Slashdot Mirror

The Securities and Exchange Commission is charging DJ Khaled and professional boxer Floyd Mayweather Jr for failing to disclose that they were paid promotional fees to tout fraudulent initial coin offerings. The Verge reports: According to the SEC, this is the first time that individuals have faced charges involving ICOs. The Commission is accusing Mayweather of failing to disclose a $100,000 promotional payment and DJ Khaled with a $50,000 one. Both celebrities received these promotional fees from Centra Tech, Inc. earlier this year. Neither Mayweather nor Khaled have admitted to or denied the Commission's findings, but both have agreed to pay back what they had received to promote the ICO and are facing hundreds of thousands of dollars in additional penalties each. "These cases highlight the importance of full disclosure to investors," said SEC Enforcement Division co-director Stephanie Avakian. "With no disclosure about the payments, Mayweather and Khaled's ICO promotions may have appeared to be unbiased, rather than paid endorsements."

An anonymous reader quotes a report from Ars Technica: Microsoft has won a $480 million contract to develop an augmented reality system for use in combat and military training for the U.S. Army. Called Integrated Visual Augmentation System (IVAS), formerly Heads Up Display (HUD) 3.0, the goal of the project is to develop a headset that gives soldiers -- both in training and in combat -- an increase in "Lethality, Mobility, and Situational Awareness." The ambitions for the project are high. Authorities want to develop a system with a goggle or visor form factor -- nothing mounted on a helmet -- with an integrated 3D display, digital cameras, ballistic laser, and hearing protection. The system should provide remote viewing of weapon sights to enable low risk, rapid target acquisition, perform automated or assisted target acquisition, integrate both thermal and night vision cameras, track soldier vitals such as heart and breathing rates, and detect concussions. Over the course of IVAS's development, the military will order an initial run of 2,550 prototypes, with follow-on production possibly in excess of 100,000 devices.

More than 45,000 Internet routers have been compromised by a newly discovered campaign that's designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers say. From a report: The new attack exploits routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445, content delivery network Akamai said in a blog post. As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. While Internet scans don't reveal precisely what happens to the connected devices once they're exposed, Akamai said the ports --which are instrumental for the spread of EternalBlue and its Linux cousin EternalRed -- provide a strong hint of the attackers' intentions.

The attacks are a new instance of a mass exploit the same researchers documented in April. They called it UPnProxy because it exploits Universal Plug and Play -- often abbreviated as UPnP -- to turn vulnerable routers into proxies that disguise the origins of spam, DDoSes, and botnets.

Criminal hackers continue to exploit a feature in Autodesk's widely used AutoCAD program in an attempt to steal valuable computer-assisted designs for bridges, factory buildings, and other projects, researchers say. From a report: The attacks arrive in spear-phishing emails and in some cases postal packages that contain design documents and plans. Included in the same directory are camouflaged files formatted in AutoLISP, an AutoCAD-specific dialect of the LISP programming language. When targets open the design document, they may inadvertently cause the AutoLISP file to be executed. While modern versions of AutoCAD by default display a warning that a potentially unsafe script will run, the warnings can be disregarded or suppressed altogether. To make the files less conspicuous, the attackers have set their properties to be hidden in Windows and their contents to be encrypted.

The attacks aren't new. Similar ones occurred as long ago as 2005, before AutoCAD provided the same set of robust defenses against targeted malware it does now. The attacks continued to go strong in 2009. A specific campaign recently spotted by security firm Forcepoint was active as recently as this year and has been active since at least 2014, an indication that malware targeting blueprints isn't going away any time soon. [...] Forcepoint said it has tracked more than 200 data sets and about 40 unique malicious modules, including one that purported to include a design for Hong Kong's Zhuhai-Macau Bridge.

An anonymous reader quotes a report from Ars Technica: Earlier this year, a federal judge in Fresno, California, denied prosecutors' efforts to compel Facebook to help it wiretap Messenger voice calls. But the precise legal arguments that the government made, and that the judge ultimately rejected, are still sealed. On Wednesday, the American Civil Liberties Union formally asked the judge to unseal court dockets and related rulings associated with this ongoing case involving alleged MS-13 gang members. ACLU lawyers argue that such a little-charted area of the law must be made public so that tech companies and the public can fully know what's going on.

In their new filing, ACLU lawyers pointed out that "neither the government's legal arguments nor the judge's legal basis for rejecting the government motion has ever been made public." The attorneys continued, citing a "strong public interest in knowing which law has been interpreted" and referencing an op-ed published on Ars on October 2 as an example. The ACLU argued that the case is reminiscent of the so-called "FBI v. Apple" legal showdown -- whose docket and related filings were public -- where the government made novel arguments in an attempt to crack the encryption on a seized iPhone. Those legal questions were never resolved, as the government said the day before a scheduled hearing that it had found a company to assist in its efforts. "Moreover, the sealing of the docket sheet in this case impermissibly prevents the public from knowing anything about the actions of both the judiciary and the executive in navigating a novel legal issue, which has the potential to reoccur in the future," the ACLU's attorneys continued.

"The case involves the executive branch's attempt to force a private corporation to break the encryption and other security mechanisms on a product relied upon by the public to have private conversations. The government is not just seeking information held by a third party; rather, it appears to be attempting to get this Court to force a communications platform to redesign its product to thwart efforts to secure communications between users."

An anonymous reader quotes a report from Ars Technica: Earlier this year, a federal judge in Fresno, California, denied prosecutors' efforts to compel Facebook to help it wiretap Messenger voice calls. But the precise legal arguments that the government made, and that the judge ultimately rejected, are still sealed. On Wednesday, the American Civil Liberties Union formally asked the judge to unseal court dockets and related rulings associated with this ongoing case involving alleged MS-13 gang members. ACLU lawyers argue that such a little-charted area of the law must be made public so that tech companies and the public can fully know what's going on.

In their new filing, ACLU lawyers pointed out that "neither the government's legal arguments nor the judge's legal basis for rejecting the government motion has ever been made public." The attorneys continued, citing a "strong public interest in knowing which law has been interpreted" and referencing an op-ed published on Ars on October 2 as an example. The ACLU argued that the case is reminiscent of the so-called "FBI v. Apple" legal showdown -- whose docket and related filings were public -- where the government made novel arguments in an attempt to crack the encryption on a seized iPhone. Those legal questions were never resolved, as the government said the day before a scheduled hearing that it had found a company to assist in its efforts. "Moreover, the sealing of the docket sheet in this case impermissibly prevents the public from knowing anything about the actions of both the judiciary and the executive in navigating a novel legal issue, which has the potential to reoccur in the future," the ACLU's attorneys continued.

"The case involves the executive branch's attempt to force a private corporation to break the encryption and other security mechanisms on a product relied upon by the public to have private conversations. The government is not just seeking information held by a third party; rather, it appears to be attempting to get this Court to force a communications platform to redesign its product to thwart efforts to secure communications between users."

A paper published in Nature Genetics this week looked at genetic data from more than 50,000 people, finding 12 different regions of DNA that seemed to play a role in increasing ADHD risk. Ars Technica reports: This evidence comes from a genome-wide association study, or GWAS: a close look at how the DNA of people with ADHD differs from those without. Geneticist Ditte Demontis and her colleagues used data from more than 20,000 people with ADHD, comparing them to a control group of 35,000 people without an ADHD diagnosis. They found 304 points where tiny differences in DNA -- like single letter swaps -- were distributed across their two groups in a statistically telling way. If any of those variants were very close together, the researchers counted them as representing the same stretch of DNA, grouping them together into 12 important regions.

There were correlations between the genetic risk for ADHD and a range of other conditions, including depression and anorexia. That ties in with the idea that genetic variation might be important in a way that plays out system-wide. Some of the genes they identified are also known to be involved in other neurological conditions, including speech and learning disabilities, depression, and schizophrenia.

An anonymous reader quotes a report from Ars Technica: Comcast is raising its controversial "Broadcast TV" and "Regional Sports Network" fees again on January 1, with the typical total price going from $14.50 to $18.25 a month. The newly raised broadcast TV fee will be $10 a month, and the sports fee will be $8.25 a month, Cord Cutters News reported last week. The new fee sizes are confirmed in a Comcast price list for the Atlanta market. The new price hikes will take effect in most of Comcast's regional markets across the U.S. on January 1, but some cities will get the increase later in 2019, a Comcast spokesperson told Ars. The fee sizes can vary by city based on which stations are available, so in some cases they could be less than $10 and $8.25, Comcast said.

The fees, which have become common in the industry, are controversial because they are not included in Comcast's advertised prices and because Comcast imposes fee increases even on customers who are under contract. The broadcast and sports fee increases will also be applied to customers who pay Comcast's promotional rates, which typically last one year, Comcast told Ars. Equipment rental fees are rising, too. Comcast last year raised its modem rental fee from $10 to $11 a month. The new price list for January 1 lists an "Internet/Voice Equipment Rental" fee as $13. Comcast confirmed to Ars that the modem rental fee is rising $2 a month. Customers can avoid that fee by purchasing their own modem.

An anonymous reader quotes a report from Ars Technica: The important data loss bug that interrupted the rollout of the Windows 10 October 2018 Update, version 1809, may be fixed, but it turns out there are plenty of other weird problems with the release. As spotted by Paul Thurrott, the update also breaks the seek bar in Windows Media Player when playing "specific files." Microsoft does promise to fix the bug, but the timeframe is vaguely open-ended: it will be "in an upcoming release."

Also in the "how did that happen" category comes another bug: some Win32 programs can't be set as the default program for a given file type. So if you want certain files to always open in Notepad, for example, you're currently out of luck. A fix for this is promised by the end of the month. Setting default program associations is something that's been in Windows for 20-something years, so it's a little alarming that it should be broken. On top of this, there continue to be complaints that Windows 10 version 1809 doesn't work with iCloud, and machines with the iCloud client are currently blacklisted to prevent them from receiving the 1809 update. It's not immediately clear whose fault this one is -- it could be Microsoft's, but it's also possible that Apple is to blame.

"Recently, I found a typo in the District of Columbia's legal code and corrected it using GitHub," writes D.C. based "civic hacker" Joshua Tauberer, adding "My feat highlights the groundbreaking way the District manages its legal code." The District does something with its legal code that no other jurisdiction in the world does (to my knowledge): it publishes the law on GitHub.... This isn't a copy of the DC law. It is an authoritative source. It is where the DC Council stores the digital versions of enacted laws, and this source feeds directly into the Council's DC Code website.... This is a milestone in the advancement of open government and open legal publishing.

No one should expect that editing the law on GitHub is going to become the new normal, however. My edit wasn't substantive. This sort of "technical correction," as lawyers would call it, didn't need to be passed by the Council and signed by the Mayor. I also happen to have expertise in this particular law, GitHub, XML, and the Council's new publishing process created by the Open Law Library.... GitHub's pull-request feature isn't going to replace public hearings, expert testimony, negotiations between stakeholders, votes by elected representatives, etc. -- and it shouldn't. Yet Open Law Library's new legal publishing process is groundbreaking. The Open Law Library is changing how we change the law...

Open Law Library's mission as a nonprofit is to make all laws as open and accessible as possible. The library's strategy is to achieve openness by making openness pay off for governments: it uses open, machine-readable laws to build software tools that make codification faster and more accurate. The cool thing about this is that governments can benefit from using Open Law Library's software even if open data isn't their highest priority, but in the background they'll still be publishing their laws in an open and accessible format -- everybody wins. Today, instead of authoring the DC Code in Word documents stored on a hard drive in a locked room in a basement, the Code is now stored in XML format in a place everyone can see -- on the Web."
The article notes that 18 more states have now enacted "Uniform Electronic Legal Material Acts" -- and that several other jurisdictions are already publishing their legal codes with official bulk XML downloads. "The US federal government began publishing XML downloads for the Code of Federal Regulations in 2009 and the United States Code in 2013."

But the District of Columbia "appears to be the first jurisdiction to combine the two by putting its legal code on GitHub and accepting a change from a member of the public."

An anonymous reader shares a report from Ars Technica, written by Jon Brodkin: Nearly two years have passed since the Federal Communications Commission reported on whether broadband customers are getting the Internet speeds they pay for. In 2011, the Obama-era FCC began measuring broadband speeds in nearly 7,000 consumer homes as part of the then-new Measuring Broadband America program. Each year from 2011 to 2016, the FCC released an annual report comparing the actual speeds customers received to the advertised speeds customers were promised by Comcast, Time Warner Cable, Verizon, AT&T, and other large ISPs. But the FCC hasn't released any new Measuring Broadband America reports since Republican Ajit Pai became the commission chairman in January 2017. Pai's first year as chair was the first time the FCC failed to issue a new Measuring Broadband America report since the program started -- though the FCC could release a new report before his second year as chair is complete.

For more than three months, Ars has been trying to find out whether the FCC is still analyzing Measuring Broadband America data and whether the FCC plans to release any more measurement reports. SamKnows, the measurement company used by the FCC for this program, told Ars that Measuring Broadband America is still active and that a new report is forthcoming, hopefully next month. But whether the report is released is up to the FCC, and Chairman Pai's public relations office has ignored our questions about the program. Because of Pai's office's silence, we filed a Freedom of Information Act (FoIA) request on August 13 for internal emails about the Measuring Broadband America program and for broadband speed measurement data since January 2017. By law, the FCC and other federal agencies have 20 business days to respond to public records requests. The FCC has denied Ars' request for "expedited processing," which "was warranted because the broadband measuring data is out of data, depriving American consumers of crucial information when they purchase broadband access," writes Brodkin. The FCC said, "we are not persuaded that the records you request are so urgent that our normal process will not provide them in a timely manner."

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission is planning to raise the rural broadband standard from 10Mbps to 25Mbps in a move that would require faster Internet speeds in certain government-subsidized networks. The FCC's Connect America Fund (CAF) distributes more than $1.5 billion a year to AT&T, CenturyLink, and other carriers to bring broadband to sparsely populated areas. Carriers that use CAF money to build networks must provide speeds of at least 10Mbps for downloads and 1Mbps for uploads. The minimum speed requirement was last raised in December 2014.

Today, FCC Chairman Ajit Pai said he's proposing raising that standard from 10Mbps/1Mbps to 25Mbps/3Mbps. "[W]'re recognizing that rural Americans need and deserve high-quality services by increasing the target speeds for subsidized deployments from 10/1 Mbps to 25/3 Mbps," Pai wrote in a blog post that describes agenda items for the FCC's December 12 meeting. "[T]he program should support high-quality services; rural Americans deserve services that are comparable to those in urban areas," Pai also wrote. The new speeds "will apply to future projects but won't necessarily apply to broadband projects that are already receiving funding," Ars notes. "For ongoing projects, the FCC will use incentives to try to raise speeds. More money will be offered to carriers that agree to upgrade speeds to 25Mbps/3Mbps, a senior FCC official said in a conference call with reporters."

Valve is quietly discontinuing Steam Link, the in-home streaming box it first launched in late 2015. From a report: A low-key announcement on Valve's Steam Link news page suggests that production of new units has ceased and that Valve is currently selling off the rest of its "almost sold out" inventory in the US, after selling out completely in Europe. Valve says it will continue to offer support for existing Steam Link hardware.

The $50 Steam Link was designed for streaming games from a local gaming PC to an HDTV in the same house, a job it did pretty well provided your networking hardware was up to it. In recent months, though, Valve has shifted its focus away from dedicated streaming hardware and toward mobile apps that can provide the same feature.

Google has patented motorized, omnidirectional virtual-reality sneakers that may solve the "limited space" problem associated with the interactive computer-generated experience. Ars Technica reports: Google's patent describes what are essentially motorized VR roller skates that will let the user walk normally while the motors and wheels work to negate your natural locomotion and keep you inside the VR safe zone. As the patent puts it, Google's new kicks will let you walk "seemingly endlessly in the virtual environment" while keeping you in one spot in real life. Google's shoe solution would track the user's feet, just like how VR controllers are tracked today. The tracking would know when you're too close to the virtual walls of your VR area, and the system would wheel you back into place.

Patents are always written to give the broadest possible coverage of an idea, but Google's patent shows normal wheels, tracks, and even omnidirectional mecanum wheels as possible wheels for the VR shoe bottoms. Omnidirectional wheels would be great, as they would allow you to do things like sidestep, while still having your position corrected by the shoes.

In an interview with Axios on HBO Apple CEO Tim Cook explained the decision to use Google as the default search engine on Apple products. This decision, which enables Apple to make up to $9 billion a year, has baffled some, considering Google's business model of making money off of users' data -- something Apple has spoken out against numerous times. From a report: "I think their search engine is the best," Cook said in the interview. He followed up by diving into privacy features Apple has implemented in its Safari browser. "Look at what we've done with the controls we've built in," Cook stated. "We have private Web browsing. We have an intelligent tracker prevention. What we've tried to do is come up with ways to help our users through their course of the day. It's not a perfect thing. I'd be the very first person to say that. But it goes a long way to helping." Google pays Apple to have its search engine be the primary one on iPhones and other Apple devices.

Elon Musk has tweeted images of his tunnel-boring machine with the caption "Congratulations @BoringCompany on completing the LA/Hawthorne tunnel! Cutting edge technology!" The update comes a couple weeks after Musk showed off the Boring Company's LA tunnel and said it was "on track" for an opening party on December 10th. Ars Technica reports: The tunnel appears to end at what The Boring Company calls "O'Leary Station," which is located on a piece of commercial property that The Boring Company purchased in Hawthorne. This location is close to, but not the same as, the location for which The Boring Company recently received approval to build a tunnel entrance within a residential garage. "O'Leary Station" references a SpaceX/Boring Company employee who recently passed away. The Hawthorne tunnel is just a test tunnel for The Boring Company, which also plans to complete a second, 3.6-mile, one-way tunnel from Los Angeles Metro to Dodger Stadium. Eventually, the company wants to dig a tunnel in Chicago between O'Hare International Airport and the city's downtown.

An anonymous reader quotes a report from Ars Technica: Microsoft is planning to release a disc-free version of the Xbox One as early as next spring, according to an unsourced report from author Brad Sams of Thurrott.com (who has been reliable with early Xbox-related information in the past). The report suggests the disc-free version of the system would not replace the existing Xbox One hardware, and it would instead represent "the lowest possible price for the Xbox One S console." Sams says that price could come in at $199 "or lower," a significant reduction from the system's current $299 starting price (but not as compelling compared to $199 deals for the Xbox One and PS4 planned for Black Friday this year). Buyers will also be able to add a subscription to the Xbox Games Pass program for as little as $1, according to Sams. For players who already have games on disc, Sams says Microsoft will offer a "disc to digital" program in association with participating publishers. Players will be able to take their discs into participating retailers (including Microsoft Stores) and trade them in for a "digital entitlement" that can be applied to their Xbox Live account.

An anonymous reader quotes a report from Ars Technica: Three U.S. Senate Democrats today asked the four major wireless carriers about allegations they've been throttling video services and -- in the case of Sprint -- the senators asked about alleged throttling of Skype video calls. Sens. Edward Markey (D-Mass.), Richard Blumenthal (D-Conn.), and Ron Wyden (D-Ore.) sent the letters to AT&T, Verizon, Sprint, and T-Mobile, noting that recent research using the Wehe testing platform found indications of throttling by all four carriers.

"All online traffic should be treated equally, and Internet service providers should not discriminate against particular content or applications for competitive advantage purposes or otherwise," the senators wrote. Specifically, the Wehe tests "indicated throttling on AT&T for YouTube, Netflix, and NBC Sports... throttling on Verizon for Amazon Prime, YouTube, and Netflix... throttling on Sprint for YouTube, Netflix, Amazon Prime, and Skype Video calls... [and] delayed throttling, or boosting, on T-Mobile for Netflix, NBC Sports, and Amazon Prime by providing un-throttled streaming at the beginning of the connection, and then subsequently throttling the connection," the senators' letters said.

Federal prosecutors in Kansas announced Tuesday that a 25-year-old Californian has admitted that he caused a Wichita man to be killed at the hands of local police during a swatting attack late last year. Ars Technica reports: According to the United States Attorney's Office for the District of Kansas, Tyler Barriss pleaded guilty to making a false report resulting in a death, cyberstalking, and conspiracy. He also admitted that he was part of "dozens of similar crimes in which no one was injured." In May 2018, Barriss was indicted on county charges (manslaughter) and federal charges, which include cyberstalking and wire fraud, among many others. U.S. Attorney Stephen McAllister said in a Tuesday statement that Barriss would be sentenced to at least 20 years in prison. Barriss also was involved in calling in a bomb threat to the Federal Communications Commission in December 2017 to disrupt a vote on net neutrality rules. The 25-year-old Californian is scheduled to be sentenced on January 30, 2019, in federal court in Wichita.

An anonymous reader quotes a report from Ars Technica: Over the last year, Amazon has dangled in front of cities the possibility that they could host the company's "second headquarters" -- a massive $5 billion facility that would provide 50,000 white-collar jobs. On Tuesday, Amazon confirmed what had been widely reported: nobody would be getting this massive prize. Instead, the expansion would be split in half, with New York City and Arlington, Virginia, (just outside Washington, DC) each getting smaller facilities that will employ around 25,000 people each. Amazon's Seattle offices will continue to be the company's largest and will continue to be Amazon's headquarters by any reasonable definition. But pretending to have three "headquarters" undoubtedly makes it easier for Amazon to coax taxpayer dollars out of local governments. [...] The tactic seems to have worked, as governments in both locations have offered Amazon hundreds of millions of dollars in incentives to locate their new offices there. Virginia officials appear to have driven a harder bargain than their rivals in New York. Amazon says it's getting $1.5 billion in government incentives for its New York expansion, whereas Virginia is offering a comparatively modest $573 million in direct incentives.

thegarbz writes: Denuvo, the darling of the DRM industry was once considered by publishers to be the final solution to piracy. Slashdot has documented the slow decline of Denuvo from stories in 2014, and 2016 where publishers were praising Denuvo's success at mitigating piracy for weeks, to its slow decline last year where games were being cracked within "hours" of release. The popular wisdom of publishers in the past considered DRM worth while as it thwarts piracy during the critical sales spike when games are first released. Last week saw Hitman 2, the latest Denuvo protected game get cracked in a short time. The kicker, the game isn't officially released until this Thursday.

Publishers are now eroding the potential sale day advantage of DRM through the latest practice of offering games for early release in an attempt to secure an ever larger number of pre-orders for popular titles. This leads to the obvious question: Does DRM make financial sense to include in titles if they risk being cracked before release date? Conversely, does releasing games early to selected customers make financial sense if it results in the DRM being cracked before release?

An anonymous reader quotes a report from Ars Technica: A recently discovered botnet has taken control of an eye-popping 100,000 home and small-office routers made from a range of manufacturers, mainly by exploiting a critical vulnerability that has remained unaddressed on infected devices more than five years after it came to light. Researchers from Netlab 360, who reported the mass infection late last week, have dubbed the botnet BCMUPnP_Hunter. The name is a reference to a buggy implementation of the Universal Plug and Play protocol built into Broadcom chipsets used in vulnerable devices. An advisory released in January 2013 warned that the critical flaw affected routers from a raft of manufacturers, including Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, and US Robotics. The finding from Netlab 360 suggests that many vulnerable devices were allowed to run without ever being patched or locked down through other means. Last week's report documents 116 different types of devices that make up the botnet from a diverse group of manufacturers. Once under the attackers' control, the routers connect to a variety of well-known email services. This is a strong indication that the infected devices are being used to send spam or other types of malicious mail.

An anonymous reader quotes a report from Ars Technica: Police in the Netherlands said they decrypted more than 258,000 messages sent using IronChat, an app billed as providing end-to-end encryption that was endorsed by National Security Agency leaker Edward Snowden. In a statement published Tuesday, Dutch police said officers achieved a "breakthrough in the interception and decryption of encrypted communication" in an investigation into money laundering. The encrypted messages, according to the statement, were sent by IronChat, an app that runs on a device that cost thousands of dollars and could send only text messages.

"Criminals thought they could safely communicate with so-called crypto phones which used the application IronChat," Tuesday's statement said. "Police experts in the east of the Netherlands have succeeded in gaining access to this communication. As a result, the police have been able to watch live the communication between criminals for some time." Blackbox-security.com, the site selling IronChat and IronPhone, quoted Snowden as saying: "I use PGP to say hi and hello, i use IronChat (OTR) to have a serious conversation," according to Web archives. Whether the endorsement was authentic or not wasn't immediately known. The site has been seized by Dutch police.

Unannounced, unadvertised freebie lands ahead of Microsoft's X018 conference. PUBG, the game that kicked off an international "battle royale" gaming sensation, is currently free for all Xbox One owners. From a report: Even if you do not have a paid Xbox Live Gold subscription, you can head to this link and claim what appears to be a permanent copy of the game for your Microsoft Account. Timed trials of Xbox One games tend to be exclusive treats for XBLG subscribers. Bizarrely, the Konami soccer game PES 2019, which launched at a standard $60 retail price point in August, is also free to claim as of today. (Here's that link.) Of course, there is the caveat that these games' giveaways could be yanked from accounts by Microsoft at any moment. In the meantime, we suggest clicking first, asking questions later. Update: Microsoft says the games will be free only till November 11.

An anonymous reader quotes a report from Ars Technica: If you talk to experts on election security (I studied with several of them in graduate school) they'll tell you that we're nowhere close to being ready for online voting. "Mobile voting is a horrific idea," said election security expert Joe Hall when I asked him about a West Virginia experiment with blockchain-based mobile voting back in August. But on Tuesday, The New York Times published an opinion piece claiming the opposite. "Building a workable, scalable, and inclusive online voting system is now possible, thanks to blockchain technologies," writes Alex Tapscott, whom the Times describes as co-founder of the Blockchain Research Institute. Tapscott is wrong -- and dangerously so. Online voting would be a huge threat to the integrity of our elections -- and to public faith in election outcomes.

Tapscott focuses on the idea that blockchain technology would allow people to vote anonymously while still being able to verify that their vote was included in the final total. Even assuming this is mathematically possible -- and I think it probably is -- this idea ignores the many, many ways that foreign governments could compromise an online vote without breaking the core cryptographic algorithms. For example, foreign governments could hack into the computer systems that governments use to generate and distribute cryptographic credentials to voters. They could bribe election officials to supply them with copies of voters' credentials. They could hack into the PCs or smartphones voters use to cast their votes. They could send voters phishing emails to trick them into revealing their voting credentials -- or simply trick them into thinking they've cast a vote when they haven't.

The U.S. Supreme Court on Monday refused a request by the Trump administration and the telecommunications industry to wipe away a lower court decision that had upheld Obama-era net neutrality rules aimed at ensuring a free and open internet. The justices' action, however, does not undo the 2017 repeal of the policy. A report adds: The Federal Communications Commission's 2015 order to impose net neutrality rules and strictly regulate broadband was already reversed by Trump's pick for FCC chairman, Ajit Pai. But AT&T and broadband industry lobby groups were still trying to overturn court decisions that upheld the FCC order. A win for the broadband industry could have prevented future administrations from imposing a similarly strict set of rules. The Trump administration supported the industry's case, asking the US Supreme Court to vacate the Obama-era ruling.

But the Supreme Court today said it has denied petitions filed by AT&T and broadband lobby groups NCTA, CTIA, USTelecom, and the American Cable Association. Four of nine justices must agree to hear a case, but only three voted to grant the petitions. Further reading: Reuters and Variety.

Iwastheone shares a report from Ars Technica: Mario Segale, the Seattle real estate and construction business owner who inspired the name for Nintendo's famous mascot, passed away on October 27 according to reports from The Seattle Times and The Auburn Reporter. He was 84 years old. Segale owned the business park housing Nintendo's American arcade operation in the early '80s, when the company was busy converting thousands of disused Radarscope cabinets to play Donkey Kong. At the time, Nintendo of America President Minoru Arakawa and other executives were trying to come up with an Americanized name for the game's player avatar, who was still referred to as "Jumpman" at that point (a name that appears on early Donkey Kong cabinet art). As the story goes, when Segale came to Arakawa to demand payment for a late rent bill, inspiration struck.

While the broad strokes of Segale's role in Mario's naming remain consistent, the particulars can change with the retelling. David Sheff's seminal Nintendo history Game Over suggests the executives exclaimed "Super Mario!" after Segale's visit in 1981 (though the book misspells his name "Segali"). As Benj Edwards notes in an in-depth 2010 exploration of the tale, though, the "Super" descriptor for the character wouldn't become common until the release of Super Mario Bros. in 1985. Other retellings over the years go so far as to suggest that the "Super" came from Segale's role as "superintendent" of the building, but these stories offer little in the way of direct evidence. Ars mentions a 1993 Seattle Times article that quotes Segale as joking, "You might say I'm still waiting for my royalty checks."

mspohr shares a report from Ars Technica: In September 2018, Shipping & Transit LLC (formerly known as ArrivalStar) filed for Chapter 7 bankruptcy -- voluntary liquidation -- but no one seems to have noticed until the Electronic Frontier Foundation pointed it out on October 31. The company claimed that it held the patent on vehicle tracking and related alerts. But about 15 months ago, judges began to rule against Shipping & Transit for the first time. That seems to have put a damper on its entire business model.

Now, according to Shipping & Transit LLC's federal bankruptcy filings, its global patent holdings (34 in the United States and 29 elsewhere) are worth a whopping $2. Meanwhile, it owes more than $423,000 to numerous creditors, including banks, law firms, and something called the "West African Investment Trust," based in Geneva, Switzerland.

An anonymous reader quotes a report from Ars Technica: California has agreed to delay enforcement of its net neutrality law until after litigation that will determine whether states can implement their own net neutrality rules. California's net neutrality law was slated to take effect on January 1, 2019. But the Trump administration's Department of Justice and broadband industry sued to block the law and were seeking a preliminary injunction that would halt enforcement until litigation is over.

The DOJ and broadband industry had a good chance of winning a preliminary injunction because the Federal Communications Commission had declared that all state net neutrality rules are preempted. As the DOJ argued, the U.S. District Court for the Eastern District of California must presume that the FCC preemption of state laws is valid since that preemption has not been overturned by any court. In a U.S. District Court filing today, California agreed to take no action to enforce the state net neutrality law until after the U.S. Court of Appeals case is decided and all appeals have been exhausted.

An anonymous reader quotes a report from Ars Technica: California has agreed to delay enforcement of its net neutrality law until after litigation that will determine whether states can implement their own net neutrality rules. California's net neutrality law was slated to take effect on January 1, 2019. But the Trump administration's Department of Justice and broadband industry sued to block the law and were seeking a preliminary injunction that would halt enforcement until litigation is over.

The DOJ and broadband industry had a good chance of winning a preliminary injunction because the Federal Communications Commission had declared that all state net neutrality rules are preempted. As the DOJ argued, the U.S. District Court for the Eastern District of California must presume that the FCC preemption of state laws is valid since that preemption has not been overturned by any court. In a U.S. District Court filing today, California agreed to take no action to enforce the state net neutrality law until after the U.S. Court of Appeals case is decided and all appeals have been exhausted.

According to the senior director of government sales for SpaceX, Lars Hoffman, the company is planning to launch a Falcon 9 first-stage booster for the third time. At the Wernher von Braun Memorial Symposium on Wednesday afternoon, Hoffman said: "We've launched Falcon 9 over 60 times. We've landed our first stage booster 30 times now. And relaunched 16 times. We're about to relaunch a booster for the third time. So we're turning this into routine access to space. High-reliability, higher-performance, lower-cost access to space; that opens it up to everybody." Ars Technica reports: The company has not officially confirmed its plans, but at present SpaceX intends to reuse a Falcon 9 rocket for the third time to launch a rideshare mission of dozens of small satellites for Spaceflight. This Spaceflight SSO-A mission currently has a launch date of November 19, according to a calendar maintained by Spaceflight Now. An earlier report in The Space Review previously indicated this mission may involve the third flight of a booster.

An anonymous reader quotes a report from Ars Technica: Google's Pixel 3 smartphone is shipping out to the masses, and people hoping to take advantage of the new Qi wireless charging capabilities have run into a big surprise. For some unexplained reason, Google is locking out third-party Qi chargers from reaching the highest charging speeds on the Pixel 3. Third-party chargers are capped to a pokey 5W charging speed. If you want 10 watts of wireless charging, Google hopes you will invest in its outrageously priced Pixel Stand, which is $79.

Android Police reports that a reader purchased an Anker wireless charger for their Pixel 3, and, after noticing the slow charging speed, this person contacted the company. Anker confirmed that something screwy was going on with Google's charging support, saying "Pixel sets a limitation for third-party charging accessories and we are afraid that even our fast wireless charger can only provide 5W for these 2x devices." Normally we would chalk this up to some kind of bug, but apparently Google told Android Police that this was on purpose. The site doesn't have a direct quote, but it writes that, after reaching out to Google PR, it was "told that the Pixel 3 would charge at 10W on the Pixel Stand [and that] due to a 'secure handshake' being established that third-party chargers would indeed be limited to 5W." In an update, Google said the reason has to do with the "proprietary wireless charging technology" it has via its Pixel Stand and other select wireless chargers. The Pixel 3 only supports 5W Qi charging; "Google's 10W proprietary wireless charging technology" is what will allow the phone to charge at faster speeds.

"Google says it is 'certifying' chargers for the Pixel 3 via the 'Made for Google' program and pointed us to one such device, a Belkin charger called the 'Boost Up Wireless Charging Pad 10W for Pixel 3 and Pixel 3 XL,'" reports Ars Technica. "Belkin's description is very enlightening, saying 'Made with the Google Pixel 3 and Pixel 3 XL in mind, this wireless charging pad uses Google's 10W proprietary wireless charging technology. It's certified for Pixel, so you know that the BOOST UP Wireless Charging pad has been made specifically for your Pixel 3 and meets Google's high product standards.'"

The National Highway Traffic Safety Administration on Friday ordered the French transportation company Transdev to stop transporting schoolchildren in a self-driving vehicle in Florida. Ars Technica reports: Transdev's pilot project in Babcock Ranch, a planned community, was quite modest. On Fridays, Transdev's electric shuttle would take a group of elementary-aged children to school, then take them home later in the day. The vehicle had a safety driver on board. The route was short enough that kids walked or rode their bikes to school the other four days of the week, according to a spokeswoman for Babcock Ranch. "The shuttle travels at a top speed of 8mph, with the potential to reach speeds of 30mph once the necessary infrastructure is complete," an August press release stated.

So why did the feds shut down this project while allowing lots of others to continue with minimal oversight? NHTSA points to two factors. One is that Transdev is a French company. Different countries have different safety standards, so vehicles designed overseas often can't be used in the U.S. without special permission from U.S. regulators. NHTSA granted Transdev a temporary importation authorization to test its driverless shuttle in the United States. "Transdev requested permission to use the shuttle for a specific demonstration project, not as a school bus," NHTSA said in its Friday statement. "Transdev failed to disclose or receive approval for this use." The other issue, of course, is that the project involves kids. For obvious reasons, federal regulators are going to be extra wary of testing experimental technology on schoolchildren.

Ever since Microsoft settled on a cadence of two feature updates a year -- one in April, one in October -- the quality of its operating system (taking into consideration the volume of bugs that emerge every few days) has deteriorated, writes Peter Bright of ArsTechnica. From the story: The problem with Windows as a Service is quality. Previous issues with the feature and security updates have already shaken confidence in Microsoft's updating policy for Windows 10. While data is notably lacking, there is at the very least a popular perception that the quality of the monthly security updates has taken a dive with Windows 10 and that installation of the twice-annual feature updates as soon as they're available is madness. These complaints are long-standing, too. The unreliable updates have been a cause for concern since shortly after Windows 10's release.

The latest problem has brought this to a head, with commentators saying that two feature updates a year is too many and Redmond should cut back to one, and that Microsoft needs to stop developing new features and just fix bugs. Some worry that the company is dangerously close to a serious loss of trust over updates, and for some Windows users, that trust may already have been broken. These are not the first calls for Microsoft to slow down with its feature updates -- there have been concerns that there's too much churn for both IT and consumer audiences alike to handle -- but with the obvious problems of the latest update, the calls take on a new urgency.

An anonymous reader quotes a report from Ars Technica: A recent hack of eight poorly secured adult websites has exposed megabytes of personal data that could be damaging to the people who shared pictures and other highly intimate information on the online message boards. Included in the leaked file are (1) IP addresses that connected to the sites, (2) user passwords protected by a four-decade-old cryptographic scheme, (3) names, and (4) 1.2 million unique email addresses, although it's not clear how many of the addresses legitimately belonged to actual users.

Robert Angelini, the owner of wifelovers.com and the seven other breached sites, told Ars on Saturday morning that, in the 21 years they operated, fewer than 107,000 people posted to them. He said he didn't know how or why the almost 98-megabyte file contained more than 12 times that many email addresses, and he hasn't had time to examine a copy of the database that he received on Friday night. Still, three days after receiving notification of the hack, Angelini finally confirmed the breach and took down the sites on early Saturday morning. A notice on the just-shuttered sites warns users to change passwords on other sites, especially if they match the passwords used on the hacked sites. The affected sites "offer a variety of pictures that members say show their spouses," reports Ars. "It's not clear that all of the affected spouses gave their consent to have their intimate images made available online."

An anonymous reader shares new work that could allow us to generate electricity using supercritical carbon dioxide. Ars Technica reports: The researchers involved in the new work, a large U.S.-based collaboration, focus on a composite material: tungsten and zirconium carbide. These have extremely high melting points: 3,700K for both materials. Both of them conduct heat extremely well, and neither of them expands or softens much under these conditions, meaning they would hold up better to the mechanical stresses. While the stats are impressive, the amazing part of this is how the material is fabricated. The researchers started with tungsten carbide, a ceramic that can be formed into a porous material simply by pouring it as a powder into a mold and heating it. At this point, the ceramic can be further machined to produce a final shape. Once in its final form, the ceramic was placed in a bath of a molten mixture of copper and zirconium. The molten mixture filled the pores, and the zirconium reacted with the tungsten carbide, replacing the tungsten. The copper in the molten material formed a thin film on the surface of the solid.

The tungsten then filled the pores in the resulting material, allowing it to retain the same shape and size despite the chemical changes. The zircon carbide ends up providing the material with a stiffness even at high temperatures, while the tungsten is flexible enough to keep the whole thing from being brittle. And the whole thing conducted heat better than the metals currently in use. The remaining issue is that, at the conditions involved in solar thermal plants, the copper on the material would react with the carbon dioxide, forming a copper oxide and releasing carbon monoxide. But the researchers determined that adding a small amount of carbon monoxide to the supercritical CO2 would suppress this reaction, something that they confirmed experimentally. Because the material holds up to these conditions so much better than the metals currently in use, it's possible to use much less of it to build a heat exchanger. This is great economically (since you need fewer raw materials), and the small size increases the power density and efficiency of the heat exchanger.

An anonymous reader quotes Gizmodo: When it was discovered earlier this month that the 1809 build of Windows 10 was deleting user files just because, Microsoft halted the update until the problem was fixed. Shame, then, that another not-as-bad-but-still-bad file overwriting bug has now reared its head. in 1809, overwriting files by extracting from an archive using File Explorer doesn't result in an overwrite prompt dialogue and also doesn't replace any files at all; it just fails silently. There are also some reports that it did overwrite items, but did so silently without asking.
Ars Technica speculates that there's a larger program with Microsoft's testing process: [M]any of the preview builds had a bug wherein deleting a directory that was synced to OneDrive crashed the machine. Not only was this bug integrated into the Windows code, it was allowed to ship to end users. This tells us some fundamental things about how Windows is being developed. Either tests do not exist at all for this code (and I've been told that yes, it's permitted to integrate code without tests, though I would hope this isn't the norm), or test failures are being regarded as acceptable, non-blocking issues, and developers are being allowed to integrate code that they know doesn't work properly...

Microsoft's new development process has, proportionately, a greater amount of time spent writing new features, and a reduced amount of time stabilizing and fixing those features. That would be fine if the quality of the features were higher to start with, with the testing infrastructure to support it and higher standards before new code was integrated. But the experience with Windows 10 thus far is that Microsoft hasn't developed the processes and systems needed to sustain this new approach.

sharkbiter shares a report from Ars Technica: The Federal Communications Commission chairman slammed wireless carriers on Tuesday for failing to quickly restore phone service in Florida after Hurricane Michael, calling the delay "completely unacceptable." But FCC Chairman Ajit Pai's statement ignored his agency's deregulatory blitz that left consumers without protections designed to ensure restoration of service after disasters, according to longtime telecom attorney and consumer advocate Harold Feld.

The Obama-era FCC wrote new regulations to protect consumers after Verizon tried to avoid rebuilding wireline phone infrastructure in Fire Island, New York, after Hurricane Sandy hit the area in October 2012. But Pai repealed those rules, claiming that they prevented carriers from upgrading old copper networks to fiber. Pai's repeal order makes zero mentions of Fire Island and makes reference to Verizon's response to Hurricane Sandy only once, in a footnote. Among other things, the November 2017 FCC action eliminated a requirement that telcos turning off copper networks must provide Americans with service at least as good as those old copper networks. This change lets carriers replace wireline service with mobile service only, even if the new mobile option wouldn't pass a "functional test" that Pai's FCC eliminated. Additionally, "in June 2018, Chairman Pai further deregulated telephone providers to make it easier to discontinue service after a natural disaster," Feld wrote. In response to Pai's deregulation, Feld wrote: "The situation in Florida shows what happens when regulators abandon their responsibilities to protect the public based on unenforceable promises from companies eager to cut costs for maintenance and emergency preparedness. This should be a wake-up call for the 37 states that have eliminated traditional oversight of telecommunications services and those states considering similar deregulation: critical communications services cannot be left without some kind of public oversight."

An anonymous reader quotes a report from Ars Technica: Elon Musk took to Twitter on Thursday evening to inform his followers of a new addition to the Model 3 lineup. This is not the long-awaited $35,000 version, however; the mid-range Model 3 starts at $45,000. Musk also revealed that the Model 3 ordering process has been simplified and now has fewer options. One that's missing -- from all new Tesla orders, not just the Model 3 -- is the controversial "full self-driving" option. The reason? It was "causing too much confusion," Musk tweeted. The mid-range Model 3s will be rear-wheel drive only, prompting some to wonder if the company was using software to limit battery capacity on existing RWD inventory in order to get it out of the door. But Tesla says it's able to build these slightly cheaper cars by using the same battery pack as the more expensive, longer-range cars but with fewer cells inside (so no future software upgrades can increase their range at a later date). While Tesla is promoting the car as costing as little as $30,700 by factoring in "gas savings" and all federal and local tax incentives, it did also announce last week that any new Tesla delivered after October 15th might not ship before the beginning of next year. As Ars Technica notes, "Any new Tesla delivered after January 1st 2019 (but before July 1st 2019) is only eligible for a $3,750 IRS credit."

With the latest Windows 10 build 18262, Microsoft is allowing you to remove apps such as Mail, Calendar, Movies & TV, and the Groove Music app. Ars Technica reports: The ability to remove these apps doesn't really mean much in terms of disk space or convenience, as none of them are very big. The move may be of more interest to corporate deployments; an organization that has standardized on Outlook, for example, might want to remove the Mail and Calendar apps to reduce user confusion.

Elsewhere, the new build also updates Task Manager; an optional column in the Details tab will show which applications handle mixed DPI systems and what API level they use for that support. Microsoft is also planning, but has not yet enabled, a new Windows troubleshooter. This will examine diagnostic data and automatically perform any fixes or reconfigurations that appear to be necessary.

Ars Technica reports of "a four-year-old bug in the Secure Shell implementation known as libssh that makes it trivial for just about anyone to gain unfettered administrative control of a vulnerable server." It's not clear how many sites or devices may be vulnerable since neither the widely used OpenSSH nor Github's implementation of libssh was affected. From the report: The vulnerability, which was introduced in libssh version 0.6 released in 2014, makes it possible to log in by presenting a server with a SSH2_MSG_USERAUTH_SUCCESS message rather than the SSH2_MSG_USERAUTH_REQUEST message the server was expecting, according to an advisory published Tuesday. Exploits are the hacking equivalent of a Jedi mind trick, in which an adversary uses the Force to influence or confuse weaker-minded opponents. The last time the world saw an authentication-bypass bug with such serious consequences and requiring so little effort was 11 months ago, when Apple's macOS let people log in as admin without entering a password.

On the brighter side, there were no immediate signs of any big-name sites being bitten by the bug, which is indexed as CVE-2018-10933. While Github uses libssh, the site officials said on Twitter that "GitHub.com and GitHub Enterprise are unaffected by CVE-2018-10933 due to how we use the library." In a follow-up tweet, GitHub security officials said they use a customized version of libssh that implements an authentication mechanism separate from the one provided by the library. Out of an abundance of caution, GitHub has installed a patch released with Tuesday's advisory. Another limitation: only vulnerable versions of libssh running in server mode are vulnerable, while the client mode is unaffected. Peter Winter-Smith, a researcher at security firm NCC who discovered the bug and privately reported it to libssh developers, told Ars the vulnerability is the result of libssh using the same machine state to authenticate clients and servers. Because exploits involve behavior that's safe in the client but unsafe in the server context, only servers are affected.

Zorro shares a report from The Mercury News: Not only did Facebook inflate ad-watching metrics by up to 900 percent (Warning: source may be paywalled, alternative source), it knew for more than a year that its average-viewership estimates were wrong and kept quiet about it, a new legal filing claims. A group of small advertisers suing the Menlo Park social media titan alleged in the filing that Facebook "induced" advertisers to buy video ads on its platform because advertisers believed Facebook users were watching video ads for longer than they actually were. That "unethical, unscrupulous" behavior by Facebook constituted fraud because it was "likely to deceive" advertisers, the filing alleged. The latest allegations arose out of a lawsuit that the advertisers filed against Mark Zuckerberg-led Facebook in federal court in 2016 over alleged inflation of ad-watching metrics. "Suggestions that we in any way tried to hide this issue from our partners are false," the company told The Wall Street Journal. "We told our customers about the error when we discovered it -- and updated our help center to explain the issue."

"The plaintiffs are seeking class-action status to bring other advertisers into the legal action, plus unspecified damages," reports The Mercury News. "They also want the court to order a third-party audit of Facebook's video-ad metrics."

In the early days of what ultimately became Waymo, Google's self-driving car division (known at the time as "Project Chauffeur"), there were "more than a dozen accidents, at least three of which were serious," according to a new article in The New Yorker . From a report: The magazine profiled Anthony Levandowski, the former Google engineer who was at the center of the Waymo v. Uber trade secrets lawsuit. According to the article, back in 2011, Levandowski also modified the autonomous software to take the prototype Priuses on "otherwise forbidden routes."

Citing an anonymous source, The New Yorker reports that Levandowski sat behind the wheel as the safety driver, along with Isaac Taylor, a Google executive. But while they were in the car, the Prius "accidentally boxed in another vehicle," a Camry.

As The New Yorker wrote: "A human driver could easily have handled the situation by slowing down and letting the Camry merge into traffic, but Google's software wasn't prepared for this scenario. The cars continued speeding down the freeway side by side. The Camry's driver jerked his car onto the right shoulder. Then, apparently trying to avoid a guard rail, he veered to the left; the Camry pinwheeled across the freeway and into the median. Levandowski, who was acting as the safety driver, swerved hard to avoid colliding with the Camry, causing Taylor to injure his spine so severely that he eventually required multiple surgeries." This was apparently just one of several accidents in Project Chauffeur's early days.

The "real version" of Photoshop is coming to the iPad next year, complete with a user interface similar to the desktop application and all the main tools. Ars Technica reports: Photoshop for iPad has a user interface structured similarly to the desktop application. It is immediately familiar to users of the application but tuned for touch screens, with larger targets and adaptations for the tablet as well as gestures to streamline workflows. Both touch and pencil input are supported. The interface is somewhat simpler than the desktop version, and although the same Photoshop code is running under the hood to ensure there's no loss of fidelity, not every feature will be available in the mobile version. The first release will contain the main tools while Adobe plans to add more in the future. Cloud syncing is a key element of Photoshop on iPad. Edits made on the iPad will be synchronized transparently with the desktop -- no conversions or import/export process to go through. Using a feature not available in the iPad version should then be as simple as hitting save and then opening the file on the desktop, picking up where you left off. Adobe is also reportedly building a tablet painting app called Project Gemini, which "simulates real brushes, paints, and materials as well as the interactions between them," reports Ars. "It combines raster graphics, vector drawing, and the Photoshop engine into a single application designed for artwork and illustration."

A new study in Frontiers in Psychology examined why people struggle so much to solve statistical problems, particularly why we show a marked preference for complicated solutions over simpler, more intuitive ones. Chalk it up to our resistance to change. From a report: The study concluded that fixed mindsets are to blame: we tend to stick with the familiar methods we learned in school, blinding us to the existence of a simpler solution. Roughly 96 percent of the general population struggles with solving problems relating to statistics and probability. Yet being a well-informed citizen in the 21st century requires us to be able to engage competently with these kinds of tasks, even if we don't encounter them in a professional setting. "As soon as you pick up a newspaper, you're confronted with so many numbers and statistics that you need to interpret correctly," says co-author Patrick Weber, a graduate student in math education at the University of Regensburg in Germany. Most of us fall far short of the mark.

Part of the problem is the counterintuitive way in which such problems are typically presented. Meadows presented his evidence in the so-called "natural frequency format" (for example, 1 in 10 people), rather than in terms of a percentage (10 percent of the population). That was a smart decision, since 1-in-10 a more intuitive, jury-friendly approach. Recent studies have shown that performance rates on many statistical tasks increased from four percent to 24 percent when the problems were presented using the natural frequency format.

An anonymous reader quotes Ars Technica: Microsoft was the fifth-biggest PC maker in the U.S. in the third quarter of this year, according to industry advisory firm Gartner. The top spot in the U.S. belongs to HP, with about 4.5 million machines sold, ahead of Dell at 3.8 million, Lenovo at 2.3 million, and Apple at 2 million. The gap between fourth and fifth is pretty big -- Microsoft sold only 0.6 million Surface devices last quarter -- but it suggests that Microsoft's PC division is heading in the right direction, with sales 1.9 percent higher than the same quarter last year. The company pushed down to sixth place was Acer. The current quarter should be better still; the Surface Pro, Surface Laptop, and Surface Studio have all been given hardware refreshes which, when combined with the always-busy holiday season, should stimulate higher sales.

Globally, both Gartner and IDC reported a flat PC market (up 0.1 percent in Gartner's view, down 0.9 percent in IDC's), after the previous quarter's modest growth.
"The PC market continued to be driven by steady corporate PC demand, which was driven by Windows 10 PC hardware upgrades," said one Gartner analyst.

In defining what constitutes a PC, Gartner includes notebooks and "premium" ultramobile devices -- but does not include iPads or Chromebooks.

The Federal Communications Commission opened its defense of its net neutrality repeal yesterday, telling a court that it has no authority to keep the net neutrality rules in place. From a report: Chairman Ajit Pai's FCC argued that broadband is not a "telecommunications service" as defined in federal law, and therefore it must be classified as an information service instead. As an information service, broadband cannot be subject to common carrier regulations such as net neutrality rules, Pai's FCC said. The FCC is only allowed to impose common carrier regulations on telecommunications services. "Given these classification decisions, the Commission determined that the Communications Act does not endow it with legal authority to retain the former conduct rules," the FCC said in a summary of its defense filed yesterday in the US Court of Appeals for the District of Columbia Circuit. The FCC is defending the net neutrality repeal against a lawsuit filed by more than 20 state attorneys general, consumer advocacy groups, and tech companies. The FCC's opponents in the case will file reply briefs next month, and oral arguments are scheduled for February.

The U.S. Air Force on Wednesday awarded funds to three rocket companies to help them complete development of their boosters. The three winners include:

United Launch Services: $967,000,000 for the development of the Vulcan Centaur launch system.
Northrop Grumman: $791,601,015 for development of the Omega launch system
Blue Origin: $500,000,000 for the development of the New Glenn launch system

The obvious company missing from the list is SpaceX, which did not win an award. Aerojet Rocketdyne also failed to win an award since it "does not appear to have a customer for its AR1 rocket engine, which the military initially supported," Ars Technica reports. From the report: These are hugely consequential awards for the rocket companies. Essentially the U.S. Air Force, which launches more complex, heavy payloads than any other entity in the world, believes these boosters will have a significant role to play in those missions during the next decade. And when the military has confidence in your vehicle, commercial satellite contracts are more likely to follow as well. After speaking with a couple of aerospace sources, Ars has a few theories as to why SpaceX didn't win an award: For one, SpaceX has already built and flown a rocket that can reach all of the Air Force's reference orbits -- the Falcon Heavy. Moreover, the Falcon Heavy is already certified for the Air Force and has won contracts. Air Force officials may also feel that, through NASA contracts for commercial cargo and crew, the government already facilitated development of the Falcon Heavy -- which uses three Falcon 9 rocket cores. It also depends upon what SpaceX bid for. The government would have been more inclined to fund development of an advanced upper stage for the Falcon Heavy or vertical integration facilities. But it seems like the military would not have been as interested in the Big Falcon Rocket, which is more booster than it deems necessary at this time. So if SpaceX bid the BFR, that is one possible explanation for no award.

On Tuesday, Google announced the Google Home Hub, a 7-inch display that gives you visual information, making it easier to control smart home appliances and view photos and the weather. The unusual thing about it is that it doesn't run the smart display software that it introduced for third-party OEMs. Ars Technica explains: First, let's talk about what the third-party smart displays run. When Google created its smart display software, it also came up with a turnkey solution for OEMs. So far, we've seen Lenovo, LG, and Samsung's JBL all produce devices on the same basic platform. Just like with smartphones, these devices are all an extension of the Android/Qualcomm partnership -- they run Android Things on Qualcomm's SD624 Home Hub Platform. Android Things is Google's stripped-down version of Android that is purpose-built for IoT products, and the third-party smart displays are the first commercial devices to run the OS.

Unlike regular phone Android, Android Things is not customizable by third-parties. All Android Things devices use an OS image direct from Google, and Google centrally distributes updates to all Android Things devices for three years. Android Things doesn't really have an interface. It's designed to get a device up and running and show a single app, which on the smart displays is the Google Smart Display app. Qualcomm's "Home Hub" platform was purposely built to run Android Things and this Google Assistant software -- the SD624 is for smart displays, while the less powerful SDA212 is for speakers. When it came time to build the Google Home Hub, Google didn't use any of this. After talking to Google's VP of product management, Diya Jolly, Ars Technica's Ron Amadeo discovered that the Home Hub is actually built on Google's Cast platform and uses an Amlogic chip instead of Qualcomm's SD624 Home Hub Platform.

When asked why Google was using a totally different platform from the third parties, Jolly told Amadeo, "There's no particular reason. We just felt we could bring the experience to bear with Cast, and the experiences are the same. We would have easily given the third-parties Cast if they wanted it, but I think most developers are comfortable using Android Things." Amadeo seems to think it has to do with the low price, as it undercuts the cheapest third-party Google smart display (Lenovo's 8-inch model) by fifty bucks.

An anonymous reader shares a report: Think of how ice skaters extend their arms and legs to slow down rotation coming out of jumps or spins. It's the same principle: conservation of angular momentum. Once the bottle is set in motion, its angular momentum remains constant. But shifting how the mass inside (the water) is distributed increases the bottle's rotational inertia (how much force is required to start or keep it moving). This slows down the bottle's rotational speed. Physicists from the University of Twente in the Netherlands decided to analyze the underlying physics [of flipping a half-full bottle of water so it lands upright] more thoroughly in a series of rigorous experiments and develop a theoretical model. For the first version of the experiment, they used a partially filled water bottle. For the second version, they reduced the variables from the large number of water molecules in the bottle to just two tennis balls in a cylindrical container. In both cases, their measurements clearly showed the dramatic decrease of the container's rotational speed, resulting in a nearly vertical descent, so the bottle landed neatly and upright. Tracking the sloshing of the liquid and the changing positions of the tennis balls demonstrated the redistribution of mass, shifting the moment of inertia.