Slashdot Mirror

A California judge has rejected a class action claim against Google for alleged gender inequity. In September, three female Google employees filed a lawsuit against Google, claiming the search giant "engaged in systemic and pervasive pay and promotion discrimination." They sought class action status on behalf of women who have worked at Google in California for the past four years. CNN reports: This week, a judge rejected their request to make the suit a class action. A judge ruled that the class was "overbroad," stating that it "does not purport to distinguish between female employees who may have valid claims against Google based upon its alleged conduct from those who do not." Jim Finberg, the lawyer representing the plaintiffs, said his clients plan to file an amended complaint seeking class action certification. He said it will address the court's ruling and make "clear that Google violates the California Equal Pay Act throughout California and throughout the class period by paying women less than men for substantially equal work in nearly every job classification."

Catalin Cimpanu, writing for BleepingComputer: Over the course of the last four days, Apple has released updates to address security issues for several products, such as macOS High Sierra, Safari, watchOS, tvOS, and iOS. The most relevant security update is the one to macOS, as it also permanently fixes the bug that allowed attackers to access macOS root accounts without having to type a password. Apple issued a patch for the bug the next day after it was discovered, but because the patch was delivered as an out-of-band update that did not alter the macOS version number, when users from older macOS versions updated to 10.13.1 (the vulnerable version), the bug was still present. With today's update, the patch for the bug -- now known as "IAmRoot" (CVE-2017-13872) -- has received a permanent fix. All users who upgrade to macOS High Sierra 10.13.2 are safe.

MojoKid writes: Qualcomm provided a deep-dive view today of its Snapdragon 845 mobile processor platform that it recently announced, highlighting key advancements in what the company is referring to as a completely new silicon design. The new chip now employs a Kyro 385 CPU with four high performance cores at 2.8GHz (25 percent faster than the previous gen Snapdragon 835) and four "efficiency" cores operating at 1.7GHz. The new chip also includes the new Spectra 280 image signal processor (ISP). Compared to its predecessor, the image signal processor (ISP) in the Snapdragon 845 promises a 64x uplift in the ability to capture high dynamic range (HDR) color information for 4K HDR video capture and playback. The chip's new Adreno 630 GPU promises a 30 percent boost in gaming performance compared to its predecessor, along with room-scale VR/AR experiences that support 6 degrees of freedom along with simultaneous localization and mapping, or SLAM. Finally, the new SoC platform incorporates Qualcomm's second-generation gigabit LTE modem: the Snapdragon X20. This Cat 18 modem supports peak download speeds of 1.2Gbps along with 5x carrier aggregation, 4x4 MIMO, and Dual SIM-Dual VoLTE. Qualcomm says that the first Snapdragon 845 processors will begin shipping in production devices in early 2018.

An anonymous reader quotes a report from The Verge: In a new paper published this week, DeepMind describes how a descendant of the AI program that first conquered the board game Go has taught itself to play a number of other games at a superhuman level. After eight hours of self-play, the program bested the AI that first beat the human world Go champion; and after four hours of training, it beat the current world champion chess-playing program, Stockfish. Then for a victory lap, it trained for just two hours and polished off one of the world's best shogi-playing programs named Elmo (shogi being a Japanese version of chess that's played on a bigger board). One of the key advances here is that the new AI program, named AlphaZero, wasn't specifically designed to play any of these games. In each case, it was given some basic rules (like how knights move in chess, and so on) but was programmed with no other strategies or tactics. It simply got better by playing itself over and over again at an accelerated pace -- a method of training AI known as "reinforcement learning."

An anonymous reader quotes a report from Android Police: The Chrome Web Store originally launched in 2010, and serves a hub for installing apps, extensions, and themes packaged for Chrome. Over a year ago, Google announced that it would phase out Chrome apps on Windows, Mac, and Linux in 2018. Today, the company sent out an email to developers with additional information, as well as news about future Progressive Web App support. The existing schedule is mostly still in place -- Chrome apps on the Web Store will no longer be discoverable for Mac, Windows, and Linux users. In fact, if you visit the store right now on anything but a Chromebook, the Apps page is gone. Google originally planned to remove app support on all platforms (except Chrome OS) entirely by Q1 2018, but Google has decided to transition to Progressive Web Apps:

"The Chrome team is now working to enable Progressive Web Apps (PWAs) to be installed on the desktop. Once this functionality ships (roughly targeting mid-2018), users will be able to install web apps to the desktop and launch them via icons and shortcuts; similar to the way that Chrome Apps can be installed today. In order to enable a more seamless transition from Chrome Apps to the web, Chrome will not fully remove support for Chrome Apps on Windows, Mac or Linux until after Desktop PWA installability becomes available in 2018. Timelines are still rough, but this will be a number of months later than the originally planned deprecation timeline of 'early 2018.' We also recognize that Desktop PWAs will not replace all Chrome App capabilities. We have been investigating ways to simplify the transition for developers that depend on exclusive Chrome App APIs, and will continue to focus on this -- in particular the Sockets, HID and Serial APIs."

The processor to power the next generation of Android flagship smartphones has been announced today. Qualcomm unveiled the new Snapdragon 845 processor at the 2017 Snapdragon Tech Summit, where Microsoft announced it was working with its PC partners to bring Windows 10 to Qualcomm's ARM processors. While more technical details of the chip will be announced tomorrow, we do know that the Snapdragon 845 processor is based on a 10nm processor and will feature the latest X20 LTE modem for gigabit connectivity speeds. Generally speaking, the new processor will bring improved performance, better power efficiency, and improved image processing.

Jeremy Hunt has publicly attacked Facebook for releasing a version of its Messenger app aimed at children, and called on the social media company to "stay away from my kids." From a report: The health secretary accused the company of "targeting younger children" after Facebook announced on Monday that it was conducting trials of an app called Messenger Kids in the US, which is designed to be used by pre-teens. He said the company was failing to act responsibly despite having assured the government that it would not target its service at children, who can only use the main social media website if they are over 13.

According to Oregon Live, "A state panel violated a Beaverton man's free speech rights by claiming he had unlawfully used the title 'engineer' and by fining him when he repeatedly challenged Oregon's traffic-signal timing before local media and policymakers, Oregon's attorney general has ruled." From the report: Oregon's Board of Examiners for Engineering and Land Surveying unconstitutionally applied state law governing engineering practice to Mats Jarlstrom when he exercised his free speech about traffic lights and described himself as an engineer since he was doing so "in a noncommercial'' setting and not soliciting professional business, the state Department of Justice has conceded. "We have admitted to violating Mr. Jarlstrom's rights,'' said Christina L. Beatty-Walters, senior assistant attorney general, in federal court Monday. The state's regulation of Jarlstrom under engineering practice law "was not narrowly tailored to any compelling state interests,'' she wrote in court papers. The state has pledged the board will not pursue the Beaverton man any further when he's not acting in a commercial or professional manner, and on Monday urged a federal judge to dismiss the case. The state also sent a $500 check to Jarlstrom in August, reimbursing him for the state fine.

Jarlstrom and his lawyers argued that's not good enough. They contend Jarlstrom isn't alone in getting snared by the state board's aggressive and "overbroad'' interpretation of state law. They contend others have been investigated improperly and want the court to look broader at the state law and its administrative rules and declare them unconstitutional. In the alternative, the state law should be restricted to only regulating engineering communications that are made as part of paid employment or a contractual agreement.

According to Oregon Live, "A state panel violated a Beaverton man's free speech rights by claiming he had unlawfully used the title 'engineer' and by fining him when he repeatedly challenged Oregon's traffic-signal timing before local media and policymakers, Oregon's attorney general has ruled." From the report: Oregon's Board of Examiners for Engineering and Land Surveying unconstitutionally applied state law governing engineering practice to Mats Jarlstrom when he exercised his free speech about traffic lights and described himself as an engineer since he was doing so "in a noncommercial'' setting and not soliciting professional business, the state Department of Justice has conceded. "We have admitted to violating Mr. Jarlstrom's rights,'' said Christina L. Beatty-Walters, senior assistant attorney general, in federal court Monday. The state's regulation of Jarlstrom under engineering practice law "was not narrowly tailored to any compelling state interests,'' she wrote in court papers. The state has pledged the board will not pursue the Beaverton man any further when he's not acting in a commercial or professional manner, and on Monday urged a federal judge to dismiss the case. The state also sent a $500 check to Jarlstrom in August, reimbursing him for the state fine.

Jarlstrom and his lawyers argued that's not good enough. They contend Jarlstrom isn't alone in getting snared by the state board's aggressive and "overbroad'' interpretation of state law. They contend others have been investigated improperly and want the court to look broader at the state law and its administrative rules and declare them unconstitutional. In the alternative, the state law should be restricted to only regulating engineering communications that are made as part of paid employment or a contractual agreement.

"Cloudflare CEO Matthew Prince hated cutting off service to the infamous neo-Nazi site the Daily Stormer in August," reports Ars Technica. "And he's determined not to do it again. 'I'm almost a free-speech absolutist.' Prince said at an event at the New America Foundation last Wednesday. But in a subsequent interview with Ars, Prince argued that in the case of the Daily Stormer, the company didn't have much choice." From the report: Prince's response was to cut Daily Stormer off while laying the groundwork to make sure he'd never have to make a decision like that again. In a remarkable company-wide email sent shortly after the decision, Prince described his own actions as "arbitrary" and "dangerous." "I woke up this morning in a bad mood and decided to kick them off the Internet," Prince wrote in August. "It was a decision I could make because I'm the CEO of a major Internet infrastructure company." He argued that "it's important that what we did today not set a precedent." Prior to August, Cloudflare had consistently refused to police content published by its customers. Last week, Prince made a swing through DC to help ensure that the Daily Stormer decision does not, in fact, set a precedent. He met with officials from the Federal Communications Commission and with researchers at the libertarian Cato Institute and the left-of-center New America Foundation -- all in an effort to ensure that he'd have the political cover he needed to say no next time he came under pressure to take down controversial content.

The law is strongly on Cloudflare's side here. Internet infrastructure providers like Cloudflare have broad legal immunity for content created by their customers. But legal rights may not matter if Cloudflare comes under pressure from customers to take down content. And that's why Prince is working to cultivate a social consensus that infrastructure providers like Cloudflare should not be in the censorship business -- no matter how offensive its customers' content might be.

Last year, Apple was ordered to pay a record sum of 13 billion euros ($14.5 billion) plus interest after the European Commission said Ireland illegally slashed the iPhone maker's tax bill. "But Ireland was rather slow to start collecting that cash, which led the Commission to refer the Irish government to the European Court of Justice in October due to Ireland's non-compliance with the 2016 ruling," reports Engadget. "However, the Wall Street Journal reports today that the country will finally start collecting those billions of dollars owed by Apple and it may start doing so early next year." From the report: Both Apple and Ireland have fought back against the ruling -- Ireland has said that the European Union overstepped its authority and got some of the country's laws wrong while Apple has maintained that the amount it's being told to repay was miscalculated. Both are continuing to appeal the decision and the money will sit in an escrow fund while they do so. Ireland has said that negotiating the terms of that fund is what has held up its collection of the money but the European Commission said that the action it has taken against Ireland for failing to follow the 2016 ruling will proceed until the money is collected in full.

Last year, Apple was ordered to pay a record sum of 13 billion euros ($14.5 billion) plus interest after the European Commission said Ireland illegally slashed the iPhone maker's tax bill. "But Ireland was rather slow to start collecting that cash, which led the Commission to refer the Irish government to the European Court of Justice in October due to Ireland's non-compliance with the 2016 ruling," reports Engadget. "However, the Wall Street Journal reports today that the country will finally start collecting those billions of dollars owed by Apple and it may start doing so early next year." From the report: Both Apple and Ireland have fought back against the ruling -- Ireland has said that the European Union overstepped its authority and got some of the country's laws wrong while Apple has maintained that the amount it's being told to repay was miscalculated. Both are continuing to appeal the decision and the money will sit in an escrow fund while they do so. Ireland has said that negotiating the terms of that fund is what has held up its collection of the money but the European Commission said that the action it has taken against Ireland for failing to follow the 2016 ruling will proceed until the money is collected in full.

The Washington Post ran a technology column asking what happens "when the face-mapping tech that powers the iPhone X's cutesy 'Animoji' starts being used for creepier purposes." It's not just that the iPhone X scans 30,000 points on your face to make a 3D model. Though Apple stores that data securely on the phone, instead of sending it to its servers over the Internet, "Apple just started sharing your face with lots of apps." Although their columnist praises Apple's own commitment to privacy, "I also think Apple rushed into sharing face maps with app makers that may not share its commitment, and it isn't being paranoid enough about the minefield it just entered." "I think we should be quite worried," said Jay Stanley, a senior policy analyst at the American Civil Liberties Union. "The chances we are going to see mischief around facial data is pretty high -- if not today, then soon -- if not on Apple then on Android." Apple's face tech sets some good precedents -- and some bad ones... Less noticed was how the iPhone lets other apps now tap into two eerie views from the so-called TrueDepth camera. There's a wireframe representation of your face and a live read-out of 52 unique micro-movements in your eyelids, mouth and other features. Apps can store that data on their own computers.

To see for yourself, use an iPhone X to download an app called MeasureKit. It exposes the face data Apple makes available. The app's maker, Rinat Khanov, tells me he's already planning to add a feature that lets you export a model of your face so you can 3D print a mini-me. "Holy cow, why is this data available to any developer that just agrees to a bunch of contracts?" said Fatemeh Khatibloo, an analyst at Forrester Research.
"From years of covering tech, I've learned this much," the article concludes. "Given the opportunity to be creepy, someone will take it."

Yes, U.S. Senator Chuck Schumer actually called them "Grinch bots." From the New York Post: The senator said as soon as a retailer puts a hard-to-get toy -- like Barbie's Dreamhouse or Nintendo game systems -- for sale on a website, a bot can snatch it up even before a kid's parents finish entering their credit card information... "Bots come in and buy up all the toys and then charge ludicrous prices amidst the holiday shopping bustle," the New York Democrat said on Sunday... For example, Schumer said, the popular Fingerlings -- a set of interactive baby monkey figurines that usually sell for around $15 -- are being snagged by the scalping software and resold on secondary websites for as much as $1,000 a pop...

In December 2016, Congress passed the Better Online Ticket Sales (BOTS) Act, which Schumer sponsored, to crack down on their use to buy concert tickets, but the measure doesn't apply to other consumer products. He wants that law expanded but knows that won't happen in time for this holiday season. In the meantime, Schumer wants the National Retail Federation and the Retail Industry Leaders Association to block the bots and lead the effort to stop them from buying toys at fair retail prices and then reselling them at outrageous markups.

Tomorrow's "Hour of Code" kick-off event features Melinda Gates, Facebook COO Sheryl Sandberg, YouTube CEO Susan Wojcicki, and "multiple state governors," reports theodp -- who has some concerns. With Microsoft boasting that nearly 70 million of its Minecraft Hour of Code sessions have been launched, and tech companies pushing coding and their products into classrooms, it's probably no surprise that the 2017 Hour of Code -- organized by tech-bankrolled Code.org -- seems to have presented a too-hard-to-resist branding opportunity for Google, Microsoft, Apple and Amazon.

And, in what might evoke memories of Dollars for Doctors, some teachers will even be rewarded for steering their kids to Google's Hour of Code lesson. "Thanks to our friends at Google," explains crowdfunding website DonorsChoose.org, "4th-8th grade public school teachers who engage their students in a 'Create your own Google logo' Hour of Code activity can earn a $100 DonorsChoose.org gift code -- and have the opportunity to receive one of five other grand prizes (including $5,000 in DonorsChoose.org credits for your school!)."

Tomorrow's "Hour of Code" kick-off event features Melinda Gates, Facebook COO Sheryl Sandberg, YouTube CEO Susan Wojcicki, and "multiple state governors," reports theodp -- who has some concerns. With Microsoft boasting that nearly 70 million of its Minecraft Hour of Code sessions have been launched, and tech companies pushing coding and their products into classrooms, it's probably no surprise that the 2017 Hour of Code -- organized by tech-bankrolled Code.org -- seems to have presented a too-hard-to-resist branding opportunity for Google, Microsoft, Apple and Amazon.

And, in what might evoke memories of Dollars for Doctors, some teachers will even be rewarded for steering their kids to Google's Hour of Code lesson. "Thanks to our friends at Google," explains crowdfunding website DonorsChoose.org, "4th-8th grade public school teachers who engage their students in a 'Create your own Google logo' Hour of Code activity can earn a $100 DonorsChoose.org gift code -- and have the opportunity to receive one of five other grand prizes (including $5,000 in DonorsChoose.org credits for your school!)."

Tomorrow's "Hour of Code" kick-off event features Melinda Gates, Facebook COO Sheryl Sandberg, YouTube CEO Susan Wojcicki, and "multiple state governors," reports theodp -- who has some concerns. With Microsoft boasting that nearly 70 million of its Minecraft Hour of Code sessions have been launched, and tech companies pushing coding and their products into classrooms, it's probably no surprise that the 2017 Hour of Code -- organized by tech-bankrolled Code.org -- seems to have presented a too-hard-to-resist branding opportunity for Google, Microsoft, Apple and Amazon.

And, in what might evoke memories of Dollars for Doctors, some teachers will even be rewarded for steering their kids to Google's Hour of Code lesson. "Thanks to our friends at Google," explains crowdfunding website DonorsChoose.org, "4th-8th grade public school teachers who engage their students in a 'Create your own Google logo' Hour of Code activity can earn a $100 DonorsChoose.org gift code -- and have the opportunity to receive one of five other grand prizes (including $5,000 in DonorsChoose.org credits for your school!)."

An anonymous reader quotes Liliputing.com Linux computer vendor System76 announced this week that it will roll out a firmware update to disable Intel Management Engine on laptops sold in the past few years. Purism will also disable Intel Management Engine on computers it sells moving forward. Those two computer companies are pretty small players in the multi-billion dollar PC industry. But it turns out one of the world's largest PC companies is also offering customers the option of buying a computer with Intel Management Engine disabled.

At least three Dell computers can be configured with an "Intel vPro -- ME Inoperable, Custom Order" option, although you'll have to pay a little extra for those configurations... While Intel doesn't officially provide an option to disable its Management Engine, independent security researchers have discovered methods for doing that and we're starting to see PC makers make use of those methods.
The option appears to be available on most of Dell's Latitude laptops (from the 12- to 15-inch screens), including the 7480, 5480, and 5580 and the Latitude 14 5000 Series (as well as several "Rugged" and "Rugged Extreme" models).

Dell is charging anywhere from $20.92 to $40 to disable Intel's Management Engine.

An anonymous reader quotes Liliputing.com Linux computer vendor System76 announced this week that it will roll out a firmware update to disable Intel Management Engine on laptops sold in the past few years. Purism will also disable Intel Management Engine on computers it sells moving forward. Those two computer companies are pretty small players in the multi-billion dollar PC industry. But it turns out one of the world's largest PC companies is also offering customers the option of buying a computer with Intel Management Engine disabled.

At least three Dell computers can be configured with an "Intel vPro -- ME Inoperable, Custom Order" option, although you'll have to pay a little extra for those configurations... While Intel doesn't officially provide an option to disable its Management Engine, independent security researchers have discovered methods for doing that and we're starting to see PC makers make use of those methods.
The option appears to be available on most of Dell's Latitude laptops (from the 12- to 15-inch screens), including the 7480, 5480, and 5580 and the Latitude 14 5000 Series (as well as several "Rugged" and "Rugged Extreme" models).

Dell is charging anywhere from $20.92 to $40 to disable Intel's Management Engine.

An anonymous reader quotes Liliputing.com Linux computer vendor System76 announced this week that it will roll out a firmware update to disable Intel Management Engine on laptops sold in the past few years. Purism will also disable Intel Management Engine on computers it sells moving forward. Those two computer companies are pretty small players in the multi-billion dollar PC industry. But it turns out one of the world's largest PC companies is also offering customers the option of buying a computer with Intel Management Engine disabled.

At least three Dell computers can be configured with an "Intel vPro -- ME Inoperable, Custom Order" option, although you'll have to pay a little extra for those configurations... While Intel doesn't officially provide an option to disable its Management Engine, independent security researchers have discovered methods for doing that and we're starting to see PC makers make use of those methods.
The option appears to be available on most of Dell's Latitude laptops (from the 12- to 15-inch screens), including the 7480, 5480, and 5580 and the Latitude 14 5000 Series (as well as several "Rugged" and "Rugged Extreme" models).

Dell is charging anywhere from $20.92 to $40 to disable Intel's Management Engine.

thegarbz writes: Startcom, a certificate authority which as we covered previously has been distrusted by Mozilla, by Google, and recently also by Microsoft, has announced that it will cease trading as a Certificate Authority. While their website currently shows no indication that their certificates have any problems, a news posting has announced their intentions to stop providing certificates as of January 2018, and to revoke all remaining certificates in 2020.
The original submission also says StartCom sent an email to all their former customers -- including customers of their free StartSSL certificates -- announcing their intentions. As you are surely aware, the browser makers distrusted StartCom around a year ago and therefore all the end entity certificates newly issued by StartCom are not trusted by default in browsers.

The browsers imposed some conditions in order for the certificates to be re-accepted. While StartCom believes that these conditions have been met, it appears there are still certain difficulties forthcoming. Considering this situation, the owners of StartCom have decided to terminate the company as a Certification Authority as mentioned in Startcoms website.

StartCom will stop issuing new certificates starting from January 1st, 2018 and will provide only CRL and OCSP services for two more years. StartCom would like to thank you for your support during this difficult time.

thegarbz writes: Startcom, a certificate authority which as we covered previously has been distrusted by Mozilla, by Google, and recently also by Microsoft, has announced that it will cease trading as a Certificate Authority. While their website currently shows no indication that their certificates have any problems, a news posting has announced their intentions to stop providing certificates as of January 2018, and to revoke all remaining certificates in 2020.
The original submission also says StartCom sent an email to all their former customers -- including customers of their free StartSSL certificates -- announcing their intentions. As you are surely aware, the browser makers distrusted StartCom around a year ago and therefore all the end entity certificates newly issued by StartCom are not trusted by default in browsers.

The browsers imposed some conditions in order for the certificates to be re-accepted. While StartCom believes that these conditions have been met, it appears there are still certain difficulties forthcoming. Considering this situation, the owners of StartCom have decided to terminate the company as a Certification Authority as mentioned in Startcoms website.

StartCom will stop issuing new certificates starting from January 1st, 2018 and will provide only CRL and OCSP services for two more years. StartCom would like to thank you for your support during this difficult time.

thegarbz writes: Startcom, a certificate authority which as we covered previously has been distrusted by Mozilla, by Google, and recently also by Microsoft, has announced that it will cease trading as a Certificate Authority. While their website currently shows no indication that their certificates have any problems, a news posting has announced their intentions to stop providing certificates as of January 2018, and to revoke all remaining certificates in 2020.
The original submission also says StartCom sent an email to all their former customers -- including customers of their free StartSSL certificates -- announcing their intentions. As you are surely aware, the browser makers distrusted StartCom around a year ago and therefore all the end entity certificates newly issued by StartCom are not trusted by default in browsers.

The browsers imposed some conditions in order for the certificates to be re-accepted. While StartCom believes that these conditions have been met, it appears there are still certain difficulties forthcoming. Considering this situation, the owners of StartCom have decided to terminate the company as a Certification Authority as mentioned in Startcoms website.

StartCom will stop issuing new certificates starting from January 1st, 2018 and will provide only CRL and OCSP services for two more years. StartCom would like to thank you for your support during this difficult time.

thegarbz writes: Startcom, a certificate authority which as we covered previously has been distrusted by Mozilla, by Google, and recently also by Microsoft, has announced that it will cease trading as a Certificate Authority. While their website currently shows no indication that their certificates have any problems, a news posting has announced their intentions to stop providing certificates as of January 2018, and to revoke all remaining certificates in 2020.
The original submission also says StartCom sent an email to all their former customers -- including customers of their free StartSSL certificates -- announcing their intentions. As you are surely aware, the browser makers distrusted StartCom around a year ago and therefore all the end entity certificates newly issued by StartCom are not trusted by default in browsers.

The browsers imposed some conditions in order for the certificates to be re-accepted. While StartCom believes that these conditions have been met, it appears there are still certain difficulties forthcoming. Considering this situation, the owners of StartCom have decided to terminate the company as a Certification Authority as mentioned in Startcoms website.

StartCom will stop issuing new certificates starting from January 1st, 2018 and will provide only CRL and OCSP services for two more years. StartCom would like to thank you for your support during this difficult time.

An anonymous reader quotes Bleeping Computer: PHP got a whole lot more secure this week with the release of the 7.2 branch, a version that improves and modernizes the language's support for cryptography and password hashing algorithms.

Of all changes, the most significant is, by far, the support for Argon2, a password hashing algorithm developed in the early 2010s. Back in 2015, Argon2 beat 23 other algorithms to win the Password Hashing Competition, and is now in the midst of becoming a universally recognized Internet standard at the Internet Engineering Task Force (IETF), the reward for winning the contest. The algorithm is currently considered to be superior to Bcrypt, today's most widely used password hashing function, in terms of both security and cost-effectiveness, and is also slated to become a favorite among cryptocurrencies, as it can also handle proof-of-work operations.

The other major change in PHP 7.2 was the removal of the old Mcrypt cryptographic library from the PHP core and the addition of Libsodium, a more modern alternative.

Bitcoin "is drawing harsh criticism from Wall Street investment firms," writes Slashdot reader rmdingler -- and even from some prominent economists. CNN reports: The harshest assessment came from Nobel laureate Joseph Stiglitz, who said that bitcoin "ought to be outlawed. Bitcoin is successful only because of its potential for circumvention," he told Bloomberg TV. "It doesn't serve any socially useful function." Robert Shiller, who won a Nobel for his work on bubbles, said the currency appeals to some investors because it has an "anti-government, anti-regulation feel. It's such a wonderful story," he said at a conference in Lithuania, according to Bloomberg. "If it were only true."

Wall Street titans were getting in on the action, too. Goldman Sachs CEO Lloyd Blankfein told Bloomberg that the currency serves as "a vehicle for perpetrating fraud." Billionaire investor Carl Icahn said on CNBC that it "seems like a bubble." The digital currency previously attracted the derision of JPMorgan boss Jamie Dimon, who called it a "fraud" that would "eventually blow up." Warren Buffett has warned of a "real bubble."
Wednesday the price of bitcoin shot past $11,000 -- just ten days after rising past $8,000.

Bitcoin "is drawing harsh criticism from Wall Street investment firms," writes Slashdot reader rmdingler -- and even from some prominent economists. CNN reports: The harshest assessment came from Nobel laureate Joseph Stiglitz, who said that bitcoin "ought to be outlawed. Bitcoin is successful only because of its potential for circumvention," he told Bloomberg TV. "It doesn't serve any socially useful function." Robert Shiller, who won a Nobel for his work on bubbles, said the currency appeals to some investors because it has an "anti-government, anti-regulation feel. It's such a wonderful story," he said at a conference in Lithuania, according to Bloomberg. "If it were only true."

Wall Street titans were getting in on the action, too. Goldman Sachs CEO Lloyd Blankfein told Bloomberg that the currency serves as "a vehicle for perpetrating fraud." Billionaire investor Carl Icahn said on CNBC that it "seems like a bubble." The digital currency previously attracted the derision of JPMorgan boss Jamie Dimon, who called it a "fraud" that would "eventually blow up." Warren Buffett has warned of a "real bubble."
Wednesday the price of bitcoin shot past $11,000 -- just ten days after rising past $8,000.

InfoWorld published an interesting essay from Matt Asay, former COO at Canonical (and an emeritus board member of the Open Source Initiative), about innovation from the big public cloud vendors, which "even when open-sourced, doesn't really help the community at large... All this innovation is available to buy; none of it is available to build. Not for mere mortals, anyway." Google in particular has figured out how to both open-source code in a useful way and make it pay. As Server Density CEO David Mytton has underlined, Google hopes to "standardize machine learning on a single framework and API," namely TensorFlow, then supplement it "with a service that can [manage] it all for you more efficiently and with less operational overhead," namely Google Cloud. By open-sourcing TensorFlow and backing it with machine-learning-heavy Google Cloud, Google has open-sourced a great on-ramp to future revenue.

My question: why not do this with the rest of its code? The simple answer is "Because it's a lot of work." That is, Google could open-source everything tomorrow without any damage to its revenue, but the code itself would provide other providers and enterprises only limited ability to increase their revenue unless Google did all the necessary prep work to make it useful to mere mortals not running superhuman Google infrastructure. This is the trick that AWS, Microsoft, and Google are all racing to figure out today. Not open source, per se, because that's the easy table stakes. No, the AWS/Microsoft Azure/Google Cloud trio are figuring out how to turn their innovations into open source on-ramps to their proprietary services. Companies used to lock up their code to sell it. Today, it's the opposite: They need to open it up to make their ability to operate the code at scale more valuable. For them.

Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3872. Bruce Perens writes: Red Hat, IBM, Google, and Facebook announced that they would give infringers of their GPL software up to a 30-day hold-off period during which an accused infringer could cure a GPL violation after one was brought to their attention by the copyright holder, and a 60 day "statute of limitations" on an already-cured infringement when the copyright holder has never notified the infringer of the violation. In both cases, there would be no penalty: no damages, no fees, probably no lawsuit; for the infringer who promptly cures their infringement.
Perens sees the move as "obviously inspired" by the kernel team's earlier announcement, and believes it's directed against one man who made 50 copyright infringement claims involving the Linux kernel "with intent to collect income rather than simply obtain compliance with the GPL license."

Unfortunately, "as far as I can tell, it's Patrick McHardy's legal right to bring such claims regarding the copyrights which he owns, even if it doesn't fit Community Principles which nobody is actually compelled to follow."

An anonymous reader quotes Ars Technica's report on Russia's failed attempt to launch 19 satellites into orbit on Tuesday: Instead of boosting its payload, the Soyuz 2.1b rocket's Fregat upper stage fired in the wrong direction, sending the satellites on a suborbital trajectory instead, burning them up in Earth's atmosphere... According to normally reliable Russian Space Web, a programming error caused the Fregat upper stage, which is the spacecraft on top of the rocket that deploys satellites, to be unable to orient itself. Specifically, the site reports, the Fregat's flight control system did not have the correct settings for a mission launching from the country's new Vostochny cosmodrome. It evidently was still programmed for Baikonur, or one of Russia's other spaceports capable of launching the workhorse Soyuz vehicle. Essentially, then, after the Fregat vehicle separated from the Soyuz rocket, it was unable to find its correct orientation. Therefore, when the Fregat first fired its engines to boost the satellites into orbit, it was still trying to correct this orientation -- and was in fact aimed downward toward Earth. Though the Fregat space tug has been in operation since the 1990s, this is its fourth failure -- all of which have happened within the last 8 years.

"In each of the cases, the satellite did not reach its desired orbit," reports Ars Technica, adding "As the country's heritage rockets and upper stages continue to age, the concern is that the failure rate will increase."

Last year, the six-second video social media app called Vine was shut down by Twitter. The Verge reports that Vine's co-founder, Dom Hofmann, says he's working on "a follow-up to Vine," where he will be funding the project himself outside of his current company, Interspace. "I'm going to work on a follow-up to vine. i've been feeling it myself for some time and have seen a lot of tweets, dms, etc.," Hofmann tweeted.

Unfortunately, he didn't elaborate on his plans. It's possible the follow-up site could be another short-term video app similar to the original Vine, or some other project that will look to build on the foundation Vine started. Would you be interested in a new Vine-like social media app, or did Vine never really appeal to you to begin with?

New submitter unarmed8 shares a report from CyberScoop: Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports that Uber paid $100,000 to cover up a 2016 data breach that affected 57 million users. The scope of what kind of data breach falls under this is limited. For instance, if only a last name, address or phone number is breached, the law would not apply. If an organization "reasonably concludes that there is no reasonable risk of identity theft, fraud, or other unlawful conduct," the incident is considered exempt from the legislation.

"We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers," Sen. Bill Nelson, D-Fla., said in a statement. "Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what's best for consumers, the choice is clear."

System76 is rolling out a firmware update for its recent laptops that will disable the Intel Management Engine altogether. The decision comes after a major security vulnerability was discovered that would allow an attacker with local access to execute arbitrary code. Liliputing reports: What's noteworthy in the System76 announcement is that the PC maker isn't just planning to disable Intel ME in computers that ship from now on. The company will send out an update that disables it on existing computers with 6th, 7th, or 8th-gen Intel Core processors. System76 also notes that Intel ME "provides no functionality for System76 laptop customers and is safe to disable." Right now the firmware update will only be available for computers running Ubuntu 16.04 or later or a related operating system with the System76 driver. But the company says it's working on developing a command line tool that should work on laptops running other GNU/Linux-based operating systems. System76 says it will also release an update for its desktop computers... but on those machines the update will patch the security vulnerability rather than disabling Intel ME altogether.

Alexis C. Madrigal, writing for The Atlantic: If the recent numbers are any indication, there is a bloodbath in digital media this year. Publishers big and small are coming up short on advertising revenue, even if they are long on traffic. [...] In a print newspaper or a broadcast television station, the content and the distribution of that content are integrated. The big tech platforms split this marriage, doing the distribution for most digital content through Google searches and the Facebook News Feed. And they've taken most of the money: They've "captured the value" of the content at the distribution level. Media companies have no real alternative, nor do they have competitive advertising products to the targeting and scale that Facebook and Google can offer. Facebook and Google need content, but it's all fungible. The recap of a huge investigative blockbuster is just as valuable to Google News as an investigative blockbuster itself. The former might have taken months and costs tens of thousands of dollars, the latter a few hours and the cost of a young journalist's time. That's led many people to the conclusion that supporting rigorous journalism requires some sort of direct financial relationship between publications and readers. Right now, the preferred method is the paywall. The New York Times has one. The Washington Post has one. The Financial Times has one. The Wall Street Journal has one. The New Yorker has one. Wired just announced they'd be building one. (Editor's note: CNN is building a paywall, too.) Many of these efforts have been successful. Publications have figured out how to create the right kinds of porosity for their sites, allowing enough people in to drive scale, but extracting more revenue per reader than advertising could provide.

John Gruber, reporting for DaringFireball: It's natural to speculate how a bug as egregious as the now-fixed High Sierra root login bug could escape notice for so long. It seems to have been there ever since High Sierra 10.3.0 shipped on September 25, and may have existed in the betas through the summer. One explanation is that logging in with the username "root" and a blank password is so bizarre that it's the sort of thing no one would think to try. More insidious though, is the notion that it might not have escaped notice prior to its widespread publicization yesterday -- but that the people who had heretofore discovered it kept it to themselves. This exploit was in fact posted to Apple's own support forums on November 13. It's a bizarre thread. The thread started back on June 8 when a user ran into a problem after installing the WWDC developer beta of High Sierra.

John Gruber, reporting for DaringFireball: It's natural to speculate how a bug as egregious as the now-fixed High Sierra root login bug could escape notice for so long. It seems to have been there ever since High Sierra 10.3.0 shipped on September 25, and may have existed in the betas through the summer. One explanation is that logging in with the username "root" and a blank password is so bizarre that it's the sort of thing no one would think to try. More insidious though, is the notion that it might not have escaped notice prior to its widespread publicization yesterday -- but that the people who had heretofore discovered it kept it to themselves. This exploit was in fact posted to Apple's own support forums on November 13. It's a bizarre thread. The thread started back on June 8 when a user ran into a problem after installing the WWDC developer beta of High Sierra.

Kieren McCarthy, writing for The Register: Network admins, code wranglers and other techies have hit an unusual problem this week: their test and development environments have vanished. Rather than connecting to private stuff on an internal .dev domain to pick up where they left off, a number of engineers and sysadmins are facing an error message in their web browser complaining it is "unable to provide a secure connection." How come? It's thanks to a recent commit to Chromium that has been included in the latest version of Google Chrome. As developers update their browsers, they may find themselves booted out their own systems. Under the commit, Chrome forces connections to all domains ending in .dev (as well as .foo) to use HTTPS via a HTTP Strict Transport Security (HSTS) header. This is part of Google's larger and welcome push for HTTPS to be used everywhere for greater security.

An anonymous reader shares a report: Microsoft announced in October previews of new Edge browser apps for iOS and Android. On November 30, Microsoft officials are announcing that these apps are no longer in preview and are generally available for users in select markets. By making Edge apps available on non-Windows operating systems, Microsoft is hoping to do more than give Windows 10 users who use Edge a more convenient way to sync their bookmarks, tabs, etc., across devices. Microsoft also is doing this to improve its "Continue on PC" feature that it's been touting for Windows 10. With "Continue on PC," users will be able to share a web site, app, photo, and other information from their phones to their Windows 10 PCs in a faster and more seamless way. Microsoft is looking to Continue on PC to help keep Windows PCs relevant in a world where more and more computing is done on mobile devices.

Nearly a year after the case was initially filed, Coinbase has been ordered to turn over identifying records for all users who have bought, sold, sent, or received more than $20,000 through their accounts in a single year. The digital asset broker estimates that 14,355 users meet the government's requirements. The Verge reports: For each account, the company has been asked to provide the IRS with the user's name, birth date, address, and taxpayer ID, along with records of all account activity and any associated account statements. The result is both a definitive link to the user's identity and a comprehensive record of everything they've done with their Coinbase account, including other accounts to which they've sent money. The order is significantly narrower than the IRS's initial request, which asked for records on every single Coinbase user over the same period. That request would also have required all communications between Coinbase and the user, a measure the judge ultimately found unnecessarily comprehensive. The government made no claim of suspicion against individual users, but instead argued that the order was justified based on the discrepancy between Coinbase users and U.S. citizens reporting Bitcoin gains to the IRS.

Republican FCC Chairman Ajit Pai is doubling down on his critique of tech companies, asking whether social media is "a net benefit to American society" in remarks at the Media Institute on Wednesday. "Now, I will tell you upfront that I don't have an answer." From a report: What he said: Pai made the case that social media has been key to the politicization of many aspects of American life. "Everything nowadays is political. Everything. ... This view that politics-is-all is often made worse by social media," he said, per his prepared remarks.

Apple said on Wednesday it would review its software development process after scrambling to patch a serious bug it learned of on Tuesday in its macOS operating system for desktop and laptop computers. From a report: "We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused," Apple said in a statement. "Our customers deserve better. We are auditing our development processes to help prevent this from happening again."

Swapna Krishna reports via Engadget: Back in January, the HDMI Forum unveiled its new specifications for the HDMI connector, called HDMI 2.1. Now, that HDMI specification is available to all HDMI 2.0 adopters. It's backwards compatible with all previous HDMI specifications. The focus of HDMI 2.1 is on higher video bandwidth; it supports 48 GB per second with a new backwards-compatible ultra high speed HDMI cable. It also supports faster refresh rates for high video resolution -- 60 Hz for 8K and 120 Hz for 4K. The standard also supports Dynamic HDR and resolutions up to 10K for commercial and specialty use. This new version of the HDMI specification also introduces an enhanced refresh rate that gamers will appreciate. VRR, or Variable Refresh Rate, reduces, or in some cases eliminates, lag for smoother gameplay, while Quick Frame Transport (QFT) reduces latency. Quick Media Switching, or QMS, reduces the amount of blank-screen wait time while switching media. HDMI 2.1 also includes Auto Low Latency Mode (ALLM), which automatically sets the ideal latency for the smoothest viewing experience.

An anonymous reader quotes a report from Slate: Anyone who has ever paid a bill to or waited for customer service from Comcast knows why it is one of America's most detested companies, its recent efforts to improve its image notwithstanding. While Comcast says its customers will "enjoy strong net neutrality protections," it hasn't explicitly said it won't offer paid prioritization, which is how the company would most likely monetize its new ability to legally muck with internet traffic. In other words, Comcast might not choke or slow service to any website, but it could speed access to destinations that pay for the priority service. The company's promises should sound familiar. As Jon Brodkin pointed out in Ars Technica on Monday, back when the FCC was crafting the network neutrality rules in 2014, Comcast said it had no plans to enact paid prioritization, either. "We don't prioritize Internet traffic or have paid fast lanes, and have no plans to do so," a Comcast executive wrote in a blog post that year.

But Comcast's line has changed in an important way. In a comment to the FCC from earlier this year, the company said it is time for the FCC to adopt a "more flexible" approach to paid prioritization, and noted in a blog post at the time that the FCC should consider net neutrality principles that prevent "no anticompetitive paid prioritization." In other words, not necessarily all paid prioritization. The inclusion of "anti-competitive" could signal that the company does in fact hope to offer fast-lane service, but at the same price for all. And it might be a price that say, Fox News and the New York Times can afford, but one that smaller outlets can't. That Comcast's language is changing is one reason to distrust its promises regarding net neutrality, but its track record is an even bigger one. The company has been caught red-handed lying about its traffic discrimination in the past. In 2007, for example, when Comcast was found intermittently blocking users' ability to use BitTorrent, the company made numerous false claims about its network interference before finally admitting its bad behavior and halting the disruptions.

It hasn't been long since Lenovo settled a massive $3.5 million fine for preinstalling adware on laptops without users' consent, and it appears HP is on to the same route already. According to numerous reports gathered by news outlet Computer World, the brand is deploying a telemetry client on customer computers without asking permission. The software, called "HP Touchpoint Analytics Service", appears to replace the self-managed HP Touchpoint Manager solution. To make matter worse, the suite seems to be slowing down PCs, users say. From the report: Dubbed "HP Touchpoint Analytics Service," HP says it "harvests telemetry information that is used by HP Touchpoint's analytical services." Apparently, it's HP Touchpoint Analytics Client version 4.0.2.1435. There are dozens of reports of this new, ahem, service scattered all over the internet. According to Gunter Born, reports of the infection go all the way back to Nov. 15, when poster MML on BleepingComputer said: "After the latest batch of Windows updates, about a half hour after installing the last, I noticed that this had been installed on my computer because it showed up in the notes of my Kaspersky, and that it opened the Windows Dump File verifier and ran a disk check and battery test." According to Gartner, HP was the largest PC vendor in the quarter that ended in September this year.

An anonymous reader writes: Not only does Elon Musk deny being the mysterious creator of bitcoin Satoshi Nakamoto, but he's also forgotten where he keeps his cryptocurrency. Musk's assertions came in response to a blog post coursing through digital-currency sites that suggested the PayPal co-founder and Tesla chief executive officer himself is probably the bitcoin originator who used the alias Nakamoto. "Not true," Musk said Tuesday in a tweet. "A friend sent me part of a BTC a few years, but I don't know where it is."

The Google Pixel 2 and Pixel 2 XL both feature a custom Intel "Visual Core" co-processor, which is meant to improve speed and battery life when shooting photos with Google's HDR+ technology. The chip has been hanging out in the phone not really doing much of anything -- until now. TechCrunch reports of a new developer preview of Android 8.1 due out today that puts the chip to use. "The component is expected to further improve the handsets' cameras, which were already scoring good marks, production issues aside." From the report: According to the company, Pixel Visual Core has eight image processing unit (IPU) cores and 512 arithmetic logic units. Using machine learning, the company says it's able to speed things up by 5x, with one tenth of the energy. Access to the chip, combined with the Android Camera API means third-party photo apps will be able to take advantage of the system's speedy HDR+. Sounds swell, right? Of course, this is still just an early preview, only available to people who sign up for Google's Beta program. That means, among other things, dealing with potential bugs of an early build. Google wouldn't give us any more specific information with regards to when the feature will be unlocked for the public, but it's expected to arrive along with the 8.1 public beta in December.

The White House is considering banning its employees from using personal mobile phones while at work. While President Trump has been vocal about press leaks since taking office, one official said the potential change is driven by cybersecurity concerns. Bloomberg reports: One official said that there are too many devices connected to the campus wireless network and that personal phones aren't as secure as those issued by the federal government. White House Chief of Staff John Kelly -- whose personal phone was found to be compromised by hackers earlier this year -- is leading the push for a ban, another official said. The White House already takes precautions with personal wireless devices, including by requiring officials to leave phones in cubbies outside of meeting rooms where sensitive or classified information is discussed. Top officials haven't yet decided whether or when to impose the ban, and if it would apply to all staff in the executive office of the president. While some lower-level officials support a ban, others worry it could result in a series of disruptive unintended consequences.

An anonymous reader shares a report: Google does not change its search algorithm to re-rank individual websites, it said in a letter to Russia's communications watchdog, after Moscow expressed concerns the search engine might discriminate against Russian media. The Roskomnadzor watchdog said earlier this month it would seek clarification from Google over whether it intentionally placed articles from Russian news websites Sputnik and Russia Today lower in search results. Responding to a question about Sputnik articles at a conference earlier in November, Alphabet Executive Chairman Eric Schmidt said Google was working to give less prominence to "those kinds of websites" as opposed to delisting them.

An anonymous reader shares a report: Google does not change its search algorithm to re-rank individual websites, it said in a letter to Russia's communications watchdog, after Moscow expressed concerns the search engine might discriminate against Russian media. The Roskomnadzor watchdog said earlier this month it would seek clarification from Google over whether it intentionally placed articles from Russian news websites Sputnik and Russia Today lower in search results. Responding to a question about Sputnik articles at a conference earlier in November, Alphabet Executive Chairman Eric Schmidt said Google was working to give less prominence to "those kinds of websites" as opposed to delisting them.

Open source guru Eric S. Raymond followed up his post on alternatives to C by explaining why he won't touch C++ any more, calling the story "a launch point for a disquisition on the economics of computer-language design, why some truly unfortunate choices got made and baked into our infrastructure, and how we're probably going to fix them." My problem with [C++] is that it piles complexity on complexity upon chrome upon gingerbread in an attempt to address problems that cannot actually be solved because the foundational abstractions are leaky. It's all very well to say "well, don't do that" about things like bare pointers, and for small-scale single-developer projects (like my eqn upgrade) it is realistic to expect the discipline can be enforced. Not so on projects with larger scale or multiple devs at varying skill levels (the case I normally deal with)... C is flawed, but it does have one immensely valuable property that C++ didn't keep -- if you can mentally model the hardware it's running on, you can easily see all the way down. If C++ had actually eliminated C's flaws (that is, been type-safe and memory-safe) giving away that transparency might be a trade worth making. As it is, nope.
He calls Java a better attempt at fixing C's leaky abstractions, but believes it "left a huge hole in the options for systems programming that wouldn't be properly addressed for another 15 years, until Rust and Go." He delves into a history of programming languages, touching on Lisp, Python, and programmer-centric languages (versus machine-centric languages), identifying one of the biggest differentiators as "the presence or absence of automatic memory management." Falling machine-resource costs led to the rise of scripting languages and Node.js, but Raymond still sees Rust and Go as a response to the increasing scale of projects.
Eventually we will have garbage collection techniques with low enough latency overhead to be usable in kernels and low-level firmware, and those will ship in language implementations. Those are the languages that will truly end C's long reign. There are broad hints in the working papers from the Go development group that they're headed in this direction... Sorry, Rustaceans -- you've got a plausible future in kernels and deep firmware, but too many strikes against you to beat Go over most of C's range. No garbage collection, plus Rust is a harder transition from C because of the borrow checker, plus the standardized part of the API is still seriously incomplete (where's my select(2), again?).

The only consolation you get, if it is one, is that the C++ fans are screwed worse than you are. At least Rust has a real prospect of dramatically lowering downstream defect rates relative to C anywhere it's not crowded out by Go; C++ doesn't have that.