Slashdot Mirror

An anonymous reader quotes a report from Ars Technica: If the U.S. adopts a "dig once" policy, construction workers would install conduits just about any time they build new roads and sidewalks or upgrade existing ones. These conduits are plastic pipes that can house fiber cables. The conduits might be empty when installed, but their presence makes it a lot cheaper and easier to install fiber later, after the road construction is finished. The idea is an old one. U.S. Rep. Anna Eshoo (D-Calif.) has been proposing dig once legislation since 2009, and it has widespread support from broadband-focused consumer advocacy groups. It has never made it all the way through Congress, but it has bipartisan backing from lawmakers who often disagree on the most controversial broadband policy questions, such as net neutrality and municipal broadband. It even got a boost from Rep. Marsha Blackburn (R-Tenn.), who has frequently clashed with Democrats and consumer advocacy groups over broadband -- her "Internet Freedom Act" would wipe out the Federal Communications Commission's net neutrality rules, and she supports state laws that restrict growth of municipal broadband. Blackburn, chair of the House Communications and Technology Subcommittee, put Eshoo's dig once legislation on the agenda for a hearing she held yesterday on broadband deployment and infrastructure. Blackburn's opening statement (PDF) said that dig once is among the policies she's considering to "facilitate the deployment of communications infrastructure." But her statement did not specifically endorse Eshoo's dig once proposal, which was presented only as a discussion draft with no vote scheduled. The subcommittee also considered a discussion draft that would "creat[e] an inventory of federal assets that can be used to attach or install broadband infrastructure." Dig once legislation received specific support from Commerce Committee Chairman Greg Walden (R-Ore.), who said that he is "glad to see Ms. Eshoo's 'Dig Once' bill has made a return this Congress. I think that this is smart policy and will help spur broadband deployment across the country."

An anonymous reader quotes a report from Ars Technica: If the U.S. adopts a "dig once" policy, construction workers would install conduits just about any time they build new roads and sidewalks or upgrade existing ones. These conduits are plastic pipes that can house fiber cables. The conduits might be empty when installed, but their presence makes it a lot cheaper and easier to install fiber later, after the road construction is finished. The idea is an old one. U.S. Rep. Anna Eshoo (D-Calif.) has been proposing dig once legislation since 2009, and it has widespread support from broadband-focused consumer advocacy groups. It has never made it all the way through Congress, but it has bipartisan backing from lawmakers who often disagree on the most controversial broadband policy questions, such as net neutrality and municipal broadband. It even got a boost from Rep. Marsha Blackburn (R-Tenn.), who has frequently clashed with Democrats and consumer advocacy groups over broadband -- her "Internet Freedom Act" would wipe out the Federal Communications Commission's net neutrality rules, and she supports state laws that restrict growth of municipal broadband. Blackburn, chair of the House Communications and Technology Subcommittee, put Eshoo's dig once legislation on the agenda for a hearing she held yesterday on broadband deployment and infrastructure. Blackburn's opening statement (PDF) said that dig once is among the policies she's considering to "facilitate the deployment of communications infrastructure." But her statement did not specifically endorse Eshoo's dig once proposal, which was presented only as a discussion draft with no vote scheduled. The subcommittee also considered a discussion draft that would "creat[e] an inventory of federal assets that can be used to attach or install broadband infrastructure." Dig once legislation received specific support from Commerce Committee Chairman Greg Walden (R-Ore.), who said that he is "glad to see Ms. Eshoo's 'Dig Once' bill has made a return this Congress. I think that this is smart policy and will help spur broadband deployment across the country."

New submitter evolutionary writes: Apparently the Australian funnel-web spider's venom has amazing properties, if you can use it within 4.5 hours. From a report via Ars Technica: "Venom from the Australian funnel-web spider (Hadronyche infensa) contains a chemical that shuts down an ion channel known to malfunction in brain cells after strokes, researchers report Monday in PNAS. In cell experiments, the harmless chemical protected brain cells from a toxic flood of ions unleashed after a stroke strikes. In rats, the venom component markedly protected the rats' brains from extensive damage -- even when it was given hours after a stroke occurred. Researchers have years, if not decades, of work to figure out if their particular venom is safe and effective in humans. And very few potential therapies make the cut. But, this early study gives us reason to be somewhat optimistic: it follows years of research and hypotheses that such venom components and their ion channel-targets could be key to new stroke treatments -- which are desperately needed. The vast majority of strokes involve a blockage that stops or slows the flow of blood into an area of the brain (other strokes can be caused by hemorrhages.) This leaves brain cells without fresh blood and oxygen. To cope, the cells can switch to metabolic pathways that don't rely on oxygen. But this creates acidic conditions, and the pH outside of brain cells starts dropping fast -- a scenario called acidosis. In the acidic, oxygen-starved brain regions, brain cells become damaged and start dying off, causing irreparable damage. The only drug approved by the Food and Drug Administration to treat these types of strokes tries to restore blood flow by breaking up clots. But this drug is only used in about three to four percent of stroke victims because it has to be used within 4.5 hours of the stroke. It also comes with the risk of causing hemorrhages."

An anonymous reader quotes a report from Ars Technica: Some Kansas City residents who have been waiting years for Google Fiber to install service at their homes recently received e-mails canceling their installations, with no word on whether they'll ever get Internet service from the company. KSHB 41 Action News in Kansas City, Missouri, "spoke to several people, living in different parts of the metro, all who have recently received cancellation e-mails," the station reported last week. "The e-mails do not provide a specific reason for the cancellations. Instead they say the company was 'unable to build our network to connect your home or business at this time.'" While Google Fiber refuses to say how many installations have been canceled, KSHB said, "there is speculation the number of cancellations in the metro is as high as 2,700." "The company says it has slowed down in some areas to experiment with new techniques," such as wireless technology, the report also said. Google Fiber is still hooking up fiber for some new customers in parts of the Kansas City area. One resident who had his installation canceled is Larry Meurer, who was seeing multiple Google Fiber trucks in his neighborhood nearly two years ago, in the spring of 2015. "I'm left wondering what's going on," he told KSHB after getting the cancellation e-mail. Meurer lives in Olathe, Kansas, one of the largest cities in the Kansas City metro area. Residents only five houses away and around the corner have Google Fiber service, the report said. But Meurer said he and several neighbors who never got service were "terminated."

The 10th annual Pwn2Own hacking competition ended Friday in Vancouver. Some of the highlights:

• Ars Technica reports one team "compromised Microsoft's heavily fortified Edge browser in a way that escapes a VMware Workstation virtual machine it runs in... by exploiting a heap overflow bug in Edge, a type confusion flaw in the Windows kernel and an uninitialized buffer vulnerability in VMware."
• Digital Trends reports "Samuel Grob and Niklas Baumstark used a number of logic bugs to exploit the Safari browser and eventually take root control of the MacOS on a MacBook Pro, [and] impressed onlookers even more by adding a custom message to the Touch Bar which read: "pwned by niklasb and saelo."
• Ubuntu 16.10 Linux was also successfully attacked by exploiting a flaw in the Linux 4.8 kernel, "triggered by a researcher who only had basic user access but was able to elevate privileges with the vulnerability to become the root administrative account user..." reports eWeek. "Chaitin Security Research Lab didn't stop after successfully exploiting Ubuntu. It was also able to successfully demonstrate a chain of six bugs in Apple Safari, gaining root access on macOS."
• Another attacker "leveraged two separate use-after-free bugs in Microsoft Edge and then escalated to SYSTEM using a buffer overflow in the Windows kernel."

None of the attendees registered to attempt an attack on the Apache Web Server on Ubuntu 16.10 Linux, according to eWeek, but the contest's blog reports that "We saw a record 51 bugs come through the program. We paid contestants $833,000 USD in addition to the dozen laptops we handed out to winners. And, we awarded a total of 196 Master of Pwn points."

For those affected by LG's infamous bootloop issue with the G4 and V10, you might find some joy in this: several (upset) owners of these devices have lodged a proposed class-action lawsuit in a California federal court. They claim that a repeating bootloop issue "renders the phones inoperable and unfit for any use." In other words: bricked. Ars Technica reports: Thousands of complaints about the G4 have been highlighted on Twitter, Reddit, and YouTube. There was even an online petition to "launch a replacement program for defective LG G4s." Not to be outdone, the V10 has been the subject of many online complaints as well. One of the plaintiffs in the lawsuit (PDF) filed Wednesday said that LG replaced his G4 two times and that his third G4 constantly freezes. The new phone, says the suit, is "manifesting signs of the bootloop defect and is unmerchantable." A year ago, LG acknowledged the problem with the G4 and said it was the result of "loose contact between components." The company began offering replacement devices and fixes. The suit said that even after the January 2016 announcement, "LG continued to manufacture LG Phones with the bootloop defect." The suit claims that both models' processors were inadequately soldered to the motherboard, rendering them "unable to withstand the heat." Initially, the phones begin to freeze, suffer slowdowns, overheat, and reboot at random. Eventually, the suit says, they fail "entirely."

For those affected by LG's infamous bootloop issue with the G4 and V10, you might find some joy in this: several (upset) owners of these devices have lodged a proposed class-action lawsuit in a California federal court. They claim that a repeating bootloop issue "renders the phones inoperable and unfit for any use." In other words: bricked. Ars Technica reports: Thousands of complaints about the G4 have been highlighted on Twitter, Reddit, and YouTube. There was even an online petition to "launch a replacement program for defective LG G4s." Not to be outdone, the V10 has been the subject of many online complaints as well. One of the plaintiffs in the lawsuit (PDF) filed Wednesday said that LG replaced his G4 two times and that his third G4 constantly freezes. The new phone, says the suit, is "manifesting signs of the bootloop defect and is unmerchantable." A year ago, LG acknowledged the problem with the G4 and said it was the result of "loose contact between components." The company began offering replacement devices and fixes. The suit said that even after the January 2016 announcement, "LG continued to manufacture LG Phones with the bootloop defect." The suit claims that both models' processors were inadequately soldered to the motherboard, rendering them "unable to withstand the heat." Initially, the phones begin to freeze, suffer slowdowns, overheat, and reboot at random. Eventually, the suit says, they fail "entirely."

An anonymous reader quotes a report from Ars Technica: AT&T this week acknowledged that DirecTV has been charging the wrong regional sports fees to some customers and is now issuing bill credits to those who paid more because of the mistake. "We have identified a small percentage of customers who are receiving some inaccurate bills for regional sports network fees," an AT&T spokesperson told Ars yesterday. "We are working as quickly as possible to notify those customers and issue credits. We apologize for the error." AT&T bought DirecTV, the nation's largest satellite TV provider with about 21 million customers, in 2015. The mistake affects bills going back to late January. Customers will not have to do anything to get the credit, as it will be issued automatically. The billing problem came to light last week when Consumerist published a report detailing how the regional sports network fees vary by ZIP code in ways that simply didn't make sense. It wouldn't be surprising to see different fees in different metro areas and states, since different local sports networks and teams are broadcast in different areas. But there were numerous cases in which people in adjacent ZIP codes were charged very different amounts to watch the same exact networks and teams. Some customers were charged no sports fee, while others were charged amounts of $2.47, $5.83, or $7.29 a month.

According to New York Attorney General Eric Schneiderman, Rex Tillerson used an email alias of "Wayne Tracker" to communicate with other Exxon executives about climate change while serving as CEO of Exxon Mobil. "New York Attorney General Eric Schneiderman has been leading an investigation of Exxon Mobil centered on whether the company misled investors by publicly arguing against the reality of climate change even though its executives knew the science was accurate," reports Ars Technica. "The investigation was triggered by news reports describing climate research the company undertook in the 1970s and 1980s, which affirmed the work of other climate scientists and showed that greenhouse gas emissions were causing climate change. Exxon buried that work and spent the next couple decades claiming that the science was unclear, although it has recently publicly acknowledged reality." From the report: The e-mails that were provided allowed the attorney general to figure out that Tillerson used the account between 2008 and 2015 at least, but it didn't appear on Exxon's list of accounts for which records were preserved. The letter also mentions 34 other e-mail accounts "specifically assigned to top executives, board members, or assistants" that the attorney general thinks should have been included. In a statement, an Exxon spokesperson explained, "The e-mail address, Wayne.Tracker@exxonmobil.com, is part of the company's e-mail system and was put in place for secure and expedited communications between select senior company officials and the former chairman for a broad range of business-related topics." The Office of the Attorney General's letter claims that "Exxon has continuously delayed and obstructed the production of documents from its top executives and board members, which are crucial to OAG's investigation into Exxon's touted risk-management practices regarding climate change."

An anonymous reader quotes a report from Ars Technica: Nintendo's Switch has been out for almost two weeks, which of course means that efforts to hack it are well underway. One developer, who goes by qwertyoruiop on Twitter, has demonstrated that the console ships with months-old bugs in its WebKit browser engine. These bugs allow for arbitrary code execution within the browser. A proof-of-concept explainer video was posted here. The potential impact of these vulnerabilities for Switch users is low. A Switch isn't going to have the same amount of sensitive data on it that an iPhone or iPad can, and there are way fewer Switches out there than iDevices. Right now, the Switch also doesn't include a standalone Internet browser, though WebKit is present on the system for logging into public Wi-Fi hotspots, and, with some cajoling, you can use it to browse your Facebook feed. The exploit could potentially open the door for jailbreaking and running homebrew software on the Switch, but, as of this writing, the exploit doesn't look like it provides kernel access. The developer who discovered the exploit himself says that the vulnerability is just a "starting point."

"One of the attorneys behind the Prenda Law 'copyright trolling' scheme has pleaded guilty to federal charges of fraud and money laundering," reports Ars Technica. Long-time Slashdot reader Freshly Exhumed shares this article from the law blog Popehat: The factual basis section -- which Steele admits is true (as to facts he knows) or that the government can prove (as to facts he doesn't know directly) -- is a startling 16 pages long [PDF] and lavishly documents the entire scheme, complete with many details that accusers have been pointing out for years. In short, Steele admits that he and Hansmeier used sham entities to obtain the copyright to (or in some cases film) porn, uploaded it to file-sharing websites, and then filed "false and deceptive" copyright suits against downloaders designed to conceal their role in distributing the films and their stake in the outcomes. They lied to courts themselves, sent others to court to lie, lied at depositions, lied in sworn affidavits, created sham entities as plaintiffs, created fraudulent hacking allegations to try to obtain discovery into the identity of downloaders, used "ruse defendants" (strawmen, in effect) to get courts to approve broad discovery into IP addresses.
Facing a maximum of 40 years in prison, Steele could get his sentence reduced if he testifies against Hansmeier, according to the article, and "Steele appears to have pinned all of his hopes on that option... I've seen a lot of plea agreements in a lot of federal cases, and I don't recall another one that so clearly conveyed the defendant utterly surrendering and accepting everything the government demanded, all in hopes of talking his sentence down later."

An anonymous reader quotes a report from Ars Technica: An assortment of malware was found on 38 Android devices belonging to two unidentified companies. This is according to a blog post published Friday by Check Point Software Technologies, maker of a mobile threat prevention app. The malicious apps weren't part of the official ROM firmware supplied by the phone manufacturers but were added later somewhere along the supply chain. In six of the cases, the malware was installed to the ROM using system privileges, a technique that requires the firmware to be completely reinstalled for the phone to be disinfected. Most of the malicious apps were info stealers and programs that displayed ads on the phones. One malicious ad-display app, dubbed "Loki," gains powerful system privileges on the devices it infects. Another app was a mobile ransomware title known as "Slocker," which uses Tor to conceal the identity of its operators. Check Point didn't disclose the names of the companies that owned the infected phones. Padon said it's not clear if the two companies were specifically targeted or if the infections were part of a broader, more opportunistic campaign. The presence of ransomware and other easy-to-detect malware seems to suggest the latter. Check Point also doesn't know where the infected phones were obtained. One of the affected parties was a "large telecommunications company" and the other was a "multinational technology company."

Google is making CAPTCHAs invisible using "a combination of machine learning and advanced risk analysis that adapts to new and emerging threats." Ars Technica reports: The old reCAPTCHA system was pretty easy -- just a simple "I'm not a robot" checkbox would get people through your sign-up page. The new version is even simpler, and it doesn't use a challenge or checkbox. It works invisibly in the background, somehow, to identify bots from humans. Google doesn't go into much detail on how it works, only saying that the system uses "a combination of machine learning and advanced risk analysis that adapts to new and emerging threats." More detailed information on how the system works would probably also help bot-makers crack it, so don't expect details to pop up any time soon. When sites switch over to the invisible CAPTCHA system, most users won't see CAPTCHAs at all, not even the "I'm not a robot" checkbox. If you are flagged as "suspicious" by the system, then it will display the usual challenges.

Yesterday, Sen. Jeff Flake (R-Ariz.) and 23 Republican co-sponsors introduced a resolution that would overturn new privacy rules for internet service providers. "If the Federal Communications Commission rules are eliminated, ISPs would not have to get consumers' explicit consent before selling or sharing web browsing data and other privacy information with advertisers and other third parties," reports Ars Technica. "The measure would use lawmakers' power under the Congressional Review Act to ensure that the FCC rulemaking 'shall have no force or effect.' The resolution would also prevent the FCC from issuing similar regulations in the future." From the report: Flake's announcement said he's trying to "protect consumers from overreaching Internet regulation." Flake also said that the resolution "empowers consumers to make informed choices on if and how their data can be shared," but he did not explain how it will achieve that. The privacy order had several major components. The requirement to get the opt-in consent of consumers before sharing information covered geo-location data, financial and health information, children's information, Social Security numbers, Web browsing history, app usage history, and the content of communications. This requirement is supposed to take effect on December 4, 2017. The rulemaking had a data security component that required ISPs to take "reasonable" steps to protect customers' information from theft and data breaches. This was supposed to take effect on March 2, but the FCC under newly appointed Chairman Ajit Pai halted the rule's implementation. Another set of requirements related to data breach notifications is scheduled to take effect on June 2. Flake's resolution would prevent all of those requirements from being implemented. He said that this "is the first step toward restoring the [Federal Trade Commission's] light-touch, consumer-friendly approach." Giving the FTC authority over Internet service providers would require further FCC or Congressional action because the FTC is not allowed to regulate common carriers, a designation currently applied to ISPs.

Yesterday, Sen. Jeff Flake (R-Ariz.) and 23 Republican co-sponsors introduced a resolution that would overturn new privacy rules for internet service providers. "If the Federal Communications Commission rules are eliminated, ISPs would not have to get consumers' explicit consent before selling or sharing web browsing data and other privacy information with advertisers and other third parties," reports Ars Technica. "The measure would use lawmakers' power under the Congressional Review Act to ensure that the FCC rulemaking 'shall have no force or effect.' The resolution would also prevent the FCC from issuing similar regulations in the future." From the report: Flake's announcement said he's trying to "protect consumers from overreaching Internet regulation." Flake also said that the resolution "empowers consumers to make informed choices on if and how their data can be shared," but he did not explain how it will achieve that. The privacy order had several major components. The requirement to get the opt-in consent of consumers before sharing information covered geo-location data, financial and health information, children's information, Social Security numbers, Web browsing history, app usage history, and the content of communications. This requirement is supposed to take effect on December 4, 2017. The rulemaking had a data security component that required ISPs to take "reasonable" steps to protect customers' information from theft and data breaches. This was supposed to take effect on March 2, but the FCC under newly appointed Chairman Ajit Pai halted the rule's implementation. Another set of requirements related to data breach notifications is scheduled to take effect on June 2. Flake's resolution would prevent all of those requirements from being implemented. He said that this "is the first step toward restoring the [Federal Trade Commission's] light-touch, consumer-friendly approach." Giving the FTC authority over Internet service providers would require further FCC or Congressional action because the FTC is not allowed to regulate common carriers, a designation currently applied to ISPs.

An anonymous reader quotes a report from Ars Technica: American adults reported having nine fewer romps a year in the early 2010s than they did in the late 1990s -- dropping from an average of about 62 times a year between 1995 and 2000 to around 53 a year between 2010 and 2014. Researchers saw declines across ages, races, religions, education levels, employment statuses, and regions. They linked the sagging numbers to two trends: an increase in singletons over that period -- who tend to have less sex than married or partnered people -- plus a slow-down in the sex lives of married and coupled people. But the drivers of those trends are still unclear. The study is based on data from a long-standing national survey called the General Social Survey (GSS). It involves a nationally representative sample of Americans over 18 years old, surveyed most years between 1972 and 2014. The new study involved responses from 26,620 Americans. Specifically, researchers found that married people's annual whoopee frequency dropped from an average of nearly 69 in the 1995-2000 period to just below 56 in the 2010-2014 period. The unmarried saw their lovemaking drop from 54 per year to 51 in the same timeframes. Meanwhile, the number of people without steady partners -- married or otherwise -- rose from 26 percent of survey respondents in 2006 to 33 percent in 2014. People who took the biggest hits in the bedroom since the 1990s were those with a college degree (about 15 fewer times a year) and people living in the South (about 13 fewer times a year). The study has been published in the journal Archives of Sexual Behavior.

An anonymous reader quotes a report from Ars Technica: Wind power is now the largest source of renewable energy generating capacity, passing hydroelectric power in 2016. And since the two sources produce electricity at nearly the same rate, we'll soon see wind surpass hydro in terms of electricity produced. Wind power capacity has been growing at an astonishing pace (as shown in the graph above), and 2016 was no exception. As companies rushed to take advantage of tax incentives for renewable power, the U.S. saw 8.7 Gigawatts of new wind capacity installed in 2016. That's the most since 2012, the last time tax incentives were scheduled to expire. This has pushed the U.S.' total wind capacity to over 81 GW, edging it past hydroelectric, which has remained relatively stable at roughly 80 GW. Note that this is only capacity; since generators can't be run non-stop, they only generate a fraction of the electricity that their capacity suggests is possible. That fraction, called a capacity factor, has been in the area of 34 percent for U.S. wind, lower than most traditional sources of electricity. But hydropower's capacity factor isn't that much better, typically sitting at 37-38 percent. As a result, wind won't need to grow much to consistently exceed hydro. Source: U.S. Energy Information Administration, Electricity Data Browser

An anonymous reader quotes a report from Ars Technica: Speculation that Sprint will merge with T-Mobile USA or another competitor has ramped up since the inauguration of President Donald Trump. That continued Friday when a report from The New York Times suggested that Sprint could be combined with either T-Mobile or Comcast, the nation's largest cable company. Masayoshi Son, founder and CEO of Sprint owner SoftBank, "and his financial advisers are weighing several major possible deals for Sprint," the Times wrote. "Be it a tie-up with T-Mobile U.S., Sprint's closest competitor, or a more ambitious marriage with the cable colossus Comcast, a transaction would allow Mr. Son to fulfill a long-held ambition to invest aggressively in wireless networks in the United States and enable next-generation mobile technology." Titled "The World's Top Tech Investor Is Betting Big on Trump," the Times report says that "the Trump administration's push for lighter regulation and lower taxes has been a powerful lure for cash-rich investors the world over." SoftBank, which is based in Japan, had several of its executives "spen[d] a day in Washington talking to senior members of Mr. Trump's economic team" last month, according to bankers who were briefed on the meetings, the Times report said. U.S. regulators opposed wireless consolidation during the Obama administration, preventing potential mergers between AT&T and T-Mobile and later between Sprint and T-Mobile. With four major nationwide carriers, U.S. wireless competition recently led to an expansion of unlimited data plans.

An anonymous reader quotes a report from Ars Technica: Speculation that Sprint will merge with T-Mobile USA or another competitor has ramped up since the inauguration of President Donald Trump. That continued Friday when a report from The New York Times suggested that Sprint could be combined with either T-Mobile or Comcast, the nation's largest cable company. Masayoshi Son, founder and CEO of Sprint owner SoftBank, "and his financial advisers are weighing several major possible deals for Sprint," the Times wrote. "Be it a tie-up with T-Mobile U.S., Sprint's closest competitor, or a more ambitious marriage with the cable colossus Comcast, a transaction would allow Mr. Son to fulfill a long-held ambition to invest aggressively in wireless networks in the United States and enable next-generation mobile technology." Titled "The World's Top Tech Investor Is Betting Big on Trump," the Times report says that "the Trump administration's push for lighter regulation and lower taxes has been a powerful lure for cash-rich investors the world over." SoftBank, which is based in Japan, had several of its executives "spen[d] a day in Washington talking to senior members of Mr. Trump's economic team" last month, according to bankers who were briefed on the meetings, the Times report said. U.S. regulators opposed wireless consolidation during the Obama administration, preventing potential mergers between AT&T and T-Mobile and later between Sprint and T-Mobile. With four major nationwide carriers, U.S. wireless competition recently led to an expansion of unlimited data plans.

An anonymous reader quotes a report from Ars Technica: Speculation that Sprint will merge with T-Mobile USA or another competitor has ramped up since the inauguration of President Donald Trump. That continued Friday when a report from The New York Times suggested that Sprint could be combined with either T-Mobile or Comcast, the nation's largest cable company. Masayoshi Son, founder and CEO of Sprint owner SoftBank, "and his financial advisers are weighing several major possible deals for Sprint," the Times wrote. "Be it a tie-up with T-Mobile U.S., Sprint's closest competitor, or a more ambitious marriage with the cable colossus Comcast, a transaction would allow Mr. Son to fulfill a long-held ambition to invest aggressively in wireless networks in the United States and enable next-generation mobile technology." Titled "The World's Top Tech Investor Is Betting Big on Trump," the Times report says that "the Trump administration's push for lighter regulation and lower taxes has been a powerful lure for cash-rich investors the world over." SoftBank, which is based in Japan, had several of its executives "spen[d] a day in Washington talking to senior members of Mr. Trump's economic team" last month, according to bankers who were briefed on the meetings, the Times report said. U.S. regulators opposed wireless consolidation during the Obama administration, preventing potential mergers between AT&T and T-Mobile and later between Sprint and T-Mobile. With four major nationwide carriers, U.S. wireless competition recently led to an expansion of unlimited data plans.

Sprint "may have just scored its biggest payout yet," reports Ars Technica, pointing out that Sprint's been filing lawsuits over its VoIP patents for more than a decade. An anonymous reader quotes their report: On Friday, a jury in Sprint's home district of Kansas City said that Time Warner Cable, now part of Charter Communications, must pay $139.8 million for infringing several patents related to VoIP technology. The jury found that TWC's infringement was willful, which means that the judge could increase the damage award up to three times its value... Sprint filed the lawsuits that led to Friday's verdict in 2011, when it sued TWC along with Comcast, Cox, and Cable One, saying the competing companies violated 12 different Sprint business VoIP patents.
The article points out that Comcast's response was to immediately file a countersuit, which so far has resulted in an early $7.5 million verdict in their favor.

An anonymous reader writes: Federal prosecutors just dropped charges against a child pornography suspect rather than reveal the source code for their Tor exploit. Of the 200 cases they're prosecuting nationwide, this is only the second one where the FBI has asked that the case be dismissed. "Disclosure is not currently an option," federal prosecutors wrote in a court ruling Friday. The Department of Justice is still prosecuting 135 different people believed to have accessed an illegal child pornography web site. Before shutting it down, the FBI seized the site and operated it themselves for 13 more days, which allowed them to deploy malware to expose the users' real IP addresses.

"What if you could get groceries in less than two minutes without even leaving your apartment?" asks VentureBeat. "Another beer...? Think guacamole would go extremely well with those Doritos you just opened?" Several grocery-delivery startups are already working to make this a reality. Slashdot reader moglito summarizes their vision of autonomous indoor-delivery robots from automated refrigerators servicing high-rise apartment buildings. Coupled with AI algorithms for learning what residents like to consume, and algorithms for automatically restocking those items via a network of suppliers or logistics companies, this "bot-mart" could make grocery shopping a boring and time-consuming thing of the past... Will robots similarly reduce the need for a kitchen next?
Yes, the article also describes cooking robots (which can already prepare burgers, pizza, and sandwiches), as well as new automated delivery vehicles restaurants. "Perhaps the only question remaining is whether there is a business case for this," they point out -- though under some scenarios, it could actually prove cheaper than driving to the grocery store yourself. "Consumers will find it ever easier to get what they want, when they want it, where they want it."

An anonymous reader quotes a report from Ars Technica: The FCC in 2015 made it clear that voice service providers can offer call blocking tools to customers, but commissioners said at the time that more needed to be done about Caller ID spoofing. FCC Chairman Ajit Pai has now scheduled a preliminary vote for March 23 on new rules designed to solve the problem. "One particularly pernicious category of robocalls is spoofed robocalls -- i.e., robocalls where the caller ID is faked, hiding the caller's true identity," the proposal says. "Fraudsters bombard consumers' phones at all hours of the day with spoofed robocalls, which in some cases lure consumers into scams (e.g., when a caller claims to be collecting money owed to the Internal Revenue Service) or lead to identity theft." The proposed rules would let providers "block spoofed robocalls when the spoofed Caller ID can't possibly be valid." Providers would be able to block numbers that aren't valid under the North American Numbering Plan and block valid numbers that haven't been allocated to any phone company. They'd also be able to block valid numbers that have been allocated to a phone company but haven't been assigned to a subscriber. The proposal would also codify the FCC's previous guidance that phone companies can block calls when requested by the spoofed number's subscriber. The upcoming vote on March 23 is for a Notice of Proposed Rulemaking (NPRM), which means the rules won't take effect immediately. The FCC uses NPRMs to seek comment on proposals before issuing final rules.

Amazon announced earlier this week that it would install solar panels on 15 of its fulfillment and sorting centers around the U.S. in 2017. "Depending on the specific project, time of year, and other factors, a solar installation could generate as much as 80 percent of a single fulfillment facility's annual energy needs," Amazon wrote in a press release. "That energy will provide electricity for everything from keeping the lights on to powering Amazon Robotics at fulfillment centers," reports Ars Technica. From the report: Amazon is finding stride with other major companies, but it's a bit short compared to some of its more ambitious peers. For example, Google announced in December that by the end of 2017 it would be using a carbon offsets program to pay for as much renewable energy as all of its data centers and offices worldwide consumed. The search giant said at the time that the move to renewable energy wasn't just for show -- it was about avoiding energy price fluctuations in the long term. That's a sentiment Amazon echoed as well in its Tuesday press release. "We are putting our scale and inventive culture to work on sustainability -- this is good for the environment, our business, and our customers," wrote Dave Clark, Amazon's senior vice president of worldwide operations. "By diversifying our energy portfolio, we can keep business costs low and pass along further savings to customers. It's a win-win."

Kyle Orland writes via Ars Technica: At this point, the Legend of Zelda series operates on a rhythm so predictable you can practically set your watch to it. In a Zelda game, after an extremely slow-paced tutorial, you progress from puzzle-filled dungeon to puzzle-filled dungeon, finding in each one a key item that -- coincidentally -- is crucial to beating the dungeon boss and to finding the next dungeon. Between dungeons, you face perfunctory battles with simple enemies on a vast overworld map dotted with small towns and occasional mini-games and side-quests. Most of these give you rewards that are already so plentiful as to be practically worthless (oh, goodie, more rupees to fill my already full wallet). By the time you reach Ganon, your circuitous trip from point A to point B has given you a set of required powers that help you take on the big bad boss threatening the kingdom. Individual Zelda games each make slight variations to this formula, but the basic rhythm is there every time. And then there's the new Breath of the Wild (BotW), a Zelda game that throws off this established rhythm so quickly, and with such force, that it practically feels like a whole new genre. In doing so, Breath of the Wild offers a compelling take on a stagnating series, bringing a sense of wonder and excitement back to Zelda that hasn't been felt this strongly since the original NES game. "Breath of the Wild is my new favorite 3D Zelda game and in contention for the top spot in the series overall," Orland writes in ending. "Don't miss it." You can read his full review here

Kyle Orland writes via Ars Technica: At this point, the Legend of Zelda series operates on a rhythm so predictable you can practically set your watch to it. In a Zelda game, after an extremely slow-paced tutorial, you progress from puzzle-filled dungeon to puzzle-filled dungeon, finding in each one a key item that -- coincidentally -- is crucial to beating the dungeon boss and to finding the next dungeon. Between dungeons, you face perfunctory battles with simple enemies on a vast overworld map dotted with small towns and occasional mini-games and side-quests. Most of these give you rewards that are already so plentiful as to be practically worthless (oh, goodie, more rupees to fill my already full wallet). By the time you reach Ganon, your circuitous trip from point A to point B has given you a set of required powers that help you take on the big bad boss threatening the kingdom. Individual Zelda games each make slight variations to this formula, but the basic rhythm is there every time. And then there's the new Breath of the Wild (BotW), a Zelda game that throws off this established rhythm so quickly, and with such force, that it practically feels like a whole new genre. In doing so, Breath of the Wild offers a compelling take on a stagnating series, bringing a sense of wonder and excitement back to Zelda that hasn't been felt this strongly since the original NES game. "Breath of the Wild is my new favorite 3D Zelda game and in contention for the top spot in the series overall," Orland writes in ending. "Don't miss it." You can read his full review here

The U.S. Patent and Trademark Office has issued IBM a -- what the Electronic Frontier Foundation calls -- "stupefyingly mundane" patent on e-mail technology. U.S. Patent No. 9,547,842, "Out-of-office electronic mail messaging system" was filed in 2010 and granted about six weeks ago. Ars Technica reports: The "invention" represented in the '842 patent is starkly at odds with the real history of technology, accessible in this case via a basic Google search. EFF lawyer Daniel Nazer, who wrote about the '842 patent in this month's "Stupid Patent of the Month" blog post, points to an article on a Microsoft publicity page that talks about quirky out-of-office e-mail culture dating back to the 1980s, when Microsoft marketed its Xenix e-mail system (the predecessor to today's Exchange.) IBM offers one feature that's even arguably not decades old: the ability to notify those writing to the out-of-office user some days before the set vacation dates begin. This feature, similar to "sending a postcard, not from a vacation, but to let someone know you will go on a vacation," is a "trivial change to existing systems," Nazer points out. Nazer goes on to identify some major mistakes made during the examination process. The examiner never considered whether the software claims were eligible after the Supreme Court's Alice v. CLS Bank decision, which came in 2014, and in Nazer's view, the office "did an abysmal job" of looking at the prior art. "[T]he examiner considered only patents and patent applications," notes Nazer. The office "never considered any of the many, many, existing real-world systems that pre-dated IBM's application."

An anonymous reader quotes a report from 9to5Mac: AOL announced today that it is starting to cut off third-party app access to its Instant Messenger service. As first noticed by ArsTechnica, AOL began notifying users of at least one third-party app, Adium, that it would become obsolete starting on March 28th. At this point, it's unclear whether or not all third-party applications will be rendered useless come March 28th, but the message presented to Adium users seemed to strongly imply that: "Hello. Effective 3/28, we will no longer support connections to the AIM network via this method. If you wish to use the free consumer AIM product, we invite you to visit http://www.aim.com/ for more information." What this likely means is that AOL is shutting down the OSCAR chat protocol that is used to handle AIM messages. The service will, however, continue to be available via AOL's own chat app that is supported on macOS, Windows, iOS, and Android.

An anonymous reader quotes a report from Ars Technica: Americans went from having an average of 2.6 TVs per household in 2009 to having 2.3 TVs in 2015, according to survey data from the U.S. Energy Information Agency (EIA). The data comes from the agency's Residential Energy Consumption Survey (RECS), which has been conducted periodically since the 1970s to understand American energy use. The 2015 survey included 5,600 respondents who were contacted in person and then given an option to follow up by mail or online. A fine-detail report on the survey results is due to be released in April 2017. The latest data shows that in 2015, 2.6 percent of households had no TV at all, a jump from the previous four surveys in 2009, 2005, 2001, and 1997 in which a steady 1.2 to 1.3 percent of households didn't own a TV. The 2015 data also showed that the number of people with three TVs or more dropped in 2015. That year, 39 percent of households had more than three TVs, whereas 44 percent had more than three TVs in 2009. Interestingly, the number of households with one or two TVs increased in 2015 to 58 percent, from 54 percent in 2009.

According to an investigation by Canadian media outlet, CBC, the chicken in Subway Restaurants' chicken sandwiches may only contain around 50 percent chicken -- the rest of it is soy, spices and preservatives. The investigation involved DNA testing chicken sandwiches collected from five popular fast food restaurants. While the rest of the sandwiches contained mostly chicken, Subway's oven-roasted chicken and the chicken strips in its Sweet Onion Chicken Teriyaki sandwich clocked in with just 53.6 percent and 42.8 percent chicken, respectively. Ars Technica reports: Among all the chicken sampled, there was a total of about 50 ingredients other than chicken identified. The chicken samples had an average of 16 ingredients. Some of the ingredients are expected, such as salt and other seasonings. But many were commercial preservatives and fillers. One commonality was that they all had high levels of salt. Subway responded to the CBC in a statement: "SUBWAY Canada cannot confirm the veracity of the results of the lab testing you had conducted. However, we are concerned by the alleged findings you had conducted." You can read the full statement here.

According to an investigation by Canadian media outlet, CBC, the chicken in Subway Restaurants' chicken sandwiches may only contain around 50 percent chicken -- the rest of it is soy, spices and preservatives. The investigation involved DNA testing chicken sandwiches collected from five popular fast food restaurants. While the rest of the sandwiches contained mostly chicken, Subway's oven-roasted chicken and the chicken strips in its Sweet Onion Chicken Teriyaki sandwich clocked in with just 53.6 percent and 42.8 percent chicken, respectively. Ars Technica reports: Among all the chicken sampled, there was a total of about 50 ingredients other than chicken identified. The chicken samples had an average of 16 ingredients. Some of the ingredients are expected, such as salt and other seasonings. But many were commercial preservatives and fillers. One commonality was that they all had high levels of salt. Subway responded to the CBC in a statement: "SUBWAY Canada cannot confirm the veracity of the results of the lab testing you had conducted. However, we are concerned by the alleged findings you had conducted." You can read the full statement here.

An anonymous reader quotes a report from Ars Technica: The operator of a drone that knocked a woman unconscious was sentenced Friday to 30 days in jail, Seattle prosecutors said. The woman was attending a local parade when the drone crashed and struck her. Paul Skinner, a 38-year-old man from Washington state, was charged with reckless endangerment in connection to the 2015 incident, in which an 18-inch-by-18-inch drone collided into a building before falling into a crowd. The authorities said the 2-pound drone struck the 25-year-old in the head and gave her a concussion. Her boyfriend caught her before she fell to the ground. Another man suffered a minor bruise. The accident took place during during the city's Pride Parade. Skinner, who had turned himself in, plans to appeal the sentence. His attorney, Jeffrey Kradel, said the punishment was "too severe." His client remains free pending the appeal's outcome. A misdemeanor reckless endangerment charge -- one that poses "substantial risk of death or serious bodily injury to another person" -- carries a penalty of up to a year in jail.

An anonymous reader quotes a report from Ars Technica: The operator of a drone that knocked a woman unconscious was sentenced Friday to 30 days in jail, Seattle prosecutors said. The woman was attending a local parade when the drone crashed and struck her. Paul Skinner, a 38-year-old man from Washington state, was charged with reckless endangerment in connection to the 2015 incident, in which an 18-inch-by-18-inch drone collided into a building before falling into a crowd. The authorities said the 2-pound drone struck the 25-year-old in the head and gave her a concussion. Her boyfriend caught her before she fell to the ground. Another man suffered a minor bruise. The accident took place during during the city's Pride Parade. Skinner, who had turned himself in, plans to appeal the sentence. His attorney, Jeffrey Kradel, said the punishment was "too severe." His client remains free pending the appeal's outcome. A misdemeanor reckless endangerment charge -- one that poses "substantial risk of death or serious bodily injury to another person" -- carries a penalty of up to a year in jail.

WebKit's bug-tracker now includes a comment from Friday noting "the bots all are red" on their git-svn mirror site, reporting an error message about a checksum mismatch for shattered-2.pdf. "In some cases, due to the corruption, further commits are blocked," reports the official "Shattered" web site. Slashdot reader Artem Tashkinov explains its significance: A WebKit developer who tried to upload "bad" PDF files generated from the first successful SHA-1 attack broke WebKit's SVN repository because Subversion uses SHA-1 hash to differentiate commits. The reason to upload the files was to create a test for checking cache poisoning in WebKit.

Another news story is that based on the theoretical incomplete description of the SHA-1 collision attack published by Google just two days ago, people have managed to recreate the attack in practice and now you can download a Python script which can create a new PDF file with the same SHA-1 hashsum using your input PDF. The attack is also implemented as a website which can prepare two PDF files with different JPEG images which will result in the same hash sum.

An anonymous reader quotes a report from Ars Technica: A divided federal appeals court is ruling for the First Amendment, saying the public has a right to film the police. But the 5th U.S. Circuit Court of Appeals, in upholding the bulk of a lower court's decision against an activist who was conducting what he called a "First Amendment audit" outside a Texas police station, noted that this right is not absolute and is not applicable everywhere. The facts of the dispute are simple. Phillip Turner was 25 in September 2015 when he decided to go outside the Fort Worth police department to test officers' knowledge of the right to film the police. While filming, he was arrested for failing to identify himself to the police. Officers handcuffed and briefly held Turner before releasing him without charges. Turner sued, alleging violations of his Fourth Amendment right against unlawful arrest and detention and his First Amendment right of speech. The 2-1 decision Thursday by Judge Jacques Wiener is among a slew of rulings on the topic, and it provides fresh legal backing for the so-called YouTube society where people are constantly using their mobile phones to film themselves and the police. A dissenting appellate judge on the case -- Edith Brown Clement -- wrote Turner was not unlawfully arrested and that the majority opinion from the Texas-based appeals court jumped the gun to declare a First Amendment right here because one "is not clearly established."

According to Ars Technica, "The Federal Communications Commission plans to halt implementation of a privacy rule that requires ISPs to protect the security of its customers' personal information." From the report: The data security rule is part of a broader privacy rulemaking implemented under former Chairman Tom Wheeler but opposed by the FCC's new Republican majority. The privacy order's data security obligations are scheduled to take effect on March 2, but Chairman Ajit Pai wants to prevent that from happening. The data security rule requires ISPs and phone companies to take "reasonable" steps to protect customers' information -- such as Social Security numbers, financial and health information, and Web browsing data -- from theft and data breaches. The rule would be blocked even if a majority of commissioners supported keeping them in place, because the FCC's Wireline Competition Bureau can make the decision on its own. That "full commission vote on the pending petitions" could wipe out the entire privacy rulemaking, not just the data security section, in response to petitions filed by trade groups representing ISPs. That vote has not yet been scheduled. The most well-known portion of the privacy order requires ISPs to get opt-in consent from consumers before sharing Web browsing data and other private information with advertisers and other third parties. The opt-in rule is supposed to take effect December 4, 2017, unless the FCC or Congress eliminates it before then. Pai has said that ISPs shouldn't face stricter rules than online providers like Google and Facebook, which are regulated separately by the Federal Trade Commission. Pai wants a "technology-neutral privacy framework for the online world" based on the FTC's standards. According to today's FCC statement, the data security rule "is not consistent with the FTC's privacy standards."

According to Ars Technica, "The Federal Communications Commission plans to halt implementation of a privacy rule that requires ISPs to protect the security of its customers' personal information." From the report: The data security rule is part of a broader privacy rulemaking implemented under former Chairman Tom Wheeler but opposed by the FCC's new Republican majority. The privacy order's data security obligations are scheduled to take effect on March 2, but Chairman Ajit Pai wants to prevent that from happening. The data security rule requires ISPs and phone companies to take "reasonable" steps to protect customers' information -- such as Social Security numbers, financial and health information, and Web browsing data -- from theft and data breaches. The rule would be blocked even if a majority of commissioners supported keeping them in place, because the FCC's Wireline Competition Bureau can make the decision on its own. That "full commission vote on the pending petitions" could wipe out the entire privacy rulemaking, not just the data security section, in response to petitions filed by trade groups representing ISPs. That vote has not yet been scheduled. The most well-known portion of the privacy order requires ISPs to get opt-in consent from consumers before sharing Web browsing data and other private information with advertisers and other third parties. The opt-in rule is supposed to take effect December 4, 2017, unless the FCC or Congress eliminates it before then. Pai has said that ISPs shouldn't face stricter rules than online providers like Google and Facebook, which are regulated separately by the Federal Trade Commission. Pai wants a "technology-neutral privacy framework for the online world" based on the FTC's standards. According to today's FCC statement, the data security rule "is not consistent with the FTC's privacy standards."

ShaunC writes: In a bug that's been christened "Cloudbleed," Cloudflare disclosed today that some of their products accidentally exposed private user information from a number of websites. Similar to 2014's Heartbleed, Cloudflare's problem involved a buffer overrun that allowed uninitialized memory contents to leak into normal web traffic. Tavis Ormandy, of Google's Project Zero, discovered the flaw last week. Affected sites include Uber, Fitbit, and OK Cupid, as well as unnamed services for hotel booking and password management. Cloudflare says the bug has been fixed, and Google has purged affected pages from its search index and cache. Further reading: The Register, Ars Technica

An anonymous reader quotes a report from The Stack: A federal judge in Chicago has ruled against a government request which would require forced fingerprinting of private citizens in order to open a secure, personal phone or tablet. In the ruling, the judge stated that while fingerprints in and of themselves are not protected, the government's method of obtaining the fingerprints would violate the Fourth and Fifth amendments. The government's request was given as part of a search warrant related to a child pornography ring. The court ruled that the government could seize devices, but that it could not compel people physically present at the time of seizure to provide their fingerprints "onto the Touch ID sensor of any Apple iPhone, iPad, or other Apple brand device in order to gain access to the contents of any such device." The report mentions that the ruling was based on three separate arguments. "The first was that the boilerplate language used in the request was dated, and did not, for example, address vulnerabilities associated with wireless services. Second, the court said that the context in which the fingerprints were intended to be gathered may violate the Fourth Amendment search and seizure rights of the building residents and their visitors, all of whom would have been compelled to provide their fingerprints to open their secure devices. Finally, the court noted that historically the Fifth Amendment, which protects against self-incrimination, does not allow a person to circumvent the fingerprinting process." You can read more about the ruling via Ars Technica.

"T-Mobile USA is ready to deploy a new LTE technology over the same 5GHz frequencies used by Wi-Fi following U.S. government approval of the first 'LTE-U' devices," reports Ars Technica. "The Federal Communications Commission today authorized the first LTE-U (LTE for unlicensed spectrum) devices after a controversial process designed to ensure that cellular network use of the 5GHz band won't interfere with Wi-Fi networks." From the report: LTE-U will help T-Mobile achieve its goal of offering gigabit LTE speeds, the carrier said. Verizon Wireless is also planning to use LTE-U. The company said in September that it is "eager to deploy" the technology and developed an equipment testing plan, but it's not clear when a Verizon deployment will happen. Cellular carriers in the US generally hold exclusive licenses to spectrum, while Wi-Fi operates in unlicensed frequencies. Anyone can operate in unlicensed spectrum without an FCC license as long as they use certified radio equipment and comply with power limits and other technical requirements. The plan to bring LTE to unlicensed Wi-Fi spectrum set off an industry fight. LTE-U deployment plans drew opposition in 2015 from cable companies and the Wi-Fi Alliance, an industry group that certifies equipment to make sure it doesn't interfere with other Wi-Fi equipment. Industry groups worked together to develop a "Coexistence Test Plan" to prevent interference, and the Wi-Fi Alliance said it's satisfied with the result even though the new testing is voluntary rather than required by the FCC.

"T-Mobile USA is ready to deploy a new LTE technology over the same 5GHz frequencies used by Wi-Fi following U.S. government approval of the first 'LTE-U' devices," reports Ars Technica. "The Federal Communications Commission today authorized the first LTE-U (LTE for unlicensed spectrum) devices after a controversial process designed to ensure that cellular network use of the 5GHz band won't interfere with Wi-Fi networks." From the report: LTE-U will help T-Mobile achieve its goal of offering gigabit LTE speeds, the carrier said. Verizon Wireless is also planning to use LTE-U. The company said in September that it is "eager to deploy" the technology and developed an equipment testing plan, but it's not clear when a Verizon deployment will happen. Cellular carriers in the US generally hold exclusive licenses to spectrum, while Wi-Fi operates in unlicensed frequencies. Anyone can operate in unlicensed spectrum without an FCC license as long as they use certified radio equipment and comply with power limits and other technical requirements. The plan to bring LTE to unlicensed Wi-Fi spectrum set off an industry fight. LTE-U deployment plans drew opposition in 2015 from cable companies and the Wi-Fi Alliance, an industry group that certifies equipment to make sure it doesn't interfere with other Wi-Fi equipment. Industry groups worked together to develop a "Coexistence Test Plan" to prevent interference, and the Wi-Fi Alliance said it's satisfied with the result even though the new testing is voluntary rather than required by the FCC.

An anonymous reader quotes a report from Ars Technica: Apple has been building its giant new "spaceship" campus in the company's hometown of Cupertino, California, since December of 2013, and since then fans have paid obsessive attention to the structure. It gets buzzed by drones constantly, and the most popular YouTube videos of the building in progress have amassed well over half-a-million views apiece. The company announced today that the campus will be open to employees starting in April and that the building and environs now have a name: Apple Park. Apple says that moving the 12,000 employees who will work at the campus will take more than six months, and landscaping and construction on some buildings won't be done until the summer. The new campus mostly replaces the university-style Infinite Loop campus Apple has used since 1993, though Apple has said that it will also be keeping the older buildings. The new campus' cost has been estimated at around $5 billion. Apple will also be naming one space on the new campus after its founder and former CEO -- the Steve Jobs Theater will replace the current Town Hall event space that Apple sometimes uses for company meetings and product announcements, and it will open "later this year." The new space will be much larger (it will seat 1,000, compared to roughly 300 for the Town Hall), and the larger space will presumably allow Apple to launch more of its products on its campus rather than having to rent expensive event space in downtown San Francisco. The company is also moving its Worldwide Developers Conference closer to home this year -- it will return to San Jose after many years at the Moscone Center in San Francisco.

An anonymous reader quotes a report from Ars Technica: In decades of research, scientists have found only one medical condition that's clearly and effectively treated with testosterone supplements: pathological hypogonadism -- that's low testosterone levels due to disease of the hypothalamus, pituitary gland, or testes. In a series of placebo-controlled, randomized trials, researchers tracked the effect of testosterone on the cognition, bone health, anemia, and cardiovascular health of 788 men for a year. All the men were aged 65 or older and had low testosterone levels that couldn't be explained by anything other than age. The results, reported Tuesday in JAMA and JAMA Internal Medicine, offer mixed results. Among the 493 in the trial who also had age-related memory declines, testosterone didn't have any effect on memory or cognitive abilities. In the study, 247 got testosterone and 246 got a placebo. But for cardiovascular health, there was an effect -- a bad one. Over the year, plaque buildup in the coronary artery -- which is a risk factor for heart disease -- increased in 73 men on testosterone compared with 65 on placebo. However, other studies have found mixed results on this. Longer, bigger trials will be needed to sort out the risks. In the anemia study, testosterone did seem to improve iron levels in men with mild anemia. The bone health study also showed that testosterone could improve bone density. However, it's unclear if those benefits outweigh the possible cardiovascular risks. And other drugs may be more effective at treating anemia and improving bone mass than testosterone.

Three months ago Shiva Ayyadurai won a $750,000 settlement from Gawker (after they'd already gone bankrupt). He'd argued Gawker defamed him by mocking Ayyadurai's claim he'd invented email, and now he's also suing Techdirt founder Michael Masnick -- who is not bankrupt, and is fighting back. Long-time Slashdot reader walterbyrd quotes Ars Technica: In his motion, Masnick claims that Ayyadurai "is seeking to use the muzzle of a defamation action to silence those who question his claim to historical fame." He continues, "The 14 articles and 84 allegedly defamatory statements catalogued in the complaint all say essentially the same thing: that Defendants believe that because the critical elements of electronic mail were developed long before Ayyadurai's 1978 computer program, his claim to be the 'inventor of e-mail' is false"...

The motion skims the history of e-mail and points out that the well-known fields of e-mail messages, like "to," "from," "cc," "subject," "message," and "bcc," were used in ARPANET e-mail messages for years before Ayyadurai made his "EMAIL" program. Ayyadurai focuses on statements calling him a "fake," a "liar," or a "fraud" putting forth "bogus" claims. Masnick counters that such phrases are "rhetorical hyperbole" meant to express opinions and reminds the court that "[t]he law provides no redress for harsh name-calling."
The motion calls the lawsuit "a misbegotten effort to stifle historical debate, silence criticism, and chill others from continuing to question Ayyadurai's grandiose claims." Ray Tomlinson has been dead for less than a year, but in this fascinating 1998 article recalled testing the early email protocols in 1971, remembering that "Most likely the first message was QWERTYIOP."

An anonymous reader quotes a report from Ars Technica: Malware researchers Victor Chebyshev and Mikhail Kuzin examined seven Android apps for connected vehicles and found that the apps were ripe for malicious exploitation. Six of the applications had unencrypted user credentials, and all of them had little in the way of protection against reverse-engineering or the insertion of malware into apps. The vulnerabilities looked at by the Kaspersky researchers focused not on vehicle communication, but on the Android apps associated with the services and the potential for their credentials to be hijacked by malware if a car owner's smartphone is compromised. All seven of the applications allowed the user to remotely unlock their vehicle; six made remote engine start possible (though whether it's possible for someone to drive off with the vehicle without having a key or RFID-equipped key fob present is unclear). Two of the seven apps used unencrypted user logins and passwords, making theft of credentials much easier. And none of the applications performed any sort of integrity check or detection of root permissions to the app's data and events -- making it much easier for someone to create an "evil" version of the app to provide an avenue for attack. While malware versions of these apps would require getting a car owner to install them on their device in order to succeed, Chebyshev and Kuzin suggested that would be possible through a spear-phishing attack warning the owner of a need to do an emergency app update. Other malware might also be able to perform the installation.

An anonymous reader quotes a report from Ars Technica: At 2.25 gigawatts, Arizona's Navajo Generating Station is the biggest coal-burning power plant in the Western U.S. The plant, and the nearby Kayenta coal mine that feeds it, are located on the Navajo Indian Reservation, and the Navajo and Hopi peoples have had a conflicted relationship with coal since the plant opened in the 1970s. Almost all the 900-plus jobs at the mine and plant are held by Native Americans, and the tribes receive royalties to account for large portions of their budget. Negotiations were underway to improve the tribes' lease terms, which expire in 2019. But on Monday, the four utilities that own most of the plant voted to close it at the end of 2019. They decided that the plant's coal-powered electricity just can't compete with plants burning natural gas. A press release from Salt River Projects, which runs the plant, explained, "The decision by the utility owners of [Navajo Generating Station] is based on the rapidly changing economics of the energy industry, which has seen natural gas prices sink to record lows and become a viable long-term and economical alternative to coal power."

You may recall "APT28", the Russian hacking group which was tied to last year's interference in the presidential election. It has long been known for its advanced range of tools for penetrating Windows, iOS, Android, and Linux devices. Now, researchers have uncovered an equally sophisticated malware package the group used to compromise Macs. From a report on ComputerWorld: The group -- known in the security industry under different names including Fancy Bear, Pawn Storm, and APT28 -- has been operating for almost a decade. It is believed to be the sole user and likely developer of a Trojan program called Sofacy or X-Agent. X-Agent variants for Windows, Linux, Android, and iOS have been found in the wild in the past, but researchers from Bitdefender have now come across what appears to be the first macOS version of the Trojan. It's not entirely clear how the malware is being distributed because the Bitdefender researchers obtained only the malware sample, not the full attack chain. However, it's possible a macOS malware downloader dubbed Komplex, found in September, might be involved. Komplex infected Macs by exploiting a known vulnerability in the MacKeeper antivirus software, according to researchers from Palo Alto Networks who investigated the malware at the time. The vulnerability allowed attackers to execute remote commands on a Mac when users visited specially crafted web pages.Further reading on ArsTechnica.

UnderAttack writes: Microsoft today announced that it had to delay its February Patch Tuesday due to issues with a particular patch. This was also supposed to be the first Patch Tuesday using a new format, which led some to believe that even Microsoft had issues understanding how the new format is exactly going to work with no more simple bulletin summary and patches being released as large monolithic updates. Ars Technica notes the importance of this Patch Tuesday as "there's an in-the-wild zero-day flaw in SMB, Microsoft's file sharing protocol, that at the very least allows systems to be crashed." They also elaborate on the way Microsoft is "continuing to tune the way updates are delivered to Windows 7, 8.1, Server 2008 R2, Server 2012, and Server 2012 R2."

An anonymous reader quotes the Wall Street Journal: The seven-year legal battle between tech giants Google and Oracle just got new life. Oracle on Friday filed an appeal with the U.S. Court of Appeals for the Federal Circuit that seeks to overturn a federal jury's decision last year... The case has now gone through two federal trials and bounced around at appeals courts, including a brief stop at the U.S. Supreme Court. Oracle has sought as much as $9 billion in the case.

In the trial last year in San Francisco, the jury ruled Google's use of 11,000 lines of Java code was allowed under "fair use" provisions in federal copyright law. In Oracle's 155-page appeal on Friday, it called Google's "copying...classic unfair use" and said "Google reaped billions of dollars while leaving Oracle's Java business in tatters."
Oracle's brief also argues that "When a plagiarist takes the most recognizable portions of a novel and adapts them into a film, the plagiarist commits the 'classic' unfair use."