years -- greatly improves the image quality while simplifying the rig. In the main ball, Google is down from 15 cameras to seven, making the whole package a lot smaller. These 20MP cameras are aimed all around the car, and the pictures they take are stitched together into a spherical image for Google Maps. There's more to the cars than just the ball though: there are also a pair of "HD" cameras that face directly left and right. These are dedicated to reading street signs, business names, and even posted store hours; those images are funneled to Google's cloud computers for visual processing. The end result of the new cameras will be prettier Street View shots, with higher resolution, better colors, and fewer stitching errors. The better images should also result in more data for Google's various visual feature-detection algorithms.

Wired's report focuses almost entirely on the new cameras, but I think the the most interesting additions are the two LIDAR pucks that hang just below the camera ball. These are the ubiquitous Velodyne VLP-16 "Puck" sensors, allowing the to car "see" in 3D in 360 degrees. These $8,000 Lidar sensors are most commonly used in autonomous car prototypes, so to see them on a Street View car is unexpected. Don't expect the Street View cars to start driving themselves anytime soon -- as Google Street View's Technical Program Manager Steve Silverman says in Wired's video, the Lidar sensors "are used to position us in the world."

An anonymous reader quotes a report from Ars Technica: We are quickly running out of adjectives to describe the destructive potential of Hurricane Irma. As of 2pm ET on Tuesday, the National Hurricane Center upgraded the storm's sustained winds to 185mph. This is near-record speed for a storm in the Atlantic basin, which includes the Atlantic Ocean, Caribbean Sea, and Gulf of Mexico. Such high, sustained winds tie Irma for the second-strongest storm on record in the Atlantic, along with Hurricane Wilma (2005), Hurricane Gilbert (1998), and the 1935 Florida Keys hurricane. Only Hurricane Allen, which reached 190 mph in 1980 before striking a relatively unpopulated area of Texas, reached a higher wind speed. Globally, the all-time record for hurricanes is held by Patricia, which reached a staggering 215 mph in the Pacific Ocean in 2015. Although sustained winds capture the most public attention, meteorologists generally measure the intensity of a storm based upon central pressures, which are considerably lower than sea-level pressure on Earth, 1,013 millibars. Typhoon Tip, in 1979, holds this record at 870 millibars. For now, at least, Irma has a relatively high central pressure of 927 millibars. Why the storm has such an odd wind-speed-pressure relationship isn't entirely clear. According to the National Hurricane Center, Irma is expected to bring catastrophic winds and potential storm surges to the U.S. Virgin Islands, Puerto Rico, Dominican Republic, and the UK territory of Turks and Caicos this week. The Florida Keys could get hit by late Saturday night or Sunday.

A jury has ruled that Nintendo must pay $10.1 million because its Wii and Wii U systems infringe a patent belonging to a Dallas medical motion-detection company. Ars Technica reports: iLife sued Nintendo (PDF) in 2013 after filing lawsuits against four other companies in 2012. The case went to a jury trial in Dallas, and yesterday the jury returned its verdict (PDF). They found that Nintendo infringed U.S. Patent No. 6,864,796, first filed in 1999, which describes "systems and methods for evaluating movement of a body relative to an environment." The patent drawings show a body-mounted motion detector that could detect falls in the elderly, which is the market that iLife was targeting, according to its now defunct website. The $10.1 million was less than 10 percent of what iLife's attorneys had been asking for. When the trial began in Dallas on August 21, Law360 reported that iLife lawyers asked the jury for a $144 million payout. That damage demand was based on a royalty of $4 per Wii unit, multiplied by 36 million systems sold in the six years before the lawsuit was filed.