Slashdot Mirror

Intel said on Thursday it is introducing hardware protections against the Spectre CPU flaw that was discovered last year. From a report: Starting with the Cascade Lake version of its Xeon server processors later this year, Intel will incorporate "protective walls" in its hardware that prevent malicious hackers from using speculative execution techniques to steal private information from the secure part of the processor. These fixes will also ship with the PC version of the Cascade Lake chips, but the tech industry has been much more concerned about the effect of these design flaws on server processors running in data centers and cloud vendors.

The new fixes allow Intel to still benefit from the performance advantages of speculative execution -- in which a processor guesses which upcoming instructions it will need to execute in order to speed things up -- without the security risks. The hardware changes address Variants 2 and 3 of the Spectre and Meltdown issues first disclosed in early January, and software fixes should continue to address Variant 1, Intel said.

Intel said on Thursday it is introducing hardware protections against the Spectre CPU flaw that was discovered last year. From a report: Starting with the Cascade Lake version of its Xeon server processors later this year, Intel will incorporate "protective walls" in its hardware that prevent malicious hackers from using speculative execution techniques to steal private information from the secure part of the processor. These fixes will also ship with the PC version of the Cascade Lake chips, but the tech industry has been much more concerned about the effect of these design flaws on server processors running in data centers and cloud vendors.

The new fixes allow Intel to still benefit from the performance advantages of speculative execution -- in which a processor guesses which upcoming instructions it will need to execute in order to speed things up -- without the security risks. The hardware changes address Variants 2 and 3 of the Spectre and Meltdown issues first disclosed in early January, and software fixes should continue to address Variant 1, Intel said.

Intel said on Thursday it is introducing hardware protections against the Spectre CPU flaw that was discovered last year. From a report: Starting with the Cascade Lake version of its Xeon server processors later this year, Intel will incorporate "protective walls" in its hardware that prevent malicious hackers from using speculative execution techniques to steal private information from the secure part of the processor. These fixes will also ship with the PC version of the Cascade Lake chips, but the tech industry has been much more concerned about the effect of these design flaws on server processors running in data centers and cloud vendors.

The new fixes allow Intel to still benefit from the performance advantages of speculative execution -- in which a processor guesses which upcoming instructions it will need to execute in order to speed things up -- without the security risks. The hardware changes address Variants 2 and 3 of the Spectre and Meltdown issues first disclosed in early January, and software fixes should continue to address Variant 1, Intel said.

Earlier this week, a little-known security firm called CTS Labs reported, what it claimed to be, severe vulnerabilities and backdoors in some AMD processors. While AMD looks into the matter, the story behind the researchers' discovery and the way they made it public has become a talking point in security circles. The researchers, who work for CTS Labs, only reported the flaws to AMD shortly before publishing their report online. Typically, researchers give companies a few weeks or even months to fix the issues before going public with their findings. To make things even stranger, a little bit over 30 minutes after CTS Labs published its report, a controversial financial firm called Viceroy Research published what they called an "obituary" for AMD. Motherboard reports: "We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries," Viceroy wrote in its report. CTS Labs seemed to hint that it too had a financial interest in the performance of AMD stock. "We may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports," CTS Labs wrote in the legal disclaimer section of its report.

On Twitter, rumors started to swirl. Are the researchers trying to make money by betting that AMD's share price will go down due to the news of the vulnerabilities? Or, in Wall Street jargon, were CTS Labs and Viceroy trying to short sell AMD stock? Security researcher Arrigo Triulzi speculated that Viceroy and CTS Lab were profit sharing for shorting, while Facebook's chief security officer Alex Stamos warned against a future where security research is driven by short selling.

[...] There's no evidence that CTS Labs worked with Viceroy to short AMD. But something like that has happened before. In 2016, security research firm MedSec found vulnerabilities in pacemakers made by St. Jude Medical. In what was likely a first, MedSec partnered with hedge fund Muddy Waters to bet against St. Jude Medical's stock. For Adrian Sanabria, director of research at security firm Threatcare and a former analyst at 451 Research, where he covered the cybersecurity industry, trying to short based on vulnerabilities just doesn't make much sense. While it could work in theory and could become more common in the future, he said in a phone call, "I don't think we've seen enough evidence of security vulnerabilities really moving the stock for it to really become an issue." Further reading: Linus Torvalds slams CTS Labs over AMD vulnerability report (ZDNet).

An anonymous reader quotes a report from Medium: Lawmakers behind a new anti-privacy bill are trying to sneak it through Congress by attaching it to the must-pass government spending bill. The CLOUD Act would hand police in the U.S., and other countries, extreme new powers to obtain and monitor data directly from tech companies instead of requiring a warrant and judicial review. Congressional leadership will decide whether the CLOUD Act gets attached to the omnibus government spending bill sometime this week, potentially as early as tomorrow... If passed, this bill would give law enforcement the power to go directly to tech companies, no matter where they or their servers are, to obtain our data. They wouldn't need a warrant or court oversight, and we'll be left with no protections to ensure law enforcement isn't violating our rights. A recent report from the Electronic Frontier Foundation explains how the CLOUD Act circumvents the Fourth Amendment. "This new backdoor for cross-border data mirrors another backdoor under Section 702 of the FISA Amendments Act, an invasive NSA surveillance authority for foreign intelligence gathering," reports the EFF. "That law, recently reauthorized and expanded by Congress for another six years, gives U.S. intelligence agencies, including the NSA, FBI, and CIA, the ability to search, read, and share our private electronic messages without first obtaining a warrant. The new backdoor in the CLOUD Act operates much in the same way. U.S. police could obtain Americans' data, and use it against them, without complying with the Fourth Amendment."

Microsoft has backtracked on a decision it took back in January when it conditioned that computers without a special registry key would not receive any more security updates. From a report: That particular "requirement" was introduced as part of the Meltdown and Spectre patching process. At the time, Microsoft said that antivirus vendors would have to add a key to the Windows Registry to signal that they are compatible with Microsoft's original Meltdown and Spectre patches. This was a big issue at the time because Microsoft detected during testing that some antivirus vendors would inject code into parts of the kernel that the company was trying to patch against Meltdown and Spectre flaws.

Yesterday, YouTube CEO Susan Wojcicki announced that the company would drop a Wikipedia link beneath videos on highly contested topics. We have now learned that Wikipedia did not know about this move prior to the announcement. Gizmodo reports: In a Twitter thread asking the public to support Wikipedia as much as it relies on it, Wikimedia executive director Katherine Maher first suggested that the organization was unaware of YouTube's plans. When asked whether this new module would only apply to English Wikipedia pages, Maher responded, "I couldn't say; this was something they did independent of us." In a statement to Gizmodo, the Wikimedia Foundation confirmed that the organization first learned of the new YouTube feature on Tuesday. "We are always happy to see people, companies, and organizations recognize Wikipedia's value as a repository of free knowledge," a Wikimedia Foundation spokesperson said in a statement. "In this case, neither Wikipedia nor the Wikimedia Foundation are part of a formal partnership with YouTube. We were not given advance notice of this announcement."

The Sri Lankan government is accusing Facebook of failing to control rampant hate speech that it says contributed to anti-Muslim riots last week that left three people dead and the country under a state of emergency. The accusations come after the country blocked Facebook and several other platforms last week in an effort to prevent the spread of hate speech. The Guardian reports: On Thursday Fernando, along with the Sri Lankan prime minister, Ranil Wickremesinghe, and communications officials, will meet a Facebook team that has flown to Colombo. The Sri Lankans will demand a new, faster system for taking down posts flagged as a national security risk by agencies in the country. "Facebook is not reacting as fast as we have wanted it to react," Fernando said. "In the past it has taken various number of days to review [flagged posts] or even to take down the pages." On Tuesday he highlighted a tweet from a user who claimed to have reported a Facebook post in the Sinhala language that read "Kill all Muslims, don't even let an infant of the dogs escape." The user claimed he received a reply six days later saying the post did not contravene a specific Facebook community standard. The extremist leader Amith Weerasinghe, who was arrested last week in Kandy after being accused of helping to instigate the violence, had amassed nearly 150,000 followers on his Facebook page before it was taken down last week.

The Information (paywalled) has published a lengthy report today covering the development of Siri. The article documents Siri's tumultuous changes in leadership and management over the last few years, indicating that Siri 1.0's infrastructure was very creaky, which held back the service. From a report: One of the most interesting anecdotes is the claim that Apple's HomePod team didn't meet with the Siri group until 2015 (Amazon Echo debuted in late 2014). The story says Apple had originally considered launching the speaker without Siri. The big takeaway from The Information's reporting is that Siri launched with a poorly scalable infrastructure that caused bottlenecks for years after it launched in 2011. At the initial release, the popularity of Siri 'exceeded expectations' and led to a lot of unreliability. The backend was not designed to handle enough users. Apple has spent the intervening years modernising the system apparently.

Google is cracking down on cryptocurrency-related advertising. From a report: The company is updating its financial services-related ad policies to ban any advertising about cryptocurrency-related content, including initial coin offerings (ICOs), wallets, and trading advice, Google's director of sustainable ads, Scott Spencer, told CNBC. That means that even companies with legitimate cryptocurrency offerings won't be allowed to serve ads through any of Google's ad products, which place advertising on its own sites as well as third-party websites. This update will go into effect in June 2018, according to a company post. "We don't have a crystal ball to know where the future is going to go with cryptocurrencies, but we've seen enough consumer harm or potential for consumer harm that it's an area that we want to approach with extreme caution," Scott said.

The same bot, DoNotPay, that helped users overturn parking tickets and sue Equifax for small sums of money is now offering you protection against volatile airline prices. The Verge reports: Joshua Browder, a junior at Stanford University, designed the new service on the bot in a few months, after experiencing rapidly fluctuating airline prices when flying to California during the wildfires last year. "It annoyed me that every single flight, I could be paying sometimes double or even triple the person next to me in the same type of seat," he told The Verge. Browder first used the service himself and then tested it among his friends in a closed beta. He claims that the average amount saved among the beta testers is $450 a year, though it's not clear how many flights were booked and how much they cost. The service is available to the public starting today. To use it, log in with a Google account, input your phone number, birthday, and credit card information through Stripe. (Browder swears the credit card information won't be stored.) Then the chatbot tells you you're all set. Now, every time you buy airline tickets, whether from an airline's site or a third party, the chatbot will help make sure you pay the lowest price for your class and seat.

The same bot, DoNotPay, that helped users overturn parking tickets and sue Equifax for small sums of money is now offering you protection against volatile airline prices. The Verge reports: Joshua Browder, a junior at Stanford University, designed the new service on the bot in a few months, after experiencing rapidly fluctuating airline prices when flying to California during the wildfires last year. "It annoyed me that every single flight, I could be paying sometimes double or even triple the person next to me in the same type of seat," he told The Verge. Browder first used the service himself and then tested it among his friends in a closed beta. He claims that the average amount saved among the beta testers is $450 a year, though it's not clear how many flights were booked and how much they cost. The service is available to the public starting today. To use it, log in with a Google account, input your phone number, birthday, and credit card information through Stripe. (Browder swears the credit card information won't be stored.) Then the chatbot tells you you're all set. Now, every time you buy airline tickets, whether from an airline's site or a third party, the chatbot will help make sure you pay the lowest price for your class and seat.

An anonymous reader quotes a report from TorrentFreak: In 2011 and 2012, the U.S. Navy began using BS Contact Geo, a 3D virtual reality application developed by German company Bitmanagement. The Navy reportedly agreed to purchase licenses for use on 38 computers, but things began to escalate. While Bitmanagement was hopeful that it could sell additional licenses to the Navy, the software vendor soon discovered the U.S. Government had already installed it on 100,000 computers without extra compensation. In a Federal Claims Court complaint filed by Bitmanagement two years ago, that figure later increased to hundreds of thousands of computers. Because of the alleged infringement, Bitmanagement demanded damages totaling hundreds of millions of dollars. In the months that followed both parties conducted discovery and a few days ago the software company filed a motion for partial summary judgment, asking the court to rule that the U.S. Government is liable for copyright infringement. According to the software company, it's clear that the U.S. Government crossed a line. In its defense, the U.S. Government had argued that it bought concurrent-use licenses, which permitted the software to be installed across the Navy network. However, Bitmanagement argues that it is impossible as the reseller that sold the software was only authorized to sell PC licenses. In addition, the software company points out that the word "concurrent" doesn't appear in the contracts, nor was there any mention of mass installations. The full motion brings up a wide range of other arguments as well which, according to Bitmanagement, make it clear that the U.S. Government is liable for copyright infringement.

Stating with Firefox 60 -- expected to be released in May 2018 -- websites won't be able to use Firefox to access data from sensors that provide proximity distances and ambient light information. From a report: Firefox was allowing websites to access this data via the W3C Proximity and Ambient Light APIs. But at the start of the month, Mozilla engineers decided to disable access to these two APIs by default. The APIs won't be removed, but their status is now controlled by two Firefox flags that will ship disabled by default. This means users will have to manually enable the two flags before any website can use Firefox to extract proximity and ambient light data from the device's underlying sensors. The two flags will be available in Firefox's about:config settings page. The screenshot below shows the latest Firefox Nightly version, where the two flags are now disabled, while other sensor APIs are enabled.

Amazon announced today that it's bringing its voice assistant into a range of business settings, big and small, like hotels and co-working spaces. From a report: While people always think of Amazon as a consumer company, it has shown itself time and again to have larger ambitions. This move could help it expand tis business services beyond its already popular Amazon Web services. In an interview, Amazon CTO Werner Vogels said that exposure to the workplace will improve Alexa by exposing it to new types of conversations. "The kind of language we use in our offices is sometimes radically different from the more conversational things we do in our(homes)," he told Axios. Alexa "will greatly improve by being exposed to different kinds of statements or conversations."

From a report: This week, Ubuntu Linux 18.04 'Bionic Beaver' Beta 1 became available for download. Ubuntu 18.04 is significant, as it will be an LTS (Long Term Support) version. As was the case when Unity was the primary DE, GNOME is not available in this beta stage. Instead, there are other flavors from which to choose, such as Kubuntu with KDE Plasma and Xubuntu, which uses Xfce.

"Pre-releases of the Bionic Beaver are not encouraged for anyone needing a stable system or anyone who is not comfortable running into occasional, even frequent breakage. They are, however, recommended for Ubuntu flavor developers and those who want to help in testing, reporting, and fixing bugs as we work towards getting this release ready. Beta 1 includes some software updates that are ready for broader testing. However, it is quite an early set of images, so you should expect some bugs," says Dustin Krysak, Ubuntu Budgie team member.

Slashdot reader astroengine writes: One of the most expensive, complex and problematic components in gravitational wave detectors like the Laser Interferometer Gravitational-wave Observatory (LIGO) — which made the first, historic detection of these ripples in space-time in September 2015 — is the 4-kilometer-long vacuum chambers that house all the interferometer optics. But what if this requirement for ground-based gravitational wave detectors isn't required? This suggestion has been made by a pair of physicists at the University of Maryland, Baltimore County (UMBC) who are developing a method that could allow extremely sensitive interferometers to operate in the "open air."

Their work, published in the journal Physical Review Letters, uses the weird quantum properties of light to counteract interference from turbulence in the air to allow interferometer measurements to be made. Their method, which is a variation on the classic Young's double-slit experiment, has been demonstrated in a tabletop experiment — but gravitational wave scientists are skeptical that it could be scaled up to remove sophisticated vacuums from their detectors.

The New York Times notes an important caveat to Florida's recently-approved law observing daylight savings time year-round: it specifies that their change will only go into effect if "the United States Congress amends 15 U.S.C. s. 260a to authorize states to observe daylight saving time year-round."

"In other words: Even if the governor signs the bill, nothing will happen now... States can choose to exempt themselves from daylight saving time -- Arizona and Hawaii do -- but nothing in federal law allows them to exempt themselves from standard time." Meanwhile one California legislator exploring the idea of year-round standard time discovered that "youth sports leagues and families worried that a year-round early sunset would shut down their kids' after-school games." But the Times also acknowledges problems in the current system. "In parts of Maine, for example, between Thanksgiving and Christmas, the sun sets before 4 p.m. -- more than an hour earlier than it does in Detroit, at the other end of the Eastern time zone." So is there a better alternative?

An anonymous reader quotes Business Insider: Standardtime.com has a unique suggestion. Their proposal has only two time zones in the continental U.S. that are two hours apart, which The Atlantic calls "a simple plan to fix [DST]"... Johns Hopkins University professors Richard Henry and Steven Hanke have come up with yet another possible fix: worldwide adoption of a single time zone. They argue that the internet has eliminated the need for discrete time zones across the globe, so we might as well just do away with them...

No plan will satisfy everyone. But that doesn't mean daylight-saving time is good. The absence of major energy-saving benefits from DST -- along with its death toll, health impacts, and economic ramifications -- are reason enough to get rid of the ritual altogether.
The article associates Daylight Saving Time with "a spike in heart attacks, increased numbers of work injuries, automobile accidents, suicides, and more." And in addition, it also blames DST for an increased use of gasoline and air conditioners -- adding that it will also "rob humanity of billions of hours of sleep like an evil spacetime vampire."

Former Linux developer Patrick McHardy dropped his Gnu General Public License version 2 (GPLv2) violation case against Geniatech in a German court this week. ZDNet explains why some consider this a big "win": People who find violations typically turn to organizations such as the Free Software Foundation, Software Freedom Conservancy (SFC), and the Software Freedom Law Center to approach violators. These organizations then try to convince violating companies to mend their ways and honor their GPLv2 legal requirements. Only as a last resort do they take companies to court to force them into compliance with the GPLv2. Patrick McHardy, however, after talking with SFC, dropped out from this diplomatic approach and has gone on his own way. Specifically, McHardy has been accused of seeking his own financial gain by approaching numerous companies in German courts. Geniatech claimed McHardy has sued companies for Linux GPLv2 violations in over 38 cases. In one, he'd requested a contractual penalty of €1.8 million. The company also claimed McHardy had already received over €2 million from his actions...

In July 2016, the Netfilter developers suspended him from the core team. They received numerous allegations that he had been shaking down companies. McHardy refused to discuss these issues with them, and he refused to sign off on the Principles of Community-Oriented GPL Enforcement. In October 2017, Greg Kroah-Hartman, Linux kernel maintainer for the stable branch, summed up the Linux kernel developers' position. Kroah-Hartman wrote: "McHardy has sought to enforce his copyright claims in secret and for large sums of money by threatening or engaging in litigation...."

Had McHardy continued on his way, companies would have been more reluctant to use Linux code in their products for fear that a single, unprincipled developer could sue them and demand payment for his copyrighted contributions... McHardy now has to bear all legal costs for both sides of the case. In other words, when McHardy was faced with serious and costly opposition for the first time, he waved a white flag rather than face near certain defeat in the courts.

Slashdot reader Chris Reeve writes: An October 2017 paper titled Electric Currents along Astrophysical Jets reports that "Several researchers have reported direct evidence for large scale electric currents along astrophysical jets." A review of the citations at the end of that paper and others (here and here, for instance) would seem to suggest that one of the great Internet science debates has finally been settled: Electricity does indeed travel through space over vast cosmic distances.

What has been interesting to watch about this unexpected development is that science journalists have so far not explicitly reported this as a shift in theory, and commenters on sites like phys.org appear to deny that any change has even occurred: "The jets have been shown not to be electric currents, the energy and the physics involved are certainly not electromagnetic." This comment completely rejecting these new findings was highly rated by other phys.org readers, suggesting that the failure to explicitly report this as a change in theory has left this controversial topic in a highly confused state.
The paper summarizes what it calls "observational evidence for the existence of large scale electric currents and their associated grand design helical magnetic fields in kpc-scale astrophysical jets." And the original submitter details the history of the question in a follow-up comment arguing that at our current moment in time, "a mistaken bias against electricity in space continues to dominate conversations."

Here's the latest developments in the ongoing fight over net neutrality rules:

• CNET reports that Democrats in the Senate "have been pushing to use the Congressional Review Act to roll back the FCC's repeal of net neutrality rules. They've gotten the support of 50 senators for the measure, including one Republican, Susan Collins of Maine. Sen. John Kennedy from Louisiana , who's been undecided in his support of the CRA bill, was being courted by Democrats as the tie-breaking vote to pass the measure in the Senate...
  
  "On Wednesday, Kennedy introduced a piece of legislation that would ban companies like AT&T and Comcast from slowing down or blocking access to websites or internet services. But the bill wouldn't prevent these broadband and wireless companies from offering paid prioritization, which many critics fear could lead to so-called internet 'fast lanes.'"

• Axios reports that lawsuits looking to strike down the Federal Communications Commission's repeal of its own net neutrality rules "will be heard in the U.S. Court of Appeals for the Ninth Circuit, the court said Thursday... The lottery to decide the location of the court arguments was the result of lawsuits filed against the FCC in different jurisdictions, including by Attorneys General from more than 20 states, led by New York attorney general Eric Schneiderman."

• The Associated Press reports that on Monday, Washington became the first state to set up its own net-neutrality requirements. But they add that governors in five states -- Hawaii, New Jersey, New York, Montana and Vermont -- "have signed executive orders related to net-neutrality issues, according to the National Conference of State Legislatures. Montana's order, for instance, bars telecommunications companies from receiving state contracts if they interfere with internet traffic or favor higher-paying sites or apps."

PC Magazine reports: A new way to amplify DDoS attacks has been spotted harassing Google, Amazon, Pornhub and even the National Rifle Association's main website after striking Github last week. The attacks, which exploit vulnerable "memcached servers," have been trying to hose down scores of new targets with a flood of internet traffic, according to Chinese security firm Qihoo 360... Github was the first high-profile victim and suffered a 1.35 Tbps assault -- or what was then the biggest DDoS attack on record. But days later, an unnamed U.S. service provider fended off a separate assault, which measured at 1.7 Tbps. Unfortunately, the amplified DDoS attacks haven't stopped. They've gone on to strike over 7,000 unique IP addresses in the last seven days, Qihoo 360 said in a blog post... Gaming sites including Rockstargames.com, Minecraft.net, and Playstation.net have been among those hit...

The security community is also steadily addressing the linchpin to all the assaults: the vulnerable memcached servers. About 100,000 of these online storage systems were publicly exposed over a week ago. But the server owners have since patched or firewalled about 60,000 of them, Radware security researcher Daniel Smith said. That leaves 40,000 servers open to exploitation. Smith points to how the coding behind the attack technique has started to circulate online through free tools and scripts.
Meanwhile, Slashdot reader darthcamaro shares an article about "the so-call 'kill switch'" that some vendors have been debating: "The 'kill switch' was immediately obvious to everyone who worked on mitigating this DDoS attack," John Graham-Cumming, CTO of CloudFlare said. "We chose not to use or test this method because it would be unethical and likely illegal since it alters the state of a remote machine without authorization."

In 2016, the Chinese space agency lost control of its Tiangong-1, or Heavenly Palace, spacecraft, five years after it blasted into orbit. Scientists have determined that it will come crashing down to Earth in the coming weeks, be they do not know exactly where on Earth it will hit. The Guardian reports: The defunct module is now at an altitude of 150 miles and being tracked by space agencies around the world, with the European Space Agency's center in Darmstadt predicting a fiery descent for it between March 27 and April 8. Hurtling around the Earth at about 18,000mph, the module ranks as one of the larger objects to re-enter the atmosphere without being steered towards the ocean, as is standard for big and broken spacecraft, and cargo vessels that are jettisoned from the International Space Station (ISS), to reduce the risk to life below. The spacecraft's orbit ranges from 43 degrees north to 43 degrees south, which rules out a descent over the UK but includes vast stretches of North and South America, China, the Middle East, Africa, Australia, parts of Europe -- and great swaths of the Pacific and Atlantic oceans. Western analysts cannot be sure how much of the spacecraft will survive re-entry, because China has not released details of the design and materials used to make Tiangong-1. But the spacecraft may have well-protected titanium fuel tanks containing toxic hydrazine that could pose a danger if they land in populated areas.

GrayShift is a new company that promises to unlock even iPhones running the latest version of iOS for a relatively cheap price. From a report: In a sign of how hacking technology often trickles down from more well-funded federal agencies to local bodies, at least one regional police department has already signed up for GrayShift's services, according to documents and emails obtained by Motherboard. As Forbes reported on Monday, GrayShift is an American company which appears to be run by an ex-Apple security engineer and others who have long held contracts with intelligence agencies. In its marketing materials, GrayShift offers a tool called GrayKey, an offline version of which costs $30,000 and comes with an unlimited number of uses. For $15,000, customers can instead buy the online version, which grants 300 iPhones unlocks.

This is what the Indiana State Police bought, judging by a purchase order obtained by Motherboard. The document, dated February 21, is for one GrayKey unit costing $500, and a "GrayKey annual license -- online -- 300 uses," for $14,500. The order, and an accompanying request for quotation, indicate the unlocking service was intended for Indiana State Police's cybercrime department. A quotation document emblazoned with GrayShift's logo shows the company gave Indiana State Police a $500 dollar discount for their first year of the service. Importantly, according to the marketing material cited by Forbes, GrayKey can unlock iPhones running modern versions of Apple's mobile operating system, such as iOS 10 and 11, as well as the most up to date Apple hardware, like the iPhone 8 and X.

GrayShift is a new company that promises to unlock even iPhones running the latest version of iOS for a relatively cheap price. From a report: In a sign of how hacking technology often trickles down from more well-funded federal agencies to local bodies, at least one regional police department has already signed up for GrayShift's services, according to documents and emails obtained by Motherboard. As Forbes reported on Monday, GrayShift is an American company which appears to be run by an ex-Apple security engineer and others who have long held contracts with intelligence agencies. In its marketing materials, GrayShift offers a tool called GrayKey, an offline version of which costs $30,000 and comes with an unlimited number of uses. For $15,000, customers can instead buy the online version, which grants 300 iPhones unlocks.

This is what the Indiana State Police bought, judging by a purchase order obtained by Motherboard. The document, dated February 21, is for one GrayKey unit costing $500, and a "GrayKey annual license -- online -- 300 uses," for $14,500. The order, and an accompanying request for quotation, indicate the unlocking service was intended for Indiana State Police's cybercrime department. A quotation document emblazoned with GrayShift's logo shows the company gave Indiana State Police a $500 dollar discount for their first year of the service. Importantly, according to the marketing material cited by Forbes, GrayKey can unlock iPhones running modern versions of Apple's mobile operating system, such as iOS 10 and 11, as well as the most up to date Apple hardware, like the iPhone 8 and X.

An anonymous reader quotes a report from IEEE Spectrum: Last August, reports emerged that U.S. and Canadian diplomats in Cuba had suffered a host of mysterious ailments. Speculation soon arose that a high-frequency sonic weapon was to blame. Acoustics experts, however, were quick to point out the unlikeliness of such an attack. Among other things, ultrasonic frequencies -- from 20 to 200 kilohertz -- don't propagate well in air and don't cause the ear pain, headache, dizziness, and other symptoms reported in Cuba. Also, some victims recalled hearing high-pitched sounds, whereas ultrasound is inaudible to humans. The mystery deepened in October, when the Associated Press (AP) released a 6-second audio clip, reportedly a recording of what U.S. embassy staff heard. The chirping tones, centered around 7 kHz, were indeed audible, but they didn't suggest any kind of weapon. Looking at a spectral plot of the clip on YouTube, Kevin Fu, a computer scientist at the University of Michigan, noted some unusual ripples. He thought he might know what they meant.

Fu's lab specializes in analyzing the cybersecurity of devices connected to the Internet of Things, such as sensors, pacemakers, RFIDs, and autonomous vehicles. To Fu, the ripples in the spectral readout suggested some kind of interference. He discussed the AP clip with his frequent collaborator, Wenyuan Xu, a professor at Zhejiang University, in Hangzhou, China, and her Ph.D. student Chen Yan. Yan and Xu started with a fast Fourier transform of the AP audio, which revealed the signal's exact frequencies and amplitudes. Then, through a series of simulations, Yan showed that an effect known as intermodulation distortion could have produced the AP sound. Intermodulation distortion occurs when two signals having different frequencies combine to produce synthetic signals at the difference, sum, or multiples of the original frequencies. Having reverse engineered the AP audio, Fu, Xu, and Yan then considered what combination of things might have caused the sound at the U.S. embassy in Cuba. "If ultrasound is to blame, then a likely cause was two ultrasonic signals that accidentally interfered with each other, creating an audible side effect," Fu says. "Maybe there was also an ultrasonic jammer in the room and an ultrasonic transmitter," he suggests. "Each device might have been placed there by a different party, completely unaware of the other."

An anonymous reader quotes a report from IEEE Spectrum: Last August, reports emerged that U.S. and Canadian diplomats in Cuba had suffered a host of mysterious ailments. Speculation soon arose that a high-frequency sonic weapon was to blame. Acoustics experts, however, were quick to point out the unlikeliness of such an attack. Among other things, ultrasonic frequencies -- from 20 to 200 kilohertz -- don't propagate well in air and don't cause the ear pain, headache, dizziness, and other symptoms reported in Cuba. Also, some victims recalled hearing high-pitched sounds, whereas ultrasound is inaudible to humans. The mystery deepened in October, when the Associated Press (AP) released a 6-second audio clip, reportedly a recording of what U.S. embassy staff heard. The chirping tones, centered around 7 kHz, were indeed audible, but they didn't suggest any kind of weapon. Looking at a spectral plot of the clip on YouTube, Kevin Fu, a computer scientist at the University of Michigan, noted some unusual ripples. He thought he might know what they meant.

Fu's lab specializes in analyzing the cybersecurity of devices connected to the Internet of Things, such as sensors, pacemakers, RFIDs, and autonomous vehicles. To Fu, the ripples in the spectral readout suggested some kind of interference. He discussed the AP clip with his frequent collaborator, Wenyuan Xu, a professor at Zhejiang University, in Hangzhou, China, and her Ph.D. student Chen Yan. Yan and Xu started with a fast Fourier transform of the AP audio, which revealed the signal's exact frequencies and amplitudes. Then, through a series of simulations, Yan showed that an effect known as intermodulation distortion could have produced the AP sound. Intermodulation distortion occurs when two signals having different frequencies combine to produce synthetic signals at the difference, sum, or multiples of the original frequencies. Having reverse engineered the AP audio, Fu, Xu, and Yan then considered what combination of things might have caused the sound at the U.S. embassy in Cuba. "If ultrasound is to blame, then a likely cause was two ultrasonic signals that accidentally interfered with each other, creating an audible side effect," Fu says. "Maybe there was also an ultrasonic jammer in the room and an ultrasonic transmitter," he suggests. "Each device might have been placed there by a different party, completely unaware of the other."

Qarnot, the French startup known for using Ryzen Pro processors to heat homes and offices for free, is unveiling a new computing heater specifically made for cryptocurrency mining. "The QC1 is a heater for your home that features a passive computer inside," reports TechCrunch. "And this computer is optimized for mining." From the report: The QC1 features two AMD GPUs (Sapphire Nitro+ Radeon RX580 with 8GB of VRAM) and is designed to mine Ethers by default. You can set it up in a few minutes by plugging an Ethernet cable and putting your Ethereum wallet address in the mobile app. You'll then gradually receive ethers on this address -- Qarnot doesn't receive any coin, you keep 100 percent of your cryptocurrencies. If you believe Litecoin or another cryptocurrency is the future, you can also access the computer and mine another cryptocurrency. It's a Linux server and you can access it directly. If your home is cold and you desperately need to turn on the heaters, the QC1 is going to turn on the two GPUs and mine at a 60 MH/s speed. There are also traditional heating conductors in case those two GPUs are not enough. Qarnot heaters don't have any hard drive and rely on passive heating. You won't hear any fan buzzing in the background. You can order the QC1 for $3,600 starting today -- you can also pay in bitcoins. The company hopes to sell hundreds of QC1 in the next year.

Comcast's Xfinity internet customers have been reporting multiple websites, including PayPal, Steam, and TorrentFreak have been getting blocked by the ISP's "protected browsing" setting. From a report: The "protected browsing" setting is designed to "reduce the risk of accessing known sources of malware, spyware, and phishing for all devices connected to your home network." This, in general, isn't a bad thing. It's similar to Google Chrome's security settings that warn you when you have an insecure connection. But it's odd that Xfinity's security setting would be blocking perfectly harmless sites like PayPal. Multiple consumers have been reporting on Comcast's forums and elsewhere that they've been blocked while trying to access sites that many people use every day. After posting about it on the forums, one user who said they couldn't access PayPal said the problem with that particular site had been fixed. Further reading: Comcast's Protected Browsing Blocks TorrentFreak as "Suspicious" Site (TorrentFreak).

Researchers find fake news reaches users up to 20 times faster than factual content -- and real users are more likely to spread it than bots. From a report: "Falsehood flies, and the truth comes limping after it," wrote Jonathan Swift in 1710. Now a group of scientists say they have found evidence Swift was right -- at least when it comes to Twitter. In the paper, published in the journal Science, three MIT researchers describe an analysis of a vast amount of Twitter data: more than 125,000 stories, tweeted more than 4.5 million times in total, all categorised as being true or false by at least one of six independent fact-checking organisations. The findings make for unhappy reading. "Falsehood diffused significantly farther, faster, deeper and more broadly than the truth in all categories of information," they write, "and the effects were more pronounced for false political news than for false news about terrorism, natural disasters, science, urban legends or financial information."

How much further? "Whereas the truth rarely diffused to more than 1,000 people, the top 1% of false-news cascades routinely diffused to between 1,000 and 100,000 people," they write. In other words, true facts don't get retweeted, while too-good-to-be-true claims are viral gold. How much faster? "It took the truth about six times as long as falsehood to reach 1,500 people, and 20 times as long as falsehood to reach a cascade depth of 10" -- meaning that it was retweeted 10 times sequentially (so, for example, B reads A's feed and retweets a tweet, and C then reads B's feed and retweets the same tweet, all the way to J).

Dieter Bohn, writing for The Verge: In a blog post today, Google is announcing that it's formally embarking on a project to convince the group in charge of web standards to adopt technology inspired by its Accelerated Mobile Pages (AMP) framework. In theory, it would mean that virtually any webpage could gain the same benefits as AMP: near-instantaneous loading, distribution on multiple platforms, and (critically) more prominent placement on Google properties. This is important, a little tricky to understand, and critical to how the web and Google interact in the future. In many ways, Google's success or failure in this endeavor will play a major role in shaping how the web works on your phone.

[...] By creating AMP, Google blithely walked right into the center of a thicket comprised of developers concerned about the future of the web. Publishers are worried about ceding too much control of their distribution to gigantic tech companies, and all of the above are worried that Google is not so much a steward of the web but rather its nefarious puppet master. The whole situation is slightly frustrating to David Besbris, VP of search engineering at Google. Earlier this week, I went to Mountain View to talk with Besbris and Malte Ubl, engineering lead for AMP. "This is honestly a fairly altruistic project from our perspective," says Besbris. "It wasn't like we invented AMP because we wanted to control everything, like people assume," he says. Instead, he argues, go back and look at how dire the state of the mobile web was a few years ago, before AMP's inception.

Dieter Bohn, writing for The Verge: In a blog post today, Google is announcing that it's formally embarking on a project to convince the group in charge of web standards to adopt technology inspired by its Accelerated Mobile Pages (AMP) framework. In theory, it would mean that virtually any webpage could gain the same benefits as AMP: near-instantaneous loading, distribution on multiple platforms, and (critically) more prominent placement on Google properties. This is important, a little tricky to understand, and critical to how the web and Google interact in the future. In many ways, Google's success or failure in this endeavor will play a major role in shaping how the web works on your phone.

[...] By creating AMP, Google blithely walked right into the center of a thicket comprised of developers concerned about the future of the web. Publishers are worried about ceding too much control of their distribution to gigantic tech companies, and all of the above are worried that Google is not so much a steward of the web but rather its nefarious puppet master. The whole situation is slightly frustrating to David Besbris, VP of search engineering at Google. Earlier this week, I went to Mountain View to talk with Besbris and Malte Ubl, engineering lead for AMP. "This is honestly a fairly altruistic project from our perspective," says Besbris. "It wasn't like we invented AMP because we wanted to control everything, like people assume," he says. Instead, he argues, go back and look at how dire the state of the mobile web was a few years ago, before AMP's inception.

Dieter Bohn, writing for The Verge: In a blog post today, Google is announcing that it's formally embarking on a project to convince the group in charge of web standards to adopt technology inspired by its Accelerated Mobile Pages (AMP) framework. In theory, it would mean that virtually any webpage could gain the same benefits as AMP: near-instantaneous loading, distribution on multiple platforms, and (critically) more prominent placement on Google properties. This is important, a little tricky to understand, and critical to how the web and Google interact in the future. In many ways, Google's success or failure in this endeavor will play a major role in shaping how the web works on your phone.

[...] By creating AMP, Google blithely walked right into the center of a thicket comprised of developers concerned about the future of the web. Publishers are worried about ceding too much control of their distribution to gigantic tech companies, and all of the above are worried that Google is not so much a steward of the web but rather its nefarious puppet master. The whole situation is slightly frustrating to David Besbris, VP of search engineering at Google. Earlier this week, I went to Mountain View to talk with Besbris and Malte Ubl, engineering lead for AMP. "This is honestly a fairly altruistic project from our perspective," says Besbris. "It wasn't like we invented AMP because we wanted to control everything, like people assume," he says. Instead, he argues, go back and look at how dire the state of the mobile web was a few years ago, before AMP's inception.

Google has launched the first developer preview of Android P, the company's new mobile operating system that brings new features and improvements over Android Oreo. Unfortunately, developers will only have a small set of blessed hardware to choose from with Android P: the Pixel, Pixel XL, Pixel 2, and Pixel 2 XL. Google's Nexus smartphones and Pixel C tablet will not get Android P when it's fully released. The Verge reports: Eventually, Android P will ship on new phones from other manufacturers, along with the handful of handsets that third-parties bother to update, but there are a couple Android mainstays that won't get to enjoy this marvelous future: Google's Nexus 5X and Nexus 6P phones, and the oft-forgotten Pixel C tablet. As Ars Technica confirmed with Google, those devices won't be getting Android P when it's released fully. Also, as Android Police notes, there's no Developer Preview image for the Nexus Player, which came out in 2014, so it might be done getting updates as well. It's 2018, and we're beyond the two years of major OS update support these devices were promised, so this isn't hugely surprising. All three devices will continue to get monthly security updates through at least November of this year, but they'll remain stuck on Android 8.1 for an underlying OS as far as official Google updates go.

Mary Jo Foley, writing for ZDNet: Every tech vendor these days is quick to slap the AI label on products and services. Up until today, I thought Microsoft had done an admirable job in refraining from doing this with Windows. But the shark has been jumped as of March 7, the company's latest Windows Developer Day. Cue the eye rolls. Microsoft is telling developers that the next release of Windows 10, which we are still calling by its codename, "Redstone 4," will enable developers to "use AI to deliver more powerful and engaging experiences." Microsoft execs say there's now an AI platform in Windows 10 that enables developers to use "pre-trained machine learning in their apps on Windows 10 devices."

An analysis of leaked tools believed to have been developed by the U.S. National Security Agency (NSA) gives us a glimpse into the methods used by the organization to detect the presence of other state-sponsored actors on hacked devices, and it could also help the cybersecurity community discover previously unknown threats. The Intercept: When the mysterious entity known as the "Shadow Brokers" released a tranche of stolen NSA hacking tools to the internet a year ago, most experts who studied the material honed in on the most potent tools, so-called zero-day exploits that could be used to install malware and take over machines. But a group of Hungarian security researchers spotted something else in the data, a collection of scripts and scanning tools the National Security Agency uses to detect other nation-state hackers on the machines it infects. It turns out those scripts and tools are just as interesting as the exploits. They show that in 2013 -- the year the NSA tools were believed to have been stolen by the Shadow Brokers -- the agency was tracking at least 45 different nation-state operations, known in the security community as Advanced Persistent Threats, or APTs. Some of these appear to be operations known by the broader security community -- but some may be threat actors and operations currently unknown to researchers.

The scripts and scanning tools dumped by Shadow Brokers and studied by the Hungarians were created by an NSA team known as Territorial Dispute, or TeDi. Intelligence sources told The Intercept the NSA established the team after hackers, believed to be from China, stole designs for the military's Joint Strike Fighter plane, along with other sensitive data, from U.S. defense contractors in 2007; the team was supposed to detect and counter sophisticated nation-state attackers more quickly, when they first began to emerge online. "As opposed to the U.S. only finding out in five years that everything was stolen, their goal was to try to figure out when it was being stolen in real time," one intelligence source told The Intercept. But their mission evolved to also provide situational awareness for NSA hackers to help them know when other nation-state actors are in machines they're trying to hack.

Two independent Israeli researchers found a way for an attacker to bypass the lock protection on Windows machines and install malware by using voice commands directed at Cortana, the multi-language, voice-commanded virtual assistant that comes embedded in Windows 10 desktop and mobile operating systems. From a report: Tal Be'ery and Amichai Shulman found that the always-listening Cortana agent responds to some voice commands even when computers are asleep and locked, allowing someone with physical access to plug a USB with a network adapter into the computer, then verbally instruct Cortana to launch the computer's browser and go to a web address that does not use https -- that is, a web address that does not encrypt traffic between a user's machine and the website. The attacker's malicious network adapter then intercepts the web session to send the computer to a malicious site instead, where malware downloads to the machine, all while the computer owner believes his or her machine is protected.

BrianFagioli writes: While there is no proof that anything nefarious is afoot, it does feel like maybe the Windows-maker is hijacking the Linux movement a bit by serving distros in its store. I hope there is no "embrace, extend, and extinguish" shenanigans going on.

Just yesterday, we reported that Kali Linux was in the Microsoft Store for Windows 10. That was big news, but it was not particularly significant in the grand scheme, as Kali is not very well known. Today, there is some undeniably huge news -- Debian is joining SUSE, Ubuntu, and Kali in the Microsoft Store. Should the Linux community be worried?

My concern lately is that Microsoft could eventually try to make the concept of running a Linux distro natively a thing of the past. Whether or not that is the company's intention is unknown. The Windows maker gives no reason to suspect evil plans, other than past negative comments about Linux and open source. For instance, former Microsoft CEO Steve Ballmer once called Linux "cancer" -- seriously.

Security researcher Will Strafach took a look at Onavo Protect, a newly released VPN service from Facebook: I found that Onavo Protect uses a Packet Tunnel Provider app extension, which should consistently run for as long as the VPN is connected, in order to periodically send the following data to Facebook (graph.facebook.com) as the user goes about their day:
When user's mobile device screen is turned on and turned off.
Total daily Wi-Fi data usage in bytes (Even when VPN is turned off).
Total daily cellular data usage in bytes (Even when VPN is turned off).
Periodic beacon containing an "uptime" to indicate how long the VPN has been connected.

Security researcher Will Strafach took a look at Onavo Protect, a newly released VPN service from Facebook: I found that Onavo Protect uses a Packet Tunnel Provider app extension, which should consistently run for as long as the VPN is connected, in order to periodically send the following data to Facebook (graph.facebook.com) as the user goes about their day:
When user's mobile device screen is turned on and turned off.
Total daily Wi-Fi data usage in bytes (Even when VPN is turned off).
Total daily cellular data usage in bytes (Even when VPN is turned off).
Periodic beacon containing an "uptime" to indicate how long the VPN has been connected.

Paul Lilly reports via PC Gamer: It took some time and a whole lot of tweaking, but modders have finally figured out a way to get Intel's Coffee Lake processors running on older motherboards based on Intel's Z270 and Z170 chipsets. Even though Coffee Lake is pin compatible with older LGA 1151 motherboards, the official word from Intel is that the power requirements differ, and as such Coffee Lake only works in newer motherboards based on Intel's Z370 chipset. [T]here is a forum post on Overclock.net that outlines how it can be done. It is a fairly involved process and specific to ASRock motherboards, which the modders claim "have proven to work well" with the steps that are outlined. In short, getting a Coffee Lake processor to run in an older motherboard requires making tweaks to the CPU's microcode, the iGPU's UEFI GOP driver, and some Management Engine bootstraps. The modders were able to get a Core i3-8300 processor to boot in a couple of older boards, but not a Core i7-8700 chip. That is a higher core chip, of course -- six cores instead of four -- which seems to suggest that the power issue is related to driving higher core counts.

According to newly released documents by the Electronic Frontier Foundation, federal agents would pay Geek Squad employees to flag illegal materials on devices sent in by customers for repairs. "The relationship goes back at least ten years, according to documents released as a result of the lawsuit [filed last year]," reports ZDNet. "The agency's Louisville division aim was to maintain a 'close liaison' with Geek Squad management to 'glean case initiations and to support the division's Computer Intrusion and Cyber Crime programs.'" From the report: According to the EFF's analysis of the documents, FBI agents would "show up, review the images or video and determine whether they believe they are illegal content" and seize the device so an additional analysis could be carried out at a local FBI field office. That's when, in some cases, agents would try to obtain a search warrant to justify the access. The EFF's lawsuit was filed in response to a report that a Geek Squad employee was used as an informant by the FBI in the prosecution of child pornography case. The documents show that the FBI would regularly use Geek Squad employees as confidential human sources -- the agency's term for informants -- by taking calls from employees when they found something suspect.

Last week, an MIT study using data from more than 1,100 Uber and Lyft drivers concluded they're earning a median pretax profit of just $3.37 per hour. Uber was less than pleased by their findings and used a blog post to highlight problems with the researchers' methodology. "Now the lead researcher behind the draft paper has admitted that Uber's criticism was actually pretty valid -- while also asking Uber and Lyft to make more data available, in order to improve his analysis," reports Fortune. From the report: The issue with the draft paper from MIT's Center for Energy and Environmental Policy Research (CEEPR), Uber's chief economist Jonathan Hall said, was this: The researchers asked drivers how much money they made on average each week from such services, but then asked "How much of your total monthly income comes from driving" -- without specifying that such income must relate to on-demand services. Of course, many people driving for Uber and Lyft also earn money from regular jobs and other income sources. And this, Hall alleged, skewed the researchers' results.

"Hall's specific criticism is valid," wrote Stephen Zoepf, the executive director of Stanford's Center for Automotive Research, who led the MIT study, on Monday. "In re-reading the wording of the two questions, I can see how respondents could have interpreted the two questions in the manner Hall describes." Zoepf said he would be updating the CEEPR paper, but in the meantime he recalculated the figures using a methodology suggested by Hall, and found that the median profit was $8.55 per hour, rather than $3.37, and only 8% of drivers lose money on on-demand platforms. Using another methodology, he added, the median rises to $10 per hour and only 4% of drivers lose money.

An anonymous reader quotes a report from TechCrunch: Seven years after picking up Zagat for $151 million, Google is selling off the perennial restaurant recommendation service. The New York Times is reporting this morning that the technology giant is selling off the company to The Infatuation, a review site founded nine years back by former music execs. The company had been rumored to be courting a buyer since early this year. As Reuters noted at the time, Zagat has increasingly become less of a focus for Google, as the company began growing its database of restaurant recommendations organically. Zagat, meanwhile, has lost much of the shine it had when Google purchased it nearly a decade ago. The Infatuation, which uses an in-house team of reviewers to write up restaurants in major cities like New York, San Francisco, Los Angeles and London, is picking up the service for an undisclosed amount. The site clearly believes there's value left in the Zagat brand, even as the business of online reviews has changed significantly in the seven years sinceGoogle picked it up.

An anonymous reader shares a report: What makes Uber Technologies the most valuable venture-backed technology company in the world? Investors say size and growth. The business is transforming global transportation networks. On closer inspection of its financial performance, Uber also pioneered a very expensive way of establishing a market and staying on top. Uber has had little trouble finding investors eager to buy into its vision. It relishes telling backers about gross bookings, or the amount riders pay for service. That number is enormous, totaling $37 billion last year. But most of that goes to drivers. Uber's cut, or net revenue, came to $7.4 billion. Compared to public companies with similar valuations, Uber's revenue lags well behind. At the same time, Uber has worked to downplay its persistent losses. Because the company doesn't disclose financial results with much consistency, it's easy to lose sight of how much of investors' money Uber has spent. Since its founding nine years ago, Uber has burned through about $10.7 billion, according to a person familiar with the matter. Over the past decade, only one public technology company in North America lost more in a year than Uber lost in 2017. None has burned such a tremendous amount in the first stage of its life, according to data compiled by Bloomberg.

An anonymous reader shares a report: Apple could kill off iTunes in the near future, a new report suggests. It cites an email that Apple reportedly wrote to people in the music industry recently, announcing the "end of iTunes LPs." The iTunes LP format was first introduced in 2009 and let publishers add interactive artwork, along with assorted iTunes Extras, with their content. The LP format never achieved great popularity. However, the fact that Apple plans to ditch iTunes LPs in 2018 potentially hints at the possibility that Apple may stop selling iTunes music downloads in the near future. The Apple email announcing the change was reportedly sent two weeks ago from an address at "The iTunes Store" and signed by "The Apple Music Team." But its existence has only been highlighted now through a report by the U.K. newspaper The Metro. "Apple will no longer accept new submissions of iTunes LPs after March 2018," the letter notes. "Existing LPs will be deprecated from the store during the remainder of 2018. Customers who have previously purchased an album containing an iTunes LP will still be able to download the additional content using iTunes Match." The news about the possible winding down of iTunes would come as no surprise to many users. Not only has iTunes been outdated for years in terms of its interface and functionality, but Apple clearly aims to move to a streaming model of music selling. Further reading: 'Apple Stole My Music. No, Seriously'; Apple Says It Doesn't Know Why iTunes Users Are Losing Their Music Files; iTunes Turns 13 Today -- Continues To Be 'Awful'.

An anonymous reader shares a report: Apple could kill off iTunes in the near future, a new report suggests. It cites an email that Apple reportedly wrote to people in the music industry recently, announcing the "end of iTunes LPs." The iTunes LP format was first introduced in 2009 and let publishers add interactive artwork, along with assorted iTunes Extras, with their content. The LP format never achieved great popularity. However, the fact that Apple plans to ditch iTunes LPs in 2018 potentially hints at the possibility that Apple may stop selling iTunes music downloads in the near future. The Apple email announcing the change was reportedly sent two weeks ago from an address at "The iTunes Store" and signed by "The Apple Music Team." But its existence has only been highlighted now through a report by the U.K. newspaper The Metro. "Apple will no longer accept new submissions of iTunes LPs after March 2018," the letter notes. "Existing LPs will be deprecated from the store during the remainder of 2018. Customers who have previously purchased an album containing an iTunes LP will still be able to download the additional content using iTunes Match." The news about the possible winding down of iTunes would come as no surprise to many users. Not only has iTunes been outdated for years in terms of its interface and functionality, but Apple clearly aims to move to a streaming model of music selling. Further reading: 'Apple Stole My Music. No, Seriously'; Apple Says It Doesn't Know Why iTunes Users Are Losing Their Music Files; iTunes Turns 13 Today -- Continues To Be 'Awful'.

An anonymous reader shares a report: Apple could kill off iTunes in the near future, a new report suggests. It cites an email that Apple reportedly wrote to people in the music industry recently, announcing the "end of iTunes LPs." The iTunes LP format was first introduced in 2009 and let publishers add interactive artwork, along with assorted iTunes Extras, with their content. The LP format never achieved great popularity. However, the fact that Apple plans to ditch iTunes LPs in 2018 potentially hints at the possibility that Apple may stop selling iTunes music downloads in the near future. The Apple email announcing the change was reportedly sent two weeks ago from an address at "The iTunes Store" and signed by "The Apple Music Team." But its existence has only been highlighted now through a report by the U.K. newspaper The Metro. "Apple will no longer accept new submissions of iTunes LPs after March 2018," the letter notes. "Existing LPs will be deprecated from the store during the remainder of 2018. Customers who have previously purchased an album containing an iTunes LP will still be able to download the additional content using iTunes Match." The news about the possible winding down of iTunes would come as no surprise to many users. Not only has iTunes been outdated for years in terms of its interface and functionality, but Apple clearly aims to move to a streaming model of music selling. Further reading: 'Apple Stole My Music. No, Seriously'; Apple Says It Doesn't Know Why iTunes Users Are Losing Their Music Files; iTunes Turns 13 Today -- Continues To Be 'Awful'.

An anonymous reader shares a report: Apple could kill off iTunes in the near future, a new report suggests. It cites an email that Apple reportedly wrote to people in the music industry recently, announcing the "end of iTunes LPs." The iTunes LP format was first introduced in 2009 and let publishers add interactive artwork, along with assorted iTunes Extras, with their content. The LP format never achieved great popularity. However, the fact that Apple plans to ditch iTunes LPs in 2018 potentially hints at the possibility that Apple may stop selling iTunes music downloads in the near future. The Apple email announcing the change was reportedly sent two weeks ago from an address at "The iTunes Store" and signed by "The Apple Music Team." But its existence has only been highlighted now through a report by the U.K. newspaper The Metro. "Apple will no longer accept new submissions of iTunes LPs after March 2018," the letter notes. "Existing LPs will be deprecated from the store during the remainder of 2018. Customers who have previously purchased an album containing an iTunes LP will still be able to download the additional content using iTunes Match." The news about the possible winding down of iTunes would come as no surprise to many users. Not only has iTunes been outdated for years in terms of its interface and functionality, but Apple clearly aims to move to a streaming model of music selling. Further reading: 'Apple Stole My Music. No, Seriously'; Apple Says It Doesn't Know Why iTunes Users Are Losing Their Music Files; iTunes Turns 13 Today -- Continues To Be 'Awful'.

An anonymous reader shares a report: Apple could kill off iTunes in the near future, a new report suggests. It cites an email that Apple reportedly wrote to people in the music industry recently, announcing the "end of iTunes LPs." The iTunes LP format was first introduced in 2009 and let publishers add interactive artwork, along with assorted iTunes Extras, with their content. The LP format never achieved great popularity. However, the fact that Apple plans to ditch iTunes LPs in 2018 potentially hints at the possibility that Apple may stop selling iTunes music downloads in the near future. The Apple email announcing the change was reportedly sent two weeks ago from an address at "The iTunes Store" and signed by "The Apple Music Team." But its existence has only been highlighted now through a report by the U.K. newspaper The Metro. "Apple will no longer accept new submissions of iTunes LPs after March 2018," the letter notes. "Existing LPs will be deprecated from the store during the remainder of 2018. Customers who have previously purchased an album containing an iTunes LP will still be able to download the additional content using iTunes Match." The news about the possible winding down of iTunes would come as no surprise to many users. Not only has iTunes been outdated for years in terms of its interface and functionality, but Apple clearly aims to move to a streaming model of music selling. Further reading: 'Apple Stole My Music. No, Seriously'; Apple Says It Doesn't Know Why iTunes Users Are Losing Their Music Files; iTunes Turns 13 Today -- Continues To Be 'Awful'.