Slashdot Mirror

Black Pixel, which acquired popular Mac RSS reader app NetNewsWire in 2011, announced this week that the brand name is returning to the founder Brent Simmons. From the announcement: Since acquiring NetNewsWire from Newsgator in 2011, we've invested a great deal in the continued development and support of the product suite including the addition of a free sync service. Unfortunately, the ongoing cost of support and feature development for these products require more dedicated resources than we are able to provide. With that in mind, today we are removing all versions of the app from sale. We'll continue to run the sync service for another 60 days, then take it offline at the end of October. Brent Simmons, who founded the app, shared what he plans to do with the brand name: [...] I want to thank them [Black Pixel] for a second thing: their incredible generosity in bringing it back to me. When I asked them about it, they told me they'd already been discussing it. There was never a need to convince them: they thought it was the right thing to do before I even said a word.

[...] You probably know that I've been working on a free and open source reader named Evergreen. Evergreen 1.0 will be renamed NetNewsWire 5.0 -- in other words, I've been working on NetNewsWire 5.0 all this time without knowing it! It will remain free and open source, and it will remain my side project. (By day I'm a Marketing Human at The Omni Group, and I love my job.) Black Pixel will stop selling their versions of the app, and will turn off the syncing system and end customer support -- all of which is detailed in their announcement. (Important note: I will not get any customer data from them, nor will I be doing support for Black Pixel's NetNewsWire.)

I want one thing: to make the very best versions of NetNewsWire ever made. And, along the way, I'd love to have your help. Nothing to Download Yet I don't actually have an app bearing the name NetNewsWire ready to download yet. I will have test versions ready soon, though. It's still going to be a while before the final version of 5.0 ships. The Mac community has been thrilled about the announcement. Daniel Jalkut, founder of blogging tool MarsEdit, said, "I appreciate Black Pixel's decision to return NetNewsWire to Brent Simmons. It was the right move strategically, but also very humanistic." Federico Viticci, a prolific blogger on Apple ecosystem, said, "Congrats Brent Simmons on bringing NetNewsWire home. The Mac can use a modern RSS reader that can stand the test of time." John Gruber, a columnist on Apple ecosystem, said, "Black Pixel did a great job taking over NetNewsWire, but times change, and companies change. Handing the NetNewsWire name back to Brent was a classy move, but completely unsurprising to me, knowing George and the other folks at Black Pixel."

"Almost 25 years after it was released, Doom 2 has finally given up its last secret..." writes Polygon. An anonymous reader quotes their report: It's secret No. 4 on Map 15 (Industrial Zone). Now, the area in question has been known, seen and accessed by other means (usually a noclip cheat code). Getting to it without a cheat appears to be deliberately impossible, according to Doom co-creator John Romero. Romero tweeted out congratulations to the solution's discoverer, Zero Master. Zero Master figured out that the way to trigger the secret was to be pushed into the secret area by an enemy (in this case, a Pain Elemental).
Apparently the secret sector was an area just below the floor of a teleporter -- but entering that teleporter meant players rose up to the level of the teleporter's floor, according to Romero, so "you never enter the sector... you would never get inside the teleporter sector to trigger the secret."

One Reddit user notes Zero Master "has the first legit Doom 2 100% save file on earth, after 24 years."

Apple's self-driving car program has reported its first-ever accident, according to a filing to the state's DMV. No injuries were reported. AppleInsider reports: A test car was rear-ended by a Nissan Leaf while merging onto an expressway, Bloomberg's Mark Gurman said on Twitter. The Apple vehicle suffered "moderate" damage. Details are still forthcoming, so it's unclear if the fault was with the Nissan driver, Apple's hardware and software, or some combination of the two. In an update, AppleInsider provided the following information: "The Apple vehicle, a Lexus SUV, was merging onto the Lawrence Expressway in California's Bay Area on Aug. 24, Gurman later wrote, citing a filing by Apple's Steve Kenner with the Department of Motor Vehicles. The Leaf was moving at just 15 miles per hour, but was also damaged."

Earlier this month, computer programmer John McAfee released "the world's first un-hackable storage for cryptocurrency & digital assets" -- a $120 device, called the Bitfi wallet, that McAfee claimed contained no software or storage. McAfee was so sure of its security that it launched with a bug bounty inviting researchers to try and hack the wallet in return for a $250,000 award. Lo and behold, a researcher by the name of Andrew Tierney managed to hack the wallet, but Bitfi declined to pay out, arguing that the hack was outside the scope of the bounty. TechCrunch is now reporting that Tierney has managed to hack the Bitfi wallet again. An anonymous reader shares the report: Security researchers have now developed a second attack, which they say can obtain all the stored funds from an unmodified Bitfi wallet. The Android-powered $120 wallet relies on a user-generated secret phrase and a "salt" value -- like a phone number -- to cryptographically scramble the secret phrase. The idea is that the two unique values ensure that your funds remain secure. But the researchers say that the secret phrase and salt can be extracted, allowing private keys to be generated and the funds stolen. Using this "cold boot attack," it's possible to steal funds even when a Bitfi wallet is switched off. Within an hour of the researchers posting the video, Bitfi said in a tweeted statement that it has "hired an experienced security manager, who is confirming vulnerabilities that have been identified by researchers."

An anonymous reader quotes a report from The Verge: President Donald Trump intensified his criticism of Google today, posting a native video of unknown origin to his Twitter account this afternoon claiming the search giant stopped promoting the State of the Union (SOTU) address on its homepage after he took office. It turns out the video he posted is not only misleading, but also contains what appears to be a fake screenshot of the Google homepage on the day in question. It has since been viewed more than 1.5 million times. In a statement given to The Verge, a Google spokesperson clarifies that the company promoted neither former President Barack Obama nor Trump's inaugural SOTU addresses in 2009 and 2017, respectively. That's because they were not technically State of the Union addresses, but "addresses to a joint session" of Congress, a tradition set back in 1993 so that new presidents didn't have to immediately deliver SOTU addresses after holding office for just a few weeks. Google resumed promoting Obama's SOTU address in 2010 and continued to do so through 2016, as he held office for all six of those years.

With regards to the 2018 SOTU, Google says it did in fact promote it on its homepage. "On January 30th 2018, we highlighted the livestream of President Trump's State of the Union on the google.com homepage," reads Google's statement. "We have historically not promoted the first address to Congress by a new President, which is not a State of the Union address. As a result, we didn't include a promotion on google.com for this address in either 2009 or 2017."

dmoberhaus writes: Yesterday, a writer for SB Nation named Natalie Weiner posted a screenshot of a rejection form she received when she tried to sign up for a website. Her submission was rejected because a spam algorithm considered her last name "offensive." After she posted about this, hundreds of other people with similarly "offensive" last names sounded off about how they had experienced similar issues. As it turns out, this phenomenon is so widespread that it has a name among computer scientists. It's called the Scunthorpe problem and it's been a scourge of the internet since the beginning. Motherboard spoke to content moderation experts about its origins and why it's such a hard problem to solve 20 years later. A big reason why the problem has yet to be solved is "because creating effective obscenity filters depends on the filter's ability to understand a word in context," reports Motherboard. "Despite advances in [AI], this is something that even the most advanced machine-learning algorithms still struggle with today."

"This works both ways around," Michael Veale, a researcher studying responsible machine learning at University College London, told Motherboard. "Cock (a bird) and Dick (the given name) are both harmless in certain contexts, even in children's settings online, but in other cases parents might not want them used. Equally, those wanting to abuse a system can find ways around it."

dmoberhaus writes: Yesterday, a writer for SB Nation named Natalie Weiner posted a screenshot of a rejection form she received when she tried to sign up for a website. Her submission was rejected because a spam algorithm considered her last name "offensive." After she posted about this, hundreds of other people with similarly "offensive" last names sounded off about how they had experienced similar issues. As it turns out, this phenomenon is so widespread that it has a name among computer scientists. It's called the Scunthorpe problem and it's been a scourge of the internet since the beginning. Motherboard spoke to content moderation experts about its origins and why it's such a hard problem to solve 20 years later. A big reason why the problem has yet to be solved is "because creating effective obscenity filters depends on the filter's ability to understand a word in context," reports Motherboard. "Despite advances in [AI], this is something that even the most advanced machine-learning algorithms still struggle with today."

"This works both ways around," Michael Veale, a researcher studying responsible machine learning at University College London, told Motherboard. "Cock (a bird) and Dick (the given name) are both harmless in certain contexts, even in children's settings online, but in other cases parents might not want them used. Equally, those wanting to abuse a system can find ways around it."

dmoberhaus writes: Yesterday, a writer for SB Nation named Natalie Weiner posted a screenshot of a rejection form she received when she tried to sign up for a website. Her submission was rejected because a spam algorithm considered her last name "offensive." After she posted about this, hundreds of other people with similarly "offensive" last names sounded off about how they had experienced similar issues. As it turns out, this phenomenon is so widespread that it has a name among computer scientists. It's called the Scunthorpe problem and it's been a scourge of the internet since the beginning. Motherboard spoke to content moderation experts about its origins and why it's such a hard problem to solve 20 years later. A big reason why the problem has yet to be solved is "because creating effective obscenity filters depends on the filter's ability to understand a word in context," reports Motherboard. "Despite advances in [AI], this is something that even the most advanced machine-learning algorithms still struggle with today."

"This works both ways around," Michael Veale, a researcher studying responsible machine learning at University College London, told Motherboard. "Cock (a bird) and Dick (the given name) are both harmless in certain contexts, even in children's settings online, but in other cases parents might not want them used. Equally, those wanting to abuse a system can find ways around it."

dmoberhaus writes: Yesterday, a writer for SB Nation named Natalie Weiner posted a screenshot of a rejection form she received when she tried to sign up for a website. Her submission was rejected because a spam algorithm considered her last name "offensive." After she posted about this, hundreds of other people with similarly "offensive" last names sounded off about how they had experienced similar issues. As it turns out, this phenomenon is so widespread that it has a name among computer scientists. It's called the Scunthorpe problem and it's been a scourge of the internet since the beginning. Motherboard spoke to content moderation experts about its origins and why it's such a hard problem to solve 20 years later. A big reason why the problem has yet to be solved is "because creating effective obscenity filters depends on the filter's ability to understand a word in context," reports Motherboard. "Despite advances in [AI], this is something that even the most advanced machine-learning algorithms still struggle with today."

"This works both ways around," Michael Veale, a researcher studying responsible machine learning at University College London, told Motherboard. "Cock (a bird) and Dick (the given name) are both harmless in certain contexts, even in children's settings online, but in other cases parents might not want them used. Equally, those wanting to abuse a system can find ways around it."

dmoberhaus writes: Yesterday, a writer for SB Nation named Natalie Weiner posted a screenshot of a rejection form she received when she tried to sign up for a website. Her submission was rejected because a spam algorithm considered her last name "offensive." After she posted about this, hundreds of other people with similarly "offensive" last names sounded off about how they had experienced similar issues. As it turns out, this phenomenon is so widespread that it has a name among computer scientists. It's called the Scunthorpe problem and it's been a scourge of the internet since the beginning. Motherboard spoke to content moderation experts about its origins and why it's such a hard problem to solve 20 years later. A big reason why the problem has yet to be solved is "because creating effective obscenity filters depends on the filter's ability to understand a word in context," reports Motherboard. "Despite advances in [AI], this is something that even the most advanced machine-learning algorithms still struggle with today."

"This works both ways around," Michael Veale, a researcher studying responsible machine learning at University College London, told Motherboard. "Cock (a bird) and Dick (the given name) are both harmless in certain contexts, even in children's settings online, but in other cases parents might not want them used. Equally, those wanting to abuse a system can find ways around it."

The leader of the firm behind the hit game Fortnite has accused Google of being "irresponsible" in the way it revealed a flaw affecting the Android version of the title. BBC, with additional input from Slashdot staff: On Friday, Google made public that hackers could hijack the game's installation software to load malware. The installer is needed because Epic Games has bypassed Google's app store to avoid giving it a cut of sales. Epic's chief executive said Google should have delayed sharing the news. "Android is an open platform. We released software for it. When Google identified a security flaw, we worked around the clock (literally) to fix it and release an update. The only irresponsible thing here is Google's rapid public release of technical details," he said. "We asked Google to hold the disclosure until the update was more widely installed," tweeted Tim Sweeney. "They refused, creating an unnecessary risk for Android users in order to score cheap PR points."

Multiple people on live streams and social media reported a mass shooting at a Madden NFL 19 tournament in Jacksonville, Florida, this morning. The Jacksonville County Sheriff's Office confirmed that law enforcement was en route to the scene but had no further information early this afternoon. From a report: In the video, two competitors are playing when someone starts screaming off camera. As the first of nine shots break out, they abandon their stations and others are heard fleeing. Then a man is heard crying out, "What did he shoot me with?" Three more shots are fired and screaming can be heard. This weekend at Jacksonville Landing downtown was the first of four qualifier events for the Madden Classic series sponsored by EA Sports. CNN: "Multiple fatalities at the scene, many transported. #TheLandingMassShooting," according to Jacksonville Sheriff's twitter page, which urged people to "stay far away from the area" as the area is not safe at this time. "One suspect is dead at the scene, unknown at this time if we have a second suspect. Searches are being conducted," according to another tweet from the sheriff's office In a statement issued moments ago, EA Sports Madden NFL said, "This is a horrible situation, and our deepest sympathies go out to all involved."

Top competitor Drini Gjoka, who was at the event and reported the terrifying scene, said, "The tourney just got shot up. Im leavinng and never coming back. I am literally so lucky. The bullet hit my thumb. I will never take anything for granted ever again. Life can be cut short in a second.

Update: LA Times reports that the shooter was a gamer who was competing in the tournament and lost, according to Steven "Steveyj" Javaruski, one of the competitors.

An anonymous reader quotes the Washington Examiner: The Energy Department is participating in a major push with electric utility Southern and a company founded by Microsoft founder Bill Gates to develop small nuclear power reactors that are less expensive and more efficient than their much larger cousins. "Molten salt reactors are getting a reboot," the Energy Department tweeted late Wednesday, offering a schematic of a battery-like power plant module that "could power America's energy"... The Department of Energy linked to a detailed description of how its Oak Ridge National Laboratory and other federal labs are teaming up with Southern Company, a big coal utility with several nuclear plants, and Gates' TerraPower to test and develop a type of reactor that uses liquefied sodium "as both coolant and fuel."

These liquid-metal reactors are sometimes referred to as nuclear batteries because they are small, self-contained units, which theoretically can be deployed anywhere, although the version being tested at Oak Ridge appears to be one requiring a permanent structure and housing. TerraPower was awarded a $40 million award by the Energy Department in 2016 to pursue the project.
Currently it's in the "early design phase" to assess commercial viability, but testing will begin in 2019, "which will help validate the reactor's safety systems for license certification by the Nuclear Regulatory Commission."

In a blog post, Google shared an update regarding its efforts to combat state-sponsored phishing attacks and to remove accounts associated with an influence operation linked to Iran. Engadget reports: The company said that in recent months, it has detected and blocked state-sponsored groups from targeting political campaigns, journalists, activists and academics with phishing attempts. Google has also been working with the cybersecurity group FireEye, which has been providing Google with information on an Iran-based misinformation operation. FireEye identified three email accounts, three YouTube channels and three Google+ accounts linked to that operation, which Google subsequently took down.

In conjunction to the intelligence provided by FireEye, Google also investigated other suspicious groups linked to Iran. The company identified and removed 39 YouTube channels, six Blogger blogs and 13 Google+ accounts it believed to be connected to the Islamic Republic of Iran Broadcasting. Relevant videos on the now-terminated YouTube channels had garnered 13,466 views in the U.S. Facebook and Twitter were also made aware of the Iranian operation. Twitter announced that it suspended 284 accounts believed to have originated from Iran for "engaging in coordinated manipulation." Meanwhile, Facebook said it removed "652 pages that it says were linked to a campaign originating in Iran, as well as an unspecified number of accounts liked to Russian military intelligence services," reports Engadget.

A folder containing an estimated 14.8 million Texas voter records was left on an unsecured server without a password. Considering Texas has 19.3 million registered voters, this leak is very substantial. The file was discovered by a New Zealand-based data breach hunter who goes by the pseudonym Flash Gordon. TechCrunch reports: It's not clear who owned the server where the exposed file was found, but an analysis of the data reveals that it was likely originally compiled by Data Trust, a Republican-focused data analytics firm created by the GOP to provide campaigns with voter data. The file -- close to 16 gigabytes in size -- contained dozens of fields, including personal information like a voter's name, address, gender and several years' worth of voting history, including primaries and presidential elections. It's not known exactly when the data was compiled, but an analysis of the data suggests it was prepared in time for the 2016 presidential election. It's also not known if the file is a subset of the 198 million records leak last year -- or if it's a standalone data set.

An anonymous reader quotes a report from The Register: Intel has backtracked on the license for its latest microcode update that mitigates security vulnerabilities in its processors -- after the previous wording outlawed public benchmarking of the chips. The reason for Intel's insistence on a vow of silence is that -- even with the new microcode in place -- turning off hyper-threading is necessary to protect virtual machines from attack via Foreshadow -- and that move comes with a potential performance hit. Predictably, Intel's contractual omerta had the opposite effect and drew attention to the problem. "Performance is so bad on the latest Spectre patch that Intel had to prohibit publishing benchmarks," said Lucas Holt, MidnightBSD project lead, via Twitter.

In response to the outcry, Intel subsequently said it would rewrite the licensing terms. And now the fix is in. Via Twitter, Imad Sousou, corporate VP and general manager of Intel Open Source Technology Center, on Thursday said: "We have simplified the Intel license to make it easier to distribute CPU microcode updates and posted the new version here. As an active member of the open source community, we continue to welcome all feedback and thank the community." The reworked license no longer prohibits benchmarking. Long-time Slashdot reader and open-source pioneer, Bruce Perens, first brought Intel's microcode update to our attention. In a phone interview with The Register, Perens said he approved of the change. "This is a relatively innocuous license for proprietary software and it can be distributed in the non-free section of Debian, which is where is used to be, and it should be distributable by other Linux distributions," he said. "You can't expect every lawyer to understand CPUs. Sometimes they have to have a deep conversation with their technical people."

An anonymous reader quotes a report from The Register: Intel has backtracked on the license for its latest microcode update that mitigates security vulnerabilities in its processors -- after the previous wording outlawed public benchmarking of the chips. The reason for Intel's insistence on a vow of silence is that -- even with the new microcode in place -- turning off hyper-threading is necessary to protect virtual machines from attack via Foreshadow -- and that move comes with a potential performance hit. Predictably, Intel's contractual omerta had the opposite effect and drew attention to the problem. "Performance is so bad on the latest Spectre patch that Intel had to prohibit publishing benchmarks," said Lucas Holt, MidnightBSD project lead, via Twitter.

In response to the outcry, Intel subsequently said it would rewrite the licensing terms. And now the fix is in. Via Twitter, Imad Sousou, corporate VP and general manager of Intel Open Source Technology Center, on Thursday said: "We have simplified the Intel license to make it easier to distribute CPU microcode updates and posted the new version here. As an active member of the open source community, we continue to welcome all feedback and thank the community." The reworked license no longer prohibits benchmarking. Long-time Slashdot reader and open-source pioneer, Bruce Perens, first brought Intel's microcode update to our attention. In a phone interview with The Register, Perens said he approved of the change. "This is a relatively innocuous license for proprietary software and it can be distributed in the non-free section of Debian, which is where is used to be, and it should be distributable by other Linux distributions," he said. "You can't expect every lawyer to understand CPUs. Sometimes they have to have a deep conversation with their technical people."

Last month, Bloomberg shed some light on a secretive Australian startup called Zoox that is working on an autonomous vehicle unlike any other. It can reportedly make noises to communicate with pedestrians and drive bidirectionally, meaning it can cruise into a parking spot one way and cruise out the other. Today, it is being reported that their CEO Tim Kentley-Klay is being dismissed from the company after closing a massive financing round in July to the tune of $500 million. From the report: Kentley-Klay tweeted on Wednesday that the firing came "without a warning, cause or right of reply." "Today was Silicon Valley up to its worst tricks," he wrote. Jesse Levinson, the company's other co-founder and current chief technology officer, will be promoted to president, said a person familiar with the decision who asked not to be identified because the discussions are private. The person declined to offer an explanation for the move. Carl Bass, the former CEO of Autodesk and a Zoox board member, was named executive chairman for the company.

In an emotional missive on Twitter, Kentley-Klay criticized the board for their decision. "Rather than working through the issues in an epic startup for the win, the board chose the path of fear," he wrote, charging that the directors were "optimizing for a little money in hand at the expense of profound progress." Before starting Zoox, Kentley-Klay was offered a job with Google's self-driving project, now called Waymo. He turned it down, and has touted Zoox's strategy of building its own vehicles for full autonomy as wiser than the standard approach of retrofitting existing cars that Alphabet Inc.'s Waymo and others are taking. The Zoox board, which includes Levinson, voted to oust Kentley-Klay, said the person familiar with the situation.

Long-time Slashdot reader Bruce Perens writes: The Register reports that Debian is rejecting a new Intel microcode update because of a new license term prohibiting the use of the CPU for benchmarks and profiling.

There is a new license term applied to the new microcode: "You will not, and will not allow any third party to (i) use, copy, distribute, sell or offer to sell the Software or associated documentation; (ii) modify, adapt, enhance, disassemble, decompile, reverse engineer, change or create derivative works from the Software except and only to the extent as specifically required by mandatory applicable laws or any applicable third party license terms accompanying the Software; (iii) use or make the Software available for the use or benefit of third parties; or (iv) use the Software on Your products other than those that include the Intel hardware product(s), platform(s), or software identified in the Software; or (v) publish or provide any Software benchmark or comparison test results." UPDATE:: Intel has reworked the license to no longer prohibit benchmarking. Imad Sousou, corporate VP and general manager of Intel Open Source Technology Center, tweeted on Thursday: "We have simplified the Intel license to make it easier to distribute CPU microcode updates and posted the new version here. As an active member of the open source community, we continue to welcome all feedback and thank the community."
The security fixes are known to significantly slow down Intel processors, which won't just disappoint customers and reduce the public regard of Intel, it will probably lead to lawsuits (if it hasn't already). Suddenly having processors that are perhaps 5% to 10% slower, if they are to be secure, is a significant damage to many companies that run server farms or provide cloud services. I'm not blaming Intel for this, I don't know if Intel could have foreseen the problem. Since some similar exploits have been discovered for AMD and ARM CPUs, the answer could be "no." But certainly customers are upset.

Another issue is whether the customer should install the fix at all. Many computer users don't allow outside or unprivileged users to run on their CPUs the way a cloud or hosting company does. For them, these side-channel and timing attacks are mostly irrelevant, and the slowdown incurred by installing the fix is unnecessary.

So, lots of people are interested in the speed penalty incurred in the microcode fixes, and Intel has now attempted to gag anyone who would collect information for reporting about those penalties, through a restriction in their license. Bad move. The correct way to handle security problems is to own up to the damage, publish mitigations, and make it possible for your customers to get along. Hiding how they are damaged is unacceptable. Silencing free speech by those who would merely publish benchmarks? Bad business. Customers can't trust your components when you do that.

An anonymous reader quotes a report from TechCrunch: A "legacy system" was to blame for exposing the contact information of attendees of this year's Black Hat security conference. Colorado-based pen tester and security researcher who goes by the handle NinjaStyle said it would have taken about six hours to collect all the registered attendees' names, email and home addresses, company names and phone numbers from anyone who registered for the 2018 conference. In a blog post, he explained that he used a reader to access the data on his NFC-enabled conference badge, which stored his name in plaintext and other scrambled data. The badge also contained a web address to download BCard, a business card reader app. After decompiling the BCard app, the researcher found an API endpoint in its code, which he used to pull his own data from the server without any security checks. By enumerating and cycling through unique badge ID numbers, he was able to download a few hundred Black Hat attendee records from the server. The API was not rate limited either at all or enough to prevent the mass downloading of attendee records, the blog post said. The legacy system's API was disabled within a day of the disclosure. Black Hat said in a statement: "Thanks to them for disclosing this promptly and responsibly to our technology partner, who addressed the vulnerability immediately. We're working with our partner to ensure this isn't an issue in the future."

The sports world has been dealing with the human error of referees and umpires for decades -- it's pretty much tradition at this point. But with technology that can assess the game more accurately, some athletes are ready to push the people calling balls and strikes off the field in favor of technology. From a report: On Tuesday, Chicago Cubs second baseman Ben Zobrist, one of the most vocal supporters of turning over baseball rulings to software, used an argument with the umpire as a chance to advocate for a change in the league. The comment reinvigorated a long-standing debate over automation in sports. You're out! As you watch baseball on television, a graphic is often overlaid on the action that shows in real time whether a pitch is a ball or a strike. But human umps are still making the calls on the field based on nothing but their own eyes. Increasingly, viewers and players would rather have the technology take over.

An anonymous reader quotes a report from Ars Technica: Hackers have uncovered and tested a screen-splitting "VR Mode" that has been buried in the Switch's system-level firmware for over a year. The discovery suggests that Nintendo at least toyed with the idea that the tablet system could serve as a stereoscopic display for a virtual reality headset. Switch hackers first discovered and documented references to a "VrMode" in the Switch OS' Applet Manager services back in December when analyzing the June 2017 release of version 3.0.0 of the system's firmware. But the community doesn't seem to have done much testing of the internal functions "IsVrModeEnabled" and "SetVrModeEnabled" at the time. That changed shortly after Switch modder OatmealDome publicly noted one of the VR functions earlier this month, rhetorically asking, "has anyone actually tried calling it?" Fellow hacker random0666 responded with a short Twitter video (and an even shorter followup) showing the results of an extremely simple homebrew testing app that activates the system's VrMode functions.

As you can see in those video links, using those functions to enable the Switch's VR mode splits the screen vertically into two identical half-sized images, in much the way other VR displays split an LCD screen to create a stereoscopic 3D effect. System-level UI elements appear on both sides of the screen when the mode is enabled, and the French text shown in the test can be roughly translated to "Please move the console away from your face and click the close button." The location of the functions in the Switch firmware suggest they're part of Nintendo's own Switch code and not generic functions included in other Nvidia Tegra-based hardware.

An anonymous reader quotes a report from Ars Technica: Hackers have uncovered and tested a screen-splitting "VR Mode" that has been buried in the Switch's system-level firmware for over a year. The discovery suggests that Nintendo at least toyed with the idea that the tablet system could serve as a stereoscopic display for a virtual reality headset. Switch hackers first discovered and documented references to a "VrMode" in the Switch OS' Applet Manager services back in December when analyzing the June 2017 release of version 3.0.0 of the system's firmware. But the community doesn't seem to have done much testing of the internal functions "IsVrModeEnabled" and "SetVrModeEnabled" at the time. That changed shortly after Switch modder OatmealDome publicly noted one of the VR functions earlier this month, rhetorically asking, "has anyone actually tried calling it?" Fellow hacker random0666 responded with a short Twitter video (and an even shorter followup) showing the results of an extremely simple homebrew testing app that activates the system's VrMode functions.

As you can see in those video links, using those functions to enable the Switch's VR mode splits the screen vertically into two identical half-sized images, in much the way other VR displays split an LCD screen to create a stereoscopic 3D effect. System-level UI elements appear on both sides of the screen when the mode is enabled, and the French text shown in the test can be roughly translated to "Please move the console away from your face and click the close button." The location of the functions in the Switch firmware suggest they're part of Nintendo's own Switch code and not generic functions included in other Nvidia Tegra-based hardware.

An anonymous reader quotes a report from Ars Technica: Hackers have uncovered and tested a screen-splitting "VR Mode" that has been buried in the Switch's system-level firmware for over a year. The discovery suggests that Nintendo at least toyed with the idea that the tablet system could serve as a stereoscopic display for a virtual reality headset. Switch hackers first discovered and documented references to a "VrMode" in the Switch OS' Applet Manager services back in December when analyzing the June 2017 release of version 3.0.0 of the system's firmware. But the community doesn't seem to have done much testing of the internal functions "IsVrModeEnabled" and "SetVrModeEnabled" at the time. That changed shortly after Switch modder OatmealDome publicly noted one of the VR functions earlier this month, rhetorically asking, "has anyone actually tried calling it?" Fellow hacker random0666 responded with a short Twitter video (and an even shorter followup) showing the results of an extremely simple homebrew testing app that activates the system's VrMode functions.

As you can see in those video links, using those functions to enable the Switch's VR mode splits the screen vertically into two identical half-sized images, in much the way other VR displays split an LCD screen to create a stereoscopic 3D effect. System-level UI elements appear on both sides of the screen when the mode is enabled, and the French text shown in the test can be roughly translated to "Please move the console away from your face and click the close button." The location of the functions in the Switch firmware suggest they're part of Nintendo's own Switch code and not generic functions included in other Nvidia Tegra-based hardware.

It's a day that developers of some of the most high-profile Twitter third-party apps have dreaded, though it's one they've long-known was coming: Twitter is finally shutting off some of the developer tools that popular apps like Tweetbot and Twitterific have heavily relied on. From a report: With the change, many third-party Twitter apps will lose some functionality, like the ability to instantly refresh users' Twitter feeds and send push notifications. It won't make these apps unusable -- in some cases the apps' users may not even immediately notice the changes -- but it's a drastic enough change that developers have mounted a public campaign against the decision.

Now, Twitter is finally weighing in on the changes, after months of publicly declining to comment on the state of third-party Twitter clients. The verdict, unsurprisingly, is complicated. The company is adamant that its goal isn't to single out these developers. The company is retiring these APIs out of necessity, it says, as it's no longer feasible to support them."We are sunsetting very old, legacy software that we don't have an ability to keep supporting for practical reasons," says Ian Caims, group product manager at Twitter. At the same time, though, the company has also made a conscious decision not to create new APIs with the same functionality. Here's how Twitter's senior director of product management Rob Johnson explains the move: "It is now time to make the hard decision to end support for these legacy APIs -- acknowledging that some aspects of these apps would be degraded as a result. Today, we are facing technical and business constraints we can't ignore. The User Streams and Site Streams APIs that serve core functions of many of these clients have been in a 'beta' state for more than 9 years, and are built on a technology stack we no longer support.

Developer Guilherme Rambo has revealed that the 32-person FaceTime group chat feature "has been removed from the initial release of iOS 12." Apple says the feature "will ship in a future software update later this fall." The Verge: Group FaceTime chats will allow 32 participants in a video call, with tiles of people's faces where you can manually select people to highlight them in the main interface. Apple's delay to group FaceTime chats comes after the company delayed its AirPlay 2 introduction in iOS.

Tesla CEO Elon Musk announced he would share the source code for Tesla's car security software with other manufacturers, adding that it would be "extremely important" to ensure the safety of future self-driving cars. Engadget reports: Musk didn't provide a timeline for availability, and you might not want to get your hopes up when it took years for Tesla just to post any source code. And this isn't strictly a selfless gesture. If rival brands adopt Tesla's approach, it could set an unofficial standard for connected car security that would look good from a marketing standpoint. The code could provide a boost to connected car security if and when it arrives. There are few common frameworks (technical or legal) for safeguarding networked vehicles, and security might not always be a top priority. This could give companies a baseline level of security that would save brands the trouble of developing an effective defense from scratch.

U.S.-based PC case manufacturer, CaseLabs, announced on social media that it is "closing permanently" and will not be able to fill all current orders. "We have been forced into bankruptcy and liquidation," CaseLabs said in a statement. "The tariffs have played a major role raising prices by almost 80 percent (partly due to associated shortages), which cut deeply into our margins. The default of a large account added greatly to the problem... We reached out for a possible deal that would allow us to continue on and persevere through these difficult times, but in the end, it didn't happen." PC Gamer reports: CaseLabs is likely referring to the growing number of tariffs being enforced on Chinese imports by the United States government. China and the US are currently engaged in a trade war, causing many U.S. companies to lose money, lay off employees, or close entirely. CaseLabs went on to say that it won't be able to fill the backlog of case orders, but other parts will most likely ship to customers. "We are so incredibly sorry this is happening. Our user community has been very devoted to us and it's awful to think that we have let any of you down."

New submitter rokahasch writes: Starting today, August 10th, most users of the Dropbox desktop app on Linux have been receiving notifications that their Dropbox will stop syncing starting November. Over at the Dropbox forums, Dropbox have declared that the only Linux filesystem supported for storage of the Dropbox sync folder starting the 7th of November will be on a clean ext4 file system. This basically means Dropbox drops Linux support completely, as almost all Linux distributions have other file systems as their standard installation defaults nowadays -- not to mention encryption running on top of even an ext4 file system, which won't qualify as a clean ext4 file system for Dropbox (such as eCryptfs which is the default in, for example, Ubuntu for encrypted home folders).

The thread is trending heavily on Dropbox' forums with the forum's most views since the thread started earlier today. The cries from a large amount of Linux users have so far remained unanswered from Dropbox, with most users finding the explanation given for this change unconvincing. The explanation given so far is that Dropbox requires a file system with support for Extended attributes/Xattrs. Extended attributes however are supported by all major Linux/Posix complaint file systems. Dropbox has, up until today, supported Linux platforms since their services began back in 2007. A number of users have taken to Twitter to protest the move. Twitter user troyvoy88 tweets: "Well, you just let the shitstorm loose @Dropbox dropping support for some linux FS like XFS and BTRFS. No way in hell im going to reformat my @fedora #development station and removing encryption no way!"

Another user by the name of daltux wrote: "It will be time to say goodbye then, @Dropbox. I won't store any personal files on an unencrypted partition."

New submitter rokahasch writes: Starting today, August 10th, most users of the Dropbox desktop app on Linux have been receiving notifications that their Dropbox will stop syncing starting November. Over at the Dropbox forums, Dropbox have declared that the only Linux filesystem supported for storage of the Dropbox sync folder starting the 7th of November will be on a clean ext4 file system. This basically means Dropbox drops Linux support completely, as almost all Linux distributions have other file systems as their standard installation defaults nowadays -- not to mention encryption running on top of even an ext4 file system, which won't qualify as a clean ext4 file system for Dropbox (such as eCryptfs which is the default in, for example, Ubuntu for encrypted home folders).

The thread is trending heavily on Dropbox' forums with the forum's most views since the thread started earlier today. The cries from a large amount of Linux users have so far remained unanswered from Dropbox, with most users finding the explanation given for this change unconvincing. The explanation given so far is that Dropbox requires a file system with support for Extended attributes/Xattrs. Extended attributes however are supported by all major Linux/Posix complaint file systems. Dropbox has, up until today, supported Linux platforms since their services began back in 2007. A number of users have taken to Twitter to protest the move. Twitter user troyvoy88 tweets: "Well, you just let the shitstorm loose @Dropbox dropping support for some linux FS like XFS and BTRFS. No way in hell im going to reformat my @fedora #development station and removing encryption no way!"

Another user by the name of daltux wrote: "It will be time to say goodbye then, @Dropbox. I won't store any personal files on an unencrypted partition."

olsmeister writes: A security flaw in the Comcast Xfinity online portal exposed social security numbers and partial home addresses of more than 26.5 million subscribers, according to security researcher Ryan Stevenson. Comcast says the flaws have already been patched and that it currently has no reason to believe that the flaws were ever exploited. BuzzFeed reports of the two vulnerabilities: One of the flaws could be exploited by going to an "in-home authentication" page where customers can pay their bills without signing in. The portal asked customers to verify their account by choosing from one of four partial home addresses it suggested, if the device was (or seemed like it was) connected to the customer's home network. If a hacker obtained a customer's IP address and spoofed Comcast using an "X-forwarded-for" technique, they could repeatedly refresh this login page to reveal the customer's location. That's because each time the page refreshed, three addresses would change, while one address, the correct address, remained the same. Eventually, the page would show the first digit of the street number and first three letters of the correct street name, while asterisks hid the remaining characters. A hacker could then use IP lookup websites to determine the city, state, and postal code of the partial address.

In the second vulnerability that Stevenson discovered, a sign-up page through the website for Comcast's Authorized Dealers (sales agents stationed at non-Comcast retail locations) revealed the last four digits of customers' Social Security numbers. Armed with just a customer's billing address, a hacker could brute-force (in other words, repeatedly try random four-digit combinations until the correct combination is guessed) the last four digits of a customer's Social Security number. Because the login page did not limit the number of attempts, hackers could use a program that runs until the correct Social Security number is inputted into the form. After learning of these vulnerabilities, Comcast disabled in-home authentication and put a strict rate limit on the portal. Here's what a Comcast spokesperson had to say about the matter: "We quickly investigated these issues and within hours we blocked both vulnerabilities, eliminating the ability to conduct the actions described by these researchers. We take our customers' security very seriously, and we have no reason to believe these vulnerabilities were ever used against Comcast customers outside of the research described in this report."

tacarat shares a report from The Next Web with the caption, "Oops": A GitHub with the handle i5xx, believed to be from the village of Tando Bago in Pakistan's southeastern Sindh province, created a GitHub repository called Source-Snapchat. At the time of writing, the repo has been removed by GitHub following a DMCA request from Snap Inc, so we can't take a closer look and see what it contains. That said, there are a few clues to its contents. The repository has a description of "Source Code for SnapChat," and is written in Apple's Objective-C programming language. This strongly suggests that the repo contained part or whole of the company's iOS application, although there's no way we can know for certain. It could just as easily be a minor component to the service, or a separate project from the company.

The most fascinating part of this saga is that the leak doesn't appear to be malicious, but rather comes from a researcher who found something, but wasn't able to communicate his findings to the company. According to several posts on a Twitter account believed to belong to i5xx, the researcher tried to contact SnapChat, but was unsuccessful. "The problem we tried to communicate with you but did not succeed In that we decided [sic] Deploy source code," wrote i5xx. The account also threatened to re-upload the source code. "I will post it again until you reply :)," he said. A Snap spokesperson said in a statement: "An iOS update in May exposed a small amount of our source code and we were able to identify the mistake and rectify it immediately. We discovered that some of this code had been posted online and it has been subsequently removed. This did not compromise our application and had no impact on our community."

According to Motherboard, some researchers appear to be trading the data privately.

Military troops and other defense personnel at sensitive bases or certain high-risk warzone areas won't be allowed to use fitness tracker or cellphone applications that can reveal their location, according to a new Pentagon order. From a report: The memo, obtained by The Associated Press, stops short of banning the fitness trackers or other electronic devices, which are often linked to cellphone applications or smart watches and can provide the users' GPS and exercise details to social media. It says the applications on personal or government-issued devices present a "significant risk" to military personnel so those capabilities must be turned off in certain operational areas. Under the new order, military leaders will be able to determine whether troops under their command can use the GPS function on their devices, based on the security threat in that area or on that base. "These geolocation capabilities can expose personal information, locations, routines, and numbers of DOD personnel, and potentially create unintended security consequences and increased risk to the joint force and mission," the memo said. Zack Whittaker, a security reporter at TechCrunch, said, DoD's statement today appears to be a response to the revelation that fitness tracker app Polar was exposing locations of spies and military personnel.

The Venezuelan president, Nicolas Maduro, has survived an apparent assassination attempt involving drones that exploded close to him while he was speaking at an event in Caracas. State television showed Maduro abruptly cutting short his speech during a celebration of the National Guard's 81st anniversary. From a report: In a tweet, the president of Venezuela's National Assembly, Diosdado Cabello, called the incident at the military parade a "terrorist attack against the president and the high military command blaming the opposition for the violence." Venezuela's international government broadcaster, TeleSUR, said on Twitter that the Venezuelan government confirmed an attempted attack on Maduro. Venezuela's vice president for communications, Jorge Rodriguez, later addressed the nation on live TV at the request of Maduro. He said people heard explosions that corresponded to drones and heard drones detonate near a parade for the occasion.

Yesterday, during his quarterly earnings call, Tesla CEO Elon Musk revealed a new piece of hardware that the company is working on to perform all the calculations required to advance the self-driving capabilities of its vehicles. The specialized chip, known as "Hardware 3," will be "swapped into the Model S, X, and 3," reports TechCrunch. From the report: Tesla has thus far relied on Nvidia's Drive platform. So why switch now? By building things in-house, Tesla say it's able to focus on its own needs for the sake of efficiency. "We had the benefit [...] of knowing what our neural networks look like, and what they'll look like in the future," said Pete Bannon, director of the Hardware 3 project. Bannon also noted that the hardware upgrade should start rolling out next year. "The key," adds Elon "is to be able to run the neural network at a fundamental, bare metal level. You have to do these calculations in the circuit itself, not in some sort of emulation mode, which is how a GPU or CPU would operate. You want to do a massive amount of [calculations] with the memory right there." The final outcome, according to Elon, is pretty dramatic: He says that whereas Tesla's computer vision software running on Nvidia's hardware was handling about 200 frames per second, its specialized chip is able to crunch out 2,000 frames per second "with full redundancy and failover." Plus, as AI analyst James Wang points out, it gives Tesla more control over its own future.

In the next software update for its vehicles, Tesla will include several playable Atari games as new Easter eggs. CEO Elon Musk said the update would be released in "about four weeks" and should include games like Pole Position, Tempest, and Missile Command. The Verge reports: Pole Position's controls will apparently be linked to the Tesla's actual steering wheel -- while the vehicle is stopped, Musk made clear. It goes without saying, but no one should be messing around with any of these when they're behind the wheel of a moving car. A much bigger deal for Tesla owners is that, according to Musk, software version 9.0 will begin to enable "full self-driving features" in eligible vehicles. The new update might be discussed further during Tesla's earnings call later today.

U.S. District Judge Robert Lasnik issued a temporary restraining order Tuesday to stop the release of blueprints to make untraceable and undetectable 3D-printed plastic guns, saying they could end up in the wrong hands. Defense Distributed reached a settlement with the federal government in late June allowing them to freely publish the 3D files. NBC News reports: "There is a possibility of irreparable harm because of the way these guns can be made," he said. Congressional Democrats have urged President Donald Trump to reverse the decision to let Defense Distributed publish the plans. Trump said Tuesday that he's "looking into" the idea, saying making 3D plastic guns available to the public "doesn't seem to make much sense!" Eight Democratic attorneys general had filed a lawsuit Monday seeking to block the federal government's settlement with Defense Distributed. They also sought the restraining order, arguing the 3D guns would be a safety risk. Earlier today, Senate Democrats introduced two bills addressing 3D-printed guns. The first bill would make it illegal to publish 3D-printed gun blueprints. The second bill would require weapons to include at least one metal component with a serial number to make them traceable. Downloads of the 3D-printed gun blueprints have been suspended until Cody Wilson [the owner of Defense Distributed] reviews Lasnik's order. It is unclear how many times the blueprints were downloaded, but some news outlets say the online manuals have been downloaded thousands of times and posted elsewhere online.

An anonymous reader quotes a report from The Verge: Some newer Huawei phones are actively being blocked from installing the open-source VLC media player app from Google Play. VLC's developers announced today that they're blacklisting some of Huawei's devices after unhappy users left too many one-star reviews for the app. But the negative reviews stem from a decision on Huawei's part and has nothing to do with VLC. The negative reviews are a result of Huawei's aggressive battery management and tendency to kill background apps, which directly affects VLC's background audio playback feature. Huawei users on VLC's forums are well aware of the issue. It's possible to manually disable these battery optimizations and have the app function properly in the background, but VLC claims that people often don't know how to do that, so they blame the app instead. The devices being blacklisted are the Huawei P8, P10, and P20. Users can still manually download the APK from VLC's website if they're interested in using the player.

Okian Warrior shares a report from Electrek, written by Fred Lambert: One of Tesla's biggest anonymous trolls/shorts has been doxxed as an investment manager heavily invested in the oil industry. He has now deleted his Twitter account, which he used to promote his blog posts about Tesla and attack anyone saying anything that could be perceived as positive on Tesla, after Tesla CEO Elon Musk reportedly called his boss to complain about his behavior.

We are talking about "Montana Skeptic" who has been using Seeking Alpha, a financial blog aggregator, and Twitter to push the bear case on Tesla for the past 3 years. Hiding behind his anonymous persona on social media, Montana Skeptic went beyond just pushing the bear case. He also used the platforms to send insults and attacks to Tesla bulls, bloggers, YouTubers, and reporters discussing anything that he saw as potentially being positive for Tesla, including [this author] on numerous occasions to the point where I had to block him. But now that his real identity has been revealed to be Larry Fossi, a managing director at Rahr Enterprise, which is reportedly heavily invested in oil, we learn that his motivations could have originated from other reasons.

In a story earlier this week, Popular Science magazine explored an age-old topic: Do people need to safely eject a USB stick before they pull it from their computer? The magazine's take on it -- which is, as soon any ongoing transfer of files is complete, it is safe to yank out the flash drive -- has unsurprisingly stirred a debate. Here's what the magazine wrote: But do you really need to eject a thumb drive the right way? Probably not. Just wait for it to finish copying your data, give it a few seconds, then yank. To be on the cautious side, be more conservative with external hard drives, especially the old ones that actually spin. That's not the official procedure, nor the most conservative approach. And in a worst-case scenario, you risk corrupting a file or -- even more unlikely -- the entire storage device. To justify its rationale, the magazine has cited a number of computer science professors. In the same story, however, a director of product marketing at SanDisk made a case for why people should probably safely eject the device. He said, "Failure to safely eject the drive may potentially damage the data due to processes happening in the system background that are unseen to the user."

John Gruber of DaringFireball (where we originally spotted the story), makes a case for why users should safely eject the device before pulling it out: This is terrible advice. It's akin to saying you probably don't need to wear a seat belt because it's unlikely anything bad will happen. Imagine a few dozen people saying they drive without a seat belt every day and nothing's ever gone wrong, so it must be OK. (The breakdown in this analogy is that with seat belts, you know instantly when you need to be wearing one. With USB drives, you might not discover for months or years that you've got a corrupt file that was only partially written to disk when you yanked the drive.)

I see a bunch of "just pull out the drive and not worry about it" Mac users on Twitter celebrating this article, and I don't get it. On the Mac you have to do something on screen when you eject a drive. Either you properly eject it before unplugging the drive -- one click in the Finder sidebar -- or you need to dismiss the alert you'll get about having removed a drive that wasn't properly ejected. Why not take the course of action that guarantees data integrity? What are your thoughts on this? Do you think the answer varies across different file systems and operating systems?

In a story earlier this week, Popular Science magazine explored an age-old topic: Do people need to safely eject a USB stick before they pull it from their computer? The magazine's take on it -- which is, as soon any ongoing transfer of files is complete, it is safe to yank out the flash drive -- has unsurprisingly stirred a debate. Here's what the magazine wrote: But do you really need to eject a thumb drive the right way? Probably not. Just wait for it to finish copying your data, give it a few seconds, then yank. To be on the cautious side, be more conservative with external hard drives, especially the old ones that actually spin. That's not the official procedure, nor the most conservative approach. And in a worst-case scenario, you risk corrupting a file or -- even more unlikely -- the entire storage device. To justify its rationale, the magazine has cited a number of computer science professors. In the same story, however, a director of product marketing at SanDisk made a case for why people should probably safely eject the device. He said, "Failure to safely eject the drive may potentially damage the data due to processes happening in the system background that are unseen to the user."

John Gruber of DaringFireball (where we originally spotted the story), makes a case for why users should safely eject the device before pulling it out: This is terrible advice. It's akin to saying you probably don't need to wear a seat belt because it's unlikely anything bad will happen. Imagine a few dozen people saying they drive without a seat belt every day and nothing's ever gone wrong, so it must be OK. (The breakdown in this analogy is that with seat belts, you know instantly when you need to be wearing one. With USB drives, you might not discover for months or years that you've got a corrupt file that was only partially written to disk when you yanked the drive.)

I see a bunch of "just pull out the drive and not worry about it" Mac users on Twitter celebrating this article, and I don't get it. On the Mac you have to do something on screen when you eject a drive. Either you properly eject it before unplugging the drive -- one click in the Finder sidebar -- or you need to dismiss the alert you'll get about having removed a drive that wasn't properly ejected. Why not take the course of action that guarantees data integrity? What are your thoughts on this? Do you think the answer varies across different file systems and operating systems?

Since Venmo's transactions are "public" by default and broadcast on Venmo's API, a Python programmer decided to publicize a few of them, reports the Mercury News: The creator of the bot named "Who's buying drugs on Venmo" under the Twitter handle @venmodrugs says he wanted users to consider their privacy settings before using Venmo. The bot finds Venmo transactions that include words such as heroin, marijuana, cocaine, meth, speed or emojis that denote drugs and tweets the transaction with the names of the sender and receiver and the sender's photo, if there is one... "I wanted to demonstrate how much data Venmo was making publicly available with their open API and their public by default settings and encourage people to consider their privacy settings," Joel Guerra, the creator of the bot, told Motherboard, a technology news outlet run by Vice.
He shut the bot after 24 hours, according to a Medium essay titled "Why I blasted your 'drug' deals on Twitter": I chose drugs, sex and alcohol keywords as the trigger for the bot because because they were funny and shocking. I removed the last names of users because I didn't want to actually contribute to the problem of lack of privacy... I braced myself for backlash but the response was overwhelmingly positive. People understood my point and I had sparked a lot of discussion about online privacy and the need for users to do a better job of understanding the terms of software they were using -- and a lot of discussion about how companies need to do a better job of informing customers how their data was being used...

After about 24 hours of tweeting everyone's drug laden Venmo transactions I shut down the bot (Python script!!) and deleted all the tweets. I had successfully made my point and gotten more attention than I had imagined possible. Thousands of people were reading tweets and articles about the bot and discussing data privacy. I saw no further value in tweeting out anyone's personal transactions anymore. However, all I ever did was format the data and automate a Twitter account -- the data is still readily available.
His closure of the bot drew some interesting reactions on Twitter.

"booooooooo. I was so entertained by this."

"I remember I had a dealer take my phone and set venmo to private lol."

"we're looking to add a Python developer to our team and I think you'd be a good fit."

Lauren Weinstein tipped us off to this story from Mashable: Hundreds of Uber and Lyft rides have been broadcast live on Twitch by driver Jason Gargac this year, St. Louis Post-Dispatch reported Saturday, all of them without the passengers' permission. Gargac, who goes by the name JustSmurf on Twitch, regularly records the interior of his car while working for Uber and Lyft with a camera in the front of the car, allowing viewers to see the faces of his passengers, illuminated by his (usually) purple lights, and hear everything they say. At no point does Gargac make passengers aware that they are being filmed or livestreamed.

Due to Missouri's "one-party consent" law, in which only one party needs to agree to be recorded for it to be legal (in this case, Gargac is the consenting one), what Gargac is doing is perfectly legal. That doesn't mean it's not 100 percent creepy. Sometimes, to confirm who they are for their driver, the passengers say their full names. Not only that, Gargac has another video that shows the view out the front of his car so that people can see where he's driving, giving away the locations of some passengers' homes.

All the while, viewers on Twitch are commenting about things like the quality of neighborhoods, what the passengers are talking about, and of course, women's looks. Gargac himself is openly judgmental about the women he picks up, commenting to his viewers about their appearances before they get in his car and making remarks after he drops them off. He also regularly talks about wanting to get more "content," meaning interesting people, and is open about the fact that he doesn't want passengers to know they are on camera.
"I feel violated. I'm embarrassed," one passenger told the St. Louis Post-Dispatch. "We got in an Uber at 2 a.m. to be safe, and then I find out that because of that, everything I said in that car is online and people are watching me. It makes me sick."

The offending driver announced today on Twitter that he's at least "getting rid of the stored vids." He calls this move "step #1 of trying to calm everyone down." Hours ago his Twitch feed was made inaccessible.

Lyft and Twitch have not yet responded to Mashable's request for a comment. But Uber said they've (temporarily?) banned Gargac from accessing their app "while we evaluate his partnership with Uber."

Ecuador is planning to hand over WikiLeaks founder Julian Assange to UK authorities in the "coming weeks or even days," RT editor-in-chief Margarita Simonyan said, citing her own sources. Simonyan reported the news in a recent tweet, which was reposted by WikiLeaks. Slashdot reader Okian Warrior first shared the news. Daily Express reports: Foreign Office minister Sir Alan Duncan is said to be involved in the diplomatic effort, which has come weeks ahead of a visit by new Ecuadorian president, Lenin Moreno, who called Mr Assange an "inherited problem." He also referred to the exiled WikiLeaks founder as a "stone in the shoe." Sources close to Assange claim he was not aware of the talks, but believe America is piling "significant pressure" on Ecuador to give him up, according to the Sunday Times. The sources claim that America has threatened to block a loan from the International Monetary Fund (IMF) if he is not removed from the embassy, based in Knightsbridge, west London. UPDATE 7/21/18: The Intercept also confirmed the news. Glen Greenwald, former reporter for The Guardian, writes: "A source close to the Ecuadorian Foreign Ministry and the President's office, unauthorized to speak publicly, has confirmed to the Intercept that Moreno is close to finalizing, if he has not already finalized, an agreement to hand over Assange to the UK within the next several weeks. The withdrawal of asylum and physical ejection of Assange could come as early as this week."

Commenting on the record $5 billion fine on Google by the European Commission, privacy focused search engine DuckDuckGo said this week it welcomes the decision as it has "felt [Google's] effects first hand for many years and has led directly to us having less market share on Android vs iOS and in general mobile vs desktop." The company said: Up until just last year, it was impossible to add DuckDuckGo to Chrome on Android, and it is still impossible on Chrome on iOS. We are also not included in the default list of search options like we are in Safari, even though we are among the top search engines in many countries. The Google search widget is featured prominently on most Android builds and is impossible to change the search provider. For a long time it was also impossible to even remove this widget without installing a launcher that effectively changed the whole way the OS works. Their anti-competitive search behavior isn't limited to Android. Every time we update our Chrome browser extension, all of our users are faced with an official-looking dialogue asking them if they'd like to revert their search settings and disable the entire extension. Google also owns http://duck.com and points it directly at Google search, which consistently confuses DuckDuckGo users. "If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is google," wrote security researcher Mikko Hypponen, summing up the story.

Update: Google makes amends.

Commenting on the record $5 billion fine on Google by the European Commission, privacy focused search engine DuckDuckGo said this week it welcomes the decision as it has "felt [Google's] effects first hand for many years and has led directly to us having less market share on Android vs iOS and in general mobile vs desktop." The company said: Up until just last year, it was impossible to add DuckDuckGo to Chrome on Android, and it is still impossible on Chrome on iOS. We are also not included in the default list of search options like we are in Safari, even though we are among the top search engines in many countries. The Google search widget is featured prominently on most Android builds and is impossible to change the search provider. For a long time it was also impossible to even remove this widget without installing a launcher that effectively changed the whole way the OS works. Their anti-competitive search behavior isn't limited to Android. Every time we update our Chrome browser extension, all of our users are faced with an official-looking dialogue asking them if they'd like to revert their search settings and disable the entire extension. Google also owns http://duck.com and points it directly at Google search, which consistently confuses DuckDuckGo users. "If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is google," wrote security researcher Mikko Hypponen, summing up the story.

Update: Google makes amends.

Hashflare, one of the largest bitcoin mining companies, said on Friday it is disabling its SHA-256 hardware and also discontinuing support for mining services on the active SHA-256 contracts. The move comes as Hashflare continues to struggle with generating revenues, the company said, putting the blame on market fluctuations. In an email to active customers, the company added: For over a month our users encountered a situation when the payouts were lower than the maintenance fees, resulting in zero accruals to the balance. As of 18.07.2018, the payouts were lower than maintenance for 28 consecutive days. BTC mining continues being unprofitable, in light of which we would like to inform you that on 18.07.2018 (July 18) we were forced to start disabling SHA hardware and today, on 20.07.2018 (July 20), stop the mining service of active SHA-256 contracts in accordance with clause 5.5 of our Terms of Service, which are required to be accepted when creating a purchase and are the basis of concluding the contract. We expect that the cryptocurrency market situation will stabilize in the nearest future and we will be able to offer our users new advantageous solutions. Customers are understandably furious.

It seems like everyone these days has had a paranoiac moment where a website advertises something to you that you recently purchased or was gifted without a digital trail. According to a new website called New Organs, which collects first-hand accounts of these moments, "the feeling of being listened to is among the most common experiences, along with seeing the same ads on different websites, and being tracked via geo-location," reports The Outline. The website was created by Tega Brain and Sam Lavigne, two Brooklyn-based artists whose work explores the intersections of technology and society. From the report: "We are stuck in this 20th century idea of spying, of wiretapping and hidden microphones," said Brain. "But really there is this whole new sensory apparatus, a complicated entanglement of online trackers and algorithms that are watching over us." It is this new sensory apparatus that Brain and Lavigne metaphorically refer to as "new organs," as if the online surveillance framework used by social media platforms like Facebook has somehow transfigured into a semi-living organism. "These new organs don't actually need to listen to your voice to know that you like Japanese knives," Lavigne told me. "They actually have ways of coming to know things about you that we don't fully understand yet." In other words, these new methods of data collection have become so uncannily accurate in their knowledge of you as to occasionally feel indistinguishable from actual ears listening in on and understanding intimate conversations.

There are a few things that we do already know about these new "organs" of data processing, as defined by Brain and Lavigne. We know, for instance, that they have an insatiable appetite for personal data. They gather this by first tracking online activity, which is enough to tell them what people like, what they search for, what they listen to, what they read, where they're walking for dinner, and also, worryingly, who their friends are and what they like, read, purchase -- data that is gathered without their awareness. But, then, the organs also gather information purchased from commercial data brokers about people's offline lives, like how many credit cards they own, what their income is, and what they purchase when they go grocery shopping. And all of this information is triangulated with friends' data, because if they know what those dear to you are buying -- a Japanese knife, for instance -- there is a good chance that that person will be interested in that very same thing. The new organs process this enormous amount of information to break you down into categories, which are sometimes innocuous like, "Listens to Spotify" or "Trendy Moms," but can also be more sensitive, identifying ethnicity and religious affiliation, or invasively personal, like "Lives away from family." More than this, the new organs are being integrated with increasingly sophisticated algorithms, so they can generate predictive portraits of you, which they then sell to advertisers who can target products that you don't even know you want yet.

Facebook is trying to get Instagram users to visit its site more often by further entwining the two services. According to Instagram user Spencer Chen, the Instagram app prompted him to check out a friend's new photo on Facebook. "Chen grabbed a screenshot and posted the notification on the internet, calling it a cry for attention by the older social network," reports Bloomberg. From the report: Instagram says what Chen experienced was a product test with a small contingent of users. Still, Instagram feeds Facebook in other ways. Last year, Facebook launched its own version of an Instagram tool called Stories, which lets people post videos that disappear within 24 hours. (The feature was initially copied from Snap Inc., a competitor.) Greenfield noticed the Facebook version became more popular once it became possible for Instagram users to post their stories in both places with the click of a button. Instagram Stories' 400 million users present a significant opportunity for Facebook's advertising business, according to Ken Sena, an analyst at Wells Fargo Securities. Instagram is on track to provide Facebook with $20 billion in revenue by 2020, about a quarter of Facebook's total, he wrote to investors. And cross-posting could help Facebook's video ambitions.

Coinbase, the largest U.S.-based digital currency exchange, announced that it is "exploring the addition" of five new cryptocurrencies to its platform. The five cryptocurrencies being considered are Cardano (ADA), Basic Attention Token (BAT), Stellar Lumens (XLM), Zcash (ZEC), and 0x (ZRX). Bitcoinist reports: Coinbase's announcement claims to arrive for both employees and the public at the same time. Notes Coinbase: "We are making this announcement internally at Coinbase and to the public at the same time to remain transparent with our customers about support for future assets." Despite the apparent attempt at remaining transparent, the statement of intent has led many to question why the exchange giant is even making an announcement of its "exploration" at all -- especially following a cut-and-dry announcement of future support for Ethereum Classic.

The company pre-emptively responded to such questions by explaining: "Unlike the ongoing process of adding Ethereum Classic, which is technically very similar to Ethereum, these assets will require additional exploratory work and we cannot guarantee they will be listed for trading. Furthermore, our listing process may result in some of these assets being listed solely for customers to buy and sell, without the ability to send or receive using a local wallet. We may also only enable certain ways to interact with these assets through our site, such as supporting only deposits and withdrawals from transparent Zcash addresses. Finally, some of these assets may be offered in other jurisdictions prior to being listed in the U.S." Coinbase also said to expect future announcements of exploration: "Going forward, you should expect that we will make similar announcements about exploring the addition of multiple assets. Some of these assets may become available everywhere, while others may only be supported in specific jurisdictions."