Slashdot Mirror

Nintendo is essentially restarting development on the highly anticipated Metroid Prime 4, saying the game as it currently exists "has not reached the standards we seek in a sequel to the Metroid Prime series." Ars Technica reports: The surprise announcement comes from Nintendo General Manager for Development Shinya Takahashi. He said in a YouTube video posted this morning that current Metroid Prime 4 producer Kensuke Tanabe will begin "collaborating" on the game with Retro Studios, the studio responsible for the original Metroid Prime trilogy. Tanabe has previously worked as producer on multiple Retro-developed Metroid Prime titles.

"The current development status of the game is very challenged and we have made a very difficult decision as a development team," Takahashi said in the subtitled video. "We have decided to reexamine the development structure and change it." "This change will essentially mean restarting development from the beginning, so the completion of the game will be delayed from our initial internal plan," Takahashi continued. "It will be a long road until the next time we will be able to update you on the development progress, and development time will be extensive."

An anonymous reader quotes a report from Ars Technica, written by Sean Gallagher: Want to be able to run classic Mac OS applications compiled for the Motorola 68000 series of processors on your ever-so-modern Mac OS X machine? Or maybe you'd rather run them on a Raspberry Pi, or an Android device for that matter? There's an emulation project that's trying to achieve just that: Advanced Mac Substitute (AMS). Advanced Mac Substitute is an effort by long-time Mac hacker Josh Juran to make it possible to run old Mac OS software (up to Mac OS 6) without a need for an Apple ROM or system software. Other emulators out there for 64000 Mac applications such as Basilisk II require a copy of MacOS installation media -- such as install CDs from Mac OS 7.5 or Mac OS 8. But AMS uses a set of software libraries that allow old Mac applications to launch right within the operating environment of the host device, without needing to have a full virtual hardware and operating system instance behind them. And it's all open source.

I got a demo of AMS from Juran at Shmoocon in Washington, DC, this past weekend. He showed me an early attempt at getting the game LoadRunner to work with the emulator -- it's not yet interactive. A version of the project, downloadable from Github, includes a "Welcome" screen application (a sort of Mac OS "hello world"), Mac Tic-Tac-Toe, and an animation of NyanCat. Applications are launched from the command line for now and are executed by the emulation software, which interprets the system and firmware calls. Unfortunately, there's still a lot of work to be done. While AMS works on Mac OS X up to version 10.12 -- both on Intel and PowerPC versions of the operating system -- the code currently won't compile on MacOS Mojave. And the Linux implementation of AMS does not yet support keyboard input. I was unable to get the front end to execute at all on Debian 9 on Intel.

An anonymous reader quotes a report from Ars Technica: Comcast's cable division spent 3 percent less on capital expenditures last year, despite promises that the repeal of net neutrality rules would boost broadband network investment. Comcast's cable division spent $7.95 billion on capital expenditures during calendar year 2017, but that fell to $7.72 billion in the 12 months ending on December 31, 2018. Comcast's overall capital expenditures went up 2.3 percent, from $9.6 billion in 2017 to $9.8 billion in 2018. But that company-wide capital expenditure number includes the Comcast-owned NBCUniversal, which spent $1.7 billion in 2018, a 15.2 percent increase, "primarily reflecting investment at Theme Parks," Comcast said.

The cable capital expenditure statistic thus provides a more accurate picture of whether Comcast increased or decreased investment in its broadband network. Cable capital expenditures as a percentage of Comcast's cable revenue dropped from 15 percent in 2017 to 14 percent in 2018. Comcast's network spending should have risen in 2018 if predictions from Federal Communications Commission Chairman Ajit Pai and Comcast had been correct. Pai's net neutrality repeal took effect in June 2018. But the vote to repeal net neutrality rules was in December 2017, and Pai claimed in February 2018 that the repeal was already causing increased broadband investment. While Comcast's cable capital expenditures did rise year over year in the fourth quarter, from $2.15 billion to $2.32 billion, it wasn't enough to offset the full-year decline. Ars Technology also notes: "The corporate tax cut implemented as 2018 began also didn't stop job cuts at Comcast and AT&T, despite promises that the tax cut would create new jobs."

An anonymous reader quotes a report from Ars Technica: Comcast's cable division spent 3 percent less on capital expenditures last year, despite promises that the repeal of net neutrality rules would boost broadband network investment. Comcast's cable division spent $7.95 billion on capital expenditures during calendar year 2017, but that fell to $7.72 billion in the 12 months ending on December 31, 2018. Comcast's overall capital expenditures went up 2.3 percent, from $9.6 billion in 2017 to $9.8 billion in 2018. But that company-wide capital expenditure number includes the Comcast-owned NBCUniversal, which spent $1.7 billion in 2018, a 15.2 percent increase, "primarily reflecting investment at Theme Parks," Comcast said.

The cable capital expenditure statistic thus provides a more accurate picture of whether Comcast increased or decreased investment in its broadband network. Cable capital expenditures as a percentage of Comcast's cable revenue dropped from 15 percent in 2017 to 14 percent in 2018. Comcast's network spending should have risen in 2018 if predictions from Federal Communications Commission Chairman Ajit Pai and Comcast had been correct. Pai's net neutrality repeal took effect in June 2018. But the vote to repeal net neutrality rules was in December 2017, and Pai claimed in February 2018 that the repeal was already causing increased broadband investment. While Comcast's cable capital expenditures did rise year over year in the fourth quarter, from $2.15 billion to $2.32 billion, it wasn't enough to offset the full-year decline. Ars Technology also notes: "The corporate tax cut implemented as 2018 began also didn't stop job cuts at Comcast and AT&T, despite promises that the tax cut would create new jobs."

An anonymous reader quotes a report from Ars Technica: Comcast's cable division spent 3 percent less on capital expenditures last year, despite promises that the repeal of net neutrality rules would boost broadband network investment. Comcast's cable division spent $7.95 billion on capital expenditures during calendar year 2017, but that fell to $7.72 billion in the 12 months ending on December 31, 2018. Comcast's overall capital expenditures went up 2.3 percent, from $9.6 billion in 2017 to $9.8 billion in 2018. But that company-wide capital expenditure number includes the Comcast-owned NBCUniversal, which spent $1.7 billion in 2018, a 15.2 percent increase, "primarily reflecting investment at Theme Parks," Comcast said.

The cable capital expenditure statistic thus provides a more accurate picture of whether Comcast increased or decreased investment in its broadband network. Cable capital expenditures as a percentage of Comcast's cable revenue dropped from 15 percent in 2017 to 14 percent in 2018. Comcast's network spending should have risen in 2018 if predictions from Federal Communications Commission Chairman Ajit Pai and Comcast had been correct. Pai's net neutrality repeal took effect in June 2018. But the vote to repeal net neutrality rules was in December 2017, and Pai claimed in February 2018 that the repeal was already causing increased broadband investment. While Comcast's cable capital expenditures did rise year over year in the fourth quarter, from $2.15 billion to $2.32 billion, it wasn't enough to offset the full-year decline. Ars Technology also notes: "The corporate tax cut implemented as 2018 began also didn't stop job cuts at Comcast and AT&T, despite promises that the tax cut would create new jobs."

Apple today pushed software updates for a range of its computing platforms. They are all minor releases that simply offer a few bug fixes and security updates, with no new features -- and there are no new features in any of the beta releases for these versions of the operating systems, either. From a report: iOS 12.1.3 fixes a scrolling bug in Messages, an iPad Pro-specific audio bug, and a graphical error in some photos, and it addresses some CarPlay disconnects experienced by owners of the three new iPhone models released in late 2018. It also fixes two minor bugs related to the company's HomePod smart speaker.

An anonymous reader quotes a report from Ars Technica: The Russian government agency responsible for censorship on the Internet has accused Facebook and Twitter of failing to comply with a law requiring all servers that store personal data to be located in Russia. Roskomnadzor, the Russian censorship agency, "said the social-media networks hadn't submitted any formal and specific plans or submitted an acceptable explanation of when they would meet the country's requirements that all servers used to store Russians' personal data be located in Russia," The Wall Street Journal reported today. Roskomnadzor said it sent letters to Facebook and Twitter on December 17, giving them 30 days to provide "a legally valid response." With the 30 days having passed, the agency said that "Today, Roskomnadzor begins administrative proceedings against both companies." The law went into effect in September 2015, but Russia has had trouble enforcing it. "At the moment, the only tools Russia has to enforce its data rules are fines that typically only come to a few thousand dollars or blocking the offending online services, which is an option fraught with technical difficulties," a Reuters article said today.

According to The Journal, "Facebook and Twitter could be fined for not providing information to the watchdog."

An anonymous reader quotes a report from Ars Technica: Malicious apps hosted in the Google Play market are trying a clever trick to avoid detection -- they monitor the motion-sensor input of an infected device before installing a powerful banking trojan to make sure it doesn't load on emulators researchers use to detect attacks. The thinking behind the monitoring is that sensors in real end-user devices will record motion as people use them. By contrast, emulators used by security researchers -- and possibly Google employees screening apps submitted to Play -- are less likely to use sensors. Two Google Play apps recently caught dropping the Anubis banking malware on infected devices would activate the payload only when motion was detected first. Otherwise, the trojan would remain dormant.

Security firm Trend Micro found the motion-activated dropper in two apps -- BatterySaverMobi, which had about 5,000 downloads, and Currency Converter, which had an unknown number of downloads. Google removed them once it learned they were malicious. The motion detection wasn't the only clever feature of the malicious apps. Once one of the apps installed Anubis on a device, the dropper used requests and responses over Twitter and Telegram to locate the required command and control server. Once Anubis was installed, it used a built-in keylogger that can steal users' account credentials. The malware can also obtain credentials by taking screenshots of the infected users' screen.

Last week, Ars Technica reported that Verizon's new "spam" fee for texts sent from teachers to students might stop working on the network because of a dispute over texting fees that Verizon demanded from Remind, the company that operates the service. Now, it appears that Verizon "has backed down from its original position slightly, and ongoing negotiations could allow the free texting service to continue," reports Ars. From the report: As we reported Monday, the dispute involves Verizon and Remind, which makes a communication service used by teachers and youth sports coaches. Verizon is charging an additional fee, saying the money will be used to fund spam-blocking services. The fee would increase Remind's costs for sending texts to Verizon users from a few hundred thousand dollars to several million dollars per year, Remind said. Remind said it would absorb the cost in order to continue providing the paid version of its service. But most of Remind's 30 million users rely on the free version of the service, and Remind said it could no longer provide free text message notifications over Verizon's network unless the fee is reversed.

Verizon issued an announcement today, titled "App provider Remind threatens to eliminate a free texting service for K-12 education organizations (which will cost it nothing)." The title reflects a new offer Verizon said it made on Tuesday, which would reverse the fee for K-12 users of the free Remind service. "Verizon will not charge Remind fees as long as they don't begin charging K-12 schools, educators, parents and students using its free text message service," Verizon said. "Despite this offer, made Tuesday, Remind has not changed its position that it will stop sending free texts to Verizon customers who use the service regarding school closures, classroom activities and other critical information." The report goes on to note that simply limiting the offer to K-12 users means the fee "would still be charged for preschools, day-care centers, and youth sports coaches who use the free Remind service."

An anonymous reader quotes a report from Ars Technica: Google is implementing major new Play Store rules for how Android's "SMS" and "Call Log" permissions are used. New Play Store rules will only allow certain types of apps to request phone call logs and SMS permissions, and any apps that don't fit into Google's predetermined use cases will be removed from the Play Store. The policy was first announced in October, and the policy kicks in and the ban hammer starts falling on non-compliant apps this week.

Google says the decision to police these permissions was made to protect user privacy. SMS and phone permissions can give an app access to a user's contacts and everyone they've ever called, in addition to allowing the app to contact premium phone numbers that can charge money directly to the user's cellular bill. Despite the power of these permissions, a surprising number of apps ask for SMS or phone access because they have other, more benign use cases. So to clean up the Play Store, Google's current plan seems to be to (1) build more limited, replacement APIs for these benign use cases that don't offer access to so much user data and (2) kick everyone off the Play Store who is still using the wide-ranging SMS and phone permissions for these more limited use cases. Google provides a help page that helps explain the new rules and offer workarounds for some use cases.

The Model 3 will be entered into Pwn2Own this year, the first time a car has been included in the annual high-profile hacking contest. The prize for the winning security researchers: a Model 3. TechCrunch reports: Pwn2Own, which is in its 12th year and run by Trend Micro's Zero Day Initiative, is known as one of the industry's toughest hacking contests. ZDI has awarded more than $4 million over the lifetime of the program. Pwn2Own's spring vulnerability research competition, Pwn2Own Vancouver, will be held March 20 to 22 and will feature five categories, including web browsers, virtualization software, enterprise applications, server-side software and the new automotive category. The targets, chosen by ZDI, include software products from Apple, Google, Microsoft, Mozilla, Oracle and VMware. And, of course, Tesla . Pwn2Own is run in conjunction with the CanSec West conference. There will be "more than $900,000 worth of prizes available for attacks that subvert a variety of [the Model 3's] onboard systems," reports Ars Technica. "The biggest prize will be $250,000 for hacks that execute code on the car's getaway, autopilot, or VCSEC."

"A gateway is the central hub that interconnects the car's powertrain, chassis, and other components and processes the data they send. The autopilot is a driver assistant feature that helps control lane changing, parking, and other driving functions. Short for Vehicle Controller Secondary, VCSEC is responsible for security functions, including the alarm."

An anonymous reader quotes a report from Ars Technica: There have long been anecdotal reports that the eyes of the Mona Lisa -- Renaissance artist Leonardo da Vinci's most famous painting -- sometimes seem to follow viewers as they move around the artwork. The phenomenon is even called the "Mona Lisa effect" because of it. But a new study published in the journal i-Perception found that she's really "looking" to the right-hand side of her audience. "There is no doubt about the existence of the Mona Lisa effect," the authors wrote. "It just does not occur with the Mona Lisa herself."

This was a small study, with just 24 subjects. All were asked to look at a high-resolution recreation of the Mona Lisa on a computer monitor, with a folding ruler placed between them and the screen to track viewing distance. Subjects would signal where they perceived Mona Lisa's gaze met the ruler. The researchers sampled 15 sections of the famous portrait, ranging from the Mona Lisa's full head to just her eyes and nose, and they showed subjects each image three times in random order. They also changed the ruler's distance from the monitor halfway through the sessions. Based on the more than 2,000 individual assessments, they found no evidence of the Mona Lisa effect with Leonardo's masterpiece. "We demonstrated that Mona Lisa gazes to her left-hand side [the viewer's right] from about 35.5 cm inside pictorial space, and 14.4 degrees to the viewer's right-hand side in real space," the authors wrote. "Thus, Mona Lisa does not fulfill the premise of the Mona Lisa effect. She does not gaze at the viewer."

Federal Communications Commission Chairman Ajit Pai refused to brief a Congressional committee Monday about mobile carriers' ability to share their subscribers' location data with third parties. From a report: House Commerce Committee Chairman Frank Pallone, Jr. (D-N.J.) asked Pai for an "emergency briefing" to explain why the FCC "has yet to end wireless carriers' unauthorized disclosure of consumers' real-time location data," and for an update on "what actions the FCC has taken to address this issue to date." Pai's FCC could take action, despite the 2017 repeal of the commission's broadband privacy rules. Phone carriers are legally required to protect "Customer Proprietary Network Information [CPNI]," and the FCC's definition of CPNI includes location data.

[...] Pai did not agree with Pallone, it turns out. "Today, FCC Chairman Ajit Pai refused to brief Energy and Commerce Committee staff on the real-time tracking of cell phone location[s]," Pallone said in a statement yesterday. "In a phone conversation today, his staff asserted that these egregious actions are not a threat to the safety of human life or property that the FCC will address during the Trump shutdown."

An anonymous reader quotes a report from Ars Technica: A free texting service used by teachers, students, and parents may stop working on the Verizon Wireless network because of a dispute over texting fees that Verizon demanded from the company that operates the service. As a result, teachers that use the service have been expressing their displeasure with Verizon. Remind -- the company that offers the classroom communication service -- criticized Verizon for charging the new fee. Remind said its service's text message notifications will stop working on the Verizon network on January 28 unless Verizon changes course. (Notifications sent via email or via Remind's mobile apps will continue to work.) The controversy cropped up shortly after a Federal Communications Commission decision that allowed U.S. carriers' text-messaging services to remain largely unregulated. Verizon says the fee must be charged to fund spam-blocking services. Remind said in a statement: "To offer our text-messaging service free of charge, Remind has always paid for each text that users receive or send. Now, Verizon is charging Remind an additional fee intended for companies that send spam over its network. Your Remind messages aren't spam, but that hasn't helped resolve the issue with Verizon. The fee will increase our cost of supporting text messaging to at least 11 times our current cost -- forcing us to end free Remind text messaging for the more than 7 million students, parents, and educators who have Verizon Wireless as their carrier."

An anonymous reader quotes a report from Ars Technica: Windows 7's five years of extended support will expire on January 14, 2020 -- exactly one year from today. After this date, security fixes will no longer be freely available for the operating system that's still widely used. As always, the end of free support does not mean the end of support entirely. Microsoft has long offered paid support options for its operating systems beyond their normal lifetime, and Windows 7 is no different. What is different is the way that paid support will be offered. For previous versions of Windows, companies had to enter into a support contract of some kind to continue to receive patches. For Windows 7, however, the extra patches will simply be an optional extra that can be added to an existing volume license subscription -- no separate support contract needed -- on a per-device basis. These Extended Security Updates (ESU) will be available for three years after the 2020 cut-off, with prices escalating each year.

An anonymous reader quotes a report from Ars Technica: A man attending this week's CES show in Las Vegas says that a lidar sensor from startup AEye has permanently damaged the sensor on his $1,998 Sony camera. Earlier this week, roboticist and entrepreneur Jit Ray Chowdhury snapped photos of a car at CES with AEye's lidar units on top. He discovered that every subsequent picture he took was marred by two bright purple spots, with horizontal and vertical lines emanating from them. "I noticed that all my pictures were having that spot," he told Ars by phone on Thursday evening. "I covered up the camera with the lens cap and the spots are there -- it's burned into the sensor." In an email to Ars Technica, AEye CEO Luis Dussan confirmed that AEye's lidars can cause damage to camera sensors -- though he stressed that they pose no danger to human eyes. "Cameras are up to 1000x more sensitive to lasers than eyeballs," Dussan wrote. "Occasionally, this can cause thermal damage to a camera's focal plane array." Chowdhury says that AEye has offered to buy him a new camera. The potential issue is that self-driving cars also rely on conventional cameras. "So if those lidars are not camera-safe, it won't just create a headache for people snapping pictures with handheld camera," reports Ars. "Lidar sensors could also damage the cameras on other self-driving cars."

"It's worth noting that companies like Alphabet's Waymo and GM's Cruise have been testing dozens of vehicles with lidar on public streets for more than a year," adds Ars. "People have taken many pictures of these cars, and as far as we know none of them have suffered camera damage. So most lidars being tested in public today do not seem to pose a significant risk to cameras."

Ben Klemens writes via Ars Technica: A landmark 2014 ruling by the Supreme Court called into question the validity of many software patents. In the wake of that ruling, countless broad software patents became invalid, dealing a blow to litigation-happy patent trolls nationwide. But this week the US Patent and Trademark Office (USPTO) proposed new rules that would make it easier to patent software. If those rules take effect, it could take us back to the bad old days when it was easy to get broad software patents -- and to sue companies that accidentally infringe them.

The Federal Circuit Appeals Court is the nation's highest patent court below the Supreme Court, and it is notoriously patent friendly. Ever since the Supreme Court's 2014 ruling, known as Alice v. CLS Bank, the Federal Circuit has worked to blunt the ruling's impact. In a 2016 ruling called Enfish, the Federal Circuit ruling took a single sentence from the Supreme Court's 2014 ruling and used it as the legal foundation for approving more software patents. This legal theory, known as the "technical effects doctrine," holds that software that improves the functioning of a computer should be eligible for a patent. A version of this rule has long held sway in Europe, but it has only recently started to have an impact in U.S. law.

This week, the Patent Office published a new draft of the section on examining software and other potentially abstract ideas in its Manual of Patent Examination Procedure (MPEP). This is the official document that helps patent examiners understand and interpret relevant legal principles. The latest version, drawing on recent Federal Circuit rulings, includes far tighter restrictions on what may be excluded from patentability. This matters because there's significant evidence that the proliferation of software patents during the 1990s and 2000s had a detrimental impact on innovation -- precisely the opposite of how patents are supposed to work.

AmiMoJo shares a report: "The US was already off track in meeting its Paris Agreement targets. The gap is even wider headed into 2019." That's the dire news from Rhodium Group, a research firm that released preliminary estimates of US carbon emissions in 2018. Though the Trump administration said it would exit the Paris Agreement in 2017, the US is still bound by the agreement to submit progress reports until 2020. But the administration has justified regulatory rollbacks since then, claiming that regulation from the US government is unnecessary because emissions were trending downward anyway. But it appears that emissions have increased 3.4 percent in 2018 across the US economy, the second-largest annual increase in 20 years, according to Rhodium Group's preliminary data. (2010, when the US started recovering from the recession, was the largest annual increase in the last two decades.)

This reversal of course -- the first increase in emissions in three years -- came from a few sources. Carbon emissions from the US electricity sector increased by 1.9 percent, largely because the installation of new natural gas plants has outpaced coal retirements. Cheap natural gas has been credited with killing coal, which is a dirtier fossil fuel in terms of emissions. But natural gas is a fossil fuel, too, and burning more natural gas than is needed to simply replace coal will result in more carbon emissions. But electricity wasn't the main culprit. Transportation was.

One of the 2019 TV models LG outlined at its CES press conference today was the LG Signature OLED TV R (65R9), which has a display that can roll up and disappear into its base when you're not using it. "LG calls the TV 'a revolutionary innovation that helps address the very human need for an aesthetically pleasing environment' and says it is 'redefining space' to offer unprecedented levels of 'immersion' and 'a new level of space integration,'" reports Ars Technica. From the report: LG says to expect picture quality on par with its just-announced 2019 4K OLED lineup. That means 120Hz and AI image processing using LG's new Alpha 9 Gen 2 CPU. The TV's base -- the same one it rolls into -- houses a 4.2-channel, 100-watt soundbar with Dolby Atmos support. Additionally, the TV doesn't have to scroll all the way in. As seen in one of the images at the start of this article, it can fold down to what LG calls "Line View." This has five modes: music, clock, frame, mood, and home dashboard. Music offers an interface for playing music from the base. Clock shows the time, date, and weather. Frame displays a scrolling line of photos streamed from your smartphone, which is the mode in the photo above. The mood mode is for aesthetics, and home dashboard will allow access to some of LG's usual TV software features. No price has been announced yet, but TechCrunch reports that it could cost more than the 8K TV LG announced last week, which will compete directly with Samsung's $15,000 8K offering. LG says the Signature OLED TV R will be available for purchase in the second half of the year.

The editors of Ars Technica have announced their annual "Deathwatch" list, identifying "companies, tech, and trends least likely to succeed in 2019." An anonymous reader quotes their report: The past year has been an absolute freefall for Essential.... The market was ultimately not impressed with the Essential phone, and the fire sales started almost immediately. Only two months after launch, the phone got a permanent $200 price drop, to $499. November saw deals as low as $399. Eventually, the $700 phone was discounted all the way down to $224, thanks to a mix of poor sales and a lack of consumer confidence in the company. A poorly selling phone was one thing, but things really started to look bad for Essential in May, when it was announced the company had cancelled the second generation Essential Phone. The first device took such a toll on the company that it was considering selling itself, and suddenly the future of Essential was in doubt.

While the phone was dead, in May the company said it was focusing on an upcoming smart home product and operating system. But by October, it announced that it was cutting 30 percent of its staff, and the company was pivoting away from smart home products and would try building a phone again. It will re-sell you a missing headphone jack, though. Essential's next phone -- if the company lasts that long -- is supposedly "an AI Phone That Texts People for You" according to Bloomberg. That sounds awful. On top of all that, Essential's CEO and founder Rubin has been the subject of a major sexual misconduct controversy at Google.
They also write that 2019 "is going to probably determine whether Facebook's management team will continue as it is -- or whether there's a stockholder rebellion, or a government lawsuit, or some combination of both that drives CEO Mark Zuckerberg and others out."

Also on their "Deathwatch" list are Snap, and Verizon's "AOL/Yahoo Frankenstein" -- but not Gwyneth Paltrow's Goop. "As much as we'd love to plop Goop on the 2019 Deathwatch, it is still just on our Deathwatch wish list. Goop is, in fact, thriving."

The editors of Ars Technica have announced their annual "Deathwatch" list, identifying "companies, tech, and trends least likely to succeed in 2019." An anonymous reader quotes their report: The past year has been an absolute freefall for Essential.... The market was ultimately not impressed with the Essential phone, and the fire sales started almost immediately. Only two months after launch, the phone got a permanent $200 price drop, to $499. November saw deals as low as $399. Eventually, the $700 phone was discounted all the way down to $224, thanks to a mix of poor sales and a lack of consumer confidence in the company. A poorly selling phone was one thing, but things really started to look bad for Essential in May, when it was announced the company had cancelled the second generation Essential Phone. The first device took such a toll on the company that it was considering selling itself, and suddenly the future of Essential was in doubt.

While the phone was dead, in May the company said it was focusing on an upcoming smart home product and operating system. But by October, it announced that it was cutting 30 percent of its staff, and the company was pivoting away from smart home products and would try building a phone again. It will re-sell you a missing headphone jack, though. Essential's next phone -- if the company lasts that long -- is supposedly "an AI Phone That Texts People for You" according to Bloomberg. That sounds awful. On top of all that, Essential's CEO and founder Rubin has been the subject of a major sexual misconduct controversy at Google.
They also write that 2019 "is going to probably determine whether Facebook's management team will continue as it is -- or whether there's a stockholder rebellion, or a government lawsuit, or some combination of both that drives CEO Mark Zuckerberg and others out."

Also on their "Deathwatch" list are Snap, and Verizon's "AOL/Yahoo Frankenstein" -- but not Gwyneth Paltrow's Goop. "As much as we'd love to plop Goop on the 2019 Deathwatch, it is still just on our Deathwatch wish list. Goop is, in fact, thriving."

The editors of Ars Technica have announced their annual "Deathwatch" list, identifying "companies, tech, and trends least likely to succeed in 2019." An anonymous reader quotes their report: The past year has been an absolute freefall for Essential.... The market was ultimately not impressed with the Essential phone, and the fire sales started almost immediately. Only two months after launch, the phone got a permanent $200 price drop, to $499. November saw deals as low as $399. Eventually, the $700 phone was discounted all the way down to $224, thanks to a mix of poor sales and a lack of consumer confidence in the company. A poorly selling phone was one thing, but things really started to look bad for Essential in May, when it was announced the company had cancelled the second generation Essential Phone. The first device took such a toll on the company that it was considering selling itself, and suddenly the future of Essential was in doubt.

While the phone was dead, in May the company said it was focusing on an upcoming smart home product and operating system. But by October, it announced that it was cutting 30 percent of its staff, and the company was pivoting away from smart home products and would try building a phone again. It will re-sell you a missing headphone jack, though. Essential's next phone -- if the company lasts that long -- is supposedly "an AI Phone That Texts People for You" according to Bloomberg. That sounds awful. On top of all that, Essential's CEO and founder Rubin has been the subject of a major sexual misconduct controversy at Google.
They also write that 2019 "is going to probably determine whether Facebook's management team will continue as it is -- or whether there's a stockholder rebellion, or a government lawsuit, or some combination of both that drives CEO Mark Zuckerberg and others out."

Also on their "Deathwatch" list are Snap, and Verizon's "AOL/Yahoo Frankenstein" -- but not Gwyneth Paltrow's Goop. "As much as we'd love to plop Goop on the 2019 Deathwatch, it is still just on our Deathwatch wish list. Goop is, in fact, thriving."

The editors of Ars Technica have announced their annual "Deathwatch" list, identifying "companies, tech, and trends least likely to succeed in 2019." An anonymous reader quotes their report: The past year has been an absolute freefall for Essential.... The market was ultimately not impressed with the Essential phone, and the fire sales started almost immediately. Only two months after launch, the phone got a permanent $200 price drop, to $499. November saw deals as low as $399. Eventually, the $700 phone was discounted all the way down to $224, thanks to a mix of poor sales and a lack of consumer confidence in the company. A poorly selling phone was one thing, but things really started to look bad for Essential in May, when it was announced the company had cancelled the second generation Essential Phone. The first device took such a toll on the company that it was considering selling itself, and suddenly the future of Essential was in doubt.

While the phone was dead, in May the company said it was focusing on an upcoming smart home product and operating system. But by October, it announced that it was cutting 30 percent of its staff, and the company was pivoting away from smart home products and would try building a phone again. It will re-sell you a missing headphone jack, though. Essential's next phone -- if the company lasts that long -- is supposedly "an AI Phone That Texts People for You" according to Bloomberg. That sounds awful. On top of all that, Essential's CEO and founder Rubin has been the subject of a major sexual misconduct controversy at Google.
They also write that 2019 "is going to probably determine whether Facebook's management team will continue as it is -- or whether there's a stockholder rebellion, or a government lawsuit, or some combination of both that drives CEO Mark Zuckerberg and others out."

Also on their "Deathwatch" list are Snap, and Verizon's "AOL/Yahoo Frankenstein" -- but not Gwyneth Paltrow's Goop. "As much as we'd love to plop Goop on the 2019 Deathwatch, it is still just on our Deathwatch wish list. Goop is, in fact, thriving."

An anonymous reader quotes a report from Ars Technica: A new lawsuit filed against Comcast details an extensive list of lies the cable company allegedly told customers in order to hide the full cost of service. Minnesota Attorney General Lori Swanson sued Comcast in Hennepin County District Court on December 21, seeking refunds for all customers who were harmed by Comcast's alleged violations of the state's Prevention of Consumer Fraud Act and Uniform Deceptive Trade Practices Act. The complaint alleges, among other things, that Comcast reps falsely told customers that the company's "Regional Sports Network (RSN)" and "Broadcast TV" fees were mandated by the government and not controlled by Comcast itself. These two fees, which are not included in Comcast's advertised rates, have gone up steadily and now total $18.25 a month.

Comcast has responded to some lawsuits -- including this one -- by saying that the company had already stopped the practices that triggered the court actions. But Minnesota says that Comcast's lies about the sports and broadcast fees continued into 2017, which is after Comcast knew about identical allegations raised in a separate class action complaint filed in 2016. (That case was settled out of court.) When contacted by Ars, a Comcast spokesperson yesterday said that "our policy is to be very clear to our customers about the broadcast TV and RSN fees and [tell them] that these are not government-mandated fees." But employees make mistakes, the Comcast spokesperson said. "Employees may go off script and incorrectly characterize things, but that is not in line with our policy because [the broadcast TV and sports charges] are not government-mandated fees," Comcast said. According to Massachusetts Attorney General Maura Healey, Comcast agreed in November to pay $700,000 in refunds "and cancel debts for more than 20,000 Massachusetts customers" to settle allegations that it used deceptive advertising to promote long-term cable contracts.

FCC Chairman Ajit Pai today thanked Congress for preventing the U.S. government from enforcing net neutrality rules. "The Pai-led Federal Communications Commission repealed Obama-era net neutrality rules, but the repeal could have been reversed by Congress if it acted before the end of its session," reports Ars Technica. "Democrats won a vote to reverse the repeal in the Senate but weren't able to get enough votes in the House of Representatives before time ran out." From the report: "I'm pleased that a strong bipartisan majority of the U.S. House of Representatives declined to reinstate heavy-handed Internet regulation," Pai said in a statement marking the deadline passage today. Pai claimed that broadband speed improvements and new fiber deployments in 2018 occurred because of his net neutrality repeal -- although speeds and fiber deployment also went in the right direction while net neutrality rules were in place. "Over the past year, the Internet has remained free and open," Pai said, adding that "the FCC's light-touch approach is working." Pai didn't mention a recent case in which CenturyLink temporarily blocked its customers' Internet access in order to show an ad or a recent research report accusing Sprint of throttling Skype (which Sprint denies).

An anonymous reader shares a report: An innovation at Caltech allows scientists to play a virtual "tic-tac-toe" game with individual strands of DNA, providing a new way to experiment with DNA sequencing and create custom patterns. According to ArsTechnica, the technique was dubbed "DNA Origami [paper; PDF]" by its creator Lulu Qian and is considered by Caltech fellows to be a "huge advancement" in the field of nanotechnology (manipulation of particles on a minute, atomic scale).

A series of auctions revealed that Facebook users value the company's service so highly that it would take on average more than $1,000 to convince them to deactivate their accounts for a year, according to a recent paper published in PLOS One. From a report: This doesn't mean much for the company's stock market valuation, but it's a good indicator that people find value in Facebook regardless of the many concerns raised recently. The paper started out as two separate studies. Jay Corrigan, an economist at Kenyon College, and his collaborator, Matt Rousu of Susquehanna University, were interested in a session on this topic at an upcoming conference. They discovered that Sean Cash (Tufts University) and Saleem Alhabash (Michigan State University) were doing something very similar.

Since the design of both studies was so complementary, they decided to combine their data and results into a single paper. Cash and Saleem had a larger sample for their part of the study and looked at a longer time period of one year, while Corrigan and Rosein focused on shorter time frames, asking subjects to quit Facebook for one day, three days, or seven days. The studies nonetheless had similar results.

schwit1 shares a report: Another year, another reason to take the promises of residential home batteries with a grain of salt. This month, a group of researchers from the University of California San Diego (UCSD) published a paper in Environmental Science and Technology reporting that there are very few cases in which operating a residential home battery reduces overall emissions -- assuming that households are economically rational and trying to minimize costs.

Of course, if the battery is only discharged during periods of peak emissions and only charged when fossil fuel use is low, then a household might reduce emissions. But across 16 representative regions, operating a battery this way ended up being costly. "There may be good reasons to decentralize the grid through ubiquitous installation of small RES [Residential Energy Storage], but cost-effective emissions control is not one of them at the moment," the researchers write.

Four months after a mysterious group was outed for a digital espionage operation that used novel techniques to target Mac users, its macOS malware samples continued to go undetected by most antivirus providers, a security researcher reported on Thursday. Ars Technica reports: Windshift is what researchers refer to as an APT -- short for "advanced persistent threat" -- that surveils individuals in the Middle East. The group operated in the shadows for two years until August, when Taha Karim, a researcher at security firm DarkMatter, profiled it at the Hack in the Box conference in Singapore. Slides, a brief description, and a report from Forbes are here, here and here, respectively.

On Thursday, Mac security expert Patrick Wardle published an analysis of Meeting_Agenda.zip, a file Karim had said installed the rare Mac malware. To Wardle's surprise, results from VirusTotal at the time showed that only two antivirus providers -- Kaspersky and ZoneAlarm -- detected the file as malicious. Wardle then used a feature that searched VirusTotal for related malicious files and found four more. Three of them weren't detected by any AV providers, while one was detected by only two providers. The reason the findings were so surprising is that Apple had already revoked the cryptographic certificate the developers used to digitally sign their malware. That meant Apple knew of the malware. In fairness, the control servers the malware contacts are no longer available on the Internet. That means any infected computers aren't in danger of being surveilled. Also in fairness, the number of detections has slowly risen in the day since Wardle published his analysis.

The American Civil Liberties Union, along with Privacy International, a similar organization based in the United Kingdom, have now sued 11 federal agencies, demanding records about how those agencies engage in what is often called "lawful hacking." From a report: The activist groups filed Freedom of Information Act requests to the FBI, the Drug Enforcement Agency, and nine others. None responded in a substantive way. "Law enforcement use of hacking presents a unique threat to individual privacy," the ACLU argues in its lawsuit, which was filed Friday in federal court in New York state. "Hacking can be used to obtain volumes of personal information about individuals that would never previously have been available to law enforcement."

DarkRookie2 shares a report from Ars Technica: Many users of Logitech's Harmony Hub smart home hub and remote were recently met with a nasty surprise. The device's latest firmware update, version 4.15.206, reportedly cuts off local access for Harmony Hubs. As a result, many users who created home automation and smart home systems using third-party APIs haven't been able to control many, and in some cases, all of their connected IoT devices. Logitech began pushing out firmware update 4.15.206 last week, its release notes stating that it addresses security and bug fixes. Users immediately flocked to Logitech's community forms to complain once they realized the systems they built up to control their smart home devices essentially became unresponsive. Users with Homeseer and Home Assistant APIs have reported parts of their systems broken, preventing them from controlling things like smart TVs, sound systems, and more using the Harmony Hub and its remote. In a statement to Ars, a Logitech representative confirmed that local access was removed in the latest Harmony Hub firmware update for security reasons: "The XMPP interface was used as part of the setup process and was pointed out as an insecure communication. We removed that interface as part of an effort to make to improve the Hub security. That interface was never designed to be used by third parties. The reason for the firmware update was to make the Harmony Hub more secure, therefore we do not have an official downgrade option. We recommend that users do not try to prevent the automatic firmware update process. We update the firmware as security issues are discovered, so users preventing the automatic firmware update process would not benefit from these future fixes."

An anonymous reader quotes a report from Ars Technica: T-Mobile has denied an allegation that it lied to the Federal Communications Commission about the extent of its 4G LTE coverage. A group that represents small rural carriers says that T-Mobile claimed to have 4G LTE coverage in places where it hadn't yet installed 4G equipment. That would violate FCC rules and potentially prevent small carriers from getting network construction money in unserved areas. T-Mobile said the allegations made by the Rural Wireless Association (RWA) in an FCC filing on Friday "are patently false."

"RWA's misrepresentations are part of an ongoing pattern of baseless allegations by the organization against T-Mobile designed to delay or thwart competition in rural America and deprive rural Americans of meaningful choice for broadband services," T-Mobile wrote. "The organization's repeated disregard for fact-based advocacy is a disrespectful waste of Commission time and resources." RWA members have conducted millions of speed tests at their own expense to determine whether the major carriers' coverage claims are correct. The RWA says both Verizon and T-Mobile have exaggerated coverage, and the FCC is taking the allegations seriously. FCC Chairman Ajit Pai announced last week that the FCC has begun an investigation and that a preliminary review of speed-test data "suggested significant violations of the Commission's rules." The FCC has not said which carrier or carriers violated the rules.

An anonymous reader quotes a report from Ars Technica: We seem to be on the cusp of a revolution in storage. Various technologies have been demonstrated that have speed approaching that of current RAM chips but can hold on to the memory when the power shuts off -- all without the long-term degradation that flash experiences. Some of these, like phase-change memory and Intel's Optane, have even made it to market. But, so far at least, issues with price and capacity have kept them from widespread adoption. But that hasn't discouraged researchers from continuing to look for the next greatest thing. In this week's edition, a joint NIST-Purdue University team has used a material that can form atomically thin sheets to make a new form of resistance-based memory. This material can be written in nanoseconds and hold on to that memory without power. The memory appears to work via a fundamentally different mechanism from previous resistance-RAM technologies, but there's a small hitch: we're not actually sure how it works. The two mechanisms used to change the resistance have been reported in the journal Nature Materials.

Iwastheone shares a report from Ars Technica's Peter Bright: With Microsoft's decision to end development of its own Web rendering engine and switch to Chromium, control over the Web has functionally been ceded to Google. That's a worrying turn of events, given the company's past behavior. Chrome itself has about 72 percent of the desktop-browser market share. Edge has about 4 percent. Opera, based on Chromium, has another 2 percent. The abandoned, no-longer-updated Internet Explorer has 5 percent, and Safari -- only available on macOS -- about 5 percent. When Microsoft's transition is complete, we're looking at a world where Chrome and Chrome-derivatives take about 80 percent of the market, with only Firefox, at 9 percent, actively maintained and available cross-platform.

The mobile story has stronger representation from Safari, thanks to the iPhone, but overall tells a similar story. Chrome has 53 percent directly, plus another 6 percent from Samsung Internet, another 5 percent from Opera, and another 2 percent from Android browser. Safari has about 22 percent, with the Chinese UC Browser sitting at about 9 percent. That's two-thirds of the mobile market going to Chrome and Chrome derivatives. In terms of raw percentages, Google won't have quite as big a lock on the browser space as Microsoft did with Internet Explorer -- Internet Explorer 6 peaked at around 80 percent, and all versions of Internet Explorer together may have reached as high as 95 percent. But Google's reach is, in practice, much greater: not only is the Web a substantially more important place today than it was in the early 2000s, but also there's a whole new mobile Web that operates in addition to the desktop Web. Google has deployed proprietary technology and left the rest of the industry playing catch-up, writes Peter. The company has "tried to push the Web into a Google-controlled proprietary direction to improve the performance of Google's online services when used in conjunction with Google's browser, consolidating Google's market positioning and putting everyone else at a disadvantage."

YouTube has been a particular source of problems. One example Peter provides has to do with a hidden, empty HTML element that was added to each YouTube video to disable Edge's hardware accelerated video decoding: "For no obvious reason, Google changed YouTube to add a hidden, empty HTML element that overlaid each video. This element disabled Edge's fastest, most efficient hardware accelerated video decoding. It hurt Edge's battery-life performance and took it below Chrome's. The change didn't improve Chrome's performance and didn't appear to serve any real purpose; it just hurt Edge, allowing Google to claim that Chrome's battery life was actually superior to Edge's. Microsoft asked Google if the company could remove the element, to no avail."

An anonymous reader quotes a report from Ars Technica: California telecom regulators have abandoned a plan to impose government fees on text-messaging services, saying that a recent Federal Communications Commission vote has limited its authority over text messaging. The FCC last week voted to classify text-messaging as an information service, rather than a telecommunications service. "Information service" is the same classification the FCC gave to broadband when it repealed net neutrality rules and claimed that states aren't allowed to impose their own net neutrality laws. California's legislature passed a net neutrality law anyway and is defending it in court. But the state's utility regulator chose not to challenge the FCC on regulation of text messaging. The California Public Utilities Commission (CPUC) was scheduled to consider the text-message fee proposal at a meeting next month but pulled the item off the agenda after the FCC action. "Under California law, telecommunications services are subject to the collection of surcharges to support a number of CPUC public programs that subsidize the cost of service for rural Californians and for low-income, disadvantaged communities, and provides special services for the deaf, the hard of hearing, and the disabled," the commission said in a statement Friday.

CenturyLink briefly disabled the Internet connections of customers in Utah last week and allowed them back online only after they acknowledged an offer to purchase filtering software. From a report: CenturyLink falsely claimed that it was required to do so by a Utah state law that says ISPs must notify customers "of the ability to block material harmful to minors." In fact, the new law requires only that ISPs notify customers of their filtering software options "in a conspicuous manner"; it does not say that the ISPs must disable Internet access until consumers acknowledge the notification. The law even says that ISPs may make the notification "with a consumer's bill," which shouldn't disable anyone's Internet access.

Coincidentally, CenturyLink's blocking of customer Internet access occurred days before the one-year anniversary of the Federal Communications Commission repeal of net neutrality rules, which prohibited blocking and throttling of Internet access. "Just had CenturyLink block my Internet and then inject this page into my browser... to advertise their paid filtering software to me," software engineer and Utah resident Rich Snapp tweeted on December 9. "Clicking OK on the notice then restored my Internet... this is NOT okay!"

CenturyLink briefly disabled the Internet connections of customers in Utah last week and allowed them back online only after they acknowledged an offer to purchase filtering software. From a report: CenturyLink falsely claimed that it was required to do so by a Utah state law that says ISPs must notify customers "of the ability to block material harmful to minors." In fact, the new law requires only that ISPs notify customers of their filtering software options "in a conspicuous manner"; it does not say that the ISPs must disable Internet access until consumers acknowledge the notification. The law even says that ISPs may make the notification "with a consumer's bill," which shouldn't disable anyone's Internet access.

Coincidentally, CenturyLink's blocking of customer Internet access occurred days before the one-year anniversary of the Federal Communications Commission repeal of net neutrality rules, which prohibited blocking and throttling of Internet access. "Just had CenturyLink block my Internet and then inject this page into my browser... to advertise their paid filtering software to me," software engineer and Utah resident Rich Snapp tweeted on December 9. "Clicking OK on the notice then restored my Internet... this is NOT okay!"

Thelasko quotes a report from Ars Technica: A half century ago, computer history took a giant leap when Douglas Engelbart -- then a mid-career 43-year-old engineer at Stanford Research Institute in the heart of Silicon Valley -- gave what has come to be known as the "mother of all demos." On December 9, 1968 at a computer conference in San Francisco, Engelbart showed off the first inklings of numerous technologies that we all now take for granted: video conferencing, a modern desktop-style user interface, word processing, hypertext, the mouse, collaborative editing, among many others. Even before his famous demonstration, Engelbart outlined his vision of the future more than a half-century ago in his historic 1962 paper, "Augmenting Human Intellect: A Conceptual Framework."

To open the 90-minute-long presentation, Engelbart posited a question that almost seems trivial to us in the early 21st century: "If in your office, you as an intellectual worker were supplied with a computer display, backed up by a computer that was alive for you all day, and was instantly responsible -- responsive -- to every action you had, how much value would you derive from that?" By 1968, Engelbart had created what he called the "oN-Line System," or NLS, a proto-Intranet. The ARPANET, the predecessor to the Internet itself, would not be established until late the following year.

CNET just published a fierce pro-net neutrality editorial co-authored by Nancy Pelosi, the soon-to-be Majority leader in the U.S. House of Representatives, with Mike Doyle, the expected Chairman of the House Subcommittee on Communications and Technology, and Frank Pallone, Jr. the expected Chairman of the House Energy and Commerce Committee.

The three representatives argue that "the Trump FCC ignored millions of comments from Americans pleading to keep strong net neutrality rules in place." The FCC's net neutrality repeal left the market for broadband internet access virtually lawless, giving ISPs an opening to control peoples' online activities at their discretion. Gone are rules that required ISPs to treat all internet traffic equally. Gone are rules that prevented ISPs from speeding up traffic of some websites for a fee or punishing others by slowing their traffic down....

Without the FCC acting as sheriff, it is unfortunately not surprising that big corporations have started exploring ways to change how consumers access the Internet in order to benefit their bottom line.... Research from independent analysts shows that nearly every mobile ISP is throttling at least one streaming video service or using discriminatory boosting practices. Wireless providers are openly throttling video traffic and charging consumers extra for watching high-definition streams. ISPs have rolled out internet plans that favor companies they are affiliated with, despite full-page ads swearing they value net neutrality. And most concerning, an ISP was found throttling so-called "unlimited" plans for a fire department during wildfires in California.

Make no mistake, these new practices are just ISPs sticking a toe in the water. Without an agency with the authority to investigate and punish unfair or discriminatory practices, ISPs will continue taking bolder and more blatantly anti-consumer steps. That is why we have fought over the past year to restore net neutrality rules and put a cop back on the ISP beat. In May, the U.S. Senate passed a bipartisan bill restoring net neutrality rules. Despite the support of a bipartisan majority of Americans, the Republican leadership of the U.S. House of Representatives refused our efforts to bring the bill to the floor for a vote.

Fortunately, the time is fast coming when the people's voices will be heard.
The editorial closes by arguing that "Large corporations will no longer be able to block progress on this important consumer protection issue."

DarkRookie2 shares a report from Ars Technica: Discord has announced that it will start taking a reduced, 10-percent cut from game revenues generated on its online store starting next year, one-upping the Epic Games Store and its recently announced 12-percent cut on the Epic Games Store. The move comes alongside a coming expansion of the Discord Games Store, which launched earlier this year with a tightly curated selection of games that now includes roughly 100 titles. The coming "self-serve publishing platform" will allow developers "no matter what size, from AAA to single-person teams" to access the Discord Store and the new 90-percent revenue share. "We talked to a lot of developers, and many of them feel that current stores are not earning their 30% of the usual 70/30 revenue share," Discord writes in the announcement. "Because of this, we now see developers creating their own stores and launchers to distribute their games instead of focusing on what's really important --making great games and cultivating amazing communities."

"Turns out, it does not cost 30% to distribute games in 2018," the announcement continues. "After doing some research, we discovered that we can build amazing developer tools, run them, and give developers the majority of the revenue share."

An anonymous reader quotes a report from Ars Technica: A recent phishing campaign targeting U.S. government officials, activists, and journalists is notable for using a technique that allowed the attackers to bypass two-factor authentication protections offered by services such as Gmail and Yahoo Mail, researchers said Thursday. The event underscores the risks of 2fa that relies on one-tap logins or one-time passwords, particularly if the latter are sent in SMS messages to phones.

Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that alerted the attackers in real time when targets viewed the messages. When targets entered passwords into a fake Gmail or Yahoo security page, the attackers would almost simultaneously enter the credentials into a real login page. In the event targets' accounts were protected by 2fa, the attackers redirected targets to a new page that requested a one-time password. "In other words, they check victims' usernames and passwords in realtime on their own servers, and even if 2 factor authentication such as text message, authenticator app or one-tap login are enabled they can trick targets and steal that information too," Certfa Lab researchers wrote. "We've seen [it] tried to bypass 2fa for Google Authenticator, but we are not sure they've managed to do such a thing or not," the Certfa representative wrote. "For sure, we know hackers have bypassed 2fa via SMS."

The FCC's Broadband Deployment Advisory Committee (BDAC), which includes members like AT&T, Comcast, Google Fiber, Sprint, and other ISPs and industry representatives, is proposing a tax on websites to pay for rural broadband. Ars Technica reports: If adopted by states, the recommended tax would apply to subscription-based retail services that require Internet access, such as Netflix, and to advertising-supported services that use the Internet, such as Google and Facebook. The tax would also apply to any small- or medium-sized business that charges subscription fees for online services or uses online advertising. The tax would also apply to any provider of broadband access, such as cable or wireless operators. The collected money would go into state rural broadband deployment funds that would help bring faster Internet access to sparsely populated areas. Similar universal service fees are already assessed on landline phone service and mobile phone service nationwide. Those phone fees contribute to federal programs such as the FCC's Connect America Fund, which pays AT&T and other carriers to deploy broadband in rural areas.

The BDAC tax proposal is part of a "State Model Code for Accelerating Broadband Infrastructure Deployment and Investment." Once finalized by the BDAC, each state would have the option of adopting the code. An AT&T executive who is on the FCC advisory committee argued that the recommended tax should apply even more broadly, to any business that benefits financially from broadband access in any way. The committee ultimately adopted a slightly more narrow recommendation that would apply the tax to subscription services and advertising-supported services only. The BDAC model code doesn't need approval from FCC commissioners -- "it is adopted by the BDAC as a model code for the states to use, at their discretion," Ajit Pai's spokesperson told Ars. As for how big the proposed taxes would be, the model code says that states "shall determine the appropriate State Universal Service assessment methodology and rate consistent with federal law and FCC policy."

An anonymous reader quotes a report from Ars Technica: Legislation to restore net neutrality rules now has 180 supporters in the U.S. House of Representatives, but that's 38 votes short of the amount needed before the end of the month. The Congressional Review Act (CRA) resolution, already approved by the Senate, would reverse the Federal Communications Commission's repeal of net neutrality rules. But 218 signatures from U.S. representatives (a majority) are needed to force a full vote in the House before Congress adjourns at the end of the year.

Net neutrality advocates previously said they needed 218 signatures by December 10 to force a vote. But an extension of Congress' session provided a little more time. "[Now that the Congressional session has officially been extended, members of Congress could be in town as late as December 21st," net neutrality advocacy group Fight for the Future wrote yesterday. "This means we have until the end of the year to get as many lawmakers as possible signed on to restore net neutrality." A discharge petition that would force a vote on the CRA resolution gained three new supports in the past two weeks, but even if all Democrats were on board it still wouldn't be enough to force a vote. Republicans have a 236-197 House majority, and only one House Republican has signed the petition.

A small Massachusetts town has rejected an offer from Comcast and instead plans to build a municipal fiber broadband network. From a report: Comcast offered to bring cable Internet to up to 96 percent of households in Charlemont in exchange for the town paying $462,123 plus interest toward infrastructure costs over 15 years. But Charlemont residents rejected the Comcast offer in a vote at a special town meeting Thursday. "The Comcast proposal would have saved the town about $1 million, but it would not be a town-owned broadband network," the Greenfield Recorder reported Friday.

"The defeated measure means that Charlemont will likely go forward with a $1.4 million municipal town network, as was approved by annual town meeting voters in 2015." About 160 residents voted, with 56 percent rejecting the Comcast offer, according to news reports.

According Veloz -- an electric car industry group -- electric vehicle sales in California hit a cumulative 512,717 since 2010. "Months of strong U.S. sales in 2018, preceded by a strong 2017, are starting to show a trend: electric vehicles are selling well, especially in places where there are strong monetary and non-monetary incentives to buy them," reports Ars Technica. From the report: "Overall, this year has seen exponential growth in electric car sales," Veloz wrote. "Electric cars accounted for 7.1 percent of California car sales in the first three quarters of the year, with fully electric, zero-emission car sales outpacing plug-in hybrid sales 4.1 percent to 3 percent respectively." Veloz's data tallies not just fully battery-electric vehicles but also plug-in hybrids as well as the much rarer fuel cell vehicles. The group gets its data (PDF) from the blogs InsideEVs and HybridCars.com as well as a market-research firm called Baum & Associates and estimates from the California Air Resources Board (CARB).

According to data from InsideEVs, the Tesla Model 3 was the top-selling electric vehicle model in the U.S. in November. In November alone, 18,650 of those vehicles were sold in the U.S. To its credit, Veloz's press release isn't too self-congratulatory. The group writes, "Veloz recognizes that, while electric car sales are increasing at a rapid clip, it is not happening fast enough to achieve the deep cuts in emissions that the state needs to achieve to protect people's health and curb negative impacts on the environment."

An anonymous reader quotes a report from Ars Technica: Four months after receiving a complaint claiming that Verizon "grossly overstated" its 4G LTE coverage in government filings, the Federal Communications Commission says that at least one carrier is apparently guilty of significant rules violations. The FCC did not name any specific carrier in its announcement and did not respond to our question about whether Verizon is among the carriers being investigated. But the investigation was apparently triggered by a complaint about Verizon filed in August by the Rural Wireless Association (RWA).

The RWA, which represents rural carriers, made its case to the FCC by submitting speed test data. The speed tests showed the Verizon network wasn't providing 4G LTE service in areas that Verizon claimed to cover, according to the RWA. Inaccurate coverage maps could make it difficult for rural carriers to get money from the Mobility Fund, a government fund intended for unserved areas. "A preliminary review of speed test data submitted through the challenge process suggested significant violations of the Commission's rules," FCC Chairman Ajit Pai said Friday in his announcement of the FCC investigation. The FCC said its investigation focuses on "whether one or more major carriers violated the Mobility Fund Phase II (MF-II) reverse auction's mapping rules and submitted incorrect coverage maps."

Google has launched Flutter 1.0, the first stable release of its open source, cross-platform UI toolkit and SDK. "Flutter lets developers share a single code base across Android and iOS apps, with a focus on speed and maintaining a native feel," reports Ars Technica. From the report: Flutter enables cross-platform app code by sidestepping the UI frameworks of both Android and iOS. Flutter apps run on the Flutter rendering engine and Flutter framework, which are shipped with every app. The Flutter platform handles communication with each OS and can spit out Android and iOS binaries with native-looking widgets and scrolling behavior if desired. It's kind of like applying a "video game" style of development to apps: if you write for a game engine like Unity or Unreal, those engines are packaged with your game, allowing it to run on multiple different platforms. It's the same deal with Flutter.

Flutter apps are written in Dart, and the SDK offers programmers nice quality-of-life benefits like the "stateful hot reload," a way to instantly make code changes appear in the emulator. For IDEs, there are plugins for Visual Studio Code, Android Studio, and IntelliJ. Apps come with their own set of Flutter UI widgets for Android and iOS, with the iOS widgets closely following Apple's guidelines and the Android widgets following Google's Material Design. Flutter is designed to be fast, with its custom app engine running on Google's hardware-accelerated Skia engine. This means 60fps apps on Android and iOS and a path for 120fps apps in the future. This is a bigger deal on Android than it is on iOS. The Google Ads app is already built on Flutter, which means Google "thinks Flutter is ready for prime time," writes Ron Amadeo. There's a list of other apps built on Flutter, too. Amadeo goes on to suggest that Flutter may be the path to Android's replacement. "Flutter ships its own app engine on Android and iOS, but in secret, Google is also developing an OS called 'Fuchsia' that runs these Flutter apps natively," writes Amadeo. "With Fuchsia, Google would switch from the Android apps written in Java to Flutter apps written in Dart..."

An anonymous reader quotes a report from Ars Technica: On Tuesday, New York City's Taxi and Limousine Commission voted to set a minimum pay rate for Uber, Lyft, and other on-demand ride-hailing drivers. The new rate will be set at $17.22 after expenses, or $26.51 per hour gross. New York is believed to be the first city in the nation to implement such a pay floor. Four months ago, the Big Apple also imposed a cap on the number of such vehicles in the city. The Independent Drivers Guild, a local affiliate of the Machinists Union, advocated for the change. Meanwhile, Uber has already put out a statement saying that increased driver earnings "will lead to higher than necessary fare increases" and that the new rules do not adequately take into account "incentives or bonuses forcing companies to raise rates even higher." "Today we brought desperately needed relief to 80,000 working families. All workers deserve the protection of a fair, livable wage and we are proud to be setting the new bar for contractor workers' rights in America," Jim Conigliaro, Jr., founder of the Independent Drivers Guild, said in a statement.

"[O]n Nov. 26 it was publicly revealed that a widely deployed open-source Node.js programming language module known as event-stream had been injected with malicious code that looked to steal cryptocurrency wallets," reports eWeek, adding "The event-stream library has over two million downloads."

An anonymous reader quotes Ars Technica: The backdoor came to light [November 20th] with this report from Github user Ayrton Sparling. Officials with the NPM, the open source project manager that hosted event-stream, didn't issue an advisory until six days later.... "This compromise was not targeting module developers in general or really even developers," an NPM official told Ars in an email. "It targeted a select few developers at a company, Copay, that had a very specific development environment set up. Even then, the payload itself didn't run on those developers' computers; rather, it would be packaged into a consumer-facing app when the developers built a release. The goal was to steal Bitcoin from this application's end users...."

According to the Github discussion that exposed the backdoor, the longtime event-stream developer no longer had time to provide updates. So several months ago, he accepted the help of an unknown developer. The new developer took care to keep the backdoor from being discovered. Besides being gradually implemented in stages, it also narrowly targeted only the Copay wallet app. The malicious code was also hard to spot because the flatmap-stream module was encrypted. The attack is the latest to exploit weaknesses in a widely used supply chain to target downstream end users... The supply-chain attacks show one of the weaknesses of open source code. Because of its openness and the lack of funds of many of its hobbyist developers and users, open source code can be subject to malicious modifications that often escape notice.
"The time has come," concludes Ars Technica, "for maintainers and users of open source software to devise new measures to better police the millions of packages being used all around us." Sophos' security blog also asks why so many developers "immediately and blindly trusted the new maintainer," and shared a concerned comment from developer named Chris Northwood.

"Nothing's stopping this happening again, and it's terrifying."

"[O]n Nov. 26 it was publicly revealed that a widely deployed open-source Node.js programming language module known as event-stream had been injected with malicious code that looked to steal cryptocurrency wallets," reports eWeek, adding "The event-stream library has over two million downloads."

An anonymous reader quotes Ars Technica: The backdoor came to light [November 20th] with this report from Github user Ayrton Sparling. Officials with the NPM, the open source project manager that hosted event-stream, didn't issue an advisory until six days later.... "This compromise was not targeting module developers in general or really even developers," an NPM official told Ars in an email. "It targeted a select few developers at a company, Copay, that had a very specific development environment set up. Even then, the payload itself didn't run on those developers' computers; rather, it would be packaged into a consumer-facing app when the developers built a release. The goal was to steal Bitcoin from this application's end users...."

According to the Github discussion that exposed the backdoor, the longtime event-stream developer no longer had time to provide updates. So several months ago, he accepted the help of an unknown developer. The new developer took care to keep the backdoor from being discovered. Besides being gradually implemented in stages, it also narrowly targeted only the Copay wallet app. The malicious code was also hard to spot because the flatmap-stream module was encrypted. The attack is the latest to exploit weaknesses in a widely used supply chain to target downstream end users... The supply-chain attacks show one of the weaknesses of open source code. Because of its openness and the lack of funds of many of its hobbyist developers and users, open source code can be subject to malicious modifications that often escape notice.
"The time has come," concludes Ars Technica, "for maintainers and users of open source software to devise new measures to better police the millions of packages being used all around us." Sophos' security blog also asks why so many developers "immediately and blindly trusted the new maintainer," and shared a concerned comment from developer named Chris Northwood.

"Nothing's stopping this happening again, and it's terrifying."