Slashdot Mirror

An anonymous reader writes "Open source operating systems vulnerable to the Shellshock bug have already pushed two patches to fix the vulnerability, but Apple has yet to issue one for Mac OS X. Ars Technica speculates that licensing issues may be giving Apple pause: "[T]he current [bash] version is released under the GNU Public License version 3 (GPLv3). Apple has avoided bundling GPLv3-licensed software because of its stricter license terms....Apple executives may feel they have to have their own developers make modifications to the bash code."" It's also worth noting that there are still flaws with the patches issued so far. Meanwhile, Fedora Magazine has published an easy-to-follow description of how Shellshock actually works. The Free Software Foundation has also issued a statement about Shellshock.

The recently disclosed bug in bash was bad enough as a theoretical exploit; now, reports Ars Technica, it could already be being used to launch real attacks. In a blog post yesterday, Robert Graham of Errata Security noted that someone is already using a massive Internet scan to locate vulnerable servers for attack. In a brief scan, he found over 3,000 servers that were vulnerable "just on port 80"—the Internet Protocol port used for normal Web Hypertext Transfer Protocol (HTTP) requests. And his scan broke after a short period, meaning that there could be vast numbers of other servers vulnerable. A Google search by Ars using advanced search parameters yielded over two billion web pages that at least partially fit the profile for the Shellshock exploit. More bad news: "[T]he initial fix for the issue still left Bash vulnerable to attack, according to a new US CERT National Vulnerability Database entry." And CNET is not the only one to say that Shellshock, which can affect Macs running OS X as well as Linux and Unix systems, could be worse than Heartbleed.

An anonymous reader writes Back in 2012, Google had made it mandatory for new Gmail users to simultaneously create Google+ (G+) accounts. This is no longer so. Following the departure of G+ founder Vic Gundotra in April 2014, Google has been quietly decoupling its social media site from its other services. First, YouTube was freed, then Google+ Photos. Now, anyone who wants to create a new Gmail account unencumbered with a G+ profile can also do so.

An anonymous reader writes "In a blog post, Kickstarter announced several updates to its terms of use for projects. From the article: "Kickstarter has iterated on its policies several times since it launched in 2009, with the most recent wave of revisions surrounding the site's transition from only posting projects cleared by the staff to clearing all projects that meet a basic set of criteria. Even still, some projects lack clear goals, encounter setbacks, or fail to deliver, like the myIDkey project that has burned through $3.5 million without yet to distributing a finished product. The most recent terms revision is timely: on Thursday, science fiction author Neal Stephenson announced that a game he Kickstarted in 2012 with $526,000 in funding was officially canceled."

HughPickens.com writes Ernesto reports at TorrentFreak that despite its massive presence the Pirate Bay doesn't have a giant server park but operates from the cloud, on virtual machines that can be quickly moved if needed. The site uses 21 "virtual machines" (VMs) hosted at different providers, up four machines from two years ago, in part due to the steady increase in traffic. Eight of the VMs are used for serving the web pages, searches take up another six machines, and the site's database currently runs on two VMs. The remaining five virtual machines are used for load balancing, statistics, the proxy site on port 80, torrent storage and for the controller. In total the VMs use 182 GB of RAM and 94 CPU cores. The total storage capacity is 620 GB. One interesting aspect of The Pirate Bay is that all virtual machines are hosted with commercial cloud hosting providers, who have no clue that The Pirate Bay is among their customers. "Moving to the cloud lets TPB move from country to country, crossing borders seamlessly without downtime. All the servers don't even have to be hosted with the same provider, or even on the same continent." All traffic goes through the load balancer, which masks what the other VMs are doing. This also means that none of the IP-addresses of the cloud hosting providers are publicly linked to TPB. For now, the most vulnerable spot appears to be the site's domain. Just last year TPB burnt through five separate domain names due to takedown threats from registrars. But then again, this doesn't appear to be much of a concern for TPB as the operators have dozens of alternative domain names standing by.

An anonymous reader writes Yelp has, for the past year or so, garnered a reputation for extorting businesses into paying for advertising on their site. Allegations include incessant calls for advertising contracts, automatic listing of a business, and suppressing good reviews should a business decide to opt out of paying Yelp for listing them. One small Italian trattoria, however, may have succeeded in flipping Yelp's legally sanctioned business practices in its favor. The owners of Botto Bistro in Redmond, CA, initially agreed to pay for advertising on Yelp one year ago apparently because they were tired of getting calls from Yelp's sales team. But even after buying advertising, the owners claim that they kept receiving calls. So they started a campaign to get as many one-star reviews as they could, even offering 25% discounts to customers. As of this writing they have 866, and a casual perusal of them reveals enthusiastic tongue-in-cheek support for the restaurant. One-star reviews, once Yelp's best scare tactic, is now this particular business's badge of quality. And they didn't even have to pay Yelp for it.

An anonymous reader writes On Thursday, a bipartisan law was introduced in the Senate that would limit US law enforcement's ability to obtain user data from US companies with servers physically located abroad. Law enforcement would still be able to gain access to those servers with a US warrant, but the warrant would be limited to data belonging to US citizens. This bill, called the LEADS Act (PDF), addresses concerns by the likes of Microsoft and other tech giants that worry about the impact law enforcement over-reach will have on their global businesses. Critics remain skeptical: "we are concerned about how the provision authorizing long-arm warrants for the accounts of US persons would be administered, and whether we could reasonably expect reciprocity from other nations on such an approach."

An anonymous reader writes A developer who goes by the handle Vladikoff has tweaked Google's App Runtime for Chrome (ARC) to allow any Android app to run on any major desktop operating system, not just the handful announced last week which were also limited to Chrome OS. His tweaked version of ARC is re-packaged as ARChon. The install isn't very straightforward, and you have to be in developer mode on Chrome. But there's a support forum on reddit. The extension will work on any OS running the desktop version of Chrome 37 and up as long as the user also installs chromeos-apk, which converts raw Android app packages (APKs) to a Chrome extension. Ars Technica reports that apps run this way are buggy, fast, and crash often but expresses optimism for when Google officially "opens the floodgates on the Play Store, putting 1.3 million Android apps onto nearly every platform."

An anonymous reader writes The Chinese e-commerce giant Alibaba has made headlines lately in US financial news. At the closing of its Initial Public Offering (IPO) on Friday, it had raised $21.8 billion on the New York Stock Exchange, larger even than Visa's ($17.9 billion), Facebook's ($16 billion), and General Motors ($15.8 billion) IPOs. Some critics do say that Alibaba's share price will plummet from its current value of $93.60 in the same way that Facebook's and Twitter's plummeted dramatically after initial offerings. Before we speculate, however, we should take note of what Alibaba is exactly. Beyond the likes of Amazon and eBay, Alibaba apparently links average consumers directly to manufacturers, which is handy for an economy ripe for change. Approximately half of Alibaba's shares "were sold to 25 investment firms", and "most of the shares went to US investors."

An anonymous reader writes On Wednesday at a hearing in front of the US House Committee on Small Business, FCC Chairman Tom Wheeler stated that for ISPs to be eligible for government broadband subsidies, they would have to deliver speeds of at least 10 Mbps. Said Wheeler: "What we are saying is we can't make the mistake of spending the people's money, which is what Universal Service is, to continue to subsidize something that's subpar." He further indicated that he would remedy the situation by the end of 2014. The broadband subsidies are collected through bill surcharges paid for by phone customers.

An anonymous reader writes: Apple is releasing iOS 8 today, and Ars Technica has posted one of their huge, thorough reviews of the updated operating system. They have this to say about the UI: "iOS 8 tries to fit a whole lot more stuff onto a single screen than iOS 7 did. The operating system was clearly developed in anticipation of iPhones with larger screens." The biggest new feature is Extensions: "Older versions of iOS limited what third-party applications could do to communicate with external services and other third-party applications. ... Extensions remove some (but not all) of those barriers." The biggest examples of extensions are custom keyboards, a feature iOS users have been requesting for years. Downsides to iOS 8 include increased storage and processing requirements, which are bad news for older iPhones, and a host of new bugs associated with the new features.

schwit1 writes NASA has chosen two companies to ferry astronauts to and from the International Space Station, and those companies are Boeing and SpaceX. This decision confirms that SpaceX is ready to go and gives the company the opportunity to finish the job, while also giving Boeing the chance to show that it can still compete. After NASA has certified that each company has successfully built its spacecraft, SpaceX and Boeing will each fly two to six missions. The certification process will be step-by-step, similar to the methods used in the cargo contracts, and will involve five milestones. The contracts will be paid incrementally as they meet these milestones. One milestone will be a manned flight to the ISS, with one NASA astronaut on board. Boeing will receive $4.2 billion, while SpaceX will get $2.6 billion. These awards were based on what the companies proposed and requested.

An anonymous reader writes: U.S. Supreme Court Justice Sonia Sotomayor spoke on Thursday to faculty and students at the University of Oklahoma City about the privacy perils brought on by modern technology. She warned that the march of technological progress comes with a need to enact privacy protections if we want to avoid living in an "Orwellian world" of constant surveillance. She said, "There are drones flying over the air randomly that are recording everything that's happening on what we consider our private property. That type of technology has to stimulate us to think about what is it that we cherish in privacy and how far we want to protect it and from whom. Because people think that it should be protected just against government intrusion, but I don't like the fact that someone I don't know can pick up, if they're a private citizen, one of these drones and fly it over my property."

An anonymous reader writes On Thursday, Google launched "App Runtime for Chrome (Beta)" which allows Android apps to run on Chrome OS without the need for porting. At the moment, only Duolingo, Evernote, Sight Words, and Vine are available on the platform with the rest of the Play Store's offerings to come later. Google "built an entire Android stack into Chrome OS using Native Client" in order to achieve this.

SternisheFan points out an article that walks us through the process of using forensic tools to grab data from iPhones and iCloud using forensic tools thought to have been employed in the recent celebrity photo leak. There are a number of ways to break into these devices and services depending on what kind of weakness an attacker has found. For example, if the attacked has possession of a target's iPhone, a simple command-line toolkit from Elcomsoft uses a jailbreak to bypass the iPhone's security. A different tool can extract iCloud data with access to a computer that has a local backup of a phone's data, or access to a computer that simply has stored credentials.

The discusses also details a method for spoofing device identification to convince iCloud to restore data to a device mimicking the target's phone. The author concludes, "Apple could go a long way toward protecting customer privacy just by adding a second credential to encrypt stored iCloud data. An encryption password could be used to decrypt the backup when downloaded to iTunes or to the device, or it could be used to decrypt the data as it is read by iCloud to stream down to the device."

SternisheFan points out an article that walks us through the process of using forensic tools to grab data from iPhones and iCloud using forensic tools thought to have been employed in the recent celebrity photo leak. There are a number of ways to break into these devices and services depending on what kind of weakness an attacker has found. For example, if the attacked has possession of a target's iPhone, a simple command-line toolkit from Elcomsoft uses a jailbreak to bypass the iPhone's security. A different tool can extract iCloud data with access to a computer that has a local backup of a phone's data, or access to a computer that simply has stored credentials.

The discusses also details a method for spoofing device identification to convince iCloud to restore data to a device mimicking the target's phone. The author concludes, "Apple could go a long way toward protecting customer privacy just by adding a second credential to encrypt stored iCloud data. An encryption password could be used to decrypt the backup when downloaded to iTunes or to the device, or it could be used to decrypt the data as it is read by iCloud to stream down to the device."

An anonymous reader writes: It's been taken for granted that science would, one day, figure out what parts of our DNA make us smart (or not). But a huge new study done by a group of almost 60 researchers using genome data on over 100,000 people has come up empty-handed. The scientists first looked for differences in the genome that correlated with academic achievement. After narrowing it down to 69 individual sites, they gave cognitive tests to separate group of 24,000 people and looked for evidence of difference at those same locations (abstract). Most of the sites weren't significantly different from chance — the (already weak) genetic influence of genes on height has an effect 20 times greater. On top of that, the three gene locations that did seem to have a stronger correlation weren't involved in development of the nervous system.

briancox2 writes Amazon has avoided releasing the Amazon Instant Video app that is on Fire and Kindle to the general Android market, even though the app has been available for some time on iOS. Now, after a workaround had allowed some users to install the app on Android by fiddling with permissions, Amazon has released the app to many devices calling it "Amazon Instant Video for Google TV". It's not clear yet which devices can run this app. Currently it is not available for older Samsung Galaxy lines, however the Nexus, a major competitor of Amazon's devices, can run the new app.

An anonymous reader writes: A District Attorney in Long Island, NY is stepping up efforts to combat distracted driving. Kathleen Rice says motorists who are caught texting while driving should have hardware or apps installed on their phone to prevent them from using it at all while driving. She likened such barriers to the ignition interlock devices that prevent people convicted of drunk driving from using their cars unless they're sober. "Hardware and software solutions that block texting during driving are currently produced by various manufacturers and software developers, and are constantly under development. The DA's office does not endorse any particular company and is in the process of reviewing specific solutions based on their features and services. Critical features include security measures to make the solutions tamper-proof, and data integrity measures to ensure accurate reporting to courts, law enforcement, parents, and guardians." New York is one of many states who already have laws banning all handheld use while driving.

An anonymous reader writes: Microsoft made news some weeks ago for refusing to hand over customer emails stored on its Dublin, Ireland servers to the U.S. government. The district judge presiding over the case agreed with the government and ordered Microsoft to comply with its demands. On Monday, Microsoft struck a deal with the U.S. government in which the company would be held on contempt charges but would not be penalized for it until after the outcome of an appeal. The district judge endorsed the agreement (PDF) on Thursday.

Today at Apple's September press conference, they announced the new iPhone 6 models. There are two of them — the iPhone 6 is 4.7" at 1334x750, and the iPhone 6 Plus is 5.5" at 1920x1080. Both phones are thinner than earlier models: 5S: 7.6mm, 6: 6.9mm, 6 Plus: 7.1mm. The phones have a new-generation chip, the 64-bit A8. Apple says the new phones have a 25% faster CPU, 50% faster GPU, and they're 50% more energy efficient (though they were careful to say the phones have "equal or better" battery life to the 5S). Apple upgrade the phones' wireless capabilities, moving voice calls to LTE and also enabling voice calls over Wi-Fi. The phones ship on September 19th, preceded by the release of iOS 8 on September 17th.

Apple also announced its entry into the payments market with "Apple Pay." They're trying to replace traditional credit card payments with holding an iPhone up to a scanner instead. It uses NFC and the iPhone's TouchID fingerprint scanner. Users can take a picture of their credit cards, and Apple Pay will gather payment information, encrypt it, and store it. (Apple won't have any of the information about users' credit cards or their purchases, and users will be able to disable the payment option through Find My iPhone if they lose the device.) Apple Pay will work with Visa, Mastercard, and American Express cards to start. 220,000 stores that support contactless payment will accept Apple Pay, and many apps are building direct shopping support for it. It will launch in October as an update for iOS 8, and work only on the new phones.

Apple capped off the conference with the announcement of the long-anticipated "Apple Watch." Their approach to UI is different from most smartwatch makers: Apple has preserved the dial often found on the side of analog watches, using it as a button and an input wheel. This "digital crown" enables features like zoom without obscuring the small screen with fingers. The screen is touch-sensitive and pressure sensitive, so software can respond to a light tap differently than a hard tap. The watch runs on a new, custom-designed chip called the S1, it has sensors to detect your pulse, and it has a microphone to receive and respond to voice commands. It's powered by a connector that has no exposed contacts — it magnetically seals to watch and charges inductively. The Apple Watch requires an iPhone of the following models to work: 6, 6Plus, 5s, 5c, 5. It will be available in early 2015, and will cost $349 for a base model.

Today at Apple's September press conference, they announced the new iPhone 6 models. There are two of them — the iPhone 6 is 4.7" at 1334x750, and the iPhone 6 Plus is 5.5" at 1920x1080. Both phones are thinner than earlier models: 5S: 7.6mm, 6: 6.9mm, 6 Plus: 7.1mm. The phones have a new-generation chip, the 64-bit A8. Apple says the new phones have a 25% faster CPU, 50% faster GPU, and they're 50% more energy efficient (though they were careful to say the phones have "equal or better" battery life to the 5S). Apple upgrade the phones' wireless capabilities, moving voice calls to LTE and also enabling voice calls over Wi-Fi. The phones ship on September 19th, preceded by the release of iOS 8 on September 17th.

Apple also announced its entry into the payments market with "Apple Pay." They're trying to replace traditional credit card payments with holding an iPhone up to a scanner instead. It uses NFC and the iPhone's TouchID fingerprint scanner. Users can take a picture of their credit cards, and Apple Pay will gather payment information, encrypt it, and store it. (Apple won't have any of the information about users' credit cards or their purchases, and users will be able to disable the payment option through Find My iPhone if they lose the device.) Apple Pay will work with Visa, Mastercard, and American Express cards to start. 220,000 stores that support contactless payment will accept Apple Pay, and many apps are building direct shopping support for it. It will launch in October as an update for iOS 8, and work only on the new phones.

Apple capped off the conference with the announcement of the long-anticipated "Apple Watch." Their approach to UI is different from most smartwatch makers: Apple has preserved the dial often found on the side of analog watches, using it as a button and an input wheel. This "digital crown" enables features like zoom without obscuring the small screen with fingers. The screen is touch-sensitive and pressure sensitive, so software can respond to a light tap differently than a hard tap. The watch runs on a new, custom-designed chip called the S1, it has sensors to detect your pulse, and it has a microphone to receive and respond to voice commands. It's powered by a connector that has no exposed contacts — it magnetically seals to watch and charges inductively. The Apple Watch requires an iPhone of the following models to work: 6, 6Plus, 5s, 5c, 5. It will be available in early 2015, and will cost $349 for a base model.

Today at Apple's September press conference, they announced the new iPhone 6 models. There are two of them — the iPhone 6 is 4.7" at 1334x750, and the iPhone 6 Plus is 5.5" at 1920x1080. Both phones are thinner than earlier models: 5S: 7.6mm, 6: 6.9mm, 6 Plus: 7.1mm. The phones have a new-generation chip, the 64-bit A8. Apple says the new phones have a 25% faster CPU, 50% faster GPU, and they're 50% more energy efficient (though they were careful to say the phones have "equal or better" battery life to the 5S). Apple upgrade the phones' wireless capabilities, moving voice calls to LTE and also enabling voice calls over Wi-Fi. The phones ship on September 19th, preceded by the release of iOS 8 on September 17th.

Apple also announced its entry into the payments market with "Apple Pay." They're trying to replace traditional credit card payments with holding an iPhone up to a scanner instead. It uses NFC and the iPhone's TouchID fingerprint scanner. Users can take a picture of their credit cards, and Apple Pay will gather payment information, encrypt it, and store it. (Apple won't have any of the information about users' credit cards or their purchases, and users will be able to disable the payment option through Find My iPhone if they lose the device.) Apple Pay will work with Visa, Mastercard, and American Express cards to start. 220,000 stores that support contactless payment will accept Apple Pay, and many apps are building direct shopping support for it. It will launch in October as an update for iOS 8, and work only on the new phones.

Apple capped off the conference with the announcement of the long-anticipated "Apple Watch." Their approach to UI is different from most smartwatch makers: Apple has preserved the dial often found on the side of analog watches, using it as a button and an input wheel. This "digital crown" enables features like zoom without obscuring the small screen with fingers. The screen is touch-sensitive and pressure sensitive, so software can respond to a light tap differently than a hard tap. The watch runs on a new, custom-designed chip called the S1, it has sensors to detect your pulse, and it has a microphone to receive and respond to voice commands. It's powered by a connector that has no exposed contacts — it magnetically seals to watch and charges inductively. The Apple Watch requires an iPhone of the following models to work: 6, 6Plus, 5s, 5c, 5. It will be available in early 2015, and will cost $349 for a base model.

An anonymous reader writes: For some time now, Comcast has setting up public Wi-Fi hotspots, some of which are run on the routers of paying subscribers. The public hotspots are free, but not without cost: Comcast uses JavaScript to inject self-promotional ads into the pages served to users. "Security implications of the use of JavaScript can be debated endlessly, but it is capable of performing all manner of malicious actions, including controlling authentication cookies and redirecting where user data is submitted. ... Even if Comcast doesn't have any malicious intent, and even if hackers don't access the JavaScript, the interaction of the JavaScript with websites could "create" security vulnerabilities in websites, [EFF technologist Seth Schoen] said. "Their code, or the interaction of code with other things, could potentially create new security vulnerabilities in sites that didn't have them," Schoen said."

An anonymous reader writes AT&T and Verizon have asked the FCC not to change the definition of broadband from 4Mbps to 10Mbps, contending that "10Mbps service exceeds what many Americans need today to enable basic, high-quality transmissions." From the article: "Individual cable companies did not submit comments to the FCC, but their representative, the National Cable & Telecommunications Association (NCTA), agrees with AT&T and Verizon. 'The Commission should not change the baseline broadband speed threshold from 4Mbps downstream and 1Mbps upstream because a 4/1 Mbps connection is still sufficient to perform the primary functions identified in section 706 [of the Telecommunications Act]—high-quality voice, video, and data,' the NCTA wrote."

nerdyalien writes From the article: "Fiction author Michael Crichton probably started the backlash against the idea of consensus in science. Crichton was rather notable for doubting the conclusions of climate scientists—he wrote an entire book in which they were the villains—so it's fair to say he wasn't thrilled when the field reached a consensus. Still, it's worth looking at what he said, if only because it's so painfully misguided: 'Let's be clear: the work of science has nothing whatever to do with consensus. Consensus is the business of politics. Science, on the contrary, requires only one investigator who happens to be right, which means that he or she has results that are verifiable by reference to the real world. In science consensus is irrelevant. What is relevant is reproducible results.'" As a STEM major, I am somewhat biased toward "strong" evidence side of the argument. However, the more I read literature from other, somewhat-related fields (i.e. psychology, economics and climate science), the more I felt they have little opportunity to repeat experiments, similar to counterparts in traditional hard science fields. Their accepted theories are based on limited historical occurrences and consensus among the scholars. Given the situation, it's important to understand what "consensus" really means.

nerdyalien writes with this story that explores the impact of reduced science funding on innovation in science. "There’s a current problem in biomedical research,” says American biochemist Robert Lefkowitz, winner of the 2012 Nobel Prize for Chemistry. “The emphasis is on doing things which are not risky. To have a grant proposal funded, you have to propose something and then present what is called preliminary data, which is basically evidence that you’ve already done what you’re proposing to do. If there’s any risk involved, then your proposal won’t be funded. So the entire system tends to encourage not particularly creative research, relatively descriptive and incremental changes which are incremental advances which you are certain to make but not change things very much."...There is no more important time for science to leverage its most creative minds in attempting to solve our global challenges. Although there have been massive increases in funding over the last few decades, the ideas and researchers that have been rewarded by the current peer-review system have tended to be safer, incremental, and established. If we want science to be its most innovative, it's not about finding brilliant, passionate creative scientists; it's about supporting the ones we already have.

davidshenba writes In the wake of leaked private photos of celebrities, 4chan has added Digital Millennium Copyright Act (DMCA) takedown policy to its rules and policies. Under this new policy, the site will remove any notified and verified "infringement." It is not clear how effective this could be, or how 4chan is going to handle the inflow of notifications to restrict the content provided by users.

An anonymous reader writes: The second of two lawsuits filed against the U.S. government regarding domestic mass surveillance, ACLU vs. Clapper, was heard on Tuesday by "a three-judge panel on the U.S. Court of Appeals for the 2nd Circuit." The proceeding took an unprecedented two hours (the norm is about 30 minutes), and C-SPAN was allowed to record the whole thing and make the footage available online (video). ACLU's lawyers argued that mass surveillance without warrants violates the 4th Amendment, while lawyers for the federal government argued that provisions within the Patriot Act that legalize mass surveillance without warrants have already been carefully considered and approved by all three branches of government. The judges have yet to issue their ruling.

nerdyalien writes: At some point, haven't all web developers spent an unjustifiable number of hours trying to optimize a desktop site for mobile devices? Responsive web design provides a solution: "develop once, works in every device." However, still it downloads multi-MB images and re-sizes them based on device screen resolution. Retrieving optimized images from the server, based on device (desktop, tablet, phone) and the device's internet connection (fiber, broadband, mobile), has always been an open problem. Recently, a number of freelance developers are tackling this with a new HTML element, <picture>, which informs the web browser to download optimized images from the server. The tag will be featured in Chrome and Firefox later this year. Will this finally deliver us faster web browsing on mobile devices and an easier web development experience?

An anonymous reader writes: New research shows that wireless routers are still quite vulnerable to attack if they don't use a good implementation of Wi-Fi Protected Setup. Bad implementations do a poor job of randomizing the key used to authenticate hardware PINs. Because of this, the new attack only requires a single guess at the hardware PIN to collect data necessary to break it. After a few hours to process the data, an attacker can access the router's WPS functionality. Two major router manufacturers are affected: Broadcom, and a manufacturer to be named once they get around to fixing it. "Because many router manufacturers use the reference software implementation as the basis for their customized router software, the problems affected the final products, Bongard said. Broadcom's reference implementation had poor randomization, while the second vendor used a special seed, or nonce, of zero, essentially eliminating any randomness."

An anonymous reader writes: A Los Angeles Superior Court judge has ruled that the Los Angeles Police Department is not required to hand over a week's worth of license plate reader data to the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF). He cited the potential of compromising criminal investigations and giving (un-charged) criminals the ability to determine whether or not they were being targeted by law enforcement (PDF). The ACLU and the EFF sought the data under the California Public Records Act, but the judge invoked Section 6254(f), "which protects investigatory files." ACLU attorney Peter Bibring notes, "New surveillance techniques may function better if people don't know about them, but that kind of secrecy is inconsistent with democratic policing."

An anonymous reader writes: On August 6, U.S. District Judge Anthony Trenga ordered the federal government to "explain why the government places U.S. citizens who haven't been convicted of any violent crimes on its no-fly database." Unsurprisingly, the federal government objected to the order, once more claiming that to divulge their no-fly list criteria would expose state secrets and thus pose a national security threat. When the judge said he would read the material privately, the government insisted that reading the material "would not assist the Court in deciding the pending Motion to Dismiss (PDF) because it is not an appropriate means to test the scope of the assertion of the State Secrets privilege." The federal government has until September 7 to comply with the judge's order unless the judge is swayed by the government's objection.

An anonymous reader writes with this Ars piece about the executive order that is the legal basis for the U.S. government's mass spying on citizens. One thing sits at the heart of what many consider a surveillance state within the US today. The problem does not begin with political systems that discourage transparency or technologies that can intercept everyday communications without notice. Like everything else in Washington, there's a legal basis for what many believe is extreme government overreach—in this case, it's Executive Order 12333, issued in 1981. “12333 is used to target foreigners abroad, and collection happens outside the US," whistleblower John Tye, a former State Department official, told Ars recently. "My complaint is not that they’re using it to target Americans, my complaint is that the volume of incidental collection on US persons is unconstitutional.” The document, known in government circles as "twelve triple three," gives incredible leeway to intelligence agencies sweeping up vast quantities of Americans' data. That data ranges from e-mail content to Facebook messages, from Skype chats to practically anything that passes over the Internet on an incidental basis. In other words, EO 12333 protects the tangential collection of Americans' data even when Americans aren't specifically targeted—otherwise it would be forbidden under the Foreign Intelligence Surveillance Act (FISA) of 1978.

An anonymous reader writes Earlier this year, Google sued Beneficial Innovations for breach of contract, ostensibly in defense of its Doubleclick ad technology clients against whom Beneficial Innovations had filed suits despite Google having already paid licensing fees for the technology. Following Google's jury trial win, the company was originally awarded only 'nominal damages of $1 and a judicial order stopping Beneficial from going after more Doubleclick customers.' Now, however, the presiding judge has ruled that Google is entitled to some attorneys' fees in the amount of $1.3 million (PDF).

mpicpp sends word that CenturyLink has accused Comcast of restricting competition in the development of internet infrastructure. CenturyLink asked the FCC to block the acquisition of Time Warner Cable to prevent Comcast from further abusing its size and power. For example, Comcast is urging local authorities to deny CenturyLink permission to build out new infrastructure if they can't reach all of a city's residents during the initial buildout. Of course, a full buildout into a brand new market is much more expensive than installing connections a bit at a time. Comcast argues that CenturyLink shouldn't be able to cherry-pick the wealthy neighborhoods and avoid the poor ones. CenturyLink points out that no other ISP complains about this, and says allowing the merger would let Comcast extend these tactics to regions currently operated by Time Warner Cable.

frdmfghtr (603968) writes Over at Ars Technica, there's a story about a bill in the Ohio legislature that wants to downplay the teaching of the scientific process. From the article: "Specifically prohibiting a discussion of the scientific process is a recipe for educational chaos. To begin with, it leaves the knowledge the kids will still receive—the things we have learned through science—completely unmoored from any indication of how that knowledge was generated or whether it's likely to be reliable. The scientific process is also useful in that it can help people understand the world around them and the information they're bombarded with; it can also help people assess the reliability of various sources of information." The science standards would have "...focus on academic and scientific knowledge rather than scientific processes; and prohibit political or religious interpretation of scientific facts in favor of another." Political interpretation of scientific facts include humans contributing to climate change according to the bill's sponsor, who also thinks intelligent design would be OK under the law.

mpicpp (3454017) writes with this excerpt from Ars Technica about Comcast's data caps that aren't data caps:Customers must pay more if they exceed limits — but it's not a cap, Comcast says. For the past couple of years, Comcast has been trying to convince journalists and the general public that it doesn't impose any "data caps" on its Internet service. ... That's despite the fact that Comcast in some cities enforces limits on the amount of data customers can use and issues financial penalties for using more than the allotment. Comcast has said this type of billing will probably roll out to its entire national footprint within five years, perhaps alongside a pricier option to buy unlimited data. ... Comcast's then-new approach was touted to "effectively offer unlimited usage of our services because customers will have the ability to buy as much data as they want."

Jason Koebler (3528235) writes American Commitment, a conservative group with strong ties to the Koch brothers has been bombarding inboxes with emails filled with disinformation and fearmongering in an attempt to start a "grassroots" campaign to kill net neutrality — at one point suggesting that "Marxists" think that preserving net neutrality is a good idea. American Commitment president Phil Kerpen suggests that reclassifying the internet as a public utility is the "first step in the fight to destroy American capitalism altogether" and says that the FCC is plotting a "federal Internet takeover," a move that "sounds more like a story coming out of China or Russia."

jones_supa (887896) writes Streaming game services always bump up against a hard latency limit based on the total round-trip time it takes to send user input to a remote server and receive a frame of game data from that server. To alleviate the situation, Microsoft Research has been developing a system called DeLorean (whitepaper) using predictive modeling to improve the experienced responsiveness of a game. By analyzing previous inputs in a Markov chain, DeLorean tries to predict the most likely choices for the user's next input and then generates speculative frames that fit those inputs and sends them back to the user. The caveat is that sending those extra predictive frames and information does add a bandwidth overhead of anywhere from 1.5 to 4 times that of a normal streaming game client. During testing the benefits were apparent, though. Even when the actual round-trip time between input and server response was 256 ms, double-blind testers reported both the gameplay responsiveness and graphical quality of the DeLorean system were comparable to a locally played version of the game.

Alleged Silk Road mastermind Ross Ulbricht now faces additional drug-related charges. Ars Technica gives a run-down on the run-down, and shows an array of driver's licenses that can't look good to a jury: According to a 17-page amended indictment filed late Thursday night, the government introduced one count of “narcotics trafficking,” of “distribution of narcotics by means of the Internet,” and of "conspiracy to traffic in fraudulent identification documents." Previously, Ulbricht was indicted in February 2014 on four formal criminal offenses: narcotics trafficking conspiracy, continuing criminal enterprise, computer hacking conspiracy, and money laundering conspiracy. Ulbricht pleaded not guilty to the previous charges, and he seems likely to plead not guilty to the new ones as well.

An anonymous reader notes coverage of research from the University of Michigan into the ease with which attackers can hack traffic lights. From the article: As is typical in large urban areas, the traffic lights in the subject city are networked in a tree-type topology, allowing them to pass information to and receive instruction from a central management point. The network is IP-based, with all the nodes (intersections and management computers) on a single subnet. In order to save on installation costs and increase flexibility, the traffic light system uses wireless radios rather than dedicated physical networking links for its communication infrastructure—and that’s the hole the research team exploited. ... The 5.8GHz network has no password and uses no encryption; with a proper radio in hand, joining is trivial. ... The research team quickly discovered that the debug port was open on the live controllers and could directly "read and write arbitrary memory locations, kill tasks, and even reboot the device (PDF)." Debug access to the system also let the researchers look at how the controller communicates to its attached devices—the traffic lights and intersection cameras. They quickly discovered that the control system’s communication was totally non-obfuscated and easy to understand—and easy to subvert.

tlhIngan writes Municipal broadband is in the news again — this time Chief of Staff Matthew Berry, speaking at the National Conference of State Legislatures, has endorsed states' right to ban municipal broadband networks and warned the (Democrat-led) FCC to not do anything that a future Republican led FCC would dislike. The argument is that municipal broadband discourages private investment in broadband communications, that taxpayer-funded projects are barriers to future infrastructure investment.

WheezyJoe writes: The Verge reports on leaked training manuals from Comcast, which show how selling services is a required part of the job, even for employees doing tech support. The so-called "4S training material" explicitly states that 20 percent of a call center employee's rating for a given call is dependent on effectively selling the customer new Comcast services. "There are pages of materials on 'probing' customers to ferret out upsell opportunities, as well as on batting aside customer objections to being told they need to buy something. 'We can certainly look at other options, but you would lose which you mentioned was important to you,' the guide suggests clumsily saying to an angry customer who doesn't want to buy any more Comcast services." Images of the leaked documents are available on the Verge, making for fun reading.

An anonymous reader writes Ars reports: "Delaware has become the first state in the U.S .to enact a law that ensures families' rights to access the digital assets of loved ones during incapacitation or after death." In other states, the social media accounts and email of people who die also die with them since the companies hosting those accounts are not obligated to transfer access even to the heirs of the deceased. In Delaware, however, this is no longer the case. The article notes that even if the deceased was a resident of another state, if his/her will is governed by Delaware law, his/her heirs will be allowed to avail of the new law and gain access to all digital assets of the deceased.

An anonymous reader writes "The former CEO of Redflex, a major red light camera vendor, and John Bills, former Managing Deputy Commissioner at the Department of Transportation, have been indicted on federal corruption charges stemming from a contract with the City of Chicago. According to the indictment, a friend of Bills was hired as a contractor and paid $2 million. Much of that money was then kicked back to Bills, who also got a Mercedes and a condominium via Redflex employees. The defendants are facing 23 counts including: mail fraud, wire fraud, and bribery. Each fraud count carries a maximum sentence of 20 years."

An anonymous reader writes "In an attempt to keep you from having to explain to your crazy relatives that despite what they read, Vice President Biden *didn't* get a grow light delivered to the White House under a fake name, Facebook is testing a "satire" tag on news feeds. A Facebook representative issued the following statement to Ars Technica: "We are running a small test which shows the text '[Satire]' in front of links to satirical articles in the related articles unit in News Feed. This is because we received feedback that people wanted a clearer way to distinguish satirical articles from others in these units."

An anonymous reader writes "Microsoft's Internet Explorer engineering team told a Reddit gathering that discussions about a name change have taken place and could happen again. From the article: "Microsoft has had "passionate" discussions about renaming Internet Explorer to distance the browser from its tarnished image, according to answers from members of the developer team given in a reddit Ask Me Anything session today. In spite of significant investment in the browser—with the result that Internet Explorer 11 is really quite good—many still regard the browser with contempt, soured on it by the lengthy period of neglect that came after the release of the once-dominant version 6. Microsoft has been working to court developers and get them to give the browser a second look, but the company still faces an uphill challenge."

An anonymous reader writes: As our CPU cores have packed more and more transistors into increasingly tiny spaces, we've run into problems with power, heat, and diminishing returns. Chip manufacturers have been working around these problems, but at some point, we're going to run into hard physical limits that we can't sidestep. Igor Markov from the University of Michigan has published a paper in Nature (abstract) laying out the limits we'll soon have to face. "Markov focuses on two issues he sees as the largest limits: energy and communication. The power consumption issue comes from the fact that the amount of energy used by existing circuit technology does not shrink in a way that's proportional to their shrinking physical dimensions. The primary result of this issue has been that lots of effort has been put into making sure that parts of the chip get shut down when they're not in use. But at the rate this is happening, the majority of a chip will have to be kept inactive at any given time, creating what Markov terms 'dark silicon.' Power use is proportional to the chip's operating voltage, and transistors simply cannot operate below a 200 milli-Volt level. ... The energy use issue is related to communication, in that most of the physical volume of a chip, and most of its energy consumption, is spent getting different areas to communicate with each other or with the rest of the computer. Here, we really are pushing physical limits. Even if signals in the chip were moving at the speed of light, a chip running above 5GHz wouldn't be able to transmit information from one side of the chip to the other."

Ars Technica reports that Elon Musk today wrote that Tesla will remove mileage limits on its warranty policy for all Tesla Model S drive units. The warranty, which will still span eight years, won't have a cap on the number of owners for each vehicle. People who purchased Teslas before today were told that the warranty period for the drive unit expired after eight years or once the car logged over 125,000 miles. The revised warranty applies to new vehicles and Model S cars that are already on the road. The article mentions that quite a few Tesla owners have had to have their drive units replaced; out of warranty, that runs about $15,000. Musk's announcement acknowledges that the change may cost the company some money, but says he's "confident it will work out well in the long run."