Slashdot Mirror

An anonymous reader writes: Online stock media library Getty Images is facing a $1 billion lawsuit from an American photographer for illegally selling copyright for thousands of photos. The Seattle-based company has been sued by documentary photographer Carol Highsmith for 'gross misuse', after it sold more than 18,000 of her photos despite having already donated them for public use. Highsmith's photos which were sold via Getty Images had been available for free via the Library of Congress. Getty has now been accused of selling unauthorized licenses of the images, not crediting the author, and for also sending threatening warnings and fines to those who had used the pictures without paying for the falsely imposed copyright.ArsTechnica has more details.

If you are planning to purchase the Moto Z or a Moto G4 smartphone, be prepared to not see security updates rolling out to your phone every month -- and in a timely fashion. After Ars Technica called out Motorola's security policy as "unacceptable" and "insecure," in a recent review, the company tried to handle the PR disaster, but later folded. In a statement to the publication, the company said: Motorola understands that keeping phones up to date with Android security patches is important to our customers. We strive to push security patches as quickly as possible. However, because of the amount of testing and approvals that are necessary to deploy them, it's difficult to do this on a monthly basis for all our devices. It is often most efficient for us to bundle security updates in a scheduled Maintenance Release (MR) or OS upgrade. As we previously stated, Moto Z Droid Edition will receive Android Security Bulletins. Moto G4 will also receive them.Monthy security updates -- or the lack thereof -- remains one of the concerning issues that plagues the vast majority of Android devices. Unless it's a high-end smartphone, it is often rare to see the smartphone OEM keep the device's software updated for more than a year. Even with a flagship phone, the software update -- and corresponding security patches -- are typically guaranteed for only 18 to 24 months. Reports suggest that Google has been taking this issue seriously, and at some point, it was considering publicly shaming its partners that didn't roll out security updates to their respective devices fast enough.

Cyrus Farivar, reporting for Ars Technica: As a new way to connect with his fans, Jack Johnson -- one half of the pop-rap duo Jack & Jack, not to be confused with the laid back Hawaiian singer-songwriter of the same name -- has spent the last month soliciting social media passwords. Using the hashtag #HackedByJohnson, the performer has tweeted at his fans to send him their passwords. (Why he didn't go for the shorter and catchier #JackHack, we'll never know.) Then, Johnson posts under his fans' Twitter accounts, leaving a short personalized message, as them. While Johnson and his fans likely find this password sharing silly and innocuous, legal experts say that Jack Johnson, 20, may be opening himself up to civil or criminal liability under the Computer Fraud and Abuse Act, a notorious anti-hacking statute that dates back to the 1980s. "While the entertainer in question likely considers this password collection to be a harmless personalized promotional activity, there may indeed be legal implication of both the fans' and the entertainer's conduct," Andrea Matwyshyn, a law professor at Northeastern University, told Ars.

An anonymous reader shares a report on 9to5Mac: A second federal judge has ruled that a suspect can be compelled to unlock their iPhone using their fingerprint in order to give investigators access to data which can be used as evidence against them. The first time this ever happened in a federal case was back in May, following a District Court ruling in 2014. The legal position of forcing suspects to use their fingerprints to unlock devices won't be known with certainty until a case reaches the U.S. Supreme Court, but lower court rulings so far appear to establish a precedent which is at odds with that concerning passcodes. Most constitutional experts appear to believe that the Fifth Amendment prevents a suspect from being compelled to reveal a password or passcode, as this would amount to forced self-incrimination -- though even this isn't certain. Fingerprints, in contrast, have traditionally been viewed as 'real or physical evidence,' meaning that police are entitled to take them without permission.Ars Technica has more details.

An anonymous reader shares a report on 9to5Mac: A second federal judge has ruled that a suspect can be compelled to unlock their iPhone using their fingerprint in order to give investigators access to data which can be used as evidence against them. The first time this ever happened in a federal case was back in May, following a District Court ruling in 2014. The legal position of forcing suspects to use their fingerprints to unlock devices won't be known with certainty until a case reaches the U.S. Supreme Court, but lower court rulings so far appear to establish a precedent which is at odds with that concerning passcodes. Most constitutional experts appear to believe that the Fifth Amendment prevents a suspect from being compelled to reveal a password or passcode, as this would amount to forced self-incrimination -- though even this isn't certain. Fingerprints, in contrast, have traditionally been viewed as 'real or physical evidence,' meaning that police are entitled to take them without permission.Ars Technica has more details.

An anonymous reader writes: Android Police is reporting that the Android software company Cyanogen Inc. will be laying off 20 percent of its workforce, and will transition from OS development to applications. The Android Police report says "roughly 30 out of the 136 people Cyanogen Inc. employs" are being cut, and that the layoffs "most heavily impact the open source arm" of the company. Android Police goes on to say that CyanogenMod development by Cyanogen Inc "may be eliminated entirely." Ars Technica notes the differences between each "Cyanogen" branding. Specifically, CyanogenMod is a "free, open source, OS heavily based on Android and compatible with hundreds of devices," while Cyanogen Inc. is "a for-profit company that aims to sell Cyanogen OS to OEMs." It appears that many of the core CyanogenMod developers will no longer be paid to work on CyanogenMod, though the community is still free to develop the software." Android Police details the firing process in their report: "Layoffs reportedly came after a long executive retreat for the company's leaders and were conducted with no advanced notice. Employees who were not let go were told not to show up to work today. Those who did show up were the unlucky ones: they had generic human resources meetings rather ominously added to their calendars last night. So, everyone who arrived at Cyanogen Inc. in Seattle this morning did so to lose their job (aside from those conducting the layoffs)." Early last year, Microsoft invested in a roughly $70 million round of equity financing for the then-startup Cyanogen Inc. Not too long before that, Google tried to acquire Cyanogen Inc., but the company turned down Google's offer to seek funding from investors and major tech companies at a valuation of around $1 billion. Cyanogen Inc. CEO Kirt McMaster once said the company was "attempting to take Android away from Google" and that it was "putting a bullet through Google's head."

UPDATE 7/25/16: Cyanogen CEO and cofounder Kirt McMaster took to Twitter to dispel some of the rumors, tweeting: "Cyanogen NOT pivoting to apps. We are an OS company and our mission of creating an OPEN ANDROID stands. FALSE reporting was outstanding."

Peter Dockrill, reporting for ScienceAlert: For something that's hypothesised to make up more than 80 percent of the mass of the entire universe, it's no easy thing to detect the existence of dark matter. That's the conclusion the world is coming to today, after scientists announced that a massive $10 million experiment to find traces of elusive dark matter particles had failed after an exhaustive 20-month search. "We've probed previously unexplored regions of parameter space with the aim of making the first definitive discovery of dark matter," said physicist Cham Ghag from University College London in the UK, one of the scientists who took part in the Large Underground Xenon (LUX) project based in South Dakota. "Though a positive signal would have been welcome, nature was not so kind! Nonetheless, a null result is significant as it changes the landscape of the field by constraining models for what dark matter could be beyond anything that existed previously."Ars Technica has more details.

Verizon Wireless customers who have an unlimited data plan and use significantly more than 100GB a month will soon be disconnected from the network unless they agree to move to limited data packages that require payment of overage fees. Ars Technica reports: Verizon stopped offering unlimited data to new smartphone customers a few years ago, but some customers have been able to hang on to the old plans instead of switching to ones with monthly data limits. Verizon has tried to convert the holdouts by raising the price $20 a month and occasionally throttling heavy users but stopped that practice after net neutrality rules took effect. Now Verizon is implementing a formal policy for disconnecting the heaviest users.In a statement, Verizon said: "Because our network is a shared resource and we need to ensure all customers have a great mobile experience with Verizon, we are notifying a very small group of customers on unlimited plans who use an extraordinary amount of data that they must move to one of the new Verizon Plans by August 31, 2016." a Verizon spokesperson told Ars. "These users are using data amounts well in excess of our largest plan size (100GB). While the Verizon Plan at 100GB is designed to be shared across multiple users, each line receiving notification to move to the new Verizon Plan is using well in excess of that on a single device." FYI: The 100GB plan costs $450 a month.

An anonymous reader writes from a report via The Verge: Corning has unveiled their new Gorilla Glass 5, which should make its way to high-end smartphones and other electronic devices later this year and into 2017. Gorilla Glass 5 is designed to improve drop performance from devices that are dropped onto rough surfaces from waist heigh to shoulder height. Corning says it can survive up to 80 percent of the time when dropped from 1.6 meters. For comparison, Gorilla Glass 4, which was released in the fall of 2014, was marketed as being twice as tough as the previous version and twice as likely to survive drops onto uneven surfaces from about a meter high. Some things to note include the fact that in Corning's tests, the 80 percent survival rate was with pieces of glass that were 0.6mm thick -- Corning now makes glass as thin as 0.4mm. Depending on how thin manufacturers want the glass in their devices, the durability results may vary. Also, most of demos consisted of dropping the glass face down, rather than on its side or corner. Corning's vice president and general manger John Bayne said if the glass is dropped in such a way, it's going to depend on the overall design of the phone, not just the glass. Gorilla Glass 5 is currently in production, though the company says we'll hear more about it "in the next few months." There's no word as to whether or not the glass will be ready in time for the wave of devices expected this fall.

An anonymous reader quotes a report from Ars Technica: Federal authorities announced on Wednesday the arrest of the alleged mastermind of KickassTorrents (KAT), the world's largest BitTorrent distribution site. As of this writing, the site is still up. Prosecutors have formally charged Artem Vaulin, 30, of Ukraine, with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement. Like The Pirate Bay, KAT does not host individual infringing files but rather provides links to .torrent and .magnet files so that users can download unauthorized copies of TV shows, movies, and more from various BitTorrent users. According to a Department of Justice press release sent to Ars Technica, Vaulin was arrested on Wednesday in Poland. The DOJ will shortly seek his extradition to the United States. "Vaulin is charged with running today's most visited illegal file-sharing website, responsible for unlawfully distributing well over $1 billion of copyrighted materials," Assistant Attorney General Caldwell said in the statement. "In an effort to evade law enforcement, Vaulin allegedly relied on servers located in countries around the world and moved his domains due to repeated seizures and civil lawsuits. His arrest in Poland, however, demonstrates again that cybercriminals can run, but they cannot hide from justice." KickassTorrents added a dark web address last month to make it easier for users to bypass blockades installed by ISPs.

Dan Goodin, reporting for Ars Technica: A newly disclosed vulnerability could allow attackers to seize control of mobile phones and key parts of the world's telecommunications infrastructure and make it possible to eavesdrop or disrupt entire networks, security experts warned Tuesday. The bug resides in a code library used in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones. Although exploiting the heap overflow vulnerability would require great skill and resources, attackers who managed to succeed would have the ability to execute malicious code on virtually all of those devices. The code library was developed by Pennsylvania-based Objective Systems and is used to implement a telephony standard known as ASN.1, short for Abstract Syntax Notation One."The vulnerability could be triggered remotely without any authentication in scenarios where the vulnerable code receives and processes ASN.1 encoded data from untrusted sources," researchers who discovered the flaw wrote in an advisory published Monday evening. "These may include communications between mobile devices and telecommunication network infrastructure nodes, communications between nodes in a carrier's network or across carrier boundaries, or communication between mutually untrusted endpoints in a data network."

When it was first created, Skype network was built as a decentralized peer-to-peer system. PCs that had enough processing muscle and bandwidth acted as "supernodes," and coordinated connections between other machines on the network. This p2p system was generally perceived as being relatively private, a belief that has since been debunked. There were several technical challenges, which led Microsoft to move most of Skype's operations to the cloud. Ars Technica is reporting that the company has finalized the switch. From the article: Microsoft has developed a more conventional client-server network, with clients that act as pure clients and dedicated cloud servers. The company is starting to transition to this network exclusively. This transition means that old peer-to-peer Skype clients will cease to work. Clients for the new network will be available for Windows XP and up, OS X Yosemite and up, iOS 8 and up, and Android 4.03 and up. However, certain embedded clients -- in particular, those integrated into smart TVs and available for the PlayStation 3 -- are being deprecated, with no replacement. Microsoft says that since those clients are little used and since almost every user of those platforms has other Skype-capable devices available, it is no longer worth continuing to support them.The issue, as the report points out, is that Microsoft is strangely not talking about privacy and security concerns. The article adds: The Ed Snowden leaks raised substantial questions about the privacy of services such as Skype and have caused an increasing interest in platforms that offer end-to-end encryption. The ability to intercept or wiretap Skype came as a shock to many, especially given Skype's traditionally peer-to-peer infrastructure. Accordingly, we've seen similar services such as iMessage, WhatsApp, and even Facebook Messenger, start introducing end-to-end encryption. The abandonment of Skype's peer-to-peer system can only raise suspicions here.Matthew Green, who teaches cryptography at Johns Hopkins, said: "The surprising thing here is not that Microsoft can intercept Skype calls (duh) but that they won't just admit it."

When it was first created, Skype network was built as a decentralized peer-to-peer system. PCs that had enough processing muscle and bandwidth acted as "supernodes," and coordinated connections between other machines on the network. This p2p system was generally perceived as being relatively private, a belief that has since been debunked. There were several technical challenges, which led Microsoft to move most of Skype's operations to the cloud. Ars Technica is reporting that the company has finalized the switch. From the article: Microsoft has developed a more conventional client-server network, with clients that act as pure clients and dedicated cloud servers. The company is starting to transition to this network exclusively. This transition means that old peer-to-peer Skype clients will cease to work. Clients for the new network will be available for Windows XP and up, OS X Yosemite and up, iOS 8 and up, and Android 4.03 and up. However, certain embedded clients -- in particular, those integrated into smart TVs and available for the PlayStation 3 -- are being deprecated, with no replacement. Microsoft says that since those clients are little used and since almost every user of those platforms has other Skype-capable devices available, it is no longer worth continuing to support them.The issue, as the report points out, is that Microsoft is strangely not talking about privacy and security concerns. The article adds: The Ed Snowden leaks raised substantial questions about the privacy of services such as Skype and have caused an increasing interest in platforms that offer end-to-end encryption. The ability to intercept or wiretap Skype came as a shock to many, especially given Skype's traditionally peer-to-peer infrastructure. Accordingly, we've seen similar services such as iMessage, WhatsApp, and even Facebook Messenger, start introducing end-to-end encryption. The abandonment of Skype's peer-to-peer system can only raise suspicions here.Matthew Green, who teaches cryptography at Johns Hopkins, said: "The surprising thing here is not that Microsoft can intercept Skype calls (duh) but that they won't just admit it."

When it was first created, Skype network was built as a decentralized peer-to-peer system. PCs that had enough processing muscle and bandwidth acted as "supernodes," and coordinated connections between other machines on the network. This p2p system was generally perceived as being relatively private, a belief that has since been debunked. There were several technical challenges, which led Microsoft to move most of Skype's operations to the cloud. Ars Technica is reporting that the company has finalized the switch. From the article: Microsoft has developed a more conventional client-server network, with clients that act as pure clients and dedicated cloud servers. The company is starting to transition to this network exclusively. This transition means that old peer-to-peer Skype clients will cease to work. Clients for the new network will be available for Windows XP and up, OS X Yosemite and up, iOS 8 and up, and Android 4.03 and up. However, certain embedded clients -- in particular, those integrated into smart TVs and available for the PlayStation 3 -- are being deprecated, with no replacement. Microsoft says that since those clients are little used and since almost every user of those platforms has other Skype-capable devices available, it is no longer worth continuing to support them.The issue, as the report points out, is that Microsoft is strangely not talking about privacy and security concerns. The article adds: The Ed Snowden leaks raised substantial questions about the privacy of services such as Skype and have caused an increasing interest in platforms that offer end-to-end encryption. The ability to intercept or wiretap Skype came as a shock to many, especially given Skype's traditionally peer-to-peer infrastructure. Accordingly, we've seen similar services such as iMessage, WhatsApp, and even Facebook Messenger, start introducing end-to-end encryption. The abandonment of Skype's peer-to-peer system can only raise suspicions here.Matthew Green, who teaches cryptography at Johns Hopkins, said: "The surprising thing here is not that Microsoft can intercept Skype calls (duh) but that they won't just admit it."

An anonymous reader writes from a report via Ars Technica: Jonny Smith now has the world's fastest street-legal electric car, called the Flux Capacitor. Previously, the Flux Capacitor was only Europe's fastest street-legal electric vehicle, with a less than 11 second, 1/4-mile time under it's belt. Now it can run the quarter-mile in 9.87 seconds, thanks to the extra 44 cells added to the existing 144-cell Hyperdrive Innovation lithium-ion battery pack. That has boosted the car from 370v to 400v and the range from about 30 miles (48km) to about 50 miles (80km). "The combination of big voltage, amps, and phenomenal grip gave us early ten-second quarter miles, and when we braved the RPM limit of the motors, we managed a nine [second run]," Smith told Ars Technica. "Despite all of this power and speed, the little Enfield still felt smooth, stable, and happy, which is unbelievable given that it was designed to do 40 miles an hour."

Slashdot reader disccomp shares an article from Ars Technica: In an advisory posted Wednesday, Juniper officials said they just fixed a bug in the company's Junos operating system that allowed adversaries to masquerade as trusted parties. The impersonation could be carried out by presenting a forged cryptographic certificate that was signed by the attacker rather than by a trusted certificate authority that normally vets the identity of the credential holder...

"It seems that Junos was accepting specially crafted, invalid certificates as trusted," said Stephen Checkoway, a computer scientist at the University of Illinois at Chicago who recently focused on security in Juniper products. "This would enable anyone to create a VPN connection and gain access to the private network, e.g., a private, corporate network."

MojoKid writes from a report via HotHardware: Following rumors of a more powerful console in Sony's not-too-distant future -- one that will be capable of playing games at a 4K resolution -- the Japanese electronics maker last month opted to confirm it is indeed in development. Called PlayStation 4 Neo, the upgraded system will bring better hardware to the console scene to meet the needs of gaming on a television with four times as many pixels as a Full HD 1080p display. What's it going to take to game at 4K in the living room? A leaked internal document outlines some very interesting specs of the new model PS4 console. Assuming the leaked document is up to date with Sony's current plans, the PS4 Neo will use the same Jaguar cores as the original PS4, but clocked 500MHz faster, with 8 cores at 2.1GHz (up from 1.6GHz). The more significant upgrade will be the GPU. According to the slide, the PS4 Neo will use an improved version of AMD's GCN compute units (CUs), with twice the number of CUs at 36 instead of 18. They'll also be clocked faster -- 911MHz versus 800MHz. The net result is a 2.3x improvement in floating point performance.

Everytime an app gets insanely popular, vicious minds try to capitalize on the momentum -- and history suggests, Android is their most-targetted platform. So it wasn't really a big surprise when security researchers at Eset announced on Friday that at least three fake, possibly malicious Pokemon Go app have made it to Google Play, Android's marquee app store. From an Ars Technica report: Of the three, the one titled "Pokemon Go Ultimate" posed the biggest threat because it deliberately locks the screen of devices immediately after being installed. In many cases, restarting an infected phone isn't enough to unlock the screen. Infected phones can ultimately be unlocked either by removing the battery or by using the Android Device Manager. Once the screen has been unlocked and the device has restarted, the app -- which by now has the title PI Network --is removed from the device's app menu. Still, it continues to run in the background and surreptitiously clicks on ads in an attempt to generate revenue for its creators. Eset discovered two other fake Pokemon Go apps inhabiting Google Play, one named "Guide & Cheats for Pokemon Go" and the other "Install Pokemongo." Both deliver ads carrying fraudulent, scary-sounding messages that are designed to trick users into buying expensive, unnecessary services. One such message claims the device is infected with malware and prompts the user to spend money to get the malicious apps removed.

Jon Brodkin, reporting for Ars Technica: Comcast's Internet Essentials program that provides $10-per-month Internet service to low-income families has been expanded to make about 1.3 million additional households eligible. Comcast created Internet Essentials in order to secure approval of its acquisition of NBCUniversal in 2011 and has decided to continue it indefinitely even though the requirement expired in 2014. Comcast says the 10Mbps plan has connected more than 600,000 low-income families since 2011, for a total of 2.4 million adults and children, and provided 47,000 subsidized computers for less than $150 each. Advocates for the poor have complained that the Internet Essentials service is too hard to sign up for, in part because of problems with the application process but also because it's usually only available to families with kids in school. That latter issue is what Comcast addressed today, announcing that "adults without a child eligible for the National School Lunch Program will be eligible to apply for Internet Essentials." Previously, pilot programs gave access to some low-income seniors and low-income community college students, but this is the first time that Internet Essentials will be available to adults without children nationwide.

MarkWhittington writes: Eric Berger has published an account in Ars Technica about how President Jimmy Carter saved the space shuttle program. The article is well worth reading for its detail. In essence, around 1978 the space shuttle program had undergone a crisis with technical challenges surrounding its heat-resistant tiles and its reusable rocket engines and cost overruns. President Carter was not all that enthused about human space flight to begin with, adhering to the since discredited notion that robotic space probes were adequate for exploring the universe. His vice president, Walter Mondale, was a vehement foe of human space flight programs, maintaining that money spent on them were better used for social programs.

An anonymous reader writes from a report via Ars Technica: British Prime Minister Theresa May has given a stern warning to big business, telling the public to "think not of the powerful, but you." Specifically, she singled out Google and Amazon for dodging taxes and creating a lot of parliamentary scrutiny. Ars Technica reports: "May has been quick to stamp her brand of conservatism on her party by letting go of key members of Cameron's cabinet. She has so far sacked big hitters such as chancellor of the exchequer George Osborne, justice secretary Michael Gove, and culture secretary John Whittingdale. Philip Hammond now has the keys to Number 11, but we're still waiting to hear who will replace Whittingdale, whose remit included the rollout of super fast broadband in the UK. He's also the man behind the White Paper on the future of the BBC, which sought radical changes at the public service broadcaster. So far, 10 cabinet positions have been announced by May. They include Justine Greening as secretary of state for education, and Liz Truss becomes justice secretary, while former London mayor and key Brexit campaigner Boris Johnson -- to the surprise of many -- now heads up the foreign office. May has handed her home secretary job to Amber Rudd -- who will now be responsible for the government's push for greater online surveillance laws. Rudd was previously the minister for energy and climate change." David Davis is now in charge of withdrawing the UK from the European Union. David has for many years "opposed the government's attempts to bring in a so-called Snoopers' Charter." Ars Technica writes, "He's also currently suing the UK government over DRIPA -- legislation that was rushed through by the Tories after the European Court of Justice had ruled that the Data Retention Directive was invalid for failing to have adequate privacy safeguards in place."

An anonymous reader writes: Based largely on a proposal from Unicode Consortium member Google, Unicode Consortium has announced plans to support new emoji aimed at promoting gender equality. There will be "11 new 'professional' emoji [that] will depict both men and women performing different jobs, and there will be both male and female versions of 33 existing emoji that currently depict either a man or a women but not both," writes Ars Technica. "The new professions include, in the Unicode Consortium's words: a farmer, welder, mechanic, health worker, scientist, coder, business worker, chef, student, teacher, and rockstar." What's unusual about the new emoji is that they're created using combinations of existing emoji to avoid waiting for Unicode version 10.0 to be finalized in June of 2017. By using a special "zero-width joiner" (ZWJ) character between two or more emoji, operating systems that support it know to put out a different composite emoji rather than a series of separate emoji. "The new emoji for professions start with either a man or woman emoji, then a ZWJ character, then another character related to the job," reports Ars. "Emoji that were previously one specific gender (the dancing woman or the man running) can be joined to a male or female symbol with a ZWJ character to create emoji of either gender. And all of these emoji can be combined with the existing skin tone modifiers to produce diverse versions of either gender." We may see these combined emoji before the end of the year as software companies begin to integrate them into their operating systems.

Valve is finally addressing the last week's Counter-Strike gambling scandal. The game maker and Steam operator says that it does not directly profit from these gambling sites' actions. In a statement, Valve's Erik Johnson said the following: We have no business relationships with any of these sites. We have never received any revenue from them. And Steam does not have a system for turning in-game items into real world currency. Johnson added that gambling sites work by creating and maintaining their own Steam accounts, which are used to conduct virtual item trading. He adds:Using the OpenID API and making the same web calls as Steam users to run a gambling business is not allowed by our API nor our user agreements.Steam's user agreement includes a passage that forbids "exploiting the Content and Services or any of its parts for any commercial purpose, except as expressly permitted elsewhere in this Agreement." The company won't block these websites, but says it will begin cracking down on them -- by sending them cease and desist notices.

An anonymous reader writes from a report via Ars Technica: Silicon Valley Business Journal reports that Google and LinkedIn have worked out a deal that will allow the two neighbors to swap a few million square feet of real estate. The deal will help give Google enough room to build its futuristic "canopy" campus. Ars Technica reports: "Google will receive all of LinkedIn's existing Mountain View territory, which consists of LinkedIn's 370,000-square-feet headquarters and almost eight acres of land LinkedIn had planned on turning into office space. LinkedIn will move a few miles across town into four office buildings currently owned by Google that come out to about 750,000 square feet of office space. LinkedIn instantly gets to double its office space while avoiding a costly 'five- to six-year' construction project, and Google gets the space and building rights it needs to build its crazy indoor/outdoor spiderweb canopy utopia. Google owns a huge chunk of land in Mountain View with many office buildings, but the buildings have all been hand-me-downs. In February 2015, Google announced plans to renovate its campus with an ambitious design featuring a large membrane covering configurable activity space. To expand, both LinkedIn and Google needed to compete for Mountain View's 2.2 million square feet of available commercial square footage. The city, fearing it would become an all-Google town, awarded the majority of the construction rights -- 1.4 million square feet -- to LinkedIn, leaving Google with nowhere to build its new headquarters. With the real estate swap, those construction rights go to Google, so the company now has all the space it asked for." Last month, Microsoft announced plans to acquired LinkedIn for $26.2 billion.

An anonymous reader shares an Ars Technica report: A recent study concludes what everybody already knows: nobody reads the lengthy terms of service and privacy policies that bombard Internet users every day. Nobody understands them. They're too long, and they often don't make sense. A study out this month made the point all too clear. Most of the 543 university students involved in the analysis didn't bother to read the terms of service before signing up for a fake social networking site called "NameDrop" that the students believed was real. Those who did glossed over important clauses. The terms of service required them to give up their first born, and if they don't yet have one, they get until 2050 to do so. The privacy policy said that their data would be given to the NSA and employers. Of the few participants who read those clauses, they signed up for the service anyway. "This brings us to the biggest lie on the Internet, which anecdotally, is known as 'I agree to these terms and conditions,'" the study found. The paper is called "The biggest lie on the Internet: Ignoring the privacy policies and terms of service policies of social networking services".This reminds me of a similar thing F-Secure security firm did in 2014. It asked London residents to give them their first child in exchange of free Wi-Fi access. The company, for the record, didn't collect any children.

An anonymous reader shares an Ars Technica report:Law enforcement agencies around the globe are reminding citizens to obey trespassing laws and follow common sense when playing Pokemon Go. The new crazy-popular mobile game has led to some frightening results in recent days, such as the location of a dead body and robberies of players in Missouri. Now, San Francisco Police Department Captain Raj Vaswani warned in one online posting for players to "obey traffic laws, please. Do not run into trees, meters, and things that are attached to the sidewalk; they hurt," he said. "Do not drive or ride your bike / skateboard / hipster techie device while interacting with the app. Know where your kids are going when playing with the app, set limits on where they can go, so they don't keep going trying to get that Pokemon."

An anonymous reader quotes a report from The Verge: The Federal Trade Commission has reached a settlement with Warner Bros. over claims that the publisher failed to disclose that it had paid prominent YouTubers for positive coverage of one of its video games. The FTC charge stated that Warner Bros. deceived customers by paying thousands of dollars to social media "influencers," including YouTube megastar PewDiePie, to cover Middle Earth: Shadow of Mordor without announcing that money had changed hands. Under the terms of the agreement, Warner Bros. is banned from failing to disclose similar deals in the future, and cannot pretend that sponsored videos and articles are actually the work of independent producers. Warner Bros.' deal with the influencers involved stated that they had to make at least one tweet or Facebook post about the game, as well as produce videos with a string of caveats to avoid showing it in a negative light. Those videos could not express negative opinions about the game or Warner Bros. itself, could not show any glitches or bugs, and must include "a strong verbal call-to-action to click the link in the description box for the viewer to go to the [game's] website to learn more about the [game], to learn how they can register, and to learn how to play the game," according to Ars Technica. Influencers were advised to disclose the video's sponsored status under YouTube's "Show More" section, but some did not, and the FTC says this would not have been enough to skirt the rules anyway, as the disclaimer would not have been visible on videos watched through Twitter, Facebook, or other social media sources.

Dan Goodin, reporting for Ars Technica: Over the past few months, a cluster of megabreaches has dumped account credentials for a mind-boggling 642 million accounts into the public domain, where they can then be used to compromise other accounts that are protected by the same password. Now, there's software that can streamline this vicious cycle by testing for reused passcodes on Facebook and other popular sites. Shard, as the command-line tool has been dubbed, is designed to allow end users to test if a password they use for one site is also used on Facebook, LinkedIn, Reddit, Twitter, or Instagram, its creator, Philip O'Keefe, told Ars. The security researcher said he developed the tool after discovering that the randomly generated eight-character password protecting several of his accounts was among the more than 177 million LinkedIn passwords that were leaked in May. "I used that password as a general password for many services," he wrote in an e-mail. "It was a pain to remember which sites it was shared and to change them all. I use a password manager now."

A federal grand jury has indicted "KYAnonymous" -- more than three years after FBI agents raided and searched his home -- and charged him under the Computer Fraud and Abuse Act. An anonymous Slashdot reader quotes an article from Ars Technica: After The New York Times published an account [late in 2012] of a horrific rape against a teenage girl in Steubenville, Ohio, an online vigilante campaign was started...the campaign targeted local officials who the vigilantes felt weren't prosecuting the rape investigation seriously because the alleged perpetrators were high school football players... Two teenage boys ended up being charged, and when the case went to trial in March 2013, the two were convicted of rape and sentenced to one to two years in prison.
The indictment says Deric Lostutter "knowingly and intentionally joined and voluntarily participated in a conspiracy" to "harass and intimidate and to gain publicity for their online identities," according to the Lexington Herald-Leader. "If convicted in the Kentucky case, Lostutter could face a maximum penalty of 16 years in prison (no more than five years on each of three counts, and one year on a fourth)..."

"The federal search warrant of Lostutter's home listed 'Guy Fawkes masks' among the items agents were looking for."

America's Federal Trade Commission is now investigating the "infidelity hookup site" Ashley Madison. In a possibly-related development, an anonymous reader writes: Ashley Madison's new executive team "admits that it used fembots to lure men into paying to join the site," reports Arts Technica. More than 75% of the site's customers were convinced to join by an army of 70,000 fembot accounts, "created in dozens of languages by data entry workers...told to populate these accounts with fake information and real photos posted by women who had shut down their accounts on Ashley Madison or other properties owned by Ashley Madison's parent company, Avid Life Media... In reality, that lady was a few lines of PHP... In internal company e-mails, executives discussed openly that only about five percent of the site's members were real females."
The company only abandoned the practice in 2015, and CNN also reports that for years, if the site's male customers complained, Ashley Madison "threatened to send paperwork to users' homes if they disputed their bills -- potentially revealing cheaters to their spouses," while one user complained that the site also automatically signed up customers for recurring billing. "We are not threatening you. We are laying the facts to you..." one e-mail read, while another warned that "We do fight all charge backs."

Google DeepMind has announced its second collaboration with the NHS, as part of which it will work with Moorfields Eye Hospital in east London to build a machine learning system which will eventually be able to recognise sight-threatening conditions from just a digital scan of the eye. The five-year research project will draw on one million anonymous eye scans which are held on Moorfields' patient database, reports Ars Technica, with the aim to speed up the complex and time-consuming process of analysing eye scans. From the report:The hope is that this will allow diagnoses of common causes of sight loss, like diabetic retinopathy and age-related macular degeneration, to be spotted more rapidly and hence be treated more effectively. For example, Google says that up to 98 percent of sight loss resulting from diabetes can be prevented by early detection and treatment. Two million people are already living with sight loss in the UK, of whom around 360,000 are registered as blind or partially-sighted. Google quotes estimates that the number of people suffering from sight loss in the UK will double by 2050. Improvements in detection and treatment would therefore have a major impact on the quality of life for large numbers of people in the UK and around the world.

Google isn't done with its victory over Oracle. Court filings suggest that Google will be filing a motion for sanctions against Oracle and its law firm, Orrick, Sutcliffe & Herrington. The Mountain View-based company is apparently irked that Oracle attorney disclosed the financial agreements between Google and Apple. From an Ars Technica report: Speaking in open court, Oracle attorney Annette Hurst said that Google's Android operating system had generated revenue of $31 billion and $22 billion in profit. She also disclosed that Google pays Apple $1 billion to keep Google's search bar on iPhones. "Look at the extraordinary magnitude of commerciality here," Hurst told a magistrate judge as she discussed the revenue figures. The $1 billion figure comes from a revenue-split that gives Apple a portion of the money that Google makes off searches that originate on iPhones. The revenue share figure was 34 percent, "at one point in time," according to Hurst. Google lawyers asked for the figure to be struck from the record. "That percentage just stated, that should be sealed," Google lawyer Robert Van Nest said, according to a transcript of the hearing. "We are talking hypotheticals here. That's not a publicly known number."

While anticipating new features in Java 9, developers also have other concerns, according to an anonymous Slashdot reader: ArsTechnica is reporting that Oracle has quietly pulled funding and development efforts away from Java EE, the server-side Java technology that is part of hundreds of thousands of Internet and business applications. Java EE even plays an integral role for many apps that aren't otherwise based on Java, and customers and partners have invested time and code. It wouldn't be the first time this has happened, but the implications are huge for Java as a platform.
"It's a dangerous game they're playing..." says one member of the Java Community Process Executive Committee. "It's amazing -- there's a company here that's making us miss Sun." Oracle's former Java evangelist even left the company in March and became a spokesman for the "Java EE Guardians," who have now created an online petition asking Oracle to "clarify" its intent and resume development or "transfer ownership of Java EE 8".

An anonymous reader writes from a report via Ars Technica: Frontier submitted a court filing last week supporting ATT's efforts to sue local governments in Louisville and Jefferson County, Kentucky to stop a new ordinance designed to give Google Fiber and similar companies access to utility poles. They're concerned the ordinances will spread to other states. Frontier's filing said, "the issues raised by the case may have important implications for Frontier's business and may impact the development of law in jurisdictions throughout the country where Frontier operates." The ordinance in Louisville lets companies like Google Fiber install wires even if ATT doesn't respond to requests or rejects requests to attach lines. Companies don't have to notify ATT when they want to move ATT's wires to make room for their own wires, assuming the work won't cause customer outages. ATT claims that the ordinance lets competitors "seize ATT's property." Frontier is urging the court to consider the nationwide implications of upholding Louisville's ordinance, saying Louisville's rule "is unprecedented" because "it drastically expands the rights of third parties to use privately owned utility poles, giving non-owners unfettered access to [a] utility's property without the [...] utility in some cases even having knowledge that such third-party intrusion on its facilities is occurring." Frontier said companies should be required to negotiation access with the owners if they didn't pay to install the utility poles. They urged the court to deny Louisville Metro's motion to dismiss ATT's complaint.

Jon Brodkin, reporting for Ars Technica:In a time when consumers routinely replace gadgets with new models after just two or three years, some products stand out for being built to last. Witness the Linksys WRT54GL, the famous wireless router that came out in 2005 and is still for sale. At first glance, there seems to be little reason to buy the WRT54GL in the year 2016. It uses the 802.11g Wi-Fi standard, which has been surpassed by 802.11n and 802.11ac. It delivers data over the crowded 2.4GHz frequency band and is limited to speeds of 54Mbps. You can buy a new router -- for less money -- and get the benefit of modern standards, expansion into the 5GHz band, and data rates more than 20 times higher. Despite all that, people still buy the WRT54GL in large enough numbers that Linksys continues to earn millions of dollars per year selling an 11-year-old product without ever changing its specs or design.

An anonymous reader shares an Ars Technica report: If you have about $400K to spare, IMAX's Private Theatre division will now build an IMAX cinema setup in your own home. The entry-level IMAX Private Theatre is the "Palais," which starts at about $400,000 for a screening room with up to 18 seats. For your money you get dual 4K 2D/3D projectors, a proprietary IMAX sound system, and a media playback system that supports everything you might want to throw at it (TV, games, Blu-ray, etc.) No word on the exact specifications of the projectors, but they're probably not IMAX-with-laser. Screen size will vary depending on the setup, but generally they will be 3 metres (10ft) tall or more. Stepping up to the "Platinum" IMAX home theatre for about $1 million gets you a much larger screening room with space for up to 40 people.

The Wi-Fi Alliance has announced its certification program for IEEE 802.11ac Wave 2, a technology that has been around on the market for more than a year. Wave 2 can deliver up to 6.8Gbps and lets an access point interact with more than one device at a time. Wave 2 features MIMO (or MU-MIMO) which improves the MIMO technology that lets Wi-FI transmit over more than one stream through the air. Wave 2 standard utilizes channels up to 160MHz wide (up from 80MHz channels available with Wave 1). It also creates more spatial streams and uses spectrum more efficiently, the industry group said on Wednesday. Ars Technica adds:On top of MU-MIMO, wider channels, and more streams, the Wi-Fi Alliance says Wave 2 features now being certified bring "support for a greater number of available channels in 5GHz," a change that "makes more efficient use of available spectrum and reduces interference and congestion by minimizing the number of networks operating on overlapping channels." You may have already noticed routers supporting some of these features, since the specification details have been available for a few years. In fact, routers with MU-MIMO started appearing in July 2014, and you can find routers that use 160MHz channels. The certification program takes a while to catch up with real-world implementations, but it ensures compatibility between devices and may spur faster adoption by vendors. End-user devices such as phones, tablets, and laptops must also be updated to take advantage of new features such as MU-MIMO.

The Wi-Fi Alliance has announced its certification program for IEEE 802.11ac Wave 2, a technology that has been around on the market for more than a year. Wave 2 can deliver up to 6.8Gbps and lets an access point interact with more than one device at a time. Wave 2 features MIMO (or MU-MIMO) which improves the MIMO technology that lets Wi-FI transmit over more than one stream through the air. Wave 2 standard utilizes channels up to 160MHz wide (up from 80MHz channels available with Wave 1). It also creates more spatial streams and uses spectrum more efficiently, the industry group said on Wednesday. Ars Technica adds:On top of MU-MIMO, wider channels, and more streams, the Wi-Fi Alliance says Wave 2 features now being certified bring "support for a greater number of available channels in 5GHz," a change that "makes more efficient use of available spectrum and reduces interference and congestion by minimizing the number of networks operating on overlapping channels." You may have already noticed routers supporting some of these features, since the specification details have been available for a few years. In fact, routers with MU-MIMO started appearing in July 2014, and you can find routers that use 160MHz channels. The certification program takes a while to catch up with real-world implementations, but it ensures compatibility between devices and may spur faster adoption by vendors. End-user devices such as phones, tablets, and laptops must also be updated to take advantage of new features such as MU-MIMO.

Google's Project Zero team has discovered a heap of critical vulnerabilities in Symantec and Norton security products. The flaws, the team says, allow hackers to completely compromise people's machines by simply sending them malicious self-replicating code through unopened emails or un-clicked links. According to a Fortune report, the vulnerabilities affect millions of people who run the company's endpoint security and antivirus software -- all 17 enterprise products (Symantec brand) and eight consumer and small business products (Norton brand). Dan Goodin, reporting for Ars Technica:The flaws reside in the engine the products use to reverse the compression tools malware developers use to conceal their malicious payloads. The unpackers work by parsing code contained in files before they're allowed to be downloaded or executed. Because Symantec runs the unpackers directly in the operating system kernel, errors can allow attackers to gain complete control over the vulnerable machine. Tavis Ormandy, a researcher with Google's Project Zero, said a better design would be for unpackers to run in a security "sandbox," which isolates untrusted code from sensitive parts of an operating system.

insitus quotes a report from Ars Technica: Xbox users who purchased training videos through the Xbox Fitness app probably thought they were buying a workout program they'd be able to use regularly for the life of the Xbox One, at the very least. Instead, those videos will soon be completely unavailable to those who paid for them up front, according to a "sunset" plan announced by Microsoft yesterday evening. Xbox Fitness first launched in late 2013 with the console, offering a Kinect-powered health app that uses the 3D camera to evaluate users' form as they perform the exercises demoed by on-screen video trainers. The app, which provided 30 basic routines for free with an Xbox Live Gold account, will be coming to an end on December 15. The paid content associated with the app will also no longer be available for purchase, and those who purchased it previously will be able to use it for over one more year before the app becomes completely unavailable to download or use on July 1, 2017. What some have found especially upsetting with the news is that Microsoft has yet to announce any plans to compensate users who have paid for content or to provide downloadable versions of paid workouts that can be used after the phase-out date. Thus, many upset users have taken to the sunset announcement post and various other outlets to speak their mind on the situation. "I bought 140$+ worth of content just this year... I don't want a refund, I want to be able to continue to use what I PAID for !!!!!!!!!!!" Xbox Live user QuickSilver wrote.

An anonymous reader writes:Whoever said crime doesn't pay didn't know about the booming ransomware market. A case in point, the latest version of the scourge known as CryptXXX, which raked in more than $45,000 in less than three weeks. Over the past few months, CryptXXX developers have gone back and forth with security researchers. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more. Then, CryptXXX developers would tweak their code to defeat the get-out-of-jail decryptor. The researchers would regain the upper hand by exploiting another weakness and so on. Earlier this month, the developers released a new CryptXXX variant that to date still has no decryptor available. Between June 4 and June 21, according to a blog post published Monday by security firm SentinelOne, the Bitcoin address associated with the new version had received 70 bitcoins, which at current prices is valued at around $45,228. The figure doesn't include revenue generated from previous campaigns.

An anonymous reader writes:Whoever said crime doesn't pay didn't know about the booming ransomware market. A case in point, the latest version of the scourge known as CryptXXX, which raked in more than $45,000 in less than three weeks. Over the past few months, CryptXXX developers have gone back and forth with security researchers. The whitehats from Kaspersky Lab provided a free tool that allowed victims to decrypt their precious data without paying the ransom, which typically reaches $500 or more. Then, CryptXXX developers would tweak their code to defeat the get-out-of-jail decryptor. The researchers would regain the upper hand by exploiting another weakness and so on. Earlier this month, the developers released a new CryptXXX variant that to date still has no decryptor available. Between June 4 and June 21, according to a blog post published Monday by security firm SentinelOne, the Bitcoin address associated with the new version had received 70 bitcoins, which at current prices is valued at around $45,228. The figure doesn't include revenue generated from previous campaigns.

An anonymous reader writes: "I had to be made an example of as a warning to all IT people," says former Megaupload programmer Andrew Nomm, one of seven Megaupload employees arrested in 2012. Friday his recent interview with an Estonian journalist was republished in English by Ars Technica (which notes that at one point the 50 million users on Megaupload's file-sharing site created 4% of the world's internet traffic). The 37-year-old programmer pleaded guilty to felony copyright infringement in exchange for a one-year-and-one-day sentence in a U.S. federal prison, which the U.S. Attorney General's office called "a significant step forward in the largest criminal copyright case in US history."

"It turned out that I was the only defendant in the last 29 years to voluntarily go from the Netherlands to the USA..." Nomm tells the interviewer, adding "I'll never get back the $40,000 that was seized by the USA." He describes his experience in the U.S. prison system after saying good-bye to his wife and 13-year-old son, adding that now "I have less trust in all sorts of state affairs, especially big countries. I saw the dark side of the American dream in all its glory..."
In U.S. court documents Nomm "acknowledged" that the financial harm to copyright holders "exceeded $400 million."

An anonymous reader writes: Microsoft's Surface 3 may be coming to an end. Brad Sams at Thurrott.com reports that many versions of the Surface 3 are listed as being out of stock in Microsoft's online store, with no expected availability. He notes that the only version in stock online is the version with 2GB RAM/64GB storage/LTE. There's more availability in-store, but stock appears to be limited overall. What this generally means is that manufacturing is slowing down or going to stop entirely. In a statement, Microsoft said: "Since launching Surface 3 over a year ago, we have seen strong demand and satisfaction amongst our customers. Inventory is now limited and by the end of December 2016, we will no longer manufacture Surface 3 devices." It's possible a Surface 3 successor is right around the corner, although Ars Technica notes "there hasn't even been the merest hint of a rumor about such a device." The Surface 3 is being powered by a Cherry Trail Atom processor, which hasn't seen a major upgrade or replacement since they were released in the first quarter of 2015. "Without new processors, there's little reason to update the Surface 3 line," writes Ars. Microsoft could equip the Surface 3 successor with a Core M processor, but the implications of that decision would likely cause the device's price to shoot up or cause the device's quality to significantly decrease. Microsoft may simply abandon the segment entirely and focus strictly on the Surface Pro line.

Dan Goodin, reporting for ArsTechnica:Researchers have detected a family of malicious apps, some that were available in Google Play, that contain malicious code capable of secretly rooting an estimated 90 percent of all Android phones. In a recently published blog post, antivirus provider Trend Micro said that Godless, as the malware family has been dubbed, contains a collection of rooting exploits that works against virtually any device running Android 5.1 or earlier. That accounts for an estimated 90 percent of all Android devices. Members of the family have been found in a variety of app stores, including Google Play, and have been installed on more than 850,000 devices worldwide. Godless has struck hardest at users in India, Indonesia, and Thailand, but so far less than 2 percent of those infected are in the US. Once an app with the malicious code is installed, it has the ability to pull from a vast repository of exploits to root the particular device it's running on. In that respect, the app functions something like the many available exploit kits that cause hacked websites to identify specific vulnerabilities in individual visitors' browsers and serve drive-by exploits.Affected apps that have been spotted in Google Play, Android's marquee app store, are largely flashlight, Wi-Fi apps, as well as copies of popular games.

An anonymous reader quotes a report from Ars Technica: Documents recently obtained by the conservative advocacy group Judicial Watch show that in December 2010, then-U.S. Secretary of State Hillary Clinton and her staff were having difficulty communicating with State Department officials by e-mail because spam filters were blocking their messages. To fix the problem, State Department IT turned the filters off -- potentially exposing State's employees to phishing attacks and other malicious e-mails. The mail problems prompted Clinton Chief of Staff Huma Abedin to suggest to Clinton (PDF), "We should talk about putting you on State e-mail or releasing your e-mail address to the department so you are not going to spam." Clinton replied, "Let's get [a] separate address or device but I don't want any risk of the personal [e-mail] being accessible." The mail filter system -- Trend Micro's ScanMail for Exchange 8 -- was apparently causing some messages from Clinton's private server (Clintonemail.com) to not be delivered (PDF). Some were "bounced;" others were accepted by the server but were quarantined and never delivered to the recipient. According to the e-mail thread published yesterday by Judicial Watch, State's IT team turned off both spam and antivirus filters on two "bridgehead" mail relay servers while waiting for a fix from Trend Micro. There was some doubt about whether Trend Micro would address the issue before State performed an upgrade to the latest version of the mail filtering software. A State Department contractor support tech confirmed that two filters needed to be shut off in order to temporarily fix the problem -- a measure that State's IT team took with some trepidation, because the filters had "blocked malicious content in the recent past." It's not clear from the thread that the issue was ever satisfactorily resolved, either with SMEX 8 or SMEX 10.

An anonymous reader quotes a report from Ars Technica: After six years of litigation, Sony is now agreeing to pay the price for its 2010 firmware update that removed support for the Linux operating system in the PlayStation 3. Sony and lawyers representing as many as 10 million console owners reached the deal on Friday. Under the terms of the accord, (PDF) which has not been approved by a California federal judge yet, gamers are eligible to receive $55 if they used Linux on the console. The proposed settlement, which will be vetted by a judge next month, also provides $9 to each console owner that bought a PS3 based on Sony's claims about "Other OS" functionality. Under the plan, gamers eligible for a cash payment are "all persons in the United States who purchased a Fat PS3 model in the United States between November 1, 2006, and April 1, 2010." The accord did not say how much it would cost Sony, but the entertainment company is expected to pay out millions. On March 28, 2010, Sony announced that the update would "disable the 'Install Other OS' feature that was available on the PS3 systems prior to the current slimmer models." This feature, Sony claimed, would be removed "due to security concerns." Sony did not detail those "concerns," but the litigation alleged piracy was behind the decision. A gamer can get the $55, but they "must attest under oath to their purchase of the product and installation of Linux, provide proof of their purchase or serial number and PlayStation Network Sign-in ID, and submit some proof of their use of the Other OS functionality." To get the $9, PS3 owners must submit a claim, at the time they bought their console, they "knew about the Other OS, relied upon the Other OS functionality, and intended to use the Other OS functionality." Alternatively, a gamer "must attest that he or she lost value and/or desired functionality or was otherwise injured as a consequence of Firmware Update 3.21 issued on April 1, 2010," to get $9.

An anonymous reader quotes a report from Ars Technica: After six years of litigation, Sony is now agreeing to pay the price for its 2010 firmware update that removed support for the Linux operating system in the PlayStation 3. Sony and lawyers representing as many as 10 million console owners reached the deal on Friday. Under the terms of the accord, (PDF) which has not been approved by a California federal judge yet, gamers are eligible to receive $55 if they used Linux on the console. The proposed settlement, which will be vetted by a judge next month, also provides $9 to each console owner that bought a PS3 based on Sony's claims about "Other OS" functionality. Under the plan, gamers eligible for a cash payment are "all persons in the United States who purchased a Fat PS3 model in the United States between November 1, 2006, and April 1, 2010." The accord did not say how much it would cost Sony, but the entertainment company is expected to pay out millions. On March 28, 2010, Sony announced that the update would "disable the 'Install Other OS' feature that was available on the PS3 systems prior to the current slimmer models." This feature, Sony claimed, would be removed "due to security concerns." Sony did not detail those "concerns," but the litigation alleged piracy was behind the decision. A gamer can get the $55, but they "must attest under oath to their purchase of the product and installation of Linux, provide proof of their purchase or serial number and PlayStation Network Sign-in ID, and submit some proof of their use of the Other OS functionality." To get the $9, PS3 owners must submit a claim, at the time they bought their console, they "knew about the Other OS, relied upon the Other OS functionality, and intended to use the Other OS functionality." Alternatively, a gamer "must attest that he or she lost value and/or desired functionality or was otherwise injured as a consequence of Firmware Update 3.21 issued on April 1, 2010," to get $9.

Mobile advertising firm InMobi will be paying a fine of $950,000 and revamp its services to resolve federal regulators' claims that it deceptively tracked locations of hundreds of millions of people, including children. Ars Technica reports:The US Federal Trade Commission alleged in a complaint filed Wednesday that Singapore-based InMobi undermined phone users' ability to make informed decisions about the collection of their location information. While InMobi claimed that its software collected geographical whereabouts only when end users provided opt-in consent, the software in fact used nearby Wi-Fi signals to infer locations when permission wasn't given, FTC officials alleged. InMobi then archived the location information and used it to push targeted advertisements to individual phone users. Specifically, the FTC alleged, InMobi collected nearby basic service set identification addresses, which act as unique serial numbers for wireless access points. The company, which thousands of Android and iOS app makers use to deliver ads to end users, then fed each BSSID into a "geocorder" database to infer the phone user's latitude and longitude, even when an end user hadn't provided permission for location to be tracked through the phone's dedicated location feature.

Found the $290 Kindle Oasis too expensive? Amazon has a new, familiar e-reader for you. On Wednesday, the e-commerce giant announced a new, more-affordable Kindle that is pretty much identical to the Kindle Paperwhite, but costs only $80. It comes in white as well as black, and has 512MB storage space (the Kindle Paperwhite sport a 256MB internal storage chip). From an Ars Technica report:In addition to the extra memory, the $80 Kindle will have a slightly thinner, lighter, and more rounded design than its predecessors. It will have a touchscreen display as well, but it won't be the 300 PPI screen that the $120 Kindle Paperwhite has (it will sport a 167 PPI display instead). Some reports also suggest that the new Kindle will come with Bluetooth support so blind readers can hook up a pair of wireless headphones to listen to books, along with a note-sending feature that will let you send yourself messages and highlights, which can be exported as PDFs or spreadsheets.