Slashdot Mirror

The Belgian Gaming Commission has reviewed several big video games and found that randomized loot boxes in at least three of the titles count as "games of chance," and publishers could therefore be subject to fines and prison sentences under the country's gaming legislation. Ars Technica reports: A statement by Belgian Minister of Justice Koen Geens (machine translation) identifies loot boxes in Overwatch, FIFA 18, and Counter Strike: Global Offensive as meeting the criteria for that "game of chance" definition: i.e., "there is a game element [where] a bet can lead to profit or loss and chance has a role in the game." The Commission also looked at Star Wars: Battlefront II and determined that the recent changes EA made to the game means it "no longer technically forms a game of chance." Beyond that simple definition, the Gaming Commission expressed concern over games that draw in players with an "emotional profit forecast" of randomized goods, where players "buy an advantage with real money without knowing what benefit it would be." The fact that these games don't disclose the odds of receiving specific in-game items is also worrisome, the Commission said. The three games noted above must remove their loot boxes or be in criminal violation of the country's gaming legislation, Geens writes. That law carries penalties of up to 800,000EU (~$973,680) and five years in prison, which can be doubled if "minors are involved." But Geens says he wants to start a "dialogue" with loot box providers to "see who should take responsibility where."

For the second time in a month, websites that use the Drupal content management system are confronted with a stark choice: install a critical update or risk having your servers infected with ransomware or other nasties. From a report: Maintainers of the open-source CMS built on the PHP programming language released an update patching critical remote-code vulnerability on Wednesday. The bug, formally indexed as CVE-2018-7602, exists within multiple subsystems of Drupal 7.x and 8.x. Drupal maintainers didn't provide details on how the vulnerability can be exploited other than to say attacks work remotely. The maintainers rated the vulnerability "critical" and urged websites to patch it as soon as possible.

Amazon lost control of some of its widely used cloud services for two hours on Tuesday morning when hackers exploited a known Internet-protocol weakness that allowed them to redirect traffic to rogue destinations, according to media reports. ArsTechnica: The attackers appeared to use one server masquerading as cryptocurrency website MyEtherWallet.com to steal digital coins from unwitting end users. They may have targeted other customers of Amazon's Route 53 service as well. The incident, which started around 6am California time, hijacked roughly 1,300 IP addresses, Oracle-owned Internet Intelligence said on Twitter. The malicious redirection was caused by fraudulent routes that were announced by Columbus, Ohio-based eNet, a large Internet service provider that is referred to as autonomous system 10297. Once in place, the eNet announcement caused some of its peers to send traffic over the same unauthorized routes. [...] Tuesday's event may also have ties to Russia, because MyEtherWallet traffic was redirected to a server in that country, security researcher Kevin Beaumont said in a blog post. The redirection came by rerouting domain name system traffic and using a server hosted by Chicago-based Equinix to perform a man-in-the-middle attack. MyEtherWallet officials said the hijacking was used to send end users to a phishing site. Participants in this cryptocurrency forum appear to discuss the scam site. Further reading: Hacker Hijacks DNS Server of MyEtherWallet to Steal $160,000 (BleepingComputer).

An anonymous reader quotes a report from Ars Technica: Netflix, Amazon, and the major film studios have once again joined forces to sue the maker of a TV service and hardware device, alleging that the products are designed to illegally stream copyrighted videos. The lawsuit was filed against the company behind Set TV, which sells a $20-per-month TV service with more than 500 channels.

"Defendants market and sell subscriptions to 'Setvnow,' a software application that Defendants urge their customers to use as a tool for the mass infringement of Plaintiffs' copyrighted motion pictures and television shows," the complaint says. Besides Netflix and Amazon, the plaintiffs are Columbia Pictures, Disney, Paramount Pictures, Twentieth Century Fox, Universal, and Warner Bros. The complaint was filed Friday in U.S. District Court for the Central District of California. The companies are asking for permanent injunctions to prevent further distribution of Set TV software and devices, the impoundment of Set TV devices, and for damages including the defendants' profits.

Microsoft has been rumored to be working on a "Surface Phone" for years now, with little concrete evidence that such a device actually exists. "But the latest Windows 10 Insider Preview has given new fuel for the speculative fire, it has a set of new APIs for cellular phones," reports Ars Technica. From the report: Windows has had integrated support for cell modems since Windows 8, but this has been restricted to supporting data connections. Telephony -- dialing numbers, placing calls -- has always required either Windows Phone or Windows 10 Mobile. This has made the full Windows 10 unsuitable for a phone. That may be changing. Windows 10 build 17650 -- a preview of Redstone 5, the next Windows update after the delayed April update -- includes some telephony APIs. The new APIs cover support for a range of typical phone features: dialing numbers and contacts, blocking withheld numbers, support for Bluetooth headsets and spearphone mode, and so on and so forth. There also looks to be some kind of video-calling support, suggesting support for 3G or LTE video calling.

An anonymous reader quotes a report from Ars Technica: A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusee Gelee coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch. "Fusee Gelee isn't a perfect, 'holy grail' exploit -- though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ. The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code. The exploit can't be fixed via a downloadable patch because the flawed bootROM can't be modified once the Tegra chip leaves the factory. As Temkin writes, "unfortunately, access to the fuses needed to configure the device's ipatches was blocked when the ODM_PRODUCTION fuse was burned, so no bootROM update is possible. It is suggested that consumers be made aware of the situation so they can move to other devices, where possible." Ars notes that Nintendo may however be able to detect "hacked" systems when they sign on to Nintendo's servers. "The company could then ban those systems from using the Switch's online functions."

Researchers with Netlab 360 warn that attackers are mass-exploiting "Drupalgeddon2," the name of an extremely critical vulnerability Drupal maintainers patched in late March. The exploit allows them to take control of powerful website servers. Ars Technica reports: Formally indexed as CVE- 2018-7600, Drupalgeddon2 makes it easy for anyone on the Internet to take complete control of vulnerable servers simply by accessing a URL and injecting publicly available exploit code. Exploits allow attackers to run code of their choice without having to have an account of any type on a vulnerable website. The remote-code vulnerability harkens back to a 2014 Drupal vulnerability that also made it easy to commandeer vulnerable servers.

Drupalgeddon2 "is under active attack, and every Drupal site behind our network is being probed constantly from multiple IP addresses," Daniel Cid, CTO and founder of security firm Sucuri, told Ars. "Anyone that has not patched is hacked already at this point. Since the first public exploit was released, we are seeing this arms race between the criminals as they all try to hack as many sites as they can." China-based Netlab 360, meanwhile, said at least three competing attack groups are exploiting the vulnerability. The most active group, Netlab 360 researchers said in a blog post published Friday, is using it to install multiple malicious payloads, including cryptocurrency miners and software for performing distributed denial-of-service attacks on other domains. The group, dubbed Muhstik after a keyword that pops up in its code, relies on 11 separate command-and-control domains and IP addresses, presumably for redundancy in the event one gets taken down.

An anonymous reader quotes a report from Ars Technica: According to reports from Bloomberg and E&E News, the Trump Administration has been exploring another way to help coal and nuclear generators: the Defense Production Act of 1950. The Act was passed under President Truman. Motivated by the Korean War, it allows the president broad authority to boost U.S. industries that are considered a priority for national security. On Thursday, E&E News cited sources that said "an interagency process is underway" at the White House to examine possible application of the act to the energy industry. The goal would be to give some form of preference to coal and nuclear plants that are struggling to compete with cheap natural gas.

If the DOE decides not to invoke Section 202(c), the president may turn to the Defense Production Act. According to a 2014 summary report (PDF) from the Congressional Research Service (CRS), the act would allow the president to "demand priority for defense-related products," "provide incentives to develop, modernize, and expand defense productive capacity," and establish "a voluntary reserve of trained private sector executives available for emergency federal employment," among other powers. (Some even more permissive applications of the Act were terminated in 1957.) Using the Act to protect coal and nuclear facilities would almost certainly be more controversial, as the link between national defense and keeping uneconomic coal generators running is not well-established. The Administration could apply the Act to "provide or guarantee loans to industry" for material-specific deliveries and production. "The president may also authorize the purchase of 'industrial items or technologies for installation in government or private industrial facilities,'" reports Ars.

Eventbrite lets you sell tickets online for your events. An anonymous reader reports on Eventbrite's newly-updated merchant agreement. The merchant agreement specifies that you "grant permission to Eventbrite and its agents to enter onto and remain on the premises (including real property, fixtures, equipment, or other personal property) where your event is hosted...with personnel and equipment for the purpose of photographing and recording the Premises, both internally and externally in connection with the production of digital content on the date of your event(s) and any other dates reasonably requested by Eventbrite (for example, during setup and breakdown for the event) (the 'Shoot')."

But in addition, you're also granting them permission to record and use footage of all your attendees and speakers, "in any manner, in any medium or context now known or hereafter developed, without further authorization from, or compensation to." And after that Eventbrite "will own all rights of every nature whatsoever in and to all films and photographs taken and recordings made hereunder, including without limitation of all copyrights therein and renewals and extensions thereof, and the exclusive right to use and exploit the Recordings in any manner, in any medium or context now known or hereafter developed..." You're even responsible for obtaining all the clearances and licenses "necessary to secure Eventbrite the permissions and rights described above," and you also release Eventbrite from any claims that may arise regarding use of the Recordings, "including, without limitation, any claims of defamation, invasion of privacy, or infringement of rights of likeness, publicity or copyright."
"So, yeah. No," tweeted Ars Technica's national security editor. "Eventbrite is now off my list for recommended event organizing tools."

UPDATE (4/23/18): "Facing a backlash to the new language, Eventbrite pulled the section from the Agreement's text on Sunday afternoon," reports Ars Technica.

Slashdot reader Applehu Akbar writes: Imbruvica, a compound that treats white blood cell cancers, has until now been a bargain at $148,000 per year. Until now, doctors have been able to optimize dosage for each patient by prescribing up to four small-dose pills of it per day.

But after results from a recent small pilot trial indicated that smaller doses would for most patients work as well as the large ones, its manufacturer, Janssen and Pharmacyclics, has decided on the basis of the doctors' interest in smaller dosages to reprice all sizes of the drug to the price of the largest size. This has the effect of tripling the price for patients, and doctors have now put off any plans for further testing of lower dosages.
The researchers are retaliating by urging clinical investigators to test whether the expensive pill could be safely given every other day -- and by calling on America's public health regulators to investigate the drug's pricing.

New submitter krazy1 shares a report from Ars Technica: The U.S. government is going after another Chinese Android device maker. After shutting down Huawei's carrier deals and retail partners, the government is now pursuing ZTE. The U.S. Department of Commerce has banned U.S. companies from selling parts and software to ZTE for seven years. ZTE was caught violating U.S. sanctions by illegally shipping telecommunications equipment to Iran and North Korea. The company then made things worse by "making false statements and obstructing justice, including through preventing disclosure to and affirmatively misleading the U.S. Government," according to the Department of Commerce.

The latest news from Reuters raises even bigger issues for ZTE, though. A source told Reuters that "The Commerce Department decision means ZTE Corp may not be able to use Google's Android operating system in its mobile devices." Android is free and open source and will probably remain free for ZTE to use without Google's involvement. Reuters' source is probably referring to the Google apps, which aren't sold to device makers but are carefully licensed to them in exchange for other concessions. The Google apps package includes popular services like Gmail and Google Maps, and it also unlocks the Play Store, Google Play Services, and the entire Android app ecosystem. For a market-viable Android device, the Play Store is pretty much mandatory in every country other than China. So while ZTE could conceivably source hardware components from non-U.S. sources, being locked out of the Play Store would devastate ZTE's smartphones worldwide.

An anonymous reader quotes a report from Ars Technica: Yet another Los Angeles city councilman has taken Waze to task for creating "dangerous conditions" in his district, and the politician is now "asking the City to review possible legal action." "Waze has upended our City's traffic plans, residential neighborhoods, and public safety for far too long," LA City Councilman David Ryu said in a statement released Wednesday. "Their responses have been inadequate and their solutions, non-existent. They say the crises of congestion they cause is the price for innovation -- I say that's a false choice." In a new letter sent to the City Attorney's Office, Ryu formally asked Los Angeles' top attorney to examine Waze's behavior. While Ryu said he supported "advances in technology," he decried Waze and its parent company, Google, for refusing "any responsibility for the traffic problems their app creates or the concerns of residents and City officials."

An anonymous reader quotes a report from Ars Technica: Amazon just released a new way for Alexa users to customize their experience with the virtual assistant. New Alexa Skill Blueprints allow you to create your own personalized Alexa skills, even if you don't know how to code. These "blueprints" act as templates for making questions, responses, trivia games, narrative stories, and other skills with customizable answers unique to each user. Amazon already has a number of resources for developers to make the new skills they want, but until now, users have had to work within the confines of pre-made Alexa skills. Currently, more than 20 templates are available on the new Alexa Skill Blueprints website, all ready for Alexa users to personalize with their own content. Any blueprint-made skills you make will show up on the "Skills You've Made" section of the blueprints website. While these skills will exist for your Amazon account until you delete them, they aren't posted to the general Alexa Skills score, so strangers will not have access to your couple's trivia game that's personalized for you, your spouse, and your best coupled friends.

An anonymous reader quotes a report from Ars Technica: Tesla has an Autopilot problem, and it goes far beyond the fallout from last month's deadly crash in Mountain View, California. Tesla charges $5,000 for Autopilot's lane-keeping and advanced cruise control features. On top of that, customers can pay $3,000 for what Tesla describes as "Full Self-Driving Capability." "All you will need to do is get in and tell your car where to go," Tesla's ordering page says. "Your Tesla will figure out the optimal route, navigate urban streets (even without lane markings), manage complex intersections with traffic lights, stop signs and roundabouts, and handle densely packed freeways with cars moving at high speed." None of these "full self-driving" capabilities are available yet. "Self-Driving functionality is dependent upon extensive software validation and regulatory approval, which may vary widely by jurisdiction," the page says. "It is not possible to know exactly when each element of the functionality described above will be available, as this is highly dependent on local regulatory approval."

But the big reason full self-driving isn't available yet has nothing to do with "regulatory approval." The problem is that Tesla hasn't created the technology yet. Indeed, the company could be years away from completing work on it, and some experts doubt it will ever be possible to achieve full self-driving capabilities with the hardware installed on today's Tesla vehicles. "It's a vastly more difficult problem than most people realize," said Sam Abuelsamid, an analyst at Navigant Research and a former auto industry engineer. Tesla has a history of pre-selling products based on optimistic delivery schedules. This approach has served the company pretty well in the past, as customers ultimately loved their cars once they ultimately showed up. But that strategy could backfire hugely when it comes to Autopilot.

An anonymous reader quotes a report from The Mercury News: With the FCC order to repeal net neutrality rules set to take effect next week, a bill that would restore those regulations in California will get its first hearing Tuesday (Warning: source may be paywalled; alternative source). SB 822, written by State Sen. Scott D. Wiener, D-San Francisco, is backed by big names including Tom Wheeler, the Obama-appointed former Federal Communications Commission chairman who wrote the 2015 Open Internet Order. Wheeler is joined by former FCC commissioners Michael Copps and Gloria Tristani in advocating for SB 822, which would in some ways be stronger than the net neutrality rules put in place under President Obama's administration after more than a decade of legal and political wrangling. Those rules required equal treatment of all internet traffic, and prohibited the establishment of internet slow and fast lanes. Wiener's bill would also prohibit "zero rating," in which internet providers exempt certain content, sites and services from data caps. In addition, it would prohibit public agencies in the state from signing contracts with ISPs that violate net neutrality principles, and call for internet service providers to be transparent about their practices and offerings.

An anonymous reader quotes the Wichita Eagle: Tyler Barriss -- the man charged in a swatting hoax that led to the death of an innocent Wichita man -- apparently got access to the internet from jail for at least 28 minutes [last] Friday and threatened to swat again. "How am I on the Internet if I'm in jail? Oh, because I'm an eGod, that's how," a tweet posted at 9:05 a.m. said.
Other developments in the case:

• Another tweet from the Barriss account 19 minutes later asked who was "talking shit," warning "your ass is about to get swatted." And nine minutes later his final tweet from jail bragged, "Y'all should see how much swag I got in here." The county sheriff's office blamed an outside vendor's improper software upgrade to an inmate kiosk, arguing that 14 inmates potentially had full internet access "for less than a few hours."

• 25-year-old Barris is still in jail facing an 11-year prison sentence, noted a Twitter user who responded to the tweets. "This will play well at sentencing when you're pretending to be remorseful and asking the judge for mercy."

• Meanwhile, the Wichita police officer who mistakenly fired the fatal shot that killed a 28-year-old father of two will not face charges. The district attorney concluded that several of the officers closest to victim Andrew Finch thought he reached down to pull up his pants, leaving his right arm hidden from the officers, the Wichita Eagle reports. "The officer who fired the shot, along with some others, thought Finch was reaching for a gun."

• "This shooting should not have happened," said the district attorney. "But this officer's decision was made in the context of the false call." Finch was shot 10 seconds after opening his front door, and his family's civil case against the police department is still going forward.

• Two other gamers involved in the shooting -- including one who allegedly hired Barriss over a $1.50 bet in the game Call of Duty -- have not been charged with a crime.

In an April 10 report for biotech clients, Goldman Sachs analysts noted that one-shot cures for diseases are not great for business as they're bad for longterm profits. The investment banks' report, titled "The Genome Revolution," asks clients: "Is curing patients a sustainable business model?" The answer may be "no," according to follow-up information provided. Slashdot reader tomhath shares the report from Ars Technica: Analyst Salveen Richter and colleagues laid it out: "The potential to deliver 'one shot cures' is one of the most attractive aspects of gene therapy, genetically engineered cell therapy, and gene editing. However, such treatments offer a very different outlook with regard to recurring revenue versus chronic therapies... While this proposition carries tremendous value for patients and society, it could represent a challenge for genome medicine developers looking for sustained cash flow."

For a real-world example, they pointed to Gilead Sciences, which markets treatments for hepatitis C that have cure rates exceeding 90 percent. In 2015, the company's hepatitis C treatment sales peaked at $12.5 billion. But as more people were cured and there were fewer infected individuals to spread the disease, sales began to languish. Goldman Sachs analysts estimate that the treatments will bring in less than $4 billion this year. [Gilead]'s rapid rise and fall of its hepatitis C franchise highlights one of the dynamics of an effective drug that permanently cures a disease, resulting in a gradual exhaustion of the prevalent pool of patients," the analysts wrote. The report noted that diseases such as common cancers -- where the "incident pool remains stable" -- are less risky for business.

An anonymous reader quotes a report from Ars Technica: Google researchers have developed a deep-learning system designed to help computers better identify and isolate individual voices within a noisy environment. As noted in a post on the company's Google Research Blog this week, a team within the tech giant attempted to replicate the cocktail party effect, or the human brain's ability to focus on one source of audio while filtering out others -- just as you would while talking to a friend at a party. Google's method uses an audio-visual model, so it is primarily focused on isolating voices in videos. The company posted a number of YouTube videos showing the tech in action.

The company says this tech works on videos with a single audio track and can isolate voices in a video algorithmically, depending on who's talking, or by having a user manually select the face of the person whose voice they want to hear. Google says the visual component here is key, as the tech watches for when a person's mouth is moving to better identify which voices to focus on at a given point and to create more accurate individual speech tracks for the length of a video. According to the blog post, the researchers developed this model by gathering 100,000 videos of "lectures and talks" on YouTube, extracting nearly 2,000 hours worth of segments from those videos featuring unobstructed speech, then mixing that audio to create a "synthetic cocktail party" with artificial background noise added. Google then trained the tech to split that mixed audio by reading the "face thumbnails" of people speaking in each video frame and a spectrogram of that video's soundtrack. The system is able to sort out which audio source belongs to which face at a given time and create separate speech tracks for each speaker. Whew.

Jonathan M. Gitlin from Ars Technica reviews a new navigation app called Live Roads, which promises 1.5m-accuracy via your current smartphone without the need of any extra hardware. In a nutshell, the app provides more accurate mapping/navigation than what's currently available via Google Maps or Apple Maps, but it's still not quite as accurate as a true "HD map." HD maps are accurate to within a centimeter or two and are usually made by a combination of traditional surveying and lidar scanning. Here's an excerpt from the report: A few weeks after talking with the company, I was delivered a Samsung S7 loaded with Live Roads. I'll be honest: I'm not that familiar with Android, and this isn't really a review of the app. I used it enough to check that it does what it claims, but I didn't use it as my sole method of navigation. However, this brief bit of user-testing did let me check out the claims in that email. I don't think I'd equate the app with the HD maps that autonomous vehicles will need. For one thing it's readable by a human being; for another it's not quite that accurate. But the spatial resolution was indeed better than it should be on a consumer phone, and Live Roads was able to locate me down to a specific lane on a multi-lane road. Various navigation apps give you lane-specific instructions -- for instance, telling you to stay in the middle two lanes if you're approaching a complicated intersection. Where Live Roads differs is that it can also tell which lane you're actually in. Whether this is enough of a feature to build a business model around is an open question; I'm quite happy using Google Maps on iOS, with occasional forays into Waze (running in the background to warn of speed traps) and Apple Maps (if I'm driving something with CarPlay and the infotainment's built-in navigation sucks).

But it left me wondering: how does it work? Paul Konieczny, CEO of Live Roads, gave me an explanation -- up to a point. "Primarily it is based around sensor fusion and certain probabilistic models -- we call it the Black Box," he said. "The current release of the app that is available in the Play Store has an earlier revision of our Black Box. This initial version is missing some of the functionality of the full-fledged system and thus has a spatial resolution of ~2.5m. This compares favorably to standard GPS that has a resolution of 4.0 m+." By summer, Konieczny hopes that the system will be fully operational and that accuracy will be down to under 1.5m. Assuming a large enough user base, that should let it offer lane-specific traffic data, "as well as introducing an entire ecosystem of 3D objects that users will be able to interact with," he told me.

Steam Spy, the world's most comprehensive game ownership and play estimator available to the public, announced that it "won't be able to operate anymore" thanks to recent changes to Valve's privacy policy. "Valve just made a change to their privacy settings, making games owned by Steam users hidden by default," the site's operators announced on its official Twitter account. "Steam Spy relied on this information being visible by default." The creator of the website, Sergey Galyonkin, suggested that the site will only remain as an "archive" from here on out. Ars Technica reports: Indeed, Steam's new private-by-default setting is the kind of proactive, data-protective move that sites like Facebook have faced repeated scrutiny about over the past decade. However, as of press time, we could not confirm exactly how these updated settings will work, thanks to the service's "edit privacy settings" page currently appearing blank. (This can be found in the Steam interface by selecting the word "profile" under the menu that appears when mousing over your username.)

Valve pointed out that Steam will also receive a long, long, long-awaited "invisible" function for Steam's online-status toggle, which will allow players to actively communicate with Steam friends while hiding from the general public, and that it will also specifically let players hide both game ownership and gameplay time counts from friends. The company explained that Tuesday's changes came "directly from user feedback," which Steam Spy founder Sergey Galyonkin questioned via his site's Twitter feed: "They said it was by users feedback which makes me as a person born in the Soviet Union very suspicious :)" After Epic Games founder Tim Sweeney applauded Valve's privacy-minded policy change, Galyonkin responded with his own opinion on why so much data was open on Steam in the first place: "This was always a compromise between being able to play with other people and privacy," he wrote in response. "It seems they moved towards privacy now."

An anonymous reader quotes a report from Ars Technica: Extremely hot peppers don't just blister your mouth and bum -- they can also spark fiery havoc in your brain, according to a report published Monday in BMJ Case Reports. An otherwise healthy 34-year-old man developed a blood-flow disorder in his brain and suffered several debilitating "thunderclap" headaches after entering a hot pepper eating contest, U.S. doctors reported. The man had managed to get down a Carolina Reaper pepper, which in 2013 earned the title of the world's hottest chili by Guinness World Records.

The searing pepper didn't sit well in the chili-eating contestant. Immediately after slaying a Reaper, the man began dry heaving and developed pain in his neck and the back of his skull. That morphed into a diffuse, painful headache. Over the next few days, he experienced thunderclap headaches at least twice -- but likely more, he just couldn't recall exactly. Thunderclap headaches are severe, sudden, with quick pains that strike like a clap of thunder rumbling through your skull. They tend to peak within 60 seconds and can be accompanied by nausea, vomiting, altered mental state, seizures, and fever. Their stormy aches can be a sign of serious problems, like bleeding in the brain, a brain infection, or a cerebrospinal fluid leak. The pain was excruciating enough that the man went to the emergency room. But doctors didn't find any immediate problems with him to explain the episodes. He didn't have any slurred speech, loss of vision, neurological deficits, muscle weakness, or tingling. His blood pressure was a little high, but not extremely so, at 134/69 mmHg. Initial CT scans found no problems in his neck and head.

Democratic Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) today proposed a "privacy bill of rights" that would prevent Facebook and other websites from sharing or selling sensitive information without a customer's opt-in consent. The proposed law would protect customers' web browsing and application usage history, private messages, and any sensitive personal data such as financial and health information. Ars Technica reports: Markey teamed with Sen. Richard Blumenthal (D-Conn.) to propose the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act. You can read the full legislation here. "Edge providers" refers to websites and other online services that distribute content over consumer broadband networks. Facebook and Google are the dominant edge providers when it comes to advertising and the use of customer data to serve targeted ads. No current law requires edge providers to seek customers' permission before using their browsing histories to serve personalized ads. The online advertising industry uses self-regulatory mechanisms in which websites let visitors opt out of personalized advertising based on browsing history, and websites can be punished by the Federal Trade Commission (FTC) if they break their privacy promises.

The Markey/Blumenthal bill's stricter opt-in standard would require edge providers to "obtain opt-in consent from a customer to use, share, or sell the sensitive customer proprietary information of the customer." Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service. The FTC and state attorneys general would be empowered to enforce the new opt-in requirements. The bill would require edge providers to notify users about all collection, use, and sharing of their information. The bill also requires edge providers "to develop reasonable data security practices" and to notify customers about data breaches that affect them.

An anonymous reader quotes a report from Ars Technica: A website that hosts customer reviews of sex workers has started blocking Internet users in the United States because of forthcoming changes in U.S. law. Congress recently passed the Stop Enabling Sex Traffickers Act bill (SESTA), and President Trump is expected to sign it into law. SESTA will make it easier to prosecute websites that host third-party content that promotes or facilitates prostitution, even in cases when the sex workers aren't victims of trafficking. After Congress approved the bill, Craigslist removed its "Personals" section and Reddit removed some sex-related subreddits. The Erotic Review (TER) has followed suit by blocking any user who appears to be visiting the website from the United States.

"As a result of this new law, TER has made the difficult decision to block access to the website from the United States until such time as the courts have enjoined enforcement of the law, the law has been repealed or amended, or TER has found a way to sufficiently address any legal concerns created by the new law," the website's home page says in a notice to anyone who accesses the site from a US location. The Erotic Review explained in an FAQ why it blocked US-based users even before SESTA takes effect. (The bill is also known as the Allow States and Victims to Fight Online Sex Trafficking Act, or FOSTA.) "TER has always operated within the law, and it takes SESTA seriously," the FAQ says. "Because we do not know when SESTA will be signed into law, TER wants to be certain that it is in compliance with the statute the moment it becomes effective." TER can still be accessed outside the U.S., and U.S.-based users can still access the site via a VPN service. "Non-U.S. are asked to agree to a disclaimer, which requires users to agree to 'report suspected exploitation of minors and/or human trafficking' and that they 'will not access TER from a Prohibited Country,'" reports Ars.

Apple cofounder Steve Wozniak has formally deactivated his Facebook account. In an email interview with USA Today, Wozniak wrote that he was no longer satisfied with Facebook, knowing that it makes money off of user data. "The profits are all based on the user's info, but the users get none of the profits back," he wrote. "Apple makes its money off of good products, not off of you. As they say, with Facebook, you are the product." Ars Technica reports: His Sunday announcement to his Facebook followers came just ahead of Facebook CEO Mark Zuckerberg's scheduled testimony before Congress on Tuesday. The CEO is also reportedly set to meet with members of Congress privately on Monday. Wozniak wrote that Facebook had "brought me more negatives than positives." Still, when Wozniak tried to change some of his privacy settings in the aftermath of Cambridge Analytica, he said he was "surprised" to find out how many categories for ads he had to remove. "I did not feel that this is what people want done to them," added Wozniak. "Ads and spam are bad things these days and there are no controls over them. Or transparency."

An anonymous reader quotes a report from Ars Technica: Hot-air dryers suck in bacteria and hardy bacterial spores loitering in the bathroom -- perhaps launched into the air by whooshing toilet flushes -- and fire them directly at your freshly cleaned hands, according to a study published in the April issue of Applied and Environmental Microbiology. The authors of the study, led by researchers at the University of Connecticut, found that adding HEPA filters to the dryers can reduce germ-spewing four-fold. However, the data hints that places like infectious disease research facilities and healthcare settings may just want to ditch the dryers and turn to trusty towels. Indeed, in the wake of the blustery study -- which took place in research facility bathrooms around UConn -- "paper towel dispensers have recently been added to all 36 bathrooms in basic science research areas in the UConn School of Medicine surveyed in the current study," the authors note. The researchers speculated that "one reason hand dryers may disperse so many bacteria is the large amount of air that passes through hand dryers, 19,000 linear feet/min at the nozzle. The convection generated by high airflow below the hand dryer nozzles could also draw in room air."

An anonymous reader writes: Within the past week, two Tesla crashes have been reported while Autopilot was engaged, and both involved a Tesla vehicle slamming into a highway divider. One of the crashes resulted in the death of Walter Huang, a Tesla customer with a Model X. The other crash resulted in minor injuries to the driver, thanks largely to a working highway safety barrier in front of the concrete divider. Ars Technica reports on the growing evidence that Tesla's Autopilot handles lane dividers poorly: "The September crash isn't the only evidence that has emerged that Tesla's Autopilot feature doesn't deal well with highway lane dividers. At least two people have uploaded videos to YouTube showing their Tesla vehicles steering toward concrete barriers. One driver grabbed the wheel to prevent a collision, while the other slammed on the brakes. Tesla argues that this issue doesn't necessarily mean that Autopilot is unsafe. 'Autopilot is intended for use only with a fully attentive driver,' a Tesla spokesperson told KGO-TV. Tesla argues that Autopilot can't prevent all accidents but that it makes accidents less likely. There's some data to back this up. A 2017 study by the National Highway Transportation Safety Administration (NHTSA) found that the rate of accidents dropped by 40 percent after the introduction of Autopilot. And Tesla argues that Autopilot-equipped Tesla cars have gone 320 million miles per fatality, much better than the 86 million miles for the average car. These figures don't necessarily settle the debate. That NHTSA figure doesn't break down the severity of crashes -- it's possible that Autopilot prevents relatively minor crashes but is less effective at preventing the most serious crashes. And as some Ars commenters have pointed out, luxury cars generally have fewer fatalities than the average vehicle. So it's possible that Tesla cars' low crash rates have more to do with its wealthy customer base than its Autopilot technology. What we can say, at a minimum, is that there's little evidence that Autopilot makes Tesla drivers less safe. And we can expect Tesla to steadily improve the car's capabilities over time."

A video game industry lobby group is joining the lawsuit that seeks to reinstate net neutrality rules in the US, saying that the net neutrality repeal could harm multiplayer online games that require robust Internet connections. From a report: The Entertainment Software Association (ESA) yesterday filed a motion for leave to intervene so that it can support the case against the Federal Communications Commission. The lawsuit, filed by a mix of Democratic state attorneys general, tech companies such as Mozilla, and consumer advocacy groups, seeks to reverse the FCC's December 2017 vote to eliminate net neutrality rules. The ESA said its members will be harmed by the repeal "because the FCC's Order permits ISPs to take actions that could jeopardize the fast, reliable, and low-latency connections that are critical to the video game industry."

An anonymous reader quotes a report from Ars Technica: CenturyLink is trying to force customers into arbitration in order to avoid a class-action lawsuit from subscribers who say they've been charged for services they didn't order. To do so, CenturyLink has come up with a surprising argument -- the company says it doesn't have any customers. While the customers sued CenturyLink itself, the company says the customers weren't actually customers of CenturyLink. Instead, CenturyLink says they were customers of 10 subsidiaries spread through the country. CenturyLink basically doesn't exist as a service provider -- according to a brief CenturyLink filed Monday.

"That sole defendant, CenturyLink, Inc., is a parent holding company that has no customers, provides no services, and engaged in none of the acts or transactions about which Plaintiffs complain," CenturyLink wrote. "There is no valid basis for Defendant to be a party in this Proceeding: Plaintiffs contracted with the Operating Companies to purchase, use, and pay for the services at issue, not with CenturyLink, Inc." CenturyLink says those operating companies should be able to intervene in the case and "enforce class-action waivers," which would force the customers to pursue their claims via arbitration instead of in a class-action lawsuit. By suing CenturyLink instead of the subsidiaries, "it may be that Plaintiffs are hoping to avoid the arbitration and class-action waiver provisions," CenturyLink wrote.

According to a report from The Economic Times, Google is developing a new mid-range Pixel smartphone. "The paper claims that 'Google's top brass shared details of its consumer products expansion plans in trade meetings held in Malaysia, the UK, and the U.S. last month." The story cites "four senior industry executives" that were present at the talks. Ars Technica reports: The Economic Times pegs "around July-August" for the launch date of this mid-range device, which the publication says will have a focus on "price-sensitive markets such as India." The phone would be part of Google Hardware's first push into India, which would involve bringing the Pixelbook, Google Home, and Google Home Mini to the country. The Indian paper did not say if the phone would launch in other countries, but it did say the phone would be launched in addition to the regular Pixel 3 flagship, which the report says is still due around October. It's good to hear Google is considering expanding the Pixel line to more countries (even if it's just one more country) as distribution is currently one of Google Hardware's biggest weak points. The Pixel 2 XL is only available in eight countries; by comparison, the Samsung Galaxy S9 is sold in 110 countries. If Google really wants to compete in the smartphone market, it will have to do a lot better than selling in eight countries.

An anonymous reader quotes a report from Ars Technica: Democratic senators yesterday asked Ajit Pai to abandon a proposal that the senators say would take subsidized broadband plans away from "millions of Americans." The Federal Communications Commission chairman's plan for the Lifeline subsidy program would force most users of the program to find new providers. But such users could have trouble finding replacement plans or similar prices because Pai's proposal would prevent all telecom resellers from offering Lifeline-subsidized service. "Your proposal impacts over 70 percent of current Lifeline-recipient households by eliminating their wireless providers from the program, leaving less affordable and fewer Lifeline options, while making it more difficult for the companies trying to serve Lifeline customers," Senate Democrats wrote in the letter to Pai yesterday. "Instead of cutting the program, we should ensure Lifeline reaches more Americans in need of access to communication services." The letter was written by Sens. Kamala Harris (D-Calif.), Jeff Merkley (D-Ore.), Bernie Sanders (I-Vt.), Kirsten Gillibrand (D-NY), Edward Markey (D-Mass.), Ron Wyden (D-Ore.), Richard Blumenthal (D-Conn.), Elizabeth Warren (D-Mass.), Dick Durbin (D-Ill.), and Cory Booker (D-NJ).

Coral Davenport and Hiroko Tabuchi, reporting for The New York Times: The Trump administration is expected to launch an effort in coming days to weaken greenhouse gas emissions and fuel economy standards for automobiles, handing a victory to car manufacturers and giving them ammunition to potentially roll back industry standards worldwide. The move -- which undercuts one of President Barack Obama's signature efforts to fight climate change -- would also propel the Trump administration toward a courtroom clash with California, which has vowed to stick with the stricter rules even if Washington rolls back federal standards. That fight could end up creating one set of rules for cars sold in California and the 12 states that follow its lead, and weaker rules for the rest of the states, in effect splitting the nation into two markets.

Scott Pruitt, the head of the Environmental Protection Agency, is expected to frame the initiative as eliminating a regulatory burden on automakers that will result in more affordable trucks, vans and sport utility vehicles for buyers, according to people familiar with the plan. An E.P.A. spokeswoman confirmed that Mr. Pruitt had sent a draft of the 16-page plan to the White House for approval. Further reading: EPA to its employees: Ignore science when talking about climate change (ArsTechnica)

schwit1 shares a report from Ars Technica, offering an up-close look at the Parker Solar Probe: This summer, NASA will launch the Parker Solar Probe, an impressively heat-resistant spacecraft destined to glide closer to the surface of the Sun than any spacecraft before it. It will fly within about 6 million kilometers of the searing surface, more than seven times closer than earlier craft. If all goes to plan, the craft will be hurtling at 724,205 km per hour and have its one-of-a-kind heat shield perfectly facing the surface as it makes those closest approaches. In about seven years, it will complete 24 orbits around the Sun and pass by Venus seven times. All the while, the Parker probe will collect a constellation of data to help answer scientists' burning questions -- and solve some sizzling mysteries -- about the orb of hot plasma that lights up our Solar System. Namely, it will try to help us finally understand why the Sun's atmosphere is 300 times hotter than its surface, which itself is a balmy 5,727C. This fact defies basic physics and to this day is unexplained. One of the leading hypotheses to account for the heat shift comes from famed physicist Eugene Parker, after whom the probe is named. In the mid-1950s, Parker theorized that the Sun's super-heated corona could be explained by a complex system of plasma, magnetic fields, and energetic particles that spark solar explosions called "nanoflares." Scientists are thirsty for close-up data on those potential explosions as well as the cascade of energy called solar wind. With that data, they can put their hypotheses to the test. And in addition to helping us understand coronal heat, data on these sunny phenomena could help clear up poorly understood space weather, which can wreak havoc on satellites and power lines here on Earth.

An anonymous reader quotes a report from Ars Technica: Comcast would support a ban on paid prioritization as long as there is an exception for "specialized services" that benefit consumers, a company executive said this week. Comcast Senior Executive VP David Cohen, who is generally the public face in Comcast's dealings with government policymakers, spoke about paid prioritization at the Free State Foundation's Telecom Policy Conference on Tuesday. (Video available on C-SPAN's website; the segment begins at 2:20.) "How about if we agree to a prohibition on paid prioritization and we have a limited exception created in some way for this concept of specialized services," Cohen said.

Cohen's suggestion of a paid-prioritization ban with an exception for specialized services is similar to an early version of net neutrality rules that was passed in 2010 but thrown out in court in 2014. (The FCC was able to impose stricter net neutrality rules in 2015; that's the set of rules that is being thrown out by the current FCC.) The FCC in 2010 said that specialized services may share capacity with broadband networks but wouldn't be the same as regular broadband. There has never been a great definition of the term, but the 2010 FCC said that broadband providers' facilities-based VoIP and Internet Protocol-video offerings would be included. These services "differ from broadband Internet access service and may drive additional private investment in broadband networks and provide end users valued services, supplementing the benefits of the open Internet," the FCC said at the time. Under the 2010 rules, ISPs could have charged other companies for the right to offer specialized services over broadband networks. Cohen didn't say exactly what types of future services should be covered by an exemption for specialized services. But the services may come along soon enough, he said. "There is a recognition that something might come along that is not anti-competitive, that is pro-consumer, that is a specialized service available not to every user of the Internet, [and] that would be in consumers' interests and in the public interest," Cohen said.

It appears that Uber won't go to court to settle a lawsuit after one of its self-driving cars killed a woman in Tempe, Arizona earlier this month. An anonymous Slashdot reader shares a report from Ars Technica: Uber has reached a settlement with the family of the woman killed by an Uber self-driving car. Uber reached the settlement with the daughter and husband of Elaine Herzberg, who died at age 49 after being hit by the Uber vehicle in Tempe, Arizona. The settlement presumably includes a cash payment, but no details were provided by either Uber or the family's attorney. "The matter has been resolved," said Christina Perez Hesano, an attorney for Herzberg's family, according to reports by Reuters and NPR.

An anonymous reader quotes a report from Ars Technica: Apple CEO Tim Cook said in an interview with MSNBC and Recode on Wednesday that Silicon Valley, and notably Facebook, should be far more careful with its customers' data in the wake of the Cambridge Analytica disclosures. "I think the best regulation is no regulation, is self-regulation," he said, according to Recode. "However, I think we're beyond that here." Cook reiterated points that he and former CEO Steve Jobs made previously, that Apple's business model -- unlike Google, Facebook, and many other tech companies -- is predicated on selling physical products rather than capturing data about customers. "We've never believed that these detailed profiles of people that have incredibly deep personal information that is patched together from several sources should exist," he said, according to The Wall Street Journal. "The truth is, we could make a ton of money if we monetized our customer -- if our customer was our product," he added. "We've elected not to do that."

wiredmikey writes: Researchers have discovered a new side-channel attack method dubbed "BranchScope" that can be launched against devices with Intel processors. The attack has been identified and demonstrated by a team of researchers, and similar to Meltdown and Spectre, can be exploited by an attacker to obtain potentially sensitive information they normally would not be able to access directly. The attacker needs to have access to the targeted system and they must be able to execute arbitrary code.

Researchers believe the requirements for such an attack are realistic, making it a serious threat to modern computers, "on par with other side-channel attacks." The BranchScope attack has been demonstrated on devices with three types of Intel i5 and i7 CPUs based on Skylake, Haswell and Sandy Bridge microarchitectures. Further reading: As predicted, more branch prediction processor attacks are discovered (ArsTechnica).

An anonymous reader quotes a report from Ars Technica: A lobby group that represents AT&T, Verizon, and other telcos plans to sue states and cities that try to enforce net neutrality rules. USTelecom, the lobby group, made its intentions clear yesterday in a blog post titled, "All Americans Deserve Equal Rights Online." "Broadband providers have worked hard over the past 20 years to deploy ever more sophisticated, faster and higher-capacity networks, and uphold net neutrality protections for all," USTelecom CEO Jonathan Spalter wrote. "To continue this important work, there is no question we will aggressively challenge state or municipal attempts to fracture the federal regulatory structure that made all this progress possible." The USTelecom board of directors includes AT&T, Verizon, Frontier, CenturyLink, Windstream, and other telcos. The group's membership "ranges from the nation's largest telecom companies to small rural cooperatives."

After failing to meet an expectation that it would prioritize public safety as it tested its self-driving technology, Uber has been ordered to take its self-driving cars off Arizona roads (Warning: source may be paywalled; alternative source). "The incident that took place on March 18 is an unquestionable failure to comply with this expectation," Gov. Doug Ducey of Arizona wrote in a letter sent to Dara Khosrowshahi, Uber's chief executive. "Arizona must take action now." The New York Times reports: Uber had already suspended all testing of its cars in Arizona, San Francisco, Pittsburgh and Toronto. "We proactively suspended self-driving operations in all cities immediately following the tragic incident last week. We continue to help investigators in any way we can, and we'll keep a dialogue open with the governor's office to address any concerns they have," said Matt Kallman, an Uber spokesman. The rebuke from the governor is a reversal from what has been an open-arms policy by the state, heralding its lack of regulation as an asset to lure autonomous vehicle testing -- and tech jobs. Waymo, the self-driving car company spun out from Google, and General Motors-owned Cruise are also testing cars in the state. Mr. Ducey said he was troubled by a video released from the Tempe Police Department that seemed to show that neither the Uber safety driver nor the autonomous vehicle detected the presence of a pedestrian in the road in the moments before the crash.

Google logins on unlicensed devices will now fail at setup, and a warning message will pop up stating "Device is not certified by Google," reports Ars Technica. "This warning screen has appeared on and off in the past during a test phase, but XDA (and user reports) indicate it is now headed for a wider rollout." From the report: While the basic operating system code contained in the Android Open Source Project is free and open source, Google's apps that run on top of Android (like the Play Store, Gmail, Google Maps, etc.) and many others are not free. Google licenses these apps to device makers under a number of terms designed to give Google control over how the OS is used. Google's collection of default Android apps must all be bundled together, there are placement and default service requirements, and devices must pass an ever-growing list of compatibility requirements to ensure app compatibility. Android distributions that don't pass Google's compatibility requirements aren't allowed to be called "Android" (which is a registered trademark of Google), so they are Android forks. The most high-profile example of an Android fork is Amazon's Kindle Fire line of products, but most devices that ship in China (where Google doesn't do much business) fall under the umbrella of an "Android fork," too.

While Google's Android apps are only properly available as a pre-loaded app (or through the pre-loaded Play Store), they are openly distributed on forums, custom ROM sites, third-party app stores, and other places online. When a non-compatible device seller (or a user) loads these on a device, they can potentially trigger Google's new message at login. The message pops up when you try to log in to Google's services, which usually happens during the device setup. Users who purchased the device are warned that "the device manufacturer has preloaded Google apps and services without certification from Google," and users aren't given many options other than to complain to the manufacturer. At this point, logging in to Google services is blocked, and non-tech-savvy users will have to live without the Google apps. Users of custom Android ROMs -- which wipe out the stock software and load a modified version of Android -- will start seeing this message, too.

An anonymous reader quotes a report from Ars Technica: This past week, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received. This experience has been shared by a number of other Facebook users who spoke with Ars, as well as independently by us -- my own Facebook data archive, I found, contained call-log data for a certain Android device I used in 2015 and 2016, along with SMS and MMS message metadata. In response to an email inquiry about this data gathering by Ars, a Facebook spokesperson replied, "The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it's a widely used practice to begin by uploading your phone contacts." The spokesperson pointed out that contact uploading is optional and installation of the application explicitly requests permission to access contacts. And users can delete contact data from their profiles using a tool accessible via Web browser.

If you granted permission to read contacts during Facebook's installation on Android a few versions ago -- specifically before Android 4.1 (Jelly Bean) -- that permission also granted Facebook access to call and message logs by default. The permission structure was changed in the Android API in version 16. But Android applications could bypass this change if they were written to earlier versions of the API, so Facebook API could continue to gain access to call and SMS data by specifying an earlier Android SDK version. Google deprecated version 4.0 of the Android API in October 2017 -- the point at which the latest call metadata in Facebook user's data was found. Apple iOS has never allowed silent access to call data. You are able to have Facebook delete the data it collects from you, "but it's not clear if this deletes just contacts or if it also purges call and SMS metadata," reports Ars. Generally speaking, if you're concerned about privacy, you shouldn't share your contacts and call-log data with any mobile application.

The U.K.'s High Court will not send Lauri Love to face trial in the U.S. for hacking government computer systems. Instead they've issued a final refusal to overturn Love's successful appeal of his extradition, Ars Technica reports, "effectively ending the extradition effort permanently." Love was originally arrested in the UK in October of 2013 after using an automated scanner to locate servers within a large range of IP addresses for SQL injection and ColdFusion vulnerabilities and then breaching vulnerable systems and installing Web shells to give him remote administrative-level access. He allegedly managed to compromise servers belonging to the U.S. Missile Defense Agency, the U.S. Army, the Federal Reserve, NASA, and the Environmental Protection Agency. Love's attorneys fought the extradition on the grounds that Love -- who has been diagnosed with Asperger's Syndrome, severe depression, and antibiotic-resistant eczema -- would not get appropriate medical attention in a U.S. prison and would be at risk of suicide if he faced the potential 99-year prison term associated with the charges...

The U.S. had already essentially dropped efforts to extradite Love, but the ruling by the High Court now sets legal precedent that may bar future extraditions of British citizens on hacking charges. In a statement e-mailed to Ars, Naomi Colvin -- acting director of the Courage Foundation, an organization that has assisted Love in his extradition appeal -- said that as a result of the ruling, "there is now very little prospect of any British hacker ever finding themselves in the same position as Lauri Love or Gary McKinnon. Fifteen years of terrible public policy in which British hackers were left open to the vindictive instincts of US prosecutors have now been brought to an end."
Lauri Love told the site that with this ruling, "The era of the U.S. Department of Justice as world police is over."

Artem Tashkinov writes: Some time ago, Ars Technica ran a monumental article on beaming of consciousness in Star Trek and its implications, and more importantly, whether it's plausible to achieve that without killing a person in the process.

It seems possible in the Star Trek universe. However, currently physicists find the idea absurd and unreal because there's no way you can transport matter and its quantum state without first destroying it and then recreating it perfectly, due to Heisenberg's Uncertainty Principle. The biggest conundrum of all is the fact that pretty much everyone understands that consciousness is a physical state of the brain, which features continuity as its primary principle; yet it surely seems like copying the said state produces a new person altogether, which brings up the problem of consciousness becoming local to one's skull and inseparable from gray matter. This idea sounds a bit unscientific because it introduces the notion that there's something about our brain which cannot be described in terms of physics, almost like soul.

This also brings another very difficult question: how do we know if we are the same person when we wake up in the morning or after we were put under during general anesthesia? What are your thoughts on the topic?

An anonymous reader quotes a report from Ars Technica: In the wake of this week's passage of the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA) bill in both houses of Congress on Wednesday, Craigslist has removed its "Personals" section entirely, and Reddit has removed some related subreddits, likely out of fear of future lawsuits. FOSTA, which awaits the signature of President Donald Trump before becoming law, removes some portions of Section 230 of the Communications Decency Act. The landmark 1996 law shields website operators that host third-party content (such as commenters, for example) from civil liability. The new bill is aimed squarely at Backpage, a notorious website that continues to allow prostitution advertisements and has been under federal scrutiny for years. In a bizarre turn of events, the Department of Justice also warned the House in February 2018 that the bill "raises a serious constitutional concern," as it would apply retroactively -- a seeming violation of the Constitution's ex post facto clause. Congress passed it anyway. The Electronic Frontier Foundation wrote in a blog post: "It's easy to see the impact that this ramp-up in liability will have on online speech: facing the risk of ruinous litigation, online platforms will have little choice but to become much more restrictive in what sorts of discussion -- and what sorts of users -- they allow, censoring innocent people in the process."

The Falcon 9 rocket that launched last August reportedly ripped a temporary hole in the ionosphere due to its vertical launch, which Ars Technica notes as being rather unusual: Contrary to popular belief, most of the time when a rocket launches, it does not go straight up into outer space. Rather, shortly after launch, most rockets will begin to pitch over into the downrange direction, limiting gravity drag and stress on the vehicle. Often, by 80 or 100km, a rocket is traveling nearly parallel to the Earth's surface before releasing its payload into orbit. However, in August of last year, a SpaceX Falcon 9 rocket launch from California did not make such a pitch over maneuver. Rather, the Formosat-5 mission launched vertically and stayed that way for most of its ascent into space. The rocket could do this because the Taiwanese payload was light for the Falcon 9 rocket, weighing only 475kg and bound for an orbit 720km above the Earth's surface. As a result of this launch profile, the rocket maintained a nearly vertical trajectory all the way through much of the Earth's ionosphere, which ranges from about 60km above the planet to 1,000km up. In doing so, the Falcon 9 booster and its second stage created unique, circular shockwaves. The rocket launch also punched a temporary, 900-km-wide hole into the plasma of the ionosphere.

An anonymous reader quotes a report from Ars Technica: The city of Atlanta government has apparently become the victim of a ransomware attack. The city's official Twitter account announced that the city government "is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information." According to a report from Atlanta NBC affiliate WXIA, a city employee sent the station a screen shot of a ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems. Employees received emails from the city's information technology department instructing them to unplug their computers if they noticed anything suspicious. An internal email shared with WXIA said that the internal systems affected include the city's payroll application. "At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue," a city spokesperson told Ars. "We are confident that our team of technology professionals will be able to restore applications soon." The city's primary website remains online, and the city government will continue to post updates there, the spokesperson added.

An anonymous reader quotes a report from Ars Technica: A federal judge has revived a lawsuit that angry customers filed against AT&T over the company's throttling of unlimited mobile data plans. The decision comes two years after the same judge decided that customers could only have their complaints heard individually in arbitration instead of in a class-action lawsuit. The 2016 ruling in AT&T's favor was affirmed by a federal appeals court. But the customers subsequently filed a motion to reconsider the arbitration decision, saying that an April 2017 decision by the California Supreme Court "constitutes a change in law occurring after the Courts arbitration order," Judge Edward Chen of U.S. District Court for the Northern District of California said in the new ruling issued last week. The state Supreme Court "held that an arbitration agreement that waives the right to seek the statutory remedy of public injunctive relief in any forum is contrary to California public policy and therefore unenforceable," Chen wrote.

AT&T argued that the court shouldn't consider the new argument, saying that plaintiffs raised it too late. The plaintiffs could have made the same argument before the April 2017 Supreme Court ruling, since the ruling was based on California laws that "were enacted decades ago," according to AT&T. Chen was not persuaded, noting that "there had been no favorable court rulings" the plaintiffs could have cited earlier in the case. "The Court also finds that Plaintiffs acted with reasonable diligence once there was a ruling favorable to them," Chen wrote. As a result, the plaintiffs can now proceed with their case in U.S. District Court against AT&T. However, AT&T will appeal Chen's latest decision, presumably in the U.S. Court of Appeals for the Ninth Circuit.

A new document from the Port of Los Angeles indicates that the company is moving ahead with plans to build a "state-of-the-art" industrial manufacturing facility near Long Beach, about 20 miles south of its headquarters. It's possible that the facility may be used to manufacture the company's Big Falcon Rocket, or BFR vehicle, which is expected to measure 106 meters tall and nine meters wide. The Long Beach location makes sense since the BFR will be so large that it needs to be built near water where it can be transported. Ars Technica reports: The company seeks to use an 18-acre site at Berth 240 in the port "for the construction and operation of a facility to manufacture large commercial transportation vessels." Operations at the site would include "research and development of transportation vessels and would likely include general manufacturing procedures such as welding, composite curing, cleaning, painting, and assembly operations." Completed vessels would need to be transported by water due to their size, the document states, as a means to explain why the company needs a facility immediately adjacent to the water. The document also noted that the 10-year lease, with up to two 10-year renewals, would "accommodate recovery operations undertaken by Space Exploration Technologies to bring to shore vehicles returning from space that are retrieved by an autonomous drone ship offshore." This would be for first-stage recoveries of the Falcon 9 rocket and probably payload fairings as well.

An anonymous reader quotes a report from Ars Technica: The chief of the Tempe Police has told the San Francisco Chronicle that Uber is likely not responsible for the Sunday evening crash that killed 49-year-old pedestrian Elaine Herzberg. "I suspect preliminarily it appears that the Uber would likely not be at fault in this accident," said Chief Sylvia Moir. Herzberg was "pushing a bicycle laden with plastic shopping bags," according to the Chronicle's Carolyn Said, when she "abruptly walked from a center median into a lane of traffic." After viewing video captured by the Uber vehicle, Moir concluded that "it's very clear it would have been difficult to avoid this collision in any kind of mode (autonomous or human-driven) based on how she came from the shadows right into the roadway." Moir added that "it is dangerous to cross roadways in the evening hour when well-illuminated, managed crosswalks are available." The police said that the vehicle was traveling 38 miles per hour in a 35 mile-per-hour zone, according to the Chronicle -- though a Google Street View shot of the roadway taken last July shows a speed limit of 45 miles per hour along that stretch of road.

Last Wednesday, the New York State Public Service Commission (PSC) ruled that municipal power companies could charge higher electricity rates to cryptocurrency miners who try to benefit from the state's abundance of cheap hydroelectric power. Ars Technica reports: Over the years, Bitcoin's soaring price has drawn entrepreneurs to mining. Bitcoin mining enterprises have become massive endeavors, consuming megawatts of power on some grids. To minimize the cost of that considerable power draw, mining companies have tried to site their operations in towns with cheap electricity, both in the U.S. and around the world. In the U.S., regions with the cheapest energy tend to be small towns with hydroelectric power. But mining booms in small U.S. towns are not always met with approval. A group of 36 municipal power authorities in northern and western New York petitioned the PSC for permission to raise electricity rates for cryptocurrency miners because their excessive power use has been taxing very small local grids and causing rates to rise for other customers. The PSC responded on Wednesday that it would allow those local power companies to raise rates for cryptocurrency miners. The response noted that New York's local power companies, which are customer-owned and range in size from 1.5 MW to 122 MW, "acquire low-cost power, typically hydro, and distribute the power to customers at no profit." If a community consumes more than what has been acquired, cost increases are passed on to all customers. "In Plattsburgh, for example, monthly bills for average residential customers increased nearly $10 in January because of the two cryptocurrency companies operating there," the PSC document says. The city of Plattsburgh, New York has since imposed an 18-month moratorium on commercial cryptocurrency mining to "protect and enhance the city's natural, historic, cultural and electrical resources."

An anonymous reader quotes a report from Ars Technica: Federal judges have struck down an anti-robocall rule, saying that the Federal Communications Commission improperly treated every American who owns a smartphone as a potential robocaller. The FCC won't be appealing the court decision, as Chairman Ajit Pai opposed the rule changes when they were implemented by the commission's then-Democratic majority in 2015. Pai issued a statement praising the judges for the decision Friday, calling the now-vacated rule "yet another example of the prior FCC's disregard for the law and regulatory overreach." The FCC's 2015 decision said that a device meets the Telephone Consumer Protection Act (TCPA) definition of an "autodialer" if it can be modified to make robocalls, even if the smartphone user hasn't actually downloaded an autodialing app. That interpretation treats all smartphones as autodialers because any smartphone has the capability of downloading an autodialing app, judges ruled. Since any call made by an autodialer could violate anti-robocall rules, this led to a troubling conclusion: judges said that an unwanted call from a smartphone could violate anti-robocall rules even if the smartphone user hasn't downloaded an autodialing app.

"The Commission's understanding would appear to subject ordinary calls from any conventional smartphone to the Act's coverage, an unreasonably expansive interpretation of the statute," a three-judge panel of the U.S. Court of Appeals for the District of Columbia Circuit said in a unanimous ruling Friday. The ruling came in a case filed against the FCC by the Association of Credit and Collection Professionals, which says it represents "third-party collection agencies, law firms, asset buying companies, creditors, and vendor affiliates." Judges also invalidated an FCC rule that helped protect consumers from robocalls to reassigned phone numbers.