Slashdot Mirror

AT&T is launching a new streaming service incorporating television networks from the Time Warner company it just bought. From a report: The WatchTV service, a cable-like package of more than 30 TV channels delivered over the internet, is an example of the "skinny bundles" coming from telecom and broadband providers as more people watch TV online. Competitors include Sling TV, PlayStation Vue and AT&T's own DirecTV Now. WatchTV will be free for subscribers of two unlimited wireless plans AT&T is launching. Others can get WatchTV for $15 -- $20 less than DirecTV Now, but with just half the channels.

Reports out of Taiwan now suggest that Nvidia has a gaming GPU inventory problem. An anonymous reader writes: Tech news site SemiAccurate which covers the GPU space pretty closely, and has broken stories like AMD's acquisition of ATI Technologies and Nvidia's Bumpgate, just published an article on why Nvidia has delayed their new gaming GPUs. It seems the Hot Chips 30 agenda cancellation and Jensen's no new GPUs for 'a long time' comment have created enough of a stir to get journalists and industry insiders asking questions. While curiosity amongst all this confusion is natural, I was surprised to discover that people were starting to speculate Nvidia's delay was due to technical issues with their new GPUs. This had never been a concern of mine, and as it turns out, it's clearly not the case. So, what the problem? Nvidia has overestimated pent-up gaming demand and underestimated the impact of declining mining demand.

An anonymous reader quotes a report from Ars Technica: On Wednesday, Tesla sued a former employee who worked in its Gigafactory in Nevada, accusing him of stealing trade secrets. The lawsuit appears to be what CEO Elon Musk was referring to recently when he said that production of the Model 3 had been sabotaged. Musk said that there are "more" alleged saboteurs.

According to the civil complaint that was filed in federal court in Nevada, Tesla accused Martin Tripp, who began working in Sparks as a "process technician" in October 2017, of exporting company data: "Tesla has only begun to understand the full scope of Tripp's illegal activity, but he has thus far admitted to writing software that hacked Tesla's manufacturing operating system ("MOS") and to transferring several gigabytes of Tesla data to outside entities. This includes dozens of confidential photographs and a video of Tesla's manufacturing systems."

The Federal Trade Commission will examine the questions surrounding powerful tech platforms like Google and Facebook as part of a review of consumer and competition policy issues beginning later this year. From a report: Hearings into these issues, announced by FTC Chairman Joe Simons on Wednesday, could help frame the agency's actions with regards to tech going forward. Simons indicated his examination of tech platforms would be broad and a major part of the review. "It's the network effects," he told reporters on Wednesday. "It's the fact that they're two-sided platforms. It's the interaction between privacy and competition. And it's all new, so it makes it very appropriate to have this be the subject of hearings and for us to get input on that."

Lindsay, a compact rectangle amid the lakes northeast of Toronto, is at the heart of one of the world's biggest tests of a guaranteed basic income. Technology Review: In a three-year pilot funded by the provincial government, about 4,000 people in Ontario are getting monthly stipends to boost them to at least 75 percent of the poverty line. That translates to a minimum annual income of $17,000 in Canadian dollars (about $13,000 US) for single people, $24,000 for married couples. Lindsay has about half the people in the pilot -- some 10 percent of the town's population. The report outlines that the Canadian province's vision for a basic income -- and the underlying experiment -- differs from that of the one we have seen in Silicon Valley. The report continues: The Canadians are testing it as an efficient antipoverty mechanism, a way to give a relatively small segment of the population more flexibility to find work and to strengthen other strands of the safety net. That's not what Silicon Valley seems to imagine, which is a universal basic income that placates broad swaths of the population.

The most obvious problem with that idea? Math. Many economists concluded long ago that it would be too expensive, especially when compared with the cost of programs to create new jobs and train people for them. That's why the idea didn't take off after tests in the 1960s and '70s. It's largely why Finland recently abandoned a basic-income plan after a small test.

Lindsay, a compact rectangle amid the lakes northeast of Toronto, is at the heart of one of the world's biggest tests of a guaranteed basic income. Technology Review: In a three-year pilot funded by the provincial government, about 4,000 people in Ontario are getting monthly stipends to boost them to at least 75 percent of the poverty line. That translates to a minimum annual income of $17,000 in Canadian dollars (about $13,000 US) for single people, $24,000 for married couples. Lindsay has about half the people in the pilot -- some 10 percent of the town's population. The report outlines that the Canadian province's vision for a basic income -- and the underlying experiment -- differs from that of the one we have seen in Silicon Valley. The report continues: The Canadians are testing it as an efficient antipoverty mechanism, a way to give a relatively small segment of the population more flexibility to find work and to strengthen other strands of the safety net. That's not what Silicon Valley seems to imagine, which is a universal basic income that placates broad swaths of the population.

The most obvious problem with that idea? Math. Many economists concluded long ago that it would be too expensive, especially when compared with the cost of programs to create new jobs and train people for them. That's why the idea didn't take off after tests in the 1960s and '70s. It's largely why Finland recently abandoned a basic-income plan after a small test.

Lindsay, a compact rectangle amid the lakes northeast of Toronto, is at the heart of one of the world's biggest tests of a guaranteed basic income. Technology Review: In a three-year pilot funded by the provincial government, about 4,000 people in Ontario are getting monthly stipends to boost them to at least 75 percent of the poverty line. That translates to a minimum annual income of $17,000 in Canadian dollars (about $13,000 US) for single people, $24,000 for married couples. Lindsay has about half the people in the pilot -- some 10 percent of the town's population. The report outlines that the Canadian province's vision for a basic income -- and the underlying experiment -- differs from that of the one we have seen in Silicon Valley. The report continues: The Canadians are testing it as an efficient antipoverty mechanism, a way to give a relatively small segment of the population more flexibility to find work and to strengthen other strands of the safety net. That's not what Silicon Valley seems to imagine, which is a universal basic income that placates broad swaths of the population.

The most obvious problem with that idea? Math. Many economists concluded long ago that it would be too expensive, especially when compared with the cost of programs to create new jobs and train people for them. That's why the idea didn't take off after tests in the 1960s and '70s. It's largely why Finland recently abandoned a basic-income plan after a small test.

AMC said on Wednesday it is creating a VIP tier of its loyalty program, a subscription movie theater pass called AMC Stubs A-List, which will allow users to see three movies a week in AMC theaters for $20 a month. From a report: The offering rivals that of MoviePass, a subscription movie service with longstanding tensions in negotiating pricing and theater distribution agreements with AMC. Tensions between AMC and MoviePass had gotten so bad that last year that AMC said it would try to block MoviePass. MoviePass CEO Mitch Lowe told Axios in an interview in January that MoviePass brought in 1 million tickets for AMC in December alone. Like MoviePass, the AMC subscription will let users see a certain number of films for a monthly flat fee, but will only be viewable in AMC theaters.

According to a report from The Information, Uber allegedly "neglected" simulation testing for its autonomous vehicles. "The publication's sources claim that there was a dearth of investment in the simulation software, and lots of incompatible code between the autonomous vehicle software and simulation software Uber is developing internally," reports Engadget. "However, the sources said there isn't a direct link between the lack of investment and the fatal accident involving one of Uber's autonomous taxis and a pedestrian." From the report: It's worth noting that the Unreal Engine-powered simulation software is still relatively new. The Information writes that the suite wasn't developed until after self-driving project lead Anthony Levandowski was fired mid-2017. To add insult to injury, initially, there were also differences in pay between simulation engineers and other engineers in the department. The end goal was to release a self-driving car in Arizona this year, codenamed "Roadrunner," to compete with Waymo's offering just outside of Phoenix.

White House space officials have explicitly ruled out international treaties to combat hazards from orbital debris, even as they roll out strategies to revamp U.S. responses to the growing problem. From a report: President Donald Trump on Monday signed a directive formally establishing the Department of Commerce as the lead agency in providing collision-risk data to commercial satellite operators. The order, as expected, also calls for stepped-up efforts to develop voluntary industry standards covering satellite construction, orbit locations, and de-orbit plans -- all intended to reduce collision risks posed by aging satellites and thousands of pieces of debris circling the earth. Mr. Trump said the changes, among others he is championing, aim to ensure that "America will always be first in space" in both military and commercial arenas. The Pentagon will continue to maintain the central catalog of orbiting spacecraft and debris posing potential hazards to U.S. government and private satellites. But commerce department officials will have the authority to pass on that information to the industry, combined with data gathered from private or foreign government sources. Further reading: President Trump Directs Pentagon To Create New 'Space Force' Military Branch.

Verizon is pledging to stop sales through intermediaries of data that pinpoints the location of mobile phones to outside companies, the Associated Press reported Tuesday. From the report: It is the first major U.S. wireless carrier to step back from a business practice that has drawn criticism for endangering privacy. The data has allowed outsiders to track wireless devices without their owners' knowledge or consent. Verizon, the nation's largest mobile carrier measured by subscribers, said that about 75 companies have obtained its customer data from two little-known California-based brokers that it supplies directly -- LocationSmart and Zumigo. The company made its disclosure in a letter to Sen. Ron Wyden, an Oregon Democrat who has been probing the phone location-tracking market. Last month, Wyden revealed abuses in the lucrative but loosely regulated field involving Securus Technologies and its affiliate 3C Interactive. Verizon says their contract was approved only for the location tracking of outside mobile phones called by prison inmates. After a thorough review of its program, Verizon notified LocationSmart and Zumigo, both privately held, that it intends to "terminate their ability to access and use our customers' location data as soon as possible," wrote Verizon's chief privacy officer, Karen Zacharia.

schwit1 shares a report from The Washington Post: Federal prosecutors on Monday charged a former CIA employee with violations of the Espionage Act (Warning: source may be paywalled; alternative source) and related crimes in connection with the leak last year of a collection of hacking tools that the agency used for spy operations overseas.

Joshua Adam Schulte, who worked for a CIA group that designs computer code to spy on foreign adversaries, was charged in a 13-count superseding indictment with illegally gathering and transmitting national defense information and other related counts in connection with what is considered to be one of the most significant leaks in CIA history. The indictment accused Schulte of causing sensitive information to be transmitted to an organization, which is not named in the indictment but is thought to be WikiLeaks.

The U.S. Senate has voted to reinstate a ban on ZTE that prevents the Chinese telecom company from buying U.S. components and using U.S. software. As The Verge notes, "it's still not clear if the reversal will make it into law: it has to clear a conference with the House, and then avoid a veto from President Trump, who advocated for cutting a deal that would lift the ban." From the report: ZTE was hit with the trade ban by the U.S. Commerce Department in April after failing to following through with a punishment for violating sanctions on Iran and North Korea. That ban essentially shut down ZTE, which relies on U.S. parts like Qualcomm processors. Shortly thereafter, Trump said he would cut a deal to revive the company, and a deal was reached -- with additional penalties that the department said were uniquely stringent -- earlier this month.

But senators on both sides of the aisle immediately threatened to stop the deal and reinstate the ban, citing ZTE as a national security risk. And ultimately, a bipartisan group worked to get legislation introduced. The Senate voted 85 to 10 in support of reinstating the ban. It was included as an amendment on the National Defense Authorization Act, a must-pass piece of legislation that has already moved through the House.

The U.S. Senate has voted to reinstate a ban on ZTE that prevents the Chinese telecom company from buying U.S. components and using U.S. software. As The Verge notes, "it's still not clear if the reversal will make it into law: it has to clear a conference with the House, and then avoid a veto from President Trump, who advocated for cutting a deal that would lift the ban." From the report: ZTE was hit with the trade ban by the U.S. Commerce Department in April after failing to following through with a punishment for violating sanctions on Iran and North Korea. That ban essentially shut down ZTE, which relies on U.S. parts like Qualcomm processors. Shortly thereafter, Trump said he would cut a deal to revive the company, and a deal was reached -- with additional penalties that the department said were uniquely stringent -- earlier this month.

But senators on both sides of the aisle immediately threatened to stop the deal and reinstate the ban, citing ZTE as a national security risk. And ultimately, a bipartisan group worked to get legislation introduced. The Senate voted 85 to 10 in support of reinstating the ban. It was included as an amendment on the National Defense Authorization Act, a must-pass piece of legislation that has already moved through the House.

A group of Amazon shareholders are calling on the company to stop pitching its facial recognition tool to local law enforcement agencies, writing in a letter to CEO Jeff Bezos that the technology could pose a privacy threat and a financial risk. From a report: The letter comes amid mounting criticism of the tool, called Rekognition, from privacy activists and civil rights organizations, including the American Civil Liberties Union. The groups have raised concerns that the tool could be used to build a system to automate the widespread identification and tracking of anyone. Rekognition is already being used by at least one law enforcement agency, the Washington County Sheriff's Office in Oregon, according to a customer testimonial page. "While Rekognition may be intended to enhance some law enforcement activities, we are deeply concerned it may ultimately violate civil and human rights," the shareholders said in the letter to Bezos, a copy of which was provided to NBC News by the ACLU.

Citing a number of complaints following Google's Gmail makeover, TechCrunch's Romain Dillet makes the case for why some users don't want smart suggestions in the email service: There's a reason why Gmail lets you disable all the smart features. Some users don't want smart categories, important emails first and smart reply suggestions. Arguably, the only smart feature everyone needs is the spam filter. A pure chronological feed of your email messages is incredibly valuable as well. That's why many Instagram users are still asking for a chronological feed. Sure, algorithmic feeds can lead to more engagement and improved productivity. Maybe Google conducted some tests and concluded that you end up answering more emails if you let Gmail do its thing. But you may want to judge the value of each email without an algorithmic ranking.

VCs could spot the next big thing without any bias. Journalists could pay attention to young and scrappy startups as much as the new electric scooter startup in San Francisco. Universities could give a grant to students with unconventional applications. The HR department of your company could look at all applications without following Google's order.

According to a new report from WCCFtech, citing "sources familiar with the entire situation," Sony's PlayStation 5 (PS5 for short) will launch in 2020 and be powered by AMD's Navi GPU chip. "While it was previously reported that the much-anticipated console will be using AMD's Ryzen CPU tech, it looks like the chip maker will have some involvement in the PS5's graphics chip, too," reports The Inquirer. From the report: The report also suggests this is the reason behind AMD not announcing a new GPU at Computex this year, because it has found custom-applications for consoles a much more financially attractive space. "Here is a fun fact: Vega was designed primarily for Apple and Navi is being designed for Sony - the PS5 to be precise," the report states, right before going on to explain AMD's roadmap for Navi and how it's dependent on Sony.

"This meant that the graphics department had to be tied directly to the roadmap that these semi-custom applications followed. Since Sony needed the Navi GPU to be ready by the time the PS5 would launch (expectedly around 2020) that is the deadline they needed to work on." It's anyone's guess as to when the successor to the PlayStation 4 will be launched. While the source for this report is seen as reputable in the games industry, last month the head of PlayStation business said the next console is three years off.

Days after the historic North Korea-United States summit, the Department of Homeland Security issued a report on Thursday warning of a new variant of North Korean malware to look out for. Called Typeframe, the malware is able to download and install additional malware, proxies and trojans; modify firewalls; and connect to servers for additional instructions. Engadget reports: Since last May, the DHS has issued a slew of alerts and reports about North Korea's malicious cyber activity. The department also pointed out that North Korea has been hacking countries around the world since 2009. And of course, don't forget that the U.S. also labeled that country as the source of Wannacry cyberattack, which notably held data from the UK's National Health Service hostage, and wreaked havoc across Russia and Ukraine. CNN was first to report the news.

An anonymous reader quotes The Next Web: The word 'hack' used to mean something, and hackers were known for their technical brilliance and creativity. Now, literally anything is a hack -- anything -- to the point where the term is meaningless, and should be retired. The most egregious abuse of the term "hack" comes from the BBC's Dougal Shaw. In a recent video of his, called "My lunch hack," Shaw demonstrates that it's cheaper to make your own sandwich each day than it is to buy a pre-packaged sandwich from the supermarket. Shaw calls that a hack. I call it common sense.

And that's not nearly the worst example. I haven't touched on "life hacks" yet. This term is nebulous. It means nothing and anything. It's used to describe arts and crafts... That said, the worst dilution of the term "hack" comes from growth hackers... Anyway, I regret to inform you that the word "hack" is now bad, and should be avoided.
A request for alternative words first went up on Slashdot back in 1999 -- but nothing's been settled. Back in 2014 a Gizmodo reporter wrote an impassioned plea titled "Please stop calling everything a hack" -- while others have argued the opposite.

in 2015 the editorial director of Make magazine cited hack's definition in The New Hacker's Dictionary as "an appropriate application of ingenuity," arguing that "my and other Make contributors' use of the term for clever shop techniques, ingeniously simple projects, and epic 'kluges' (i.e. Rube Goldberg-level hacks and fixes) is entirely appropriate."

Slashdot reader grep -v '.*' * shares a surprising story. The Kansas City Star profiles the victim of a three-year con that started with an email to a Yahoo inbox back in 2005. A decade ago, Fred Haines was wandering the Wichita airport looking for a Nigerian man hauling two chests full of cash. After an hour of waiting and asking around, he finally came to the realization that the $65 million Nigerian fortune he thought he was inheriting was not coming after all. What is now coming, though, is the $110,000 he had been scammed out of, thanks to the work of the Kansas Attorney General's Office.

From 2005 to 2008, swindlers hoodwinked Haines, a self-employed handyman in Wichita, into spending thousands in pursuit of an imaginary inheritance from a Nigerian government official -- a con known as the Nigerian Prince Scam. Haines re-mortgaged his house three times in the process. Last year, in a settlement with the Department of Justice, Western Union admitted it knew some of its employees had conspired with scam artists to bilk people out of money and had failed to fix the problem. The company set aside $586 million to create a fund to refund victims across the U.S. and Canada... All victims who'd sent money to hucksters using the service were able to request refunds, but only those who had complained to law enforcement or Western Union were notified directly of the settlement.

"It got to the point where they were showing me that the president of Nigeria had sent me a letter. It had his picture on it and everything," Haines said. "I looked it up on the computer to see what the Nigerian president looked like, and it was him." Once, he received an email claiming to be from Robert Mueller, who was then the FBI director. The email was addressed to Haines, code-name "B-DOG," and it was signed with the FBI's address and official seal. "I wish you can remove doubt and suspicious and go ahead I assured you that you will never regret this fund release," the email said in part.
Haines is one of 344 victims who recovered a total of $1,758,988 through the Kansas Attorney General's office -- though when the office sent out 25,000 letters to possible scam victims, many of them were now skeptical of the promise of unclaimed money, and "Some were even angry when employees called to follow up on those who hadn't responded."

Slashdot reader Andy Smith writes: Slashdot reported last September how I was arrested while standing in a field near a road accident, as I photographed the scene for a newspaper. I was initially given a police warning for "obstruction", but the warning was then cancelled and I was prosecuted for resisting arrest and breach of the peace. These are serious charges and I was facing a prison sentence. Fortunately we had one very strong piece of evidence: A recording of my arrest. Not only did the recording prove that two police officers' testimony was false, but it caught one of them boasting about how he had conspired with a prosecutor to arrest and prosecute me. Yesterday the case was dropped, and now the two police officers and the prosecutor face a criminal investigation.

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. Now he's just won a legal victory in court. "Open Source Security, maker of the grsecurity Linux kernel patches, has been directed to pay Bruce Perens and his legal team almost $260,000 following a failed defamation claim," reports The Register. Slashdot reader Right to Opine writes: The order requires Spengler and his company to pay $259,900.50, with the bill due immediately rather than allowing a wait for the appeal of the case. The Electronic Frontier Foundation's attorneys will represent Perens during OSS/Spengler's appeal of the case.

Perens was sued for comments on his blog and here on Slashdot that suggested that OSS's Grsecurity product could be in violation of the GPL license on the Linux kernel. The court had previously ruled that Perens' statements were not defamatory, because they were statements by a non-attorney regarding an undecided issue in law. It is possible that Spengler is personally liable for any damages his small company can't pay, since he joined the case as an individual in order to preserve a claim of false light (which could not be brought by his company), removing his own corporate protection.

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. Now he's just won a legal victory in court. "Open Source Security, maker of the grsecurity Linux kernel patches, has been directed to pay Bruce Perens and his legal team almost $260,000 following a failed defamation claim," reports The Register. Slashdot reader Right to Opine writes: The order requires Spengler and his company to pay $259,900.50, with the bill due immediately rather than allowing a wait for the appeal of the case. The Electronic Frontier Foundation's attorneys will represent Perens during OSS/Spengler's appeal of the case.

Perens was sued for comments on his blog and here on Slashdot that suggested that OSS's Grsecurity product could be in violation of the GPL license on the Linux kernel. The court had previously ruled that Perens' statements were not defamatory, because they were statements by a non-attorney regarding an undecided issue in law. It is possible that Spengler is personally liable for any damages his small company can't pay, since he joined the case as an individual in order to preserve a claim of false light (which could not be brought by his company), removing his own corporate protection.

Open source guru Eric Raymond warned about the possibility of security bugs in critical code which can now date back more than two decades -- in a talk titled "Rescuing Ancient Code" at last week's SouthEast Linux Fest in North Carolina. In a new interview with ITPro Today, Raymond offered this advice on the increasingly important art of "code archaeology". "Apply code validators as much as you can," he said. "Static analysis, dynamic analysis, if you're working in Python use Pylons, because every bug you find with those tools is a bug that you're not going to have to bleed through your own eyeballs to find... It's a good thing when you have a legacy code base to occasionally unleash somebody on it with a decent sense of architecture and say, 'Here's some money and some time; refactor it until it's clean.' Looks like a waste of money until you run into major systemic problems later because the code base got too crufty. You want to head that off...."

"Documentation is important," he added, "applying all the validators you can is important, paying attention to architecture, paying attention to what's clean is important, because dirty code attracts defects. Code that's difficult to read, difficult to understand, that's where the bugs are going to come out of apparent nowhere and mug you."

For a final word of advice, Raymond suggested that it might be time to consider moving away from some legacy programming languages as well. "I've been a C programmer for 35 years and have written C++, though I don't like it very much," he said. "One of the things I think is happening right now is the dominance of that pair of languages is coming to an end. It's time to start looking beyond those languages for systems programming. The reason is we've reached a project scale, we've reached a typical volume of code, at which the defect rates from the kind of manual memory management that you have to do in those languages are simply unacceptable anymore... think it's time for working programmers and project managers to start thinking about, how about if we not do this in C and not incur those crazy downstream error rates."
Raymond says he prefers Go for his alternative to C, complaining that Rust has a high entry barrier, partly because "the Rust people have not gotten their act together about a standard library."

Two more men entered pleas in federal court for their roles in a SWAT call that led to a fatal police shooting in Kansas: not guilty. An anonymous reader quotes Reuters: Shane Gaskill, 19, of Wichita, Kansas, and Casey Viner, 18, from a suburb of Cincinnati, pleaded not guilty on Wednesday and remained free on $10,000 bond, court records showed. Both of the suspects live with their parents, local media reported. In the so-called "swatting" incident, in which someone falsely reports an emergency requiring a police response, Viner got upset at Gaskill over a video game they played online, federal prosecutors said, and Viner contacted a known "swatter"...and asked him to make the false report to police at an address that had been provided by Gaskill. Viner did not know that Gaskill no longer lived at the address, but Gaskill knew, prosecutors said.

After media reports of the shooting, Gaskill urged [swatter Tyler] Barriss to delete their communications and Viner wiped his phone, according to the indictment... Barriss and Viner face federal charges of conspiracy and several counts of wire fraud. Viner and Gaskill were charged with obstruction of justice and conspiracy to obstruct justice, and Gaskill was also charged with wire fraud and additional counts of obstruction of justice.
In a jailhouse interview in January, Barriss told a local news team that "Whether you hang me from a tree, or you give me 5, 10, 15 years... I don't think it will ever justify what happened... I hope no one ever does it, ever again. I hope it's something that ceases to exist."

In April, while still in jail, Barriss gained access to the internet then posted "All right, now who was talking shit? >:) Your ass is about to get swatted."

An anonymous reader writes: "The Docker team has pulled 17 Docker container images that have been backdoored and used to install reverse shells and cryptocurrency miners on users' servers for the past year," reports Bleeping Computer. "The malicious Docker container images have been uploaded on Docker Hub, the official repository of ready-made Docker images that sysadmins can pull and use on their servers, work, or personal computers." The images, downloaded over 5 million times, helped crooks mine Monero worth over $90,000 at today's exchange rate. Docker Hub is now just the latest package repository to feature backdoored libraries, after npm and PyPl. Docker Hub is now facing criticism for taking months to intervene after user reports, and then going on stage at a developer conference and claiming they care about security.

An anonymous reader writes: "The Docker team has pulled 17 Docker container images that have been backdoored and used to install reverse shells and cryptocurrency miners on users' servers for the past year," reports Bleeping Computer. "The malicious Docker container images have been uploaded on Docker Hub, the official repository of ready-made Docker images that sysadmins can pull and use on their servers, work, or personal computers." The images, downloaded over 5 million times, helped crooks mine Monero worth over $90,000 at today's exchange rate. Docker Hub is now just the latest package repository to feature backdoored libraries, after npm and PyPl. Docker Hub is now facing criticism for taking months to intervene after user reports, and then going on stage at a developer conference and claiming they care about security.

AT&T completed its $85 billion purchase of Time Warner yesterday and we're already starting to see some exclusive deals offered to its customers. CNBC reports that the company "will be launching a 'very, very skinny bundle' of television programming free to its mobile customers." From the report: "We will be launching, and you're going to hear more about this next week, a product called 'AT&T Watch TV,'" Chairman and CEO Randall Stephenson said on CNBC's "Squawk Box." "It will be the Turner content. It will not have sports. It'll be entertainment-centered." AT&T's unlimited wireless customers will get the service for free, Stephenson said, "or you can buy it for $15 a month on any platform." The service will be ad-supported, and AT&T will be ramping up an advertising platform, he said. He added that the company expects in coming weeks to make smaller acquisitions to enable those ad efforts. CNBC is also reporting that Time Warner is changing its name to WarnerMedia, and Turner Broadcasting CEO John Martin is departing the company.

Six current and former Fitbit employees were charged in a federal indictment Thursday filed in San Jose for allegedly being in possession of trade secrets stolen from competitor Jawbone, according to information from the Department of Justice. From a report: The indictment charges the six people -- Katherine Mogal, 52, of San Francisco; Rong Zhang, 45, of El Cerrito; Jing Qi Weiden, 39, of San Jose; Ana Rosario, 33, of Pacifica; Patrick Narron, 41, of Boulder Creek; and Patricio Romano, 37, of Calabasas -- with violating confidentiality agreements they had signed as former employees of Jawbone after they accepted employment with Fitbit, according to an announcement from Acting U.S. Attorney Alex G. Tse and Homeland Security Investigations Special Agent in Charge Ryan L. Spradlin. San Francisco-based companies Fitbit and Jawbone were competitors in making wearable fitness trackers until Jawbone, once valued at $3.2B, went out of business in 2017. Each of the defendants worked for Jawbone for at least one year between May 2011 and April 2015, and had signed a confidentiality agreement with the company, according to the Department of Justice.

The ashes of renowned physicist Stephen Hawking were interred at Westminster Abbey in London on Friday in a memorial ceremony attended by a mixture of celebrities and members of the public. From a report: Astronaut Tim Peake and British actor Benedict Cumberbatch and both gave readings, and Astronomer Royal Martin Rees paid tribute to the Hawking's work. Following the service, Hawking's words, set to an original score by composer Vangelis, will be beamed into space by the European Space Agency.

Hawking died in March aged 76 after a lifetime of studying the science of space and time. His final resting place is situated between the remains of two other great scientists: Charles Darwin and Isaac Newton. It is a rare honor to be interred at the Abbey, and one that has not been afforded to a scientist for almost 80 years. Before Hawking, the last scientists laid to rest at Westminster were atomic physicists Ernest Rutherford in 1937 and Joseph John Thomson in 1940.

The ashes of renowned physicist Stephen Hawking were interred at Westminster Abbey in London on Friday in a memorial ceremony attended by a mixture of celebrities and members of the public. From a report: Astronaut Tim Peake and British actor Benedict Cumberbatch and both gave readings, and Astronomer Royal Martin Rees paid tribute to the Hawking's work. Following the service, Hawking's words, set to an original score by composer Vangelis, will be beamed into space by the European Space Agency.

Hawking died in March aged 76 after a lifetime of studying the science of space and time. His final resting place is situated between the remains of two other great scientists: Charles Darwin and Isaac Newton. It is a rare honor to be interred at the Abbey, and one that has not been afforded to a scientist for almost 80 years. Before Hawking, the last scientists laid to rest at Westminster were atomic physicists Ernest Rutherford in 1937 and Joseph John Thomson in 1940.

A British plumber may show Uber the future of employment. From a report: The U.K.'s top judges ruled Wednesday that Pimlico Plumbers Ltd. should've treated one of its tradesman as a "worker," giving him the right to vacation pay and to sue the company in a decision that could have ramifications for other gig economy lawsuits. Supreme Court judges found that plumber Gary Smith, who worked for London-based Pimlico Plumbers between August 2005 and April 2011, wasn't self-employed or a client of the firm, giving him the right to sue the company under discrimination laws.

"This is one of the most significant employment status decisions we have seen in the last five years," said James Murray, an employment lawyer at Kingsley Napley in London. Uber and other app-based firms will be watching the ruling with interest as they face similar legal challenges over the way they treat employees. Uber's appeal of a decision granting its drivers benefits including overtime and paid vacation is scheduled to be heard by another court October 30. Meanwhile Deliveroo, the food-delivery service, is currently battling the IWGB union over its riders' employment status and in May, taxi service Addison Lee lost an appeal over whether drivers were independent contractors or employees with rights to benefits.

AT&T on Thursday evening said that it has completed its $85 billion purchase of Time Warner, just two days after a judge ruled that the deal, originally announced two years ago, could proceed over objections from U.S. antitrust regulators. From a report: The Department of Justice did not file for an emergency stay of the judge's ruling, per the judge's request, but still reserves the right to appeal. In a statement, Randall Stephenson, chairman and chief executive of AT&T said moving forward his company will bring a fresh approach to how the media and entertainment industry works for consumers, content creators, distributors and advertisers. "The content and creative talent at Warner Bros., HBO and Turner are first-rate. Combine all that with AT&T's strengths in direct-to-consumer distribution, and we offer customers a differentiated, high-quality, mobile-first entertainment experience," he said.

AT&T on Thursday evening said that it has completed its $85 billion purchase of Time Warner, just two days after a judge ruled that the deal, originally announced two years ago, could proceed over objections from U.S. antitrust regulators. From a report: The Department of Justice did not file for an emergency stay of the judge's ruling, per the judge's request, but still reserves the right to appeal. In a statement, Randall Stephenson, chairman and chief executive of AT&T said moving forward his company will bring a fresh approach to how the media and entertainment industry works for consumers, content creators, distributors and advertisers. "The content and creative talent at Warner Bros., HBO and Turner are first-rate. Combine all that with AT&T's strengths in direct-to-consumer distribution, and we offer customers a differentiated, high-quality, mobile-first entertainment experience," he said.

Sean Hollister, writing for CNET: Microsoft-owned SwiftKey was one of the first virtual keyboards to offer intelligent, predictive swipe-typing on Android and iOS phones, and now Microsoft has announced that it will become the default keyboard for touchscreen-equipped Windows 10 computers as well. "SwiftKey will now power the typing experience on Windows when using the touch keyboard to write in English (United States), English (United Kingdom), French (France), German (Germany), Italian (Italy), Spanish (Spain), Portuguese (Brazil), or Russian," reads a portion of Microsoft's blog post. Which could be pretty handy if the rumors are true: Microsoft is reportedly planning to ship several new Surface tablets this year, including a new low-cost Surface slate and the dual-screen "Andromeda." Dual screens were a theme among laptop manufacturers at Computex last week, too.

Sean Hollister, writing for CNET: Microsoft-owned SwiftKey was one of the first virtual keyboards to offer intelligent, predictive swipe-typing on Android and iOS phones, and now Microsoft has announced that it will become the default keyboard for touchscreen-equipped Windows 10 computers as well. "SwiftKey will now power the typing experience on Windows when using the touch keyboard to write in English (United States), English (United Kingdom), French (France), German (Germany), Italian (Italy), Spanish (Spain), Portuguese (Brazil), or Russian," reads a portion of Microsoft's blog post. Which could be pretty handy if the rumors are true: Microsoft is reportedly planning to ship several new Surface tablets this year, including a new low-cost Surface slate and the dual-screen "Andromeda." Dual screens were a theme among laptop manufacturers at Computex last week, too.

Sean Hollister, writing for CNET: Microsoft-owned SwiftKey was one of the first virtual keyboards to offer intelligent, predictive swipe-typing on Android and iOS phones, and now Microsoft has announced that it will become the default keyboard for touchscreen-equipped Windows 10 computers as well. "SwiftKey will now power the typing experience on Windows when using the touch keyboard to write in English (United States), English (United Kingdom), French (France), German (Germany), Italian (Italy), Spanish (Spain), Portuguese (Brazil), or Russian," reads a portion of Microsoft's blog post. Which could be pretty handy if the rumors are true: Microsoft is reportedly planning to ship several new Surface tablets this year, including a new low-cost Surface slate and the dual-screen "Andromeda." Dual screens were a theme among laptop manufacturers at Computex last week, too.

An anonymous reader writes: Kaspersky Lab announced it was temporarily halting its cooperation with Europol following the voting of a controversial motion in the European Parliament. The Russian antivirus vendor will also stop working on the NoMoreRansom project that provided free ransomware decrypters for ransomware victims.

The company's decision comes after the EU Parliament voted a controversial motion that specifically mentions Kaspersky as a "confirmed as malicious" software and urges EU states to ban it as part of a joint EU cyber defense strategy. The EU did not present any evidence for its assessment that Kaspersky is malicious, but even answered user questions claiming it has no evidence. The motion is just a EU policy and has no legislative power, put it is still an official document. Kaspersky software has been previously banned from Government systems in the US, UK, Netherlands, and Lithuania.

An anonymous reader shares a report: Former FBI Director James Comey, who led the investigation into Hillary Clinton's use of personal email while secretary of state, also used his personal email to conduct official business, according to a report from the Justice Department on Thursday. The report also found that while Comey was "insubordinate" in his handling of the email investigation, political bias did not play a role in the FBI's decision to clear Clinton of any criminal wrongdoing.

The report from the office of the inspector general "identified numerous instances in which Comey used a personal email account (a Gmail account) to conduct FBI business." In three of the five examples, investigators said Comey sent drafts he had written from his FBI email to his personal account. In one instance, he sent a "proposed post-election message for all FBI employees that was entitled 'Midyear thoughts,'" the report states. In another instance, Comey again "sent multiple drafts of a proposed year-end message to FBI employees" from his FBI account to his personal email account.

Joseph Cox, and Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone's lightning cable port into a charge-only interface if someone hasn't unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn't be able to unlock phones. Naturally, this feature has sent waves throughout the mobile phone forensics and law enforcement communities, as accessing iPhones may now be substantially harder, with investigators having to rush a seized phone to an unlocking device as quickly as possible.

That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet. "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,' a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds. A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.

Quentin Carnicelli, the chief technology officer at Rogue Amoeba, a widely-reputed firm that produces several audio software for Apple's desktop operating system: With Apple recently releasing their first developer beta of MacOS 10.14 (Mojave), we've been installing it on various test machines to test our apps. The inevitable march of technology means Mojave won't install on all of our older hardware. There's no shock there, but the situation is rather distressing when it comes to spending money to purchase new equipment. Here is the situation, as reported by the wonderful MacRumor's Buyers Guide: At the time of the writing, with the exception of the $5,000 iMac Pro, no Macintosh has been updated at all in the past year. Here are the last updates to the entire line of Macs: iMac Pro: 182 days ago, iMac: 374 days ago, MacBook: 374 days ago, MacBook Air: 374 days ago, MacBook Pro: 374 days ago, Mac Pro: 436 days ago, and Mac Mini: 1337 days ago.

Worse, most of these counts are misleading, with the machines not seeing a true update in quite a bit longer. The Mac Mini hasn't seen an update of any kind in almost 4 years (nor, for that matter, a price drop). The once-solid Mac Pro was replaced by the dead-end cylindrical version all the way back in 2012, which was then left to stagnate. I don't even want to get started on the MacBook Pro's questionable keyboard, or the MacBook's sole port (USB-C which must also be used to provide power). It's very difficult to recommend much from the current crop of Macs to customers, and that's deeply worrisome to us, as a Mac-based software company.

Quentin Carnicelli, the chief technology officer at Rogue Amoeba, a widely-reputed firm that produces several audio software for Apple's desktop operating system: With Apple recently releasing their first developer beta of MacOS 10.14 (Mojave), we've been installing it on various test machines to test our apps. The inevitable march of technology means Mojave won't install on all of our older hardware. There's no shock there, but the situation is rather distressing when it comes to spending money to purchase new equipment. Here is the situation, as reported by the wonderful MacRumor's Buyers Guide: At the time of the writing, with the exception of the $5,000 iMac Pro, no Macintosh has been updated at all in the past year. Here are the last updates to the entire line of Macs: iMac Pro: 182 days ago, iMac: 374 days ago, MacBook: 374 days ago, MacBook Air: 374 days ago, MacBook Pro: 374 days ago, Mac Pro: 436 days ago, and Mac Mini: 1337 days ago.

Worse, most of these counts are misleading, with the machines not seeing a true update in quite a bit longer. The Mac Mini hasn't seen an update of any kind in almost 4 years (nor, for that matter, a price drop). The once-solid Mac Pro was replaced by the dead-end cylindrical version all the way back in 2012, which was then left to stagnate. I don't even want to get started on the MacBook Pro's questionable keyboard, or the MacBook's sole port (USB-C which must also be used to provide power). It's very difficult to recommend much from the current crop of Macs to customers, and that's deeply worrisome to us, as a Mac-based software company.

Quentin Carnicelli, the chief technology officer at Rogue Amoeba, a widely-reputed firm that produces several audio software for Apple's desktop operating system: With Apple recently releasing their first developer beta of MacOS 10.14 (Mojave), we've been installing it on various test machines to test our apps. The inevitable march of technology means Mojave won't install on all of our older hardware. There's no shock there, but the situation is rather distressing when it comes to spending money to purchase new equipment. Here is the situation, as reported by the wonderful MacRumor's Buyers Guide: At the time of the writing, with the exception of the $5,000 iMac Pro, no Macintosh has been updated at all in the past year. Here are the last updates to the entire line of Macs: iMac Pro: 182 days ago, iMac: 374 days ago, MacBook: 374 days ago, MacBook Air: 374 days ago, MacBook Pro: 374 days ago, Mac Pro: 436 days ago, and Mac Mini: 1337 days ago.

Worse, most of these counts are misleading, with the machines not seeing a true update in quite a bit longer. The Mac Mini hasn't seen an update of any kind in almost 4 years (nor, for that matter, a price drop). The once-solid Mac Pro was replaced by the dead-end cylindrical version all the way back in 2012, which was then left to stagnate. I don't even want to get started on the MacBook Pro's questionable keyboard, or the MacBook's sole port (USB-C which must also be used to provide power). It's very difficult to recommend much from the current crop of Macs to customers, and that's deeply worrisome to us, as a Mac-based software company.

An anonymous reader shares a report: Who is Satoshi Nakamoto? Ever since this pseudonymous person or group unleashed Bitcoin on the world in 2008, Nakamoto's real identity has been one of the biggest mysteries in the cryptocurrency world. And based on a response to my recent Freedom of Information Act (FOIA) request, if the CIA knows anything, it's not talking. [...] In 2016, Alexander Muse, a blogger who mostly writes about entrepreneurship, wrote a blog post that claimed the NSA had identified the real identity of Satoshi Nakamoto using stylometry, which uses a person's writing style as a unique fingerprint, and then searched emails collected under the PRISM surveillance program to identify the real Nakamoto. Muse said the identity was not shared with him by his source at the Department of Homeland Security. [...] I figured it couldn't hurt to ask some other three-letter agencies what they know about Nakamoto. [...] I received a terse reply that informed me that "the request has been rejected, with the agency stating that it can neither confirm nor deny the existence of the requested documents."

Steven J. Vaughan-Nichols, writing for ZDNet: The latest Intel revelation, Lazy FP state restore, can theoretically pull data from your programs, including encryption software, from your computer regardless of your operating system. Like its forebears, this is a speculative execution vulnerability. In an interview, Red Hat Computer Architect Jon Masters explained: "It affects Intel designs similar to variant 3-a of the previous stuff, but it's NOT Meltdown." Still, "it allows the floating point registers to be leaked from another process, but alas that means the same registers as used for crypto, etc." Lazy State does not affect AMD processors.

This vulnerability exists because modern CPUs include many registers (internal memory) that represent the state of each running application. Saving and restoring this state when switching from one application to another takes time. As a performance optimization, this may be done "lazily" (i.e., when needed) and that is where the problem hides. This vulnerability exploits "lazy state restore" by allowing an attacker to obtain information about the activity of other applications, including encryption operations. Further reading: Twitter thread by security researcher Colin Percival, BleepingComputer, and HotHardware.

Steven J. Vaughan-Nichols, writing for ZDNet: The latest Intel revelation, Lazy FP state restore, can theoretically pull data from your programs, including encryption software, from your computer regardless of your operating system. Like its forebears, this is a speculative execution vulnerability. In an interview, Red Hat Computer Architect Jon Masters explained: "It affects Intel designs similar to variant 3-a of the previous stuff, but it's NOT Meltdown." Still, "it allows the floating point registers to be leaked from another process, but alas that means the same registers as used for crypto, etc." Lazy State does not affect AMD processors.

This vulnerability exists because modern CPUs include many registers (internal memory) that represent the state of each running application. Saving and restoring this state when switching from one application to another takes time. As a performance optimization, this may be done "lazily" (i.e., when needed) and that is where the problem hides. This vulnerability exploits "lazy state restore" by allowing an attacker to obtain information about the activity of other applications, including encryption operations. Further reading: Twitter thread by security researcher Colin Percival, BleepingComputer, and HotHardware.

Following the recent official repeal of net neutrality and approval of AT&T's acquisition of Time Warner, an anonymous reader shares an excerpt from a report via TechCrunch, written by Danny Crichton. Crichton discusses the options Alphabet, Netflix and other video streaming services have on how to respond: For Alphabet, that will likely mean a redoubling of its commitment to Google Fiber. That service has been trumpeted since its debut, but has faced cutbacks in recent years in order to scale back its original ambitions. That has meant that cities like Atlanta, which have held out for the promise of cheap and reliable gigabit bandwidth, have been left in something of a lurch. Ultimately, Alphabet's strategic advantage against Comcast, AT&T and other massive ISPs is going to rest on a sort of mutually assured destruction. If Comcast throttles YouTube, then Alphabet can propose launching in a critical (read: lucrative) Comcast market. Further investment in Fiber, Project Fi or perhaps a 5G-centered wireless strategy will be required to give it to the leverage to bring those negotiations to a better outcome.

For Netflix, it is going to have to get into the connectivity game one way or the other. Contracts with carriers like Comcast and AT&T are going to be more challenging to negotiate in light of today's ruling and the additional power they have over throttling. Netflix does have some must-see shows, which gives it a bit of leverage, but so do the ISPs. They are going to have to do an end-run around the distributors to give them similar leverage to what Alphabet has up its sleeve. One interesting dynamic I could see forthcoming would be Alphabet creating strategic partnerships with companies like Netflix, Twitch and others to negotiate as a collective against ISPs. While all these services are at some level competitors, they also face an existential threat from these new, vertically merged ISPs. That might be the best of all worlds given the shit sandwich we have all been handed this week.

Following the recent official repeal of net neutrality and approval of AT&T's acquisition of Time Warner, an anonymous reader shares an excerpt from a report via TechCrunch, written by Danny Crichton. Crichton discusses the options Alphabet, Netflix and other video streaming services have on how to respond: For Alphabet, that will likely mean a redoubling of its commitment to Google Fiber. That service has been trumpeted since its debut, but has faced cutbacks in recent years in order to scale back its original ambitions. That has meant that cities like Atlanta, which have held out for the promise of cheap and reliable gigabit bandwidth, have been left in something of a lurch. Ultimately, Alphabet's strategic advantage against Comcast, AT&T and other massive ISPs is going to rest on a sort of mutually assured destruction. If Comcast throttles YouTube, then Alphabet can propose launching in a critical (read: lucrative) Comcast market. Further investment in Fiber, Project Fi or perhaps a 5G-centered wireless strategy will be required to give it to the leverage to bring those negotiations to a better outcome.

For Netflix, it is going to have to get into the connectivity game one way or the other. Contracts with carriers like Comcast and AT&T are going to be more challenging to negotiate in light of today's ruling and the additional power they have over throttling. Netflix does have some must-see shows, which gives it a bit of leverage, but so do the ISPs. They are going to have to do an end-run around the distributors to give them similar leverage to what Alphabet has up its sleeve. One interesting dynamic I could see forthcoming would be Alphabet creating strategic partnerships with companies like Netflix, Twitch and others to negotiate as a collective against ISPs. While all these services are at some level competitors, they also face an existential threat from these new, vertically merged ISPs. That might be the best of all worlds given the shit sandwich we have all been handed this week.

A concentrated campaign of price manipulation may have accounted for at least half of the increase in the price of Bitcoin and other big cryptocurrencies last year, according to a paper released on Wednesday by an academic with a history of spotting fraud in financial markets. From a report, first shared to us by reader davidwr: The paper by John Griffin, a finance professor at the University of Texas, and Amin Shams, a graduate student, is likely to stoke a debate about how much of Bitcoin's skyrocketing gain last year was caused by the covert actions of a few big players, rather than real demand from investors. Many industry players expressed concern at the time that the prices were being pushed up at least partly by activity at Bitfinex, one of the largest and least regulated exchanges in the industry. The exchange, which is registered in the Caribbean with offices in Asia, was subpoenaed by American regulators shortly after articles about the concerns appeared in The New York Times and other publications. Mr. Griffin looked at the flow of digital tokens going in and out of Bitfinex and identified several distinct patterns that suggest that someone or some people at the exchange successfully worked to push up prices when they sagged at other exchanges. To do that, the person or people used a secondary virtual currency, known as Tether, which was created and sold by the owners of Bitfinex, to buy up those other cryptocurrencies.

Catalin Cimpanu, reporting for BleepingComputer: Microsoft has patched a vulnerability in the Cortana smart assistant that could have allowed an attacker with access to a locked computer to use the smart assistant and access data on the device, execute malicious code, or even change the PC's password to access the device in its entirety. The issue was discovered by Cedric Cochin, Cyber Security Architect and Senior Principle Engineer at McAfee. Cochin privately reported the problems he discovered to Microsoft in April. The vulnerability is CVE-2018-8140, which Microsoft classified as an elevation of privilege, and patched yesterday during the company's monthly Patch Tuesday security updates. Further reading: Microsoft Explains How it Decides Whether a Vulnerability Will Be Patched Swiftly or Left For a Version Update.