Slashdot Mirror

"According to security researcher Troy Hunt, a series of web-connected, app-enabled toys called CloudPets have been hacked," reports Android Police. "The manufacturer's central database was reportedly compromised over several months after stunningly poor security, despite the attempts of many researchers and journalists to inform the manufacturer of the potential danger. Several ransom notes were left, demanding Bitcoin payments for the implied deletion of stolen data." From the report: CloudPets allow parents to record a message for their children on their phones, which then arrives on the Bluetooth connected stuffed toy and is played back. Kids can squeeze the stuffed animal's paw to record a message of their own, which is sent back to the phone app. The Android app has been downloaded over 100,000 times, though user reviews are poor, citing a difficult interface, frequent bugs, and annoying advertising. Hunt and the researchers he collaborated with found that the central database for CloudPets' voice messages and user info was stored on a public-facing MongoDB server, with only basic hashes protecting user addresses and passwords. The same database apparently connected to the stored voice messages that could be retrieved by the apps and toys. Easy access and poor password requirements may have resulted in unauthorized access to a large number of accounts. The database was finally removed from the publicly accessible server in January, but not before demands for ransom were left.

Google's researchers specifically cited Git when they announced a new SHA-1 attack vector, according to ZDNet. "The researchers highlight that Linus Torvald's code version-control system Git 'strongly relies on SHA-1' for checking the integrity of file objects and commits. It is essentially possible to create two Git repositories with the same head commit hash and different contents, say, a benign source code and a backdoored one,' they note." Saturday morning, Linus responded: First off - the sky isn't falling. There's a big difference between using a cryptographic hash for things like security signing, and using one for generating a "content identifier" for a content-addressable system like git. Secondly, the nature of this particular SHA1 attack means that it's actually pretty easy to mitigate against, and there's already been two sets of patches posted for that mitigation. And finally, there's actually a reasonably straightforward transition to some other hash that won't break the world - or even old git repositories...

The reason for using a cryptographic hash in a project like git is because it pretty much guarantees that there is no accidental clashes, and it's also a really really good error detection thing. Think of it like "parity on steroids": it's not able to correct for errors, but it's really really good at detecting corrupt data... if you use git for source control like in the kernel, the stuff you really care about is source code, which is very much a transparent medium. If somebody inserts random odd generated crud in the middle of your source code, you will absolutely notice... It's not silently switching your data under from you... And finally, the "yes, git will eventually transition away from SHA1". There's a plan, it doesn't look all that nasty, and you don't even have to convert your repository. There's a lot of details to this, and it will take time, but because of the issues above, it's not like this is a critical "it has to happen now thing".
In addition, ZDNet reports, "Torvalds said on a mailing list yesterday that he's not concerned since 'Git doesn't actually just hash the data, it does prepend a type/length field to it', making it harder to attack than a PDF... Do we want to migrate to another hash? Yes. Is it game over for SHA-1 like people want to say? Probably not."

Freshly Exhumed quotes Hackaday: The famous HAARP antenna array is to be brought back into service for experiments by the University of Alaska. Built in the 1990s for the US Air Force's High Frequency Active Auroral Research Program, the array is a 40-acre site containing a phased array of 180 high-frequency antennas and their associated high-power transmitters. Its purpose is to conduct research on charged particles in the upper atmosphere, but that hasn't stopped an array of bizarre conspiracy theories.
A university space physics researcher will actually create an artificial aurora starting Sunday (and continuing through Wednesday) to study how yjr atmosphere affects satellite-to-ground communications, and "observers throughout Alaska will have an opportunity to photograph the phenomenon," according to the University. "Under the right conditions, people can also listen to HAARP radio transmissions from virtually anywhere in the world using an inexpensive shortwave radio."

An anonymous reader writes: McDonald's has hired the creators of Google's Project Ara to reinvent the drinking straw. Their new invention, the "Suction Tube for Reverse Axial Withdrawal" (STRAW for short), is a J-shaped device that allows the user to drink both layers of the company's dual-layer Chocolate Shamrock shake simultaneously, receiving an optimal mixture of chocolate and, um, shamrock. McDonald's announced the new product at a Facebook live event yesterday, which included a keynote by McDonald's Senior Director of Menu Innovation Darci Forrest, a Silicon-Valley-style panel moderated by Austin Evans, and interviews with engineers from NK Labs and JACE. Computational fluid dynamics simulations, 3D printing, and extensive real-world testing (drinking shakes) were required to get the design ready for its eventual unveiling. McDonald's is producing a limited first run of 2000 of the straws for distribution at restaurants across the U.S. "My first reaction was, that doesn't seem too hard. We could have a double straw -- one longer, one shorter. No problem," says Seth Newburg, principal engineer and managing partner at NK Labs, which teamed up with JACE Design on the STRAW. "Then we immediately thought, once you get halfway down, one straw is going to start sucking air... It's one of those things that seems so simple, but as we got into it there were a lot more issues exposed. It turned out to present quite a few engineering and scientific challenges." NK Labs and JACE Design were the two companies who also worked on Project Ara together, the Google initiative to build a phone with interchangeable modules for various components like cameras and batteries. Unfortunately, the plans for Project Ara were scrapped late last year.

Verizon has tied T-Mobile for the fastest carrier in the United States and both carriers are virtually tied for the "best" in overall LTE download speeds, according to Open Signal's State of Mobile Networks: USA report. Android Central reports: Using data collected from 169,683 users, 4,599,231,167 data points were used to measure network speeds on both 4G and 3G, network availability and latency. The data is collected by users installing the Open Signal app from Google Play or the App Store and going about their daily routine. In their analysis of the collected data, they say that Verizon has improved their 4G network speeds to pull even with T-Mobile who has traditionally done well in this category. They also mention that the average overall network speeds in the U.S. have risen slightly, and over 81% of U.S. residents have access to LTE networks. Availability of high-speed data services shows that all four carriers have improved, but T-Mobile (86.6%) is now within two percentage points of Verizon (88.2%) when it comes to finding an LTE signal. The company with the most improvement here is Sprint, who jumped from covering 69.9% in August to 76.8% in February 2017.

An anonymous reader quotes a report from The Register: Source-code hub Gitlab.com is in meltdown after experiencing data loss as a result of what it has suddenly discovered are ineffectual backups. On Tuesday evening, Pacific Time, the startup issued the sobering series of tweets, starting with "We are performing emergency database maintenance, GitLab.com will be taken offline" and ending with "We accidentally deleted production data and might have to restore from backup. Google Doc with live notes [link]." Behind the scenes, a tired sysadmin, working late at night in the Netherlands, had accidentally deleted a directory on the wrong server during a frustrating database replication process: he wiped a folder containing 300GB of live production data that was due to be replicated. Just 4.5GB remained by the time he canceled the rm -rf command. The last potentially viable backup was taken six hours beforehand. That Google Doc mentioned in the last tweet notes: "This incident affected the database (including issues and merge requests) but not the git repos (repositories and wikis)." So some solace there for users because not all is lost. But the document concludes with the following: "So in other words, out of 5 backup/replication techniques deployed none are working reliably or set up in the first place." At the time of writing, GitLab says it has no estimated restore time but is working to restore from a staging server that may be "without webhooks" but is "the only available snapshot." That source is six hours old, so there will be some data loss.

An anonymous reader quotes a report from The Register: Source-code hub Gitlab.com is in meltdown after experiencing data loss as a result of what it has suddenly discovered are ineffectual backups. On Tuesday evening, Pacific Time, the startup issued the sobering series of tweets, starting with "We are performing emergency database maintenance, GitLab.com will be taken offline" and ending with "We accidentally deleted production data and might have to restore from backup. Google Doc with live notes [link]." Behind the scenes, a tired sysadmin, working late at night in the Netherlands, had accidentally deleted a directory on the wrong server during a frustrating database replication process: he wiped a folder containing 300GB of live production data that was due to be replicated. Just 4.5GB remained by the time he canceled the rm -rf command. The last potentially viable backup was taken six hours beforehand. That Google Doc mentioned in the last tweet notes: "This incident affected the database (including issues and merge requests) but not the git repos (repositories and wikis)." So some solace there for users because not all is lost. But the document concludes with the following: "So in other words, out of 5 backup/replication techniques deployed none are working reliably or set up in the first place." At the time of writing, GitLab says it has no estimated restore time but is working to restore from a staging server that may be "without webhooks" but is "the only available snapshot." That source is six hours old, so there will be some data loss.

Lysergic acid diethylamide (LSD) has been credited, in part, for the creation of the iPhone, the polymerase chain reaction, as well as some pretty abstract artwork. Since the drug is classified as a Schedule 1 substance in the U.S., it's been more difficult for scientists to legally study the drug and learn about how it affects the brain. Therefore, when a study (or two) is published it makes the findings all the more fascinating. Two studies were published last week (one in Current Biology, the other in Cell) that examine how LSD produces such diverse effects and why the drug takes so long to wear off. The Scientist reports the findings from for the first study: For the Current Biology study, 21 volunteers were given a placebo, a small dose of LSD alone, or the same dose of LSD but with kentaserin, a serotonin 2A antagonist. Study participants who took the kentaserin reported virtually the same experiences as those who took the placebo, and fMRI brain scans confirmed similar brain activities across participants in both groups. The serotonin 2A antagonist "blocked all the effects of LSD, so it was like if people didn't take any drugs," coauthor Katrin Preller, neuroscientist at the Zurich University Hospital in Switzerland told The Verge. "All the typical symptoms -- hallucinations, everything -- were gone." As for why an LSD high lasts for so long, Angus Chen has written an in-depth report on PBS Newshour about the findings from the study published in Cell: LSD and other psychoactive drugs work by binding to specialized proteins called receptors on the surfaces of neural cells. On the receptor protein is a sculpted "pocket," into which molecules with the right shape can fit and thus stick to the cell, where they initiate changes in the brain. But different substances can often fit into the same receptor. Many receptors that bind LSD and DMT, for example, also fit the natural chemical messenger serotonin -- which is produced in the body and helps regulate mood. Figuring out how each drug interacts with the same receptor in a different way is key to understanding why an LSD trip lasts all day whereas an experience with extracted DMT is often over in 15 minutes or less. By freezing an LSD molecule bound to a single brain cell receptor as a crystal in a lab, researchers were able to get a 3-D x-ray image of the drug and the protein locked together. The image showed Bryan Rother, a pharmacologist at the University of North Carolina at Chapel Hill and senior author on the paper, and his co-authors something strange about the way LSD fit inside this receptor. Drugs typically come and go from receptor proteins like ships pulling in and out of a port. But when an LSD molecule lands on the receptor, the molecule snags onto a portion of the protein and folds it over itself as the molecule binds to the receptor. LSD seems to stimulate the receptor for the entire time it is trapped underneath the protein "lid," Roth says. Proteins are in constant motion, so he thinks the lid eventually flops open, allowing the drug to fly out and the effects to wear off. But the team ran computer models that suggest it could take hours for that to happen. Until then, the trip goes on.

An anonymous reader quotes a report from Consumerist: Now that Netflix has finally opened the doors to offline viewing, subscribers have the ability to download content and watch it later. That's all well and good if you've got plenty of space on your device, but not so useful if you don't. Android users will have some breathing room now, however, as Netflix's most recent app update lets users set their download location to either internal storage or an SD card. As The Verge notes, offline content has a time limit, so it's not like you can download all the movies and TV shows your heart desires and leave them there forever. The feature doesn't support any Android devices that have a microSD slot, either.

An anonymous reader writes: China's government has announced a 14-month crackdown on the use of unauthorised Virtual Private Networks (VPNs), commonly used by visitors and native activists, amongst others, to communicate with the world beyond the Great Firewall of China. Sunday's announcement [Chinese] from the Ministry of Industry and Information Technology reiterated regulations first outlined in 2002, but which have since been subject to sparse, selective or lenient enforcement. The new announcement promises a 'clean up' regarding the VPN situation in China, beginning immediately and running until March of 2018.

The former Senior Vice President of Search and employee number 176 at Google has joined the ride-hailing company Uber as SVP of Engineering. TechCrunch is reporting that "Singhal will be heading up the Maps and Marketplace departments at Uber, while also advising CEO Travis Kalanick and Uber VP of Engineering and Otto co-founder Anthony Levandowski on their efforts to build out the company's self-driving technology." From the report: The last time we in tech news circles heard from Singhal, he was saying goodbye after a 15-year career at Google, in a farewell letter that felt a lot like a retirement announcement. Singhal wrote that he was leaving to "see what kind of impact [he could] make philanthropically" and to"spend more time with [his] family," in an effort to "define [his] next fifteen years." Now, a little under a year later, Singhal is back in an executive role -- this time at a much younger company, but still at one of the most influential technology firms in the world. So how did Singhal get from there to here? Well, for starters, Singhal did throw himself into philanthropic pursuits, focusing on the Singhal Foundation established by him and his wife Shipa, which aims to deliver access to high quality education for kids who normally wouldn't be able to attend top schools, and which began with a focus on the city of Jodhpur, in India. Singhal met Travis Kalanick through a mutual friend, which sparked a series of conversations between the search expert and the famous founder about Uber, its goals and its technical challenges. The combination of the scope of both Uber's potential impact, and the extent of the engineering hurdles it faces in achieving its aims were what drew Singhal in; he is, after all, a true engineer at heart, and mountainous technical challenges attract skilled engineers like nothing else. "This company is not only doing things that are amazing, this company also has some of the toughest computer science challenges that I have seen in my career of 25 years," Singhal told me. "Those computer science challenges for a computer science geek are just intriguing -- you give a geek a puzzle, they can't drop it; they need to solve the puzzle. That's how it felt to me."

"We're excited to double down on the findings of Ready to Code 1," says one Google program manager, "by equipping librarians with the knowledge and skills to cultivate computational thinking and coding skills in our youth." theodp writes: Citing the need to fill "500,000 current job openings in the field of computer science," the American Library Association argues in a new whitepaper that "all 115,000 of the nation's school and public libraries are crucial community partners to guarantee youth have skills essential to future employment and civic participation"... The ALA's Google-funded "Libraries Ready to Code" project has entered Phase II, which aims to "equip Master's in Library Science students to deliver coding programs through public and school libraries and foster computational thinking skills among the nation's youth."

"Libraries play a vital role in our communities, and Google is proud to build on our partnership with ALA," added Hai Hong, who leads US outreach on Google's K-12 Education team... "Given the ubiquity of technology and the half-a-million unfilled tech jobs in the country, we need to ensure that all youth understand the world around them and have the opportunity to develop the essential skills that employers -- and our nation's economy -- require."

An anonymous reader writes: The latest Adobe Acrobat Reader security update (15.023.20053), besides delivering security updates, also secretly installs the Adobe Acrobat extension in the user's Chrome browser. There is no mention of this "special package" on Acrobat's changelog, and surprise-surprise, the extension comes with anonymous data collection turned on by default. Bleeping Computer reports: "This extension allows users to save any web page they're on as a PDF file and share it or download it to disk. The extension is also Windows-only, meaning Mac and Linux Chrome users will not receive it. The extension requests the following permissions: Read and change all your data on the websites you visit; Manage your downloads; Communicate with cooperating native applications. According to Adobe, extension users 'share information with Adobe about how [they] use the application. The information is anonymous and will help us improve product quality and features,' Adobe also says. 'Since no personally identifiable information is collected, the anonymous data will not be meaningful to anyone outside of Adobe.'"

"Once again we're seeing the hazards of developing using a third party service API," writes Slashdot reader BarbaraHudson, reporting that Google "will be discontinuing support for the Google Hangouts API going forward... Google Hangouts is now so insignificant that the cancellation didn't even rate an official blog post. As reported by TechCrunch, "just an updated FAQ and email notification to developers active on the API, forwarded to us by one of these devs." TechCrunch writes: As Google pushes Duo as its consumer video chat app and relegates Hangouts to the enterprise, it's dropping the flexibility to build these kinds of experiences. The email explains... "We understand this will impact developers who have invested in our platform. We have carefully considered this change and believe that it allows us to give our users a more targeted Hangouts desktop video experience going forward."
TechCrunch calls the move "a casualty of Google's fragmented messaging app strategy and the neglect of Hangouts itself." While some apps will continue working -- for example, integration with Slack -- their API's FAQ now ends with a reminder that "Users of apps will see a notice in the call letting them know that the app they're using will no longer work after April 25th."

One of the many ways self-driving cars will impact the world is with organ shortages. It's a morbid thought, but the most reliable sources for healthy organs and tissues are the more than 35,000 people killed each year on American roads. According to the book "Driverless: Intelligent Cars and the Road Ahead," 1 in 5 organ donations comes from the victim of a vehicular accident. Since an estimated 94 percent of motor-vehicle accidents involve some kind of a driver error, it's easy to see how autonomous vehicles could make the streets and highways safer, while simultaneously making organ shortages even worse. Slate reports: As the number of vehicles with human operators falls, so too will the preventable fatalities. In June, Christopher A. Hart, the chairman of the National Transportation Safety Board, said, "Driverless cars could save many if not most of the 32,000 lives that are lost every year on our streets and highways." Even if self-driving cars only realize a fraction of their projected safety benefits, a decline in the number of available organs could begin as soon as the first wave of autonomous and semiautonomous vehicles hits the road -- threatening to compound our nation's already serious shortages. We're all for saving lives -- we aren't saying that we should stop self-driving cars so we can preserve a source of organ donation. But we also need to start thinking now about how to address this coming problem. The most straightforward fix would be to amend a federal law that prohibits the sale of most organs, which could allow for development of a limited organ market. Organ sales have been banned in the United States since 1984, when Congress passed the National Organ Transplant Act after a spike in demand (thanks to the introduction of the immunosuppressant cyclosporine, which improved transplant survival rates from 20-30 percent to 60-70 percent) raised concerns that people's vital appendages might be "treated like fenders in an auto junkyard." Others feared an organ market would exploit minorities and those living in poverty. But the ban hasn't completely protected those populations, either. The current system hasn't stopped organ harvesting -- the illegal removal of organs from the recently deceased without the consent of the person or family -- either in the United States or abroad. It is estimated that, worldwide, as many as 10,000 black market medical operations are performed each year that involve illegally purchased organs. So what would an ethical fix to our organ transplant shortage look like? To start, while there's certainly a place for organ donation markets in the United States, implementation will be understandably slow. There are, however, small steps that can get us closer to a just system. For one, the country could consider introducing a "presumed consent" rule. This would change state organ donation registries from affirmative opt-in systems (checking that box at the DMV that yes, you do want to be an organ donor) to an affirmative opt-out system where, unless you state otherwise, you're presumed to consent to be on the list.

An anonymous reader quotes Tech Times: Pixel owners have so far reported on camera issues, audio issues, LTE band 4 connectivity problems and others, but the random freezing remains among the most persistent ones. While most previous issues have already received a fix, users have been complaining about the Google Pixel or Pixel XL randomly freezing since November and it seems Google has yet to get to the bottom of this. The official Pixel User Community forum has a long thread on the matter and the discussion started a good while back [in early November]...

[U]sers reporting on the Pixel Community Forum run different apps and they haven't found a common denominator just yet, and some don't have any third-party apps at all, further suggesting that the issue might not be caused by a third-party app. On the other hand, some Pixel owners got rid of this issue by uninstalling a third-party app called Live360 Family Locator, but others didn't even have the app installed and still experienced the issues.
Despite the problems, "most Pixel owners thus far have been quite pleased with their device," notes BGR -- though Softpedia also reports on some users complaining about "static and distorted sounds when at the three highest volume levels."

Google.org gives nonprofits roughly $100 million each year. But now the Register argues that festive giving "has become a 'Googlicious' sales push." Among other things, The Register criticizes the $30 million in grant funding that Google.org gave this Christmas "to nonprofits to bring phones, tablets, hardware and training to communities that can benefit from them most," some of which utilized the crowdfunding site DonorsChoose (which tacks a fee of at least $30 fee onto every donation). "The most critical learning resources that teachers need are often exercise books, pen and paper, but incentives built into the process steer educators to request and receive Google hardware, rather than humble classroom staples," claims the Register. theodp writes: [O]ne can't help but wonder if Google.org's decision to award $18,130 to teachers at Timberland Charter Academy for Chromebooks to help make students "become 'Google'licious" while leaving another humbler $399 request from a teacher at the same school for basic school supplies -- pencils, paper, erasers, etc. -- unfunded is more aligned with Google's interests than the Christmas spirit. Google, The Register reminds readers, lowered its 2015 tax bill by $3.6 billion using the old Dutch Sandwich loophole trick, according to new regulatory filings in the Netherlands.
The article even criticizes the "Santa's Village" site at Google.org, which includes games like Code Boogie, plus a game about airport security at the North Pole. Their complaint is its "Season of Giving" game, which invites children to print out and color ornaments that represent charities -- including DonorsChoose.org. The article ends by quoting Slashdot reader theodp ("who documents the influence of Big Tech in education") as saying "Nothing says Christmas fun more than making ornaments to celebrate Google's pet causes..."

Google.org gives nonprofits roughly $100 million each year. But now the Register argues that festive giving "has become a 'Googlicious' sales push." Among other things, The Register criticizes the $30 million in grant funding that Google.org gave this Christmas "to nonprofits to bring phones, tablets, hardware and training to communities that can benefit from them most," some of which utilized the crowdfunding site DonorsChoose (which tacks a fee of at least $30 fee onto every donation). "The most critical learning resources that teachers need are often exercise books, pen and paper, but incentives built into the process steer educators to request and receive Google hardware, rather than humble classroom staples," claims the Register. theodp writes: [O]ne can't help but wonder if Google.org's decision to award $18,130 to teachers at Timberland Charter Academy for Chromebooks to help make students "become 'Google'licious" while leaving another humbler $399 request from a teacher at the same school for basic school supplies -- pencils, paper, erasers, etc. -- unfunded is more aligned with Google's interests than the Christmas spirit. Google, The Register reminds readers, lowered its 2015 tax bill by $3.6 billion using the old Dutch Sandwich loophole trick, according to new regulatory filings in the Netherlands.
The article even criticizes the "Santa's Village" site at Google.org, which includes games like Code Boogie, plus a game about airport security at the North Pole. Their complaint is its "Season of Giving" game, which invites children to print out and color ornaments that represent charities -- including DonorsChoose.org. The article ends by quoting Slashdot reader theodp ("who documents the influence of Big Tech in education") as saying "Nothing says Christmas fun more than making ornaments to celebrate Google's pet causes..."

Google.org gives nonprofits roughly $100 million each year. But now the Register argues that festive giving "has become a 'Googlicious' sales push." Among other things, The Register criticizes the $30 million in grant funding that Google.org gave this Christmas "to nonprofits to bring phones, tablets, hardware and training to communities that can benefit from them most," some of which utilized the crowdfunding site DonorsChoose (which tacks a fee of at least $30 fee onto every donation). "The most critical learning resources that teachers need are often exercise books, pen and paper, but incentives built into the process steer educators to request and receive Google hardware, rather than humble classroom staples," claims the Register. theodp writes: [O]ne can't help but wonder if Google.org's decision to award $18,130 to teachers at Timberland Charter Academy for Chromebooks to help make students "become 'Google'licious" while leaving another humbler $399 request from a teacher at the same school for basic school supplies -- pencils, paper, erasers, etc. -- unfunded is more aligned with Google's interests than the Christmas spirit. Google, The Register reminds readers, lowered its 2015 tax bill by $3.6 billion using the old Dutch Sandwich loophole trick, according to new regulatory filings in the Netherlands.
The article even criticizes the "Santa's Village" site at Google.org, which includes games like Code Boogie, plus a game about airport security at the North Pole. Their complaint is its "Season of Giving" game, which invites children to print out and color ornaments that represent charities -- including DonorsChoose.org. The article ends by quoting Slashdot reader theodp ("who documents the influence of Big Tech in education") as saying "Nothing says Christmas fun more than making ornaments to celebrate Google's pet causes..."

Google.org gives nonprofits roughly $100 million each year. But now the Register argues that festive giving "has become a 'Googlicious' sales push." Among other things, The Register criticizes the $30 million in grant funding that Google.org gave this Christmas "to nonprofits to bring phones, tablets, hardware and training to communities that can benefit from them most," some of which utilized the crowdfunding site DonorsChoose (which tacks a fee of at least $30 fee onto every donation). "The most critical learning resources that teachers need are often exercise books, pen and paper, but incentives built into the process steer educators to request and receive Google hardware, rather than humble classroom staples," claims the Register. theodp writes: [O]ne can't help but wonder if Google.org's decision to award $18,130 to teachers at Timberland Charter Academy for Chromebooks to help make students "become 'Google'licious" while leaving another humbler $399 request from a teacher at the same school for basic school supplies -- pencils, paper, erasers, etc. -- unfunded is more aligned with Google's interests than the Christmas spirit. Google, The Register reminds readers, lowered its 2015 tax bill by $3.6 billion using the old Dutch Sandwich loophole trick, according to new regulatory filings in the Netherlands.
The article even criticizes the "Santa's Village" site at Google.org, which includes games like Code Boogie, plus a game about airport security at the North Pole. Their complaint is its "Season of Giving" game, which invites children to print out and color ornaments that represent charities -- including DonorsChoose.org. The article ends by quoting Slashdot reader theodp ("who documents the influence of Big Tech in education") as saying "Nothing says Christmas fun more than making ornaments to celebrate Google's pet causes..."

An anonymous reader quotes a report from TechCrunch: Google dropped a single National Security Letter into its most recent transparency report without much fanfare, but today the company published eight more NSLs in an attempt to shed more light on government surveillance of Google users. The eight letters published today were sent to Google from FBI offices across the country. Cumulatively, the NSLs seek broad access to content for around 20 user accounts. The names of the targets are redacted, but most of the letters seek access to Gmail accounts. The NSLs were sent to Google over a five-year period, from 2010 to 2015, with the majority coming from the Charlotte, North Carolina field office of the FBI. Others came from Florida, Arizona, New York, and California. "In our continued effort to increase transparency around government demands for user data, today we begin to make available to the public the National Security Letters (NSLs) we have received where, either through litigation or legislation, we have been freed of nondisclosure obligations," Richard Salgado, Google's director of law enforcement and information security, wrote in a blog post. Google has fought to make the letters public in part because the FBI can issue them without prior judicial oversight.

Google today announced it will open up Home to third-party developers, allowing all developers to start bringing their applications and services to the Google Assistant. Developers can start building "conversation actions" for the Google Assistant, which "allows developers to create back-and-forth conversations with users through the Assistant," writes Frederic Lardinois via TechCrunch. "Users can simply start these conversations by using a phrase like 'OK Google, talk to Eliza.'" TechCrunch reports: While the Assistant also runs on the Pixel phones and inside the Allo chat app, Google says it plans to bring actions to these other "Assistant surfaces" in the future, but it's unclear when exactly this will happen. To help developers who want to build these new Conversation Actions get started, Google has teamed up with a number of partners, including API.AI, GupShup, DashBot and VoiceLabs, Assist, Notify.IO, Witlingo and Spoken Layer. Google has also allowed a small number of partners to enable their apps on Google Home already. These integrations will roll out as early as next week. Given that users will be able to invoke these new actions with a simple command (and without having to first enable a skill, like on Alexa), Google's platform looks to be a rather accessible and low-friction way for developers to get their voice-enabled services to users. Google will have the final say over which actions will be enabled on Google Home.

When Google launched Cloud Print, it removed a lot of the hassle from using a printer. Instead of a printer only printing documents from the PC it was connected to, Cloud Print allowed any device, be it a Windows PC, Mac, Chromebook, smartphone, tablet, etc. to print to any printer either locally or remotely. However, Google Cloud Print has gone awry this week, as reports PCMag, and Epson printer owners are suffering because of it. From the article: A thread appeared on the Chromebook Central Help Forum explaining a problem where an Epson XP-410$185.00 at Amazon printer was turning itself off after 30 seconds. The printer worked without issue for two years, but now it wouldn't stay powered on. At first, this seems like a printer hardware problem, but the printer started working again once it was disconnected from the Internet. However, as soon as Google Print Cloud was enabled, the automatic power down happened again. Later in the support thread an Epson WF-4630 owner reports the same issue, as do XP-215, XP-415, XP-610, WF-545, WF-845, and WF-7610 owners.A change in Google's API for its cloud service triggered the issue, reports ArsTechnica. The change has caused a conflict between Cloud Print and printers' firmware.

Update: Epson has responded to Slashdot, pointing us to its support page that has instructions on how to fix the issue on many of Epson printers.

An anonymous reader quotes a report from BleepingComputer: Google engineers are working on an improved version of the reCAPTCHA system that uses a computer algorithm to distinguish between automated bots and real humans, and requires no user interaction at all. Called "Invisible reCAPTCHA," and spotted by Windows IT Pro, the service is still under development, but the service is open for sign-ups, and any webmaster can help Google test its upcoming technology. Invisible reCAPTCHA comes two years after Google has revolutionized CAPTCHA technologies by releasing the No CAPTCHA reCAPTCHA service that requires users to click on one checkbox instead of solving complex visual puzzles made up of words and numbers. The service helped reduce the time needed to fill in forms, and maintained the same high-level of spam detection we've become accustomed from the reCAPTCHA service. The introduction of the new Invisible reCAPTCHA technology is unlikely to make the situation better for Tor users since CloudFlare will likely force them to solve the same puzzle if they come from IPs seen in the past performing suspicious actions. Nevertheless, CloudFlare started working on an alternative.

Tonight at NASA's Ames Research Center in Silicon Valley, Morgan Freeman emceed a glamorous, Oscars-style celebration that recognizes scientific achievements with money from tech billionaires. An anonymous reader writes: Donors for the Breakthrough Prize included Google's Sergey Brin, Facebook's Mark Zuckerberg and his wife Priscilla Chan, Alibaba founder Jack Ma and his wife Cathy Zhang, and billionaire venture capitalist Yuri Milner, according to an article in Fortune. TechCrunch has a list of the winners, which included Princeton math professor Jean Bourgain, who won a $3 million prize "for his many contributions to high-dimensional geometry, number theory, and many other theoretical contributions."

Three more physics researchers -- two from Harvard, and one from U.C. Santa Barbara -- will share a $3 million prize recognizing "meaningful advances in string theory, quantum field theory, and quantum gravity." And another $1 million prize honored the leaders of three teams responsible for "collaborative research on gravitational waves and its implications for physics and astronomy," with another $2 million to be shared among the 1,012 members of their research groups.
17-year-old Deanna See from Singapore also won the $250,000 "Breakthrough Junior Challenge" prize -- and more money for her teachers and school -- for her video about antibiotic-resistant superbugs. Google has created a special page where you can read more about some of the other winners.

An anonymous reader quotes Bleeping Computer: Chrome 55, released earlier this week, now blocks all Adobe Flash content by default, according to a plan set in motion by Google engineers earlier this year... While some of the initial implementation details of the "HTML5 By Default" plan changed since then, Flash has been phased out in favor of HTML5 as the primary technology for playing multimedia content in Chrome.

Google's plan is to turn off Flash and use HTML5 for all sites. Where HTML5 isn't supported, Chrome will prompt users and ask them if they want to run Flash to view multimedia content. The user's option would be remembered for subsequent visits, but there's also an option in the browser's settings section, under Settings > Content Settings > Flash > Manage Exceptions, where users can add the websites they want to allow Flash to run by default.
Exceptions will also be made automatically for your more frequently-visited sites -- which, for many users, will include YouTube. And Chrome will continue to ship with Flash -- as well as an option to re-enable Flash on all sites.

An anonymous reader quotes Bleeping Computer: Chrome 55, released earlier this week, now blocks all Adobe Flash content by default, according to a plan set in motion by Google engineers earlier this year... While some of the initial implementation details of the "HTML5 By Default" plan changed since then, Flash has been phased out in favor of HTML5 as the primary technology for playing multimedia content in Chrome.

Google's plan is to turn off Flash and use HTML5 for all sites. Where HTML5 isn't supported, Chrome will prompt users and ask them if they want to run Flash to view multimedia content. The user's option would be remembered for subsequent visits, but there's also an option in the browser's settings section, under Settings > Content Settings > Flash > Manage Exceptions, where users can add the websites they want to allow Flash to run by default.
Exceptions will also be made automatically for your more frequently-visited sites -- which, for many users, will include YouTube. And Chrome will continue to ship with Flash -- as well as an option to re-enable Flash on all sites.

AirDroid is a popular Android application that allows users to send and receive text messages and transfer files and see notifications from their computer. Zimperium, a mobile security company, recently released details of several major security vulnerabilities in the application, allowing attackers on the same network to access user information and execute code on a user's device. Since there are between 10 and 50 million installations of the app, many users may be imperiled by AirDroid. Android Police reports: The security issues are mainly due to AirDroid using the same HTTP request to authorize the device and send usage statistics. The request is encrypted, but uses a hardcoded key in the AirDroid application (so essentially, everyone using AirDroid has the same key). Attackers on the same network an intercept the authentication request (commonly known as a Man-in-the-middle attack) using the key extracted from any AirDroid APK to retrieve private account information. This includes the email address and password associated with the AirDroid account. Attackers using a transparent proxy can intercept the network request AirDroid sends to check for add-on updates, and inject any APK they want. AirDroid would then notify the user of an add-on update, then download the malicious APK and ask the user to accept the installation. Zimperium notified AirDroid of these security flaws on May 24, and a few days later, AirDroid acknowledged the problem. Zimperium continued to follow up until AirDroid informed them of the upcoming 4.0 release, which was made available last month. Zimperium later discovered that version 4.0 still had all these same issues, and finally went public with the security vulnerabilities today.

Back in February, researchers at UC Berkeley released an app called MyShake that detects strong earthquakes seconds before the damaging seismic waves arrive. Several months have passed since its release and app has already detected over 200 earthquakes in more than ten countries. TechCrunch reports: The app has received nearly 200,000 downloads, though only a fraction of those are active at any given time; it waits for the phone to sit idle so it can get good readings. Nevertheless, over the first six months the network of sensors has proven quite effective. "We found that MyShake could detect large earthquakes, but also small ones, which we never thought would be possible," one of the app's creators, Qingkai Kong, told New Scientist. A paper describing the early results was published in Geophysical Research Letters -- the abstract gives a general idea of the app's success: "On a typical day about 8000 phones provide acceleration waveform data to the MyShake archive. The on-phone app can detect and trigger on P waves and is capable of recording magnitude 2.5 and larger events. The largest number of waveforms from a single earthquake to date comes from the M5.2 Borrego Springs earthquake in Southern California, for which MyShake collected 103 useful three-component waveforms. The network continues to grow with new downloads from the Google Play store everyday and expands rapidly when public interest in earthquakes peaks such as during an earthquake sequence." You can download the app for Android here.

Google has partnered with TIME to release an improved version of Google Earth Timelapse that provides animated satellite imagery covering the past 32 years, from 1984 to 2016. In 2013, Google and TIME launched Timelapse with a time-lapse from 1984 to 2012. However, this time around the project uses the higher-resolution maps introduced back in June to provide a look that's more detailed and more seamless than in the past. ZDNet reports: The 10-second snapshots of Earth from space over 32 years captures urban sprawl, deforestation and reforestation, receding glaciers, and major engineering feats, such as the Oresund Bridge connecting Denmark to Sweden, or the spread of the Alberta Tar Sands in Canada. Google Earth engine program manager, Chris Herwig says it created the new "annual mosaics" by stitching together 33 images of the Earth, each representing one year. Each image contains 3.95 trillion pixels, cherry-picked from an original set of three quadrillion pixels. "Using Google Earth Engine, we sifted through about three quadrillion pixels, that's three followed by 15 zeroes, from more than 5,000,000 satellite images," Herwig said. "We took the best of all those pixels to create 33 images of the entire planet, one for each year. We then encoded these new 3.95-terapixel global images into just over 25,000,000 overlapping multi-resolution video tiles, made interactively explorable by Carnegie Mellon CREATE Lab's Time Machine library, a technology for creating and viewing zoomable and pannable time-lapses over space and time." The satellite images come from the NASA Goddard Space Flight Center and US Geological Survey. Since 2015, they also contain some data from the European Space Agency's Copernicus Program and its Sentinel-2A satellite.

Upworthy co-founder Eli Pariser is leading a group of online volunteers hunting for ways to respond to the spread of fake news. An anonymous reader quotes Wired UK: Inside a Google Doc, volunteers are gathering ideas and approaches to get a grip on the untruthful news stories. It is part analysis, part brainstorming, with those involved being encouraged to read widely around the topic before contributing. "This is a massive endeavour but well worth it," they say...

At present, the group is coming up with a list of potential solutions and approaches. Possible methods the group is looking at include: more human editors, fingerprinting viral stories then training algorithms on confirmed fakes, domain checking, the blockchain, a reliability algorithm, sentiment analysis, a Wikipedia for news sources, and more.
The article also suggests this effort may one day spawn fake news-fighting tech startups.

Slashdot reader xtsigs writes: "No, despite what you read, CNN did not run porn for 30 minutes Thursday, as was reported by Fox News, the New York Post, Variety and other news organizations, several of which later corrected their stories," reports USA Today. The story goes on to explain how the story started (a single tweet), how it was quickly picked up by media outlets (without verifying if CNN actually did, in truth, broadcast porn), how it was then retracted by some outlets (but not others).

Other outlets jumped on the story of the story while, as of early Saturday morning some sites are still running the original story claiming CNN did, in fact, broadcast 30 minutes of porn.

BrianFagioli quotes a report from BetaNews: Back in the the mid-1990's, everyone thought they needed a computer. After all, Windows 95 made using one particularly easy, and the internet was a very attractive thing. Unfortunately, once some people got their first-ever PC set up in their homes, they didn't really know what to do with it. In the end, it would turn out that some consumers spent thousands of dollars for a machine dedicated to one thing -- playing Solitaire! Yes, this fun Windows game is responsible for much wasted time, but not just at home -- at businesses too. The card game has historically been viewed as a negative for productivity. Fast forward to 2016 and fewer people are sitting in front of large desktop computers at home -- people are increasingly turning to tablets and smartphones for entertainment. Today, just in time for Thanksgiving, Microsoft Solitaire Collection comes to both Android and iOS. "Microsoft Solitaire continues to be one of the most-played games of all time on Windows for more than 25 years. What's more, the version of Solitaire you know and love on Windows 10 and Windows 8 PC and mobile devices, Microsoft Solitaire Collection, has reached more than 119 million unique players in the last four years alone! And now, those on iPhone, iPad and Android devices can play the popular card game for free," says Paul Jensen, Studio Manager of Microsoft Casual Games. "[...] with Xbox Live integration, you can sign in with your Xbox Live gamertag or Microsoft account to earn Xbox Live achievements and Gamerscore, compete with friends, and continue playing on any Windows 10, iPhone, iPad, or Android device while on the go since your progress and game data are saved in the cloud. If you're not an Xbox Live member, signing up for a free membership through the game is easy and totally worth it." It's worth noting that the "freemium" model features advertisements, but players can go "Premium" to remove those ads for $2 per month and receive other perks. You can download Microsoft Solitaire Collection from the App Store, Google Play, and Windows Store.

The Stack reports on Google's "new research into upscaling low-resolution images using machine learning to 'fill in' the missing details," arguing this is "a questionable stance...continuing to propagate the idea that images contain some kind of abstract 'DNA', and that there might be some reliable photographic equivalent of polymerase chain reaction which could find deeper truth in low-res images than either the money spent on the equipment or the age of the equipment will allow." An anonymous reader summarizes their report: Rapid and Accurate Image Super Resolution (RAISR) uses low and high resolution versions of photos in a standard image set to establish templated paths for upward scaling... This effectively uses historical logic, instead of pixel interpolation, to infer what the image would look like if it had been taken at a higher resolution.

It's notable that neither their initial paper nor the supplementary examples feature human faces. It could be argued that using AI-driven techniques to reconstruct images raises some questions about whether upscaled, machine-driven digital enhancements are a legal risk, compared to the far greater expense of upgrading low-res CCTV networks with the necessary resolution, bandwidth and storage to obtain good quality video evidence.
The article points out that "faith in the fidelity of these 'enhanced' images routinely convicts defendants."

An anonymous reader writes: Google today revealed Earth VR, a virtual-reality version of the company's famous Google Earth program that's built for the HTC Vive. The application packs the rich Google Earth dataset -- which includes high resolution satellite imagery, elevation data, and detailed 3D modeled cities and landscapes -- into a single model of the planet which users can view all the way from space down to the ground, walking among cities like a giant. The company tells Road to VR that "Earth VR is a product, not a demo," and that it's designed to benefit from improvements in the Earth dataset over time automatically, and it will see regular updates post launch. You can download Google Earth VR for the HTC Vive via Steam.

It's official: Donald Trump has won the 2016 presidential election. Slashdot reader Xenographic writes: Google's map of results is now calling the race for Donald J. Trump. This is something that Nate Silver jokingly predicted back on May 10th when he wrote "Reminder: Cubs will win the World Series and, in exchange, President Trump will be elected 8 days later." The House and Senate are also under Republican control. In other news, the Canadian immigration site has crashed under heavy load.This is how The New York Times, America's top newspaper reported the news:The surprise outcome, defying late polls that showed Hillary Clinton with a modest but persistent edge, threatened convulsions throughout the country and the world, where skeptics had watched with alarm as Mr. Trump's unvarnished overtures to disillusioned voters took hold. The triumph for Mr. Trump, 70, a real estate developer-turned-reality television star with no government experience, was a powerful rejection of the establishment forces that had assembled against him, from the world of business to government, and the consensus they had forged on everything from trade to immigration. The results amounted to a repudiation, not only of Mrs. Clinton, but of President Obama, whose legacy is suddenly imperiled. And it was a decisive demonstration of power by a largely overlooked coalition of mostly blue-collar white and working-class voters who felt that the promise of the United States had slipped their grasp amid decades of globalization and multiculturalism. Update: The New Yorker's Editor-in-Chief David Remnick, described the Election outcome as "an American tragedy." The New York Times columnist Paul Krugman said, "Trump will bring global recession." BBC has an article on how the media worldwide has described Trump's victory. The Guardian captured the thoughts of world leaders on the matter. Hillary Clinton addressed the nation this morning and told her supporters that they all should keep an open mind and give Trump the chance to lead.

Editor's note: this story has been updated with more details, and also moved to the top of the front page because of its importance.

A source close to NASA Eagleworks has leaked the test results of the 'impossible' EM Drive. While it's important to note that the results that have been leaked haven't been published in an academic journal, they do suggest that the system works and is capable of generating force of 1.2 millinewtons per kilowatt in a vacuum. ScienceAlert reports: The paper concludes that, after error measurements have been accounted for, the EM Drive generates force of 1.2 millinewtons per kilowatt in a vacuum. That's not an insignificant amount -- to put it into perspective, the super-powerful Hall thruster generates force of 60 millinewtons per kilowatt, an order of magnitude more than the EM Drive. But the Hall thruster uses fuel and requires a spacecraft to carry heavy propellants, and that extra weight could offset the higher thrust, the NASA Eagleworks team conclude in the paper. Light sails on the other hand, which are currently the most popular form of zero-propellant propulsion, use beams of sunlight to propel them forward rather than fuel. And they only generate force up to 6.67 micronewtons per kilowatt - two orders of magnitude less than NASA's EM Drive, says the paper. The NASA Eagleworks team measured the EM Drive's force using a low thrust pendulum at the Johnson Space Centre, and the tests were performed at 40, 60, and 80 watts. They were looking for any sign that the thrust could be a result of another anomaly in the system, but for now, that doesn't appear to be the case. "The test campaign included a null thrust test effort to identify any mundane sources of impulsive thrust, however none were identified," the team, led by Harold White, concluded in the paper. "Thrust data from forward, reverse, and null suggests that the system is consistently performing with a thrust to power ratio of 1.2 +/- 0.1 millinewtons per kilowatt." But the team does acknowledge that more research is needed to eliminate the possibility that thermal expansion could be somehow skewing the results. They also make it clear that this testing wasn't designed to optimize the thrust of the EM Drive, but simply to test whether it worked, so further tweaking could make the propulsion system more efficient and powerful.

"Mythbuntu as a separate distribution will cease to exist. We will take the necessary steps to pull Mythbuntu specific packages from the repositories unless someone steps up to take these packages over," read Friday's announcement. prisoninmate writes: Mythbuntu was an operating system based on the widely-used Ubuntu Linux distro and built around the MythTV free and open source digital video recorder (DVR) project... The Mythbuntu team recommends users who want to use Mythbuntu to install the latest release of the Xubuntu Linux operating system and then add the Mythbuntu PPA (Personal Package Archive), which will continue to provide the latest MythTV releases and other related packages...

The first release of the OS was back when Ubuntu 7.10 (Gutsy Gibbon) was announced, and the last one was Mythbuntu 16.04.1 LTS (Xenial Xerus). From this point...there will be no new ISO images anymore. Also, the mythbuntu-desktop and Mythbuntu-Control-Centre packages are now discontinued and won't be available from the Ubuntu repositories anymore. However, users will still be able to install the MythTV software and configure it as they see fit.

"Mythbuntu as a separate distribution will cease to exist. We will take the necessary steps to pull Mythbuntu specific packages from the repositories unless someone steps up to take these packages over," read Friday's announcement. prisoninmate writes: Mythbuntu was an operating system based on the widely-used Ubuntu Linux distro and built around the MythTV free and open source digital video recorder (DVR) project... The Mythbuntu team recommends users who want to use Mythbuntu to install the latest release of the Xubuntu Linux operating system and then add the Mythbuntu PPA (Personal Package Archive), which will continue to provide the latest MythTV releases and other related packages...

The first release of the OS was back when Ubuntu 7.10 (Gutsy Gibbon) was announced, and the last one was Mythbuntu 16.04.1 LTS (Xenial Xerus). From this point...there will be no new ISO images anymore. Also, the mythbuntu-desktop and Mythbuntu-Control-Centre packages are now discontinued and won't be available from the Ubuntu repositories anymore. However, users will still be able to install the MythTV software and configure it as they see fit.

Let's face it, tracking down a lost bag at the airport is a pain-in-the-ass. While airlines will often compensate you with money and new clothes for your troubles, the experience is certainly not pleasant. Delta is now attempting to further reduce the number of lost bags through its real-time luggage tracker in the latest version of its mobile app. The Next Web reports: The feature apparently cost $50 million to build. It allows you to see where your stuff is -- provided that it's at one of the 84 airports that support Delta's new tracking tech. Here's how it works. All bags will get a Radio Frequency Identification (RFID) tag. This allows Delta to track them in real-time using radio waves. Scanners positioned throughout the baggage system will allow Delta to monitor where the bag is, and relay that information to the passenger. Delta has traditionally been one of the best airlines when it comes to handling baggage. During 2012, it lost only 200,000 bags. That sounds like a lot, but bear in mind it carried 98 million passengers during the same period. You can try the feature on your next Delta flight by grabbing the app from Google Play and the App Store.

Fudge Factor 3000 writes: Google has quietly changed its privacy policy to allow it to associate web tracking, which is supposed to remain anonymous, with personally identifiable user data. This completely reneges its promise to keep a wall between ad tracking and personally identifiable user data, further eroding one's anonymity on the internet. Google's priorities are clear. All they care about is monetizing user information to rake in the big dollars from ad revenue. Think twice before you purchase the premium priced Google Pixel. Google is getting added value from you as its product without giving you part of the revenue it is generating through tracking through lower prices. The crossed-out section in its privacy policy, which discusses the separation of information as mentioned above, has been followed with this statement: "Depending on your account settings, your activity on other sites and apps may be associated with your personal information in order to improve Google's services and the ads delivered by Google." ProPublica reports: "The change is enabled by default for new Google accounts. Existing users were prompted to opt-in to the change this summer. The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct. The move is a sea change for Google and a further blow to the online ad industry's longstanding contention that web tracking is mostly anonymous. In recent years, Facebook, offline data brokers and others have increasingly sought to combine their troves of web tracking data with people's real names. But until this summer, Google held the line." You can choose to opt in or out of the personalized ads here.

Fudge Factor 3000 writes: Google has quietly changed its privacy policy to allow it to associate web tracking, which is supposed to remain anonymous, with personally identifiable user data. This completely reneges its promise to keep a wall between ad tracking and personally identifiable user data, further eroding one's anonymity on the internet. Google's priorities are clear. All they care about is monetizing user information to rake in the big dollars from ad revenue. Think twice before you purchase the premium priced Google Pixel. Google is getting added value from you as its product without giving you part of the revenue it is generating through tracking through lower prices. The crossed-out section in its privacy policy, which discusses the separation of information as mentioned above, has been followed with this statement: "Depending on your account settings, your activity on other sites and apps may be associated with your personal information in order to improve Google's services and the ads delivered by Google." ProPublica reports: "The change is enabled by default for new Google accounts. Existing users were prompted to opt-in to the change this summer. The practical result of the change is that the DoubleClick ads that follow people around on the web may now be customized to them based on your name and other information Google knows about you. It also means that Google could now, if it wished to, build a complete portrait of a user by name, based on everything they write in email, every website they visit and the searches they conduct. The move is a sea change for Google and a further blow to the online ad industry's longstanding contention that web tracking is mostly anonymous. In recent years, Facebook, offline data brokers and others have increasingly sought to combine their troves of web tracking data with people's real names. But until this summer, Google held the line." You can choose to opt in or out of the personalized ads here.

An anonymous reader quotes a report from The Next Web: Google today introduced a new feature that will tag and help find "fact checking in large news stories." Tagged articles will show up in the new story box on news.google.com, as well as in the Google News and Weather app for iOS and Android in the US and UK. There's a two-pronged approach to detecting fact checking. First Google looks for actual markup in the site's source code. Then Google looks for pages "that follow the commonly accepted criteria for fact checks." You can learn more about the process here. To be clear, the tags show up in small grey text above the article links -- Google itself isn't passing judgement, nor does it tell you the source article's conclusion in search results. It's merely a sign that says "hey, read me to find out the truth." Still, it's a nice way to make sure readers are at least forming opinions based on fact rather than fiction.

An anonymous reader quotes a report from The Next Web: Google today introduced a new feature that will tag and help find "fact checking in large news stories." Tagged articles will show up in the new story box on news.google.com, as well as in the Google News and Weather app for iOS and Android in the US and UK. There's a two-pronged approach to detecting fact checking. First Google looks for actual markup in the site's source code. Then Google looks for pages "that follow the commonly accepted criteria for fact checks." You can learn more about the process here. To be clear, the tags show up in small grey text above the article links -- Google itself isn't passing judgement, nor does it tell you the source article's conclusion in search results. It's merely a sign that says "hey, read me to find out the truth." Still, it's a nice way to make sure readers are at least forming opinions based on fact rather than fiction.

Krystalo quotes a report from VentureBeat: Google today launched Chrome 54 for Windows, Mac, and Linux. This release is mainly focused on developers, but the improvements to how the browser handles YouTube embeds is also noteworthy. You can update to the latest version now using the browser's built-in silent updater, or download it directly from google.com/chrome. Chrome 54 rewrites YouTube Flash players to use the YouTube HTML5 embed style. YouTube ditched Flash for HTML5 by default in January 2015, but the old embeds still exist all over the web. Google says the change improves both performance and security for its desktop browser. The report adds that "Chrome also now provides support for the custom elements V1 spec," which allows "developers to create custom HTML tags as well as define their API and behavior in JavaScript." BroadcastChannel API will also be implemented "to allow one-to-many messaging between windows, tabs, iframes, web workers, and service workers." You can read more about Chrome 54 on Google's blog post.

An anonymous reader writes from a report via Softpedia: A security bug in Google's V8 JavaScript engine is indirectly affecting around one in 16 Android devices, impacting smartphone models from all major vendors, such as LG, Samsung, Motorola, and Huawei. Despite this bug being public for more than a year, only in August 2016 have Chinese security researchers discovered that the V8 issue also affected a whole range of Android-related products where the older V8 engine versions had been deployed. Affected products included Google Chrome Mobile, Opera Mobile, apps that use the WebView component (Gmail, Facebook, Twitter, WeChat, etc.) and apps that deploy the Tencent X5.SDK (a bunch of Chinese apps). It is estimated that around one in 16 Android devices is vulnerable to this issue, nicknamed BadKernel. The flaw leads to a RCE on Android devices, allowing attackers to take full control over one's smartphone. Despite BadKernel being discovered in August 2016, because all research was only published in Chinese, most E.U. and U.S. users have no clue they might be affected. One of the best ways to protect yourself, as noted in the report, is to keep your apps and operating system updated. You can view this list via Trustlook's website to see if your device is affected. There's also a dedicated BadKernel security scanner you can download from the Play Store to check for the vulnerability.

At its hardware launch event earlier today, Google launched Google Home, a voice-activated speaker that aims to give Amazon's Echo a run for its money. The speaker is always-listening and uses Google's Assistant to deliver sports scores, weather information, commute times, and much more. Tech Crunch reports: So like the Echo, Google Home combines a wireless speaker with a set of microphones that listen for your voice commands. There is a mute button on the Home and four LEDs on top of the device so you can know when it's listening to you; otherwise, you won't find any other physical buttons on it. As for music, Google Home will feature built-in support for Google Play Music, Spotify, Pandora and others. You can set up a default music service, too, so you don't always have to tell Google that you want to play a song "on Spotify." Google also noted that Home's music search is powered by Google, so it can understand relatively complex queries. Music on Google Home will also support podcast listening and because it's a Cast device, you can stream music to it from any other Cast-enabled device. Home integrates with Google's Chromecasts and Cast-enabled TVs. For now, that mostly means watching YouTube videos, but Google says it will also support Netflix, too. Google Home will cost $129 (with a free six-month trial of YouTube Red) and go on sale on Google's online store today. It will ship on November 4. What's more is that developers will be able to integrate their third-party apps with Google Assistant via "Actions on Google." With Actions on Google, developers will be able to create two kinds of actions: Direct and Conversation. Direct is made for relatively simple requests like home automation, while Conversation is made for a back and forth interaction utilizing API.ai. Actions on Google will also allow third-party hardware to take advantage of Google Assistant. Those interested can sign-up for the service today. But Google didn't stop there. The company went on to reveal all-new, multi-point Wifi routers called Google Wifi. The Verge reports: The Wifi router can be purchased two ways: as a single unit or in a multipack, just like Eero. A single unit is $129, while the three-pack will cost $299. Google says Wifi will be available for preorder in the U.S. in November and will ship to customers in December. There was no mention of international availability. Google says it has developed a number of technologies to make the Wifi system work, including intelligent routing of traffic from your phone or device to the nearest Wifi unit in your home. It supports AC 1200 wireless speeds, as well as simultaneous dual-band 2.4GHz and 5GHz networks. It also has beamforming technology and support for Bluetooth Smart. Google says the system will handle channel management and other traffic routing automatically.

At its hardware launch event earlier today, Google launched Google Home, a voice-activated speaker that aims to give Amazon's Echo a run for its money. The speaker is always-listening and uses Google's Assistant to deliver sports scores, weather information, commute times, and much more. Tech Crunch reports: So like the Echo, Google Home combines a wireless speaker with a set of microphones that listen for your voice commands. There is a mute button on the Home and four LEDs on top of the device so you can know when it's listening to you; otherwise, you won't find any other physical buttons on it. As for music, Google Home will feature built-in support for Google Play Music, Spotify, Pandora and others. You can set up a default music service, too, so you don't always have to tell Google that you want to play a song "on Spotify." Google also noted that Home's music search is powered by Google, so it can understand relatively complex queries. Music on Google Home will also support podcast listening and because it's a Cast device, you can stream music to it from any other Cast-enabled device. Home integrates with Google's Chromecasts and Cast-enabled TVs. For now, that mostly means watching YouTube videos, but Google says it will also support Netflix, too. Google Home will cost $129 (with a free six-month trial of YouTube Red) and go on sale on Google's online store today. It will ship on November 4. What's more is that developers will be able to integrate their third-party apps with Google Assistant via "Actions on Google." With Actions on Google, developers will be able to create two kinds of actions: Direct and Conversation. Direct is made for relatively simple requests like home automation, while Conversation is made for a back and forth interaction utilizing API.ai. Actions on Google will also allow third-party hardware to take advantage of Google Assistant. Those interested can sign-up for the service today. But Google didn't stop there. The company went on to reveal all-new, multi-point Wifi routers called Google Wifi. The Verge reports: The Wifi router can be purchased two ways: as a single unit or in a multipack, just like Eero. A single unit is $129, while the three-pack will cost $299. Google says Wifi will be available for preorder in the U.S. in November and will ship to customers in December. There was no mention of international availability. Google says it has developed a number of technologies to make the Wifi system work, including intelligent routing of traffic from your phone or device to the nearest Wifi unit in your home. It supports AC 1200 wireless speeds, as well as simultaneous dual-band 2.4GHz and 5GHz networks. It also has beamforming technology and support for Bluetooth Smart. Google says the system will handle channel management and other traffic routing automatically.

At its hardware launch event earlier today, Google launched Google Home, a voice-activated speaker that aims to give Amazon's Echo a run for its money. The speaker is always-listening and uses Google's Assistant to deliver sports scores, weather information, commute times, and much more. Tech Crunch reports: So like the Echo, Google Home combines a wireless speaker with a set of microphones that listen for your voice commands. There is a mute button on the Home and four LEDs on top of the device so you can know when it's listening to you; otherwise, you won't find any other physical buttons on it. As for music, Google Home will feature built-in support for Google Play Music, Spotify, Pandora and others. You can set up a default music service, too, so you don't always have to tell Google that you want to play a song "on Spotify." Google also noted that Home's music search is powered by Google, so it can understand relatively complex queries. Music on Google Home will also support podcast listening and because it's a Cast device, you can stream music to it from any other Cast-enabled device. Home integrates with Google's Chromecasts and Cast-enabled TVs. For now, that mostly means watching YouTube videos, but Google says it will also support Netflix, too. Google Home will cost $129 (with a free six-month trial of YouTube Red) and go on sale on Google's online store today. It will ship on November 4. What's more is that developers will be able to integrate their third-party apps with Google Assistant via "Actions on Google." With Actions on Google, developers will be able to create two kinds of actions: Direct and Conversation. Direct is made for relatively simple requests like home automation, while Conversation is made for a back and forth interaction utilizing API.ai. Actions on Google will also allow third-party hardware to take advantage of Google Assistant. Those interested can sign-up for the service today. But Google didn't stop there. The company went on to reveal all-new, multi-point Wifi routers called Google Wifi. The Verge reports: The Wifi router can be purchased two ways: as a single unit or in a multipack, just like Eero. A single unit is $129, while the three-pack will cost $299. Google says Wifi will be available for preorder in the U.S. in November and will ship to customers in December. There was no mention of international availability. Google says it has developed a number of technologies to make the Wifi system work, including intelligent routing of traffic from your phone or device to the nearest Wifi unit in your home. It supports AC 1200 wireless speeds, as well as simultaneous dual-band 2.4GHz and 5GHz networks. It also has beamforming technology and support for Bluetooth Smart. Google says the system will handle channel management and other traffic routing automatically.

At its hardware launch event earlier today, Google launched Google Home, a voice-activated speaker that aims to give Amazon's Echo a run for its money. The speaker is always-listening and uses Google's Assistant to deliver sports scores, weather information, commute times, and much more. Tech Crunch reports: So like the Echo, Google Home combines a wireless speaker with a set of microphones that listen for your voice commands. There is a mute button on the Home and four LEDs on top of the device so you can know when it's listening to you; otherwise, you won't find any other physical buttons on it. As for music, Google Home will feature built-in support for Google Play Music, Spotify, Pandora and others. You can set up a default music service, too, so you don't always have to tell Google that you want to play a song "on Spotify." Google also noted that Home's music search is powered by Google, so it can understand relatively complex queries. Music on Google Home will also support podcast listening and because it's a Cast device, you can stream music to it from any other Cast-enabled device. Home integrates with Google's Chromecasts and Cast-enabled TVs. For now, that mostly means watching YouTube videos, but Google says it will also support Netflix, too. Google Home will cost $129 (with a free six-month trial of YouTube Red) and go on sale on Google's online store today. It will ship on November 4. What's more is that developers will be able to integrate their third-party apps with Google Assistant via "Actions on Google." With Actions on Google, developers will be able to create two kinds of actions: Direct and Conversation. Direct is made for relatively simple requests like home automation, while Conversation is made for a back and forth interaction utilizing API.ai. Actions on Google will also allow third-party hardware to take advantage of Google Assistant. Those interested can sign-up for the service today. But Google didn't stop there. The company went on to reveal all-new, multi-point Wifi routers called Google Wifi. The Verge reports: The Wifi router can be purchased two ways: as a single unit or in a multipack, just like Eero. A single unit is $129, while the three-pack will cost $299. Google says Wifi will be available for preorder in the U.S. in November and will ship to customers in December. There was no mention of international availability. Google says it has developed a number of technologies to make the Wifi system work, including intelligent routing of traffic from your phone or device to the nearest Wifi unit in your home. It supports AC 1200 wireless speeds, as well as simultaneous dual-band 2.4GHz and 5GHz networks. It also has beamforming technology and support for Bluetooth Smart. Google says the system will handle channel management and other traffic routing automatically.