Slashdot Mirror

Reader AmiMoJo writes: Jibo was a "social robot" startup that burned through $76 million in venture capital and crowdfunding before having its assets were sold to SQN Venture Partners late last year. Earlier this week, reporter Dylan J Martin tweeted a video of a $899 Jibo robot bidding its owner farewell, announcing that the new owners of his servers were planning to killswitch it; the robot thanked him "very very much" for having it around, and asked that "someday, when robots are more advanced than today, and everyone has them in their homes, you can tell yours that I said 'hello.'" Then, the Jibo performed a melancholy dance.

Google acquired DeepMind for $500 million in 2014, and its AI programs later beat the world's best player in Go, as well as the top AI chess programs. But when its AlphaStar system beat two top Starcraft II players -- was it cheating?

Long-time Slashdot reader AmiMoJo quotes BoingBoing: It claimed the AI was limited to what human players can physically do, putting its achievement in the realm of strategic analysis rather than finger twitchery. But there's a problem: it was often tracked clicking with superhuman speed and efficiency.

Aleksi Pietikainen writes "It is deeply unsatisfying to have prominent members of this research project make claims of human-like mechanical limitations when the agent is very obviously breaking them and winning its games specifically because it is demonstrating superhuman execution."
"It wasn't an entirely fair fight," argues Ars Technica, noting the limitations DeepMind placed on its AI "seem to imply that AlphaStar could take 50 actions in a single second or 15 actions per second for three seconds." And in addition, "This API may allow the software to glean more information... " After playing back some of AlphaZero's back-to-back 5-0 victories over StarCraft pros, the company staged a final live match between AlphaStar and [top Starcraft II player Grzegorz "MaNa"] Komincz. This match used a new version of AlphaStar with an important new limitation: it was forced to use a camera view that tried to simulate the limitations of the human StarCraft interface. The new interface only allowed AlphaStar to see a small portion of the battlefield at once, and it could only issue orders to units that were in its current field of view....

We don't know exactly why Komincz won this game after losing the previous five. It doesn't seem like the limitation of the camera view directly explains AlphaStar's inability to respond effectively to the drop attack from the Warp Prism. But a reasonable conjecture is that the limitations of the camera view degraded AlphaStar's performance across the board, preventing it from producing units quite as effectively or managing its troops with quite the same deadly precision in the opening minutes.

Bird, an electric scooter rental company, sent a "Notice of Claimed Infringement" to news blog Boing Boing for reporting about people doing legal things that Bird does not like. EFF reports: Electric scooters have swamped a number of cities across the US, many of the scooters carelessly discarded in public spaces. Bird, though, has pioneered a new way to pollute the commons by sending a meritless takedown letter to a journalist covering the issue. The company cites the Digital Millennium Copyright Act and implies that even writing about the issue could be illegal. It's not.

Bird sent a "Notice of Claimed Infringement" over this article on Boing Boing, one of the Internet's leading sources of news and commentary. The article reports on the fact that large numbers of Bird scooters are winding up in impound lots, and that it's possible to lawfully purchase these scooters when cities auction them off, and then to lawfully modify those scooters so they work without the Bird app. The letter is necessarily vague about exactly how the post infringed any of Bird's rights, and with good reason: the post does no such thing, as we explain in a letter on behalf of Happy Mutants LLC, which owns and operates Boing Boing.

The post reports on lawful activity, nothing more. In fact, the First Amendment would have protected it even if reported on illegal conduct or advocated for people to break the law. (For instance, a person might lawfully advocate that an electric scooter startup should violate local parking ordinances. Hypothetically.) So, in a sense, it doesn't matter whether Bird is right or wrong when it claims that it's illegal to convert a Bird scooter to a personal scooter. Either way, Boing Boing was free to report on it.

AmiMoJo shares a report: Taylor Swift used facial recognition technology at her live performances so that technicians running the system could then check those face scans against a private database of her stalkers. There is now big demand for serious security at live events the size of a Taylor Swift concert. There have been so many bombings and mass shootings at music concerts over the past year to even remember without Googling. Fear of being killed at a music concert is something people factor in to the decision to buy tickets and go to live events. The demand for security is real.

AmiMoJo shares a report from Boing Boing: Researchers at Flinders University knocked out a gene known as RCAN1 in mice, hypothesizing that this would increase "non-shivering thermogenesis," which "expends calories as heat rather than storing them as fat" -- the mice were fed a high-calorie diet and did not gain weight. In particular, the modified mice did not store fat around their middles -- a phenomenon associated with many health risks, including cardiac problems -- and their resting muscles burned more calories.

[Vice News reports:] The study's authors point out that there's a time and place for RCAN1's role in preventing calories from being burned: namely, back when food was scarce and calories weren't so readily available. In the modern world of "caloric abundance," however, too much fat is being stored and real health problems are ensuing as a result. The researchers suggest that "These adaptive avenues of energy expenditure [such as RCAN1] may now contribute to the growing epidemic of obesity." "We looked at a variety of different diets with various time spans from eight weeks up to six months," said Damien, "and in every case we saw health improvements in the absence of the RCAN1 gene. "Mice on a high-fat diet that lacked this gene gained no weight."

AmiMoJo shares a report from Boing Boing: To enable "further research of information operations on Twitter," the company today published a dataset of tweets posted by known Russian and Iranian troll farms. "These large datasets comprise 3,841 accounts affiliated with the IRA, originating in Russia, and 770 other accounts, potentially originating in Iran," the blog post reads. "They include more than 10 million Tweets and more than 2 million images, GIFs, videos, and Periscope broadcasts, including the earliest on-Twitter activity from accounts connected with these campaigns, dating back to 2009." You can download the Russian and Iranian datasets here. The Russian dataset is comprised of 1.24GB of tweets and 300GB of media, while the Iranian dataset is comprised of 168MB of tweets and 65.7GB of media.

Yesterday, at a routine vote on regulations for self-driving cars, members of the European Peoples' Party voted down a clause that would protect a vehicle's telemetry so that it couldn't become someone's property. The clause affirmed that "data generated by autonomous transport are automatically generated and are by nature not creative, thus making copyright protection or the right on data-bases inapplicable." Boing Boing reports: This is data that we will need to evaluate the safety of autonomous vehicles, to fine-tune their performance, to ensure that they are working as the manufacturer claims -- data that will not be public domain (as copyright law dictates), but will instead be someone's exclusive purview, to release or withhold as they see fit. Who will own this data? It's unlikely that it will be the owners of the vehicles.

It's already the case that most auto manufacturers use license agreements and DRM to lock up your car so that you can't fix it yourself or take it to an independent service center. The aggregated data from millions of self-driving cars across the EU aren't just useful to public safety analysts, consumer rights advocates, security researchers and reviewers (who would benefit from this data living in the public domain) -- it is also a potential gold-mine for car manufacturers who could sell it to insurers, market researchers and other deep-pocketed corporate interests who can profit by hiding that data from the public who generate it and who must share their cities and streets with high-speed killer robots.

AmiMoJo shares a report from Boing Boing: Josh Mitchell's Defcon presentation analyzes the security of five popular brands of police bodycams (Vievu, Patrol Eyes, Fire Cam, Digital Ally, and CeeSc) and reveals that they are universally terrible. All the devices use predictable network addresses that can be used to remotely sense and identify the cameras when they switch on. None of the devices use code-signing. Some of the devices can form ad-hoc Wi-Fi networks to bridge in other devices, but they don't authenticate these sign-ons, so you can just connect with a laptop and start raiding the network for accessible filesystems and gank or alter videos, or just drop malware on them.

"It's been a year since Equifax doxed the nation of America through carelessness, deception and greed, lying about it and stalling while the problem got worse and worse," writes Cory Doctorow. Equifax's new CSO says they've spent over $200 million on security upgrades, in work being overseen by auditor from eight different states. An anonymous reader quotes Doctorow's response: This all sounds very good and all, but it's still monumentally unfair. The penalty for Equifax's recklessness should have been the corporate death penalty: charter revoked, company shut down, assets sold to competitors... The fact that Equifax's investors and execs kept all the money they made by risking all America with shoddy security, and that no one went to jail for a monumental act of corporate recklessness, is a moral hazard, virtually guaranteeing that Equifax's competitors will not take the care they owe to the people on whom they have amassed nonconsensual, potentially life-destroying dossiers.
Equifax's CEO and several top officials did leave the company, notes Government Technology -- but that's about it. Thus far, no financial punishment has been imposed on Equifax itself. Despite contentious hearings, no Congressional action has been taken. A few months later, the Consumer Financial Protection Bureau tabled action against the company. And while the Federal Trade Commission said it opened an investigation into the Equifax breach in September, the agency has since named as chief of its consumer protection division a lawyer who has represented Equifax. This past week, Equifax asked a federal judge to reject the claims from 46 banks and credit unions for payment of damages because of the massive data breach. The companies claimed that Equifax owes them for all the costs they incurred protecting data after the breach was revealed, costs that could easily run into many millions of dollars....

Equifax had revenue of $876.9 million during the second quarter of 2018, up 2 percent from the same quarter of last year, officials said.

Richard Stallman weighed in Friday on what he calls "massive commercial surveillance of individuals," saying that the two camps arguing about it "both miss the point." First there's the trustbusters who want to break Big Tech companies into smaller firms too small to eliminate their competition or exert undue influences on regulators. Then there's those who urge carefully-calibrated regulations to ensure tech companies always act in a way that's good for society.

RMS writes: By arguing about whether to divide up the power that this data gives to businesses, or to regulate the use of it (perhaps nationalizing it), they miss the point that both alternatives destroy our privacy and give the state a perfect basis for repression.

The danger is to collect that data at all.

More generally, I think the idea of taxing companies for the magnitude of harm that they do (regardless of whether they broke any rules to do it) is a good one.

An anonymous reader quotes a report from Ars Technica: In the wake of this week's passage of the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA) bill in both houses of Congress on Wednesday, Craigslist has removed its "Personals" section entirely, and Reddit has removed some related subreddits, likely out of fear of future lawsuits. FOSTA, which awaits the signature of President Donald Trump before becoming law, removes some portions of Section 230 of the Communications Decency Act. The landmark 1996 law shields website operators that host third-party content (such as commenters, for example) from civil liability. The new bill is aimed squarely at Backpage, a notorious website that continues to allow prostitution advertisements and has been under federal scrutiny for years. In a bizarre turn of events, the Department of Justice also warned the House in February 2018 that the bill "raises a serious constitutional concern," as it would apply retroactively -- a seeming violation of the Constitution's ex post facto clause. Congress passed it anyway. The Electronic Frontier Foundation wrote in a blog post: "It's easy to see the impact that this ramp-up in liability will have on online speech: facing the risk of ruinous litigation, online platforms will have little choice but to become much more restrictive in what sorts of discussion -- and what sorts of users -- they allow, censoring innocent people in the process."

Cory Doctorow writes: Millions of new cars sold in the US and Europe are "connected," having some mechanism for exchanging data with their manufacturers after the cars are sold; these cars stream or batch-upload location data and other telemetry to their manufacturers, who argue that they are allowed to do virtually anything they want with this data, thanks to the "explicit consent" of the car owners -- who signed a lengthy contract at purchase time that contained a vague and misleading clause deep in its fine-print.
Slashdot reader Luthair adds that "OnStar infamously has done this for some time, even if the vehicle's owner was not a subscriber of their services." But now 78 million cars have an embedded cyber connection, according to one report, with analysts predicting 98% of new cars will be "connected" by 2021. The Washington Post calls it "Big Brother on Wheels."

"Carmakers have turned on a powerful spigot of precious personal data, often without owners' knowledge, transforming the automobile from a machine that helps us travel to a sophisticated computer on wheels that offers even more access to our personal habits and behaviors than smartphones do."

On the fifth anniversary of the death of Aaron Swartz, EFF activist Elliot Harmon posted a remembrance: When you look around the digital rights community, it's easy to find Aaron's fingerprints all over it. He and his organization Demand Progress worked closely with EFF to stop SOPA. Long before that, he played key roles in the development of RSS, RDF, and Creative Commons. He railed hard against the idea of government-funded scientific research being unavailable to the public, and his passion continues to motivate the open access community. Aaron inspired Lawrence Lessig to fight corruption in politics, eventually fueling Lessig's White House run... It's tempting to become pessimistic in the face of countless threats to free speech and privacy. But the story of the SOPA protests demonstrates that we can win in the face of seemingly insurmountable odds.
He shares a link to a video of Aaron's most inspiring talk, "How We Stopped SOPA," writing that "Aaron warned that SOPA wouldn't be the last time Hollywood attempted to use copyright law as an excuse to censor the Internet... 'The enemies of the freedom to connect have not disappeared... We won this fight because everyone made themselves the hero of their own story. Everyone took it as their job to save this crucial freedom. They threw themselves into it. They did whatever they could think of to do.'"

On the anniversary of Aaron's death, his brother Ben Swartz, an engineer at Twitch, wrote about his own efforts to effect change in ways that would've made Aaron proud, while Aaron's mother urged calls to Congress to continue pushing for reform to the Computer Fraud and Abuse Act.

And there were countless other remembrances on Twitter, including one fro Cory Doctorow, who tweeted a link to Lawrence Lessig's analysis of the prosecution. And Lessig himself marked the anniversary with several posts on Twitter. "None should rest," reads one, "for still, there is no peace."

An anonymous reader writes: A column on the Wall Street Journal argues that sexism in the tech industry is as old as the tech industry itself. At its genesis, computer programming faced a double stigma -- it was thought of as menial labor, like factory work, and it was feminized, a kind of "women's work" that wasn't considered intellectual (Editor's note: the link could be paywalled; alternative source). In the U.K., women in the government's low-paid "Machine Operator Class" performed knowledge work including programming systems for everything from tax collection and social services to code-breaking and scientific research. Later, they would be pushed out of the field, as government leaders in the postwar era held a then-common belief that women shouldn't be allowed into higher-paid professions with long-term prospects because they would leave as soon as they were married. Today, in the U.S., about a quarter of computing and mathematics jobs are held by women, and that proportion has been declining over the past 20 years. A string of recent events suggest the steps currently being taken by tech firms to address these issues are inadequate.

Bizzeh shared this report from the BBC: A mother has written a letter in defense of her 14-year-old son who is facing a lawsuit over video game cheats in the US. Caleb Rogers is one of two people facing legal action from gaming studio Epic Games for using cheat software to play the free game Fortnite. The studio says it has taken the step because the boy declined to remove a YouTube video he published which promoted how to use the software... "This company is in the process of attempting to sue a 14-year-old child," she wrote in the letter which has been shared online by the news site Torrentfreak.

Ms. Rogers added that she had not given her son parental consent to play the game as stated in its terms and conditions, and that as the game was free to play the studio could not claim loss of profit as a result of the cheats... In a statement given to the website Kotaku, Epic Games said the lawsuit was a result of Mr. Rogers "filing a DMCA counterclaim to a takedown notice on a YouTube video that exposed and promoted Fortnite Battle Royale cheats and exploits... Epic is not OK with ongoing cheating or copyright infringement from anyone at any age," it said.
Cory Doctorow counters that the 14-year-old "correctly asserted that there was no copyright infringement here. Videos that capture small snippets of a videogame do not violate that game creator's copyrights, because they are fair use..."

"In Portugal, with no net neutrality, internet providers are starting to split the net into packages," argues a California congressman -- retweeting a stunning graphic. An anonymous reader quotes BoingBoing's Cory Doctorow: Since 2006, Net Neutrality activists have been warning that a non-Neutral internet will be an invitation to ISPs to create "plans" where you have to choose which established services you can access, shutting out new entrants to the market and allowing the companies with the deepest pockets to permanently dominate the internet... the Portuguese non-neutral ISP MEO has mistaken a warning for a suggestion, and offers a series of "plans" for its mobile data service where you pay €5 to access a handful of messaging services, €5 more to use social media; and €5 more for video-streaming services.
The congressman notes this arrangement offers "a huge advantage for entrenched companies, but it totally ices out startups trying to get in front of people, which stifles innovation."

Long-time Slashdot reader Freshly Exhumed writes: Acclaimed Science Fiction author Brian Aldiss, first published in the 1950s, has died at the age of 92. Aldiss wrote such science fiction classics as Non-Stop, Hothouse and Greybeard, as well as the Helliconia trilogy, winning the Hugo and Nebula prizes for science fiction and fantasy, an honorary doctorate from the University of Reading, the title of grand master from the Science Fiction and Fantasy Writers of America, and an OBE for services to literature. Tributes from contemporaries and younger authors have been plentiful.
In 1969 Aldiss published the short story "Super-Toys Last All Summer Long" (1969), which after decades of work became the basis for the Stanley Kubrick-developed Steven Spielberg movie A.I. in 2001.

On Saturday author/blogger Cory Doctorow launched a new barrage of criticism towards Wells Fargo: It's been a whole day since we learned about another example of systematic, widespread fraud by America's largest bank Wells Fargo (ripping off small merchants with credit card fees), so it's definitely time to learn about another one: scamming mortgage borrowers out of $43/month for an unrequested and pointless "home warranty service" from American Home Shield, a billion-dollar scam-factory that considers you a customer if you throw away its junk-mail instead of ticking the "no" box and sending it back.

$43/month gets you pretty much nothing: people who tried to actually use their AHS insurance found it impossible to get them to actually do anything in exchange for this money. Here's a quick Wells Fargo fraud scorecard: stealing thousand of cars with fraudulent repos; defrauding mortgage borrowers; blackballing whistelblowers; creating 2,000,000+ fraudulent accounts, and stealing millions with fraudulent fees and penalties.
Life Pro Tip: if you don't like banks, join a credit union.

Slashdot reader DevNull127 writes: Robert Douglass's Kickstarter campaigns have resulted in free fan-funded open source recordings of Bach's Goldberg Variations and the 48 pieces in his Well-Tempered Clavier, Book 1. "Even Richard Stallman found these recordings, and he promptly wrote an email encouraging us to drop the word 'Open' in favor of 'Free' or 'Libre'," Douglas tells BoingBoing (adding "when RMS writes you telling you to change the name of your music project, you change the name of your music project.")

Now Douglass is crowdfunding a libre recording of Bach's last masterpiece, 20 fugues developed from a single theme called "the Art of the Fugue". "He wanted to culminate in a final fugue that literally spells his name, B-A-C-H, in musical notation," remembers Douglass, but "unfortunately, Bach died before completing that work, and it has remained a musical mystery (and tragedy) for hundreds of years." Fortunately Kimiko Ishizaka completed the work in 2016, "based on the music that Bach left us... This new composition will also be released under a Creative Commons license as part of the new OpenScore.cc project... Kimiko is eminently grateful to her fans and supporters of free culture for allowing her to focus all of her energies on growing the public domain and bringing the music of J.S. Bach to a far broader audience than ever imagined."
They're also rewarding supporters with tickets to two live performances -- one at Carnegie Hall in New York City and one in Hamburg's new Elbphilharmonie.

"British Prime Minister Theresa May has used last Saturday's terrorist attack to again push for a ban on encryption," according to ITWire. Slashdot reader troublemaker_23 shared their article, which quotes this strong rebuttal from Cory Doctorow: Use deliberately compromised cryptography, that has a back door that only the "good guys" are supposed to have the keys to, and you have effectively no security. You might as well skywrite it as encrypt it with pre-broken, sabotaged encryption... Theresa May doesn't understand technology very well, so she doesn't actually know what she's asking for. For Theresa May's proposal to work, she will need to stop Britons from installing software that comes from software creators who are out of her jurisdiction... any politician caught spouting off about back doors is unfit for office anywhere but Hogwarts, which is also the only educational institution whose computer science department believes in 'golden keys' that only let the right sort of people break your encryption.

Tim Wu, a law professor at the Colombia University, and best known for coining the term "net neutrality," has published an open letter to Tim Berners-Lee, the creator of the web and director of the World Wide Web Consortium (W3C). In the letter, Wu has asked Berners-Lee to "seriously consider extending a protective covenant to legitimate circumventers who have cause to bypass EME, should it emerge as a W3C standard." Cory Doctorow, writes for BoingBoing: But Wu goes on to draw a connection between the problems of DRM and the problems of network discrimination: DRM is wrapped up in a layer of legal entanglements (notably section 1201 of America's Digital Millennium Copyright Act), which allow similar kinds of anticompetitive and ugly practices that make net neutrality so important. This is a live issue, too, because the W3C just held the most contentious vote in its decades-long history, on whether to publish a DRM standard for the web without any of the proposed legal protections for companies that create the kinds of competing products and services that the law permits, except when DRM is involved. As Wu points out, this sets up a situation where the incumbents get to create monopolies that produce the same problems for the open web that network neutrality advocates -- like Berners-Lee -- worry about.

Archive.org argues robots.txt files are geared toward search engines, and now plans instead to represent the web "as it really was, and is, from a user's perspective." We have also seen an upsurge of the use of robots.txt files to remove entire domains from search engines when they transition from a live web site into a parked domain, which has historically also removed the entire domain from view in the Wayback Machine... We receive inquiries and complaints on these "disappeared" sites almost daily."
In response, Slashdot reader Lauren Weinstein writes: We can stipulate at the outset that the venerable Internet Archive and its associated systems like Wayback Machine have done a lot of good for many years -- for example by providing chronological archives of websites who have chosen to participate in their efforts. But now, it appears that the Internet Archive has joined the dark side of the Internet, by announcing that they will no longer honor the access control requests of any websites.
He's wondering what will happen when "a flood of other players decide that they must emulate the Internet Archive's dismal reasoning to remain competitive," adding that if sys-admins start blocking spiders with web server configuration directives, other unrelated sites could become "collateral damage."

But BoingBoing is calling it "an excellent decision... a splendid reminder that nothing published on the web is ever meaningfully private, and will always go on your permanent record." So what do Slashdot's readers think? Should Archive.org ignore robots.txt directives and cache everything?

"The Free Software Foundation is calling on netizens to make calls to the W3C demanding they not include DRM in Web standards," an anonymous reader writes. Cory Doctorow reports: There's only two weeks left until members of the World Wide Web Consortium vote on whether the web's premier open standards organization will add DRM to the toolkit available to web developers, without effecting any protections for people who discover security vulnerabilities that affect billions of web users, let alone people who adapt web tools for those with disabilities and people who create legitimate, innovative new technologies to improve web video.
Tim Berners-Lee has final say over this change, according to the article, which directs callers to urge him to "keep the web free and open, rather than rescuing DRM from its slow collapse due to the complexity of fielding and supporting it without standards like those the W3C makes."

"Are you an urban police force thinking about how to control your fellow humans?" jokes Cory Doctorow. "Look no farther! Your pals at Bozena have an all-new RIOT system, a crowd-control killdozer for all your protest-suppressing needs!" He's one of several web commentators marveling at the marketing copy for a Slovakian company's new anti-riot machinery, also spotted by Slashdot reader drunkdrone. Some quotes from the BOZENA RIOT SYSTEM site about the device's features:

• Easy attachable bulldozer blade.
• The [6,600 pound] shield comes equipped with launching ports designed for use of guns or other rubber projectiles launchers.
• The trailer is capable of displacing the water/foam or its mixtures (available additives: pepper or painting substances) under the high pressure into the distance of several dozen meters.
• Communication with rioters through the loudspeakers.
• Designed to control riots in streets and urbanized areas...intended predominantly for the special military and police units responsible for the CROWD CONTROL during the violent political/social demonstrations, against football hooligans, etc.

The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.

AmiMoJo quotes a report from BoingBoing: Edinburgh's Nahid Akram installed a CCTV system that let him record his downstairs neighbors Debbie and Tony Woolley in their back garden, capturing both images and audio of their private conversations, with a system that had the capacity to record continuously for five days. A Scottish court has ruled that the distress caused by their neighbor's camera entitled the Woolleys to $21,000 (17,000 British Pounds) in damages, without the need for them to demonstrate any actual financial loss. The judgment builds on a 2015 English court ruling against Google for spying on logged out Safari users, where the users were not required to show financial losses to receive compensation for private surveillance.

JustAnotherOldGuy quotes a report from Boing Boing: The World Wide Web Consortium's Encrypted Media Extensions (EME) is a DRM system for web video, being pushed by Netflix, movie studios, and a few broadcasters. It's been hugely controversial within the W3C and outside of it, but one argument that DRM defenders have made throughout the debate is that the DRM is optional, and if you don't like it, you don't have to use it. That's not true any more. Some time in the past few days, Google quietly updated Chrome (and derivative browsers like Chromium) so that Widevine (Google's version of EME) can no longer be disabled; it comes switched on and installed in every Chrome instance. Because of laws like section 1201 of the U.S. Digital Millennium Copyright Act (and Canada's Bill C11, and EU implementations of Article 6 of the EUCD), browsers that have DRM in them are risky for security researchers to audit. These laws provide both criminal and civil penalties for those who tamper with DRM, even for legal, legitimate purposes, and courts and companies have interpreted this to mean that companies can punish security researchers who reveal defects in their products. Further reading: Boing Boing and Hacker News.

JustAnotherOldGuy quotes a report from Boing Boing: The World Wide Web Consortium's Encrypted Media Extensions (EME) is a DRM system for web video, being pushed by Netflix, movie studios, and a few broadcasters. It's been hugely controversial within the W3C and outside of it, but one argument that DRM defenders have made throughout the debate is that the DRM is optional, and if you don't like it, you don't have to use it. That's not true any more. Some time in the past few days, Google quietly updated Chrome (and derivative browsers like Chromium) so that Widevine (Google's version of EME) can no longer be disabled; it comes switched on and installed in every Chrome instance. Because of laws like section 1201 of the U.S. Digital Millennium Copyright Act (and Canada's Bill C11, and EU implementations of Article 6 of the EUCD), browsers that have DRM in them are risky for security researchers to audit. These laws provide both criminal and civil penalties for those who tamper with DRM, even for legal, legitimate purposes, and courts and companies have interpreted this to mean that companies can punish security researchers who reveal defects in their products. Further reading: Boing Boing and Hacker News.

Cory Doctorow, writing for BoingBoing (condensed):The Canadian Broadcasting Corporation (CBC) publishes several excellent podcasts, and like every podcast in the world, these podcasts are available via any podcast app in the same way that all web pages can be fetched with all web browsers -- this being the entire point of podcasts. In a move of breathtaking, lawless ignorance, the CBC has begun to send legal threats to podcast app-makers, arguing that making an app that pulls down public RSS feeds is a "commercial use" and a violation of the public broadcaster's copyrights. This is a revival of an old, dark era in the web's history, when linking policies prevailed, through which publishes argued that they had the right to control who could make a link to their sites -- that is, who could state the public, true fact that "a page exists at this address." But the CBC is going one worse here: their argument is that making a tool that allows someone to load a public URL without permission is violating copyright law -- it's the same thing as saying, "Because Google is a for-profit corporation, any time a Chrome user loads a CBC page in the Chrome browser without the CBC's permission, Google is violating CBC's copyright."We hope it was all an accidental mistake from the CBC, because it seems like a very stupid thing to do otherwise.

Soon after it was announced that Project Include, a community for building meaningful, enduring diversity and inclusion into tech companies, would no longer work with Y Combinator startups, Facebook CEO Mark Zuckerberg defended Thiel's status as a Facebook board member in a message to employees. "We can't create a culture that says it cares about diversity and then excludes almost half the country because they back a political candidate," Zuckerberg wrote. "There are many reasons a person might support Trump that do not involve racism, sexism, xenophobia, or accepting sexual assault." The Verge reports: A screenshot of the memo was posted to Hacker News yesterday, and it later surfaced on Boing Boing. A Facebook spokesman confirmed the authenticity of the five-paragraph memo to The Verge. It appears to have been posted on Facebook for Work, the enterprise version of Facebook that the company recently made available to other companies. Thiel's endorsement of Trump has put those CEOs in a difficult position. On one hand he is a close adviser; on the other, his support for an erratic, racist demagogue has outraged many of their employees and partners. Like Y Combinator's Sam Altman before him, Zuckerberg defended the company's ties to Thiel by saying that the company has a moral obligation to consider a variety of viewpoints, no matter how abhorrent. "We care deeply about diversity," Zuckerberg wrote. "That's easy to do when it means standing up for ideas you agree with. It's a lot harder when it means standing up for the rights of people with different viewpoints to say what they care about. That's even more important." Of course, as the designer Jason Putorti wrote on Medium this week, Thiel already has an outsized capacity to stand up for ideas he agrees with: he spent $1.25 million to promote them. Zuckerberg's memo reads as if he is defending Thiel's right to post on Facebook. In fact, the question is whether someone who promotes opposition to gender and racial equality should be allowed to serve as a steward for a company whose stated mission is to connect the world.

Rumors of Apple's next iPhone missing a headphone jack have been swirling around for more than a year now. But a report from WSJ a few weeks ago, and another report from Bloomberg this week further cemented such possibility. We've talked about it here -- several times -- but now Cory Doctorow is shedding light on what this imminent change holds for the music industry. Reader harrymcc writes: Fast Company's Mark Sullivan talked about the switch with author and EFF adviser Cory Doctorow, who thinks it could lead to music companies leveraging DRM to exert more control over what consumers can do with their music.From the article:"If Apple creates a circumstance where the only way to get audio off its products is through an interface that is DRM-capable, they'd be heartbreakingly naive in assuming that this wouldn't give rise to demands for DRM," said Doctorow. If a consumer or some third-party tech company used the music in way the rights holders didn't like, the rights holders could invoke the anti-circumvention law written in Section 1201 of the Digital Millennium Copyright Act (DMCA). Steve Jobs famously convinced the record industry to remove the DRM from music on iTunes; is there really any reason to believe the industry might suddenly become interested in DRM again if the iPhone audio goes all digital? "Yes -- for streaming audio services," Doctorow says. "I think it is inevitable that rights holder groups will try to prevent recording, retransmission, etc." Today it's easy to record streamed music from the analog headphone jack on the phone, and even to convert the stream back to digital and transmit it in real time to someone else. With a digital stream it might not be nearly so easy, or risk-free."Doctorow shares more on BoingBoing.

Cory Doctorow, writes for BoingBoing: The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. EFF is representing two clients in its lawsuit: Andrew "bunnie" Huang, a legendary hardware hacker whose NeTV product lets users put overlays on DRM-restricted digital video signals; and Matthew Green, a heavyweight security researcher at Johns Hopkins who has an NSF grant to investigate medical record systems and whose research plans encompass the security of industrial firewalls and finance-industry "black boxes" used to manage the cryptographic security of billions of financial transactions every day. Both clients reflect the deep constitutional flaws in the DMCA, and both have standing to sue the US government to challenge DMCA 1201 because of its serious criminal provisions (5 years in prison and a $500K fine for a first offense).Doctorow has explained aspects of this for The Guardian today. You should also check Huang's blog post on this.

An anonymous reader writes from a report via Schneier on Security: Two researchers have discovered over 100 Tor nodes that are spying on hidden services. Cory Doctorow from Boing Boing reports: "These nodes -- ordinary nodes, not exit nodes -- sorted through all the traffic that passed through them, looking for anything bound for a hidden service, which allowed them to discover hidden services that had not been advertised. These nodes then attacked the hidden services by making connections to them and trying common exploits against the server-software running on them, seeking to compromise and take them over. The researchers used 'honeypot' .onion servers to find the spying computers: these honeypots were .onion sites that the researchers set up in their own lab and then connected to repeatedly over the Tor network, thus seeding many Tor nodes with the information of the honions' existence. They didn't advertise the honions' existence in any other way and there was nothing of interest at these sites, and so when the sites logged new connections, the researchers could infer that they were being contacted by a system that had spied on one of their Tor network circuits. No one knows who is running the spying nodes: they could be run by criminals, governments, private suppliers of 'infowar' weapons to governments, independent researchers, or other scholars (though scholarly research would not normally include attempts to hack the servers once they were discovered)." The Tor project is aware of the attack and is working to redesign its system to try and block it. Security firm Bitdefender has issued an alert about a malicious app called EasyDoc that hands over control of Macs to criminals via Tor.

A report on BoingBoing, authored by Damien Zammit, claims that recent Intel x86 processors have a secret and power control mechanism implemented into them that runs on a separate chip that nobody is allowed to audit or examine. From the report: When these are eventually compromised, they'll expose all affected systems to nearly unkillable, undetectable rootkit attacks. Further explaining the matter, the author claims that a system with a mainboard and Intel x86 CPU comes with Intel Management Engine (ME), a subsystem composed of a special 32-bit ARC microprocessor that's physically located inside the chipset. It is an "extra general purpose computer." The problem resides in the way this "extra-computer" works. It runs completely out-of-band with the main x86 CPU "meaning that it can function totally independently even when your main CPU is in a low power state like S3 (suspend)." On some chipsets, the firmware running on the ME implements a system called Intel's Active Management Technology (AMT). This is entirely transparent to the operating system, which means that this extra computer can do its job regardless of which operating system is installed and running on the main CPU. From the report: The purpose of AMT is to provide a way to manage computers remotely (this is similar to an older system called "Intelligent Platform Management Interface" or IPMI, but more powerful). To achieve this task, the ME is capable of accessing any memory region without the main x86 CPU knowing about the existence of these accesses. It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system. Update: 06/15 18:54 GMT by M :A reader points out that this "extra computer" could be there to enable low-power functionalities such as quick boot and quality testing.

Editor's note: The summary is written with inputs from an anonymous reader, who also shared the story. We've been unable to verify the claims made by the author.

A report on BoingBoing, authored by Damien Zammit, claims that recent Intel x86 processors have a secret and power control mechanism implemented into them that runs on a separate chip that nobody is allowed to audit or examine. From the report: When these are eventually compromised, they'll expose all affected systems to nearly unkillable, undetectable rootkit attacks. Further explaining the matter, the author claims that a system with a mainboard and Intel x86 CPU comes with Intel Management Engine (ME), a subsystem composed of a special 32-bit ARC microprocessor that's physically located inside the chipset. It is an "extra general purpose computer." The problem resides in the way this "extra-computer" works. It runs completely out-of-band with the main x86 CPU "meaning that it can function totally independently even when your main CPU is in a low power state like S3 (suspend)." On some chipsets, the firmware running on the ME implements a system called Intel's Active Management Technology (AMT). This is entirely transparent to the operating system, which means that this extra computer can do its job regardless of which operating system is installed and running on the main CPU. From the report: The purpose of AMT is to provide a way to manage computers remotely (this is similar to an older system called "Intelligent Platform Management Interface" or IPMI, but more powerful). To achieve this task, the ME is capable of accessing any memory region without the main x86 CPU knowing about the existence of these accesses. It also runs a TCP/IP server on your network interface and packets entering and leaving your machine on certain ports bypass any firewall running on your system. Update: 06/15 18:54 GMT by M :A reader points out that this "extra computer" could be there to enable low-power functionalities such as quick boot and quality testing.

Editor's note: The summary is written with inputs from an anonymous reader, who also shared the story. We've been unable to verify the claims made by the author.

HughPickens.com writes: As we come up on the 50th anniversary of the original Star Trek, Manu Saudia, author of Trekonomics, has an interesting article on BoingBoing about how according to Gene Roddenberry himself, no author had more influence on The Original Star Trek than Robert Heinlein, and more specifically his juvenile novel Space Cadet. That book, published in 1948, is considered a classic. It is a bildungsroman, retelling the education of young Matt Dodson from Iowa, who joins the Space Patrol and becomes a man. (In a homage from Roddenberry, Star Trek's Captain James Tiberius Kirk is also from Iowa.) The Space Patrol is a prototype of Starfleet: it is a multiracial, multinational institution, entrusted with keeping the peace in the solar system. In Space Cadet, Heinlein portrayed a society where racism had been overcome. Not unlike Starfleet, the Space Patrol was supposed to be a force for good. According to Saudia, the hierarchical structure and naval ranks of the first Star Trek series (a reflection of Heinlein's Annapolis days) were geared to appeal to Heinlein's readers and demographics, all these starry-eyed kids who, like Roddenberry himself, had read Space Cadet and Have Spacesuit -- Will Travel. Nobody cared about your sex or the color of your skin as long as you were willing to sign up for the Space Patrol or Starship Troopers' Federal service. Where it gets a little weird is that Heinlein's Space Patrol controls nuclear warheads in orbit around Earth, and its mission is to nuke any country that has been tempted to go to war with its neighbors. This supranational body in charge of deterrence, enforcing peace and democracy on the home planet by the threat of annihilation, was an extrapolation of what could potentially be achieved if you combined the UN charter with mutually assured destruction. "The fat finger on the nuclear trigger makes it a very doubtful proposition," concludes Saudia. "The Space Patrol, autonomous and unaccountable, is the opposite of the kind democratic and open society championed by Star Trek."

AmiMoJo quotes a report from Boing Boing: As recently as 5 months ago, Oculus founder Palmer Luckey was promising his customers that they could play the software they bought from the Oculus store on "whatever they want," guaranteeing that the company wouldn't shut down apps that let customers move their purchased software to non-Oculus hardware. But now, Oculus has changed its DRM to exclude Revive, a "proof-of-concept compatibility layer between the Oculus SDK [software development kit] and OpenVR," that let players buy software in the Oculus store and run it on competing hardware. The company billed the update as an anti-piracy measure, but Revive's developer, who call themselves "Libre VR," points out that the DRM only prevents piracy using non-Oculus hardware, and allows for unlimited piracy by Oculus owners.

JustAnotherOldGuy writes: Rightscorp, the copyright trolls whose business model was convincing ISPs to freeze their customers' Internet access in response to unsubstantiated copyright accusations, and then ransom those connections back for $20 each, will be out of money by the end of this quarter. Despite a massive courtroom win against Cox Cable in 2015 (and a counterbalancing gigantic fine for its robocalls), the company couldn't win a technology cat-and-mouse game against its prey -- the wily file-sharers who switched to VPNs and other anonymizing technologies. For the moment, the company is teetering on the brink of financial collapse. It raised $500,000 on February 22, the company reported, but it needs another $1 million to stay afloat. It has only enough cash on hand to continue "into the second quarter of 2016," according to the company's latest financial report.

JustAnotherOldGuy writes: Rightscorp, the copyright trolls whose business model was convincing ISPs to freeze their customers' Internet access in response to unsubstantiated copyright accusations, and then ransom those connections back for $20 each, will be out of money by the end of this quarter. Despite a massive courtroom win against Cox Cable in 2015 (and a counterbalancing gigantic fine for its robocalls), the company couldn't win a technology cat-and-mouse game against its prey -- the wily file-sharers who switched to VPNs and other anonymizing technologies. For the moment, the company is teetering on the brink of financial collapse. It raised $500,000 on February 22, the company reported, but it needs another $1 million to stay afloat. It has only enough cash on hand to continue "into the second quarter of 2016," according to the company's latest financial report.

Techdirt is in hot water with the Department of Homeland Security all thanks to a commenter known as Digger. Techdirt's Tim Cushing published a story about the Hancock County, IN Sheriff's Department officers who stole $240,000 under color of asset forfeiture. In response to the story, Digger wrote, "The only 'bonus' these criminals [the Sheriff's Department officers] are likely to see could be a bullet to their apparently empty skulls." The Department of Homeland Security then contacted Techdirt to ask whom they should send a subpoena to in order to identify Digger. Masnick is worried the subpoena could come with a gag order. "Normally, we'd wait for the details before publishing, but given a very similar situation involving commenters on the site Reason last year, which included a highly questionable and almost certainly unconstitutional gag order preventing Reason from speaking about it, we figured it would be worth posting about it before we've received any such thing," Masnick writes.

JustAnotherOldGuy writes: The numbers are very back-of-the-envelope and assume a worst case: widespread adoption of Bitcoin and not much improvement in Bitcoin mining activity, along with long replacement cycles for older, less efficient mining rigs. But even the best case [scenario] has Bitcoin consuming a shocking amount of electricity. [As mentioned in a report from Motherboard,] "The results show that in an optimistic scenario, the increase in electricity consumption of the Bitcoin network compared to now is not shocking, from around 350 MW to around 417 MW, but still on the order of one small power station. If things play out a little less favorably, however, the Bitcoin network may draw over 14 Gigawatts of electricity by 2020, equivalent to the total power generation capacity of a small country, like Denmark for example.

A new "ethics" policy from NPR details new rules to stop promoting NPR One and its podcasts on the air, to ultimately please local station managers who pay the largest share of NPR's bills.

Chris Turpin, V.P. for news programming and operations, writes: As podcasts grow in number and popularity we are talking about them more often in our news programs. We are also fielding more and more questions from news staff and Member stations about our policies for referring to podcasts on air. To that end, we want to establish some common standards, especially for language in back announces. Our hope is to establish basic principles that are easy to understand and allow plenty of flexibility for creativity. These guidelines apply to all podcasts, whether produced by NPR or by other entities. No Call to Action: We won't tell people to actively download a podcast or where to find them. No mentions of npr.org, iTunes, Stitcher, NPR One, etc.
Basically, NPR won't promote "the lauded, loved app that is basically the future of NPR" to listeners who would be most interested in it. How do you feel about NPR's new policy?

New submitter Kurast writes with this article at Boing Boing: Code is speech: critical court rulings from the early history of the Electronic Frontier Foundation held that code was a form of expressive speech, protected by the First Amendment. The EFF has just submitted an amicus brief in support of Apple in its fight against the FBI, representing 46 "technologists, researchers and cryptographers," laying out the case that the First Amendment means that Apple can't be forced to utter speech to the government's command, and they especially can't be forced to sign and endorse that speech. In a "deep dive" post, EFF's Andrew Crocker and Jamie Williams take you through the argument, step by step. (You can follow along by reading the brief itself (PDF), too.)

New submitter Lacey Waymire writes: The ACLU of Northern California is suing for a release of public records regarding Anaheim police's use of cell phone surveillance devices. "We don't think any surveillance devices, particularly these sorts of invasive cell phone surveillance devices, should ever be acquired or used without intense public debate and the adoption of safeguards to ensure they are only used in ways that follow our Constitution and laws," attorney Matt Cagle said. (See this Boing Boing posting with a bit more on "the happiest surveillance state on earth.")

schnell writes: The New York Times Magazine has a fascinating story about ISIS efforts to get their hands on a mysterious and powerful superweapon called Red Mercury. The problem is that by consensus among scientific authorities, Red Mercury doesn't exist. And yet that hasn't stopped the legend of Red Mercury, touted by sources from Nazi conspiracy theorists to former Manhattan Project scientists, as having magical properties. Middle East weapons traders have even spun elaborate stories for its properties (ranging from thermonuclear explosive properties to sexual enhancement) and origins and sources (from Soviet weapons labs to Roman graveyards). What can account for the enduring myth of Red Mercury — is it rampant scientific illiteracy, the power of urban legend and shared myth, or something else?

Boing Boing reports that NASA has uploaded to its Flickr account 8400 photographs from the agency's Apollo days -- "just about every image captured by Apollo astronauts on lunar missions." The astronauts were shooting with some very nice cameras, and the results are worth seeing at 1800dpi.

New submitter jack_babylon writes: On September 14th, Symantec's subsidiary certificate authority Thawte accidentally released a "small number" of " "inappropriately issued" security certificates, apparently intended for internal testing only. However, the fact that these were logged in the wild by Google (and, apparently, DigiCert) seems to indicate that they escaped the lab, at least far enough for a false google.com cert to raise the appropriate red flags. This sounds similar to the recent acts of poor judgement that got CNNIC's certs removed entirely from Firefox and Chrome, if more limited in scope and more quickly addressed (through, among other things, termination of some Symantec employees). (And like all reports one hopes go away quietly, these were released in the dead of a Friday night — h/t BoingBoing for noting this news.)

An anonymous reader writes: As the FBI demand encryption master keys for Apple, Microsoft and Google made devices, photographs of the master keys for the TSA Travel Sentry suitcases have now been published in multiple places online (more links in later articles). Cory Doctorow points out this makes it much easier for thieves to open luggage undetectably, without leaving any signs of lock picking. Whilst many have argued that the locks aren't designed to provide real security, the most important thing is that this shows the risk of backdoors in security systems, especially since the TSA has not given any warning about this compromise, which seems to have occurred in 2014 or earlier.

Cory Doctorow reflects in a post at Boing Boing on the many ways in which modern cars' security infrastructure is a white-hot mess. And as to the reasons why, this seems to be the heart of the matter, and it applies to much more than cars: [M]anufacturers often view bugs that aren't publicly understood as unimportant, because it costs something to patch those bugs, and nothing to ignore them, even if those bugs are exploited by bad guys, because the bad guys are going to do everything they can to keep the exploit secret so they can milk it for as long as possible, meaning that even if your car is crashed (or bank account is drained) by someone exploiting a bug that the manufacturer has been informed about, you may never know about it. There is a sociopathic economic rationality to silencing researchers who come forward with bugs.

Bismillah writes: A British infosec company has discovered that cheap thermal imaging attachments for smartphones can be used to work out which keys users press on -- for instance -- ATM PIN pads. The thermal imprint last for a minute or longer. That's especially worrying if your PIN takes the form of letters, as do many users' phone-unlock patterns.