Slashdot Mirror

New submitter newfurniturey writes: A new Flash and JSONP attack combination has been revealed to the public today. It has been dubbed the "Rosetta Flash" attack. JSONP callback functions normally return a JSON blob wrapped in a user-specified callback function, which the browser will then execute as JavaScript. Nothing out of the ordinary here. However, the new attack has leveraged a method of crafting a Flash file to contain a restricted character set that's usable within JSONP callbacks (i.e. in a URL). By combining the two, the attack demonstrates it's possible to use a JSONP URL with the contents of the crafted Flash file as the callback function. When set as the data of a standard HTML object tag, the SWF file executes on the targeted site, bypassing all Same-Origin policies in place. Services such as Google, YouTube, Twitter, Tumblr and eBay were found vulnerable to this attack. Several of these services fixed the vulnerability with a patch prior to the public release, and Tumblr patched within hours of the release.

EthanV2 sends word that BlackBerry, having finally caught up to a world dominated by smartphones, is now trying to push the envelope by developing a smartphone with a square screen. The BlackBerry Passport has a 4.5-inch screen with a resolution of 1440x1440. The phone has a physical keyboard as well. In a blog post about the new phone, they show a picture with it side-by-side with an iPhone and a Galaxy S5 — the Passport is slightly taller than the iPhone, and significantly wider, as you'd expect. The Passport is a play for BlackBerry's "traditional" work-oriented user base, where the earlier BlackBerry Z10 and Z30 were efforts to break into the post-iPhone consumer smartphone space. Though the Passport may well be preferable for spreadsheets and word processing, that square screen will be much less useful for widescreen movies, and its wide, blocky design will entirely prohibit one-handed use. The Passport is expected to appear later this year, and it will launch with BlackBerry 10.3 (at least, according to early hands-on previews).

An anonymous reader writes with a story about a unique 500-mile-long high-speed optical cable project that runs along the Pacific seafloor. "The Juan de Fuca tectonic plate is by far one of the Earth's smallest. It spans just a few hundred kilometers of the Oregon, Washington, and British Columbia coast. But what the Juan de Fuca lacks in size it makes up for in connectivity. It's home to a unique, high-speed optical cabling that has snaked its way across the depths of the Pacific seafloor plate since late 2009. This link is called NEPTUNE—the North-East Pacific Time-Series Underwater Networked Experiment—and, at more than 800 kilometers (about 500 miles), it's about the same length as 40,000 subway cars connected in a single, long train. A team of scientists, researchers, and engineers from the not-for-profit group Oceans Network Canada maintains the network, which cost CAD $111 million to install and $17 million each year to maintain. But know that this isn't your typical undersea cable. For one, NEPTUNE doesn't traverse the ocean's expanse, but instead loops back to its starting point at shore. And though NEPTUNE is designed to facilitate the flow of information through the ocean, it also collects information about the ocean, ocean life, and the ocean floor."

An anonymous reader writes There's an independent agency within the U.S. government called the Privacy and Civil Liberties Oversight Board. Their job is to weigh the benefits of government actions — like stopping terrorist threats — against violations of citizens' rights that may result from those actions. As you might expect, the NSA scandal landed squarely in their laps, and they've compiled a report evaluating the surveillance methods. As the cynical among you might also expect, the Oversight Board gave the NSA a pass, saying that while their methods were "close to the line of constitutional reasonableness," they were used for good reason. In the completely non-binding 191-page report (PDF), they said, "With regard to the NSA's acquisition of 'about' communications [metadata], the Board concludes that the practice is largely an inevitable byproduct of the government's efforts to comprehensively acquire communications that are sent to or from its targets. Because of the manner in which the NSA conducts upstream collection, and the limits of its current technology, the NSA cannot completely eliminate 'about' communications from its collection without also eliminating a significant portion of the 'to/from' communications that it seeks."

An anonymous reader sends this report from Ars Technica: New York is shaping up as a major battleground for Comcast's proposed acquisition of Time Warner Cable. While the $45.2 billion merger will be scrutinized by federal officials, it also needs approval at the state level. TWC has 2.2 million cable TV, Internet, and phone customers in 1,150 New York communities, and hundreds of them have called on the New York Public Service Commission to block the sale to Comcast. Comcast doesn't compete against TWC for subscribers, and its territory in New York is limited but includes a VoIP phone service offered to residential and business customers in 10 communities. "Both Time Warner Cable and Comcast already have monopolies in each and every territory in which they do business today, and combining the companies will reinforce those individual territorial monopolies under a single corporate umbrella, with NBC-Universal thrown in to boot," resident Frank Brice argued in a comment to the PSC posted yesterday.

Ars Technica has spent some time with pre-production (but very nearly final) samples of the Blackphone, from Geeksphone and Silent Circle. They give it generally high marks; the hardware is mostly solid but not cutting edge, but the software it comes with distinguishes it from run-of-the-mill Android phones. Though it's based on Android, the PrivOS system in these phone offers fine grained permissions, and other software included with the phone makes it more secure both if someone has physical access to the phone (by encrypting files, among other things) and if communications between this phone and another are being eavesdropped on. A small taste: At first start up, Blackphone’s configuration wizard walks through getting the phone configured and secured. After picking a language and setting a password or PIN to unlock the phone itself, the wizard presents the option of encrypting the phone’s stored data with another password. If you decline to encrypt the phone’s mini-SD storage during setup, you’ll get the opportunity later (and in the release candidate version of the PrivOS we used, the phone continued to remind me about that opportunity each time I logged into it until I did). PrivOS’ main innovation is its Security Center, an interface that allows the user to explicitly control just what bits of hardware functionality and data each application on the phone has access to. It even provides control over the system-level applications—you can, if you wish for some reason, turn off the Camera app’s access to the camera hardware and turn off the Browser app’s access to networks.

jones_supa (887896) writes "IBM security researchers have published an advisory about an Android vulnerability that may allow attackers to obtain highly sensitive credentials, such as cryptographic keys for some banking services and virtual private networks, and PINs or patterns used to unlock vulnerable devices. It is estimated that the flaw affects 86 percent of Android devices. Android KeyStore has a little bug where the encode_key() routine that is called by encode_key_for_uid() can overflow the filename text buffer, because bounds checking is absent. The advisory says that Google has patched only version 4.4 of Android. There are several technical hurdles an attacker must overcome to successfully perform a stack overflow on Android, as these systems are fortified with modern NX and ASLR protections. The vulnerability is still considered to be serious, as it resides in one of the most sensitive resources of the operating system."

An anonymous reader writes Google's Advanced Technology and Projects (ATAP) group demonstrated Tango, a tablet with 3D cameras similar to Microsoft's Kinect and a version of the Ara phone that could almost boot to the Android home screen (it froze during the demo) at Google I/O today. Project Ara will give $100,000 to anyone who can create an Ara module that does something current smartphones can't. From the article: "Ara moved from concept render to physical mockup in about six months, and onstage today Google demonstrated a version of the phone that could just about boot to the Android home screen. In the demo above, the phone displayed a partial boot screen before freezing. The full boot time (had the demo worked as intended) would be about a minute, which would be a long time for a shipping phone but is reasonably impressive for such an early prototype. Software is the other thing that Ara's developers need to figure out. Current Android builds ship with support for the hardware the phone runs, but they don't include a whole bunch of extraneous drivers for other modems or Wi-Fi modules or cameras or SoCs. Current phone hardware doesn't change, so Android doesn't typically need to worry about this kind of thing."

Trailrunner7 (1100399) writes ... Security experts have been pounding the drum about the importance of encrypting not just data in transit, but information stored on laptops, phones, and portable drives. But the Massachusetts Supreme Judicial Court put a dent in that armor on Wednesday, ruling that a criminal defendant could be compelled to decrypt the contents of his laptops. The case centers on a lawyer who was arrested in 2009 for allegedly participating in a mortgage fraud scheme. The defendant, Leon I. Gelfgatt, admitted to Massachusetts state police that he had done work with a company called Baylor Holdings and that he encrypted his communications and the hard drives of all of his computers. He said that he could decrypt the computers seized from his home, but refused to do so. The MJSC, the highest court in Massachusetts, was considering the question of whether the act of entering the password to decrypt the contents of a computer was an act of self-incrimination, thereby violating Gelfgatt's Fifth Amendment rights. The ruling.

Last fall, Newegg lost a case against patent troll TQP for using SSL with RC4, despite arguments from Diffie of Diffie-Hellman key exchange. Intuit was also targeted by a lawsuit for infringing the same patent, and they were found not to be infringing. mpicpp (3454017) sends this excerpt from Ars: U.S. Circuit Judge William Bryson, sitting "by designation" in the Eastern District of Texas, has found in a summary judgment ruling (PDF) that the patent, owned by TQP Development, is not infringed by the two defendants remaining in the case, Intuit Corp. and Hertz Corp. In a separate ruling (PDF), Bryson rejected Intuit's arguments that the patent was invalid. Not a complete victory (a clearly bogus patent is still not invalidated), but it's a start.

mpicpp writes "Today, in advance of Google I/O, Nest has officially announced a new developer program and API that will allow other companies' smart devices to communicate with Nest's Protect smoke alarm and Learning Thermostat. Among the companies that Nest is partnering with for this initial publicity push are IFTTT, Jawbone, LIFX, Logitech, Mercedes-Benz, Whirlpool, Chamberlain, and Google itself—the latter two companies will release Nest-compatible features this fall, while the others are all available today.

An anonymous reader sends this report from Ars Technica: The Federal Aviation Administration has said that online shopping powerhouse Amazon may not employ drones to deliver packages, at least not anytime soon. The revelation was buried in an FAA document (PDF) unveiled Monday seeking public comment on its policy on drones, or what the agency calls "model aircraft." The FAA has maintained since at least 2007 that the commercial operation of drones is illegal. ... In Monday's announcement, published in the Federal Register, the FAA named Amazon's December proposal as an example of what is barred under regulations that allow the use of drones for hobby and recreational purposes. The agency did not mention Amazon Prime Air by name, but it didn't have to. Under a graphic that says what is barred, the FAA mentioned the "Delivering of packages to people for a fee." A footnote added, "If an individual offers free shipping in association with a purchase or other offer, FAA would construe the shipping to be in furtherance of a business purpose, and thus, the operation would not fall within the statutory requirement of recreation or hobby purpose."

mpicpp (3454017) points out this story illustrating the problem of betting on the differential between the price of deliverable bitcoin-mining hardware and the price of bitcoin itself: Yet another Bitcoin miner manufacturer, CoinTerra, now faces legal action for not fulfilling an order when it originally promised to. CoinTerra is the third Bitcoin-related startup to face litigation for breach of contract and/or fraud in recent months. The CoinTerra lawsuit was filed in late April 2014 by an Oakland, California-based man seeking to be the lead plaintiff in a proposed class-action lawsuit. Lautaro Cline, the suit alleges, purchased a TerraMiner IV in October 2013 for delivery by January 2014. The company promised, he claims, that this miner would operate at two terahashes per second and would consume 1,200 watts of power. It did neither. However, Cline's suit also claims that CoinTerra did not deliver the miner until February 2014, and it "operated well below the speed advertised and consumed significantly more power than CoinTerra represented, causing Plaintiff to suffer significant lost profits and opportunities."

An anonymous reader writes The U.S. Court of Appeals for the 2nd Circuit last week reversed a tax evasion conviction against an accountant because the government had used data from his computers that were seized under a warrant targeting different suspects. The Fourth Amendment, the court pointed out, "prevents the seizure of one thing under a warrant describing another." Law enforcement originally made copies of his hard drives and during off-site processing, separated his personal files from data related to the original warrant. However, 1.5 years later, the government sifted through his personal files and used what it found to build a case against him. The appeals court held that "[i]f the Government could seize and retain non-responsive electronic records indefinitely, so it could search them whenever it later developed probable cause, every warrant to search for particular electronic data would become, in essence, a general warrant," which the Fourth Amendment protects against. The EFF hopes that the outcome of this appeal will have implications for the NSA's dragnet surveillance practice.

mpicpp (3454017) writes with news that a dump of fare logs from NYC cabs resulted in trip details being leaked thanks to using an MD5 hash on input data with a very small key space and regular format. From the article: City officials released the data in response to a public records request and specifically obscured the drivers' hack license numbers and medallion numbers. ... Presumably, officials used the hashes to preserve the privacy of individual drivers since the records provide a detailed view of their locations and work performance over an extended period of time.

It turns out there's a significant flaw in the approach. Because both the medallion and hack numbers are structured in predictable patterns, it was trivial to run all possible iterations through the same MD5 algorithm and then compare the output to the data contained in the 20GB file. Software developer Vijay Pandurangan did just that, and in less than two hours he had completely de-anonymized all 173 million entries.

An anonymous reader writes with this interesting look at how Disney created realistic animatronic figures in a time before programming languages and systems on a chip. Animatronics have powered some of sci-fi and fantasy cinema's most imposing creatures and characters: The alien queen in Aliens, the Terminator in The Terminator, and Jaws of Jaws (the key to getting top billing in Hollywood: be a robot). Even beloved little E.T.—of E.T.: the Extra-Terrestrial—was a pile of aluminum, steel, and foam rubber capable of 150 robotic actions, including wrinkling its nose. But although animatronics is a treasured component of some of culture's farthest-reaching movies, it originated in much more mundane circumstances. According to the Disney archives, it began with a bird.

Among the things Walt Disney was renowned for was bringing animatronics (or what he termed at the time Audio-Animatronics) to big stages at his company and elsewhere. But Disney didn't discover or invent animatronics for entertainment use; rather, he found it in a store. In a video on Disney's site, Disney archivist Dave Smith tells a story of how one day in the early 1950s, while out shopping in New Orleans antique shop, Disney took note of a tiny cage with a tinier mechanical bird, bobbing its tail and wings while tweeting tunelessly. He bought the trinket and brought it back to his studio, where his technicians took the bird apart to see how it worked.

hypnosec writes A new movement dubbed the Open Wireless Movement is asking users to open up their private Wi-Fi networks to total strangers – a random act of kindness – with an aim of better securing networks and facilitating better use of finite broadband resources. The movement is supported by non-profit and pro-internet rights organizations like the Electronic Frontier Foundation (EFF), Mozilla, Open Rights Group, and Free Press among others. The EFF is planning to unveil one such innovation – Open Wireless Router – at the Hackers on Planet Earth (HOPE X) conference to be held next month on New York. This firmware will allow individuals to share their private Wi-Fi to total strangers to anyone without a password.

An anonymous reader writes: The U.S. House of Representatives voted late Thursday night, 293 to 123, to approve an amendment to the NSA's appropriations bill that cuts all funding for warrantless surveillance and for programs that force companies to create backdoors in their products. The success of this vote in the House is attributed to the fact that the amendment did not have to go through the House Judiciary and Intelligence Committees and also to the increasingly apparent unpopularity of NSA activities among voters. Although privacy advocates laud the vote, there are those who note that the amendment specifically applies to the NSA and CIA while remaining silent on other agencies such as the FBI. The appropriations bill in its entirety will now proceed to the Senate for approval."

Amazon has unveiled the Fire Phone. It runs a modified version of Android, and it will launch exclusively for AT&T's network. The screen is a 4.7" IPS LCD (they tested from 4.3" to 5.5", and decided 4.7" worked best for single-hand use), with an emphasis on brightness. It runs on a quad-core 2.2GHz processor with 2GB of RAM, and an Adreno 330 GPU. It has a rear-facing, 13-megapixel camera using an f/2.0 five-element lens with image stabilization. There's a dedicated physical button on the side of the phone that will turn it on and put it into camera mode when pressed. The phone comes with dual stereo speakers that produce virtual surround sound. Amazon wants the phone to be distinctive for its ability to provide video content, both from a hardware and software perspective.

The Fire Phone runs Mayday, Amazon's live tech support service for devices. They also demonstrated Firefly, software that recognizes physical objects using the phone's camera, as well as TV shows and songs it hears. It runs quickly, often identifying things in less than a second (and it pulls up an Amazon product listing, of course). It can even recognize art. Firefly has its own dedicated physical button on the phone, and Amazon is providing a Firefly SDK to third parties who want to develop with it. Another major feature of the Fire Phone is what Amazon calls "dynamic perspective." Using multiple front-facing cameras, the phone tracks the position of a user's head, and uses that to slightly adjust what's displayed on the screen so content is easier to see from the new angle. It allows for gesture control of the phone — for example, you can tilt the phone to scroll a web page or move your head slightly look around a 2-D stadium image when browsing for available seats. Putting your thumb on the screen acts like a mute button for the head tracking, so it isn't confused when you look up from the screen or turn your head to talk to somebody. It's an impressive piece of software, and they've made an SDK available for it.

mpicpp sends word that the Wikimedia Foundation is updating its Terms of Use to keep track of editors who are paid for the changes they make. This follows last fall's discovery that a small industry had arisen around public relations firms running Wikipedia editing campaigns for paying clients. The Foundation now says, "If you are paid to edit, you will need to disclose your paid editing to comply with the new Terms of Use. You need to add your affiliation to your edit summary, user page, or talk page, to fairly disclose your perspective. ... Specific policies on individual Wikimedia projects, or relevant laws in your country (such as those prohibiting fraudulent advertising), may require further disclosure or prohibit paid advocacy editing altogether." They add, "undisclosed paid advocacy editing is a black hat practice that can threaten the trust of Wikimedia’s volunteers and readers."

mpicpp (3454017) writes with news of amateur drones appearing at the World Cup, quoting Ars Technica: "France's World Cup soccer team has filed a complaint with FIFA, claiming that someone used a small unmanned aircraft to spy on the team's training camp near São Paulo, Brazil as players prepared for their match against Honduras Sunday, the BBC reports. The quadrocopter appears from video to be a Phantom II autonomous micro-drone with a video camera.

'Apparently, drones are being used more and more,' France's manager Didier Deschamps told the BBC. 'We don't want intrusion into our privacy. It's hard to fight.' Deschamps did not comment on who might be behind the surveillance but said in an interview with Football Italia that he believed the drone was operated by one of France's potential opponents or by a French news agency." Police later captured the drone operator, who claimed just to be a fan bitten by a bit too much curiosity.

An anonymous reader writes in with news that the IRS lost email scandal is far from over. Representative Steve Stockman (R-TX) has sent a formal letter to the National Security Agency asking it to hand over "all its metadata" on the e-mail accounts of a former division director at the Internal Revenue Service. "Your prompt cooperation in this matter will be greatly appreciated and will help establish how IRS and other personnel violated rights protected by the First Amendment," Stockman wrote on Friday. The request came hours after the IRS told a congressional committee that it had "lost" all of the former IRS Exempt Organizations division director's e-mails between January 2009 and April 2011.

walterbyrd (182728) writes "A list of hundreds of patents that Microsoft believes entitle it to royalties over Android phones, and perhaps smartphones in general, has been published on a Chinese language website. The patents Microsoft plans to wield against Android describe a range of technologies. They include lots of technologies developed at Microsoft, as well as patents that Microsoft acquired by participating in the Rockstar Consortium, which spent $4.5 billion on patents that were auctioned off after the Nortel bankruptcy."

An anonymous reader writes Ars Technica reports that for the first time in Bitcoin's five-year history, a single entity has repeatedly provided more than half of the total computational power required to mine new digital coins, in some cases for sustained periods of time. It's an event that, if it persists, signals the end of crypto currency's decentralized structure."

An anonymous reader writes The Federal Communications Commission (FCC) announced on Friday that it has successfully obtained the details regarding paid peering deals between Netflix and Comcast as well as Verizon and is working to obtain similar information for other video streamers and their respective ISP peers. The FCC's goal is, as they pointed out themselves, not to regulate as yet but to examine these deals with the goal of providing some transparency to the American public regarding the internet services they pay for. Verizon and Comcast issued statements expressing their willingness to be open about their peering activities and stressed that no regulation is required. The peering market 'has functioned effectively and efficiently for over two decades without government intervention,' Comcast claimed at a congressional hearing. The Free Press policy director nevertheless points out that 'when the FCC required reporting from AT&T after the company blocked Skype in 2009 and Google Voice in 2012, the disclosures revealed that AT&T was indeed misleading its customers.'

mpicpp (3454017) writes "Google is planning to release a new product called Google Fit that will aggregate health data from various devices and apps, according to a report Thursday from Forbes. Fit will use available APIs to pull biometric information together into one place, but it's unclear whether it will be a standalone app or part of the Android OS. Reports of Fit come on the heels of Apple's announcement of HealthKit in iOS 8, a system that also interacts with apps and APIs to curate and present health data like steps walked, calories consumed, and heart rates logged. Fit also follows the announcement of Sami, Samsung's health platform for culling health-related info."

mpicpp (3454017) writes with an update from Ars Technica to this story: "The Illinois man who made headlines when he was detained for parodying the town's mayor on Twitter sued the Peoria politician and local police, claiming on Thursday that his civil rights were violated. As part of the April raid, the authorities seized the mobile phone and laptop of the 29-year-old prankster, Jonathan Daniel, and reviewed their contents, which he says was in violation of his First Amendment rights. Daniel, the operator of the @peoriamayor handle shut down by Twitter after the city threatened a lawsuit, was initially accused of impersonating a public official in violation of Illinois law. The authorities never lodged charges, however."

ClownP writes with news that the U.S. Marshals Service is selling off 29,656.51306529 Bitcoins that were seized when the Silk Road website was shut down. At current exchange rates, they're worth around $17-18 million. The coins will be auctioned off in nine blocks of 3,000 coins, plus one block with the remainder. The USMS said that the first deadline for bidders will be 9am Eastern Time on June 16, 2014. All bidders must complete the government's Bidder Registration Form, which requires that you provide a copy of a government-issued ID as well as a $200,000 deposit sent by wire transfer from an American bank. The government added that the highest bidder will win, and he or she cannot finance its payment in installments — the winner must pay the full amount in cash. The USMS added one final stipulation. "The USMS will not sell to any person who is acting on behalf of or in concert with the Silk Road and/or Ross William Ulbricht, and bidders will be required to so certify," the USMS stated.

ectoman (594315) writes Proponents of patent reform in the United States glimpsed a potential victory late last year, when the House of Representatives passed H.R. 3309, the Innovation Act, designed to significantly mitigate patent abuse. Just months ago, however, the Senate pulled consideration of the bill. And since then, patent reform has been at a standstill. In a new analysis for Opensource.com, Mark Bohannon, Vice President of Corporate affairs and Global Public Policy at Red Hat, explains three reasons why. "For this year, at least," he writes, "the prospect of addressing abusive patent litigation through Congressional action is on ice"—despite the unavoidable case for reform.

First time accepted submitter sayhem (1842674) writes Various explanations for why we don't see aliens have been proposed—perhaps interstellar travel is impossible or maybe civilizations are always self-destructive. But with every new discovery of a potentially habitable planet, the Fermi Paradox becomes increasingly mysterious. There could be hundreds of millions of potentially habitable worlds in the Milky Way alone. This impression is only reinforced by the recent discovery of a "Mega-Earth," a rocky planet 17 times more massive than the Earth but with only a thin atmosphere. Previously, it was thought that worlds this large would hold onto an atmosphere so thick that their surfaces would experience uninhabitable temperatures and pressures. But if this isn't true, there is a whole new category of potentially habitable real estate in the cosmos.

An anonymous reader writes "Valve left many OEMs hanging when they delayed Steam machines until sometime next year to work out their controller issues. Many of these companies excitedly showed off new Steam machine hardware that they cannot ship, so Alienware has been the first to re-purpose its Debian-based Steam machine to be a Windows-based Steam machine bundled with an Xbox controller. While Windows 8.x has not been particularly well-received it does support a lot more games than Linux and when configured to boot straight into Steam Big Picture mode the influence of the underlying OS is visible only in the larger game library."

An anonymous reader writes "Valve left many OEMs hanging when they delayed Steam machines until sometime next year to work out their controller issues. Many of these companies excitedly showed off new Steam machine hardware that they cannot ship, so Alienware has been the first to re-purpose its Debian-based Steam machine to be a Windows-based Steam machine bundled with an Xbox controller. While Windows 8.x has not been particularly well-received it does support a lot more games than Linux and when configured to boot straight into Steam Big Picture mode the influence of the underlying OS is visible only in the larger game library."

mpicpp sends this report from Ars: A cinema chain announced Tuesday that it is now barring patrons from wearing Google Glass at its movie houses across the U.S. in a bid to clamp down on piracy. Alamo Drafthouse, which runs theaters in Colorado, Michigan, Missouri, Texas, Virginia, and soon in California, is among the first U.S. chains to ban Google's computerized eyewear. 'Google Glass is officially banned from @drafthouse auditoriums once lights dim for trailers,' the chain's chief executive, Tim League, tweeted. The decision comes as Google has made the eyewear readily available to the general public, and it follows a slew of incidents in which wearers of Google Glass have had brushes with the law.

mpicpp (3454017) writes with this excerpt from Ars: "The first man to be arrested in Chicago based on facial recognition analysis was sentenced last week to 22 years in prison for armed robbery. ... In February 2013, Pierre Martin robbed a man at gunpoint while on a Chicago Transit Authority (CTA) train. After taking the man's phone, Martin jumped off the train. However, his image was captured by CTA surveillance cameras and was then compared to the Chicago Police Department's database of 4.5 million criminal booking images. Martin, who already had priors, had a mugshot in the database. He was later positively identified by witnesses. At trial, Martin also admitted to committing a similar robbery also on the Pink Line in January 2013—his face was captured during both robberies."

mpicpp sends this news from Ars: 'A local New Hampshire police department agreed Thursday to pay a woman who was arrested and charged with wiretapping $57,000 to settle her civil rights lawsuit. The deal comes a week after a federal appeals court ruled that the public has a "First Amendment" right to film cops. The plaintiff in the case, Carla Gericke, was arrested on wiretapping allegations in 2010 for filming her friend being pulled over by the Weare Police Department during a late-night traffic stop. Although Gericke was never brought to trial, she sued, alleging that her arrest constituted retaliatory prosecution in breach of her constitutional rights. The department, without admitting wrongdoing, settled Thursday in a move that the woman's attorney speculated would deter future police "retaliation." ... The First US Circuit Court of Appeals ruled (PDF) in Gericke's case last week that she was "exercising a clearly established First Amendment right when she attempted to film the traffic stop in the absence of a police order to stop filming or leave the area."

mpicpp (3454017) writes with this news from Ars Technica: 'Europeans may browse the Internet without fear of infringing copyrights, as the EU Court of Justice ruled Thursday in a decision that ends a four-year legal battle threatening the open Internet. It was the European top court's second wide-ranging cyber ruling in less than a month. The court ruled May 13 that Europeans had a so-called "right to be forgotten" requiring Google to delete "inadequate" and "irrelevant" data upon requests from the public. That decision is spurring thousands of removal requests. In this week's case, the court slapped down the Newspaper Licensing Agency's (NLA) claim that the technological underpinnings of Web surfing amounted to infringement. The court ruled that "on-screen copies and the cached copies made by an end-user in the course of viewing a website satisfy the conditions" of infringement exemptions spelled out in the EU Copyright Directive. The NLA's opponent in the case was the Public Relations Consultants Association (PRCA). The PR group hailed the decision.'

An anonymous reader writes "In a recent segment of his new HBO show, Last Week Tonight, comedian John Oliver delivered a commentary (video) on the current net neutrality debate. He ended the segment by calling on all internet comment trolls to take advantage of the FCC's open comments section on the topic. 'We need you to get out there and for once in your lives focus your indiscriminate rage in a useful direction,' he said. 'Seize your moment, my lovely trolls, turn on caps lock, and fly my pretties! Fly! Fly! Fly!' While the true impact of John Oliver's editorial cannot be confirmed, the FCC nevertheless tweeted shortly after it aired that its website was experiencing technical difficulties due to heavy traffic. They accept comments via email as well at openinternet@fcc.gov."

A new flaw has been discovered in the GnuTLS cryptographic library that ships with several popular Linux distributions and hundreds of software implementations. According to the bug report, "A malicious server could use this flaw to send an excessively long session id value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code." A patch is currently available, but it will take time for all of the software maintainers to implement it. A lengthy technical analysis is available. "There don't appear to be any obvious signs that an attack is under way, making it possible to exploit the vulnerability in surreptitious "drive-by" attacks. There are no reports that the vulnerability is actively being exploited in the wild."

jmcbain (1233044) writes "At WWDC 2014 today, Apple announced Swift, a new programming language. According to a report by Ars Technica: 'Swift seems to get rid of Objective C's reliance on defined pointers; instead, the compiler infers the variable type, just as many scripting languages do. ... The new language will rely on the automatic reference counting that Apple introduced to replace its garbage-collected version of Objective C. It will also be able to leverage the compiler technologies developed in LLVM for current development, such as autovectorization. ... Apple showed off a couple of cases where implementing the same algorithm in Swift provided a speedup of about 1.3X compared to the same code implemented in Objective C.'" Language basics, and a few worthwhile comments on LtU.

We mentioned last year that FindTheBest CEO Kevin O'Connor had taken an unusual step, when confronted with a demand by patent troll company Lumen View that the startup pay $50,000 for what struck O'Connor as a frivolous patent: He not only refused, but pledged to spend a million bucks, if necessary, to fight Lumen View in court. Now, as Ars Technica reports, O'Connor has succeeded on a grand scale. Before trouncing Lumen View in court, Ars reports, "FindTheBest had spent about $200,000 on its legal fight—not to mention the productivity lost in hundreds of work hours spent by top executives on the lawsuit, and three all-company meetings. Now the judge overseeing the case has ruled (PDF) that it's Lumen View, not FindTheBest, that should have to pay those expenses. In a first-of-its-kind implementation of new fee-shifting rules mandated by the Supreme Court, US District Judge Denise Cote found that the Lumen View lawsuit was a 'prototypical exceptional case.'"

PC Mag reports that an upcoming laptop from HP (one that was prematurely announced in April, and now official) has decent-to-good specs — under 4 pounds, battery life more than 8 hours, Tegra processor, and a 1928x1080 touch screen — but an unusual operating system, at least for a laptop. The SlateBook 14 will run Android, rather than Windows (or ChromeOS, for that matter), which helps keep it relatively cheap, at $400. According to the article, Android is "a lot cheaper for HP to implement in a laptop; ChromeOS, in contrast, comes with more stringent system requirements that would cost HP a bit more." Ars Technica's mention in April includes a screenshot taken from a video (note: video itself appears to be disabled) which shows the keyboard layout and which reveals some Android-specific changes. Update: 06/01 19:23 GMT by T : Here's an alternative link to the promotional video.

An anonymous reader writes "Representative Bob Latta (R-OH) introduced a bill on Wednesday that would limit the FCC's power to regulate ISPs in a supposed effort to keep the internet free. The bill's text is currently not available on the Library of Congress webpage or on congress.gov, but a purported copy has been spotted on scribd. Representative Latta's press release nevertheless indicates that the bill is intended to prevent the FCC from re-classifying ISPs as common carriers under Title II. Latta is one of the 28 representatives who lobbied the FCC earlier this month and were shown to have received double the average monetary donations given to all House of Representative members from the cable industry over a two year period ending this past December."

An anonymous reader writes "Representative Bob Latta (R-OH) introduced a bill on Wednesday that would limit the FCC's power to regulate ISPs in a supposed effort to keep the internet free. The bill's text is currently not available on the Library of Congress webpage or on congress.gov, but a purported copy has been spotted on scribd. Representative Latta's press release nevertheless indicates that the bill is intended to prevent the FCC from re-classifying ISPs as common carriers under Title II. Latta is one of the 28 representatives who lobbied the FCC earlier this month and were shown to have received double the average monetary donations given to all House of Representative members from the cable industry over a two year period ending this past December."

An anonymous reader writes "After only one year in operation, Google's Moto X factory in Fort Worth, TX, is scheduled to close at the end of 2014. The decision to close apparently has nothing to do with Google's decision to sell Motorola Mobility to Lenovo and everything to do with poor sales numbers and high labor and shipping costs in the U.S. The factory had, at one point, employed 3,800 people. Their ranks now number at about 700. Moto E and Moto G, newer and cheaper iterations of Moto X, have sold in more profitable numbers overseas, so Google's original rationale of building phones nearer to the largest customer base to decrease time between assembly and delivery to end user will unsurprisingly force the closure of the U.S.-based factory and transfer labor overseas as well."

An anonymous reader writes "Research for the Public Utility Law Project (PULP) has been released which details 'how Verizon deliberately moves back and forth between regulatory regimes, classifying its infrastructure either like a heavily regulated telephone network or a deregulated information service depending on its needs. The chicanery has allowed Verizon to raise telephone rates, all the while missing commitments for high-speed internet deployment' (PDF). In short, Verizon pushed for the government to give it common carrier privileges under Title II in order to build out its fiber network with tax-payer money. Result: increased service rates on telephone users to subsidize Verizon's 'infrastructure investment.' When it comes to regulations on Verizon's fiber network, however, Verizon has been pushing the government to classify its services as that of information only — i.e., beyond Title II. Verizon has made about $4.4 billion in additional revenue in New York City alone, 'money that's funneled directly from a Title II service to an array of services that currently lie beyond Title II's reach.' And it's all legal. An attorney at advocacy group Public Knowledge said it best: 'To expect that you can come in and use public infrastructure and funds to build a network and then be free of any regulation is absurd....When Verizon itself is describing these activities as a Title II common carrier, how can the FCC look at broadband internet and continue acting as though it's not a telecommunication network?'"

An anonymous reader writes in with good news for everyone who wants to hold a LAN party in a Stratofortress. "The US Air Force's 10th Flight Test Squadron recently took delivery of the first B-52H Stratofortress to complete a refit through the Combat Network Communications Technology (CONECT) program. It's an effort to bring the Cold War era heavy bomber into the 21st century way of warfare—or at least up to the 1990s, technology-wise. While the aircraft received piecemeal upgrades over the past 50 years of flying, CONECT is the first major information technology overhaul for the Air Force's B-52H fleet since the airplanes started entering service in 1961."

Ars Technica reports that HP is back in the $100 tablet market, and this time with a tablet that's intended to be priced there instead of just a fire sale. The new offering lacks Bluetooth and GPS, among other features you might wish for in a tablet, and the screen is surrounded by a hefty bezel, but manages a pretty good list of features. Ars summarizes: "For $100, you can't expect much of the spec sheet. The HP 7 Plus has a 7-inch 1024x600 IPS display, a 1GHz quad-core Cortex A7 processor (made by a company called "Allwinner"), 1GB of RAM, 8GB of storage, 802.11 b/g/n, a microSD slot, and a 2800 mAh battery. The biggest downside HP could have fixed at this price point is the software: it's only running Android 4.2.2. Android versions are free, HP." Having an avaialble microSD slot beats some more expensive options, too.

TechCrunch's video introduction (not intended as a full review) to the recently introduced Microsoft Surface Pro 3 has mostly good things to say about the device. Reviewer Alex Wilhelm compares it to his MacBook Air, and though he's not sure that the Surface is a better fit for all-day typing than the 11" Air (slightly larger, slightly heavier than the Surface), he says the Surface does a good job of integrating input options (both finger and stylus input) that the Air -- and most laptops -- just don't have. The Washington Post's Hayley Tsukayama also compares the Surface to the Air, rather than to an Android or Apple tablet, writing, "It's heavy for a tablet, sure, but light for a laptop at 1.7 pounds. And while it doesn't have the array of ports that laptops do, you can make do with the two that it does have, a mini-display port that's good for presentations and a USB 3.0 that's good for, well, everything else. You will probably need a hub to get everything you want of this, though. (Or you could go to using Bluetooth accessories, which the Surface Pro 3 will also support.)" Ars Technica has an informative hands-on review as well, but one which parts from these by emphatically describing the Surface as a tablet, not a laptop; Ars reviewer Peter Bright gives high marks for many aspects of the design and materials, though he says his experience with the included pressure-sensitive pen was "problematic." (His initial sample pen had to be replaced, and even when it did work, it lacks tilt sensing.) Troubling for anyone who would prefer to use it as a laptop, Bright says the Surface 3 is better than its forebears but still an awkward fit for using on an actual lap, and that despite the improvements Microsoft's made it therefore isn't quite the system he's looking for.

An anonymous reader writes "In a time when the government avows that it cannot carry out justice without issuing secret warrants and National Security Letters to anyone other than the suspect, it is truly noteworthy when news breaks that the FBI, facing push-back from the likes of a company such as Microsoft, finds that it can indeed gather the information it needs for its investigation through a regular search warrant applied directly to its suspect. Such was the case on Thursday. Court documents (PDF) reveal that Microsoft filed a petition against the National Security Letter (NSL) it received involving one of its customers, citing violations to the First Amendment. The FBI later withdrew the NSL and went after their suspect in the old, Constitutionally-sound way. A federal judge ruled last year that the NSLs impinge on free speech' That judgement has been stayed, of course, pending appeal."

An anonymous reader writes with news about a study that investigated the effectiveness of Yelp reviews in pinpointing the source of foodborne illnesses. "In 2012, New York City's Department of Health and Mental Hygiene (DOHMH) found that residents weren't turning to the city's free 311 service to make such complaints, but rather they were reporting their experiences in Yelp reviews. So the CDC, in collaboration with the New York City DOHMH, Yelp, and Columbia University, conducted a nine-month long research into the effectiveness of using online reviews to identify sources of foodborne illnesses. The study discovered 468 actionable complaints, 97% of which hadn't been officially reported to the city, and analyzed roughly 294,000 Yelp restaurant reviews. Subsequent investigations on suspected restaurants turned up evidence of bare-handed food handling, cross-contamination, or even the presence of mice and cockroaches. The study concluded that providing the public with more options for reporting complaints about restaurants, particularly in the social media sphere, would help in the identification and possible closure of sources of foodborne illnesses."