Slashdot Mirror

Last week a controversial internal memo written by a concerned Google employee was going viral within the company. The memo, titled "PC Considered Harmful" and since dubbed "the Google manifesto" on social media, argued two points: First, that Google has become an ideological echo chamber where anyone with centrist or right-of-center views fears to speak their mind. Second, that part of the tech industry's gender gap can be attributed to biological differences between men and women. The person who wrote the memo has since been fired, but the internal tussle has revealed one more thing. The Inc reports: The contentious internal discussion revived a concern dating back to 2015: An unknown number of Google managers maintain blacklists of fellow employees, evidently refusing to work with those people. The blacklists are based on personal experiences of others' behavior, including views expressed on politics, social justice issues, and Google's diversity efforts. Inc. reviewed screenshots documenting several managers attesting to this practice, both in the past and currently, explicitly using the term "blacklist." The screenshots were shared by a Google employee who requested anonymity due to having signed an NDA. In additional screenshots, one Google employee declared his intent to quit if Damore were not fired, and another said that he would refuse to work with Damore in any capacity. A Google spokesperson told Inc. that the practice of keeping blacklists is not condoned by upper management, and that Google employees who discriminate against members of protected classes will be terminated. It's not clear whether that principle applies in Damore's case. Although political affiliation is a protected class according to California labor law, the views expressed in the manifesto and echoed by others who oppose political correctness do not seem to merit legal protection.

Last week a controversial internal memo written by a concerned Google employee was going viral within the company. The memo, titled "PC Considered Harmful" and since dubbed "the Google manifesto" on social media, argued two points: First, that Google has become an ideological echo chamber where anyone with centrist or right-of-center views fears to speak their mind. Second, that part of the tech industry's gender gap can be attributed to biological differences between men and women. The person who wrote the memo has since been fired, but the internal tussle has revealed one more thing. The Inc reports: The contentious internal discussion revived a concern dating back to 2015: An unknown number of Google managers maintain blacklists of fellow employees, evidently refusing to work with those people. The blacklists are based on personal experiences of others' behavior, including views expressed on politics, social justice issues, and Google's diversity efforts. Inc. reviewed screenshots documenting several managers attesting to this practice, both in the past and currently, explicitly using the term "blacklist." The screenshots were shared by a Google employee who requested anonymity due to having signed an NDA. In additional screenshots, one Google employee declared his intent to quit if Damore were not fired, and another said that he would refuse to work with Damore in any capacity. A Google spokesperson told Inc. that the practice of keeping blacklists is not condoned by upper management, and that Google employees who discriminate against members of protected classes will be terminated. It's not clear whether that principle applies in Damore's case. Although political affiliation is a protected class according to California labor law, the views expressed in the manifesto and echoed by others who oppose political correctness do not seem to merit legal protection.

An anonymous reader quotes a report from Bloomberg: Alphabet Inc.'s Google has fired an employee who wrote an internal memo blasting the web company's diversity policies, creating a firestorm across Silicon Valley. James Damore, the Google engineer who wrote the note, confirmed his dismissal in an email, saying that he had been fired for "perpetuating gender stereotypes." Earlier on Monday, Google CEO Sundar Pichai sent a note to employees that said portions of the memo "violate our Code of Conduct and cross the line by advancing harmful gender stereotypes in our workplace." But he didn't say if the company was taking action against the employee. A Google representative, asked about the dismissal, referred to Pichai's memo. Damore's 10-page memorandum accused Google of silencing conservative political opinions and argued that biological differences play a role in the shortage of women in tech and leadership positions. It circulated widely inside the company and became public over the weekend, causing a furor that amplified the pressure on Google executives to take a more definitive stand. After the controversy swelled, Danielle Brown, Google's new vice president for diversity, integrity and governance, sent a statement to staff condemning Damore's views and reaffirmed the company's stance on diversity. In internal discussion boards, multiple employees said they supported firing the author, and some said they would not choose to work with him, according to postings viewed by Bloomberg News.

An anonymous reader shares a report from NPR: In a 3,300-word document that has been shared across Google's internal networks, an engineer at the company wrote that "biological causes" are part of the reason women aren't represented equally in its tech departments and leadership. The document also cited "men's higher drive for status." The engineer's criticism of Google's attempts to improve gender and racial diversity has prompted two Google executives to rebut the lengthy post, which accused the company of creating an "ideological echo chamber" and practicing discrimination. Wide sharing of the document has highlighted struggles with gender equality and the wage gap in the tech industry and particularly at Google, which was sued by the federal government earlier this year for refusing to share compensation amounts and other data.

But in contrast, the document's author -- whose identity hasn't been publicly released but who claims to work at the company's Mountain View, Calif., headquarters -- accused Google of having "a politically correct monoculture that maintains its hold by shaming dissenters into silence." Not enough has been done, the engineer said, to encourage a diversity of viewpoints and ideologies at Google. The author also faulted the company for offering mentoring and other opportunities to its employees based on gender or race. The engineer began the document by stating, "I value diversity and inclusion, am not denying that sexism exists, and don't endorse using stereotypes." The message ended with a similar sentiment -- but with the added notion, "Stereotypes are much more accurate and responsive to new information than the [company's] training suggests." In addition to the responses made from Google's VP of Diversity, Integrity and Governance, Danielle Brown, former engineer Yonatan Zunger, and Google VP of Engineering Ari Balogh, senior developer Sarah Mei wrote: "This guy almost certainly thinks of himself as a 'computer scientist,' but he does exactly what you're not supposed to do as a scientist. He draws a conclusion favorable to his ego, and then works backwards from there, constructing an argument to justify it. [...] This google dude literally works at the company that made it _trivially easy_ to locate relevant social science research."

An anonymous reader shares a report from NPR: In a 3,300-word document that has been shared across Google's internal networks, an engineer at the company wrote that "biological causes" are part of the reason women aren't represented equally in its tech departments and leadership. The document also cited "men's higher drive for status." The engineer's criticism of Google's attempts to improve gender and racial diversity has prompted two Google executives to rebut the lengthy post, which accused the company of creating an "ideological echo chamber" and practicing discrimination. Wide sharing of the document has highlighted struggles with gender equality and the wage gap in the tech industry and particularly at Google, which was sued by the federal government earlier this year for refusing to share compensation amounts and other data.

But in contrast, the document's author -- whose identity hasn't been publicly released but who claims to work at the company's Mountain View, Calif., headquarters -- accused Google of having "a politically correct monoculture that maintains its hold by shaming dissenters into silence." Not enough has been done, the engineer said, to encourage a diversity of viewpoints and ideologies at Google. The author also faulted the company for offering mentoring and other opportunities to its employees based on gender or race. The engineer began the document by stating, "I value diversity and inclusion, am not denying that sexism exists, and don't endorse using stereotypes." The message ended with a similar sentiment -- but with the added notion, "Stereotypes are much more accurate and responsive to new information than the [company's] training suggests." In addition to the responses made from Google's VP of Diversity, Integrity and Governance, Danielle Brown, former engineer Yonatan Zunger, and Google VP of Engineering Ari Balogh, senior developer Sarah Mei wrote: "This guy almost certainly thinks of himself as a 'computer scientist,' but he does exactly what you're not supposed to do as a scientist. He draws a conclusion favorable to his ego, and then works backwards from there, constructing an argument to justify it. [...] This google dude literally works at the company that made it _trivially easy_ to locate relevant social science research."

On Monday, Intel took the wraps of final details of its Core i9 microprocessors. From a report: Remember that Intel's Core X-series family (also called the Core i9) was announced with several key omissions: namely the clock speeds of the 12-core Core i9-7920X and above, as well as the thermal design power, or TDP. On Monday, Intel filled those in. The 12-core Core i9-7920X launches Aug. 28 while the 14-, 16-, and 18-core Core i9 chips ship on Sept. 25. Perhaps most important, though, is that we now know how fast Intel's Core i9s will run. When Intel inadvertently revealed that its 12-core Core i9-7920X was 2.9-GHz -- slower than the comparable AMD Threadripper -- a subset of the internet had a small freakout. We now know that that will be true for the remaining Core i9s as well, but with a big caveat. Here are the remaining speeds and feeds for the high-end Core i9 chips:
Core i9-7980XE (18 cores, 36 threads): 2.6GHz; Boost, 4.2GHz to 4.4 GHz.
Core i9-7960X (16 cores, 32 threads): 2.8GHz; Boost, 4.2GHz to 4.4 GHz.
Core i9-7940X 14 cores, 28 threads: 3.1GHz; Boost: 4.3GHz to 4.4GHz.
Core i9-7920X (12 cores, 24 threads): 2.9-GHz; Boost: 4.3-GHz to 4.4GHz.

Note that the boost speeds refer to both Intel's Turbo Boost Technology 2.0 and 3.0. [...] Essentially, both Intel and AMD can claim the title of fastest processor. Threadripper's base clock speeds are faster, but Intel's boost speeds climb higher than Threadripper can. It's also important to note that while Threadripper consumes 180 watts, even the fastest Core i9 chips Intel has announced have a lower TDP of 165 watts.

An anonymous reader shares a report: China has built a staggeringly large instrument in the remote southern, mountainous region of the country called the Five hundred-meter Aperture Spherical Telescope, or FAST. The telescope measures nearly twice as large as the closest comparable facility in the world, the US-operated Arecibo radio telescope in Puerto Rico. According to the South China Morning Post, the country is looking for a foreigner to run the observatory because no Chinese astronomer has the experience of running a facility of such size and complexity. The Chinese Academy of Sciences began advertising the position in western journals and job postings in May, but so far there have been no qualified applicants. One reason is that the requirements are fairly strict: The candidate must have at least 20 years of previous experience in the field, and he or she must have taken a leading role in large-scale radio telescope project with extensive managerial experience. The candidate must also hold a professorship, or equally senior position, in a world-class research institute or university. Nick Suntzeff, an astronomer at Texas A&M University who helped lead the discovery of dark energy and is involved with construction of the optical Giant Magellan Telescope in Chile, said there are probably about 40 or so astronomers in the world who would qualify for such a job. Compared to other astronomy disciplines, radio astronomy is a relatively small field. "I am sure they will find someone," he said. "But most astronomers in the United States do not like to work abroad. It was hard to get people to apply to work in La Serena, something I could never understand, considering how beautiful it is and how nice the Chilean people are." Among the western community of astronomers there are also questions about the scientific purpose of the FAST telescope. As part of a recent National Science Foundation review of its facilities, US officials placed the similar Arecibo radio telescope near the bottom of its priorities list.

"Right after the keynote in which Steve Jobs introduced the iPod Shuffle, I went backstage with one question in mind: What makes an iPod an iPod?" remembers Steven Levy. mirandakatz writes Apple recently announced that it's officially discontinuing the iPod -- sad news for anyone who'd prefer to not have to lug around an entire phone to listen to music. At Backchannel, Steven Levy offers a requiem... The Shuffle, he writes, was unique in that it was an iPod stripped down to a single basic function -- and, as Steve Jobs told Levy in 2005, it made the perfect [cheap] gift for inculcating young kids in the ways of Apple.

"I will go buy them one of these for 100 bucks apiece," he told Levy, referring to why the Shuffle was an especially appropriate gift for his daughters, six and nine at the time. "They'll probably lose them in 60 days. But they'll get into it this way."
Jobs called the Shuffle "every bit an iPod -- just a different iPod," saying that the definition was simply "a great digital music player." (Though later he'd say that creating a radically smaller Nano was still "a huge bet.") Levy remembers the Shuffle as "one of the company's most fun products ever...stripped down to the one feature I adored," writing that he loved how "algorithmic serendipity" approximated a genius deejay (or "the 'Hand of God' chess move that Deep Blue used to confuse Garry Kasparov into thinking the computer had trespassed into realms formerly limited to brilliant humans.")

I bought my first mp3 player in 2000 -- an Archos Jukebox 6000 which weighed three quarters of a pound. Anyone else have fond memories they want to share about the iPod, the Nano, the Shuffle, your old Newton -- or your own first mp3 player?

"Right after the keynote in which Steve Jobs introduced the iPod Shuffle, I went backstage with one question in mind: What makes an iPod an iPod?" remembers Steven Levy. mirandakatz writes Apple recently announced that it's officially discontinuing the iPod -- sad news for anyone who'd prefer to not have to lug around an entire phone to listen to music. At Backchannel, Steven Levy offers a requiem... The Shuffle, he writes, was unique in that it was an iPod stripped down to a single basic function -- and, as Steve Jobs told Levy in 2005, it made the perfect [cheap] gift for inculcating young kids in the ways of Apple.

"I will go buy them one of these for 100 bucks apiece," he told Levy, referring to why the Shuffle was an especially appropriate gift for his daughters, six and nine at the time. "They'll probably lose them in 60 days. But they'll get into it this way."
Jobs called the Shuffle "every bit an iPod -- just a different iPod," saying that the definition was simply "a great digital music player." (Though later he'd say that creating a radically smaller Nano was still "a huge bet.") Levy remembers the Shuffle as "one of the company's most fun products ever...stripped down to the one feature I adored," writing that he loved how "algorithmic serendipity" approximated a genius deejay (or "the 'Hand of God' chess move that Deep Blue used to confuse Garry Kasparov into thinking the computer had trespassed into realms formerly limited to brilliant humans.")

I bought my first mp3 player in 2000 -- an Archos Jukebox 6000 which weighed three quarters of a pound. Anyone else have fond memories they want to share about the iPod, the Nano, the Shuffle, your old Newton -- or your own first mp3 player?

Slashdot reader bitwraith noticed something suspicious after flying "a few cheap, ready-to-fly quadcopters" with their smartphone apps, including drones from Odyssey and Eachine. I often turn off my phone's Wi-Fi support before plugging it in to charge at night, only to discover it has mysteriously turned on in the morning. After checking the Wi-Fi Control History on my S7, it appears as though the various cookie-cutter apps for these drones wake up to phone home in the night after they are opened, while the phone is charging. I tried contacting the publisher of the Odyssey VR app, with no reply.

I would uninstall the app, but then how would I fly my drone? Why did Google grant permission to control Wi-Fi state implicitly to all apps, including these abusers? Are the apps phoning home to report my flight history?
The original submission asks about similar experiences from other drone-owning Slashdot users -- so leave your best answers in the comments. What's making this phone wake up in the night?

Are the drone apps phoning home?

schwit1 shared an article from Phys.org: Splitting water into hydrogen and oxygen to produce clean energy can be simplified with a single catalyst developed by scientists at Rice University and the University of Houston. The electrolytic film produced at Rice and tested at Houston is a three-layer structure of nickel, graphene and a compound of iron, manganese and phosphorus. The foamy nickel gives the film a large surface, the conductive graphene protects the nickel from degrading and the metal phosphide carries out the reaction... Rice chemist Kenton Whitmire and Houston electrical and computer engineer Jiming Bao and their labs developed the film to overcome barriers that usually make a catalyst good for producing either oxygen or hydrogen, but not both simultaneously... Whitmire said the material is scalable and should find use in industries that produce hydrogen and oxygen or by solar- and wind-powered facilities that can use electrocatalysis to store off-peak energy.
In a comment on the original submission, Slashdot reader Martin S. opines, "If we can crack H20 and C02 we could make fuel to run existing vehicles with existing infrastructure and that fuel could be carbon neutral by using off peak renewable energy from wind farms and solar."

An anonymous reader writes: An engineer at Google's Mountain View headquarters circulated a 3,400-word essay internally that argued a "moral bias" exists at Google that's "shaming dissenters" and silencing their voices against "encroaching extremist and authoritarian policies." It attributes the gender gap in technology to biology-based differences in abilities (such as "speaking up" and "leading") and different personality traits (including "neuroticism"). Its suggested remedies include "Stop alienating conservatives" (calling it "non-inclusive" and "bad business because conservatives tend to be higher in conscientiousness"), and it also suggests as a solution to "de-emphasize empathy" (which "causes us to focus on anecdotes, favor individuals similar to us, and harbor other irrational and dangerous biases").

As the essay leaked over the weekend, former Google engineer Yonatan Zunger identified its anonymous author as "not someone senior," saying the author didn't seem to understand gender -- or engineering -- or what's going to happen next. "Essentially, engineering is all about cooperation, collaboration, and empathy for both your colleagues and your customers. If someone told you that engineering was a field where you could get away with not dealing with people or feelings, then I'm very sorry to tell you that you have been lied to... It's true that women are socialized to be better at paying attention to people's emotional needs and so on -- this is something that makes them better engineers, not worse ones... You need to learn the difference between 'I think we should adopt Go as our primary language' and 'I think one-third of my colleagues are either biologically unsuited to do their jobs, or if not are exceptions and should be suspected of such until they can prove otherwise to each and every person's satisfaction.'"
The leaked internal essay is now being discussed in literally dozens of news outlets. Click through for some official responses, including leaked reactions from Google's VP of Engineering, from Google's new VP of Diversity, Integrity & Governance -- and from Slashdot's readers.
Google's new VP of Diversity, Integrity & Governance -- who started just a few weeks ago -- responded internally that the document "advanced incorrect assumptions about gender," saying it's not a viewpoint Google endorses or encourages, and adding that "Changing a culture is hard, and it's often uncomfortable."

Zunger seemed to agree in part, writing sympathetically that "One very important true statement which this manifesto makes is that male gender roles remain highly inflexible, and that this is a bug, not a feature. In fact, I suspect that this is the core bug which prompted everything else within this manifesto to be written."

Google VP of Engineering Ari Balogh also responded internally that "we want to continue fostering an environment where it's safe to engage in challenging conversations in a thoughtful way. But, in the process of doing that, we cannot allow stereotyping and harmful assumptions to play any part. One of the aspects of the post that troubled me deeply was the bias inherent in suggesting that most women, or men, feel or act a certain way. That is stereotyping, and it is harmful."

Long-time Slashdot reader Lauren Weinstein believes that leaking the internal memo to the outside world was a major breach of trust that will do more damage. But he also links to an earlier essay which argues "The men of computer science and the computer industry are misogynous jerks. Not all of them of course. Likely not even the majority. But enough to thoroughly poison the well."

schwit1 quotes a Bloomberg column by Virginia Postrel: What makes Musk's Hyperloop plan seem like fantasy isn't the high-tech part. Shooting passengers along at more than 700 miles per hour seems simple -- engineers pushed 200 miles-per-hour in a test this week -- compared to building a tunnel from New York to Washington. And even digging that enormously long tunnel -- twice as long as the longest currently in existence -- seems straightforward compared to navigating the necessary regulatory approvals... The eye-rolling comes less from the technical challenges than from the bureaucratic ones.

With his premature declaration, Musk is doing public debate a favor. He's reminding us of what the barriers to ambitious projects really are: not technology, not even money, but getting permission to try. "Permits harder than technology," Musk tweeted after talking with Los Angeles mayor Eric Garcetti about building a tunnel network. That's true for the public sector as well as the private... SpaceX and its commercial-spaceflight competitors can experiment because Congress and President Barack Obama agreed to protect them from Federal Aviation Administration standards. usk is betting that his salesmanship will have a similar effect on the ground. He's trying to get the public so excited that the political pressures to allow the Hyperloop to go forward become irresistible. He seems to believe that he can will the permission into being. If he succeeds, he'll upend not merely intercity transit but the bureaucratic process by which things get built. That would be a true science-fiction scenario.

darthcamaro writes: There are lots of tools and different secure protocols that could be used by internet service providers to embed security into the fabric of the internet, making the internet secure by default, but that's not something that Facebook's Chief Security Officer, Alex Stamos wants to happen. Instead of security by default, his view is that carriers should be neutral and let malicious traffic do whatever it wants.

"I believe strongly in the end-to-end principle, I think we should have neutral carriers in the middle and it should not be the responsibility of ISPs to secure the internet," Stamos said in a press conference at the Black Hat USA conference last week.
Slashdot reader Darth Technoid disagrees, calling a lack of security "the Original Sin of the Internet," and speculating that Vint Cerf and Bob Metcalfe "thought that future technology would resolve the issues." What do other Slashdot readers think?

Should the internet be secure by default?

rgh02 writes: Earlier this summer, popular YouTube channel Auralnauts received some unfortunate news: Warner/Chappell had filed a monetization claim on their "Star Wars Minus Williams" video through YouTube's Content ID System. More than anything, the Auralnauts were confused -- the video the music company was claiming rights over didn't have any music in it at all.
In fact, the video is almost entirely silent, augmented with a few awkward coughs as Han Solo and Luke Skywalker plod noiselessly toward Princess Leia in a two-minute scene where they're awarded ceremonial medallions. Wired's article describes it as "a tongue-in-cheek tribute" to John Williams' Star Wars score for the film's final scene, also reporting that it had been online for almost three years before Warner/Chappell music publishing claimed rights to all money the video would receive: When I tried to get Warner/Chappell's side of this story, the company offered no comment. But apparently my reporting helped bring the "Star Wars Minus Williams" copyright dispute to an unexpectedly speedy resolution. When Koonce told his YouTube partner manager that a journalist had interviewed him, YouTube stepped in and removed the copyright claim against the video.
YouTube has also created a "Fair Use Protection" program covering legal costs for channels they believe are unfairly targeted with video takedown notices. But the article points out that 95% of the time music companies just chose YouTube's "monetize" option to claim the ad revenue rather than asking that a video be blocked -- and that last year YouTube paid the music industry $1 billion. (Though the music industry insists that amount is still below what they're receiving from streaming music services.)

This question came from two things noticed by Slashdot reader dryriver:

"Myself and just about every other kid I was friends with in the 1980s were definitely addicted to computers when we were young, and stayed that way until we reached college."

"There is increasing concern about everybody from young kids to people 60+ staring into smartphone, tablet computer and laptop screens for hours and hours every day and not partaking in other activities they used to before the "glowing screen" hooked them."

His question: Are interactive computing devices, whether networked or not, addictive in nature? What kind of applications appear to be the most addictive? (AAA games? Casual games? Social media? Texting?) And could the addiction have something to do with "Neuroplasticity", the fact that doing an activity over and over again each day that you place great importance in, and pay great attention to, can actually rewire the neurons in your brain?
Nicholas Carr once argued that "We're training ourselves, through repetition, to be facile skimmers, scanners, and message-processors -- important skills, to be sure -- but, perpetually distracted and interrupted, we're not training ourselves in the quieter, more attentive modes of thought." Slashdot readers seem uniquely qualified to address this, so leave your own attentive thoughts in the comments. Are interactive computing devices addictive?

An anonymous reader quotes Ars Technica: A former Volkswagen executive has pleaded guilty to two charges related to the company's diesel emissions scandal. He is the second VW Group employee to do so, following retired engineer James Liang pleading guilty last summer. The VW Group executive, Oliver Schmidt, was based outside of Detroit and was in charge of emissions compliance for Volkswagen in the years before the company was caught using illegal software to cheat on federal emissions tests.

Schmidt, a German citizen who was 48 when he was arrested in Miami in January on vacation, was originally charged with 11 felony counts. In accepting a plea deal from US federal officials, Schmidt will only plead guilty to two charges: conspiracy to defraud the US government and violate the Clean Air Act, and making a false statement under the Clean Air Act. Schmidt will be sentenced in December. He could face up to seven years in prison, as well as fines from $40,000 to $400,000, according to the plea agreement. After that, Schmidt could also be required to serve four years of supervised release.

UnknowingFool writes: A new class action lawsuit from a former Wells Fargo customer claimed the bank charged loan customers for auto insurance they did not need. With auto loans, the bank often requires that full coverage auto insurance be bought when the loan is made. However, lead plaintiff Paul Hancock says that Wells Fargo charged him for auto insurance even though he informed them he already had an insurance policy with another company. Wells Fargo also charged him a late fee when he disputed the charge. Wells Fargo does not dispute that it did this to customers and has offered to refund $80 million to 570,000 customers who were charged for insurance. The lawsuit however is to recoup late fees, delinquency charges, and other fees that the refund would not cover.
NPR describes Wells Fargo actually repossessing the car of a man who was "marked as delinquent for not paying this insurance -- which he didn't want or need or even know about." Friday the bank also revealed the number of "potentially unauthorized accounts" from its earlier fake accounts scandal could be much higher than previous estimates -- and that they're now expecting their legal costs to exceed the $3.3 billion they'd already set aside.

And Reuters reports that the bank will also be paying $108 million "to settle a whistleblower lawsuit claiming it charged military veterans hidden fees to refinance their mortgages, and concealed the fees when applying for federal loan guarantees."

An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.

Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.

An anonymous reader shares a report from The Register: In late June, noted open-source programmer Bruce Perens [a longtime Slashdot reader] warned that using Grsecurity's Linux kernel security could invite legal trouble. "As a customer, it's my opinion that you would be subject to both contributory infringement and breach of contract by employing this product in conjunction with the Linux kernel under the no-redistribution policy currently employed by Grsecurity," Perens wrote on his blog. The following month, Perens was invited to court. Grsecurity sued the open-source doyen, his web host, and as-yet-unidentified defendants who may have helped him draft that post, for defamation and business interference. Grsecurity offers Linux kernel security patches on a paid-for subscription basis. The software hardens kernel defenses through checks for common errors like memory overflows. Perens, meanwhile, is known for using the Debian Free Software Guidelines to draft the Open Source Definition, with the help of others.

Grsecurity used to allow others to redistribute its patches, but the biz ended that practice for stable releases two years ago and for test patches in April this year. It offers its GPLv2 licensed software through a subscription agreement. The agreement says that customers who redistribute the code -- a right under the GPLv2 license -- will no longer be customers and will lose the right to distribute subsequent versions of the software. According to Perens, "GPL version 2 section 6 explicitly prohibits the addition of terms such as this redistribution prohibition." A legal complaint (PDF) filed on behalf of Grsecurity in San Francisco, California, insists the company's software complies with the GPLv2. Grsecurity's agreement, the lawsuit states, only applies to future patches, which have yet to be developed. Perens isn't arguing that the GPLv2 applies to unreleased software. Rather, he asserts the GPLv2, under section 6, specifically forbids the addition of contractual terms.

Earlier this week, Amazon suspended budget phone maker BLU from selling its phones on the site, citing a "potential security issue." A few days have passed and BLU has made its defense. SlashGear reports: AdUps, the Chinese company that provides affordable firmware update software to countless budget Android phones, is not spyware and not even Kryptowire, the security firm that broke the news last year, called it that, insists BLU. To be fair, Kryptowire really didn't. In its 2016 report, it simply described AdUps' OTA software as "FIRMWARE THAT TRANSMITTED PERSONALLY IDENTIFIABLE INFORMATION (PII) WITHOUT USER CONSENT OR DISCLOSURE." Curiously, that is more or less how the FTC defines spyware (PDF). In its 2017 follow-up, it did drop the second part of that phrase and simply reported on "mobile devices for Personally Identifiable Information (PII) collection and transmission to third parties." While BLU, and a few other OEMs, was caught unaware by the first report, it's insisting on its innocence in this second instance. Its defense stems from the argument that it is doing nothing that violates its Privacy Policy and, therefore, doesn't constitute any wrongdoing. Yes, that privacy policy that barely anyone reads, which can't legally be blamed on manufacturers anyway.

In other words, when you agreed to use BLU's devices, you basically agreed that such PII could possibly be transmitted to a third party outside the US. In this particular case, that does apply to the situation with AdUps. Interestingly, the policy's copyright dates back to 2016, when the AdUps issue first came up. The Internet Archives doesn't seem to have any version of that page before April this year. And so we come to BLU's second arguments: everybody's doing it. The data that AdUps collects is the same or even just a fraction of what other OEMs are collecting. Google is hardly the bastion of privacy and other OEMs are also collecting such data and sending it to servers in China, as is the case with Huawei and ZTE. Finally, BLU says that Kryptowire's new report really only identifies the Cubot X16S, from a Chinese OEM, as the only smartphone really spying on its users. UPDATE: BLU has confirmed that its devices "are now back up for sale on Amazon."

Marcus Hutchins, the 23-year-old British security researcher who was credited with stopping the WannaCry outbreak in its tracks by discovering a hidden "kill switch" for the malware, was arrested by the FBI over his alleged involvement in separate malicious software targeting bank accounts. According to an indictment released by the US Department of Justice on Thursday, Hutchins is accused of having helped to create, spread and maintain the banking trojan Kronos between 2014 and 2015. Hutchins, who is indicted with another unnamed co-defendant, stands accused of six counts of hacking-related crimes as a result of his alleged involvement with Kronos. A preliminary analysis of those counts suggest that the government will face significant legal challenges. Orin Kerr, the Fred C. Stevenson Research Professor at The George Washington University Law School, writes: The indictment asserts that Hutchins created the malware and an unnamed co-conspirator took the lead in selling it. The indictment charges a slew of different crimes for that: (1) conspiracy to violate the Computer Fraud and Abuse Act; (2) three counts of violating 18 U.S.C. 2512, which prohibits selling and advertising wiretapping devices; (3) a count of wiretapping; and (4) a count of violating the Computer Fraud and Abuse Act through accomplice liability -- basically, aiding and abetting a hacking crime. Do the charges hold up? Just based on a first look at the case, my sense is that the government's theory of the case is fairly aggressive. It will lead to some significant legal challenges. It's hard to say, at this point, how those challenges will play out. The indictment is pretty bare-bones, and we don't have all the facts or even what the government thinks are the facts.
Count one: If I understand it correctly, the government is saying that the act of selling the malware -- distributing it to a third party -- was the act of causing computer damage. In effect, the government treats the selling of the malware as a use of the malware to damage a computer. It's saying Hutchins and X conspired (formed an agreement) to send off the program (distributing it to the buyer) intending to cause damage (eventually, albeit indirectly, when the buyer later used it to cause damage). I have never seen Section 1030(a)(5)(A) used that way before. And for the charge to fit the statute, the government has to prove two things that it may or may not be able to prove.

Counts Two, Three and Four: The 2512 Charges: Counts two, three and four all allege violations of 18 U.S.C. 2512. Section 2512 is a rarely used law that criminalizes making, selling or advertising for sale illegal wiretapping devices. The basic idea is to deter wiretapping by interfering with the market in wiretapping devices. [...] One legal issue raised by these charges is whether software alone counts as a "device" under Section 2512. Section 2510(5) defines an "electronic, mechanical, or other device" as "any device or apparatus which can be used to intercept a wire, oral, or electronic communication" subject to some exclusions not relevant here.

Marcus Hutchins, the 23-year-old British security researcher who was credited with stopping the WannaCry outbreak in its tracks by discovering a hidden "kill switch" for the malware, was arrested by the FBI over his alleged involvement in separate malicious software targeting bank accounts. According to an indictment released by the US Department of Justice on Thursday, Hutchins is accused of having helped to create, spread and maintain the banking trojan Kronos between 2014 and 2015. Hutchins, who is indicted with another unnamed co-defendant, stands accused of six counts of hacking-related crimes as a result of his alleged involvement with Kronos. A preliminary analysis of those counts suggest that the government will face significant legal challenges. Orin Kerr, the Fred C. Stevenson Research Professor at The George Washington University Law School, writes: The indictment asserts that Hutchins created the malware and an unnamed co-conspirator took the lead in selling it. The indictment charges a slew of different crimes for that: (1) conspiracy to violate the Computer Fraud and Abuse Act; (2) three counts of violating 18 U.S.C. 2512, which prohibits selling and advertising wiretapping devices; (3) a count of wiretapping; and (4) a count of violating the Computer Fraud and Abuse Act through accomplice liability -- basically, aiding and abetting a hacking crime. Do the charges hold up? Just based on a first look at the case, my sense is that the government's theory of the case is fairly aggressive. It will lead to some significant legal challenges. It's hard to say, at this point, how those challenges will play out. The indictment is pretty bare-bones, and we don't have all the facts or even what the government thinks are the facts.
Count one: If I understand it correctly, the government is saying that the act of selling the malware -- distributing it to a third party -- was the act of causing computer damage. In effect, the government treats the selling of the malware as a use of the malware to damage a computer. It's saying Hutchins and X conspired (formed an agreement) to send off the program (distributing it to the buyer) intending to cause damage (eventually, albeit indirectly, when the buyer later used it to cause damage). I have never seen Section 1030(a)(5)(A) used that way before. And for the charge to fit the statute, the government has to prove two things that it may or may not be able to prove.

Counts Two, Three and Four: The 2512 Charges: Counts two, three and four all allege violations of 18 U.S.C. 2512. Section 2512 is a rarely used law that criminalizes making, selling or advertising for sale illegal wiretapping devices. The basic idea is to deter wiretapping by interfering with the market in wiretapping devices. [...] One legal issue raised by these charges is whether software alone counts as a "device" under Section 2512. Section 2510(5) defines an "electronic, mechanical, or other device" as "any device or apparatus which can be used to intercept a wire, oral, or electronic communication" subject to some exclusions not relevant here.

Cars must be driven out of cities to tackle the UK's air pollution crisis, not just replaced with electric vehicles, according to the UK government's top adviser. From a report: Prof Frank Kelly said that while electric vehicles emit no exhaust fumes, they still produce large amounts of tiny pollution particles from brake and tyre dust, for which the government already accepts there is no safe limit. Toxic air causes 40,000 early deaths a year in the UK, and the environment secretary, Michael Gove, recently announced that the sale of new diesel and petrol cars will be banned from 2040, with only electric vehicles available after that. But faced with rising anger from some motorists, the plan made the use of charges to deter dirty diesel cars from polluted areas a measure of last resort only. Kelly's intervention heightens the government's dilemma between protecting public health and avoiding politically difficult charges or bans on urban motorists. "The government's plan does not go nearly far enough," said Kelly, professor of environmental health at King's College London and chair of the Committee on the Medical Effects of Air Pollutants, official expert advisers to the government. "Our cities need fewer cars, not just cleaner cars."

An anonymous reader shares a report: Elon Musk introduced his vision for a futuristic mode of tube-based transportation called the hyperloop in 2013. In an exhaustive white paper, he laid out a body of research conducted with his team at Space Exploration Technologies demonstrating the system's viability and seemingly offered it as a gift to the entrepreneurial community. "I don't have any plan to execute because I must remain focused on SpaceX and Tesla," he said in a conference call at the time. He apparently changed his mind. Last month, the SpaceX and Tesla chief executive officer revealed on Twitter that he'd received "verbal government approval" to build a hyperloop capable of ferrying passengers between New York and Washington, D.C., in 29 minutes. The tweet came as a shock to executives at the various startups racing to develop their own hyperloops based on Musk's specifications. Several of them initially expressed hope that Musk would simply dig the tunnels and perhaps choose one of their startups to create the physical infrastructure, which involves a tube-encased train traveling at speeds faster than an airplane. Nope. A person close to Musk said his plan is to build the entire thing, including the hyperloop system. Musk also holds a trademark for "Hyperloop" through SpaceX, which could be used to prevent other companies from using the term, according to U.S. public records. The billionaire's unexpected entry into the hyperloop business could threaten the ambitions of three startups, which have raised about $200 million combined from venture backers. "There's probably a finite amount of capital willing to bet on this space -- and bet against him," said Jonathan Silver, the former loan programs director at the U.S. Department of Energy. Silver learned not to underestimate Musk after overseeing a 2010 loan of $465 million to Tesla, which the electric carmaker paid back, with interest, nine years ahead of schedule.

An anonymous reader writes from a report via Bleeping Computer: The Juscutum Attorneys Association, a Ukrainian law firm, is rallying NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software -- the point of origin of the NotPetya ransomware outbreak. The NotPetya ransomware spread via a trojanized M.E.Doc update, according to Microsoft, Bitdefender, Kaspersky, Cisco, ESET, and Ukrainian Cyber Police. A subsequent investigation revealed that Intellect-Service had grossly mismanaged the hacked servers, which were left without updates since 2013 and were backdoored on three different occasions. On Tuesday, Ukrainian Cyber Police confirmed that M.E.Doc servers were backdoored on three different occasions in an official document. The company is now using this document as the primary driving force behind its legal action. Juscutum says that victims must pay all court fees, must provide evidence or help with the collection of evidence, and agree to a 30% cut in the case of any awarded damages. The lawsuit is in its incipient stages. Juscutum representatives are currently spreading their message and encouraging victims to join the lawsuit via social media posts and articles in local Ukrainian press.

An anonymous reader quotes a report from King 5, a local news station for Seattle, Washington: On June 8 approximately 350 Hanford workers were ordered to "take cover" after alarms designed to detect elevated levels of airborne radioactive contamination went off. It was quickly determined that radioactive particles had been swept out of a containment zone at the plutonium finishing plant (PFP) demolition site. The work is considered the most hazardous demolition project on the entire nuclear reservation. At the time Hanford officials called the safety measure "precautionary." Officials from the U.S. Dept. of Energy, which owns Hanford, and the contractor in charge of the demolition, CH2M Hill, downplayed the seriousness of the event with statements including, it appeared "workers were not at risk", "(the alarm went off) in an area where contamination is expected" and there was "no evidence radioactive particles had been inhaled" by anyone.

The KING 5 Investigators have discovered those statements are incorrect. An internal CH2M Hill email sent to their employees on July 21 was obtained by KING. It states that 301 (test kits) have been issued to employees and of the first 65 workers tested, a "small number of employees" showed positive results for "internal exposures" (by radioactive plutonium). Sources tell KING the "small number of employees" is twelve. Twelve people out of 65 is 20 percent. Still outstanding are 236 tests. A communication specialist with CH2M Hill sent a statement that more positive results are expected. "We expect additional positive results because analytical tests like a bioassay can detect radiological contamination at levels far lower than what field monitoring can detect," said Destry Henderson of CH2M Hill Plateau Remediation Company.

An anonymous reader shares a report: For the last 10 years, H.264/AVC has been the dominant video codec used for streaming but with Apple adopting H.265/HEVC in iOS 11 and Google heavily supporting VP9 in Android, a change is on the horizon. Next year the Alliance for Open Media will release their AV1 codec which will again improve video compression efficiency even further. But the end result is that the codec market is about to get very fragmented, with content owners soon having to decide if they need to support three codecs (H.264, H.265, and VP9) instead of just H.264 and with AV1 expected to be released in 2019. As a result of what's take place in the codec market, and with better quality video being demanded by consumers, content owners, broadcasters and OTT providers are starting to see a massive increase in encoding costs. New codecs like H.265 and VP9 need 5x the servers costs because of their complexity. Currently, AV1 needs over 20x the server costs. The mix of SD, HD and UHD continues to move to better quality: e.g. HDR, 10-bit and higher frame rates. Server encoding cost to move from 1080p SDR to 4K HDR is 5x. 360 and Facebook's 6DoF video are also growing in consumption by consumers which again increases encoding costs by at least 4x. If you add up all these variables, it's not hard to do the math and see that for some, encoding costs could increase by 500x over the next few years as new codecs, higher quality video, 360 video and general demand increases.

An anonymous reader shares a report: For the last 10 years, H.264/AVC has been the dominant video codec used for streaming but with Apple adopting H.265/HEVC in iOS 11 and Google heavily supporting VP9 in Android, a change is on the horizon. Next year the Alliance for Open Media will release their AV1 codec which will again improve video compression efficiency even further. But the end result is that the codec market is about to get very fragmented, with content owners soon having to decide if they need to support three codecs (H.264, H.265, and VP9) instead of just H.264 and with AV1 expected to be released in 2019. As a result of what's take place in the codec market, and with better quality video being demanded by consumers, content owners, broadcasters and OTT providers are starting to see a massive increase in encoding costs. New codecs like H.265 and VP9 need 5x the servers costs because of their complexity. Currently, AV1 needs over 20x the server costs. The mix of SD, HD and UHD continues to move to better quality: e.g. HDR, 10-bit and higher frame rates. Server encoding cost to move from 1080p SDR to 4K HDR is 5x. 360 and Facebook's 6DoF video are also growing in consumption by consumers which again increases encoding costs by at least 4x. If you add up all these variables, it's not hard to do the math and see that for some, encoding costs could increase by 500x over the next few years as new codecs, higher quality video, 360 video and general demand increases.

Zack Whittaker, reporting for ZDNet: A security researcher who in May stopped an outbreak of the WannaCry ransomware has been arrested and detained after attending the Def Con conference in Las Vegas. Marcus Hutchins, 23, a British national, was arrested at Las Vegas airport on Wednesday by US Marshals, several close friends confirmed to ZDNet. A friend told ZDNet that he was "was pulled by Marshals at the lounge" after clearing security. He was briefly detained in a federal facility in Nevada until he was moved. "We went to see him this morning and we had already been moved," said the friend. Hutchins is now understood to be in custody at an FBI field office in the state. Motherboard first broke the story on Thursday. Update: A Motherboard reporter tweets, "Here's the indictment accusing @MalwareTechBlog of running the Kronos banking malware."
Update 2: New DOJ statement: Gregory J. Haanstad, United States Attorney for the Eastern District of Wisconsin, announced that on July 11, 2017, following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as "Malwaretech," for his role in creating and distributing the Kronos banking Trojan.

In a report via Ars Technica, Timothy B. Lee explains why the Bitcoin network split into two and why it matters: On Tuesday, a faction of the Bitcoin community launched an audacious experiment: a new version of Bitcoin called Bitcoin Cash that's incompatible with the standard version. As a result, the Bitcoin network split into two mutually incompatible networks that will operate side-by-side. The confusing result is that if you owned one bitcoin before the split you own two bitcoins now: one coin on the original Bitcoin network, and a second coin on the new Bitcoin Cash network. The two coins have the same cryptographic credentials, but they have very different values if you sell them for old-fashioned dollars. On Wednesday morning, one standard Bitcoin was worth about $2,700, while -- on paper at least -- a unit of Bitcoin Cash was worth around $600. [...]

For over a year, the Bitcoin network has been bumping up against a capacity limit hard-coded into the Bitcoin software. Each block in the Bitcoin blockchain -- the network's public, shared transaction ledger -- is limited to 1 megabyte. That artificial limit prevents the network from processing more than about seven transactions per second. Technically speaking, it would be trivial to change that 1 megabyte limit to a higher value. But proposals to do so have faced opposition from traditionalists who argue the limit is actually an important feature of Bitcoin's design that protects the network's democratic character. To participate in the network's peer-to-peer process for clearing transactions, a computer needs a copy of every transaction ever made on the Bitcoin network, which adds up to gigabytes of data per month. This argument has dragged on for more than two years with no resolution. So instead of continuing to bicker, a group of big-block supporters took matters into their own hands. They forked the standard, open-source Bitcoin client to create a rival version of the software.

Days after Apple yanked anti-censorship tools off its app store in China, another major American technology company is moving to implement the country's tough restrictions on online content. From a report: A Chinese company that operates Amazon's cloud-computing and online services business there said on Tuesday that it told local customers to cease using any software that would allow Chinese to circumvent the country's extensive system of internet blocks (Editor's note: the link could be paywalled; alternative source). The company, called Beijing Sinnet Technology and operator of the American company's Amazon Web Services operations in China, sent one round of emails to customers on Friday and another on Monday. "If users don't comply with the guidance, the offered services and their websites can be shut down," said a woman surnamed Wang who answered a Sinnet service hotline. "We the operators also check routinely if any of our users use these softwares or store illegal content." Ms. Wang said the letter was sent according to recent guidance from China's Ministry of Public Security and the country's telecom regulator. Amazon did not respond to emails and phone calls requesting comment. The emails are the latest sign of a widening push by China's government to block access to software that gets over the Great Firewall -- the nickname for the sophisticated internet filters that China uses to stop its people from gaining access to Facebook, Google and Twitter, as well as foreign news media outlets.

CNET reports: Amazon just put budget phone maker Blu in the penalty box. The online retailing giant told CNET that it was suspending sales of phones from Blu, known for making ultra-cheap Android handsets, due to a "potential security issue." The move comes after security firm Kryptowire demonstrated last week how software in Blu's phones collected data and sent it to servers in China without alerting people. Blu defended the software, created by a Chinese company called Shanghai Adups Technology, and denied any wrongdoing. A company spokeswoman said at the time it "has several policies in place which take customer privacy and security seriously." She added there had been no breaches. Blu said it was in a process of review to reinstate the phones at Amazon.

An anonymous reader quotes a report from Bleeping Computer: "The author of the BrickerBot malware has claimed a cyber-attack that affected several Indian states and has caused over 60,000 modems and routers to lose Internet connectivity," reports Bleeping Computer. "The incident affected modems and routers belonging to Bharat Sanchar Nigam Limited (BSNL) and Mahanagar Telephone Nigam Limited (MTNL), two Indian state-owned telecommunications service providers." The BrickerBot malware infected modems that used default passwords and modems that the two ISPs left exposed via the TR069 management interface to connections from anywhere on the Internet. BrickerBot is a malware strain that affects Linux-based IoT and networking devices. Unlike other malware that hoards devices into botnets for DDoS attacks and other purposes, BrickerBot "bricks" the equipment by rewriting its flash storage with random data. In most cases this bricking effect can be reversed, but in some cases this is permanent. BSNL and MTNL had worked to fix problems but efforts were delayed after a BSNL workforce strike. The BrickerBot author also raised the alarm about similar exposed devices on the network of Pakistan Telecommunication Company Limited (PTCL). In April, the BrickerBot author claimed he bricked over 2 million devices.

An anonymous reader quotes a report from Bleeping Computer: "The author of the BrickerBot malware has claimed a cyber-attack that affected several Indian states and has caused over 60,000 modems and routers to lose Internet connectivity," reports Bleeping Computer. "The incident affected modems and routers belonging to Bharat Sanchar Nigam Limited (BSNL) and Mahanagar Telephone Nigam Limited (MTNL), two Indian state-owned telecommunications service providers." The BrickerBot malware infected modems that used default passwords and modems that the two ISPs left exposed via the TR069 management interface to connections from anywhere on the Internet. BrickerBot is a malware strain that affects Linux-based IoT and networking devices. Unlike other malware that hoards devices into botnets for DDoS attacks and other purposes, BrickerBot "bricks" the equipment by rewriting its flash storage with random data. In most cases this bricking effect can be reversed, but in some cases this is permanent. BSNL and MTNL had worked to fix problems but efforts were delayed after a BSNL workforce strike. The BrickerBot author also raised the alarm about similar exposed devices on the network of Pakistan Telecommunication Company Limited (PTCL). In April, the BrickerBot author claimed he bricked over 2 million devices.

An anonymous reader quotes a report from Ars Technica: FCC Chairman Ajit Pai and Democratic lawmakers have been exchanging letters about a May 8 incident in which the public comments website was disrupted while many people were trying to file comments on Pai's plan to dismantle net neutrality rules. The FCC says it was hit by DDoS attacks. The commission hasn't revealed much about what it's doing to prevent future attacks, but it said in a letter last month that it was researching "additional solutions" to protect the comment system. Democratic Leaders of the House Commerce and Oversight committees then asked Pai what those additional solutions are, but they didn't get much detail in return.

"Given the ongoing nature of the threats to disrupt the Commission's electronic comment ling system, it would undermine our system's security to provide a specific roadmap of the additional solutions to which we have referred," the FCC chief information officer wrote. "However, we can state that the FCC's IT staff has worked with commercial cloud providers to implement Internetbased solutions to limit the amount of disruptive bot-related activity if another bot-driven event occurs." The CIO's answers to lawmakers' questions were sent along with a letter from Pai to Reps. Frank Pallone, Jr. (D-N.J.), Elijah Cummings (D-Md.), Mike Doyle (D-Penn.), DeGette (D-Colo.), Robin Kelly (D-Ill.), and Gerald Connolly (D-Va.). The letter is dated July 21, and it was posted to the FCC's website on July 28.

Amazon, Facebook, Google and Netflix -- along with their telecom industry foes -- have not committed to sending their chief executives to testify before the U.S. Congress in September on the future of net neutrality. From a report: Not a single one of those companies told the powerful House Energy and Commerce Committee, which is convening the hearing, that they would send their leaders to Washington, D.C., in the coming weeks, even at a time when the Trump administration is preparing to kill the open internet rules currently on the government's books. The panel initially asked those four tech giants, as well as AT&T, Charter, Comcast and Verizon, to indicate their plans for attendance by July 31. Now, the committee is pushing back its deadline indefinitely, as it continues its quest to engage the country's tech and telecom business leaders on net neutrality. "The committee has been engaging in productive conversations with all parties and will extend the deadline for response in order to allow for those discussions to continue," a spokesman said.

Last week, The Wall Street Journal had a big feature on Apple Campus, the big new beautiful office the company has spent north of $5 billion on. The profile, in which the reporter interviewed Apple's design chief Jony Ive, also mentioned about an open space where all the programmers would sit and work. Ever since the profile came out, several people have expressed their concerns about the work environment for the developers. American entrepreneur and technologist Anil Dash writes: [...] There have been countless academic studies confirming the same result: Workers in open plan offices are frustrated, distracted and generally unhappy. That's not to say there's no place for open plan in an offices -- there can be great opportunities to collaborate and connect. For teams like marketing or communications or sales, sharing a space might make a lot of sense. But for tasks that require being in a state of flow? The science is settled. The answer is clear. The door is closed on the subject. Or, well, it would be. If workers had a door to close. Now, when it comes to jobs or roles that need to be in a state of flow, programming may be the single best example of a task that benefits from not being interrupted. And Apple has some of the best coders in the world, so it's just common sense that they should be given a great environment. That's why it was particularly jarring to see this side note in the WSJ's glowing article about Apple's new headquarters: "Coders and programmers are concerned their work surroundings will be too noisy and distracting." Usually, companies justify putting programmers into an open office plan for budget reasons. It does cost more to make enough room for every coder to have an office with a door that closes. But given that Apple's already invested $5 billion into this new campus, complete with iPhone-influenced custom-built toilets for the space, it's hard to believe this decision was about penny-pinching. The other possible argument for skipping private offices would be if a company didn't know that's what its workers would prefer.

Kara Swisher, reporting for Recode: Warring factions within factions, conflicting back-channeling, intense media scrutiny, questionable foreign influences and a capricious leader whose jarring moves leave everyone in a state of perpetual uncertainly. The Trump administration, right? Well, yes, but also Uber, as it nears its much anticipated decision on who will be its next CEO. And, according to sources, that top leader is not going to be a woman, as the board of the car-hailing company struggles to move forward. To add to the drama: Some directors worry that its former CEO Travis Kalanick -- who was ousted -- is trying to game the outcome in his favor, after he told several people that he was "Steve Jobs-ing it." It is a reference to the late leader of Apple, who was fired from the company, only to later return in triumph.

Remember when NASA visited an asteroid with $10 quintillion worth of minerals? Now the lucrative asteroid-mining industry is being pursued by "the European banking hub with a population not much bigger than Albuquerque's," reports Bloomberg, as low-cost reconnaissance missions are already looking "increasingly feasible." An anonymous reader writes: Last week Luxembourg's parliament unanimously passed an asteroid mining law (which goes into effect Tuesday) "that gives companies ownership of what they extract from the celestial bodies..." according to Engadget. "Luxembourg's law is pretty similar to the one President Obama signed back in 2015 in that it gives mining companies the right to keep their loot. Both of them also take advantage of a loophole in the UN's Outer Space Treaty, which states that nations can't claim and occupy the moon and other celestial bodies. They don't give companies ownership of asteroids, after all, only the minerals they extract.. Unlike the U.S. version, though, a company's major stakeholders don't need to be based in Luxembourg to enjoy its protection -- they only need to have an office in country."

Bloomberg reports that the law "could serve as a model for other small countries hoping to explore asteroids -- and to get a piece of the booming space business," since the tiny country is also offering to buy equity stakes in any companies which relocate to Luxembourg. "Luxembourg's success in attracting these companies should show other small countries that space isn't just for superpowers any more... Competition has made space achievable for many more companies, and for the countries that support them."
For the last few years Luxembourg has begun quietly investing in asteroid mining, including a joint venture with "Deep Space Industries" to build a spacecraft to test asteroid-mining technologies -- while another collaboration with Kleos Space is working on "in-space manufacturing technology."

Remember when NASA visited an asteroid with $10 quintillion worth of minerals? Now the lucrative asteroid-mining industry is being pursued by "the European banking hub with a population not much bigger than Albuquerque's," reports Bloomberg, as low-cost reconnaissance missions are already looking "increasingly feasible." An anonymous reader writes: Last week Luxembourg's parliament unanimously passed an asteroid mining law (which goes into effect Tuesday) "that gives companies ownership of what they extract from the celestial bodies..." according to Engadget. "Luxembourg's law is pretty similar to the one President Obama signed back in 2015 in that it gives mining companies the right to keep their loot. Both of them also take advantage of a loophole in the UN's Outer Space Treaty, which states that nations can't claim and occupy the moon and other celestial bodies. They don't give companies ownership of asteroids, after all, only the minerals they extract.. Unlike the U.S. version, though, a company's major stakeholders don't need to be based in Luxembourg to enjoy its protection -- they only need to have an office in country."

Bloomberg reports that the law "could serve as a model for other small countries hoping to explore asteroids -- and to get a piece of the booming space business," since the tiny country is also offering to buy equity stakes in any companies which relocate to Luxembourg. "Luxembourg's success in attracting these companies should show other small countries that space isn't just for superpowers any more... Competition has made space achievable for many more companies, and for the countries that support them."
For the last few years Luxembourg has begun quietly investing in asteroid mining, including a joint venture with "Deep Space Industries" to build a spacecraft to test asteroid-mining technologies -- while another collaboration with Kleos Space is working on "in-space manufacturing technology."

Long-time Slashdot reader darkpixel2k shares a highlight from the Black Hat USA security conference. The Register reports: The annual Pwnie Awards for serious security screw-ups saw hardly anyone collecting their prize at this year's ceremony in Las Vegas... The gongs are divided into categories, and nominations in each section are voted on by the hacker community... The award for best server-side bug went to the NSA's Equation Group, whose Windows SMB exploits were stolen and leaked online this year by the Shadow Brokers...

And finally, the lamest vendor response award went to Systemd supremo Lennart Poettering for his controversial, and perhaps questionable, handling of the following bugs in everyone's favorite init replacement: 5998, 6225, 6214, 5144, and 6237... "Where you are dereferencing null pointers, or writing out of bounds, or not supporting fully qualified domain names, or giving root privileges to any user whose name begins with a number, there's no chance that the CVE number will referenced in either the change log or the commit message," reads the Pwnie nomination for Systemd, referring to the open-source project's allergy to assigning CVE numbers. "But CVEs aren't really our currency any more, and only the lamest of vendors gets a Pwnie!"
CSO has more coverage -- and presumably there will eventually be an official announcement up at Pwnies.com.

An anonymous reader quotes InfoWorld: Proponents of Rust, the language engineered by Mozilla to give developers both speed and memory safety, are stumping for the language as a long-term replacement for C and C++. But replacing software written in these languages can be a difficult, long-term project. One place where Rust could supplant C in the short term is in the traditionally C libraries used in other languages... [A] new spate of projects are making it easier to develop Rust libraries with convenient bindings to Python -- and to deploy Python packages that have Rust binaries.
The article specifically highlights these four new projects:

• Rust-CPython - a set of bindings in Rust for the CPython runtime
• PyO3 - a basic way to write Rust software with bindings to Python in both directions.
• Snaek - lets developers create Rust libraries that are loaded dynamically into Python as needed, but don't rely on being linked statically against Python's runtime.
• Cookiecutter PyPackage Rust Cross-Platform Publish - simplifies the process of bundling Rust binaries with a Python library.

Michael Lauer, member of the core team at OpenMoko, a project that sought to create a family of open source mobile phones -- which included the hardware specs and the Linux-based OS -- has shared the inside story of what the project wanted to do and why it failed. From his blog post: For the 10th anniversary since the legendary OpenMoko announcement at the "Open Source in Mobile" (7th of November 2006 in Amsterdam), I've been meaning to write an anthology or -- as Paul Fertser suggested on #openmoko-cdevel -- an obituary. I've been thinking about objectively describing the motivation, the momentum, how it all began and -- sadly -- ended. I did even plan to include interviews with Sean, Harald, Werner, and some of the other veterans. But as with oh so many projects of (too) wide scope this would probably never be completed. As November 2016 passed without any progress, I decided to do something different instead. Something way more limited in scope, but something I can actually finish. My subjective view of the project, my participation, and what I think is left behind: My story, as OpenMoko employee #2. On top of that you will see a bunch of previously unreleased photos (bear with me, I'm not a good photographer and the camera sucked as well). [....] Right now my main occupation is writing software for Apple's platforms -- and while it's nice to work on apps using a massive set of luxury frameworks and APIs, you're locked and sandboxed within the software layers Apple allows you. I'd love to be able to work on an open source Linux-based middleware again. However, the sad truth is that it looks like there is no business case anymore for a truly open platform based on custom-designed hardware, since people refuse to spend extra money for tweakability, freedom, and security. Despite us living in times where privacy is massively endangered.

An anonymous reader writes: Dutch Police is aggressively going after Dark Web vendors using data they collected from the recently seized Hansa Market. According to reports, police is using the Hansa login credentials to authenticate on other Dark Web portals, such as Dream. If vendors reused passwords, police take over the accounts and set up traps or map the sales of illegal products. Other crooks noticed the account hijacks because Dutch Police changed the PGP key for the hijacked accounts with their own, which was accidentally signed with the name "Dutch Police." The second method of operation spotted by the Dark Web community involves so-called "locktime" files that were downloaded from the Hansa Market before Dutch authorities shut it down on July 20. Under normal circumstances a locktime file is a simple log of a vendor's market transaction, containing details about the sold product, the buyer, the time of the sale, the price, and Hansa's signature. The files are used as authentication by vendors to request the release of Bitcoin funds after a sale's conclusion, or if the market was down due to technical reasons. Before the market went down, these locktime files were replaced with Excel files that contained a hidden image that would beacon back to police servers, exposing the vendor's real location. Dutch Police was able to do this because they took over Hansa servers on June 20 and operated the market for one more month, collecting data on vendors.

It's been a challenging week for iRobot, the company behind the popular Roomba robotic vacuums. From a report: It started with an interview in Reuters, in which the company's chief executive Colin Angle gave the clear impression that iRobot was selling consumers' home mapping data (Editor's note: the chief executive said the company intended to explore the opportunity). Last night, Angle and iRobot got back to me on this issue. They provided the following response to the concerns I and others shared. "First things first, iRobot will never sell your data. Our mission is to help you keep a cleaner home and, in time, to help the smart home and the devices in it work better. There's no doubt that a robot can help your home be smarter. It's the data it collects to do its job, and the trusted relationship between you, your robot and iRobot, that is critical for that to happen. Information that is shared needs to be controlled by the customer and not as a data asset of a corporation to exploit. That is how data is handled by iRobot today. Customers have control over sharing it. I want to make very clear that this is how data will be handled in the future."

From a CNET report:The hacker convention, which is in its 25th year in Las Vegas, typically has hotels on alert for its three days of Sin City talk, demos and mischief. Guests are encouraged not to pick up any flash drives lying around, and employees are trained to be wary of social engineering -- that is, bad guys pretending to be someone innocent and in need of just a little help. Small acts of vandalism pop up around town. At Caesars Palace, where Defcon is happening, the casino's UPS store told guests it was not accepting any print requests from USB drives or links, and only printing from email attachments. Hackers who saw this laughed, considering that emails are hardly immune from malware. But the message is clear: During these next few days, hackers are going to have their fun, whether it's through a compromised Wi-Fi network or an open-to-tinkering website.
NOTE: CNET also originally reported that the Wet Republic web site "had two images vandalized" with digital graffiti. But their reporter now writes that "my paranoia finally got the best of me, and it turned out to be an ad campaign."

Usama Jawad, writing for Neowin: A few weeks ago, we reported that Microsoft's Calibri font has been used as evidence against Prime Minister Nawaz Sharif and his family in a corruption case. Today, Sharif has been disqualified from his position as a part of the court's final verdict of the case. The case concerns the "Panama Papers", which is a collection of 11.5 million documents detailing information related to over 200,000 offshore accounts. Ever since the Panama Papers were anonymously leaked back in 2015, there has been a major shift in the political situation in many countries. One such country is Pakistan, where the names of numerous members of the Prime Minister Nawaz Sharif's family were spotted in the papers. If you aren't aware of the Calibri controversy, it is as follows: Nawaz Sharif's daughter Maryam Nawaz submitted photocopies of several documents in order to deny any corruption, but it appears that the documents contained Microsoft's Calibri font, even though they were dated February 6, 2006. It is important to note that the font wasn't commercially available until much later. Despite being created in 2004, the font did not reach the general public until January 30, 2007.

Usama Jawad, writing for Neowin: A few weeks ago, we reported that Microsoft's Calibri font has been used as evidence against Prime Minister Nawaz Sharif and his family in a corruption case. Today, Sharif has been disqualified from his position as a part of the court's final verdict of the case. The case concerns the "Panama Papers", which is a collection of 11.5 million documents detailing information related to over 200,000 offshore accounts. Ever since the Panama Papers were anonymously leaked back in 2015, there has been a major shift in the political situation in many countries. One such country is Pakistan, where the names of numerous members of the Prime Minister Nawaz Sharif's family were spotted in the papers. If you aren't aware of the Calibri controversy, it is as follows: Nawaz Sharif's daughter Maryam Nawaz submitted photocopies of several documents in order to deny any corruption, but it appears that the documents contained Microsoft's Calibri font, even though they were dated February 6, 2006. It is important to note that the font wasn't commercially available until much later. Despite being created in 2004, the font did not reach the general public until January 30, 2007.

Facebook has announced that more than one billion people use its instant messages and voice calling app WhatsApp every day. To put that in perspective, there are 7.5 billion people on this planet. And Facebook, whose marquee service itself is used by more than two billion people every month, says that 13.3 percent of the world's population is using Whatsapp every day.