Slashdot Mirror

Police have responded to multiple 911 calls at YouTube headquarters in San Bruno, California. From a report: Vadim Lavrusik, a product manager at the company, tweeted that there is an active shooter on campus. The San Bruno Police Department instructed people to stay away from 901 Cherry Avenue, where the company is located. Multiple 911 calls have been received from inside the building, according to a report from local news station KRON. In a Twitter thread, YouTube product manager Todd Sherman said that employees first thought there had been an earthquake. People began running out of their meetings, he said, but before reaching the exit, they got word that someone had a gun. Sherman said he saw blood on the floor and the stairs. He also said the shooter may have committed suicide. Vadim Lavrusik, who works at YouTube's products team, tweeted, "Active shooter at YouTube HQ. Heard shots and saw people running while at my desk. Now barricaded inside a room with coworkers."

Update 20:30 GMT: Google has issued the following statement, "we are coordinating with authorities and will provide official information here from Google and YouTube as it becomes available." San Bruno Police said it was "responding to an active shooter. Please stay away from Cherry Ave & Bay Hill Drive."

Update 20:40 GMT: CBS San Francisco reports: KPIX 5 reporter Andria Borba said at least two Homeland Security units were responding. Police radio transmissions describe casualties being taken to local hospitals. San Francisco General Hospital spokesman Brent Andrew said the hospital received patients from the incident but could not confirm a number. Update 21:20 GMT: ABC News is reporting that the suspected shooter is a white adult female, and that this is "leaning towards a workplace violence situation."

Update 21:30 GMT: Law enforcement has confirmed that the shooter was a white female dressed in a headscarf. The woman reportedly shot her boyfriend then herself. It's unclear exactly how many people have been injured, but early reports estimate at least 9-10 victims. There is no word on their conditions.

Update 03:10 GMT: ABC7 News is reporting that the shooter has been identified as Nasim Aghdam. She reportedly had a website with an alleged manifesto that targeted YouTube for censorship and demonetization of her video content. Contrary to previous reports, she is said to have no relationship with anyone in the YouTube facility.

UPDATE 03:40 GMT: Aghdam's website can be found here.

Update 04:15 GMT: The shooter is believed to have known at least one of the victims, two law enforcement officials told CNN. Other sources suggest the shooter drove up from San Diego. YouTube says her YouTube channel "has been terminated due to multiple or severe violations of YouTube's policy against spam, deceptive practices, and misleading content or other Terms of Service violations."

According to an email from Elon Musk, Tesla has increased its production of its mass-market electric Model 3 to over 2,000 units per week. "It's an impressive ramp up of production, but it still falls short of Musk's goal of 2,500 Model 3s per week by the end of the first quarter of 2018," reports The Verge. From the report: In the companywide email (which was obtained by Jalopnik, Electrek, and Autonocast host Ed Niedermeyer), Musk sounds a celebratory note on the 2,000-vehicle per week benchmark, while ignoring the larger issue of missed deadlines: "It has been extremely difficult to pass the 2,000 cars per week rate for Model 3, but we are finally there. If things go as planned today, we will comfortably exceed that number over a seven-day period! Moreover, the whole Tesla production system is now on a firm foundation for that output, which means we should be able to exceed a combined Model S, X, and 3 production rate of 4,000 vehicles per week and climbing rapidly. This is already double the pace of 2017! By the end of this year, I believe we will be producing vehicles at least four times faster than last year." With Q1 now behind us, we can expect to see Tesla report its official production numbers to investors sometime this week.

Some cybersecurity experts and regular users were surprised to learn about a Chrome tool that scans Windows computers for malware. But there's no reason to freak out about it. From a report: Last year, Google announced some upgrades to Chrome, by far the world's most used browser -- and the one security pros often recommend. The company promised to make internet surfing on Windows computers even "cleaner" and "safer" adding what The Verge called "basic antivirus features." What Google did was improve something called Chrome Cleanup Tool for Windows users, using software from cybersecurity and antivirus company ESET.

[...] Last week, Kelly Shortridge, who works at cybersecurity startup SecurityScorecard, noticed that Chrome was scanning files in the Documents folder of her Windows computer. "In the current climate, it really shocked me that Google would so quietly roll out this feature without publicizing more detailed supporting documentation -- even just to preemptively ease speculation," Shortridge told me in an online chat. "Their intentions are clearly security-minded, but the lack of explicit consent and transparency seems to violate their own criteria of 'user-friendly software' that informs the policy for Chrome Cleanup [Tool]." Her tweet got a lot of attention and caused other people in the infosec community -- as well as average users such as me -- to scratch their heads.

A large crack, stretching several miles, made a sudden appearance recently in south-western Kenya. The tear emerged after heavy rains caused havoc in the nation last month, which also saw neighborhood get flooded and major highways closing off. The downpour also exposed a fault line that geologists now say is evidence that the African continent will split into two over the next tens of millions of years. From a report: The Earth is an ever-changing planet, even though in some respects change might be almost unnoticeable to us. Plate tectonics is a good example of this. But every now and again something dramatic happens and leads to renewed questions about the African continent splitting in two. The Earth's lithosphere (formed by the crust and the upper part of the mantle) is broken up into a number of tectonic plates. These plates are not static, but move relative to each other at varying speeds, "gliding" over a viscous asthenosphere.

[...] The East African Rift Valley stretches over 3,000km from the Gulf of Aden in the north towards Zimbabwe in the south, splitting the African plate into two unequal parts: the Somali and Nubian plates. Activity along the eastern branch of the rift valley, running along Ethiopia, Kenya and Tanzania, became evident when the large crack suddenly appeared in south-western Kenya. When the lithosphere is subject to a horizontal extensional force it will stretch, becoming thinner. Eventually, it will rupture, leading to the formation of a rift valley. This process is accompanied by surface manifestations along the rift valley in the form of volcanism and seismic activity. Rifts are the initial stage of a continental break-up and, if successful, can lead to the formation of a new ocean basin.

It might be a holiday for most of us today, but for tech companies, April Fool's is the day when they work overtime to send weird press releases. So far we have seen Google Maps help users find Waldo, and Google Australia rethink its brand name (to Googz). T-Mobile has revivedthe Sidekick as the world's first smart shoe phone. Google has also added a feature to its file manager app Files Go that detects bad jokes from your phone. Snapchat has finally found a way to make fun of Facebook. Languages learning app Duolingo has launched a range of craft beers. Chinese smartphone maker OnePlus has launched a cryptocurrency. Some more here. What's your favorite prank so far today?

An anonymous reader writes: This week Nature tweeted that the rates of depression and anxiety reported by postgraduate students were six times higher than in the general population -- and received more than 1,200 retweets and received 170 replies. "This is not a one dimensional problem. Financial burden, hostile academia, red tape, tough job market, no proper career guidance. Take your pick," read one response. "Maybe being told day in, day out that the work you spend 10+ hrs a day, 6-7 days a week on isn't good enough," said another.

The science magazine takes this as more proof that "there is a problem among young scientists. Too many have mental-health difficulties, and too many say that the demands of the role are partly to blame. Neither issue gets the attention it deserves." They're now gathering stories from postgraduates about mental-health issues, and vowing to give the issue more coverage. "There is a problem with the culture in science, and it is one that loads an increasing burden on the shoulders of younger generations. The evidence suggests that they are feeling the effects. (Among the tweets, one proposed solution to improving the PhD is to 'treat it like professional training instead of indentured servitude with no hope of a career at the end?'.)"

According to The New York Times, "Facebook employees were in an uproar on Friday over a leaked 2016 memo from a top executive defending the social network's growth at any cost -- even if it caused deaths from a terrorist attack that was organized on the platform." From the report: In the memo, Andrew Bosworth, a Facebook vice president, wrote, "Maybe someone dies in a terrorist attack coordinated on our tools. And still we connect people. The ugly truth is that we believe in connecting people so deeply that anything that allows us to connect more people more often is *de facto* good." Mr. Bosworth and Facebook's chief executive, Mark Zuckerberg, have since disavowed the memo, which was published on Thursday by BuzzFeed News.

But the fallout at the Silicon Valley company has been wide. According to two Facebook employees, workers have been calling on internal message boards for a hunt to find those who leak to the media (Warning: source may be paywalled; alternative source). Some have questioned whether Facebook has been transparent enough with its users and with journalists, said the employees, who asked not to be identified for fear of retaliation. Many are also concerned over what might leak next and are deleting old comments or messages that might come across as controversial or newsworthy, they said. In the aftermath, some Facebook executives have taken to Twitter for a public charm offensive, sending pithy phrases and emoticons to reporters who cover the company. Adam Mosseri, Facebook's head of news, in recent days wrote unprompted to a BuzzFeed editor and to its chief executive reminiscing and telling a story about his mother. He also wrote to a reporter from the Verge tech site about the songs played at his wedding reception.

According to The New York Times, "Facebook employees were in an uproar on Friday over a leaked 2016 memo from a top executive defending the social network's growth at any cost -- even if it caused deaths from a terrorist attack that was organized on the platform." From the report: In the memo, Andrew Bosworth, a Facebook vice president, wrote, "Maybe someone dies in a terrorist attack coordinated on our tools. And still we connect people. The ugly truth is that we believe in connecting people so deeply that anything that allows us to connect more people more often is *de facto* good." Mr. Bosworth and Facebook's chief executive, Mark Zuckerberg, have since disavowed the memo, which was published on Thursday by BuzzFeed News.

But the fallout at the Silicon Valley company has been wide. According to two Facebook employees, workers have been calling on internal message boards for a hunt to find those who leak to the media (Warning: source may be paywalled; alternative source). Some have questioned whether Facebook has been transparent enough with its users and with journalists, said the employees, who asked not to be identified for fear of retaliation. Many are also concerned over what might leak next and are deleting old comments or messages that might come across as controversial or newsworthy, they said. In the aftermath, some Facebook executives have taken to Twitter for a public charm offensive, sending pithy phrases and emoticons to reporters who cover the company. Adam Mosseri, Facebook's head of news, in recent days wrote unprompted to a BuzzFeed editor and to its chief executive reminiscing and telling a story about his mother. He also wrote to a reporter from the Verge tech site about the songs played at his wedding reception.

Developers of popular open-source CMS Drupal are warning admins to immediately patch a flaw that an attacker can exploit just by visiting a vulnerable site. From a report: The bug affects all sites running on Drupal 8, Drupal 7, and Drupal 6. Drupal's project usage page indicates that about a million sites are running the affected versions. Admins are being urged to immediately update to Drupal 7.58 or Drupal 8.5.1. Drupal issued an alert for the patch last week warning admins to allocate time for patching because exploits might arrive "within hours or days" of its security release. So far, there haven't been any attacks using the flaw, according to Drupal. The bug, which is being called Drupalgeddon2, has been assigned the official identifier CVE-2018-7600. Drupal has given it a 'highly critical' rating with a risk score of 21 out of 25 under the NIST Common Misuse Scoring System. Further reading: Drupal Fixes Drupalgeddon2 Security Flaw That Allows Hackers to Take Over Sites (BleepingComputer). Commenting on security advisory that Drupal issued last week, BleepingComputer's Catalin Cimpanu said, "In the 9 years I've been around Drupal, I've never seen them publish such an apocalyptic security advisory."

Elon Musk says his Boring Company will sell "interlocking bricks" made from the rock that its tunnel-creating machines excavate from the ground. In other words, think Lego, he says, except giant, heavy, and made of Earth. The Verge reports: Musk says that the Boring Company will sell "kits" of bricks, starting with one that makes it easy to build things from "ancient Egypt," like replicas of the pyramids, the Sphinx, or the Temple of Horus. The bricks will be "lifesize," though it's not clear what that actually means. And they'll be bored through the middle, to save some weight, but still rated to withstand California's earthquakes. (As is typical, Musk announced the idea in freewheeling fashion on Twitter.) t's unclear when these bricks, or the kits, will be available or how much they'll cost. The Boring Company is currently only digging short, preliminary tunnels in California and Maryland, so there's presumably not enough to start selling any of this upturned rock just yet. But the small company has big plans for tunnels around the country meant to facilitate debatably futuristic modes of transportation, so there will be plenty of newly removed earth if even half of those ever come to fruition.

Last week, a user found that Facebook had a record of the date, time, duration, and recipient of calls he had made from the past few years. A couple days later, Ars Technica published an account of several others -- all Android users -- who found similar records. Now, Slate Magazine is reporting that Facebook has acknowledged that it was collecting and storing these logs, "attributing it to an opt-in feature for those using Messenger or Facebook Lite on an Android device." The company did however deny that it was collecting call or text history without a user's permission. From the report: "This helps you find and stay connected with the people you care about, and provides you with a better experience across Facebook," the company said in a post Sunday. "People have to expressly agree to use this feature. We introduced this feature for Android users a couple of years ago. Contact importers are fairly common among social apps and services as a way to more easily find the people you want to connect with."

Ars Technica refuted their claim that everyone knowingly opted in. Instead, Ars Technica's Sean Gallagher claimed, that opt-in was the default setting and users were not separately alerted to it. Nor did Facebook ever say publicly that it was collecting that information. "Facebook says that the company keeps the data secure and does not sell it to third parties," Gallagher wrote. "But the post doesn't address why it would be necessary to retain not just the numbers of contacts from phone calls and SMS messages, but the date, time, and length of those calls for years."

Thousands of etcd servers "are spitting sensitive passwords and encrypted keys," reports Fossbytes: Security researcher Giovanni Collazo was able to harvest 8781 passwords, 650 AWS access keys, 23 secret keys, and 8 private keys. First, he ran a query on the hacker search engine Shodan that returned around 2300 servers running etcd database. Then, he ran a simple script that gave him the login credentials stored on these servers which can be used to gain access to CMSs, MySQL, and PostgreSQL databases, etc.

etcd is a database used by computing clusters to store and exchange passwords and configuration settings between servers and applications over the network. With the default settings, its programming interface can return administrative login credentials without any authentication upfront... All of the data he harvested from around 1500 servers is around 750MB in size... Collazo advises that anyone maintaining etcd servers should enable authentication, set up a firewall, and take other security measures.
Another security research independently verified the results, and reported that one MySQL database had the root password "1234".

An anonymous reader quotes Electrek: Tesla is always very busy in Norway, its biggest market per capita, but it has recently been difficult for the automaker to deliver its vehicles as its shipments keep being taken off the road for using transporters with "dangerous" trucks that do not conform to the rules. The California-based automaker generally ships its vehicles to Norway through the port of Drammen, but it is experiencing capacity issues so they are instead going through Gothenburg port and having to use more trucks to move the cars to its stores and service centers.

According to several media reports in Norway, over half a dozen of those trucks have been stopped by the authorities for a variety of safety reasons during inspections and one of the trucks that wasn't stopped ended up in an accident. Two Model S vehicles were crushed on the trailer involved in the accident. Tesla says that it is having difficulties finding competent transporters that comply to Norway's road requirements. On top of the safety issues, Tesla is also using transporters operating Euro 3 class trucks, which are more polluting.
Elon Musk tweeted in response to the article that "I have just asked our team to slow down deliveries.

"It is clear that we are exceeding the local logistics capacity due to batch build and delivery. Customer happiness & safety matter more than a few extra cars this quarter."

"As the web celebrated its 29th birthday last week, Berners-Lee expressed disappointment with how his invention has turned out," reports MarketWatch. "He criticized Facebook and other tech heavyweights last week, saying they have 'made it possible to weaponize the web at scale.'

"But on Monday, the British computer scientist essentially told Zuck to buck up. 'I would say to him: You can fix it,' Berners-Lee tweeted. 'It won't be easy, but if companies work with governments, activists, academics and web users, we can make sure platforms serve humanity.'"

Tim Berners-Lee writes: This is a serious moment for the web's future. But I want us to remain hopeful. The problems we see today are bugs in the system. Bugs can cause damage, but bugs are created by people, and can be fixed by people.... My message to all web users today is this: I may have invented the web, but you make it what it is. And it's up to all of us to build a web that reflects our hopes & fulfils our dreams more than it magnifies our fears & deepens our divisions... Get involved. Care about your data. It belongs to you.

If we each take a little of the time we spend using the web to fight for the web, I think we'll be ok. Tell companies and your government representatives that your data and the web matter.

"William Shatner is alive and well -- in fact, he turned 87 on Thursday, so the actor was not pleased when he saw an ad on Facebook sharing a story about his alleged death," writes the Hollywood Reporter. An anonymous reader quotes People: "@WilliamShatner I thought you might want to know you're dead," a Twitter user wrote, along with a screenshot of the ad. Less than a half hour later, Shatner posted his own message calling out the social media company for spreading the phony news... "Thought you were doing something about this?" he wrote. Several hours after Shatner's tweet, Facebook's director of product management Rob Leathern messaged the actor to let him know that the ad had been removed. "Thank you," Shatner replied. "I'm not planning on dying so please continue to block those kinds of ads..." Fortunately, Shatner's in good company when it comes to celebrity death hoaxes... News of Sylvester Stallone's fake death originally began circulating on Facebook in 2016.
In late 2016 Mark Zuckerberg posted that "We take misinformation seriously..." while adding that "we know people want accurate information. We've been working on this problem for a long time and we take this responsibility seriously." Ironically, that announcement appeared next to a similar fake ad announcing that Hugh Hefner was dead, though at the time Hefner was very much alive.

"We've made significant progress," Zuckerberg's post continued, "but there is more work to be done."

Yesterday Dropbox finally launched its stock on NASDAQ. Reuters reports: Dropbox Inc's shares closed at $28.42, up more than 35 percent in their first day of trading on Friday, as investors rushed to buy into the biggest technology initial public offering in more than a year even as the wider sector languished... At the stock's opening price, Dropbox had a market valuation of $12.67 billion, well above the $10 billion valuation it had in its last private funding round... It has yet to turn a profit, which is common for startups that invest heavily in growth. As a public company Dropbox will be under pressure to quickly trim its losses. The 11-year old company reported revenue of $1.11 billion in 2017, up from $844.8 million a year earlier. Its net loss nearly halved from $210.2 million in 2016.
CNBC reports that Y Combinator almost passed on a chance to invest in Dropbox -- which became its first IPO ever -- "because it had misgivings about bringing on a solo entrepreneur." After Drew Houston, the creator of Dropbox, scrambled to find a co-founder in time for his in-person interview, the company was admitted into YC in 2007. Four years later, venture capitalists poured money into Dropbox at a $4 billion valuation. YC has since become a power player in Silicon Valley, helping spawn numerous companies valued at over $1 billion today including Stripe, Airbnb, Instacart and Coinbase. It also backed Twitch, which Amazon acquired in 2014 for about $970 million, and the self-driving tech start-up Cruise, which GM bought in 2016 for over $1 billion. But in its 13-year history, YC had yet to see any of its companies go public until Dropbox's stock market debut on Friday...

Houston is now worth over $3 billion and co-founder Arash Ferdowsi owns shares valued at more than $1 billion.
Dropbox's Twitter feed posted a video from their NASDAQ debut, adding "We're so thankful for the 500 million registered users who helped us get here."

It is unlikely that Facebook will see a significant drop in its mammoth userbase following the Cambridge Analytica scandal. But on Friday, the #DeleteFacebook campaign, which is seeing an increasingly growing number of people call it quits on the world's largest social network, found its biggest backer: Elon Musk. Responding to WhatsApp co-founder Brian Acton's "#DeleteFacebook" tweet, Musk asked "What's Facebook?" That was the beginning of a tweetstorm, which saw journalists asking Musk why his companies -- SpaceX and Tesla -- maintained their Facebook pages. Shouldn't Musk, they asked, delete them? Musk agreed. As of this writing, the official Facebook pages of SpaceX and Tesla, both of which had more than two million followers, are nowhere to be found. The Facebook page of SolarCity is gone too, if you were wondering.

The move comes months after Musk said Zuckerberg's understanding of AI was limited.

It is unlikely that Facebook will see a significant drop in its mammoth userbase following the Cambridge Analytica scandal. But on Friday, the #DeleteFacebook campaign, which is seeing an increasingly growing number of people call it quits on the world's largest social network, found its biggest backer: Elon Musk. Responding to WhatsApp co-founder Brian Acton's "#DeleteFacebook" tweet, Musk asked "What's Facebook?" That was the beginning of a tweetstorm, which saw journalists asking Musk why his companies -- SpaceX and Tesla -- maintained their Facebook pages. Shouldn't Musk, they asked, delete them? Musk agreed. As of this writing, the official Facebook pages of SpaceX and Tesla, both of which had more than two million followers, are nowhere to be found. The Facebook page of SolarCity is gone too, if you were wondering.

The move comes months after Musk said Zuckerberg's understanding of AI was limited.

An anonymous reader quotes a report from Ars Technica: The city of Atlanta government has apparently become the victim of a ransomware attack. The city's official Twitter account announced that the city government "is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information." According to a report from Atlanta NBC affiliate WXIA, a city employee sent the station a screen shot of a ransomware message demanding a payment of $6,800 to unlock each computer or $51,000 to provide all the keys for affected systems. Employees received emails from the city's information technology department instructing them to unplug their computers if they noticed anything suspicious. An internal email shared with WXIA said that the internal systems affected include the city's payroll application. "At this time, our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue," a city spokesperson told Ars. "We are confident that our team of technology professionals will be able to restore applications soon." The city's primary website remains online, and the city government will continue to post updates there, the spokesperson added.

An anonymous reader quotes a report from TechCrunch: A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs before or after the device was shipped. The holes, which Rashid described on his blog, allowed for both a "supply chain attack" -- meaning a hack that could compromise the device before it was shipped to the customer -- and another attack that could allow a hacker to steal private keys after the device was initialized. The Ledger team described the vulnerabilities dangerous but avoidable. For the "supply chain attack," they wrote: "by having physical access to the device before generation of the seed, an attacker could fool the device by injecting his seed instead of generating a new one. The most likely scenario would be a scam operation from a shady reseller." "If you bought your device from a different channel, if this is a second hand device, or if you are unsure, then you could be victim of an elaborate scam. However, as no demonstration of the attack in the real has been shown, it is very unlikely. In both cases, a successful firmware update is the proof that your device has never been compromised," wrote the team.

Further, the post-purchase hack "can be achieved only by having physical access to the device, knowing your PIN code and installing a rogue unsigned application. This rogue app could break isolation between apps and access sensitive data managed by specific apps such as GPG, U2F or Neo." Ledger CEO Eric Larcheveque claimed that there were no reports of the vulnerability effecting any active devices. "No one was compromised that we know of," he said. "We have no knowledge that any device was affected." Rashid, for his part, was disappointed with the speed Ledger responded to his claims.

The National Electoral Commission Sierra Leone is denying the news that theirs was one of the first elections recorded to the blockchain. "While the blockchain voting company Agora claimed to have run the first blockchain-based election, it appears that the company did little more than observe the voting and store some of the results," reports TechCrunch. From the report: "The NEC [National Electoral Commission] has not used and is not using blockchain technology in any part of the electoral process," said NEC head Mohamed Conteh. Why he is adamant about this fact is unclear -- questions I asked went unanswered -- but he and his team have created a set of machine readable election results and posted [a] clarification. "Anonymized votes/ballots are being recorded on Agora's blockchain, which will be publicly available for any interested party to review, count and validate," said Agora's Leonardo Gammar. "This is the first time a government election is using blockchain technology." In Africa the reactions were mixed. "It would be like me showing up to the UK election with my computer and saying, 'let me enter your counting room, let me plug-in and count your results,'" said Morris Marah to RFI. "Agora's results for the two districts they tallied differed considerably from the official results, according to an analysis of the two sets of statistics carried out by RFI," wrote RFI's Daniel Finnan.

Tom Warren, writing for The Verge: If you blink during Apple's latest iPhone ad, you might miss a weird little animation bug. It's right at the end of a slickly produced commercial, where the text from an iMessage escapes the animated bubble it's supposed to stay inside. It's a minor issue and easy to brush off, but the fact it's captured in such a high profile ad just further highlights Apple's many bugs in iOS 11. 9to5Mac writer Benjamin Mayo spotted the bug in Apple's latest ad, and he's clearly surprised "that this was signed off for the commercial," especially as he highlighted it months ago and has filed a bug report with Apple.

Earlier this week, CTS Labs, a Tel Aviv-based cybersecurity startup claimed it has discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices. Linus Torvalds, Linux's creator doesn't buy it. ZDNet reports: Torvalds, in a Google+ discussion, wrote: "When was the last time you saw a security advisory that was basically 'if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?' Yeah." Or, as a commenter put it on the same thread, "I just found a flaw in all of the hardware space. No device is secure: if you have physical access to a device, you can just pick it up and walk away. Am I a security expert yet?" CTS Labs claimed in an interview they gave AMD less than a day because they didn't think AMD could fix the problem for "many, many months, or even a year" anyway. Why would they possibly do this? For Torvalds: "It looks more like stock manipulation than a security advisory to me."

These are real bugs though. Dan Guido, CEO of Trail of Bits, a security company with a proven track-record, tweeted: "Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works." But, Guido also admitted, "Yes, all the flaws require admin [privileges] but all are flaws, not expected functionality." It's that last part that ticks Torvalds off. The Linux creator agrees these are bugs, but all the hype annoys the heck out of him. Are there bugs? Yes. Do they matter in the real world? No. They require a system administrator to be almost criminally negligent to work. To Torvalds, inflammatory security reports are annoying distractions from getting real work done.

Chicago-based MBM Company's jewelry brand Limoges Jewelry has accidentally leaked the personal information for over 1.3 million people. This includes addresses, zip-codes, e-mail addresses, and IP addresses. The Germany security firm Kromtech Security, which found the leak via an unsecured Amazon S3 storage bucket, also claims the database contained plaintext passwords. The Next Web reports: In a press release, Kromtech Security's head of communicationis, Bob Diachenko, said: "Passwords were stored in the plain text, which is great negligence [sic], taking into account the problem with many users re-using passwords for multiple accounts, including email accounts." The [MSSQL database] backup file was named "MBMWEB_backup_2018_01_13_003008_2864410.bak," which suggests the file was created on January 13, 2018. It's believed to contain current information about the company's customers. Records held in the database have dates reaching as far back as 2000. The latest records are from the start of this year. Other records held in the database include internal mailing lists, promo-codes, and item orders, which leads Kromtech to believe that this could be the primary customer database for the company. Diachenko says there's no evidence a malicious third-party has accessed the dump, but that "that does not mean that nobody [has] accessed the data."

Yesterday, YouTube CEO Susan Wojcicki announced that the company would drop a Wikipedia link beneath videos on highly contested topics. We have now learned that Wikipedia did not know about this move prior to the announcement. Gizmodo reports: In a Twitter thread asking the public to support Wikipedia as much as it relies on it, Wikimedia executive director Katherine Maher first suggested that the organization was unaware of YouTube's plans. When asked whether this new module would only apply to English Wikipedia pages, Maher responded, "I couldn't say; this was something they did independent of us." In a statement to Gizmodo, the Wikimedia Foundation confirmed that the organization first learned of the new YouTube feature on Tuesday. "We are always happy to see people, companies, and organizations recognize Wikipedia's value as a repository of free knowledge," a Wikimedia Foundation spokesperson said in a statement. "In this case, neither Wikipedia nor the Wikimedia Foundation are part of a formal partnership with YouTube. We were not given advance notice of this announcement."

A report by VpnMentor, a website which ranks VPN services, reveals several vulnerabilities in Hotspot Shield, Zenmate, and PureVPN -- all of which promise to provide privacy for their users. VpnMentor says it hired a team of three external ethical hackers to find vulnerabilities in three random popular VPNs. While one hacker wants to keep his identity private, the other two are known as File Descriptor and Paulos Yibelo. ZDNet: The research reveals bugs that can leak real-world IP addresses, which in some cases can identify individual users and determine a user's location. In the case of Hotspot Shield, three separate bugs in how the company's Chrome extension handles proxy auto-config scripts -- used to direct traffic to the right places -- leaked both IP and DNS addresses, which undermines the effectiveness of privacy and anonymity services. [...] AnchorFree, which makes Hotspot Shield, fixed the bugs, and noted that its mobile and desktop apps were not affected by the bugs. The researchers also reported similar IP leaking bugs to Zenmate and PureVPN.

A report by VpnMentor, a website which ranks VPN services, reveals several vulnerabilities in Hotspot Shield, Zenmate, and PureVPN -- all of which promise to provide privacy for their users. VpnMentor says it hired a team of three external ethical hackers to find vulnerabilities in three random popular VPNs. While one hacker wants to keep his identity private, the other two are known as File Descriptor and Paulos Yibelo. ZDNet: The research reveals bugs that can leak real-world IP addresses, which in some cases can identify individual users and determine a user's location. In the case of Hotspot Shield, three separate bugs in how the company's Chrome extension handles proxy auto-config scripts -- used to direct traffic to the right places -- leaked both IP and DNS addresses, which undermines the effectiveness of privacy and anonymity services. [...] AnchorFree, which makes Hotspot Shield, fixed the bugs, and noted that its mobile and desktop apps were not affected by the bugs. The researchers also reported similar IP leaking bugs to Zenmate and PureVPN.

Alfred Ng, reporting for CNET: Researchers have discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices. Particularly worrisome is the fact that the vulnerabilities lie in the so-called secure part of the processors -- typically where your device stores sensitive data like passwords and encryption keys. It's also where your processor makes sure nothing malicious is running when you start your computer. CTS-Labs, a security company based in Israel, announced Tuesday that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers. The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for 90 days' notice so that companies have time to address flaws properly. An AMD spokesperson said, "At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings," an AMD spokesman said. Zack Whittaker, a security reporter at CBS, said: Here's the catch: AMD had less than a day to look at the research. No wonder why its response is so vague.

"Remember Elon Musk's plan to dig a massive web of traffic-beating tunnels underneath Los Angeles...?" asks CNN. "Now, that plan appears to be getting a huge makeover." An anonymous reader quotes TechCrunch: While it will still focus on digging tunnels to provide a network of underground tubes suitable for use by high-speed Hyperloop pods, the plan now is to use that Hyperloop to transport pedestrians and cyclists first, and then only later to work on moving cars around underground to bypass traffic. Musk shared the update via Twitter, noting that the idea would be to load customers onto cars roughly the size that a single parking space takes up currently, [thousands of which] would be dotted around an urban environment close to any destinations where someone might travel. The single-car station model would be designed to replace the current subway-style model, Musk said, where only a few small stations are very spread out... This is a big departure from the original vision, and it seems like one that might have evolved after Musk and his collaborators on the project spoke to urban planners and transit authorities.
"If someone can't afford a car, they should go first," Musk posted on Twitter, sharing a new conceptual video where an elevator lowers one of these pedestrian- and cyclist-focussed shuttle pods underground.

TechCrunch says this new vision "would be appealing both to urban officials looking to decrease congestion on downtown roads and discourage personal vehicle use, and to anyone hoping to increase access to affordable transit options."

"Remember Elon Musk's plan to dig a massive web of traffic-beating tunnels underneath Los Angeles...?" asks CNN. "Now, that plan appears to be getting a huge makeover." An anonymous reader quotes TechCrunch: While it will still focus on digging tunnels to provide a network of underground tubes suitable for use by high-speed Hyperloop pods, the plan now is to use that Hyperloop to transport pedestrians and cyclists first, and then only later to work on moving cars around underground to bypass traffic. Musk shared the update via Twitter, noting that the idea would be to load customers onto cars roughly the size that a single parking space takes up currently, [thousands of which] would be dotted around an urban environment close to any destinations where someone might travel. The single-car station model would be designed to replace the current subway-style model, Musk said, where only a few small stations are very spread out... This is a big departure from the original vision, and it seems like one that might have evolved after Musk and his collaborators on the project spoke to urban planners and transit authorities.
"If someone can't afford a car, they should go first," Musk posted on Twitter, sharing a new conceptual video where an elevator lowers one of these pedestrian- and cyclist-focussed shuttle pods underground.

TechCrunch says this new vision "would be appealing both to urban officials looking to decrease congestion on downtown roads and discourage personal vehicle use, and to anyone hoping to increase access to affordable transit options."

An anonymous reader quotes a report from TorrentFreak: Yesterday, a panel discussion on the challenges associated with piracy from streaming media boxes took place on Capitol Hill. Hosted by the Information Technology and Innovation Foundation (ITIF), "Unboxing the Piracy Threat of Streaming Media Boxes" (video) went ahead with some big name speakers in attendance, not least Neil Fried, Senior Vice President, Federal Advocacy and Regulatory Affairs at the MPAA. ITIF and various industry groups tweeted many interesting comments throughout the event. Kevin Madigan from Center for the Protection of Intellectual Property told the panel that torrent-based content "is becoming obsolete" in an on-demand digital environment that's switching to streaming-based piracy. "There's a criminal enterprise going on here that's stealing content and making a profit," Fried told those in attendance. "The piracy activity out there is bad, it's hurting a lot of economic activity & creators aren't being compensated for their work," he added.

And then, of course, we come to President Trump. Not usually that vocal on matters of intellectual property and piracy, yesterday -- perhaps coincidentally, perhaps not -- he suddenly delivered one of his "something is coming" tweets. "The U.S. is acting swiftly on Intellectual Property theft," Trump tweeted. "We cannot allow this to happen as it has for many years!" Given Trump's tendency to focus on problems overseas causing issues for companies back home, a comment by Kevin Madigan during the panel yesterday immediately comes to mind. "To combat piracy abroad, USTR needs to work with the creative industries to improve enforcement and target the source of pirated material," Madigan said.

An anonymous reader quotes a report from TorrentFreak: Yesterday, a panel discussion on the challenges associated with piracy from streaming media boxes took place on Capitol Hill. Hosted by the Information Technology and Innovation Foundation (ITIF), "Unboxing the Piracy Threat of Streaming Media Boxes" (video) went ahead with some big name speakers in attendance, not least Neil Fried, Senior Vice President, Federal Advocacy and Regulatory Affairs at the MPAA. ITIF and various industry groups tweeted many interesting comments throughout the event. Kevin Madigan from Center for the Protection of Intellectual Property told the panel that torrent-based content "is becoming obsolete" in an on-demand digital environment that's switching to streaming-based piracy. "There's a criminal enterprise going on here that's stealing content and making a profit," Fried told those in attendance. "The piracy activity out there is bad, it's hurting a lot of economic activity & creators aren't being compensated for their work," he added.

And then, of course, we come to President Trump. Not usually that vocal on matters of intellectual property and piracy, yesterday -- perhaps coincidentally, perhaps not -- he suddenly delivered one of his "something is coming" tweets. "The U.S. is acting swiftly on Intellectual Property theft," Trump tweeted. "We cannot allow this to happen as it has for many years!" Given Trump's tendency to focus on problems overseas causing issues for companies back home, a comment by Kevin Madigan during the panel yesterday immediately comes to mind. "To combat piracy abroad, USTR needs to work with the creative industries to improve enforcement and target the source of pirated material," Madigan said.

An anonymous reader quotes a report from TorrentFreak: Yesterday, a panel discussion on the challenges associated with piracy from streaming media boxes took place on Capitol Hill. Hosted by the Information Technology and Innovation Foundation (ITIF), "Unboxing the Piracy Threat of Streaming Media Boxes" (video) went ahead with some big name speakers in attendance, not least Neil Fried, Senior Vice President, Federal Advocacy and Regulatory Affairs at the MPAA. ITIF and various industry groups tweeted many interesting comments throughout the event. Kevin Madigan from Center for the Protection of Intellectual Property told the panel that torrent-based content "is becoming obsolete" in an on-demand digital environment that's switching to streaming-based piracy. "There's a criminal enterprise going on here that's stealing content and making a profit," Fried told those in attendance. "The piracy activity out there is bad, it's hurting a lot of economic activity & creators aren't being compensated for their work," he added.

And then, of course, we come to President Trump. Not usually that vocal on matters of intellectual property and piracy, yesterday -- perhaps coincidentally, perhaps not -- he suddenly delivered one of his "something is coming" tweets. "The U.S. is acting swiftly on Intellectual Property theft," Trump tweeted. "We cannot allow this to happen as it has for many years!" Given Trump's tendency to focus on problems overseas causing issues for companies back home, a comment by Kevin Madigan during the panel yesterday immediately comes to mind. "To combat piracy abroad, USTR needs to work with the creative industries to improve enforcement and target the source of pirated material," Madigan said.

Elon Musk believes China isn't playing fair in the car trade with the U.S. since it puts a 25 percent import duty on American cars, while the U.S. only does 2.5 percent for Chinese cars. "I am against import duties in general, but the current rules make things very difficult," Musk tweeted. "It's like competing in an Olympic race wearing lead shoes." CNBC reports: Tesla's Elon Musk is complaining to President Donald Trump about China's car tariffs. "Do you think the US & China should have equal & fair rules for cars? Meaning, same import duties, ownership constraints & other factors," Musk said on Twitter in response to a Trump tweet about trade with China. He added that no American car company is "allowed to own even 50% of their own factory" in the Asian country, but China's auto firms can own their companies in the U.S. Trump responded to Musk's tweets later at his steel and aluminum tariff press conference Thursday. "We are going to be doing a reciprocal tax program at some point, so that if China is going to charge us 25% or if India is going to charge us 75% and we charge them nothing ... We're going to be at those same numbers. It's called reciprocal, a mirror tax," Trump said after reading Musk's earlier tweets out loud.

Elon Musk believes China isn't playing fair in the car trade with the U.S. since it puts a 25 percent import duty on American cars, while the U.S. only does 2.5 percent for Chinese cars. "I am against import duties in general, but the current rules make things very difficult," Musk tweeted. "It's like competing in an Olympic race wearing lead shoes." CNBC reports: Tesla's Elon Musk is complaining to President Donald Trump about China's car tariffs. "Do you think the US & China should have equal & fair rules for cars? Meaning, same import duties, ownership constraints & other factors," Musk said on Twitter in response to a Trump tweet about trade with China. He added that no American car company is "allowed to own even 50% of their own factory" in the Asian country, but China's auto firms can own their companies in the U.S. Trump responded to Musk's tweets later at his steel and aluminum tariff press conference Thursday. "We are going to be doing a reciprocal tax program at some point, so that if China is going to charge us 25% or if India is going to charge us 75% and we charge them nothing ... We're going to be at those same numbers. It's called reciprocal, a mirror tax," Trump said after reading Musk's earlier tweets out loud.

Over the past few days, users with Alexa-enabled devices have reported hearing strange, unprompted laughter. The Verge: Amazon responded to the creepiness in a statement to The Verge, saying, "We're aware of this and working to fix it." As noted in media reports and a trending Twitter moment, Alexa laughs without being prompted to wake. People on Twitter and Reddit reported that they thought it was an actual person laughing near them, which can be scary when you're home alone. Many responded to the cackling sounds by unplugging their Alexa-enabled devices.

In an interview with CNBC on its "Fast Money" segment, Coinbase's President and COO Asiff Hirji said the digital-currency platform would launch a cryptocurrency-focused index fund. Details are scarce but Hirji said it will be intended to give retail investors broad exposure to virtual currencies, and would be targeted to accredited investors on Day 1. He also said the index fund would be market-cap weighted.

UPDATE: Coinbase has since issued a blog post detailing the announcement. They are also introducing Coinbase Index, which "is a measure of the financial performance of all assets listed on GDAX, weighted by their market capitalization."

Last week, an MIT study using data from more than 1,100 Uber and Lyft drivers concluded they're earning a median pretax profit of just $3.37 per hour. Uber was less than pleased by their findings and used a blog post to highlight problems with the researchers' methodology. "Now the lead researcher behind the draft paper has admitted that Uber's criticism was actually pretty valid -- while also asking Uber and Lyft to make more data available, in order to improve his analysis," reports Fortune. From the report: The issue with the draft paper from MIT's Center for Energy and Environmental Policy Research (CEEPR), Uber's chief economist Jonathan Hall said, was this: The researchers asked drivers how much money they made on average each week from such services, but then asked "How much of your total monthly income comes from driving" -- without specifying that such income must relate to on-demand services. Of course, many people driving for Uber and Lyft also earn money from regular jobs and other income sources. And this, Hall alleged, skewed the researchers' results.

"Hall's specific criticism is valid," wrote Stephen Zoepf, the executive director of Stanford's Center for Automotive Research, who led the MIT study, on Monday. "In re-reading the wording of the two questions, I can see how respondents could have interpreted the two questions in the manner Hall describes." Zoepf said he would be updating the CEEPR paper, but in the meantime he recalculated the figures using a methodology suggested by Hall, and found that the median profit was $8.55 per hour, rather than $3.37, and only 8% of drivers lose money on on-demand platforms. Using another methodology, he added, the median rises to $10 per hour and only 4% of drivers lose money.

An MIT study using data from more than 1,100 Uber and Lyft drivers concluded they're earning a median pretax profit of just $3.37 per hour. But now Reuters reports: Uber Chief Executive Dara Khosrowshahi criticized the MIT study in a tweet on Friday as "Mathematically Incompetent Theories (at least as it pertains to ride-sharing)," and linked to a response by Uber chief economist Jonathan Hall that challenged the study's methodology. Hall's rebuttal to the study said the likely misinterpretation of a survey question and the study's "inconsistent logic" produced a wage result that was below similar studies elsewhere. He said the study used a "flawed methodology" compared with a survey that found drivers' average hour earnings were $15.68. "The earnings figures suggested in the paper are less than half the hourly earnings numbers reported in the very survey the paper derives its data from," wrote Hall.

The MIT study's lead author, Stephen Zoepf, told Reuters in an email on Saturday, "I can see how the question on revenue might have been interpreted differently by respondents" and called Hall's rebuttal thoughtful. "I'm re-running the analysis this weekend using Uber's more optimistic assumptions and should have new results and a public response acknowledging the discrepancy by Monday," he wrote.
Saturday Uber's CEO tweeted a thank-you to MIT, "for listening and revisiting this study and its findings. Right thing to do."

An anonymous reader quotes the EFF: Playboy Entertainment has given up on its lawsuit against Happy Mutants, LLC, the company behind Boing Boing. Earlier this month, a federal court dismissed Playboy's claims but gave Playboy permission to try again with a new complaint, if it could dig up some new facts. The deadline for filing that new complaint passed this week, and today Playboy released a statement suggesting that it is standing down...

It's hard to understand why Playboy brought this case in the first place, turning its legal firepower on a small news and commentary website that hadn't uploaded or hosted any infringing content. We're also a little perplexed as to why Playboy seems so unhappy that the Boing Boing post is still up when the links they complain about have been dead for almost two years.

In December, said it would assign more than 10,000 people to moderate content in an attempt to curb its child exploitation problem. Today, Bloomberg reports that those new moderators mistakenly removed several videos and some channels from right-wing, pro-gun video producers and outlets in the midst of a nationwide debate on gun control. From the report: Some YouTube channels recently complained about their accounts being pulled entirely. On Wednesday, the Outline highlighted accounts, including Titus Frost, that were banned from the video site. Frost tweeted on Wednesday that a survivor of the shooting, David Hogg, is an actor. Jerome Corsi of right-wing conspiracy website Infowars said on Tuesday that YouTube had taken down one of his videos and disabled his live stream. Shutting entire channels would have marked a sweeping policy change for YouTube, which typically only removes channels in extreme circumstances and focuses most disciplinary action on specific videos. But YouTube said some content was taken down by mistake. The site didn't address specific cases and it's unclear if it meant to take action on the accounts of Frost and Corsi. "As we work to hire rapidly and ramp up our policy enforcement teams throughout 2018, newer members may misapply some of our policies resulting in mistaken removals," a YouTube spokeswoman wrote in an email. "We're continuing to enforce our existing policies regarding harmful and dangerous content, they have not changed. We'll reinstate any videos that were removed in error."

Congressional Democrats today introduced legislation that would prevent the repeal of net neutrality rules, but they still need more support from Republicans in order to pass the measure. According to Sen. Ed Markey (D-Mass.), they will force a vote on the Senate version of the resolution sometime this spring. Ars Technica reports: Democrats have been promising to introduce a Congressional Review Act (CRA) resolution ever since the Federal Communications Commission voted to repeal its net neutrality rules in December. But lawmakers had to wait for the FCC's repeal order to be published in the Federal Register, which only happened last week. The CRA resolution would nullify the FCC's repeal order, allowing net neutrality rules that were passed in 2015 to remain in place. The resolution has public support from 50 out of 100 senators (all Democrats, all Independents, and one Republican), putting it one vote shy of passage in the Senate.

"The grassroots movement to reinstate net neutrality is growing by the day, and we will get that one more vote needed to pass my CRA resolution," Markey said. "I urge my Republican colleagues to join the overwhelming majority of Americans who support a free and open Internet. The Internet is for all -- the students, teachers, innovators, hard-working families, small businesses, and activists, not just Verizon, Charter, AT&T, and Comcast and corporate interests."

troublemaker_23 shares a report from iTWire: The Los Angeles Times website is serving a cryptocurrency mining script which appears to have been placed there by malicious attackers, according to a well-known security expert. British infosec researcher Kevin Beaumont, who has warned that Amazon AWS servers could be held to ransom due to lax security, tweeted that the newspaper's site was serving a script created by Coinhive. The Coinhive script mines for the monero cryptocurrency. The S3 bucket used by the LA Times is apparently world-writable and an ethical hacker appears to have left a warning in the repository, warning of possible misuse and asking the owner to secure the bucket.

An anonymous reader quotes a report from Ars Technica: In a White House meeting held with lawmakers on the theme of school safety, President Donald Trump offered both a direct and vague call to action against violence in media by calling out video games and movies. "We have to do something about what [kids are] seeing and how they're seeing it," Trump said during the meeting. "And also video games. I'm hearing more and more people say the level of violence on video games is shaping more and more people's thoughts." Trump followed this statement by referencing "movies [that] come out that are so violent with the killing and everything else." He made a suggestion for keeping children from watching violent films: "Maybe they have to put a rating system for that." The MPAA's ratings board began adding specific disclaimers about sexual, drug, and violent content in all rated films in the year 2000, which can be found in small text in every MPAA rating box.

leathered writes: Jeff Bezos today announced that Amazon Studios has picked up the rights to adapt the late Iain M. Bank's acclaimed Culture novels to the small screen, beginning with the first in the series, Consider Phlebas. This comes after nearly three decades of attempts to bring Banks' utopian, post-scarcity society to film or television. A huge fan of the Culture series is Elon Musk, whose SpaceX drone ships are named after Culture space vessels. Here's how Amazon describes Consider Phlebas: "a kinetic, action-packed adventure on a huge canvas. The book draws upon the extraordinary world and mythology Banks created in the Culture, in which a highly advanced and progressive society ends up at war with the Idirans, a deeply religious, warlike race intent on dominating the entire galaxy. The story centers on Horza, a rogue agent tasked by the Idirans with the impossible mission of recovering a missing Culture 'Mind,' an artificial intelligence many thousands of times smarter than any human -- something that could hold the key to wiping out the Culture altogether. What unfolds, with Banks' trademark irreverent humor, ultimately asks the poignant question of how we can use technology to preserve our humanity, not surrender it."

An anonymous reader quotes a report from CNET: Amazon CEO Jeff Bezos shared a video on Tuesday of his latest project: a giant clock designed to keep time for 10,000 years. Buried deep in a west Texas mountain, the project is in partnership with San Francisco-based group The Long Now Foundation, which grew out of an idea for a 10,000 year clock that co-founder Danny Hillis proposed back in the '90s. Now, the 500-foot tall mechanical wonder is finally undergoing installation. Bezos is fronting the cash for the $42 million project, saying on the project's website that the clock is "designed to be a symbol, an icon for long-term thinking." The clock is powered by a large weight hanging on a gear, built out of materials durable enough to keep time for 10 millennia. Bezos isn't the only noteworthy name on the clock project. Musician Brian Eno and writers Kevin Kelly and Stewart Brand are also involved in the clock's construction. The team has spent the last few years creating parts for the clock and drilling through the mountain to store the pieces. You can read Bezos's account of that and view photos of the progress here.

An anonymous reader quotes a report from Wired: In the wake of Wednesday's Parkland, Florida school shooting, which resulted in 17 deaths, troll and bot-tracking sites reported an immediate uptick in related tweets from political propaganda bots and Russia-linked Twitter accounts. Hamilton 68, a website created by Alliance for Securing Democracy, tracks Twitter activity from accounts it has identified as linked to Russian influence campaigns. On RoBhat Labs' Botcheck.me, a website created by two Berkeley students to track 1500 political propaganda bots, all of the top two-word phrases used in the last 24 hours -- excluding President Trump's name -- are related to the tragedy: School shooting, gun control, high school, Florida school. The top hashtags from the last 24 hours include Parkland, guncontrol, and guncontrolnow.

While RoBhat Labs tracks general political bots, Hamilton 68 focuses specifically on those linked to the Russian government. According to the group's data, the top link shared by Russia-linked accounts in the last 48 hours is a 2014 Politifact article that looks critically at a statistic cited by pro-gun control group Everytown for Gun Safety. Twitter accounts tracked by the group have used the old link to try to debunk today's stats about the frequency of school shootings. Another top link shared by the network covers the "deranged" Instagram account of the shooter, showing images of him holding guns and knives, wearing army hats, and a screenshot of a Google search of the phrase "Allahu Akbar." Characterizing shooters as deranged lone wolves with potential terrorist connections is a popular strategy of pro-gun groups because of the implication that new gun laws could not have prevented their actions. Meanwhile, some accounts with large bot followings are already spreading misinformation about the shooter's ties to far-left group Antifa, even though the Associated Press reported that he was a member of a local white nationalist group. The Twitter account Education4Libs, which RoBhat Labs shows is one among the top accounts tweeted at by bots, is among the prominent disseminators of that idea.

According to Mashable, Facebook account holder Gabriel Lewis tweeted that Facebook texted "spam" to the phone number he submitted for the purposes of 2-factor authentication. Lewis insists that he did not have mobile notifications turned on, and when he replied "stop" and "DO NOT TEXT ME," he says those messages showed up on his Facebook wall. From the report: Lewis explained his version of the story to Mashable via Twitter direct message. "[Recently] I decided to sign up for 2FA on all of my accounts including FaceBook, shortly afterwards they started sending me notifications from the same phone number. I never signed up for it and I don't even have the FB app on my phone." Lewis further explained that he can go "for months" without signing into Facebook, which suggests the possibility that Mark Zuckerberg's creation was feeling a little neglected and trying to get him back. According to Lewis, he signed up for 2FA on Dec. 17 and the alleged spamming began on Jan. 5. Importantly, Lewis isn't the only person who claims this happened to him. One Facebook user says he accidentally told "friends and family to go [to] hell" when he "replied to the spam."

An anonymous reader quotes a report from Ars Technica: Apple released its much-hyped HomePod speaker to the masses last week, and the general consensus among early reviews is that it sounds superb for a relatively small device. But most of those reviews seem to have avoided making precise measurements of the HomePod's audio output, instead relying on personal experience to give generalized impressions. That's not a total disaster: a general rule for speaker testing is that while it's good to stamp out any outside factor that may cause a skewed result, making definitive, "objective" claims is difficult. But having some proper measurements is important. Reddit user WinterCharm, whose real name is Fouzan Alam, has made just that in a truly massive review for the site's "r/audiophile" sub. And if his results are to be believed, those early reviews may be underselling the HomePod's sonic abilities. After a series of tests with a calibrated microphone in an untreated room, Alam found the HomePod to sound better than the KEF X300A, a generally well-regarded bookshelf speaker that retails for $999. What's more, Alam's measurements found the HomePod to provide a "near-perfectly flat frequency response," meaning it stays accurate to a given track without pushing the treble, mids, or bass to an unnatural degree. He concludes that the digital signal processing tech the HomePod uses to "self-calibrate" its sound to its surroundings allows it to impress at all volumes and in tricky environments. "The HomePod is 100% an audiophile grade speaker," he writes.

Matt Novak reports via Gizmodo: During the first Cold War, American and British spies would sometimes place coded messages in newspaper classified ads to communicate with each other. And according to new reports in the New York Times and The Intercept, the National Security Agency (NSA) has updated the tactic, using its public Twitter account to send secret messages to at least one Russian spy. That's just one relatively small detail in much more salacious articles about NSA and CIA agents traveling to Germany in an effort to recover cyberweapons that had been stolen from U.S. intelligence agencies. A Russian spy allegedly offered up the stolen cyber tools to the Americans in exchange for $10 million, eventually lowering his price to just $1 million. The Russian spy allegedly claimed to even have dirt on President Trump.

According to the reports, the unnamed Russian met with U.S. spies in person in Germany, and the NSA sometimes communicated with the Russian spy by sending roughly a dozen coded messages from the NSA's Twitter account. The one important question: Were the messages sent via direct message or were they sent out as public tweets? The New York Times report leaves some ambiguity, but according to James Risen in The Intercept they were very public.