Slashdot Mirror

An anonymous reader quotes a report from Ars Technica: Comcast yesterday sued the Nashville metro government and mayor to stop a new ordinance designed to give Google Fiber faster access to utility poles. Comcast's complaint in U.S. District Court in Nashville (full text) is similar to one already filed by AT&T last month. Both ISPs are trying to invalidate a One Touch Make Ready ordinance that lets new ISPs make all of the necessary wire adjustments on utility poles themselves instead of having to wait for incumbent providers like AT&T and Comcast to send work crews to move their own wires. The ordinance was passed largely to benefit Google Fiber, which is offering service in Nashville but says that it hasn't been able to deploy faster because it is waiting to get access to thousands of poles. Nearly all the Nashville utility poles are owned either by the municipal Nashville Electric Service or AT&T. Because Comcast has wires on many of the poles, it has some control over how quickly Google Fiber can expand its network. When Google Fiber wants to attach wires to a new pole, it needs to wait for ISPs like Comcast to move their wires to make room for Google Fiber's. The Nashville One Touch Make Ready ordinance "permits third parties to move, alter, or rearrange components of Comcast's communications network attached to utility poles without Comcast's consent, authorization, or oversight, and with far less notice than is required by federal law and by an existing Comcast contract with Metro Nashville," Comcast's complaint said. Comcast asked the court to declare the ordinance invalid and permanently enjoin Nashville from enforcing it. The pre-existing Make Ready process "seek[s] to ensure that all providers can share available pole space cooperatively and safely, without interfering with or damaging any provider's equipment or services," Comcast said. The new procedures mandated by Nashville "are so intrusive that, tellingly, Metro Nashville has wholly exempted its own utility pole attachments from the Ordinance's coverage." Even though Google Fiber announced yesterday that it will pause operations and cut 9% of its staff, the ISP said it would continue operations in Nashville.

An anonymous reader writes: Microsoft's first Surface-branded desktop PC now exists, and it is called the Surface Studio. The PC features a 28" display with 13.5 million pixels, which means the display is roughly 63 percent denser than a "4K" screen at 3840x2160 resolution. That screen is also an astonishing 12.5mm thick. The specs we know so far: an integrated 270W PSU, 2TB "rapid" hard drive (meaning, hopefully, an SSD portion in a "hybrid" configuration, but that is not yet confirmed), 32GB RAM, a quad-core Skylake CPU, and a Windows Hello-compatible front-facing camera. In his demonstration of the device, Panos Panay, Microsoft's head of Windows hardware, held up a piece of paper to demonstrate "true scale" resolution density, so that holding that paper up to the screen would offer like-for-like comparability. He also showed off live color gamut switching, which visual designers will clearly appreciate.Update: 10/26 17:59 GMT: FastCompany has an in-depth story on Surface Studio and how it was conceived.

mdsolar quotes a report from Ars Technica: A surprisingly large number of critical infrastructure participants -- including chemical manufacturers, nuclear and electric plants, defense contractors, building operators and chip makers -- rely on unsecured wireless pagers to automate their industrial control systems. According to a new report, this practice opens them to malicious hacks and espionage. Earlier this year, researchers from security firm Trend Micro collected more than 54 million pages over a four-month span using low-cost hardware. In some cases, the messages alerted recipients to unsafe conditions affecting mission-critical infrastructure as they were detected. A heating, venting, and air-conditioning system, for instance, used an e-mail-to-pager gateway to alert a hospital to a potentially dangerous level of sewage water. Meanwhile, a supervisory and control data acquisition system belonging to one of the world's biggest chemical companies sent a page containing a complete "stack dump" of one of its devices. Other unencrypted alerts sent by or to "several nuclear plants scattered among different states" included:

-Reduced pumping flow rate
-Water leak, steam leak, radiant coolant service leak, electrohydraulic control oil leak
-Fire accidents in an unrestricted area and in an administration building
-Loss of redundancy
-People requiring off-site medical attention
-A control rod losing its position indication due to a data fault
-Nuclear contamination without personal damage Trend Micro researchers wrote in their report titled "Leaking Beeps: Unencrypted Pager Messages in Industrial Environments": "We were surprised to see unencrypted pages coming from industrial sectors like nuclear power plants, substations, power generation plants, chemical plants, defense contractors, semiconductor and commercial manufacturers, and HVAC. These unencrypted pager messages are a valuable source of passive intelligence, the gathering of information that is unintentionally leaked by networked or connected organizations. Taken together, threat actors can do heavy reconnaissance on targets by making sense of the acquired information through paging messages. Though we are not well-versed with the terms and information used in some of the sectors in our research, we were able to determine what the pages mean, including how attackers would make use of them in an elaborate targeted attack or how industry competitors would take advantage of such information. The power generation sector is overseen by regulating bodies like the North American Electric Reliability Corporation (NERC). The NERC can impose significant fines on companies that violate critical infrastructure protection requirements, such as ensuring that communications are encrypted. Other similar regulations also exist for the chemical manufacturing sector."

The world's largest source of power capacity is now renewables, as roughly half a million solar panels were installed every single day last year. In addition, two wind turbines were erected every hour in countries such as China, according to the International Energy Agency. Financial Times reports (Editor's note: may be paywalled; alternate source): Although coal and other fossil fuels remain the largest source of electricity generation, many conventional power utilities and energy groups have been confounded by the speed at which renewables have grown and the rapid drop in costs for the technologies. Average global generation costs for new onshore wind farms fell by an estimated 30 percent between 2010 and 2015 while those for big solar panel plants fell by an even steeper two-thirds, an IEA report published on Tuesday showed. The Paris-based agency thinks costs are likely to fall even further over the next five years, by 15 percent on average for wind and by a quarter for solar power. It said an unprecedented 153 gigawatts of green electricity was installed last year, mostly wind and solar projects, which has more than the total power capacity in Canada. It was also more than the amount of conventional fossil fuel or nuclear power added in 2015, leading renewables to surpass coal's cumulative share of global power capacity -- though not electricity generation. A power plant's capacity is the maximum amount of electricity it can potentially produce. The amount of energy a plant actually generates varies according to how long it produces power over a period of time. Coal power plants supplied close to 39 percent of the world's power in 2015, while renewables, including old hydropower dams, accounted for 23 percent, IEA data show. But the agency expects renewables' share of power generation to rise to 28 percent by 2021, when it predicts they will supply the equivalent of all the electricity generated today in the U.S. and E.U. combined.

A second wave of attacks has hit dynamic domain name service provider Dyn, affecting a larger number of providers. As researchers and government officials race to figure out what is causing the outages, new details are emerging. Dan Drew, chief security officer at Level 3 Communications, says the attack is at least in part being mounted from a "botnet" of Internet-of-Things (IoT) devices. "We're seeing attacks coming from a number of different locations," Drew said. "An Internet of Things botnet called Mirai that we identified is also involved in the attack." Ars Technica reports: The botnet, made up of devices like home WiFi routers and internet protocol video cameras, is sending massive numbers of requests to Dyn's DNS service. Those requests look legitimate, so it's difficult for Dyn's systems to screen them out from normal domain name lookup requests. Earlier this month, the code for the Mirai botnet was released publicly. It may have been used in the massive DDoS attack against security reporter Brian Krebs. Mirai and another IoT botnet called Bashlight exploit a common vulnerability in BusyBox, a pared-down version of the Linux operating system used in embedded devices. Mirai and Bashlight have recently been responsible for attacks of massive scale, including the attacks on Krebs, which at one point reached a traffic volume of 620 gigabits per second. Matthew Prince, co-founder and CEO of the content delivery and DDoS protection service provider CloudFlare, said that the attack being used against Dyn is an increasingly common one. The attacks append random strings of text to the front of domain names, making them appear like new, legitimate requests for the addresses of systems with a domain. Caching the results to speed up responses is impossible. Prince told Ars: "They're tough attacks to stop because they often get channeled through recursive providers. They're not cacheable because of the random prefix. We started seeing random prefix attacks like these three years ago, and they remain a very common attack. If IoT devices are being used, that would explain the size and scale [and how the attack] would affect: someone the size of Dyn."

Reader operator_error shares an ArsTechnica report: A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible. While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time." The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important."

Late Wednesday, Tesla announced the Model X and Model S electric vehicles, boasting that they will come with the necessary hardware to drive completely autonomously at some point in the future. Naturally, one of the frequent questions that followed the event was: "Can I use my Tesla car as a Uber driver?" Well, Tesla was anticipating this question and even buried the answer on its website. From an ArsTechnica report: On Tesla's website, the section that describes the new "Full Self-Driving Capability" (A $3,000 option at the time of purchase, $4,000 after the fact) states "Please note also that using a self-driving Tesla for car sharing and ride hailing for friends and family is fine, but doing so for revenue purposes will only be permissible on the Tesla Network, details of which will be released next year."

An anonymous reader shares an ArsTechnica report: On Wednesday, the European Space Agency sought to become the second entity to successfully land a spacecraft on Mars with its Schiaparelli lander. And everything seemed to be going swimmingly right up until the point that Schiaparelli was to touch down. The European scientists had been tracking the descent of Schiaparelli through an array of radio telescopes near Pune, India and were able to record the moment when the vehicle exited a plasma blackout. The scientists also received a signal that indicated parachute deployment. But during the critical final moments, when nine hydrazine-powered thrusters were supposed to fire to arrest Schiaparelli's descent, the signal disappeared. At that point, the European Space Agency's webcast went silent for several minutes before one of the flight directors could be heard to say, "We expected the signal to continue, but clearly it did not. We don't want to jump to conclusions."

An anonymous reader quotes a report from Ars Technica: Half of American adults are in a face-recognition database, according to a Georgetown University study released Wednesday. That means there's about 117 million adults in a law enforcement facial-recognition database, the study by Georgetown's Center on Privacy and Technology says. The report (PDF), titled "The Perpetual Line-up: Unregulated Police Face Recognition in America," shows that one-fourth of the nation's law enforcement agencies have access to face-recognition databases, and their use by those agencies is virtually unregulated. Where do the mug shots come from? For starters, about 16 states allow the FBI to use facial recognition to compare faces of suspected criminals to their driver's licenses or ID photos, according to the study. "In this line-up," the study says, "it's not a human that points to the suspect -- it's an algorithm." The study says 26 states or more allow police agencies to "run or request searches" against their databases or driver's licenses and ID photos. This equates to "roughly one in two American adults has their photos searched this way," according to the study. Many local police agencies also insert mug shots of people they arrest into searchable, biometric databases, according to the report. According to the report, researchers obtained documents stating that at least five "major police departments," including those in Chicago, Dallas, and Los Angeles, "either claimed to run real-time face recognition off of street cameras, bought technology that can do so, or expressed an interest in buying it." The Georgetown report's release comes three months after the U.S. Government Accountability Office (GAO) concluded that the FBI has access to as many as 411.9 million images as part of its face-recognition database. The study also mentioned that the police departments have little oversight of their databases and don't audit them for misuse: "Maryland's system, which includes the license photos of over two million residents, was launched in 2011. It has never been audited. The Pinellas Country Sheriff's Office system is almost 15 years old and may be the most frequently used system in the country. When asked if his office audits searches for misuse, Sheriff Bob Gualtieri replied, "No, not really." Despite assurances to Congress, the FBI has not audited use of its face recognition system, either. Only nine of 52 agencies (17%) indicated that they log and audit their officers' face recognition searchers for improper use. Of those, only one agency, the Michigan State Police, provided documentation showing that their audit regime was actually functional."

Qualcomm is promising to launch its first 5G modem in 2018, even though basic standards for 5G have yet to be established, nor even which part of the radio spectrum it will use. From an ArsTechnica report: Dubbed the Snapdragon X50, the San Diego chipmaker says its new modem will be able to deliver blindingly fast peak download speeds of around 5Gbps. The X50 5G will at first operate with a bandwidth of about 800MHz on the 28GHz millimetre wave (mmWave in Qualcomm jargon) spectrum, a frequency that's also being investigated by Samsung, Nokia, and Verizon. However, the powers that be have far from settled on this area of the spectrum, with 73GHz also being mooted. In the UK, Ofcom is investigating several bands in a range between 6GHz and 100GHz. As the industry as a whole is a long way from consensus, this could be Qualcomm's bid to get the final frequency locked down well before 2020 -- the year that 5G is expected to reach any kind of consumer penetration. "The Snapdragon X50 5G modem heralds the arrival of 5G as operators and OEMs reach the cellular network and device testing phase," said Qualcomm exec veep Cristiano Amon. "Utilising our long history of LTE and Wi-Fi leadership, we are thrilled to deliver a product that will help play a critical role in bringing 5G devices and networks to reality. This shows that we're not just talking about 5G, we're truly committed to it."

An anonymous reader quotes Ars Technica: A U.S. federal appeals court has found that law enforcement can, without a warrant, swipe credit cards and gift cards to reveal the information encoded on the magnetic stripe. It's the third such federal appellate court to reach this conclusion. Last week, the 5th U.S. Circuit Court of Appeals found in favor of the government in United States v. Turner, establishing that it was entirely reasonable for Texas police officers to scan approximately 100 gift cards found in a car that was pulled over at a traffic stop. Like the previous similar 8th Circuit case that Ars covered in June 2016, the defendants challenged the search of the gift cards as being unreasonable. (The second case was from the 3rd Circuit in July 2015, in a case known as U.S. v. Bah.) In this case, after pulling over the car and running the IDs of both men, police found that there was an outstanding warrant for the passenger, Courtland Turner. When Turner was told to get out of the car and was placed in the patrol car, the officer returned to the stopped car and noticed an "opaque plastic bag partially protruding from the front passenger seat," as if someone had tried to push it under the seat to keep it hidden. The cop then asked the driver, Broderick Henderson, what was in the bag. Henderson replied that they had bought gift cards. When the officer then asked if he had receipts for them, Henderson replied that they had "bought the gift cards from another individual who sells them to make money." Turner's lawyers later challenged the scanning, arguing that this "search" of these gift cards went against their client's "reasonable expectation of privacy," an argument that neither the district court nor the appellate court found convincing. The 5th Circuit summarized: "After conferring with other officers about past experiences with stolen gift cards, the officer seized the gift cards as evidence of suspected criminal activity. Henderson was ticketed for failing to display a driver's license and signed an inventory sheet that had an entry for 143 gift cards. Turner was arrested pursuant to his warrant. The officer, without obtaining a search warrant, swiped the gift cards with his in-car computer. Unable to make use of the information shown, the officer turned the gift cards over to the Secret Service. A subsequent scan of the gift cards revealed that at least forty-three were altered, meaning the numbers encoded in the card did not match the numbers printed on the card. The investigating officer also contacted the stores where the gift cards were purchased -- a grocery store and a Walmart in Bryan, Texas provided photos of Henderson and Turner purchasing gift cards."

An anonymous reader quotes Ars Technica: A U.S. federal appeals court has found that law enforcement can, without a warrant, swipe credit cards and gift cards to reveal the information encoded on the magnetic stripe. It's the third such federal appellate court to reach this conclusion. Last week, the 5th U.S. Circuit Court of Appeals found in favor of the government in United States v. Turner, establishing that it was entirely reasonable for Texas police officers to scan approximately 100 gift cards found in a car that was pulled over at a traffic stop. Like the previous similar 8th Circuit case that Ars covered in June 2016, the defendants challenged the search of the gift cards as being unreasonable. (The second case was from the 3rd Circuit in July 2015, in a case known as U.S. v. Bah.) In this case, after pulling over the car and running the IDs of both men, police found that there was an outstanding warrant for the passenger, Courtland Turner. When Turner was told to get out of the car and was placed in the patrol car, the officer returned to the stopped car and noticed an "opaque plastic bag partially protruding from the front passenger seat," as if someone had tried to push it under the seat to keep it hidden. The cop then asked the driver, Broderick Henderson, what was in the bag. Henderson replied that they had bought gift cards. When the officer then asked if he had receipts for them, Henderson replied that they had "bought the gift cards from another individual who sells them to make money." Turner's lawyers later challenged the scanning, arguing that this "search" of these gift cards went against their client's "reasonable expectation of privacy," an argument that neither the district court nor the appellate court found convincing. The 5th Circuit summarized: "After conferring with other officers about past experiences with stolen gift cards, the officer seized the gift cards as evidence of suspected criminal activity. Henderson was ticketed for failing to display a driver's license and signed an inventory sheet that had an entry for 143 gift cards. Turner was arrested pursuant to his warrant. The officer, without obtaining a search warrant, swiped the gift cards with his in-car computer. Unable to make use of the information shown, the officer turned the gift cards over to the Secret Service. A subsequent scan of the gift cards revealed that at least forty-three were altered, meaning the numbers encoded in the card did not match the numbers printed on the card. The investigating officer also contacted the stores where the gift cards were purchased -- a grocery store and a Walmart in Bryan, Texas provided photos of Henderson and Turner purchasing gift cards."

The Federal Trade Commission is worried that it may no longer be able to regulate companies such as Comcast, Google, and Verizon unless a recent court ruling is overturned, ArsTechnica reports. From the article: The FTC on Thursday petitioned the 9th US Circuit Court of Appeals for a rehearing in a case involving AT&T's throttling of unlimited data plans. A 9th Circuit panel previously ruled that the FTC cannot punish AT&T, and the decision raises questions about the FTC's ability to regulate any company that operates a common carrier business such as telephone or Internet service. While the FTC's charter from Congress prohibits it from regulating common carriers, the agency has previously exercised authority to regulate these companies when they offer non-common carrier services. But the recent court ruling said that AT&T is immune from FTC oversight entirely, even when it's not acting as a common carrier. It isn't clear whether the ruling sets an ironclad precedent preventing the FTC from regulating any company with a common carrier business.

An anonymous reader quotes a report from Ars Technica: When non-cable Internet providers -- outlets like ATT or Verizon -- choose which communities to offer the fastest connections, they don't juice up their networks so everyone in their service area has the option of buying quicker speeds. Instead, they tend to favor the wealthy over the poor, according to an investigation by the Center for Public Integrity. The Center's data analysis found that the largest non-cable Internet providers collectively offer faster speeds to about 40 percent of the population they serve nationwide in wealthy areas compared with just 22 percent of the population in poor areas. That leaves tens of millions of Americans with the choice of either purchasing an expensive connection from the only provider in their area -- typically a cable company -- or just doing the best they can with slower speeds. Middle-income areas don't fare much better, with a bit more than 27 percent of the population having access to a DSL provider's fastest speeds. The Center reached its conclusions by merging the latest Federal Communications Commission (FCC) data with income information from the U.S. Census Bureau. The non-cable Internet providers -- the four largest are ATT Inc, Verizon Communications Inc, CenturyLink Inc, and Frontier Communications Corp -- hook up customers over telephone wires that are Digital Subscriber Lines (DSL), or they use hybrid networks that include some fiber connections near (and sometimes directly to) homes. The Center included all types of connection in its analysis. These companies account for nearly 40 percent of the 92 million Internet connections nationwide. Cable companies, such as Comcast Corp and Charter Communications Inc, operate under a different set of conditions. These providers offer the same fast speeds to almost every community they serve, in part because of franchise agreements with local governments. But a previous Center investigation and other reports have shown that cable firms sometimes avoid lower-income or hard-to-reach areas based on how franchise agreements are written. Poor areas not served by the cable companies are not included in the Centerâ(TM)s analysis, which results in what seems like an equitable distribution of speeds across income levels. "Society said it did not matter if you could pay for electricity; we wanted everyone to have it. Society said we would not limit dial tone to those who could pay the most, we gave it to all," said telecommunications lawyer Gerard Lederer of Best Best and Krieger LCC in Washington, D.C., in an e-mail. "Broadband is quickly becoming that utility, and if applications only work at high speeds, then the universal availability of that speed must be the goal, otherwise you are providing everyone with water, just some of the water is not drinkable."

An anonymous reader quotes a report from Ars Technica: When non-cable Internet providers -- outlets like ATT or Verizon -- choose which communities to offer the fastest connections, they don't juice up their networks so everyone in their service area has the option of buying quicker speeds. Instead, they tend to favor the wealthy over the poor, according to an investigation by the Center for Public Integrity. The Center's data analysis found that the largest non-cable Internet providers collectively offer faster speeds to about 40 percent of the population they serve nationwide in wealthy areas compared with just 22 percent of the population in poor areas. That leaves tens of millions of Americans with the choice of either purchasing an expensive connection from the only provider in their area -- typically a cable company -- or just doing the best they can with slower speeds. Middle-income areas don't fare much better, with a bit more than 27 percent of the population having access to a DSL provider's fastest speeds. The Center reached its conclusions by merging the latest Federal Communications Commission (FCC) data with income information from the U.S. Census Bureau. The non-cable Internet providers -- the four largest are ATT Inc, Verizon Communications Inc, CenturyLink Inc, and Frontier Communications Corp -- hook up customers over telephone wires that are Digital Subscriber Lines (DSL), or they use hybrid networks that include some fiber connections near (and sometimes directly to) homes. The Center included all types of connection in its analysis. These companies account for nearly 40 percent of the 92 million Internet connections nationwide. Cable companies, such as Comcast Corp and Charter Communications Inc, operate under a different set of conditions. These providers offer the same fast speeds to almost every community they serve, in part because of franchise agreements with local governments. But a previous Center investigation and other reports have shown that cable firms sometimes avoid lower-income or hard-to-reach areas based on how franchise agreements are written. Poor areas not served by the cable companies are not included in the Centerâ(TM)s analysis, which results in what seems like an equitable distribution of speeds across income levels. "Society said it did not matter if you could pay for electricity; we wanted everyone to have it. Society said we would not limit dial tone to those who could pay the most, we gave it to all," said telecommunications lawyer Gerard Lederer of Best Best and Krieger LCC in Washington, D.C., in an e-mail. "Broadband is quickly becoming that utility, and if applications only work at high speeds, then the universal availability of that speed must be the goal, otherwise you are providing everyone with water, just some of the water is not drinkable."

zarmanto writes: Ars Technica reports that one particular game studio might finally get it, when it comes to DRM'ed game content. They're publishing their latest game, Shadow Warrior 2, with no DRM protection at all. From the article: "We don't support piracy, but currently there isn't a good way to stop it without hurting our customers," Flying Wild Hog developer Krzysztof "KriS" Narkowicz wrote on the game's Steam forum (in response to a question about trying to force potential pirates to purchase the game instead). "Denuvo means we would have to spend money for making a worse version for our legit customers. It's like the FBI warning screen on legit movies." Expanding on those thoughts in a recent intervew with Kotaku, Narkowicz explained why he felt the DRM value proposition wasn't worth it. "Any DRM we would have needs to be implemented and tested," he told Kotaku. "We prefer to spend resources on making our game the best possible in terms of quality, rather than spending time and money on putting some protection that will not work anyway." "The trade-off is clear," Flying Wild Hog colleagues Artur Maksara and Tadeusz Zielinksi added. "We might sell a little less, but hey, that's the way the cookie crumbles! We hope that our fans, who were always very supportive, will support us this time as well," Zielinski told Kotaku. "...In our imperfect world, the best anti-pirate protection is when the games are good, highly polished, easily accessible and inexpensive," Maksara added.

A new Windows 10 insider build (version 14946) comes with a new interface for configuring touchpad gestures. In the recent months, Microsoft has also improved the detection of two-finger gestures and clicking on Windows 10, and also added new four-finger gestures. These are welcome changes, and something that many would find useful. Except they won't because their computers likely don't comply with Precision Touchpad spec. ArsTechnica has an opinion piece today in which journalist Peter Bright is calling on all the OEMs to do the needful changes moving forward. From the article: Precision Touchpad made its debut with Windows 8. Co-developed between Microsoft and touchpad company Synaptics, the spec changed how Windows works with touchpads. Traditionally, touchpads masqueraded to Windows as essentially USB- or PS/2-connected mice -- simple two-dimension, single-input devices. Features such as multitouch and gestures were handled by a combination of the touchpad firmware and proprietary drivers. This meant that Windows itself had no ability to add new gestures or refine the finger-detection algorithms; it was all an opaque feature of the third-party drivers. With Precision Touchpad, the raw touchpad input is exposed to Windows itself, allowing the operating system to choose how it handles the complex multi-finger inputs. The gestures, the disambiguation of taps and swipes -- these are all now performed by Windows, not a third-party driver. Unfortunately, many PC OEMs haven't been equipping their laptops with Precision Touchpads. As such, they can't take advantage of the new Windows capabilities. As far as we can tell, it would normally be straightforward for an OEM to make the switch; touchpads from Synaptics, for example, can work as both Precision Touchpads and "legacy" mouse-emulating touchpads that use the Synaptics driver. It's just up to the OEM to pick one option or the other.

If you've purchased a "fat" PlayStation 3 before April of 2010, you can now claim up to $55 as part of the settlement over the removal of the console's "Other OS" feature. PS3 owners with proof of purchase or evidence of a PSN sign-in from the system can receive $9 from the company. However, if you've used the "Other OS" feature to install Linux on your PS3, you can receive $55. The online claim form can be found here. Ars Technica reports: The opening of claims after a long legal saga that began in March of 2010, when Sony announced it would be removing the "Other OS" feature from the PS3. Sony claimed it was a security concern, but many class-action lawsuits filed in 2010 alleged the company was more worried about software piracy. While one lawsuit over the matter was dismissed by a judge in 2011, another worked its way through the courts until June, when Sony finally decided to settle. Though the company doesn't admit any wrongdoing, it puts itself on the hook for payments to up to 10 million PS3 owners. Note to those affected: "Claims are due by December 7, and payments should be sent out early next year pending final approval of the settlement."

If you've purchased a "fat" PlayStation 3 before April of 2010, you can now claim up to $55 as part of the settlement over the removal of the console's "Other OS" feature. PS3 owners with proof of purchase or evidence of a PSN sign-in from the system can receive $9 from the company. However, if you've used the "Other OS" feature to install Linux on your PS3, you can receive $55. The online claim form can be found here. Ars Technica reports: The opening of claims after a long legal saga that began in March of 2010, when Sony announced it would be removing the "Other OS" feature from the PS3. Sony claimed it was a security concern, but many class-action lawsuits filed in 2010 alleged the company was more worried about software piracy. While one lawsuit over the matter was dismissed by a judge in 2011, another worked its way through the courts until June, when Sony finally decided to settle. Though the company doesn't admit any wrongdoing, it puts itself on the hook for payments to up to 10 million PS3 owners. Note to those affected: "Claims are due by December 7, and payments should be sent out early next year pending final approval of the settlement."

Beth Mole, reporting for ArsTechnica:Following online reports of customers becoming ill after eating Soylent's new snack bars, the company announced this afternoon that it has decided to halt all sales and shipments of the bars as a precautionary measure . The company is urging customers to discard remaining bars and will begin e-mailing customers individually regarding refunds. In a blog announcing the decision, the company said it is still investigating the cause of bouts of illnesses of customers linked to the bars, including nausea, vomiting, and diarrhea. "After hearing from our customers, we immediately began investigating the cause of the issue and whether it was linked to a problem with the Bars," the company said. "So far we have not yet identified one and this issue does not appear to affect our other drinks and powder. Though our investigation into this matter continues, we have decided to err on the side of caution and take this preventative step."

An anonymous reader quotes a report from Ars Technica: In the wake of the Obama administration's announcement that the Russian government directed hacks on the Democratic National Committee and other institutions to influence U.S. elections, a senator from Oregon says the nation should conduct its elections like his home state does: all-mail voting. In an e-mail, Sen. Ron Wyden, a Democrat, told Ars: "We should not underestimate how dangerous... attacks on election systems could be. If a foreign state were to eliminate registration records for a particular group of Americans immediately before an election, they could very likely disenfranchise those Americans and swing the results of an election. Recent efforts by some states to make it more difficult to vote only serves to increase the danger of such attacks. This is why I have proposed taking Oregon's unique vote-by-mail system nationwide to protect our democratic process against foreign and domestic attacks." The only states to hold all elections entirely by mail are Oregon, Washington, and Colorado, according to the National Conference of State Legislatures. More than a dozen others have various provisions for mail voting. The National Conference of State Legislatures has a breakdown here on how Americans cast their votes across the union. Wyden co-sponsored the Vote By Mail Act in July, and he did so for reasons at the time that were unconnected to cybersecurity. Instead, the measure was originally proposed to help minorities and others cast ballots. The plan requires the U.S. Postal Service to deliver ballots to all registered voters. Voters could also register to vote when applying for driver's licenses, too. The measure fell on deaf ears this year and didn't even get a committee vote. A Wyden spokesperson said the proposal will have a "better chance" next year if Democrats win a majority of Senate seats.

An anonymous reader quotes a report from Ars Technica: Samsung has been forced to cease production of its disastrous Galaxy Note 7 Smartphones because they keep catching fire, but it still has to address the problem of cleaning up its mess. The phone has been recalled twice, and owners now have to send their incendiary handsets back to the South Korean firm. And that poses a bit of a problem: if you need to issue a recall for a phone that is prone to spontaneously combust, you don't want those phones catching fire in transit. Samsung's solution is a fancy "Note 7 Return Kit," and it has sent one to XDA Developers. The kit contains a special "Recovery Box" that's lined with ceramic fiber paper to provide some protection against incineration. Samsung warns that some people will have a bad reaction to this lining, so the recovery kit also includes some gloves to protect your hands. They don't appear to be flame retardant, so if your Note 7 is currently ablaze, we'd suggest minimizing contact with it. Samsung also includes a shipping label to send the phone back. The box reinforces that flying ban, noting that the devices are only to be shipped by ground, safely within reach of the quenching hoses of the fire department.

An anonymous reader shares an ArsTechnica report:The FCC announced a $2.3 million fine against Comcast on Tuesday after confirming that the company had been billing customers for products and services they had never ordered. After calling the fine "the largest civil penalty assessed from a cable operator by the FCC," the federal agency's announcement detailed exactly how Comcast bilked customers -- and new company practices that must be put into place as a result. According to the FCC's Office of Media Relations, the agency had received "numerous complaints from consumers" about the issue of "negative option billing" -- meaning, receiving charges for items that the customers had never affirmatively requested. (The FCC reminds readers that in the telecom world, this practice is known as "cramming.") The listed complaints revolve specifically around items related to cable TV service, including "premium channels, set-top boxes, and DVRs."

An anonymous reader quotes a report from Ars Technica: Federal prosecutors have charged two 19-year-old men with running "hacking-for-hire" websites that attacked companies worldwide and did business with international hacking groups "Lizard Squad" and "PoodleCorp." Zachary Buchta of Fallston, Maryland, and Bradley Jan Willem van Rooy of the Netherlands, have both been charged with conspiring to cause damage to protected computers. Buchta walked out of federal court in Chicago yesterday after being released on bail. He was arrested earlier but released on his own recognizance. The judge ruled that Buchta can live with his mother in Maryland while he awaits trial, but he won't be allowed to access the Internet or have any contact with van Rooy. As for van Rooy, he was arrested in the Netherlands last month and remains in custody there. The allegations against Buchta and van Rooy are among the first US charges related to Lizard Squad. The site that first got the feds' attention was phonebomber.net, which allowed paying customers to purchase a barrage of harassing phone calls directed at chosen targets. The phonebomber.net website charged just $20 to initiate the harassment, according to a report in the Chicago Tribune. Police say the two worked together with other members of Lizard Squad to run additional websites that trafficked in stolen credit card numbers and offered hacking-for-hire services alleged to have caused thousands of "denial of service" attacks worldwide.

An anonymous reader writes:The US Federal Trade Commission (FTC) has sued a Nevada-based company called Laptop & Desktop Repair LLC (LDR) for allegedly bilking thousands of customers out of millions of dollars in promised funds for the resale of their smartphones. LDR operated dozens of websites that promised customers high returns for their smartphones and tablets using an instant quote generator. The customers, believing that this website would pay the highest price for their used gadget, sent their phones to LDR. Once LDR received the gadget, it would offer the customer a "revised quote" that was often only three to ten percent of the original quoted price. Customers only had three to five days to dispute the revised quote, the FTC's complaint claimed. The FTC further alleged that when customers would call LDR to request their smartphones back, the company would put them on hold for extraordinarily long periods of time, the call would be dropped, and an LDR employee would say the phone had already been processed. If the customer persisted in threatening to report LDR's actions, company representatives would offer slightly higher resale prices.

An anonymous reader quotes a report from Ars Technica: Nokia has signaled fresh commitment towards 5G infrastructure with the acquisition of Eta Devices -- a small U.S.-based startup that specializes in improving power efficiency at base stations. The Cambridge, Massachusetts-based outfit has around 20 staff, some of whom work at its research and development site in Stockholm, Sweden. Nokia said it hoped the buyout, financial details of which weren't disclosed, allow it "to enhance base station energy efficiency, an increasingly important area for operators on the path to 4.9G and 5G." Eta claims its tech can "drastically" reduce "heat waste" via an "amplifier that works like an automated gearbox" by adjusting energy usage by need. It has tech which claims to improve smartphone battery life, too -- with supposed boosts of up to 50 percent. However, Nokia seems to have acquired it for the "significant" power savings it says it can make at base stations, both in readiness for the Internet of Things, and to improve its carbon footprint and help its "zero emission base station solution." The acquisition includes fixed assets, employees, intellectual property rights, and lease and supplier deals, Nokia said. Nokia said in a statement: "This translates to savings for operators that can be invested as 4.9G and 5G approach. Eta Devices' technology reduces the need for backup power, translating into smaller base station cabinets and reduced equipment breakdown rates, and supporting Nokia's target to continuously strengthen the base station power efficiency of its products."

Verizon has told its field technicians in Pennsylvania that they can be fired if they try to fix broken copper phone lines. Instead, employees must try to replace copper lines with a device that connects to Verizon Wireless's cell phone network, ArsTechnica reports. From the article:This directive came in a memo from Verizon to workers on September 20. "Failure to follow this directive may result in disciplinary action up to and including dismissal," the memo said. It isn't clear whether this policy has been applied to Verizon workers outside of Pennsylvania. The memo and other documents were made public by the Communications Workers of America (CWA) union, which asked the Pennsylvania Public Utility Commission to put a stop to the forced copper-to-wireless conversions. The wireless home phone service, VoiceLink, is not a proper replacement for copper phone lines because it doesn't work with security alarms, fax machines, medical devices such as pacemakers that require telephone monitoring, and other services, the union said.

An anonymous reader quotes a report from Ars Technica: Google Fiber today said it has completed its acquisition of Webpass, a wireless Internet service provider that will figure prominently into its plans for deployment of high-speed Internet. But the Alphabet division is not giving up on fiber, saying it will use both wireless and fiber networks to compete against cable companies and telcos. Google Fiber revealed its plan to buy Webpass in June, and the company said in an announcement today that Webpass "is now officially part of the Google Fiber family." The Webpass site has been updated to call the service "Webpass from Google Fiber." Webpass uses point-to-point wireless technology that's useful for connecting businesses and multi-unit residential buildings in densely populated areas. It hasn't been financially feasible for Webpass to bring its high-speed network to single-family homes, so it can't fully replace Google Fiber's wired Internet service. "[O]ur strategy going forward will be a hybrid approach with wireless playing an integral part," Google Fiber President Dennis Kish wrote. "Going forward, Webpass will continue to grow and scale their business with point-to-point wireless technology, including expanding into new cities. And for our part, Google Fiber will continue to build out our portfolio of wireless and fiber technologies, to bring super fast Internet to more people, faster." Existing Webpass customers will see no change to their service, he wrote. Webpass's residential service offers speeds of up to 1Gbps for $60 a month in San Francisco, San Diego, Miami, Chicago, and Boston. There's no word yet on where Webpass will deploy next.

An anonymous reader quotes a report from Ars Technica: Google Fiber today said it has completed its acquisition of Webpass, a wireless Internet service provider that will figure prominently into its plans for deployment of high-speed Internet. But the Alphabet division is not giving up on fiber, saying it will use both wireless and fiber networks to compete against cable companies and telcos. Google Fiber revealed its plan to buy Webpass in June, and the company said in an announcement today that Webpass "is now officially part of the Google Fiber family." The Webpass site has been updated to call the service "Webpass from Google Fiber." Webpass uses point-to-point wireless technology that's useful for connecting businesses and multi-unit residential buildings in densely populated areas. It hasn't been financially feasible for Webpass to bring its high-speed network to single-family homes, so it can't fully replace Google Fiber's wired Internet service. "[O]ur strategy going forward will be a hybrid approach with wireless playing an integral part," Google Fiber President Dennis Kish wrote. "Going forward, Webpass will continue to grow and scale their business with point-to-point wireless technology, including expanding into new cities. And for our part, Google Fiber will continue to build out our portfolio of wireless and fiber technologies, to bring super fast Internet to more people, faster." Existing Webpass customers will see no change to their service, he wrote. Webpass's residential service offers speeds of up to 1Gbps for $60 a month in San Francisco, San Diego, Miami, Chicago, and Boston. There's no word yet on where Webpass will deploy next.

An anonymous reader quotes a report from Ars Technica: Over the nine or so years that Mylan, Inc. has been selling -- and hiking the price -- of EpiPens, the drug company has been misclassifying the life-saving device and stiffing Medicaid out of full rebate payments, federal regulators told Ars. Under the Medicaid Drug Rebate Program, drug manufacturers, such as Mylan, can get their products covered by Medicaid if they agree to offer rebates to the government to offset costs. With a brand-name drug such as the EpiPen, which currently has no generic versions and has patent protection, Mylan was supposed to classify the drug as a "single source," or brand name drug. That would mean Mylan is required to offer Medicaid a rebate of 23.1 percent of the costs, plus an "inflation rebate" any time Mylan raises the price of the brand-name drug at a rate higher than inflation. Mylan has opted for such price increases -- a lot. Since Mylan bought the rights to EpiPen in 2007, it has raised the price on 15 separate occasions, bringing the current list price to $608 for a two-pack up from about $50 a pen in 2007. That's an increase of more than 500 percent, which easily beats inflation. But instead of classifying EpiPen as a "single source" drug, Mylan told regulators that it's a "non-innovator multiple source," or generic drug. Under that classification, Mylan is only required to offer a rebate of 13 percent and no inflation rebates. It's unclear how much money Mylan has skipped out on paying in total to state and federal governments. But according to the state health department of Minnesota, as reported by CNBC, the misclassification cost that state $4.3 million this year alone.

An anonymous reader quotes a report from Ars Technica: Over the nine or so years that Mylan, Inc. has been selling -- and hiking the price -- of EpiPens, the drug company has been misclassifying the life-saving device and stiffing Medicaid out of full rebate payments, federal regulators told Ars. Under the Medicaid Drug Rebate Program, drug manufacturers, such as Mylan, can get their products covered by Medicaid if they agree to offer rebates to the government to offset costs. With a brand-name drug such as the EpiPen, which currently has no generic versions and has patent protection, Mylan was supposed to classify the drug as a "single source," or brand name drug. That would mean Mylan is required to offer Medicaid a rebate of 23.1 percent of the costs, plus an "inflation rebate" any time Mylan raises the price of the brand-name drug at a rate higher than inflation. Mylan has opted for such price increases -- a lot. Since Mylan bought the rights to EpiPen in 2007, it has raised the price on 15 separate occasions, bringing the current list price to $608 for a two-pack up from about $50 a pen in 2007. That's an increase of more than 500 percent, which easily beats inflation. But instead of classifying EpiPen as a "single source" drug, Mylan told regulators that it's a "non-innovator multiple source," or generic drug. Under that classification, Mylan is only required to offer a rebate of 13 percent and no inflation rebates. It's unclear how much money Mylan has skipped out on paying in total to state and federal governments. But according to the state health department of Minnesota, as reported by CNBC, the misclassification cost that state $4.3 million this year alone.

An anonymous reader quotes a report from Ars Technica: Two lawyers and legal researchers based at Stanford University have formally asked a federal court in San Francisco to unseal numerous records of surveillance-related cases, as a way to better understand how authorities seek such powers from judges. This courthouse is responsible for the entire Northern District of California, which includes the region where tech companies such as Twitter, Apple, and Google, are based. According to the petition, Jennifer Granick and Riana Pfefferkorn were partly inspired by a number of high-profile privacy cases that have unfolded in recent years, ranging from Lavabit to Apple's battle with the Department of Justice. In their 45-page petition, they specifically say that they don't need all sealed surveillance records, simply those that should have been unsealed -- which, unfortunately, doesn't always happen automatically. The researchers wrote in their Wednesday filing: "Most surveillance orders are sealed, however. Therefore, the public does not have a strong understanding of what technical assistance courts may order private entities to provide to law enforcement. There are at least 70 cases, many under seal, in which courts have mandated that Apple and Google unlock mobile phones and potentially many more. The Lavabit district court may not be the only court to have ordered companies to turn over private encryption keys to law enforcement based on novel interpretations of law. Courts today may be granting orders forcing private companies to turn on microphones or cameras in cars, laptops, mobile phones, smart TVs, or other audio- and video-enabled Internet-connected devices in order to conduct wiretapping or visual surveillance. This pervasive sealing cripples public discussion of whether these judicial orders are lawful and appropriate."

An anonymous reader quotes a report from Ars Technica: Two lawyers and legal researchers based at Stanford University have formally asked a federal court in San Francisco to unseal numerous records of surveillance-related cases, as a way to better understand how authorities seek such powers from judges. This courthouse is responsible for the entire Northern District of California, which includes the region where tech companies such as Twitter, Apple, and Google, are based. According to the petition, Jennifer Granick and Riana Pfefferkorn were partly inspired by a number of high-profile privacy cases that have unfolded in recent years, ranging from Lavabit to Apple's battle with the Department of Justice. In their 45-page petition, they specifically say that they don't need all sealed surveillance records, simply those that should have been unsealed -- which, unfortunately, doesn't always happen automatically. The researchers wrote in their Wednesday filing: "Most surveillance orders are sealed, however. Therefore, the public does not have a strong understanding of what technical assistance courts may order private entities to provide to law enforcement. There are at least 70 cases, many under seal, in which courts have mandated that Apple and Google unlock mobile phones and potentially many more. The Lavabit district court may not be the only court to have ordered companies to turn over private encryption keys to law enforcement based on novel interpretations of law. Courts today may be granting orders forcing private companies to turn on microphones or cameras in cars, laptops, mobile phones, smart TVs, or other audio- and video-enabled Internet-connected devices in order to conduct wiretapping or visual surveillance. This pervasive sealing cripples public discussion of whether these judicial orders are lawful and appropriate."

An anonymous reader quotes a report from Ars Technica: Two lawyers and legal researchers based at Stanford University have formally asked a federal court in San Francisco to unseal numerous records of surveillance-related cases, as a way to better understand how authorities seek such powers from judges. This courthouse is responsible for the entire Northern District of California, which includes the region where tech companies such as Twitter, Apple, and Google, are based. According to the petition, Jennifer Granick and Riana Pfefferkorn were partly inspired by a number of high-profile privacy cases that have unfolded in recent years, ranging from Lavabit to Apple's battle with the Department of Justice. In their 45-page petition, they specifically say that they don't need all sealed surveillance records, simply those that should have been unsealed -- which, unfortunately, doesn't always happen automatically. The researchers wrote in their Wednesday filing: "Most surveillance orders are sealed, however. Therefore, the public does not have a strong understanding of what technical assistance courts may order private entities to provide to law enforcement. There are at least 70 cases, many under seal, in which courts have mandated that Apple and Google unlock mobile phones and potentially many more. The Lavabit district court may not be the only court to have ordered companies to turn over private encryption keys to law enforcement based on novel interpretations of law. Courts today may be granting orders forcing private companies to turn on microphones or cameras in cars, laptops, mobile phones, smart TVs, or other audio- and video-enabled Internet-connected devices in order to conduct wiretapping or visual surveillance. This pervasive sealing cripples public discussion of whether these judicial orders are lawful and appropriate."

AT&T has confirmed to ArsTechnica that it is getting rid of Internet Preferences, a controversial program that analyzed home internet customers' web browsing habits in order to serve some targeted ads. From the report:"To simplify our offering for our customers, we plan to end the optional Internet Preferences advertising program related to our fastest Internet speed tiers," an AT&T spokesperson said. "As a result, all customers on these tiers will receive the best rate we have available for their speed tier in their area. We'll begin communicating this update to customers early next week." Data collection and targeted ads will be shut off, AT&T also confirmed. Since AT&T introduced Internet Preferences for its GigaPower fiber Internet service in 2013, customers had to opt into the traffic scanning program in order to receive the lowest available rate. Customers who wanted more privacy had to pay another $29 a month for standalone Internet access; bundles including TV or phone service could cost more than $60 extra when customers didn't opt in.

The FCC has delayed a vote on a plan that would require pay-TV operators to make free TV applications, so cable subscribers will have to wait longer for an alternative to renting set-top boxes from cable companies. ArsTechnica reports:The FCC was scheduled to vote on final rules at its monthly meeting today, but the item was removed from the agenda just before the meeting began. The commission's Democratic majority still seems determined to issue new rules, but there have been objections from the cable industry and disagreements among Democratic commissioners over some of the details. "We have made tremendous progress -- and we share the goal of creating a more innovative and inexpensive market for these consumer devices," Chairman Tom Wheeler and fellow Democrats Mignon Clyburn and Jessica Rosenworcel said today in a joint statement. "We are still working to resolve the remaining technical and legal issues and we are committed to unlocking the set-top box for consumers across this country." The vote could happen at next month's meeting, but the commissioners did not promise any specific timeline.

An anonymous reader quotes a report from Ars Technica: A report by The Wall Street Journal claims that Amazon is building its own shipping service to replace FedEx and UPS, giving it more control over its packages and possibly allowing it to ship packages from other retailers. Amazon has said its own delivery services would be meant to increase its capacity during busier times of the year, like the upcoming holiday season. However, "current and former Amazon managers and business partners" claim that the company's plans are bigger than that. The initiative dubbed "Consume the City" will eventually let Amazon "haul and deliver" its own packages and those of other retailers and consumers. That delivery network would also directly compete with the likes of UPS and FedEx. It makes sense that Amazon would want to sell, ship, and deliver orders on its own. The report estimates that the company spent $11.5 billion on shipping just last year, amounting to 10.8 percent of sales. The shipping process is currently a bit convoluted: packages from Amazon warehouses get sent to one of two shipping routes, either FedEx or UPS, or to a sorting facility that lumps all packages with similar zip codes together. FedEx and UPS handle its shipments and deliver them to customers, while the packages at the sorting facilities either get delivered via USPS or by Amazon employees themselves. If Amazon were to have control over its shipments over longer distances, it's estimated that the company could save about $3 per package -- about $1.1 billion annually.

Soon after the Electronic Frontier Foundation (EFF) issued a letter to HP, calling for them to apologize to customers for releasing firmware that prevents the use of non-HP ink cartridges and refilled HP cartridges, the company has responded with a temporary solution. HP "will issue an optional firmware update that will remove the dynamic security feature" for certain OfficeJet printers. Ars Technica reports: HP made its announcement in a blog post titled "Dedicated to the best printing experience." "We updated a cartridge authentication procedure in select models of HP office inkjet printers to ensure the best consumer experience and protect them from counterfeit and third-party ink cartridges that do not contain an original HP security chip and that infringe on our IP," the company said. The recent firmware update for HP OfficeJet Pro, and OfficeJet Pro X printers "included a dynamic security feature that prevented some untested third-party cartridges that use cloned security chips from working, even if they had previously functioned," HP said. For customers who don't wish to be protected from the ability to buy less expensive ink cartridges, HP said it "will issue an optional firmware update that will remove the dynamic security feature. We expect the update to be ready within two weeks and will provide details here." This customer-friendly move may just be a one-time thing. HP said it will continue to use security features that "protect our IP including authentication methods that may prevent some third-party supplies from working." Without the optional firmware update, printers will only be able to use third-party ink cartridges that have an "original HP security chip," the company said.

Yesterday, it was reported that journalists attending the presidential debate at Hofstra University were banned from using personal hotspots and were told they had to pay $200 to access the event's Wi-Fi. The journalists were reportedly offered the option to either turn off their personal hotspots or leave the debate. Cyrus Farivar via Ars Technica is now reporting that "one of the members of the Federal Communications Commission, Jessica Rosenworcel, has asked the agency to investigate the Monday evening ban." Ars Technica reports: Earlier, Commissioner Jessica Rosenworcel tweeted, saying that something was "not right" with what Hofstra did. She cited an August 2015 order from the FCC, forcing a company called SmartCity to no longer engage in Wi-Fi blocking and to pay $750,000. Ars has since updated their report with a statement from Karla Schuster, a spokeswoman for Hofstra University: The Commission on Presidential Debates sets the criteria for services and requires that a completely separate network from the University's network be built to support the media and journalists. This is necessary due to the volume of Wi-Fi activity and the need to avoid interference. The Rate Card fee of $200 for Wi-Fi access is to help defray the costs and the charge for the service does not cover the cost of the buildout. For Wi-Fi to perform optimally the system must be tuned with each access point and antenna. When other Wi-Fi access points are placed within the environment the result is poorer service for all. To avoid unauthorized access points that could interfere, anyone who has a device that emits RF frequency must register the device. Whenever a RF-emitting device was located, the technician notified the individual to visit the RF desk located in the Hall. The CPD RF engineer would determine if the device could broadcast without interference.

Yesterday, it was reported that journalists attending the presidential debate at Hofstra University were banned from using personal hotspots and were told they had to pay $200 to access the event's Wi-Fi. The journalists were reportedly offered the option to either turn off their personal hotspots or leave the debate. Cyrus Farivar via Ars Technica is now reporting that "one of the members of the Federal Communications Commission, Jessica Rosenworcel, has asked the agency to investigate the Monday evening ban." Ars Technica reports: Earlier, Commissioner Jessica Rosenworcel tweeted, saying that something was "not right" with what Hofstra did. She cited an August 2015 order from the FCC, forcing a company called SmartCity to no longer engage in Wi-Fi blocking and to pay $750,000. Ars has since updated their report with a statement from Karla Schuster, a spokeswoman for Hofstra University: The Commission on Presidential Debates sets the criteria for services and requires that a completely separate network from the University's network be built to support the media and journalists. This is necessary due to the volume of Wi-Fi activity and the need to avoid interference. The Rate Card fee of $200 for Wi-Fi access is to help defray the costs and the charge for the service does not cover the cost of the buildout. For Wi-Fi to perform optimally the system must be tuned with each access point and antenna. When other Wi-Fi access points are placed within the environment the result is poorer service for all. To avoid unauthorized access points that could interfere, anyone who has a device that emits RF frequency must register the device. Whenever a RF-emitting device was located, the technician notified the individual to visit the RF desk located in the Hall. The CPD RF engineer would determine if the device could broadcast without interference.

HP should apologize to customers and restore the ability of printers to use third-party ink cartridges, the Electronic Frontier Foundation (EFF) said in a letter to the company's CEO yesterday. From an ArsTechnica report:HP has been sabotaging OfficeJet Pro printers with firmware that prevents use of non-HP ink cartridges and even HP cartridges that have been refilled, forcing customers to buy more expensive ink directly from HP. The self-destruct mechanism informs customers that their ink cartridges are "damaged" and must be replaced. "The software update that prevented the use of third-party ink was reportedly distributed in March, but this anti-feature itself wasn't activated until September," EFF Special Advisor Cory Doctorow wrote in a letter to HP Inc. CEO Dion Weisler. "That means that HP knew, for at least six months, that some of its customers were buying your products because they believed they were compatible with any manufacturer's ink, while you had already planted a countdown timer in their property that would take this feature away. Your customers will have replaced their existing printers, or made purchasing recommendations to friends who trusted them on this basis. They are now left with a less useful printer -- and possibly a stockpile of useless third-party ink cartridges."

In an effort to appeal to more young voters, U.S. Republican presidential nominee Donald Trump has unveiled a "geofilter" ad campaign for Snapchat that slaps on the banner phrase "Donald J. Trump vs. Crooked Hillary" to a user's photo and video Snaps. Ars Technica reports: "The ad rolled out to American Snapchat users today, just ahead of the 2016 presidential election's first major debate between Trump and Hillary Clinton (the debate starts tonight at 9pm EDT). The ad joins the usual geofilter available to Snapchat users, which usually list the name of a city or a nearby event as determined by GPS and time information. The campaign differs from the deluge of text, photo, and video ads that politicans have relied on in recent years, as it doesn't publish or display to the public without a personal photo or video attached. While other political campaigns have paid for geofilter ad campaigns on Snapchat in the past, including Clinton and Bernie Sanders, those have been timed and targeted for smaller-scale events like political conventions and primary voting periods. In a statement to CNN, the Clinton campaign said that Trump was "throwing his money into a fire pit," and it pointed out the ad's potential for backfiring, since "given Trump's deep unpopularity with young voters, [the ad's phrasing] will be used mainly at [his] own expense."

An anonymous reader quotes a report from Ars Technica: Microsoft has announced that the next major update to Windows 10 will run its Edge browser in a lightweight virtual machine. Running the update in a virtual machine will make exploiting the browser and attacking the operating system or compromising user data more challenging. Called Windows Defender Application Guard for Microsoft Edge, the new capability builds on the virtual machine-based security that was first introduced last summer in Windows 10. Windows 10's Virtualization Based Security (VBS) uses small virtual machines and the Hyper-V hypervisor to isolate certain critical data and processes from the rest of the system. The most important of these is Credential Guard, which stores network credentials and password hashes in an isolated virtual machine. This isolation prevents the popular MimiKatz tool from harvesting those password hashes. In turn, it also prevents a hacker from breaking into one machine and then using stolen credentials to spread to other machines on the same network. Credential Guard's virtual machine is very small and lightweight, running only a relatively simple process to manage credentials. Application Guard will go much further by running large parts of the Edge browser within a virtual machine. This virtual machine won't, however, need a full operating system running inside it -- just a minimal set of Windows features required to run the browser. Because Application Guard is running in a virtual machine it will have a much higher barrier between it and the host platform. It can't see other processes, it can't access local storage, it can't access any other installed applications, and, critically, it can't attack the kernel of the host system. In its first iteration, Application Guard will only be available for Edge. Microsoft won't provide an API or let other applications use it. As with other VBS features, Application Guard will also only be available to users of Windows 10 Enterprise, with administrative control through group policies. Administrators will be able to mark some sites as trusted, and those sites won't use the virtual machine. Admins also be able to control whether untrusted sites can use the clipboard or print.

New submitter Rick Schumann shares with us a report highlighting an analogy presented by an ISP that relates Double Stuf Oreos to the internet. Specifically, that Double Stuf Oreos cost more than regular Oreos, and therefore you should pay more for internet: The Consumerist reports: "Ars Technica first spotted the crumbly filing, from small (and much-loathed) provider Mediacom. Mediacom's comment is in response to the same proceeding that Netflix commented on earlier this month. However, while Netflix actually addressed data and the ways in which their customers use it, Mediacom went for the more metaphor-driven approach. The letter literally starts out under the header, 'You Have to Pay Extra For Double-Stuffed,' and posits that you, the consumer, are out for a walk with $2 in your pocket when you suddenly develop a ferocious craving for Oreo cookies." Of course their analogy is highly questionable, since transmitting data over a network doesn't actually consume anything, now does it? You eat the cookie, the cookie is gone, but you transmit data over a network, the network is still there and can transmit data endlessly. Mediacom's assertion that the Internet is like a cookie you eat, is like saying copying a file on your computer somehow diminishes or degrades the original file, which of course is ridiculous.

Dan Goodin, reporting for ArsTechnica: A social hangout website for teenage girls has sprung a leak that's exposing plaintext passwords protecting as many as 5.5 million user accounts. As this post went live, all attempts to get the leak plugged had failed. Operators of i-Dressup didn't respond to messages sent by Ars informing them that a hacker has already downloaded more than 2.2 million of the improperly stored account credentials. The hacker said it took him about three weeks to obtain the cache and that there's nothing stopping him or others from downloading the entire database of slightly more than 5.5 million entries. The hacker said he acquired the e-mail addresses and passwords by using a SQL injection attack that exploited vulnerabilities in the i-Dressup website. The hacker provided the 2.2 million account credentials both to Ars and breach notification service Have I Been Pwned?. By plugging randomly selected e-mail addresses into the forgotten password section of i-Dressup, both Ars and Have I Been Pwned? principal Troy Hunt found that they all were used to register accounts on the site. Ars then used the contact us page on i-Dressup to privately notify operators of the vulnerability, but more than five days later, no one has responded and the bug remains unfixed.

An anonymous reader quotes a report from Ars Technica: For the better part of a day, KrebsOnSecurity, arguably the world's most intrepid source of security news, has been silenced, presumably by a handful of individuals who didn't like a recent series of exposes reporter Brian Krebs wrote. The incident, and the record-breaking data assault that brought it on, open a troubling new chapter in the short history of the Internet. The crippling distributed denial-of-service attacks started shortly after Krebs published stories stemming from the hack of a DDoS-for-hire service known as vDOS. The first article analyzed leaked data that identified some of the previously anonymous people closely tied to vDOS. It documented how they took in more than $600,000 in two years by knocking other sites offline. A few days later, Krebs ran a follow-up piece detailing the arrests of two men who allegedly ran the service. A third post in the series is here. On Thursday morning, exactly two weeks after Krebs published his first post, he reported that a sustained attack was bombarding his site with as much as 620 gigabits per second of junk data. That staggering amount of data is among the biggest ever recorded. Krebs was able to stay online thanks to the generosity of Akamai, a network provider that supplied DDoS mitigation services to him for free. The attack showed no signs of waning as the day wore on. Some indications suggest it may have grown stronger. At 4 pm, Akamai gave Krebs two hours' notice that it would no longer assume the considerable cost of defending KrebsOnSecurity. Krebs opted to shut down the site to prevent collateral damage hitting his service provider and its customers. The assault against KrebsOnSecurity represents a much greater threat for at least two reasons. First, it's twice the size. Second and more significant, unlike the Spamhaus attacks, the staggering volume of bandwidth doesn't rely on misconfigured domain name system servers which, in the big picture, can be remedied with relative ease. The attackers used Internet-of-things devices since they're always-connected and easy to "remotely commandeer by people who turn them into digital cannons that spray the internet with shrapnel." "The biggest threats as far as I'm concerned in terms of censorship come from these ginormous weapons these guys are building," Krebs said. "The idea that tools that used to be exclusively in the hands of nation states are now in the hands of individual actors, it's kind of like the specter of a James Bond movie." While Krebs could retain a DDoS mitigation service, it would cost him between $100,000 and $200,000 per year for the type of protection he needs, which is more than he can afford. What's especially troubling is that this attack can happen to many other websites, not just KrebsOnSecurity.

An anonymous reader quotes a report from Ars Technica: The federal judge who presided over the Google-Oracle API copyright infringement trial excoriated one of Oracle's lawyers Thursday for disclosing confidential information in open court earlier this year. The confidential information included financial figures stating that Google generated $31 billion in revenue and $22 billion in profits from the Android operating system in the wake of its 2008 debut. The Oracle attorney, Annette Hurst, also revealed another trade secret: Google paid Apple $1 billion in 2014 to include Google search on iPhones. Judge William Alsup of San Francisco has been presiding over the copyright infringement trial since 2010, when Oracle lodged a lawsuit claiming that Google's Android operating system infringed Oracle's Java APIs. After two trials and various trips to the appellate courts, a San Francisco federal jury concluded in May that Google's use of the APIs amounted to fair use. Oracle's motion before Alsup for a third trial is pending. Oracle argues that Google tainted the verdict by concealing a plan to extend Android on desktop and laptop computers. As this legal saga was playing out, Hurst blurted out the confidential figures during a January 14 pre-trial hearing, despite those numbers being protected by a court order. The transcript of that proceeding has been erased from the public record. But the genie is out of the bottle. Google lodged a motion (PDF) for sanctions and a contempt finding against Hurst for unveiling a closely guarded secret of the mobile phone wars. During a hearing on that motion Thursday, Judge Alsup had a back-and-forth with Hurst's attorney, former San Francisco U.S. Attorney Melinda Haag. According to the San Francisco legal journal The Recorder, Haag said that her client Hurst -- of the law firm Orrick, Herrington and Sutcliffe -- should not be sanctioned because of "one arguable mistake made through the course of a very complex litigation."

An anonymous reader quotes a report from Ars Technica: Since its introduction, TypeScript has included new features to improve performance, enhance JavaScript compatibility, and extend the range of error checking that the TypeScript compiler performs. TypeScript 2.0 introduces a big step forward here by giving developers greater control over null values. null, used to denote (in some broad, hand-waving sense) that a variable holds no value at all, has been called the billion dollar mistake. Time and time again, programs trip up by not properly checking to see if a variable is null, and for good or ill, every mainstream programming language continues to support the null concept. TypeScript 2.0 brings a range of new features, but the biggest is control over these null values. With TypeScript 2.0, programmers can opt into a new behavior that by default prevents values from being null. With this option enabled, variables by default will be required to have a value and can't be set to null accidentally. This in turn allows the compiler to find other errors such as variables that are never initialized.

Charter is trying to convince the Federal Communications Commission to backtrack on a plan that would force cable providers to charge a separate fee for cable modems, an anonymous writes, citing an ArsTechnica report. From the article: Charter is unusual compared to other cable companies in that it doesn't tack on a cable modem rental fee when offering Internet service. But FCC officials don't think that's good for consumers, because the price of Charter Internet service is the same whether a customer uses a Charter modem or buys their own. FCC Chairman Tom Wheeler's latest proposal for new cable box rules would require companies to list fees for equipment used to access video. The FCC is clearly hoping that Charter will create a separate fee for cable modems and lower the base price of Internet service by a corresponding amount, thus letting customers save money in the long run by purchasing their own modems. (Separately from modems, Charter already charges monthly fees for the use of its TV set-top boxes.) "As part of the proposal, all pay-TV providers are required to be fully transparent about the cost consumers pay for leased equipment used to access video programming," an FCC spokesperson told Ars. "The goal is to uncover hidden fees and give consumers the ability to make informed choices. If a consumer chooses to purchase their own equipment at retail, our rules would require they no long have to pay for the built-in cost on their bill. We look forward to input from the Commissioners on this aspect of the proposal."

A federal appeals court ruled this week against Defense Distributed, the Texas organization that promotes 3D-printed guns, in a lawsuit that it brought last year against the State Department. In a 2-1 decision, the 5th Circuit Court of Appeals was not persuaded that Defense Distributed's right to free speech under the First Amendment outweighs national security concerns. From an ArsTechnica report: The majority concluded: 'Ordinarily, of course, the protection of constitutional rights would be the highest public interest at issue in a case. That is not necessarily true here, however, because the State Department has asserted a very strong public interest in national defense and national security. Indeed, the State Department's stated interest in preventing foreign nationals -- including all manner of enemies of this country -- from obtaining technical data on how to produce weapons and weapon parts is not merely tangentially related to national defense and national security; it lies squarely within that interest.'