Slashdot Mirror

smaxp writes "A cross-country trip by two Model S sedans 'recorded the lowest charge time for an electric vehicle traveling across the country – a feat that is now being assessed for recognition as a Guinness World Records achievement,' according to a Tesla blog post. 'The 3464.5-mile jaunt is yet another attempt to ease range anxiety among many consumers who worry about being stranded in a car with a depleted battery pack and nowhere near a charging station. While Tesla’s Model S is too expensive for average consumers, the company plans to roll out cheaper models at some point and needs to address the fear that has stopped many people from buying electric cars, even cheaper ones such as the Nissan Leaf...'"

First time accepted submitter inqrorken writes "During the recent cold snap, New England utilities turned to an unconventional fuel: jet fuel. Due to high demand for heating, natural gas supplies dropped and prices skyrocketed to $140/mmBtu and prompting the Mid-Atlantic RTO to call on demand response in the region. With 50% of installed generation capacity natural-gas fired, one utility took the step of running its jet fuel-based turbines for a record 15 hours."

Slashdot contributor Bennett Haselton writes: "A California company called Shape Security claims that their network box can disable malware attacks, by using polymorphism to rewrite webpages before they are sent to the user's browser. Most programmers will immediately spot several ways that the system can be defeated, but it may still slow attackers down or divert them towards other targets." Read on for the rest of Bennett's thoughts.

When a ShapeShifter appliance is installed in a datacenter alongside a web server, it takes the website's content and rewrites it before sending it to the user's browser, using techniques to obfuscate the contents such as changing the names of various form fields, or perhaps using obfuscated JavaScript to generate the page contents. (Many Slashdotters will understand these terms, but if you're not sure what I mean by "changing form fields" or "obfuscated JavaScript," it's a bit too technical to explain within this article. Suffice to say that obfuscated JavaScript is itself not a new idea; you can see a demonstration here, which takes simple JavaScript code and rewrites it in such a way that it's much harder to scan automatically, but the code still does the same thing.) The idea is that by obscuring the webpage contents, ShapeShifter makes it harder for bots and malware to conduct automated attacks against the website, since the bots now have to be smart enough to parse the obfuscated JavaScript or decipher the renamed form fields.

The idea has attracted glowing reviews from tech writers, including some who say they can "barely stay awake for a lot of startup pitches" but who were evidently enthralled by this one. My first reaction was that it's not hard to think of ways that this system can be defeated, and some readers will have thought of some ways to attack it even before finishing the previous paragraph. However, the attacks will perhaps require some malware and bot writers to rewrite their malicious programs to target websites in new ways. It remains to be seen how long that will take, and whether Shape will have a countermove after bots evolve to defeat their systems.

If you watch the video on Shape Security's website and pay close attention to their claims, note that they never actually say that ShapeShifter can stop malware from stealing a user's credentials — perhaps a deliberate omission for honesty's sake, since their technology, as they've described it, cannot prevent that. If your machine is infected with malware, and you're filling out a form on a website, the malware can eavesdrop at the level of the user interface to watch what you're typing into a form -- and if you fill out a form which contains a password field, or which contains a string of numbers that pass the credit card number checksum, the malware can capture the entire form contents and silently transmit it back to the attacker. No amount of obfuscation and shapeshifting in the HTML can stop the malware from capturing your password at the user interface level.

Now consider, instead, two of the claims actually made in the ShapeShifter video:

"Financial sites face man-in-the-browser attacks. This kind of bot waits for a legitimate user to authenticate, and then manipulates financial transactions. By disrupting the scripts that Man-in-the-Browser bots rely on, the ShapeShifter allows banks to safely serve their customers, even when their customers are infected with malware."

and

"On e-commerce sites, account takeover has evolved into a serious source of losses. 60% of users use the same password across multiple sites. When user credentials on one site are compromised, attackers program bots to test user credentials on other sites. The ShapeShifter prevents bots from testing stolen credentials on your website."

What both of these claims are essentially saying that once your credentials have been stolen, ShapeShifter can mitigate the damage by preventing a bot from executing transactions using those stolen credentials, or from testing those credentials on other sites. However, I would argue that once your credentials have been stolen successfully, 90% of the damage has been done. ShapeShifter can't do anything to stop a human from testing your stolen credentials manually, and if the attacker has already infected your machine, they can use your machine as a proxy when testing out your credentials, so that the target website doesn't even notice a login from an unusual IP address.

And is it even true that ShapeShifter can stop bots from automating an attack against a target website? Even if a website relayed through ShapeShifter has its HTML obfuscated with JavaScript and re-named form fields, it's still easy to write scripts that automate the act of launching a web browser and filling content into those form fields — such as entering a username and password into two fields, and submitting them to see if the website accepts the login. I'm not sure (it's been a long time since I've written browser automation code, using frameworks like Selenium), but I think you can even automate the interaction "silently," without actually opening up a visible browser window. Which, of course, means you can do it on a user's machine that has been conscripted into a botnet, without the user knowing what's going on.

Now, automating interaction with a website through the browser, may be harder than writing a script to interact with the website at the network level. But as long as someone figures out a way to do it, they can sell the method and the toolkit to others. (The credit card security breach at Target was carried out using software that a 17-year-old wrote and sold off-the-shelf on the black market.)

What about straight denial-of-service attacks, where an attacker doesn't care about breaking into a website or stealing data, but simply wants to take it offline by flooding it with traffic? Could ShapeShifter protect against those types of attacks? It depends on the type of attack. If you're trying to take down a website simply by sending an overwhelming number of requests for the website's front page, and nothing else, then ShapeShifter wouldn't be able to mitigate this attack, since every incoming front-page request still has to be passed through to the web server being protected, and if that's too much for the web server to handle, it will still go down. On the other hand, some denial-of-service attacks use more sophisticated tricks, like running a search query on the target website — knowing that handling a search query requires a lot more processing power than simply serving up the site's front page, so it would take a smaller number of requests to effectively tie up the webserver. If ShapeShifter can effectively stop bots from logging in to a website, running search queries, or performing other actions that are resource-intensive, then that type of denial-of-service attack could be stopped or slowed down.

So, at least based on the product description from the company itself, can ShapeShifter stop malware from stealing your users' logins on your site? Definitely not. Can ShapeShifter stop a botnet from conducting automated attacks against your user interface? For some types of botnets, maybe, but probably not in the long run. Will ShapeShifter be able to evolve a defense against bots that use browser automation? It's hard to see what they could possibly do in response. One of the company founders says, "We are populating our roadmap for the next five, six or seven steps cybercriminals will make and figuring out a countermove," but without knowing what those countermoves are, we only have their word to go on.

But in spite of my misgivings, I wouldn't predict on that basis that the product won't sell a lot of units. Some companies may buy the box without realizing that it does nothing to prevent their users' credentials from being compromised by malware, and that it provides only limited protection against automated attacks. Some companies may realize the limitations of the protection, but decide to buy it anyway because it looks good to their investors or their cybersecurity insurance underwriters. In such situations, even just the appearance of proactivity can be worth a million dollars a year.

Slashdot contributor Bennett Haselton writes: "A California company called Shape Security claims that their network box can disable malware attacks, by using polymorphism to rewrite webpages before they are sent to the user's browser. Most programmers will immediately spot several ways that the system can be defeated, but it may still slow attackers down or divert them towards other targets." Read on for the rest of Bennett's thoughts.

When a ShapeShifter appliance is installed in a datacenter alongside a web server, it takes the website's content and rewrites it before sending it to the user's browser, using techniques to obfuscate the contents such as changing the names of various form fields, or perhaps using obfuscated JavaScript to generate the page contents. (Many Slashdotters will understand these terms, but if you're not sure what I mean by "changing form fields" or "obfuscated JavaScript," it's a bit too technical to explain within this article. Suffice to say that obfuscated JavaScript is itself not a new idea; you can see a demonstration here, which takes simple JavaScript code and rewrites it in such a way that it's much harder to scan automatically, but the code still does the same thing.) The idea is that by obscuring the webpage contents, ShapeShifter makes it harder for bots and malware to conduct automated attacks against the website, since the bots now have to be smart enough to parse the obfuscated JavaScript or decipher the renamed form fields.

The idea has attracted glowing reviews from tech writers, including some who say they can "barely stay awake for a lot of startup pitches" but who were evidently enthralled by this one. My first reaction was that it's not hard to think of ways that this system can be defeated, and some readers will have thought of some ways to attack it even before finishing the previous paragraph. However, the attacks will perhaps require some malware and bot writers to rewrite their malicious programs to target websites in new ways. It remains to be seen how long that will take, and whether Shape will have a countermove after bots evolve to defeat their systems.

If you watch the video on Shape Security's website and pay close attention to their claims, note that they never actually say that ShapeShifter can stop malware from stealing a user's credentials — perhaps a deliberate omission for honesty's sake, since their technology, as they've described it, cannot prevent that. If your machine is infected with malware, and you're filling out a form on a website, the malware can eavesdrop at the level of the user interface to watch what you're typing into a form -- and if you fill out a form which contains a password field, or which contains a string of numbers that pass the credit card number checksum, the malware can capture the entire form contents and silently transmit it back to the attacker. No amount of obfuscation and shapeshifting in the HTML can stop the malware from capturing your password at the user interface level.

Now consider, instead, two of the claims actually made in the ShapeShifter video:

"Financial sites face man-in-the-browser attacks. This kind of bot waits for a legitimate user to authenticate, and then manipulates financial transactions. By disrupting the scripts that Man-in-the-Browser bots rely on, the ShapeShifter allows banks to safely serve their customers, even when their customers are infected with malware."

and

"On e-commerce sites, account takeover has evolved into a serious source of losses. 60% of users use the same password across multiple sites. When user credentials on one site are compromised, attackers program bots to test user credentials on other sites. The ShapeShifter prevents bots from testing stolen credentials on your website."

What both of these claims are essentially saying that once your credentials have been stolen, ShapeShifter can mitigate the damage by preventing a bot from executing transactions using those stolen credentials, or from testing those credentials on other sites. However, I would argue that once your credentials have been stolen successfully, 90% of the damage has been done. ShapeShifter can't do anything to stop a human from testing your stolen credentials manually, and if the attacker has already infected your machine, they can use your machine as a proxy when testing out your credentials, so that the target website doesn't even notice a login from an unusual IP address.

And is it even true that ShapeShifter can stop bots from automating an attack against a target website? Even if a website relayed through ShapeShifter has its HTML obfuscated with JavaScript and re-named form fields, it's still easy to write scripts that automate the act of launching a web browser and filling content into those form fields — such as entering a username and password into two fields, and submitting them to see if the website accepts the login. I'm not sure (it's been a long time since I've written browser automation code, using frameworks like Selenium), but I think you can even automate the interaction "silently," without actually opening up a visible browser window. Which, of course, means you can do it on a user's machine that has been conscripted into a botnet, without the user knowing what's going on.

Now, automating interaction with a website through the browser, may be harder than writing a script to interact with the website at the network level. But as long as someone figures out a way to do it, they can sell the method and the toolkit to others. (The credit card security breach at Target was carried out using software that a 17-year-old wrote and sold off-the-shelf on the black market.)

What about straight denial-of-service attacks, where an attacker doesn't care about breaking into a website or stealing data, but simply wants to take it offline by flooding it with traffic? Could ShapeShifter protect against those types of attacks? It depends on the type of attack. If you're trying to take down a website simply by sending an overwhelming number of requests for the website's front page, and nothing else, then ShapeShifter wouldn't be able to mitigate this attack, since every incoming front-page request still has to be passed through to the web server being protected, and if that's too much for the web server to handle, it will still go down. On the other hand, some denial-of-service attacks use more sophisticated tricks, like running a search query on the target website — knowing that handling a search query requires a lot more processing power than simply serving up the site's front page, so it would take a smaller number of requests to effectively tie up the webserver. If ShapeShifter can effectively stop bots from logging in to a website, running search queries, or performing other actions that are resource-intensive, then that type of denial-of-service attack could be stopped or slowed down.

So, at least based on the product description from the company itself, can ShapeShifter stop malware from stealing your users' logins on your site? Definitely not. Can ShapeShifter stop a botnet from conducting automated attacks against your user interface? For some types of botnets, maybe, but probably not in the long run. Will ShapeShifter be able to evolve a defense against bots that use browser automation? It's hard to see what they could possibly do in response. One of the company founders says, "We are populating our roadmap for the next five, six or seven steps cybercriminals will make and figuring out a countermove," but without knowing what those countermoves are, we only have their word to go on.

But in spite of my misgivings, I wouldn't predict on that basis that the product won't sell a lot of units. Some companies may buy the box without realizing that it does nothing to prevent their users' credentials from being compromised by malware, and that it provides only limited protection against automated attacks. Some companies may realize the limitations of the protection, but decide to buy it anyway because it looks good to their investors or their cybersecurity insurance underwriters. In such situations, even just the appearance of proactivity can be worth a million dollars a year.

An anonymous reader writes ""King.com, owners of Candy Crush, have received a U.S. trademark on the use of the word 'candy' in games and clothing. Forbes thinks it is overly broad. 'One would think Hasbro, the maker of that venerable children's board game (which does have video game versions) Candy Land, would already have this trademark sewed up.'" According to an update on the story, the company also has a EU trademark on the same term, but (however much comfort this is) is enforcing its claims only selectively, as against a game called All Candy Casino Slots – Jewel Craze Connect: Big Blast Mania Land.

Sparrowvsrevolution writes "For the last year Bram Cohen, who created the breakthrough file-sharing protocol BitTorrent a decade ago, has been working on a tool he calls DissidentX, a steganography tool that's available now but is still being improved with the help of a group of researchers at Stanford. Like any stego tool, DissidentX can camouflage users' secrets in an inconspicuous website, a corporate document, or any other, pre-existing file from a Rick Astley video to a digital copy of Crime and Punishment. But it uses a new form of steganography based on cryptographic hashes to make the presence of a hidden message far harder for an eavesdropper to detect than in traditional stego. And it also makes it possible to encode multiple encrypted messages to different keys in the same cover text."

You may remember Gaikai, a company built on the idea of cloud-based gaming. The idea was that a remote server would run the game and stream all graphics and sound to a player's device, which would allow underpowered or obsolete machines to run modern, graphically demanding games on high settings. In 2012, Sony purchased Gaikai. Now, they've announced at CES that their cloud gaming tech (dubbed 'PlayStation Now') is just about ready for the public. CES attendees will be able to try it out, and Sony will begin a closed beta test in the U.S. later this month. Full release is planned for summer. It will first support streaming to PS3s, PS4s, and certain Sony TV models. Later, it will expand more broadly to various non-Sony "internet-connected devices." Players will have the option to rent games or to subscribe for continued access. Forbes reports, "According to Sony, gamers who own disc- or digital-based games will not have access to those games via PS Now free of charge."

New submitter sfcat writes "Companies, headhunters and recruiters increasingly are using social media sites like Facebook to evaluate potential employees. Most of this is due to a 2012 paper from Northern Illinois Univ. that claimed that employee performance could be effectively evaluated from their social media profiles. Now a series of papers from other institutions reveal exactly the opposite result. 'Recruiter ratings of Facebook profiles correlate essentially zero with job performance,' write the researchers, led by Chad H. Van Iddekinge of FSU (abstract). Not only did the research show the ineffectiveness of using social media in evaluating potential employees, it also showed a measurable biases of the recruiters against minorities (African-American and Latino) and against men in general."

New submitter sfcat writes "Companies, headhunters and recruiters increasingly are using social media sites like Facebook to evaluate potential employees. Most of this is due to a 2012 paper from Northern Illinois Univ. that claimed that employee performance could be effectively evaluated from their social media profiles. Now a series of papers from other institutions reveal exactly the opposite result. 'Recruiter ratings of Facebook profiles correlate essentially zero with job performance,' write the researchers, led by Chad H. Van Iddekinge of FSU (abstract). Not only did the research show the ineffectiveness of using social media in evaluating potential employees, it also showed a measurable biases of the recruiters against minorities (African-American and Latino) and against men in general."

An anonymous reader writes "According to Forbes online, up to 1 billion PCs are at risk of leaking information that could be used as a blueprint for attackers to compromise a network from Microsoft Windows Error Reporting (WER) crash reports that are sent in the clear. Researchers at Websense Labs released a detailed overview of the data contained in the crash reports, shortly after Der Spiegel released documents alleging that nation-state hackers may have used this information to execute highly targeted attacks with a low risk of detection, by crafting attacks specifically for vulnerable applications that are running on the network. Also interesting to think that Microsoft knows exactly what model of phones that you have plugged into your PC..."

First time accepted submitter hrb1979 writes "Thought I'd share an interview with Kang Zhao — the professor behind the machine learning algorithm which could transform online dating. His algorithm takes into account both a user's tastes (in an approach similar to the Netflix recommendation engine) and their attractiveness (by analyzing how many responses they get) — enabling the machine to 'learn' and hence propose higher potential matches. His research was recently covered in both a Forbes' article and the MIT Technology Review, though this interview provides more depth and color."

theodp writes "Perhaps people are reading too much into Apple CEO Tim Cook's 'Big Plans' for 2014, but hopes are high that the New Year will bring a biggie-sized iPad. Over at Forbes, Anthony Wing Kosner asks, Will The Large Screen iPad Pro Be Apple's First In A Line Of Desktop Touch Devices?. 'Rumors of a large [12.9"] iPad are many and constant,' notes ComputerWorld's Mike Elgan, 'but they make sense only if the tablet is a desktop for schools.' Elgan adds, 'Lots of schools are buying iPads for kids to use. But iPads don't make a lot of sense for education. For starters, their screens are too small for the kinds of interactive textbooks and apps that Apple wants the education market to create. They're also too small for collaborative work. iPads run mobile browsers, rather than full browsers, so kids can't use the full range of HTML5 sites.' Saying that 'Microsoft has fumbled the [post-PC] transition badly,' Elgan argues that 'the battle for the future of education is likely to be between whatever Google turns the Chromebook into against whatever Apple turns the iPad into.'"

An anonymous reader writes "So what exactly was the injustice that everyone was fighting against here? There were no pro-Sacco factions, nobody thought her comment was funny, and it became clear early on that her employers were not going to put up with this. It was quite easy for groups to unite against her precisely because it was such an obviously idiotic comment to make. By the time Valleywag had posted her tweet, the damage to her career was already done; there wasn't any 'need' for further action by anyone. The answer is a bit darker – this wasn't really about fairness, it was about entertainment."

Forbes is one of several news sources reporting that Apple and China Mobile have agreed on a plan that will bring the option of iPhones to tens of millions of customers of the Chinese carrier. A separate article contains something that may be at least as interesting as the deal itself, and that's some speculation on what sort of network China Mobile will be using for all those iDevices.

Forbes is one of several news sources reporting that Apple and China Mobile have agreed on a plan that will bring the option of iPhones to tens of millions of customers of the Chinese carrier. A separate article contains something that may be at least as interesting as the deal itself, and that's some speculation on what sort of network China Mobile will be using for all those iDevices.

Hugh Pickens DOT Com writes "SF writer Charles Stross writes on his blog that like all currency systems, Bitcoin comes with an implicit political agenda attached and although our current global system is pretty crap, Bitcoin is worse. For starters, BtC is inherently deflationary. There is an upper limit on the number of bitcoins that can ever be created so the cost of generating new Bitcoins rises over time, and the value of Bitcoins rise relative to the available goods and services in the market. Libertarians love it because it pushes the same buttons as their gold fetish and it doesn't look like a "Fiat currency". You can visualize it as some kind of scarce precious data resource, sort of a digital equivalent of gold. However there are a number of huge down-sides to Bitcoin says Stross: Mining BtC has a carbon footprint from hell as they get more computationally expensive to generate, electricity consumption soars; Bitcoin mining software is now being distributed as malware because using someone else's computer to mine BitCoins is easier than buying a farm of your own mining hardware; Bitcoin's utter lack of regulation permits really hideous markets to emerge, in commodities like assassination and drugs and child pornography; and finally Bitcoin is inherently damaging to the fabric of civil society because it is pretty much designed for tax evasion. "BitCoin looks like it was designed as a weapon intended to damage central banking and money issuing banks, with a Libertarian political agenda in mind—to damage states ability to collect tax and monitor their citizens financial transactions," concludes Stross. "The current banking industry and late-period capitalism may suck, but replacing it with Bitcoin would be like swapping out a hangnail for Fournier's gangrene.""

An anonymous reader writes "We tend to take things like household appliances and other automation for granted, but as O'Reilly's Mike Loukides puts it: 'The Future Is All Robots. But Will We Even Notice? We've watched the rising interest in robotics for the past few years. It may have started with the birth of FIRST Robotics competitions, continued with the iRobot and the Roomba, and more recently with Google's driverless cars. But in the last few weeks, there has been a big change. Suddenly, everybody's talking about robots and robotics. ... I have no doubt that Google’s robotics team is working on something amazing and mind-blowing. Should they succeed, and should that success become a product, though, whatever they do will almost certainly fade into the woodwork and become part of normal, everyday reality. And robots will remain forever in the future. We might have found Rosie, the Jetsons’ robotic maid, impressive. But the Jetsons didn’t.'"

Nerval's Lobster writes "Tech publications and pundits alike have crowed about the benefits we're soon to collectively reap from healthcare analytics. In theory, sensors attached to our bodies (and appliances such as the fridge) will send a stream of health-related data — everything from calorie and footstep counts to blood pressure and sleep activity — to the cloud, which will analyze it for insight; doctors and other healthcare professionals will use that data to tailor treatments or advise changes in behavior and diet. But the sensors still leave a lot to be desired: 'smart bracelets' such as Nike's FuelBand and FitBit can prove poor judges of physical activity, and FitBit's associated app still requires you to manually input records of daily food intake (the FuelBand is also a poor judge of lower-body activity, such as running). FDA-approved ingestible sensors are still being researched, and it'd be hard to convince most people that swallowing one is in their best interests. Despite the hype about data's ability to improve peoples' health, we could be a long way from any sort of meaningful consumer technology that truly makes that happen."

chicksdaddy writes "Cyber attacks on 'connected vehicles' are still in the proof of concept stage. But those proofs of concept are close enough to the real thing to prompt an inquiry from U.S. Senator Ed Markey, who sent a letter to 20 major auto manufacturers (PDF) asking for information about consumer privacy protections and safeguards against cyber attacks in their vehicles. Markey's letter, dated December 2, cites recent reports of 'commands...sent through a car's computer system that could cause it to suddenly accelerate, turn or kill the breaks,' and references research conducted by Charlie Miller and Chris Valasek (PDF) on the Toyota Prius and Ford Escape. 'Today's cars and light trucks contain more than 50 separate electronic control units (ECUs), connected through a controller area network (CAN) ... Vehicle functionality, safety and privacy all depend on the functions of these small computers, as well as their ability to communicate with one another,' Markey wrote. Among the questions Markey wants answers to: What percentage of cars sold in model years 2013 and 2014 do not have any wireless entry points? What are automakers' methods for testing for vulnerabilities in technologies it deploys — including third pressure technologies? Markey asks specifically about tire pressure monitors, bluetooth and other wireless technologies and GPS (like Onstar). What third party penetration testing is conducted on vehicles (and any results)? What intrusion detection features exist for critical components like controller area network (CAN) buses on connected vehicles?"

An anonymous reader writes in with news about a NASA project that aims to grow plants on the moon in specially made containers. "In 2015, NASA will attempt to make history by growing plants on the Moon. If they are successful, it will be the first time humans have ever brought life to another planetary body. The Lunar Plant Growth Habitat team, a group of NASA scientists, contractors, students and volunteers, is finally bringing to life an idea that has been discussed and debated for decades. They will try to grow arabidopsis, basil, sunflowers, and turnips in coffee-can-sized aluminum cylinders that will serve as plant habitats. But these are no ordinary containers – they’re packed to the brim with cameras, sensors, and electronics that will allow the team to receive image broadcasts of the plants as they grow. These habitats will have to be able to successfully regulate their own temperature, water intake, and power supply in order to brave the harsh lunar climate."

schwit1 writes "As Silk Road emerged from the 'dark-web', other sites have appeared offering services that are frowned upon by most. As Forbes reports, perhaps the most-disturbing is 'The Assassination Market' run by a pseudonymous Kuwabatake Sanjuro. The site, remarkably, is a crowdfunding service that lets anyone anonymously contribute bitcoins towards a bounty on the head of any government official–a kind of Kickstarter for political assassinations. As Forbes reports, NSA Director Alexander and President Obama have a BTC40 bounty (~$24,000) but the highest bounty — perhaps not entirely surprising — is BTC 124.14 (~$75,000) for none other than Ben Bernanke."

Several sources, including this report at Forbes, and this one at All Things Digital, say that Apple has bought (or is in the process of buying) Tel-Aviv based PrimeSense, the company behind the 3-D sensing technology in Microsoft's Kinect, for $345 million. The Forbes piece also gives a compact but interesting summary of the possibilities of ubiquitous 3-D hardware, and the sudden, recent drop in price of the components necessary for that to happen. Devices like the Lynx 3-D scanner that I saw at last year's SXSW (targeting the cheap and portable end of the 3-D scanning market) may have a lot of competition in the near future.

Jah-Wren Ryel writes "Yes, there's yet another company out there with an inscrutable system making decisions about you that will affect the kinds of services you're offered. Based out of L.A.'s 'Silicon Beach,' Telesign helps companies verify that a mobile number belongs to a user (sending those oh-so-familiar 'verify that you received this code' texts) and takes care of the mobile part of two-factor authenticating or password changes. Among their over 300 clients are nine of the ten largest websites. Now Telesign wants to leverage the data — and billions of phone numbers — it deals with daily to provide a new service: a PhoneID Score, a reputation-based score for every number in the world that looks at the metadata Telesign has on those numbers to weed out the burner phones from the high-quality ones."

Hugh Pickens DOT Com writes "Kim Gittleson reports at BBC that car insurance firms like Progressive are trying to convince consumers that letting them monitor their driving behavior is actually a good thing. They say that the future of car insurance is not just being able to monitor individual drivers to give them lower prices, but also to make them better drivers. 'Now that we can observe directly how people drive, we think this will change the way insurance works,' says Dave Pratt, who says that Progressive has more than a trillion seconds of driving data from 1.6 million customers. '18-year-old guys pay a lot for insurance, but some 18-year-olds are really safe drivers and they deserve a better deal.' Better big data technologies, like the telematic driving data collected by car companies (PDF) or even information gathered from social media profiles, can help augment that risk profile. 'If I'm a driver that doesn't drive that frequently, and I have a pattern that would indicate that I drive more carefully than an average person with my profile, then I may be able to save 30-40% on my car insurance, and that's pretty significant,' says Joe Reifel. For now, using big data analytics for insurers is still in the early stages. Only 2% of the U.S. car insurance market offers an insurance product based on monitoring driving, but that proportion is projected to grow to around 10-15% of the market by 2017. And other countries, like Italy and the U.K., are already using the data to analyze not just risk profiles but also to determine who is at fault in car accidents. The future, most analysts agree is create a continuous feedback loop between insurers and consumers, so that consumers will react to the big data analyses that insurers perform and change their behavior accordingly. 'Bad drivers will at some point need to improve their driving or accept [having] to pay for the real risk they represent,' says Jacques Amselem."

ericgoldman writes "Terry Childs was a network engineer in San Francisco, and he was the only employee with passwords to the network. After he was fired, he withheld the passwords from his former employer, preventing his employer from controlling its own network. Recently, a California appeals court upheld his conviction for violating California's computer crime law, including a 4 year jail sentence and $1.5 million of restitution. The ruling (PDF) provides a good cautionary tale for anyone who thinks they can gain leverage over their employer or increase job security by controlling key passwords."

SonicSpike writes "An FBI official notes that the bureau has located and seized a collection of 144,000 bitcoins, the largest seizure of that cryptocurrency ever, worth close to $28.5 million at current exchange rates. It believes that the stash belonged to Ross Ulbricht, the 29-year-old who allegedly created and managed the Silk Road, the popular anonymous drug-selling site that was taken offline by the Department of Justice after Ulbricht was arrested earlier this month and charged with engaging in a drug trafficking and money laundering conspiracy as well as computer hacking and attempted murder-for-hire. The FBI official wouldn't say how the agency had determined that the Bitcoin 'wallet' — a collection of Bitcoins at a single address in the Bitcoin network — belonged to Ulbricht, but it was sure they were his. 'This is his wallet,' said the FBI official. 'We seized this from DPR,' the official added, referring to the pseudonym 'the Dread Pirate Roberts,' which prosecutors say Ulbricht allegedly used while running the Silk Road."

sl4shd0rk writes "In what could be an act of desparation of a company in it's death throes, Blackberry has submitted their BBM messaging application to Google Play for download. While this may seem like a logical path for a company on life-support, what wasn't expected is the sheer number of identical 5-star reviews the application has received since being posted. In what appears to be review 'ballot stuffing,' it poses the questions of just how Google is going to handle the subject of manufactured reviews as well as how many other entities have engaged in the same behavior. The same problems have plagued Amazon's review system as well bringing into question the validity of 'crowd based review' and whether it's possible to legitimize this type of system." The linked article points out that the suspicious posts may be the result of ballot stuffing intended to hype one of the unofficial Blackberry apps, rather than RIM's own.

An anonymous reader writes "Smart watches have arrived, and Google Glass is on its way. As early-adopters start to gain some experience with these devices, they're learning some interesting lessons about how wearable computing affects our behavior differently from even smartphones and tablets. Vint Cerf says, 'Our social conventions have not kept up with the technology.' Right now, it's considered impolite to talk on your cellphone while checking out at the grocery store, or to ignore a face-to-face conversation in favor of texting somebody. But 20 years ago, those actions weren't even on our social radar. Wearable devices create some obvious social problems, like the aversion to Glass's ever-present camera. But there are subtler ones, as well, for which we'll need to develop another set of social norms. A Pebble smart watch user gave an example: 'People thought I was being rude and checking the time constantly when I was really monitoring incoming messages. It sent the wrong signal.' The article continues, 'Therein lies the wearables conundrum. You can put a phone away and choose not to use it. You can turn to it with permission if you're so inclined. Wearables provide no opportunity for pause, as their interruptions tend to be fairly continuous, and the interaction is more physical (an averted glance or a vibration directly on your arm). It's nearly impossible to train yourself to avoid the reflex-like response of interacting. By comparison, a cell phone is away (in your pocket, on a table) and has to be reached for.'"

Daniel_Stuckey writes "If you give a mouse a cookie, you can spend all day following it around the house while it wants to do a bunch of tedious activities. Or, you can trap it in a box, keep feeding it cookies, and then make the outrageous claim that Oreos are as addictive as cocaine. Students at Connecticut College opted for the second option, and the consequences that ensued were much more annoying than making some arts and crafts with a darn mouse. Fox News reported that a 'College study finds Oreo cookies are as addictive as drugs,' Forbes explained 'Why Your Brain Treats Oreos Like a Drug,' and a ton of other sites ran with the story as well. Here's how the experiment, which has not been peer reviewed and has not been presented yet, went down. Mice were placed in a maze, with one end holding an Oreo and the other end holding a rice cake. The mice, without fail, decided to eat the Oreo over the rice cake, proving once and for all that mice like cookies better than tasteless discs with a styrofoamy texture."

An anonymous reader writes "Winston Smith, the protagonist of George Orwell's novel 1984, resorted to hiding the bushes with his lover in a failed attempt to escape the government's ubiquitous surveillance. Orwell was concerned with totalitarianism and explicit thought control enforced by police action. While that is still very much an issue for many of the world's residents, here in the West there is an unsettling feeling about a more subtle form of thought manipulation, as more and more of our activities are watched, cataloged, and analyzed by more and more institutions — governments, businesses, non-profits, political parties, mostly for predictive purposes. At least we have a name for it now: 'Dataland', a term suggested by Kate Crawford of Microsoft Research, who studies the sociological effects of networking technologies. Crawford has been written up in Slashdot before. She's criticized the indiscriminate adoption of Big Data analytics on several grounds, including the loss of anonymity, erroneous conclusions from skewed datasets, and the prospect of secret discrimination."

Techdirt has an interesting followup on the arrest and indictment of Silk Road founder Ross Ulbricht, in connection to which the FBI seized 26,000 or so Bitcoins. From the Techdirt piece: "However, in the criminal complaint against Ulbricht, it suggested that his commissions were in the range of $80 million -- or about 600,000 Bitcoins. You might notice the disconnect between the 26,000 Bitcoins seized and the supposed 600,000 Ulbright made. It now comes out that those 26,000 Bitcoins aren't even Ulbricht's. Instead, they're actually from Silk Road's users. In other words, these were Bitcoins stored with user accounts on Silk Road. Ulbricht's actual wallet is separate from that, and was apparently encrypted, so it would appear that the FBI does not have them, nor does it have any way of getting at them just yet. And given that some courts have argued you can't be forced to give up your encryption, as it's a 5th Amendment violation, those Bitcoins could remain hidden -- though, I could see the court ordering him to pay the dollar equivalent in restitution (though still not sure that would force him to decrypt the Bitcoins)." The article also notes that the FBI's own Bitcoin wallet has been identified, leading to some snarky micropayment messages headed their direction.

Dawn Kawamoto writes "Lockheed employees are the latest casualty in the government shutdown, with the defense contractor announcing Friday it plans to furlough 3,000 workers on Monday. But what they didn't mention is they are laying off workers too, says a Lockheed source on the hush-hush. Lockheed, of course, isn't the only defense contractor taking it on the chin. Other contractors include United Technologies, which has furloughed 2,000, and BAE Systems which cut 1,000."

richi writes "Kevin Warwick: His name raises extremes of opinion. For more than a decade, this highly controversial cybernetics professor has been making waves. His high-profile experiments — and even higher-profile claim that he's the first living cyborg — earned him column inches and unflattering nicknames. In this Forbes interview, 'Captain Cyborg' talks about exploding motorcycles, wireless power, and fish and chips."

We mentioned recently the rebound in Arctic ice levels compared to those found at the end of last summer; now that the 2013 minimum has been reached, Forbes' Alex Knapp points out that 2013's figures still show the 6th lowest ice extent in recorded history. "This pattern is expected to continue as average global temperatures continue to rise, leading to further Arctic Ice melts. The volume of sea ice – that is, how thick the Arctic ice is, has also been steadily declining over the same period. And although the charts above only go back to the 80s, the loss of sea ice began several decades prior to that. In 2011, a paper published in Nature estimating Arctic ice extent for the past 1450 years shows a sharp decline in Arctic ice beginning in the mid-20th century."

First time accepted submitter Guy From V writes "Charles Carreon, zany lawyer and poster-child for the Streisand Effect (sorry Babs) for his lawsuit against The Oatmeal creator Mattew Innman last year in his original role as legal counsel for Funnyjunk, as reported by ArsTechnica, seems to have finally called it quits. In other news, the River Styx has reportedly dropped below 32 degrees Fahrenheit."

First time accepted submitter Guy From V writes "Charles Carreon, zany lawyer and poster-child for the Streisand Effect (sorry Babs) for his lawsuit against The Oatmeal creator Mattew Innman last year in his original role as legal counsel for Funnyjunk, as reported by ArsTechnica, seems to have finally called it quits. In other news, the River Styx has reportedly dropped below 32 degrees Fahrenheit."

LeadSongDog writes "A piece in yesterday's Forbes offers arguments on why not all 'Non-Practicing Entities' are 'Patent Trolls.' Comments here on such businesses are often critical. Is there a right way to trade in patents for profit without abusing the process?" From the article: "The Founders’ decision to foster non-practicing entities and patent licensing proved crucial to America’s rapid technological progress and economic growth. Patent records from the nineteenth century reveal that more than two-thirds of all the great inventors of the Industrial Revolution, including Thomas Edison and Elias Howe, were non-practicing entities who focused on invention and licensed some or all of their patents to others to develop into new products."

An anonymous reader writes in with a story about the advocacy group "Peers". The group says their goal is to “mainstream, protect, and grow the sharing economy.” "The growth of the 'sharing economy,' a loosely defined term generally referring to the internet-enabled peer-to-peer exchanges of goods, has brought with it a shift in the way we think about consumption. Its rise has been fast, and loud. What started with a few enterprising individuals willing to let complete strangers sleep in their homes and use their possessions has now developed into a formidable economic force that threatens to upend several different industries. Along the way, it has posed some major legal challenges. The companies that are pushing it forward have continually undermined local ordinances, consumer safeguards, and protectionist regulations alike. As a result, governments around the country are trying to reign them in. That’s where Silicon Valley’s newest advocacy group comes in."

Sparrowvsrevolution writes "The world's first 3D-printed gun known as the Liberator has been treated as a technological marvel and a terrorist threat. Now it's officially become a work of art. On Sunday, London's Victoria & Albert museum of art and design announced that it's buying two of the original Liberator printed guns from their creator, the libertarian hacker non-profit known as Defense Distributed, and will display them during its Design Festival. Cody Wilson, Defense Distributed's founder, calls the museum's acquisition of the gun a victory for his group: 'It will now be this curated, permanent cultural provocation.'"

cagraham writes "Pandora has been the standard for internet radio since it launched in 2000, and just announced the appointment of new CEO Brian McAndrews. They claim they're not worried about Apple, but iTunes' massive user base (575 million), content deals, and cheaper pricing options should give them legitimate reason for concern. Can Pandora survive iTunes Radio? Do a-la-carte options like Spotify make any internet radio service irrelevant?"

In the northeast U.S., most of the tolls people encounter when driving make use of a system called E-ZPass to let them pay the tolls electronically. Drivers are given small RFID transponders that are scanned in tollbooths, at which point the toll is automatically deducted from a pre-paid account. One hacker got curious whether the RFID tags were being scanned elsewhere, so he tweaked his E-ZPass to blink a light and make a noise every time it was read. He tested the streets of New York City, and wasn't surprised to see it light up in plenty of places where there were no tollbooths to be found. From the article: "It’s part of Midtown in Motion, an initiative to feed information from lots of sensors into New York’s traffic management center. A spokesperson for the New York Department of Transportation, Scott Gastel, says the E-Z Pass readers are on highways across the city, and on streets in Manhattan, Brooklyn and Staten Island, and have been in use for years. The city uses the data from the readers to provide real-time traffic information, as for this tool. The DoT was not forthcoming about what exactly was read from the passes or how long geolocation information from the passes was kept. Notably, the fact that E-ZPasses will be used as a tracking device outside of toll payment, is not disclosed anywhere that I could see in the terms and conditions. When I talked to the E-ZPass Inter-agency Group — the umbrella association that oversees the use of the pay-toll-paying tags in 15 different states — it said New York is the only state that is employing this inventive re-use of the tags. ... 'If NYDOT can put up readers, says [the hacker], 'other agencies could as well.'"

Nerval's Lobster writes "Apple's iPhone 5S features a fingerprint scanner embedded in the home button. Of course, fingerprint-scanning technology isn't new: Bloomberg Terminals feature a built-in fingerprint reader to authenticate users, for example, and various manufacturers have experimented with laptops and smartphones that require a thumb to login. But the technology has thus far failed to become ubiquitous in the consumer realm, and it remains to be seen whether the new iPhone — which is all but guaranteed to sell millions of units — can popularize something that consumers don't seem to want. Security experts seem to be adopting a wait-and-see attitude with regard to Apple's newest trick. 'I'd caution right away, let's see how it tests and what people come up with to break it,' Brent Kennedy, an analyst with the U.S. Computer Emergency and Readiness Team, told Forbes. 'I wouldn't rely on it solely, just as I wouldn't with any new technology right off the bat.' And over at Wired, technologist Bruce Schneier is suggesting that biometric authentication could be hacked like anything else. 'I'm sure that someone with a good enough copy of your fingerprint and some rudimentary materials engineering capability — or maybe just a good enough printer — can authenticate his way into your iPhone,' he wrote. 'But, honestly, if some bad guy has your iPhone and your fingerprint, you've probably got bigger problems to worry about.'"

Sparrowvsrevolution writes "It should come as no surprise to Bitcoin users that despite the pseudonymity the cryptocurrency offers, its transactions can be tracked. But University of California at San Diego researcher Sarah Meiklejohn proved that privacy problem more clearly than ever by showing a reporter that she could detect a specific point in Bitcoin's blockchain record of transactions where he had spent Bitcoins in exchange for marijuana on the Silk Road, the most popular online Bitcoin-based black market for drugs. To simulate a law enforcement subpoena, the reporter for Forbes began by giving Meiklejohn a Bitcoin address associated with Forbes' account. But with just that information, Meiklejohn was able to draw on a "clustering" analysis she had performed to identify Silk Road addresses and match them with the one used in the .3 BTC drug buy. She admits that a user who took more efforts to obscure his or her Bitcoin address through a laundering service or other unidentified Bitcoin wallets would be harder to track."

PolygamousRanchKid writes, quoting Forbes "Researchers at Sweden's Lund University have announced that they've been able to confirm the existence of element 115 on the periodic table. This research team isn't the first to create element 115, which is currently known as ununpentium. The first claim that ununpentium had been synthesized in a lab was by a joint group of Russian and American researchers, who believed that they created it in their lab in 2004."

stomv writes "Vermont Yankee nuclear plant is to close in late 2014, about 20 years before its (extended) NRC operating permit expires in 2032. Vermont Yankee is a merchant plant, which means that it sells its energy and capacity on the open New England market. The three reasons cited by Entergy, the owner, for closing are: low natural gas prices, high ongoing capital costs of operating a single unit reactor, and wholesale market flaws which keep energy and capacity prices low and doesn't reward the fuel diversity benefits that nuclear provides."

Hugh Pickens DOT Com writes "Tom Worstall writes in Forbes that the only way to get around the entrenched culture that has made Microsoft a graveyard for the kind of big ideas that have inspired companies like Apple, Google, and Amazon is to split the company up so as to remove conflicts between new and old products. With Ballmer's departure, instead of finding someone new to run the company, bring in experts to handle the legal side and find suitable CEOs for the new companies. 'The underlying problem for Microsoft is that the computing market has rapidly left behind the company's basic strategy of controlling the machines that people use with operating-system software,' says Erik Sherman. 'The combination of mobile devices that broke Microsoft's grip on the client end, and cloud computing that didn't necessarily need the company in data centers, shattered this form of control.' Anyone can see how easily you could split off the gaming folks, business division, retail stores, and hardware division says John Dvorak. Each entity would have agreements in place for long-term supply of software and services. 'This sort of shake up would ferret out all the empire builders and allow for new and more creative structures to emerge. And since everyone will have to be in a semi-startup mode, the dead wood will be eliminated by actual hard work.'"

Hugh Pickens DOT Com writes "Tom Groenfeldt reports in Forbes that the U.S. Postal Service has awarded a contract to SecureKey to implement the Federal Cloud Credential Exchange (FCXX) designed to enable individuals to securely access online services at multiple federal agencies — such as health benefits, student loan information, and retirement benefit information — without the need to use a different password or other digital identification for each service. SecureKey already operates a trusted identity service in Canada using identification keys provided by one of five participating Canadian banks. It allows Canadians to connect with 120 government programs online with no additional user names or passwords for everything from benefits queries to fishing licenses. The SecureKey program is designed to connect identity providers — such as banks, governments, healthcare organizations, and others — with consumers' favorite online services though a cloud-based broker service. The platform allows identity providers and online services to integrate once, reducing the integration and business complexity otherwise incurred in establishing many-to-many relationships."

oritonic1 writes "Germany is rapidly developing a tradition of shattering its own renewable energy goals and leaving the rest of the world in the dust. This past July was no exception, as the nation produced 5.1 TWh of solar power (PDF), beating not only its own solar production record, but also eclipsing the record 5TWh of wind power produced by German turbines in January. Renewables are doing so well, in fact, that one of Germany's biggest utilities is threatening to migrate to Turkey."

mcgrew writes "Forbes has an article about a new type of fuel cell that is 90% less costly than current cells at one tenth the size (making it the size of a dishwasher), with far higher efficiency than current cells. It runs at only 149 degrees Celsius (300F) . It was jointly developed by Diverse Energy and the University of Maryland. 'The first-generation Cube runs off natural gas, but it can generate power from a variety of fuel sources, including propane, gasoline, biofuel and hydrogen. The system is a highly efficient, clean technology, emitting negligible pollutants and much less carbon dioxide than conventional energy sources. It uses fuel far more efficiently than an internal combustion engine, and can run at an 80 percent efficiency when used to provide both heat and power.' It produces enough power to run a moderate-sized grocery store, or five homes. A smaller, home-sized unit is on the way. Is the municipal power plant on the way out?"

Mr.Intel writes "Should we believe it? Those of us under 55 who drink a lot of coffee – more than four cups per day – may be at greater risk of an early death. And not just death from heart problems, but death from all causes. The study, published in Mayo Clinic Proceedings (abstract), followed people for almost two decades, and found that in both sexes, younger people were more likely to die of anything than people who drank less."