Slashdot Mirror

An anonymous reader writes: Microsoft has released a Chrome extension named "Windows Defender Browser Protection" that ports Windows Defender's -- and inherently Edge's -- anti-phishing technology to Google Chrome. The extension works by showing bright red-colored pages whenever users are tricked into accessing malicious links. The warnings are eerily similar to the ones that Chrome natively shows via the Safe Browsing API, but are powered by Microsoft's database of malicious links —also known as the SmartScreen API.

Chrome users should be genuinely happy that they can now use both APIs for detecting phishing and malware-hosting URLs. The SmartScreen API isn't as known as Google's more famous Safe Browsing API, but works in the same way, and possibly even better. An NSS Labs benchmark revealed that Edge (with its SmartScreen API) caught 99 percent of all phishing URLs thrown at it during a test last year, while Chrome only detected 87 percent of the malicious links users accessed.

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 66 for Windows, Mac, Linux, and Android. The desktop release includes autoplaying content muted by default, security improvements, and new developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. In our tests, autoplaying content that is muted still plays automatically. Autoplaying content with sound, whether it has visible controls or not, and whether it is set to play on loop or not, simply does not start playing. Note that this is all encompassing -- even autoplaying content you are expecting or is the main focus of the page does not play. YouTube videos, for example, no longer start playing automatically. And in case that's not enough, or if a page somehow circumvents the autoplaying block, you can still mute whole websites.

Jonathan M. Gitlin from Ars Technica reviews a new navigation app called Live Roads, which promises 1.5m-accuracy via your current smartphone without the need of any extra hardware. In a nutshell, the app provides more accurate mapping/navigation than what's currently available via Google Maps or Apple Maps, but it's still not quite as accurate as a true "HD map." HD maps are accurate to within a centimeter or two and are usually made by a combination of traditional surveying and lidar scanning. Here's an excerpt from the report: A few weeks after talking with the company, I was delivered a Samsung S7 loaded with Live Roads. I'll be honest: I'm not that familiar with Android, and this isn't really a review of the app. I used it enough to check that it does what it claims, but I didn't use it as my sole method of navigation. However, this brief bit of user-testing did let me check out the claims in that email. I don't think I'd equate the app with the HD maps that autonomous vehicles will need. For one thing it's readable by a human being; for another it's not quite that accurate. But the spatial resolution was indeed better than it should be on a consumer phone, and Live Roads was able to locate me down to a specific lane on a multi-lane road. Various navigation apps give you lane-specific instructions -- for instance, telling you to stay in the middle two lanes if you're approaching a complicated intersection. Where Live Roads differs is that it can also tell which lane you're actually in. Whether this is enough of a feature to build a business model around is an open question; I'm quite happy using Google Maps on iOS, with occasional forays into Waze (running in the background to warn of speed traps) and Apple Maps (if I'm driving something with CarPlay and the infotainment's built-in navigation sucks).

But it left me wondering: how does it work? Paul Konieczny, CEO of Live Roads, gave me an explanation -- up to a point. "Primarily it is based around sensor fusion and certain probabilistic models -- we call it the Black Box," he said. "The current release of the app that is available in the Play Store has an earlier revision of our Black Box. This initial version is missing some of the functionality of the full-fledged system and thus has a spatial resolution of ~2.5m. This compares favorably to standard GPS that has a resolution of 4.0 m+." By summer, Konieczny hopes that the system will be fully operational and that accuracy will be down to under 1.5m. Assuming a large enough user base, that should let it offer lane-specific traffic data, "as well as introducing an entire ecosystem of 3D objects that users will be able to interact with," he told me.

According to 9to5Google, Google's dialer app for Pixel, Nexus, and Android One devices is being upgraded with the ability to send spam calls straight to voicemail. "In 2016, the app began alerting users to potential spam callers by flashing the incoming call screen bright red, with another 'Suspected spam caller' alert just underneath the phone number," reports 9to5Google. The new spam filtering feature goes a step further. From the report: [U]sers will not receive a missed call or voicemail notification, though filtered calls will appear in call history and any voicemails left will still show up in that respective tab. This feature is rolling out worldwide over the next few weeks, but those who join the new beta will have initial access to it. Like its other programs, Google notes that the test allows you to use experimental features before they're released. Google warns that features will still be in-development, might be unstable, and have "a few problems." Meanwhile, users will have the ability to submit in-app feedback throughout the process. Head to the Google Play listing for the Phone app and scroll down to "Become a tester" in order to join.

shanen writes: Due to the recent kerfuffles, I decided to try again to see what Google had on me. This time I succeeded and failed, in contrast to the previous pure failures. Yes, I did find Google's takeout website and downloaded all of "my data," but no, it means nothing to me. Here are a few sub-questions I couldn't answer:

1. Much more data than I ever created, so where did the rest come from?
2. How does the data relate to the characteristic vector that Google uses to characterize me?
3. What tools do Googlers use to make sense of the data?

Lots more questions, but those are the ones that are most bugging me right now. Question 2. is probably heaviest among them, since I've read that the vector has 700 dimensions... So do you have any answers? Or better questions? Or your own takeout experiences to share? Oh yeah, one more thing. Based on my own troubled experience with the download process, it is clear that Google doesn't really want us to download the so-called "our own" data. My Question 4. is now: "What is Google hiding about me from me?"

Christine Peterson is a long-time futurist who co-founded the nanotech advocacy group the Foresight Institute in 1986. One of her favorite tasks has been contacting the winners of the institute's annual Feynman Prize in Nanotechnology, but she also coined the term "Open Source software" for that famous promotion strategy meeting in 1998. Now Christine's agreed to answer questions from Slashdot readers. We'll pick the very best questions and forward them along for answers.

Interestingly, Christine was also on the Editorial Advisory Board of NASA's Nanotech Briefs, and on the state of California's nanotechnology task force. Her tech talks at conferences include "Life Extension for Geeks" at Gnomedex and "Preparing for Bizarreness: Open Source Physical Security" at the 2007 Singularity Summit. Another talk argues that the nanotech revolution will be like the information revolution, except that "Instead of with bits, we should do it with atoms," allowing molecule-sized machines that can kill cancer and repair DNA. Her most recent publication is "Cyber, Nano, and AGI RIsks: Decentralized Approaches to Reducing Risks." Christine graduated from MIT with a bachelors in chemistry.

So leave your best questions in the comments. (Ask as many questions as you'd like, but please, one per comment.) We'll pick the very best questions and forward them along for answers.

Google is replacing its URL shortener service, goo.gl, with Firebase Dynamic Links (FDL) as of April 13th. These new smart URLs will let you send people to any location within iOS, Android or web apps. Engadget reports: You won't be able to create new goo.gl short links after the 13th, but existing users can manage them via the goo.gl console for the next year. After that, all the links will still work, but you won't be able to access the console itself after March 30th, 2019. Google suggests creating FDLs from now on, or using other shortening services like Bitly and Ow.ly.

Google is launching a new AI voice synthesizer, named Cloud Text-to-Speech, that will be available for any developer or business that needs voice synthesis on tap, whether that's for an app, website, or virtual assistant. The Cloud Text-to-Speech service is being powered by WaveNet, software created by Google's UK-based AI subsidiary DeepMind. The Verge explains why this is significant: First, ever since Google bought DeepMind in 2014, it's been exploring ways to turn the company's AI talent into tangible products. So far, this has meant using DeepMind's algorithms to reduce electricity costs in Google's data centers by 40 percent and DeepMind's forays into health care. But, directly integrating WaveNet into its cloud service is arguably more significant, especially as Google tries to win cloud business away from Amazon and Microsoft, presenting its AI skills as its differentiating factor. Second, DeepMind's AI voice synthesis tech is some of the most advanced and realistic in the business. Most voice synthesizers (including Apple's Siri) use what's called concatenative synthesis, in which a program stores individual syllables -- sounds such as "ba," "sht," and "oo" -- and pieces them together on the fly to form words and sentences. This method has gotten pretty good over the years, but it still sounds stilted.

WaveNet, by comparison, uses machine learning to generate audio from scratch. It actually analyzes the waveforms from a huge database of human speech and re-creates them at a rate of 24,000 samples per second. The end result includes voices with subtleties like lip smacks and accents. When Google first unveiled WaveNet in 2016, it was far too computationally intensive to work outside of research environments, but it's since been slimmed down significantly, showing a clear pipeline from research to product. The Verge has embedded some samples in their report to see how WaveNet sounds.

An anonymous reader quotes a report from Motherboard: Porn performer Avey Moon was trying to send the lucky winner of her Chaturbate contest his prize -- one of her videos, titled "POV Blowjob" -- through her Google Drive account. But it wouldn't send, and Google wasn't telling her why. "I thought there was something wrong with my file and I got rather worried," Moon told me in a Twitter message. "I had promised this guy his content and he was so good to me. I was panicked because I thought if I couldn't give him his prize, he would feel like he got ripped off and never come back again or worse, he could actually file a complaint with Chaturbate about me and they can take money from me." She's not alone. Six porn performers I talked to and more on social media said that they suddenly can't download adult content they keep on Google Drive. They also said they can't a share that content with other accounts or send to clients. In some cases, the adult content is disappearing from Drive without warning or explanation. The porn performers I talked to started sounding the alarm on Twitter last week. They said that Google Drive no longer seemed sex-trade friendly, detailing error messages and sharing cloud storage alternatives with each other.

When I asked about sexual content being blocked on Drive, a spokesperson for Google directed me to the Drive policy page -- specifically the section on sexually explicit material, which says, "Do not publish sexually explicit or pornographic images or videos.... Additionally, we do not allow content that drives traffic to commercial pornography." Writing about porn and sex is permitted, the policy states, as long as it's not accompanied by sexually explicit images or videos. According to Google, Drive uses a combination of automated systems and manual review to decide what's in violation. One worker said they've been using Google Drive for most of the last five and a half years but just recently received an error message when sending a video, saying that the item may violate Google's Terms of Service, with a link to request a review. In this case, the video title was explicit, but other adult performers report similar messages when sending content with non-explicit titles. "Some sex workers are wondering if this has something to do with the impending vote on the SESTA-FOSTA bill," reports Motherboard. We now have learned that the Senate has passed the bill.

According to TechCrunch, Google is acquiring Lytro, the imaging startup that began as a ground-breaking camera company for consumers before pivoting to use its depth-data, light-field technology in VR. From the report: One source described the deal as an "asset sale" with Lytro going for no more than $40 million. Another source said the price was even lower: $25 million and that it was shopped around -- to Facebook, according to one source; and possibly to Apple, according to another. A separate person told us that not all employees are coming over with the company's technology: some have already received severance and parted ways with the company, and others have simply left. Assets would presumably also include Lytro's 59 patents related to light-field and other digital imaging technology. The sale would be far from a big win for Lytro and its backers. The startup has raised just over $200 million in funding and was valued at around $360 million after its last round in 2017, according to data from PitchBook. Its long list of investors include Andreessen Horowitz, Foxconn, GSV, Greylock, NEA, Qualcomm Ventures and many more. Rick Osterloh, SVP of hardware at Google, sits on Lytro's board. A pricetag of $40 million is not quite the exit that was envisioned for the company when it first launched its camera concept, and in the words of investor Ben Horowitz, "blew my brains to bits."

An anonymous reader quotes a report from Ars Technica: The chief of the Tempe Police has told the San Francisco Chronicle that Uber is likely not responsible for the Sunday evening crash that killed 49-year-old pedestrian Elaine Herzberg. "I suspect preliminarily it appears that the Uber would likely not be at fault in this accident," said Chief Sylvia Moir. Herzberg was "pushing a bicycle laden with plastic shopping bags," according to the Chronicle's Carolyn Said, when she "abruptly walked from a center median into a lane of traffic." After viewing video captured by the Uber vehicle, Moir concluded that "it's very clear it would have been difficult to avoid this collision in any kind of mode (autonomous or human-driven) based on how she came from the shadows right into the roadway." Moir added that "it is dangerous to cross roadways in the evening hour when well-illuminated, managed crosswalks are available." The police said that the vehicle was traveling 38 miles per hour in a 35 mile-per-hour zone, according to the Chronicle -- though a Google Street View shot of the roadway taken last July shows a speed limit of 45 miles per hour along that stretch of road.

A new update is rolling out to Amazon Echo devices that gives users the option to make Alexa respond with a short, beeping sound rather than her customary "OK." Reddit users reported seeing the new feature this week. CNET reports: You access the Brief Mode in the Amazon Alexa app's Settings Menu under "Alexa Voice Responses." You can also ask your Alexa-enabled device to turn on the Brief Mode. Once the setting is enabled, you can ask Alexa to control devices to which she is connected and she will respond with beeps rather than "OK" to let you know that she received and completed the task. Don't want to completely quiet Alexa down? Amazon also rolled out a "Follow-Up Mode" last week that's designed to let you will let you talk to Alexa more naturally. That mode will let you make successive requests without needing to use Alexa's wake word between each command.

Less than two months before Google I/O, Google has rebranded its Android Wear watch platform to "Wear OS." The recent name change is part of a move to have its watches stand apart from Android, but it could also indicate that Google's smartwatch strategy is about to shift. Google may release a completely new Wear OS focused on the Google Assistant or a Google-branded smartwatch. Scott Stein writes via CNET that Android Wear needs more than a new name to fight the Apple Watch: The Apple Watch took over the top spot in global wearable sales recently, according to IDC, despite the fact that it's only compatible with iPhones. Fitbit just announced the Versa, a promising casual smartwatch that will interface with any iPhone or Android and starts at just $200. The wearable market is growing. But where is Google in that picture? The Fossil Group, maker of many of the Android Wear watch products last year, reported some promising numbers: "In 2017, Fossil Group nearly doubled its wearables business to more than $300 million, including 20 percent of watch sales in Q4," said Greg McKelvey, Fossil's chief strategy and digital officer, as part of Google's Wear OS announcement. So it sounds like Android Wear -- sorry, Wear OS -- is still in the game. But the problem, for me, is that I've never found Android Wear watches to be particularly great. Google relaunched Android Wear over a year ago with new software and added fitness smarts, plus standalone phone functions. But Apple's watch strategy has advanced faster, with better hardware. The Apple Watch S3 can be a phone, now. So can Samsung's Gear S3, which runs on Tizen. Google, meanwhile, stopped adding cellular functions to watches after the lackluster LG Watch Sport last year.

Earlier this week, CTS Labs, a Tel Aviv-based cybersecurity startup claimed it has discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices. Linus Torvalds, Linux's creator doesn't buy it. ZDNet reports: Torvalds, in a Google+ discussion, wrote: "When was the last time you saw a security advisory that was basically 'if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?' Yeah." Or, as a commenter put it on the same thread, "I just found a flaw in all of the hardware space. No device is secure: if you have physical access to a device, you can just pick it up and walk away. Am I a security expert yet?" CTS Labs claimed in an interview they gave AMD less than a day because they didn't think AMD could fix the problem for "many, many months, or even a year" anyway. Why would they possibly do this? For Torvalds: "It looks more like stock manipulation than a security advisory to me."

These are real bugs though. Dan Guido, CEO of Trail of Bits, a security company with a proven track-record, tweeted: "Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works." But, Guido also admitted, "Yes, all the flaws require admin [privileges] but all are flaws, not expected functionality." It's that last part that ticks Torvalds off. The Linux creator agrees these are bugs, but all the hype annoys the heck out of him. Are there bugs? Yes. Do they matter in the real world? No. They require a system administrator to be almost criminally negligent to work. To Torvalds, inflammatory security reports are annoying distractions from getting real work done.

Several current and former employees of Tesla said that the automaker is manufacturing a surprisingly high ratio of flawed parts and vehicles, leading to more rework and repairs than can be contained at its factory in Fremont, California. CNBC reports: One current Tesla engineer estimated that 40 percent of the parts made or received at its Fremont factory require rework. The need for reviews of parts coming off the line, and rework, has contributed to Model 3 delays, the engineer said. Another current employee from Tesla's Fremont factory said the company's defect rate is so high that it's hard to hit production targets. Inability to hit the numbers is in turn hurting employee morale. To deal with a backlog of flawed parts and vehicles, said these current and former employees, Tesla has brought in teams of technicians and engineers from its service centers and remanufacturing lines to help with rework and repairs on site in Fremont. They also said that sometimes the luxury EV maker has taken the unusual measure of sending flawed or damaged parts from Fremont to its remanufacturing facility in Lathrop, California, about 50 miles away, instead of fixing those parts "in-line." Tesla flatly denies that its remanufacturing teams engage in rework. "Our remanufacturing team does not 'rework' cars," a spokesperson said. The company said the employees might be conflating rework and remanufacturing. It also said every vehicle is subjected to rigorous quality control involving more than 500 inspections and tests. The report from CNBC has caused Tesla's stock to tumble today. You can read Tesla's full statement about the CNBC report here.

Firefox is working on a blocker for annoying in-page alerts that often ask you to input your email address to receive a newsletter from the site. "The feature is still in the planning stages, but Mozilla is asking users for any examples of sites with annoying pop-ups," reports Android Police. "Mozilla wants to make Firefox automatically detect and dismiss the popups." From the report: If you know of sites that use in-page popups (whether it be newsletter signups, surveys, or something else), you can fill out the survey here. There are also Firefox and Chrome extensions that make the process easier. I'll be interested to see how Mozilla pulls this off, it will no doubt be difficult to detect the difference between helpful and not-helpful popups.

Firefox is working on a blocker for annoying in-page alerts that often ask you to input your email address to receive a newsletter from the site. "The feature is still in the planning stages, but Mozilla is asking users for any examples of sites with annoying pop-ups," reports Android Police. "Mozilla wants to make Firefox automatically detect and dismiss the popups." From the report: If you know of sites that use in-page popups (whether it be newsletter signups, surveys, or something else), you can fill out the survey here. There are also Firefox and Chrome extensions that make the process easier. I'll be interested to see how Mozilla pulls this off, it will no doubt be difficult to detect the difference between helpful and not-helpful popups.

An anonymous reader shares a VentureBeat report: Mozilla today launched Firefox 59 for Windows, Mac, Linux, and Android. The release builds on Firefox Quantum, which the company calls "by far the biggest update since Firefox 1.0 in 2004." Version 59 brings faster page load times, private browsing mode that strips path information, and Android Assist. In related news, Mozilla is giving Amazon Fire TV owners a new design later this week that lets them save their preferred websites by pinning them to the Firefox home screen. Enterprise users also have something to look forward to: On Wednesday, Firefox Quantum for Enterprise is entering the beta phase. Firefox 59 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play.

An anonymous reader quotes an exclusive report from Motherboard: Through a software-aided investigation, Motherboard has found that while YouTube has managed to clamp down on Islamic extremists uploading propaganda, the video giant is still awash with videos supporting violent and established neo-Nazi organizations, even when, in some cases, users have reported the offending videos. Clips of neo-Nazi propaganda operations, hate-filled speeches, and extremists pushing for direct action have remained on the site for weeks, months, or years at a time. Arguably, many if not all of these videos may fall under YouTube's own policy on hate speech, which "refers to content that promotes violence against or has the primary purpose of inciting hatred against individuals or groups based on certain attributes," including race or ethnic origin, religion, and sexual orientation, according to the policy.

Motherboard built a tool to monitor YouTube and make a record of when the platform removed certain videos, and limited the clips to propaganda for established neo-Nazi and far-right terrorist organizations like Atomwaffen, rather than people in the so-called "alt-right." Most of the videos were discovered through simple YouTube searches of relevant organizations' names, or sometimes through the "recommended videos" sidebar after Motherboard had built up a browsing history of neo-Nazi material. For the sake of comparison, over a week-long period Motherboard also tracked pro-ISIS videos uploaded by the group's supporters and then distributed through a network of Telegram channels. Typically, YouTube removed these Islamic extremism videos in a matter of hours, including those that did not contain images of violence, but were instead speeches or other not directly violent content. But YouTube is playing catch up with neo-Nazi material. YouTube removed only two videos that Motherboard was monitoring: two identical clips of a speech from UK terrorist organization National Action.

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 65 for Windows, Mac, Linux, and Android. Additions in this release include Material Design changes and new developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. Chrome 65 comes with a few visual changes. The most obvious is related to Google's Material Design mantra. The extensions page has been completely revamped to follow it. Next up, Chrome 65 replaces the Email Page Location link in Chrome for Mac's File menu with a Share submenu. As you might expect, Mac users can use this submenu to share the URL of a current tab via installed macOS Share Extensions. Speaking of Macs, Chrome 65 is also the last release for OS X 10.9 users. Chrome 66 will require OS X 10.10 or later. Moving on to developer features, Chrome 65 includes the CSS Paint API, which allows developers to programmatically generate an image, and the Server Timing API, which allows web servers to provide performance timing information via HTTP headers.

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 65 for Windows, Mac, Linux, and Android. Additions in this release include Material Design changes and new developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. Chrome 65 comes with a few visual changes. The most obvious is related to Google's Material Design mantra. The extensions page has been completely revamped to follow it. Next up, Chrome 65 replaces the Email Page Location link in Chrome for Mac's File menu with a Share submenu. As you might expect, Mac users can use this submenu to share the URL of a current tab via installed macOS Share Extensions. Speaking of Macs, Chrome 65 is also the last release for OS X 10.9 users. Chrome 66 will require OS X 10.10 or later. Moving on to developer features, Chrome 65 includes the CSS Paint API, which allows developers to programmatically generate an image, and the Server Timing API, which allows web servers to provide performance timing information via HTTP headers.

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 65 for Windows, Mac, Linux, and Android. Additions in this release include Material Design changes and new developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. Chrome 65 comes with a few visual changes. The most obvious is related to Google's Material Design mantra. The extensions page has been completely revamped to follow it. Next up, Chrome 65 replaces the Email Page Location link in Chrome for Mac's File menu with a Share submenu. As you might expect, Mac users can use this submenu to share the URL of a current tab via installed macOS Share Extensions. Speaking of Macs, Chrome 65 is also the last release for OS X 10.9 users. Chrome 66 will require OS X 10.10 or later. Moving on to developer features, Chrome 65 includes the CSS Paint API, which allows developers to programmatically generate an image, and the Server Timing API, which allows web servers to provide performance timing information via HTTP headers.

An anonymous reader quotes a report from The Register: Bruno Le Maire, France's minister for the economy, has revealed that a plan to levy a special tax on Google, Apple, Facebook, and Amazon will soon be revealed by European authorities. Le Maire told French newspaper Le Journal du Dimanche "A European directive will be unveiled in the coming weeks, the minister reveals, and it will mark a considerable step forward." The minister told the paper that a tax of between two and six per cent has been considered, with the proposal to be "closer to two than six." The proposed tax will be levied on the four companies' turnover, rather than profits. Taxing turnover is hoped to offer a simple way to tax the companies, as all use legal-but-cynical ways to minimize their taxable income. Le Maire added that a turnover tax is seen as being quick to implement and that the four companies know they're going to have to pay more tax in Europe, so may be amenable to such an arrangement.

Frederic Lardinois reports via TechCrunch: Hangouts Chat, Google's take on modern workplace communication, is now generally available and is becoming a core part of G Suite. Hangouts Chat was first announced at Google Cloud Next 2017, together with Hangouts Meet. While Meet went right into public availability, though, Chat went into an invite-only preview. Now, Google is rolling Chat out to all G Suite users over the course of the next seven days (so if you don't see it yet, don't despair). For all intents and purposes, Hangouts Chat is Google's take on Slack, Microsoft Teams and similar projects. Since Google first announced this project, Atlassian also joined the fray with the launch of Stride. Like its competitors, Chat is available on iOS, Android and the web.

Chat currently supports 28 languages and each room can have up to 8,000 members. What's maybe just as important, though, is that Google has already built an ecosystem of partners that are integrating with Chat by offering their own bots. They include the likes of Xero, RingCentral, UberConference, Salesforce, Zenefits, Zoom.ai, Jira, Trello, Wrike and Kayak. There's even a Giphy bot. Developers can also build their own bots and integrate their own services with Chat.

An anonymous reader quotes Ars Technica: A major dust-up on an Internet discussion forum is touching off troubling questions about the security of some browser-trusted HTTPS certificates when it revealed the CEO of a certificate reseller emailed a partner the sensitive private keys for 23,000 TLS certificates. The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec...

In communications earlier this month, Trustico notified DigiCert that 50,000 Symantec-issued certificates Trustico had resold should be mass revoked because of security concerns. When Jeremy Rowley, an executive vice president at DigiCert, asked for proof the certificates were compromised, the Trustico CEO emailed the private keys of 23,000 certificates, according to an account posted to a Mozilla security policy forum. The report produced a collective gasp among many security practitioners who said it demonstrated a shockingly cavalier treatment of the digital certificates that form one of the most basic foundations of website security... In a statement, Trustico officials said the keys were recovered from "cold storage," a term that typically refers to offline storage systems. "Trustico allows customers to generate a Certificate Signing Request and Private Key during the ordering process," the statement read. "These Private Keys are stored in cold storage, for the purpose of revocation."
"There's no indication the email was encrypted," reports Ars Technica, and the next day DigiCert sent emails to Trustico's 23,000+ customers warning that their certificates were being revoked, according to Bleeping Computer.

In a related development, Thursday Trustico's web site went offline, "shortly after a website security expert disclosed a critical vulnerability on Twitter that appeared to make it possible for outsiders to run malicious code on Trustico servers."

Every tech company wants to produce a smart speaker these days. Earlier this month, Apple finally launched the HomePod, a smart speaker that uses Siri to answer basic questions and play music via Apple Music. In December, Google released their premium Google Home Max speaker that uses the Google Assistant and Google's wealth of knowledge to play music, answer questions, set reminders, and so on. It may be the most advanced smart speaker on the market as it has the hardware capable of playing high fidelity audio, and a digital assistant that can perform over one million actions. There is, however, no denying the appeal of the Amazon Echo, which is powered by the Alexa digital assistant. Since it first made its debut in late 2014, it has had more time to develop its skill set. Amazon says Alexa controls "tens of millions of devices," including Windows 10 PCs.

A new report from The Guardian, citing the industry site MusicAlly, says that Spotify is working on a line of "category defining" hardware products "akin to Pebble Watch, Amazon Echo, and Snap Spectacles." The streaming music company has posted an ad for a senior product manager to "define the product requirements for internet connected hardware [and] the software that powers it." With Spotify looking to launch a smart speaker in the not-too-distant-future, the decision to purchase a smart speaker has become all the more difficult. Do you own a smart speaker? If so, which device do you own and why? Do you see a clear winner, or can they all satisfy your basic needs?

Google recently removed the convenient "view image" button from its search results as a result of a lawsuit with stock-photo agency Getty. Thankfully, one day later, a developer created an extension that brings it back. 9to5Google reports: It's unfortunate to see that button gone, but an easy to use Chrome extension brings it back. Simply install the extension from the Chrome Web Store, and then any time you view an image on Google Image Search, you'll be able to open that source image. You can see the functionality in action in the video below. The only difference we can see with this extension versus the original functionality is that instead of opening the image on the same page, it opens it in a new tab. The extension is free, and it will work with Chrome for Windows, Mac, Chrome OS, or anywhere else the full version of Chrome can be used. 9to5Google has a separate post with step-by-step instructions to get the Google Images "view image" button back.

An anonymous reader quotes a report from NBC News: NBC News is publishing its database of more than 200,000 tweets that Twitter has tied to "malicious activity" from Russia-linked accounts during the 2016 U.S. presidential election. These accounts, working in concert as part of large networks, pushed hundreds of thousands of inflammatory tweets, from fictitious tales of Democrats practicing witchcraft to hardline posts from users masquerading as Black Lives Matter activists. Investigators have traced the accounts to a Kremlin-linked propaganda outfit founded in 2013 known as the Internet Research Association (IRA). The organization has been assessed by the U.S. Intelligence Community to be part of a Russian state-run effort to influence the outcome of the 2016 U.S. presidential race. And they're not done. At the request of NBC News, three sources familiar with Twitter's data systems cross-referenced the partial list of names released by Congress to create a partial database of tweets that could be recovered. You can download the streamlined spreadsheet (29 mb) with just usernames, tweet and timestamps, view the full data for ten influential accounts via Google Sheets, download tweets.csv (50 mb) and users.csv with full underlying data, and/or explore a graph database in Neo4j, whose software powered the Panama Papers and Paradise Papers investigations.

NBC News' partners at Neo4j have put together a "get started" guide to help you explore the database of Russian tweets. "To recreate a link to an individual tweet found in the spreadsheet, replace 'user_key' in https://twitter.com/user_key/status/tweet_id with the screenname from the 'user_key' field and 'tweet_id' with the number in the 'tweet_id' field," reports NBC News. "Following the links will lead to a suspended page on Twitter. But some copies of the tweets as they originally appeared, including images, can be found by entering the links on webcaches like the Internet Archive's Wayback Machine and archive.is."

Today, Google announced that Android 8.1 Oreo will now display the speed of nearby open Wi-Fi networks to help you decide whether they're even worth the effort of connecting to. The Wi-Fi settings menu will now display one of four speed labels: Very Fast, Fast, OK, or Slow. The Verge reports: The difference between Very Fast and Fast, according to Google, is that you can stream "very high-quality videos" on the former and "most videos" on the latter. Most coffee shop dwellers should be fine with the OK level, as that's enough for web browsing, social media, and Spotify streaming. Private Wi-Fi networks that require passwords don't display any speed data since it's really none of your business and Google can't randomly test them, but they do continue to indicate signal strength. Google says network administrators can also opt out of Android's Wi-Fi Assistant showing speed info by using a "canary URL."

An anonymous reader quotes a report from ZDNet: Google on Wednesday said it will release an update Jan. 18 to fix a bug in Cast software on Android phones that dramatically slows down WiFi networks. Reports have been circulating this week that the Google Home Max speaker can knock the TP-Link Archer C7 router offline. In a support page, Google explains a bug caused the Cast software that connects with Chromecast devices to send a large amount of network traffic routers can't handle. Google said the update will roll out via a Google Play services update. Until the update is released, Google advises users to try rebooting their Android phone, and check that their WiFi router is updated with the latest firmware. Google didn't list specific routers impacted by the bug, but reports have indicated routers from Linksys and Synology are seeing network crashes as well.

The latest update to the Google Arts & Culture app now lets you take a selfie, and using image recognition, finds someone in its vast art collection that most resembles you. It will then present you and your fine art twin side-by-side, along with a percentage match, and let you share the results on social media. Engadget reports: The app, which appears to be unfortunately geo-restricted to the United States, is like an automated version of an article that circulated recently showing folks standing in front of portraits at museums. In many cases, the old-timey people in the paintings resemble them uncannily, but, other than in rare cases, that's not the case at all with Google's app. Google matched me with someone who doesn't look like me in the slightest, a certain Sir Peter Francois Bourgeois, based on a painting hanging in Dulwich Picture Gallery. Taking a buzz around the internet, other folks were satisfied with their matches, some took them as a personal insult, and many were just plain baffled, in that order.

A few months ago, LG announced a partnership with NextRadio to unlock the FM chip in its smartphones. Now, Samsung is doing the same. Android Police reports: NextRadio made the announcement, rightly explaining that FM radio is essential in areas with low connectivity and in emergency and disaster situations where a connection might be difficult to obtain or maintain and where access to information could be a matter of life and death. With the chip unlocked, users will be able to listen to local radio on their phone using the NextRadio Android app. The press release mentions that "upcoming [Samsung] smartphone models in the U.S. and Canada" will have the FM chip unlocked, however I did find several existing Samsung devices with their FM chip enabled on NextRadio's site.

An anonymous reader quotes a report from Ars Technica: Google just announced that it is merging all of its various payment programs into a single brand, called "Google Pay." Google Pay will be a one-stop shop for all your Google Payment needs: NFC smartphone payments, P2P transfers, and Web payments. Google's payment solution site has already clicked over to the new branding, and we'd guess a rebrand of the Android Pay app won't be far behind. The branding should start popping up on store credit card machines, too. So "Google Pay" is the new brand for every kind of payment Google offers -- all without the platform-specific branding problems of Android Pay. Google says this is "just the first step for Google Pay" and it "can't wait to share more."

In a post on Google's Online Security Blog, two engineers described a novel chip-level patch that has been deployed across the company's entire infrastructure, resulting in only minor declines in performance in most cases. "The company has also posted details of the new technique, called Retpoline, in the hopes that other companies will be able to follow the same technique," reports The Verge. "If the claims hold, it would mean Intel and others have avoided the catastrophic slowdowns that many had predicted." From the report: "There has been speculation that the deployment of KPTI causes significant performance slowdowns," the post reads, referring to the company's "Kernel Page Table Isolation" technique. "Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance." "Of course, Google recommends thorough testing in your environment before deployment," the post continues. "We cannot guarantee any particular performance or operational impact."

Notably, the new technique only applies to one of the three variants involved in the new attacks. However, it's the variant that is arguably the most difficult to address. The other two vulnerabilities -- "bounds check bypass" and "rogue data cache load" -- would be addressed at the program and operating system level, respectively, and are unlikely to result in the same system-wide slowdowns.

"The movement to encrypt the web reached milestone after milestone in 2017," writes the EFF, adding that "the web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol." In February, the scales tipped. For the first time, approximately half of Internet traffic was protected by HTTPS. Now, as 2017 comes to a close, an average of 66% of page loads on Firefox are encrypted, and Chrome shows even higher numbers. At the beginning of the year, Let's Encrypt had issued about 28 million certificates. In June, it surpassed 100 million certificates. Now, Let's Encrypt's total issuance volume has exceeded 177 million certificates...

Browsers have been pushing the movement to encrypt the web further, too. Early this year, Chrome and Firefox started showing users "Not secure" warnings when HTTP websites asked them to submit password or credit card information. In October, Chrome expanded the warning to cover all input fields, as well as all pages viewed in Incognito mode. Chrome has eventual plans to show a "Not secure" warning for all HTTP pages... The next big step in encrypting the web is ensuring that most websites default to HTTPS without ever sending people to the HTTP version of their site. The technology to do this is called HTTP Strict Transport Security (HSTS), and is being more widely adopted. Notably, the registrar for the .gov TLD announced that all new .gov domains would be set up with HSTS automatically...

The Certification Authority Authorization (CAA) standard became mandatory for all CAs to implement this year... [And] there's plenty to look forward to in 2018. In a significant improvement to the TLS ecosystem, for example, Chrome plans to require Certificate Transparency starting next April.

"The movement to encrypt the web reached milestone after milestone in 2017," writes the EFF, adding that "the web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol." In February, the scales tipped. For the first time, approximately half of Internet traffic was protected by HTTPS. Now, as 2017 comes to a close, an average of 66% of page loads on Firefox are encrypted, and Chrome shows even higher numbers. At the beginning of the year, Let's Encrypt had issued about 28 million certificates. In June, it surpassed 100 million certificates. Now, Let's Encrypt's total issuance volume has exceeded 177 million certificates...

Browsers have been pushing the movement to encrypt the web further, too. Early this year, Chrome and Firefox started showing users "Not secure" warnings when HTTP websites asked them to submit password or credit card information. In October, Chrome expanded the warning to cover all input fields, as well as all pages viewed in Incognito mode. Chrome has eventual plans to show a "Not secure" warning for all HTTP pages... The next big step in encrypting the web is ensuring that most websites default to HTTPS without ever sending people to the HTTP version of their site. The technology to do this is called HTTP Strict Transport Security (HSTS), and is being more widely adopted. Notably, the registrar for the .gov TLD announced that all new .gov domains would be set up with HSTS automatically...

The Certification Authority Authorization (CAA) standard became mandatory for all CAs to implement this year... [And] there's plenty to look forward to in 2018. In a significant improvement to the TLS ecosystem, for example, Chrome plans to require Certificate Transparency starting next April.

Google is no longer selling the Pixel C, its flagship Android tablet released about two years ago. "Google's commitment to Android on tablets wasn't strong even then, and now the Pixel C is gone from the Google Store -- the listing page redirects you to the Pixelbook," reports Android Police. From the report: The Pixel C was an odd device. By all accounts, the hardware was originally intended to run Chrome OS, but Google couldn't get the platform ready for an all-touch device in time. So, the Pixel C became an Android slate. Google has been selling the device continuously since late 2015. It even offered some discounts on the tablet via the Google Store, which it almost never does for other devices. The 32GB Pixel C was pulled a while back, but Google kept the 64GB variant around. At a whopping $599, I doubt many people were buying it. Now, the Pixel C is completely gone from the Google Store, and there's no new tablet to replace it.

New submitter Jose Deras writes: Nearly 35 years ago, Apple released its first computer with a graphical user interface, called the Lisa. Starting next year, the Computer History Museum will release the Apple Lisa OS for free as an open-source project. According to a new report from Business Insider, the Computer History Museum will release the code behind the Apple Lisa operating system for free as open source, for anyone to try and tinker with. The news was announced via the LisaList mailing list for Lisa enthusiasts.

"While Steve Jobs didn't create the Lisa, he was instrumental in its development. It was Jobs who convinced the legendary Xerox PARC lab to let the Apple Lisa team visit and play with its prototypes for graphical user interfaces," reads the report. "And while Apple at the time said that Lisa stood for 'Local Integrated System Architecture,' Jobs would later claim to biographer Walter Isaacson that the machine was actually named for his oldest daughter, Lisa Nicole Brennan-Jobs." "Then-Apple CEO John Sculley had Jobs removed from the Lisa project, which kicked off years-long animosity between the two," continues the report. "Ultimately, a boardroom brawl would result in Jobs quitting in a huff to start his own company, NeXT Computer. Apple would go on to buy NeXT in 1996, bringing Jobs back into the fold. By 1997, Jobs had become CEO of Apple, leading the company to its present status as the most valuable in the world."

An anonymous reader shares a report: The NSA whistleblower and a team of collaborators have been working on a new open source Android app called Haven that you install on a spare smartphone, turning the device into a sort of sentry to watch over your laptop. Haven uses the smartphone's many sensors -- microphone, motion detector, light detector, and cameras -- to monitor the room for changes, and it logs everything it notices. The first public beta version of Haven has officially been released; it's available in the Play Store and on F-Droid, an open source app store for Android.

"Google's annual list of the most popular searches is here, offering a peek into what people are really thinking about," writes CNN. An anonymous reader quotes their report: This year, you wanted to know more about one of the most powerful storms on record, the devastating Hurricane Irma. But you were also curious about [hip hop artist] Cardi B. and Unicorn Frappuccinos... Like 2017 itself, this year's top searches skew a little darker than usual, but are punctuated with some whimsy and positive moments. The top trending searches in the U.S. were Irma, Matt Lauer, Tom Petty, the Super Bowl and the Las Vegas shooting.

To determine the most popular trending searches, Google looked at its trillions of queries, filtered out spam and repeats, and identified searches that had the highest uptick in traffic compared with the previous year. It breaks them into categories like news, memes, and recipes (beef stroganoff was a hit).
Surprisingly there were more searches for 'iPhone 8" than for 'iPhone X," though those were the top two most-searched consumer technology products. (Followed by Nintendo Switch, Samsung Galaxy S8, and Xbox One X.) Other top searches this year included "What is net neutrality?" as well as questions about what bitcoin is, how to buy it, and the latest bitcoin prices. And one of the 10 most-searched phrases of the year was "fidget spinner."

Google uploaded an inspiring video to YouTube stating "This year more than ever we asked how." To dramatic music, the examples it gives include "How to calm a dog during a storm," "How to help Puerto Rico," "How to make a protest sign" -- and "How to move forward."

A new study claims 44.7 million metric tons (49.3 million tons) of TV sets, refrigerators, cellphones and other electrical good were discarded last year, with only a fifth recycled to recover the valuable raw materials inside. From a report: The U.N.-backed study published Wednesday calculates that the amount of e-waste thrown away in 2016 included a million tons of chargers alone. The U.S. accounted for 6.3 million metric tons, partly due to the fact that the American market for heavy goods is saturated. The original study can be found here (PDF; Google Drive link).

Slashdot reader Bismillah was the first to notice stories about Chromebooks going offline. GeekWire reports: Tens of thousands, perhaps millions, of Google Chromebooks, widely prized by schools due to their low cost and ease of configuration, were reported to be offline for several hours on Tuesday. The apparent cause? A seemingly botched WiFi policy update pushed out by Google that caused many Chromebooks to forget their approved network connection, leaving students disconnected.
Google eventually issued a new network policy without the glitch -- but not everyone was satisfied. The Director of Technology at one school district complains Google waited three and a half hours before publicly acknowledging the problem -- adding that "manually joining a WiFi network on 10,000+ Chromebooks is a nightmare."

According to a Google developer, Android 8.0 Oreo is rolling out to Android Wear devices starting today. The developer said "timing is determined by each watch's manufacturer." 9to5Google notes that there are "no major redesigns with Oreo for the wearable platform," but there are some useful tweaks. From the report: There is a new option to disable touch-to-wake called "Touch lock" in Settings that Google positions as being useful in wet conditions. Google has added the ability to control the strength of vibrations for incoming notifications. Referred to as the "Vibration pattern," options include Normal, Long, and Double. Meanwhile, there is now a toggle to manually enable the "Battery saver," instead of having to wait until the device hits a low charge. This mode disables Vibration, Location services, Wi-Fi & mobile usage, Data & app updates, and the Always-on display. Meanwhile, the update includes notification channels for apps that should provide more granular user control. Google also shared that Wear is now available in seven new countries and languages: Belgium (Dutch), Czech Republic (Czech), El Salvador (Spanish), Honduras (Spanish), Nigeria (English), Paraguay (Spanish), and Portugal (Portuguese).

An anonymous reader quotes a report from Android Police: The Chrome Web Store originally launched in 2010, and serves a hub for installing apps, extensions, and themes packaged for Chrome. Over a year ago, Google announced that it would phase out Chrome apps on Windows, Mac, and Linux in 2018. Today, the company sent out an email to developers with additional information, as well as news about future Progressive Web App support. The existing schedule is mostly still in place -- Chrome apps on the Web Store will no longer be discoverable for Mac, Windows, and Linux users. In fact, if you visit the store right now on anything but a Chromebook, the Apps page is gone. Google originally planned to remove app support on all platforms (except Chrome OS) entirely by Q1 2018, but Google has decided to transition to Progressive Web Apps:

"The Chrome team is now working to enable Progressive Web Apps (PWAs) to be installed on the desktop. Once this functionality ships (roughly targeting mid-2018), users will be able to install web apps to the desktop and launch them via icons and shortcuts; similar to the way that Chrome Apps can be installed today. In order to enable a more seamless transition from Chrome Apps to the web, Chrome will not fully remove support for Chrome Apps on Windows, Mac or Linux until after Desktop PWA installability becomes available in 2018. Timelines are still rough, but this will be a number of months later than the originally planned deprecation timeline of 'early 2018.' We also recognize that Desktop PWAs will not replace all Chrome App capabilities. We have been investigating ways to simplify the transition for developers that depend on exclusive Chrome App APIs, and will continue to focus on this -- in particular the Sockets, HID and Serial APIs."

schwit1 quotes ScienceAlert: In May 2017, researchers at Google Brain announced the creation of AutoML, an artificial intelligence (AI) that's capable of generating its own AIs. More recently, they decided to present AutoML with its biggest challenge to date, and the AI that can build AI created a 'child' that outperformed all of its human-made counterparts... For this particular child AI, which the researchers called NASNet, the task was recognising objects -- people, cars, traffic lights, handbags, backpacks, etc. -- in a video in real-time. AutoML would evaluate NASNet's performance and use that information to improve its child AI, repeating the process thousands of times.

When tested on the ImageNet image classification and COCO object detection data sets NASNet was 82.7 percent accurate at predicting images on ImageNet's validation set. This is 1.2 percent better than any previously published results, and the system is also 4 percent more efficient, with a 43.1 percent mean Average Precision (mAP).

Google is banning lock screen ads from the Play Store. In the new section on Google's developer monetization page, Google says: "Unless the exclusive purpose of the app is that of a lock screen, apps may not introduce ads or features that monetize the locked display of a device." Android Police reports: So, an app that bills itself as a photo editor, VPN, or file explorer cannot also cram a new lock screen on your device that's infested with ads. However, an app that is actually a lock screen can still monetize with ads. Presumably, you know what you're getting when you install a lock screen app. This policy change is long overdue. It's been a few years since these ads started showing up, and it's getting pretty out of hand.

Google has taken another small step forward in its mission to connect the "next billion" users with a new app designed to optimize your mobile data usage. From a report: Datally for Android has been in testing for several months in the Philippines, and now it's ready for prime time globally. To activate Datally, you will have to give the app access to many facets of your device, including giving it the ability to "make and manage calls," "send and view SMS messages," and view the device's location. But then again, any app that wants to monitor background processes on your smartphone will need fairly comprehensive access to the device.

An anonymous reader shares a report: More than 200 businesses and trade organizations have signed a letter to the FCC asking that the agency reconsider its plan to end net neutrality. The letter is signed by an array of big and recognizable tech and web companies: that includes Airbnb, Automattic (which owns WordPress), Etsy, Foursquare, GitHub, Pinterest, Reddit, Shutterstock, Sonos, Square, Squarespace, Tumblr (certainly to the displeasure of its owner, Verizon), Twitter, and Vimeo, among quite a few others. The letter is being released on Cyber Monday and speaks directly to the internet's constantly growing role in the US economy. "The internet is increasingly where commerce happens," the letter says. It cites figures saying that $3.5 billion in online sales happed last year on Cyber Monday and $3 billion on Black Friday. Throughout all of last year, online purchases accounted for $400 billion in sales.

In a blog post, Google's Product Manager, Chris Kleban, announced that the company is cutting the price of using Nvidia's Tesla GPUs through its Compute Engine by up to 36 percent. The older K80 GPUs will now cost $0.45 per hour while the more powerful P100 machines will cost $1.46 per minute (all with per-second billing). TechCrunch reports: The company is also dropping the prices for preemptible local SSDs by almost 40 percent. "Preemptible local SSDs" refers to local SSDs attached to Google's preemptible VMs. You can't attach GPUs to preemptible instances, though, so this is a nice little bonus announcement -- but it isn't going to directly benefit GPU users. As for the new GPU pricing, it's clear that Google is aiming this feature at developers who want to run their own machine learning workloads on its cloud, though there also are a number of other applications -- including physical simulations and molecular modeling -- that greatly benefit from the hundreds of cores that are now available on these GPUs. The P100, which is officially still in beta on the Google Cloud Platform, features 3594 cores, for example. Developers can attach up to four P100 and eight K80 dies to each instance. Like regular VMs, GPU users will also receive sustained-use discounts, though most users probably don't keep their GPUs running for a full month.

In a blog post, Google's Product Manager, Chris Kleban, announced that the company is cutting the price of using Nvidia's Tesla GPUs through its Compute Engine by up to 36 percent. The older K80 GPUs will now cost $0.45 per hour while the more powerful P100 machines will cost $1.46 per minute (all with per-second billing). TechCrunch reports: The company is also dropping the prices for preemptible local SSDs by almost 40 percent. "Preemptible local SSDs" refers to local SSDs attached to Google's preemptible VMs. You can't attach GPUs to preemptible instances, though, so this is a nice little bonus announcement -- but it isn't going to directly benefit GPU users. As for the new GPU pricing, it's clear that Google is aiming this feature at developers who want to run their own machine learning workloads on its cloud, though there also are a number of other applications -- including physical simulations and molecular modeling -- that greatly benefit from the hundreds of cores that are now available on these GPUs. The P100, which is officially still in beta on the Google Cloud Platform, features 3594 cores, for example. Developers can attach up to four P100 and eight K80 dies to each instance. Like regular VMs, GPU users will also receive sustained-use discounts, though most users probably don't keep their GPUs running for a full month.