Slashdot Mirror

An anonymous reader writes: Current versions of Ubuntu and CentOS are disabling a security feature that was added to the GNOME desktop environment last year. The feature's name is Bubblewrap, which is a sandbox environment that the GNOME Project added to secure GNOME's thumbnail parsers in July 2017, with the release of GNOME 3.26. In recent years, security researchers have proven that thumbnail parses can be an attack vector [1, 2, 3].

Ubuntu Security Tech Lead Alex Murray said the Ubuntu team chose to disable Bubblewrap inside Ubuntu because they did not have the time to perform a security audit. Murray blamed the many CPU bugs (Spectre, Meltdown, etc.), which kept the team busy and prevented them to audit the feature.

An anonymous reader writes: Current versions of Ubuntu and CentOS are disabling a security feature that was added to the GNOME desktop environment last year. The feature's name is Bubblewrap, which is a sandbox environment that the GNOME Project added to secure GNOME's thumbnail parsers in July 2017, with the release of GNOME 3.26. In recent years, security researchers have proven that thumbnail parses can be an attack vector [1, 2, 3].

Ubuntu Security Tech Lead Alex Murray said the Ubuntu team chose to disable Bubblewrap inside Ubuntu because they did not have the time to perform a security audit. Murray blamed the many CPU bugs (Spectre, Meltdown, etc.), which kept the team busy and prevented them to audit the feature.

The leader of the firm behind the hit game Fortnite has accused Google of being "irresponsible" in the way it revealed a flaw affecting the Android version of the title. BBC, with additional input from Slashdot staff: On Friday, Google made public that hackers could hijack the game's installation software to load malware. The installer is needed because Epic Games has bypassed Google's app store to avoid giving it a cut of sales. Epic's chief executive said Google should have delayed sharing the news. "Android is an open platform. We released software for it. When Google identified a security flaw, we worked around the clock (literally) to fix it and release an update. The only irresponsible thing here is Google's rapid public release of technical details," he said. "We asked Google to hold the disclosure until the update was more widely installed," tweeted Tim Sweeney. "They refused, creating an unnecessary risk for Android users in order to score cheap PR points."

The leader of the firm behind the hit game Fortnite has accused Google of being "irresponsible" in the way it revealed a flaw affecting the Android version of the title. BBC, with additional input from Slashdot staff: On Friday, Google made public that hackers could hijack the game's installation software to load malware. The installer is needed because Epic Games has bypassed Google's app store to avoid giving it a cut of sales. Epic's chief executive said Google should have delayed sharing the news. "Android is an open platform. We released software for it. When Google identified a security flaw, we worked around the clock (literally) to fix it and release an update. The only irresponsible thing here is Google's rapid public release of technical details," he said. "We asked Google to hold the disclosure until the update was more widely installed," tweeted Tim Sweeney. "They refused, creating an unnecessary risk for Android users in order to score cheap PR points."

Next month, Apple plans to introduce three new phones in September -- an updated iPhone X, a bigger phone and a successor to the iPhone 8 with the iPhone X design, Bloomberg reports. The updated iPhone X could be considered as an "S upgrade" with a better system-on-a-chip and better cameras. The phone itself could look exactly the same as the iPhone X you can buy today. From the report: There'll be a new high-end iPhone, internally dubbed D33, with a display that measures about 6.5-inch diagonally, according to the people familiar with the matter. That would make it the largest iPhone by far and one of the biggest mainstream phones on the market. It will continue to have a glass back with stainless steel edges and dual cameras on the back. The big difference on the software side will be the ability to view content side-by-side in apps like Mail and Calendar. It will be Apple's second phone with a crisper organic light-emitting diode, or OLED, screen.

[...] Apple also plans an upgrade to the current iPhone X with a 5.8-inch OLED screen, which is internally dubbed D32, the people said. The main changes to the new OLED iPhones will be to processing speed and the camera, according to the people familiar with the devices. [...] Perhaps the most significant phone will be a new, cheaper device destined to replace the iPhone 8. Codenamed N84, it will look like the iPhone X, but include a larger near 6.1-inch screen, come in multiple colors, and sport aluminum edges instead of the iPhone X's stainless steel casing. It will also have a cheaper LCD screen instead of an OLED panel to keep costs down. The cheaper version's aluminum edges won't necessarily be the same color as the colored glass back, simplifying production, one person familiar with the matter said.

Palmer Luckey, the co-founder of Oculus, has something to say about the competing Magic Leap gear. He writes: The title of this review was carefully chosen, not glibly. I want what is best for VR and all other technologies on the Reality-Virtuality Continuum, Magic Leap included. Unfortunately, their current offering is a tragedy in the classical sense, even more so when you consider how their massive funding and carefully crafted hype sucked all the air out of the room in the AR space. It is less of a functional developer kit and more of a flashy hype vehicle that almost nobody can actually use in a meaningful way, and many of their design decisions seem to be driven by that reality. It does not deliver on almost any of the promises that allowed them to monopolize funding in the AR investment community.

Big U.S. technology companies are involved in the construction of one of the most intrusive citizen surveillance programs in history, HuffingtonPost notes in a new report. From the story: For the past nine years, India has been building the world's biggest biometric database by collecting the fingerprints, iris scans and photos of nearly 1.3 billion people. For U.S. tech companies like Microsoft, Amazon and Facebook, the project, called Aadhaar (which means "proof" or "basis" in Hindi), could be a gold mine. The CEO of Microsoft has repeatedly praised the project, and local media have carried frequent reports on consultations between the Indian government and senior executives from companies like Apple and Google (in addition to South Korean-based Samsung) on how to make tech products Aadhaar-enabled. But when reporters of HuffPost and HuffPost India asked these companies in the past weeks to confirm they were integrating Aadhaar into their products, only one company -- Google -- gave a definitive response.

That's because Aadhaar has become deeply controversial, and the subject of a major Supreme Court of India case that will decide the future of the program as early as this month. Launched nine years ago as a simple and revolutionary way to streamline access to welfare programs for India's poor, the database has become Indians' gateway to nearly any type of service -- from food stamps to a passport or a cell phone connection. Practical errors in the system have caused millions of poor Indians to lose out on aid. And the exponential growth of the project has sparked concerns among security researchers and academics that India is the first step toward setting up a surveillance society to rival China.

Big U.S. technology companies are involved in the construction of one of the most intrusive citizen surveillance programs in history, HuffingtonPost notes in a new report. From the story: For the past nine years, India has been building the world's biggest biometric database by collecting the fingerprints, iris scans and photos of nearly 1.3 billion people. For U.S. tech companies like Microsoft, Amazon and Facebook, the project, called Aadhaar (which means "proof" or "basis" in Hindi), could be a gold mine. The CEO of Microsoft has repeatedly praised the project, and local media have carried frequent reports on consultations between the Indian government and senior executives from companies like Apple and Google (in addition to South Korean-based Samsung) on how to make tech products Aadhaar-enabled. But when reporters of HuffPost and HuffPost India asked these companies in the past weeks to confirm they were integrating Aadhaar into their products, only one company -- Google -- gave a definitive response.

That's because Aadhaar has become deeply controversial, and the subject of a major Supreme Court of India case that will decide the future of the program as early as this month. Launched nine years ago as a simple and revolutionary way to streamline access to welfare programs for India's poor, the database has become Indians' gateway to nearly any type of service -- from food stamps to a passport or a cell phone connection. Practical errors in the system have caused millions of poor Indians to lose out on aid. And the exponential growth of the project has sparked concerns among security researchers and academics that India is the first step toward setting up a surveillance society to rival China.

One key lesson from the recent T-Mobile and several other breaches: our phone numbers, that serve as a means to identity and verify ourselves, are increasingly getting targeted, and the companies are neither showing an appetite to work on an alternative identity management system, nor are they introducing more safeguards to how phone numbers are handled and exchanged. From a report: Identity management experts have warned for years about over-reliance on phone numbers. But the United States doesn't offer any type of universal ID, which means private institutions and even the federal government itself have had to improvise. As cell phones proliferated, and phone numbers became more reliably attached to individuals long term, it was an obvious choice to start collecting those numbers even more consistently as a type of ID. But over time, SMS messages, biometric scanners, encrypted apps, and other special functions of smartphones have evolved into forms of authentication as well.

"The bottom line is society needs identifiers," says Jeremy Grant, coordinator of the Better Identity Coalition, an industry collaboration that includes Visa, Bank of America, Aetna, and Symantec. "We just have to make sure that knowledge of an identifier can't be used to somehow take over the authenticator. And a phone number is only an identifier; in most cases, it's public." Think of your usernames and passwords. The former are generally public knowledge; it's how people know who you are. But you keep the latter guarded, because it's how you prove who you are.

The use of phone numbers as both lock and key has led to the rise, in recent years, of so-called SIM swapping attacks, in which an attacker steals your phone number. When you add two-factor authentication to an account and receive your codes through SMS texts, they go to the attacker instead, along with any calls and texts intended for the victim. Sometimes attackers even use inside sources at carriers who will transfer numbers for them.

As Google pushes its AMP (accelerated mobile pages) project among publishers, assuring them of the traffic and efficiency gains, a new research finds some shortcomings in that promise. Web analytics service Chartbeat writes: Chartbeat, together with The Daily Beast, collaborated on a two-part research study to rigorously quantify the effect of adopting the Google-backed Accelerated Mobile Pages (AMP) format on publisher traffic. This study is the first formal statistical analysis of the effects of AMP on website traffic. The overall result of this study is a methodology for analysis that we hope will be useful to other data scientists.

Our overarching finding is that AMP boosts traffic for publishers on average, but most publishers are not average. Only 1 in 3 we analyzed could see clear statistical evidence of a traffic increase. Though it may be possible to optimize AMP implementation to improve monetization, publishers seeing lower revenue on the platform will have a hard time making the case that a traffic boost will make up for it.

The first is an A/B test run by The Daily Beast in which, at random, half of newly published articles were published in the AMP format and half were published in the standard format. This test failed to show clear statistical evidence of higher Google-driven page views on the AMP than non-AMP content. Meanwhile The Daily Beast observed clearly lower revenue for the AMP format.

As Google pushes its AMP (accelerated mobile pages) project among publishers, assuring them of the traffic and efficiency gains, a new research finds some shortcomings in that promise. Web analytics service Chartbeat writes: Chartbeat, together with The Daily Beast, collaborated on a two-part research study to rigorously quantify the effect of adopting the Google-backed Accelerated Mobile Pages (AMP) format on publisher traffic. This study is the first formal statistical analysis of the effects of AMP on website traffic. The overall result of this study is a methodology for analysis that we hope will be useful to other data scientists.

Our overarching finding is that AMP boosts traffic for publishers on average, but most publishers are not average. Only 1 in 3 we analyzed could see clear statistical evidence of a traffic increase. Though it may be possible to optimize AMP implementation to improve monetization, publishers seeing lower revenue on the platform will have a hard time making the case that a traffic boost will make up for it.

The first is an A/B test run by The Daily Beast in which, at random, half of newly published articles were published in the AMP format and half were published in the standard format. This test failed to show clear statistical evidence of higher Google-driven page views on the AMP than non-AMP content. Meanwhile The Daily Beast observed clearly lower revenue for the AMP format.

As Google pushes its AMP (accelerated mobile pages) project among publishers, assuring them of the traffic and efficiency gains, a new research finds some shortcomings in that promise. Web analytics service Chartbeat writes: Chartbeat, together with The Daily Beast, collaborated on a two-part research study to rigorously quantify the effect of adopting the Google-backed Accelerated Mobile Pages (AMP) format on publisher traffic. This study is the first formal statistical analysis of the effects of AMP on website traffic. The overall result of this study is a methodology for analysis that we hope will be useful to other data scientists.

Our overarching finding is that AMP boosts traffic for publishers on average, but most publishers are not average. Only 1 in 3 we analyzed could see clear statistical evidence of a traffic increase. Though it may be possible to optimize AMP implementation to improve monetization, publishers seeing lower revenue on the platform will have a hard time making the case that a traffic boost will make up for it.

The first is an A/B test run by The Daily Beast in which, at random, half of newly published articles were published in the AMP format and half were published in the standard format. This test failed to show clear statistical evidence of higher Google-driven page views on the AMP than non-AMP content. Meanwhile The Daily Beast observed clearly lower revenue for the AMP format.

Videogames have gotten harder to turn off, mental-health experts and parents say, raising concerns about the impact of seemingly endless gaming sessions on players' lives. From a report: Game developers for years have tweaked the dials not only on how games look and sound but how they operate under the hood, and such changes have made videogames more pervasive and enthralling, industry observers say. The World Health Organization in June added "gaming disorder" to an updated version of its International Classification of Diseases, warning about a condition in which people give up interests and activities to overly indulge in gaming despite negative consequences. It is expected to be formally classified in January 2022.

Many games today are free, available on multiple devices, and double as social networks. Where once games were played and put away for a while, now game companies are routinely delivering new content aimed at keeping players constantly engaged. Some new content is available only for a limited time, a maneuver that tugs at people's fears of missing out, psychologists say. "Videogames are engineered specifically to keep people playing," said Douglas A. Gentile, a research scientist focused on the impact of media on children and adults. "They're designed to hit the pleasure centers of the brain in some of the same ways that gambling can."

Sportsbooks have closed 50,000 betting accounts just in the U.K. -- and placed strict limits on 50,000 more, according to gaming experts contacted by ESPN. "Bookmakers from London to Las Vegas are refusing to take bets from a growing number of customers whose only offense might be trying to win." Banning or limiting sophisticated players has been a regular part of Las Vegas sports betting for decades, and, like in the U.K., there's absolutely nothing illegal about it. Bettors say the practice is increasing and has even occurred in some of the new states (such as New Jersey) that have entered into the now-legal bookmaking game in recent months. "Americans should be worried," said Brian Chappell, a founder for the U.K. bettor advocacy group Justice for Punters. "It's coming."

In Nevada, refusing to take bets from any customer, from card counters to wise-guy sports bettors, is completely within any casino's legal rights. From Caesars Palace to the Venetian to more local spots like Station Casinos, every bookmaker in town will tell you -- albeit somewhat quietly -- that they've 86'd customers for one reason or another. Seasoned bettors are concerned, though, that the practice of banning or limiting accounts is not only increasing, but the reasoning behind the decisions is becoming more and more suspect. Many believe that the only thing betting intelligently will get you at some shops is a one-way ticket to being thrown out...

In shooting for commercial success, should bookmakers be allowed to refuse to take bets from customers who take steps to try to win? On the other hand, should a business be forced to take on a customer they fear will repeatedly damage its bottom line? The debate is getting ready to play out in state legislatures across the U.S. In May, the Supreme Court struck down the federal ban on state-sponsored sports betting. Full-scale, legal sportsbooks have since opened in Delaware, Mississippi and New Jersey, and many more states are expected to pass sports betting laws and set up regulations in the coming months and years.
"In the end, you have two professions, each trying to increase profits, but only one side gets to make the rules," concludes ESPN.

One London-based veteran of the international sports betting industry even suggests a peer-to-peer betting exchange which simply pairs people betting on opposing outcomes -- thus taking a commission, but not facing any risk.

An anonymous reader writes: Verizon testified Friday before a California State Assembly committee about why its "throttling" of county firefighters was completely unrelated to net neutrality. Then they surprised everyone by announcing that they were lifting all data caps on public safety workers with unlimited data plans, including federal justice agencies like the FBI, CIA and Secret Service.

Verizon claimed this was completely unrelated to the fact that 13 California Congressmen are now demanding that the FTC investigate Verizon's throttling of firefighters battling California's 290,692-acre wildfire. "It is unacceptable for communications providers to deceive their customers," the Congressmen wrote, "but when the consumer in question is a government entity tasked with fire and emergency services, we can't afford to wait a moment longer."
Meanwhile, the California Professional Firefighters, which represents more than 30,000 firefighters and emergency personnel, came out in support of a strict new California law that restores net neutrality provisions, saying their group had "come to conclude that if net neutrality is not restored, the effect could be disastrous to the public's safety."

One county fire chief even testified this was the third time in eight months they've been throttled by Verizon.

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. "The Electronic Frontier Foundation has filed an answering brief in defense of Bruce Perens in the merits appeal of the Open Source Security Inc./Bradley Spengler v. Bruce Perens lawsuit," reads his latest submission -- with more details at Perens.com: Last year, Open Source Security and its CEO, Bradley Spengler, brought suit against me for defamation and related torts regarding this blog post and this Slashdot discussion. After the lower court ruled against them, I asked for my defense costs and was awarded about $260K for them by the court.

The plaintiffs brought two appeals, one on the merits of the lower court's ruling and one on the fees charged to them for my defense... The Electronic Frontier Foundation took on the merits appeal, pro-bono (for free, for the public good), with the pro-bono assistance of my attorneys at O'Melveny who handled the lower court case...

You can follow the court proceedings here
"Sorry I can't comment further on the case," Perens writes in a comment on Slashdot, adding "it's well-known legal hygiene that you don't do that." But he's willing to talk about other things.

"Valerie and I are doing well. I am doing a lot of travel for the Open Source Initiative as their Standards Chair, speaking with different standards groups and governments about standards in patents and making them compatible with Open Source."

Microsoft launched its new Surface Go device earlier this month with an Intel Pentium Gold processor inside. It's been one of the main focus points for discussions around performance and mobility for this 10-inch Surface, and lots of people have wondered why Microsoft didn't opt for Qualcomm's Snapdragon processors and Windows on ARM. The Verge: Paul Thurrott reports that Microsoft wanted to use an ARM processor for the Surface Go, but that Intel intervened. Intel reportedly "petitioned Microsoft heavily" to use its Pentium Gold processors instead of ARM ones. It's not clear why Microsoft didn't push ahead with its ARM plans for Surface Go, but in my own experience the latest Snapdragon chips simply don't have the performance and compatibility to match Intel on laptops just yet.

Microsoft launched its new Surface Go device earlier this month with an Intel Pentium Gold processor inside. It's been one of the main focus points for discussions around performance and mobility for this 10-inch Surface, and lots of people have wondered why Microsoft didn't opt for Qualcomm's Snapdragon processors and Windows on ARM. The Verge: Paul Thurrott reports that Microsoft wanted to use an ARM processor for the Surface Go, but that Intel intervened. Intel reportedly "petitioned Microsoft heavily" to use its Pentium Gold processors instead of ARM ones. It's not clear why Microsoft didn't push ahead with its ARM plans for Surface Go, but in my own experience the latest Snapdragon chips simply don't have the performance and compatibility to match Intel on laptops just yet.

Microsoft launched its new Surface Go device earlier this month with an Intel Pentium Gold processor inside. It's been one of the main focus points for discussions around performance and mobility for this 10-inch Surface, and lots of people have wondered why Microsoft didn't opt for Qualcomm's Snapdragon processors and Windows on ARM. The Verge: Paul Thurrott reports that Microsoft wanted to use an ARM processor for the Surface Go, but that Intel intervened. Intel reportedly "petitioned Microsoft heavily" to use its Pentium Gold processors instead of ARM ones. It's not clear why Microsoft didn't push ahead with its ARM plans for Surface Go, but in my own experience the latest Snapdragon chips simply don't have the performance and compatibility to match Intel on laptops just yet.

Weeks after Tesla CEO Elon Musk expressed his intentions to take his company private, on late Friday, he said investors have convinced him that he shouldn't take the company private, so the firm will remain on the public stock markets. From a report: The eccentric and sometimes erratic CEO said in a statement late Friday that he made the decision based on feedback from shareholders, including institutional investors, who said they have internal rules limiting how much they can sink into a private company. Musk met with the electric car and solar panel company's board on Thursday to tell them he wanted to stay public and the board agreed, according to the statement. In a blog post, Mr. Musk shared the rationale behind his decision, to which he arrived after speaking with investors, both large and small, banks and others. He said: Given the feedback I've received, it's apparent that most of Tesla's existing shareholders believe we are better off as a public company. Additionally, a number of institutional shareholders have explained that they have internal compliance issues that limit how much they can invest in a private company. There is also no proven path for most retail investors to own shares if we were private. Although the majority of shareholders I spoke to said they would remain with Tesla if we went private, the sentiment, in a nutshell, was "please don't do this."

I knew the process of going private would be challenging, but it's clear that it would be even more time-consuming and distracting than initially anticipated. This is a problem because we absolutely must stay focused on ramping Model 3 and becoming profitable. We will not achieve our mission of advancing sustainable energy unless we are also financially sustainable. That said, my belief that there is more than enough funding to take Tesla private was reinforced during this process.

Epic decided to ditch Google Play Store for its sleeper hit Fortnite. By doing so, while Epic may have saved some money that it would have had to split with Google, it also ran into an issue that it could have avoided had it not parted ways with Google. AndroidCentral reports: Google has just publicly disclosed that it discovered an extremely serious vulnerability in Epic's first Fortnite installer for Android that allowed any app on your phone to download and install anything in the background, including apps with full permissions granted, without the user's knowledge. Google's security team first disclosed the vulnerability privately to Epic Games on August 15, and has since released the information publicly following confirmation from Epic that the vulnerability was patched.

[...] When you go to download "Fortnite" you don't actually download the whole game, you download the Fortnite Installer first. The Fortnite Installer is a simple app that you download and install, which then subsequently downloads the full Fortnite game directly from Epic. The problem, as Google's security team discovered, was that the Fortnite Installer was very easily exploitable to hijack the request to download Fortnite from Epic and instead download anything when you tap the button to download the game. It's what's known as a "man-in-the-disk" attack.

Epic decided to ditch Google Play Store for its sleeper hit Fortnite. By doing so, while Epic may have saved some money that it would have had to split with Google, it also ran into an issue that it could have avoided had it not parted ways with Google. AndroidCentral reports: Google has just publicly disclosed that it discovered an extremely serious vulnerability in Epic's first Fortnite installer for Android that allowed any app on your phone to download and install anything in the background, including apps with full permissions granted, without the user's knowledge. Google's security team first disclosed the vulnerability privately to Epic Games on August 15, and has since released the information publicly following confirmation from Epic that the vulnerability was patched.

[...] When you go to download "Fortnite" you don't actually download the whole game, you download the Fortnite Installer first. The Fortnite Installer is a simple app that you download and install, which then subsequently downloads the full Fortnite game directly from Epic. The problem, as Google's security team discovered, was that the Fortnite Installer was very easily exploitable to hijack the request to download Fortnite from Epic and instead download anything when you tap the button to download the game. It's what's known as a "man-in-the-disk" attack.

It's been 27 years since Linus Torvalds let a group of people know about his "hobby" OS. OMGUbuntu blog writes: Did you know that Linux, like Queen Elizabeth II, actually has two birthdays? Some FOSS fans consider the first public release of (prototype) code, which dropped on October 5, 1991, as more worthy of being the kernel's true anniversary date. Others, ourselves included, take today, August 25, as the "birth" date of the project. And for good reason. This is the day on which, back in 1991, a young Finnish college student named Linus Torvalds sat at his desk to let the folks on comp.os.minix newsgroup know about the "hobby" OS he was working on. The "hobby OS" that wouldn't, he cautioned, be anything "big" or "professional." Even as Linux continues to have lion's share in the enterprise world, it has only managed to capture a tiny fraction of the consumer space. Further reading: Ask Slashdot: Whatever Happened To the 'Year of Linux on Desktop'?

Which Linux-based distro do you use? What changes, if any, would you like to see in it in the next three years?

It's been 27 years since Linus Torvalds let a group of people know about his "hobby" OS. OMGUbuntu blog writes: Did you know that Linux, like Queen Elizabeth II, actually has two birthdays? Some FOSS fans consider the first public release of (prototype) code, which dropped on October 5, 1991, as more worthy of being the kernel's true anniversary date. Others, ourselves included, take today, August 25, as the "birth" date of the project. And for good reason. This is the day on which, back in 1991, a young Finnish college student named Linus Torvalds sat at his desk to let the folks on comp.os.minix newsgroup know about the "hobby" OS he was working on. The "hobby OS" that wouldn't, he cautioned, be anything "big" or "professional." Even as Linux continues to have lion's share in the enterprise world, it has only managed to capture a tiny fraction of the consumer space. Further reading: Ask Slashdot: Whatever Happened To the 'Year of Linux on Desktop'?

Which Linux-based distro do you use? What changes, if any, would you like to see in it in the next three years?

China has shut down numerous blockchain-related news accounts on the WeChat social app, and banned hotels in downtown Beijing from hosting events promoting cryptocurrencies, in a renewed crackdown on activities related to the digital money. From a report: At least eight blockchain and cryptocurrency-focused online media outlets -- some of which raised several million dollars in venture capital -- found their official public accounts on WeChat blocked on Tuesday evening, due to violations against new regulations from China's top internet watchdog. Tencent, operator of WeChat, said in a statement that it has shut down these accounts permanently as they are "suspected of publishing information related to ICOs [initial coin offerings] and speculations on cryptocurrency trading." It cited regulations enacted earlier this month by the Cyberspace Administration of China, which, among other things, demand content providers within chat apps comply with "national interests" and "public orders."

China has shut down numerous blockchain-related news accounts on the WeChat social app, and banned hotels in downtown Beijing from hosting events promoting cryptocurrencies, in a renewed crackdown on activities related to the digital money. From a report: At least eight blockchain and cryptocurrency-focused online media outlets -- some of which raised several million dollars in venture capital -- found their official public accounts on WeChat blocked on Tuesday evening, due to violations against new regulations from China's top internet watchdog. Tencent, operator of WeChat, said in a statement that it has shut down these accounts permanently as they are "suspected of publishing information related to ICOs [initial coin offerings] and speculations on cryptocurrency trading." It cited regulations enacted earlier this month by the Cyberspace Administration of China, which, among other things, demand content providers within chat apps comply with "national interests" and "public orders."

U.S. President Donald Trump accused social media companies on Friday of silencing "millions of people" in an act of censorship, but without offering evidence to support the claim. From a report: "Social Media Giants are silencing millions of people. Can't do this even if it means we must continue to hear Fake News like CNN, whose ratings have suffered gravely. People have to figure out what is real, and what is not, without censorship!" Trump wrote on Twitter, not mentioning any specific companies. Trump also criticized social media outlets last week, saying without providing proof that unidentified companies were "totally discriminating against Republican/Conservative voices." Mr. President's Friday remarks comes days after he expressed concerns over Twitter and Facebook regulating the content on their own platforms. He found such practice "very dangerous."

Amazon has been criticized for years by activists and labor unions for working conditions in its warehouses. So it caught the eye of a Seattle Times journalist when he saw several people, all of which created account recently, tweet positive things about their work experience at Amazon's warehouse. The report says: A group of more than a dozen Amazon Twitter users in the last two weeks started responding to critics of the company on the social media site, sharing upbeat tales of their working conditions and pay at Amazon's distribution network. Identified by first names and "Amazon FC Ambassador," they each opened a Twitter account this month, are unfailingly polite, and pepper emojis into conversations about the generosity of their benefits packages and job satisfaction at Amazon's fulfillment centers, the company's term for its sprawling warehouses.

[...] Amazon's Twitter legion, though small, appears to represent a new front in the company's effort to portray itself as a generous employer. The company has been criticized for years by activists and labor unions for working conditions in its warehouses, with media reports finding the company failed to provide air conditioning at some facilities during the summer, and set work quotas that could exceed employees' ability to keep up.

Amazon has been criticized for years by activists and labor unions for working conditions in its warehouses. So it caught the eye of a Seattle Times journalist when he saw several people, all of which created account recently, tweet positive things about their work experience at Amazon's warehouse. The report says: A group of more than a dozen Amazon Twitter users in the last two weeks started responding to critics of the company on the social media site, sharing upbeat tales of their working conditions and pay at Amazon's distribution network. Identified by first names and "Amazon FC Ambassador," they each opened a Twitter account this month, are unfailingly polite, and pepper emojis into conversations about the generosity of their benefits packages and job satisfaction at Amazon's fulfillment centers, the company's term for its sprawling warehouses.

[...] Amazon's Twitter legion, though small, appears to represent a new front in the company's effort to portray itself as a generous employer. The company has been criticized for years by activists and labor unions for working conditions in its warehouses, with media reports finding the company failed to provide air conditioning at some facilities during the summer, and set work quotas that could exceed employees' ability to keep up.

Amazon has been criticized for years by activists and labor unions for working conditions in its warehouses. So it caught the eye of a Seattle Times journalist when he saw several people, all of which created account recently, tweet positive things about their work experience at Amazon's warehouse. The report says: A group of more than a dozen Amazon Twitter users in the last two weeks started responding to critics of the company on the social media site, sharing upbeat tales of their working conditions and pay at Amazon's distribution network. Identified by first names and "Amazon FC Ambassador," they each opened a Twitter account this month, are unfailingly polite, and pepper emojis into conversations about the generosity of their benefits packages and job satisfaction at Amazon's fulfillment centers, the company's term for its sprawling warehouses.

[...] Amazon's Twitter legion, though small, appears to represent a new front in the company's effort to portray itself as a generous employer. The company has been criticized for years by activists and labor unions for working conditions in its warehouses, with media reports finding the company failed to provide air conditioning at some facilities during the summer, and set work quotas that could exceed employees' ability to keep up.

secwatcher shares a report: Last week we reported that Chrome has started displaying alerts more often that suggest users remove programs that are considered incompatible applications with Chrome because they inject code into the browser's processes. These alerts are displayed by Chrome after the browser crashes and suggest the user remove the listed programs because "this application could prevent Chrome from working properly." One of the programs that a lot of users have seen listed in these alerts and is suggested to be removed is the Bitdefender antivirus program as shown above. Having a well known company like Google telling users to remove a security solution is a problem as these programs are important for many users to have installed on their computers in order to protect them from malware, unwanted programs, and malicious websites. Due to these alerts and their suggestion to remove the antivirus software, Bogdan Botezatu, a senior e-threat analyst for Bitdefender, has told Bleeping Computer that as of August 20th, Bitdefender is no longer monitoring Chrome 66 and later with their anti-exploit technology.

IRC (Internet Relay Chat) was born at the Department of Information Processing Science of the University of Oulu 30 years ago. Taking some time out of his summer job, Jarkko Oikarinen developed the internet chat system. For the last several years, Oikarinen has been working at Google, overseeing the development of several communication services. Though several mainstream services have ended support for IRC over the years, the system is still in existence and used by many.

IRC (Internet Relay Chat) was born at the Department of Information Processing Science of the University of Oulu 30 years ago. Taking some time out of his summer job, Jarkko Oikarinen developed the internet chat system. For the last several years, Oikarinen has been working at Google, overseeing the development of several communication services. Though several mainstream services have ended support for IRC over the years, the system is still in existence and used by many.

On late Thursday, T-Mobile revealed that hackers stole some of the personal data of 2 million people in a new data breach. From a report: In a brief intrusion, hackers stole "some" customer data including names, email addresses, account numbers, and other billing information. The good news is that they did not get credit card numbers, social security numbers, or passwords, according to the company. In its announcement, T-Mobile said that its cybersecurity team detected an "unauthorized capture of some information" on Monday, Aug. 20. A company spokesperson told me that the breach affected "about" or "slightly less than" 3% of its 77 million customers.

While we know that Linux app support is coming to a range of Chromebooks from Lenovo, Acer, Dell and others, a post on the Chromium Gerrit reveals that devices running Linux 3.14 or older will miss out. BetaNews: Chrome OS is able to run Linux apps through the use of containers which help to keep the rest of the operating system safe from harm. As container support requires features that are only found in more recent versions of the Linux kernel, it means that many Chromebooks -- whose kernels are usually not updated -- will not be able to run Linux apps.

Here's the full list of Chromebooks that won't be getting the Linux love: AOpen Chromebase Mini (Feb 2017; tiger, veyron_pinky), AOpen Chromebox Mini (Feb 2017; fievel, veyron_pinky), ASUS Chromebook C201 (May 2015; speedy, veyron_pinky), Acer C670 Chromebook 11 (Feb 2015; paine, auron), Acer Chromebase 24 (Apr 2016; buddy, auron), Acer Chromebook 15 (Apr 2015; yuna, auron), Acer Chromebox CXI2 (May 2015; rikku, jecht), Asus Chromebit CS10 (Nov 2015; mickey, veyron_pinky), Asus Chromebook Flip C100PA (Jul 2015; minnie, veyron_pinky), Asus Chromebox CN62 (Aug 2015; guado, jecht), Dell Chromebook 13 7310 (Aug 2015; lulu, auron), Google Chromebook Pixel (Mar 2015; samus), Lenovo ThinkCentre Chromebook (May 2015; tidus, jecht), Toshiba Chromebookk 2 (Sep 2015; gandof, auron).

While we know that Linux app support is coming to a range of Chromebooks from Lenovo, Acer, Dell and others, a post on the Chromium Gerrit reveals that devices running Linux 3.14 or older will miss out. BetaNews: Chrome OS is able to run Linux apps through the use of containers which help to keep the rest of the operating system safe from harm. As container support requires features that are only found in more recent versions of the Linux kernel, it means that many Chromebooks -- whose kernels are usually not updated -- will not be able to run Linux apps.

Here's the full list of Chromebooks that won't be getting the Linux love: AOpen Chromebase Mini (Feb 2017; tiger, veyron_pinky), AOpen Chromebox Mini (Feb 2017; fievel, veyron_pinky), ASUS Chromebook C201 (May 2015; speedy, veyron_pinky), Acer C670 Chromebook 11 (Feb 2015; paine, auron), Acer Chromebase 24 (Apr 2016; buddy, auron), Acer Chromebook 15 (Apr 2015; yuna, auron), Acer Chromebox CXI2 (May 2015; rikku, jecht), Asus Chromebit CS10 (Nov 2015; mickey, veyron_pinky), Asus Chromebook Flip C100PA (Jul 2015; minnie, veyron_pinky), Asus Chromebox CN62 (Aug 2015; guado, jecht), Dell Chromebook 13 7310 (Aug 2015; lulu, auron), Google Chromebook Pixel (Mar 2015; samus), Lenovo ThinkCentre Chromebook (May 2015; tidus, jecht), Toshiba Chromebookk 2 (Sep 2015; gandof, auron).

After weeks of teases, Nikon has unveiled its first brand new full-frame mirrorless cameras to challenge Sony in the mirrorless market. As The Verge notes, the Z7 and Z6 are "basically a tit-for-tat response to Sony's A7III and A7RIII, and Nikon is aggressively going several steps beyond what Canon has attempted with mirrorless cameras." From the report: The Z7, coming on September 27th, has a 45.7-megapixel sensor, 493 focus points, and 64-25600 ISO. The Z6 will follow in "late November" with a 24.5-megapixel sensor, 273 focus points, and 100-51200 ISO. The cameras bring with them an all-new Z mount system that will debut with a 24-70mm f/4 "kit" lens. With the lens bundled, the Z7 will run $3,999.95, with the Z6 at $2,599.95. The lens runs $999.95 on its own and has a minimum focus distance of under 12 inches across its zoom range. A 35mm f/1.8 prime ($845.95) will be available at launch as well. There's also a 50mm f/1.8 prime ($599.95) coming in October that Nikon tells me has astounded some of its engineers with sharpness and edge-to-edge clarity. The company is releasing a $250 FTZ adapter that will allow these cameras to support Nikon's F-mount lenses. The adapter offers "full compatibility" (support for autofocus and auto exposure) with over 90 lenses. "Nikon is promising basic compatibility with approximately 360 existing F lenses for those that don't mind handling focus and exposure," reports The Verge.

An anonymous reader quotes a report from The Register: Intel has backtracked on the license for its latest microcode update that mitigates security vulnerabilities in its processors -- after the previous wording outlawed public benchmarking of the chips. The reason for Intel's insistence on a vow of silence is that -- even with the new microcode in place -- turning off hyper-threading is necessary to protect virtual machines from attack via Foreshadow -- and that move comes with a potential performance hit. Predictably, Intel's contractual omerta had the opposite effect and drew attention to the problem. "Performance is so bad on the latest Spectre patch that Intel had to prohibit publishing benchmarks," said Lucas Holt, MidnightBSD project lead, via Twitter.

In response to the outcry, Intel subsequently said it would rewrite the licensing terms. And now the fix is in. Via Twitter, Imad Sousou, corporate VP and general manager of Intel Open Source Technology Center, on Thursday said: "We have simplified the Intel license to make it easier to distribute CPU microcode updates and posted the new version here. As an active member of the open source community, we continue to welcome all feedback and thank the community." The reworked license no longer prohibits benchmarking. Long-time Slashdot reader and open-source pioneer, Bruce Perens, first brought Intel's microcode update to our attention. In a phone interview with The Register, Perens said he approved of the change. "This is a relatively innocuous license for proprietary software and it can be distributed in the non-free section of Debian, which is where is used to be, and it should be distributable by other Linux distributions," he said. "You can't expect every lawyer to understand CPUs. Sometimes they have to have a deep conversation with their technical people."

An anonymous reader quotes a report from The Register: Intel has backtracked on the license for its latest microcode update that mitigates security vulnerabilities in its processors -- after the previous wording outlawed public benchmarking of the chips. The reason for Intel's insistence on a vow of silence is that -- even with the new microcode in place -- turning off hyper-threading is necessary to protect virtual machines from attack via Foreshadow -- and that move comes with a potential performance hit. Predictably, Intel's contractual omerta had the opposite effect and drew attention to the problem. "Performance is so bad on the latest Spectre patch that Intel had to prohibit publishing benchmarks," said Lucas Holt, MidnightBSD project lead, via Twitter.

In response to the outcry, Intel subsequently said it would rewrite the licensing terms. And now the fix is in. Via Twitter, Imad Sousou, corporate VP and general manager of Intel Open Source Technology Center, on Thursday said: "We have simplified the Intel license to make it easier to distribute CPU microcode updates and posted the new version here. As an active member of the open source community, we continue to welcome all feedback and thank the community." The reworked license no longer prohibits benchmarking. Long-time Slashdot reader and open-source pioneer, Bruce Perens, first brought Intel's microcode update to our attention. In a phone interview with The Register, Perens said he approved of the change. "This is a relatively innocuous license for proprietary software and it can be distributed in the non-free section of Debian, which is where is used to be, and it should be distributable by other Linux distributions," he said. "You can't expect every lawyer to understand CPUs. Sometimes they have to have a deep conversation with their technical people."

Tap on the Venmo app on your phone, and chances are you'll greeted with a running list of payments made from one person to another for anything from brunch bills to rent payments. But the real-time ticker of strangers' spending habits could soon go away. From a report: In recent weeks, executives at PayPal, the parent company of Venmo, were weighing whether to remove the option to post and view public transactions, said a person familiar with the deliberations. It's unclear if those discussions are still ongoing, and regardless of the outcome, payments between friends would still be visible on the home feed, said the person, who asked not to be identified because the discussions are private. "Venmo is always evaluating what's best for our customers," a PayPal spokesman wrote in an emailed statement. "The safety and privacy of Venmo users and their information is always a top priority, and we do a number of things to keep our users informed and help them protect and control their privacy."

A former government contractor who pleaded guilty to leaking U.S. secrets about Russia's attempts to hack the 2016 presidential election was sentenced Thursday to five years and three months in prison. From a report: It was the sentence that prosecutors had recommended in the plea deal -- the longest sentence ever given for a federal crime involving leaks to the news media -- for Reality Winner, the Georgia woman at the center of the case. Winner was also sentenced to three years of supervised release and no fine, except for a $100 special assessment fee. The crime carried a maximum penalty of 10 years. U.S. District Court Judge J. Randal Hall in Augusta, Georgia, was not bound to follow the plea deal, but elected to give Winner the amount of time prosecutors requested. Winner, 26, who contracted for the National Security Agency, pleaded guilty in June to copying a classified report that detailed the Russian government's efforts to penetrate a Florida-based voting software supplier. Further reading: How a Few Yellow Dots Burned the Intercept's NSA Leaker.

furry_wookie writes: A suspected attempt to hack into the Democratic National Committee's voter database was actually a cybersecurity test [Editor's note: the originally submitted article might be paywalled; an alternative source], the organization said. The DNC, which was [allegedly] hacked by Russian intelligence officers during the 2016 presidential campaign, said Tuesday it had contacted the Federal Bureau of Investigation after being alerted to an apparent phishing scheme by the computer security firm Lookout Inc., which uncovered a replica of the login page to the DNC's Votebuilder database during an online scan. In a statement early Wednesday, Bob Lord, the DNC's chief information security officer, said the DNC and its partners who reported the site 'now believe it was built by a third party as part of a simulated phishing test.'

Last month, Bloomberg shed some light on a secretive Australian startup called Zoox that is working on an autonomous vehicle unlike any other. It can reportedly make noises to communicate with pedestrians and drive bidirectionally, meaning it can cruise into a parking spot one way and cruise out the other. Today, it is being reported that their CEO Tim Kentley-Klay is being dismissed from the company after closing a massive financing round in July to the tune of $500 million. From the report: Kentley-Klay tweeted on Wednesday that the firing came "without a warning, cause or right of reply." "Today was Silicon Valley up to its worst tricks," he wrote. Jesse Levinson, the company's other co-founder and current chief technology officer, will be promoted to president, said a person familiar with the decision who asked not to be identified because the discussions are private. The person declined to offer an explanation for the move. Carl Bass, the former CEO of Autodesk and a Zoox board member, was named executive chairman for the company.

In an emotional missive on Twitter, Kentley-Klay criticized the board for their decision. "Rather than working through the issues in an epic startup for the win, the board chose the path of fear," he wrote, charging that the directors were "optimizing for a little money in hand at the expense of profound progress." Before starting Zoox, Kentley-Klay was offered a job with Google's self-driving project, now called Waymo. He turned it down, and has touted Zoox's strategy of building its own vehicles for full autonomy as wiser than the standard approach of retrofitting existing cars that Alphabet Inc.'s Waymo and others are taking. The Zoox board, which includes Levinson, voted to oust Kentley-Klay, said the person familiar with the situation.

Apple has removed Facebook's Onavo security app from the App Store because it violated the company's privacy rules. In a statement to CNBC, an Apple spokesperson said: "We work hard to protect user privacy and data security throughout the Apple ecosystem. With the latest update to our guidelines, we made it explicitly clear that apps should not collect information about which other apps are installed on a user's device for the purposes of analytics or advertising/marketing and must make it clear what user data will be collected and how it will be used." From the report: According to a Wall Street Journal story on Wednesday, citing a person familiar with the matter, Apple officials told Facebook last week that Onavo violated the company's rules on data collection by developers, and suggested last Thursday that Facebook voluntarily remove the app. Facebook acquired Israel-based Onavo in 2013, snapping up the free security app that lets users access a virtual private network, or VPN, to browse the web and download apps with a greater degree of privacy. Facebook in the past has offered that service to users without clearly disclosing that its owns the app, and has collected data about what other types of apps those customers use. In June, Facebook told Congress that it does not use Onavo data "for Facebook product uses" or to collect information about individuals, but it has admitted to using Onavo to gather broad information about which apps are popular and how people are using them, which it uses to improve its own products.

Long-time Slashdot reader Bruce Perens writes: The Register reports that Debian is rejecting a new Intel microcode update because of a new license term prohibiting the use of the CPU for benchmarks and profiling.

There is a new license term applied to the new microcode: "You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (ii) modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws or any applicable third party license terms accompanying the Software; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results." UPDATE:: Intel has reworked the license to no longer prohibit benchmarking. Imad Sousou, corporate VP and general manager of Intel Open Source Technology Center, tweeted on Thursday: "We have simplified the Intel license to make it easier to distribute CPU microcode updates and posted the new version here. As an active member of the open source community, we continue to welcome all feedback and thank the community."
The security fixes are known to significantly slow down Intel processors, which won't just disappoint customers and reduce the public regard of Intel, it will probably lead to lawsuits (if it hasn't already). Suddenly having processors that are perhaps 5% to 10% slower, if they are to be secure, is a significant damage to many companies that run server farms or provide cloud services. I'm not blaming Intel for this, I don't know if Intel could have foreseen the problem. Since some similar exploits have been discovered for AMD and ARM CPUs, the answer could be "no." But certainly customers are upset.

Another issue is whether the customer should install the fix at all. Many computer users don't allow outside or unprivileged users to run on their CPUs the way a cloud or hosting company does. For them, these side-channel and timing attacks are mostly irrelevant, and the slowdown incurred by installing the fix is unnecessary.

So, lots of people are interested in the speed penalty incurred in the microcode fixes, and Intel has now attempted to gag anyone who would collect information for reporting about those penalties, through a restriction in their license. Bad move. The correct way to handle security problems is to own up to the damage, publish mitigations, and make it possible for your customers to get along. Hiding how they are damaged is unacceptable. Silencing free speech by those who would merely publish benchmarks? Bad business. Customers can't trust your components when you do that.

An anonymous reader quotes a report from Ars Technica: A fire department whose data was throttled by Verizon Wireless while it was fighting California's largest-ever wildfire has rejected Verizon's claim that the throttling was just a customer service error and "has nothing to do with net neutrality." The throttling "has everything to do with net neutrality," a Santa Clara County official said. Verizon yesterday acknowledged that it shouldn't have continued throttling Santa Clara County Fire Department's "unlimited" data service while the department was battling the Mendocino Complex Fire. Verizon said the department had chosen an unlimited data plan that gets throttled to speeds of 200kbps or 600kbps after using 25GB a month but that Verizon failed to follow its policy of "remov[ing] data speed restrictions when contacted in emergency situations." "This was a customer support mistake" and not a net neutrality issue, Verizon said. "Verizon's throttling has everything to do with net neutrality -- it shows that the ISPs will act in their economic interests, even at the expense of public safety," County Counsel James Williams said on behalf of the county and fire department. "That is exactly what the Trump Administration's repeal of net neutrality allows and encourages."

An anonymous reader quotes a report from Ars Technica: A fire department whose data was throttled by Verizon Wireless while it was fighting California's largest-ever wildfire has rejected Verizon's claim that the throttling was just a customer service error and "has nothing to do with net neutrality." The throttling "has everything to do with net neutrality," a Santa Clara County official said. Verizon yesterday acknowledged that it shouldn't have continued throttling Santa Clara County Fire Department's "unlimited" data service while the department was battling the Mendocino Complex Fire. Verizon said the department had chosen an unlimited data plan that gets throttled to speeds of 200kbps or 600kbps after using 25GB a month but that Verizon failed to follow its policy of "remov[ing] data speed restrictions when contacted in emergency situations." "This was a customer support mistake" and not a net neutrality issue, Verizon said. "Verizon's throttling has everything to do with net neutrality -- it shows that the ISPs will act in their economic interests, even at the expense of public safety," County Counsel James Williams said on behalf of the county and fire department. "That is exactly what the Trump Administration's repeal of net neutrality allows and encourages."

A backlash against the app stores of Apple and Google is gaining steam, with a growing number of companies saying the tech giants are collecting too high a tax for connecting consumers to developers' wares. From a report: Netflix and video game makers Epic Games and Valve are among companies that have recently tried to bypass the app stores or complained about the cost of the tolls Apple and Google charge. Grumbling about app store economics isn't new. But the number of complaints, combined with new ways of reaching users, regulatory scrutiny and competitive pressure are threatening to undermine what have become digital goldmines for Apple and Google. "It feels like something bubbling up here," said Ben Schachter, an analyst at Macquarie. "The dollars are just getting so big. They just don't want to be paying Apple and Google billions." Apple and Google launched their app stores in 2008, and they soon grew into powerful marketplaces that matched the creations of millions of independent developers with billions of smartphone users. In exchange, the companies take up to 30 percent of the money consumers pay developers.