Slashdot Mirror

An anonymous reader quotes a report from Ars Technica: Google's got a hot new ride. The company has a new Street View car with updated cameras, and -- surprisingly -- a set of Lidar (Light, Detection and Ranging) cans! Google doesn't have anything up officially about this, but Wired has the scoop on the new vehicles. The camera system upgrade -- the first in eight years -- greatly improves the image quality while simplifying the rig. In the main ball, Google is down from 15 cameras to seven, making the whole package a lot smaller. These 20MP cameras are aimed all around the car, and the pictures they take are stitched together into a spherical image for Google Maps. There's more to the cars than just the ball though: there are also a pair of "HD" cameras that face directly left and right. These are dedicated to reading street signs, business names, and even posted store hours; those images are funneled to Google's cloud computers for visual processing. The end result of the new cameras will be prettier Street View shots, with higher resolution, better colors, and fewer stitching errors. The better images should also result in more data for Google's various visual feature-detection algorithms.

Wired's report focuses almost entirely on the new cameras, but I think the the most interesting additions are the two LIDAR pucks that hang just below the camera ball. These are the ubiquitous Velodyne VLP-16 "Puck" sensors, allowing the to car "see" in 3D in 360 degrees. These $8,000 Lidar sensors are most commonly used in autonomous car prototypes, so to see them on a Street View car is unexpected. Don't expect the Street View cars to start driving themselves anytime soon -- as Google Street View's Technical Program Manager Steve Silverman says in Wired's video, the Lidar sensors "are used to position us in the world."

California may have produced the horrorshow traffic that prompted Elon Musk to pitch the hyperloop, but it's hardly the only place eager to ditch cars for levitating pods hurtling through tubes at speeds approaching the sound barrier. India wants in, too. From a report: Today, Hyperloop Transportation Technologies, one of the companies formed to realize Musk's vision of tube travel, announced it has signed a deal with the state of Andhra Pradesh, in southeast India. Working with the state's economic development board, HTT will spend six months studying possible routes for a hyperloop connecting the cities of Vijaywada and Amaravati -- a move that would transform a 27-mile, hour-long drive into a six-minute whoosh. And then, over an undisclosed period of time, the Los Angeles-based company says it will build the thing. The India deal is just the latest for HTT, which also plans to build networks of tubes in South Korea, Slovakia, and Abu Dhabi. But to make all -- or any -- of that happen, the company's 800 engineers (most of whom have day jobs and work on this in their spare time, in exchange for stock options) must first master the practical aspects of the hyperloop. That means building and maintaining a near-vacuum state across miles of tubes, propelling levitating pods through them, getting people or cargo into and out of those pods, and much more.

New submitter mirandakatz writes: Katie Hafner has spent the last 23 days in rehab. Not for alcoholism or gambling, but for a self-inflicted case of episodic partial attention thanks to her iPhone. On Backchannel, Hafner writes about the detrimental effect the constant stream of pings has had on her, and how her life has come to resemble a computer screen. "I sense a constant agitation when I'm doing something," she says, "as if there is something else out there, beckoning -- demanding -- my attention. And nothing needs to be deferred." "I blame electronics for my affliction," writes Hafner, who says the devices in her life "teem with squirrels." "If I pick up my iPhone to send a text, damned if I don't get knocked off task within a couple of seconds by an alert about Trump's latest tweet. And my guess is that if you have allowed your mind to be as tyrannized by the demands of your devices as I have, you too suffer to some degree from this condition."

Hafner goes on to describe her symptoms of "episodic partial attention" and provide potential fixes for it: "There are the obvious fixes. Address the electronics first: Silence the phone as well as all alerts on your computer, and you automatically banish two squirrels. But how do you shut down the micro-distractions that dangle everywhere in your physical world, their bushy gray tails twitching seductively? My therapy, of my own devising, consists of serial mono-tasking with a big dose of mindful intent, or intentional mindfulness -- which is really just good, old-fashioned paying attention. At first, I took the tiniest of steps. I celebrated the buttoning of a blouse without stopping to apply the hand cream I spotted on the dresser as if I had gotten into Harvard. Each task I took on -- however mundane -- I had to first announce, quietly, to myself. I made myself vow that I would work on that task and only that task until it was finished. Like a stroke patient relearning how to move an arm, I told myself not that I was making the entire bed (too overwhelming), but that I had a series of steps to perform: first the top sheet, then the blankets, then the comforter, then the pillows. Emptying the dishwasher became my Waterloo. Putting dishes away takes time, and it's tedious. Perhaps the greatest challenge lies in the fact that the job requires repeated kitchen crossings. There are squirrels everywhere, none more treacherous than the siren song that is my iPhone."

Willium Caput, a researcher for the firm Evolve Security, examined a stack of gift cards he obtained from a major Mexican restaurant chain and noticed a pattern: aside from the final four digits of the cards that appeared to be random, the rest remained constant except one digit that appeared to increase by one with every card he examined. Andy Greenberg explains how Caput plans to defraud the system in his report via WIRED (Warning: source may be paywalled; alternative source): "You take a small sample of gift cards from restaurants, department stores, movie theaters, even airlines, look at the pattern, determine the other cards that have been sold to customers and steal the value on them," says Caput. To pull off the trick, Caput says he has to obtain at least one of the target company's gift cards. Unactivated cards often sit out for the taking at restaurants and retailers, or he can just buy one. (Not all cards change by a value of one, as that first Mexican restaurant did. But Caput says obtaining two or three cards can help to determine the patterns of those that don't.) Then he simply visits the web page that the store or restaurant uses for checking a card's value. From there, he runs the bruteforcing software Burp Intruder to cycle through all 10,000 possible values for the four random digits at the end of the card's number, a process that takes about 10 minutes. By repeating the process and incrementing the other, predictable numbers, the site will confirm exactly which cards have how much value. "If you can find just one of their gift cards or vouchers, you can bruteforce the website," he says.

Once a thief has determined those activated, value-holding card numbers, he or she can use them on the retailer's ecommerce page, or even in person; Caput's written them to a blank plastic card with a $120 magnetic-strip writing device available on Amazon, and found that most retailers accept his cards without questions. (Caput only asks the store or restaurant to check the card's balance, rather than spend any money from the cards belonging to actual victims.) "It's a pretty anonymous attack," Caput says. "I can go in, order food, and walk out. The person's card says it has $50 on it, and then it's gone." Caput said he plans to present his findings at the Toorcon hacker conference this weekend.

An anonymous reader quotes Wired: Last year, well over a third of the incidents assessed by security firm Carbon Black and its partners involved some sort of PowerShell component. But as network defenders catch on to Microsoft's recent release of additional PowerShell protections, the attack sequences that exploit PowerShell are finding some long-overdue resistance... PowerShell 5.0, released last year, added a full suite of expanded logging tools... While it's no panacea, and doesn't keep attackers out, the renewed focus on logging aids flagging and detection. It's a baseline step that helps remediation and response after an attack is over, or if it persists long-term... And PowerShell's recent defense improvements go beyond logs. The framework also recently added "constrained language mode," to create even more control over what commands PowerShell users can execute... The security industry at large has also made strides to determine what baseline normal activity for PowerShell looks like, since deviations could indicate malicious behavior.
Lee Holmes, Microsoft's principal software design engineer for PowerShell, says they've been "laser-focused on security since the very first version," adding that they're now moving towards a more enlightened approach.

"You can focus harder on protecting against breaches and defense in depth, but the enlightened approach is to assume breach and build the muscle on detection and remediation -- make sure that you're really thinking about security end-to-end in a holistic manner."

An anonymous reader shares an article: Countless studies have shown that social-driven FOMO (fear of missing out) stems from a person's primitive desire to belong to a group, with each snap, tweet, or post a reminder of what separates you from them. This other type of FOMO, the all-news, all-the-time kind, is new enough that nobody has really studied it much, yet of the half-dozen experts in sociology, anthropology, economics, and neurology I spoke to, all quickly recognized what I was describing, and some even admitted to feeling it themselves. "We scroll through our Twitter feeds, not seeking anything specific, just monitoring them so we don't miss out on anything important," says Shyam Sundar, a communications researcher at Pennsylvania State University. This impulse could stem from the chemical hits our brains receive with each news hit, but it could also derive from a primitive behavioral instinct -- surveillance gratification-seeking, or the urge that drove our cave-dwelling ancestors to poke their heads out and check for predators. In times of perceived crisis, our brains cry out for information to help us survive. Maybe this alarm stems from steady hits of @realDonaldTrump. Maybe it's triggered by left-wing Resistance types. Or could it be #FakeNews, ISIS, guns, police violence, or street crime, all propagated through our social media bubbles with headlines that are written specifically to grab our attention? This feels like a processing problem. "One thing we learn about human beings: We're meaning-making machines," Kross says. And social mania may be ideal for mainlining breaking news, but it's not great at providing meaning and context.

I'd like to cut the cord, writes Brian Barrett for Wired, then, the very instant I allow myself to picture what life looks like after that figurative snip, my reverie comes crashing down. From an article: Cutting the cord is absolutely right for some people. Lots of people, maybe. But it's not that cheap, and it's not that easy, and there's not much hope of improvement on either front any time soon. Not to turn this into a math experiment, but let's consider cost. Assuming you're looking for a cord replacement, not abandoning live television altogether, you're going to need a service that bundles together a handful of channels and blips them to your house over the internet. The cheapest way you can accomplish this is to pay Sling TV $20 per month, for which you get 29 channels. That sounds not so bad, and certainly less than your cable bill. But! Sling Orange limits you to a single stream. If you're in a household with others, you'll probably want Sling Blue, which offers multiple streams and 43 channels for $25 per month. But! Sling Orange and Sling Blue have different channel lineups (ESPN is on Orange, not Blue, while Orange lacks FX, Bravo and any locals). For full coverage, you can subscribe to both for $40. But! Have kids? You'll want the Kids Extra package for another $5 per month. Love ESPNU? Grab that $5 per month sports package. HBO? $15 per month, please. Presto, you're up to $65 per month. But! Don't forget the extra $5 for a cloud-based DVR. Plus the high-speed internet service that you need to keep your stream from buffering, which, by the way, it'll do anyway. That's not to pick on Sling TV, specifically. But paying $70 to quit cable feels like smoking a pack of Parliaments to quit Marlboro Lights. You run into similar situations across the board, whether it's a higher base rate, or a limited premium selection, or the absence of local programming altogether. It turns out, oddly enough, that things cost money, whether you access those things through traditional cable packages or through a modem provided to you by a traditional cable operator.

Long-time Slashdot reader mi quotes the BBC: The Ministry of Defence is reviewing security after a tiny drone landed on the deck of Britain's biggest warship. The Queen Elizabeth aircraft carrier was docked at Invergordon in the Highlands when an amateur photographer flew the drone close to the giant ship. When the aircraft sensed a high wind risk, it landed itself on the £3bn warship. The pilot told BBC Scotland: "I could have carried two kilos of Semtex and left it on the deck... I would say my mistake should open their eyes to a glaring gap in security."
Meanwhile, tastic007 shares Wired's footage of anti-drone products being tested (like net guns, air-to-air combat counter-drones, and drone net shotgun shells) -- part of the research presented at this year's DEFCON.

rgh02 submitted this article from Backchannel which argues companies "need to work harder and more persistently to attract, retain, and recognize talent" -- especially older talent: We "elders" know perfectly well that our workplaces are by and large not about us. We don't drive how roles, functions, advancement, and success are seen. Career development options and the hierarchical career ladders everyone is expected to climb are designed for the majority: younger workers. What can be done? There has to be a systems overhaul...
The article suggests restructuring workplaces with "individual contributor tracks" which reward people who don't go on to become managers, as well as things like paid mentoring positions and "phased retirement" programs that create part-time positions to allow a more gradual transition into retirement.

"Right after the keynote in which Steve Jobs introduced the iPod Shuffle, I went backstage with one question in mind: What makes an iPod an iPod?" remembers Steven Levy. mirandakatz writes Apple recently announced that it's officially discontinuing the iPod -- sad news for anyone who'd prefer to not have to lug around an entire phone to listen to music. At Backchannel, Steven Levy offers a requiem... The Shuffle, he writes, was unique in that it was an iPod stripped down to a single basic function -- and, as Steve Jobs told Levy in 2005, it made the perfect [cheap] gift for inculcating young kids in the ways of Apple.

"I will go buy them one of these for 100 bucks apiece," he told Levy, referring to why the Shuffle was an especially appropriate gift for his daughters, six and nine at the time. "They'll probably lose them in 60 days. But they'll get into it this way."
Jobs called the Shuffle "every bit an iPod -- just a different iPod," saying that the definition was simply "a great digital music player." (Though later he'd say that creating a radically smaller Nano was still "a huge bet.") Levy remembers the Shuffle as "one of the company's most fun products ever...stripped down to the one feature I adored," writing that he loved how "algorithmic serendipity" approximated a genius deejay (or "the 'Hand of God' chess move that Deep Blue used to confuse Garry Kasparov into thinking the computer had trespassed into realms formerly limited to brilliant humans.")

I bought my first mp3 player in 2000 -- an Archos Jukebox 6000 which weighed three quarters of a pound. Anyone else have fond memories they want to share about the iPod, the Nano, the Shuffle, your old Newton -- or your own first mp3 player?

rgh02 writes: Earlier this summer, popular YouTube channel Auralnauts received some unfortunate news: Warner/Chappell had filed a monetization claim on their "Star Wars Minus Williams" video through YouTube's Content ID System. More than anything, the Auralnauts were confused -- the video the music company was claiming rights over didn't have any music in it at all.
In fact, the video is almost entirely silent, augmented with a few awkward coughs as Han Solo and Luke Skywalker plod noiselessly toward Princess Leia in a two-minute scene where they're awarded ceremonial medallions. Wired's article describes it as "a tongue-in-cheek tribute" to John Williams' Star Wars score for the film's final scene, also reporting that it had been online for almost three years before Warner/Chappell music publishing claimed rights to all money the video would receive: When I tried to get Warner/Chappell's side of this story, the company offered no comment. But apparently my reporting helped bring the "Star Wars Minus Williams" copyright dispute to an unexpectedly speedy resolution. When Koonce told his YouTube partner manager that a journalist had interviewed him, YouTube stepped in and removed the copyright claim against the video.
YouTube has also created a "Fair Use Protection" program covering legal costs for channels they believe are unfairly targeted with video takedown notices. But the article points out that 95% of the time music companies just chose YouTube's "monetize" option to claim the ad revenue rather than asking that a video be blocked -- and that last year YouTube paid the music industry $1 billion. (Though the music industry insists that amount is still below what they're receiving from streaming music services.)

schwit1 shared WIRED's report on "a life-changing technology." Steven Levy spoke with Mathias Bahnmueller as he tested a new Apple sound processor that beams digital audio directly into hearing aids. Bahnmueller suffers from hearing loss so severe that a year ago he underwent surgery to install a cochlear implant -- an electronic device in the inner ear that replaces the usual hearing mechanism. Around a million patients have undergone this increasingly mainstream form of treatment, and that's just a fraction of those who could benefit from it. (Of the 360 million people worldwide with hearing loss, about 10 percent would qualify for the surgery.) "For those who reach a point where hearing aids no longer help, this is the only solution," says Allison Biever, an audiologist in Englewood, CO who works with implant patients. "It's like restoring a signal in a radio station."

Cochlear implants bypass the usual hearing process by embedding a device in the inner ear and connecting it via electrodes to the nerve that sends audio signals to the brain... The system Bahnmueller was using came from a collaboration between Apple and Cochlear, a company that has been involved with implant technology since the treatment's early days. The firms announced last week that the first product based on this approach, Cochlear's Nucleus 7 sound processor, won FDA approval in June -- the first time that the agency has approved such a link between cochlear implants and phones or tablets. Those using the system can not only get phone calls directly routed inside their skulls, but also stream music, podcasts, audio books, movie soundtracks, and even Siri -- all straight to the implant... Apple will offer the technology free to qualified manufacturers.
Google's accessibility team for Android has no public timeline for any similar hearing aid support, though according to the article it's "on the roadmap."

rgh02 writes: Microsoft recently announced their plan to deploy unused television airwaves to solve the digital divide in America. And while the media painted this effort as a noble one, at Backchannel, Susan Crawford reveals the truth: "Microsoft's plans aren't really about consumer internet access, don't actually focus on rural areas, and aren't targeted at the US -- except for political purposes." So what is Microsoft really up to?
The article's author believes Microsoft's real game is "to be the soup-to-nuts provider of Internet of Things devices, software, and consulting services to zillions of local and national governments around the world. Need to use energy more efficiently, manage your traffic lights, target preventative maintenance, and optimize your public transport -- but you're a local government with limited resources and competence? Call Microsoft."

The article argues Microsoft wants to bypass mobile data carriers who "will want a pound of flesh -- a percentage -- in exchange for shipping data generated by Microsoft devices from Point A to Point B... [I]n many places, they are the only ones allowed to use airwave frequencies -- spectrum -- under licenses from local governments for which they have paid hundreds of millions of dollars."

New submitter mirandakatz writes: Lily Robotics had everything: Two charismatic young founders; millions in funding; and a product that promised to change the world -- or, at the very least, transform photography. But over 60,000 customers are still waiting for their Lily Drones, and the company is now being sued by the San Francisco District Attorney's office for false advertising. As it turns out, Lily Robotics never actually had the right tools to create the product it was selling -- and it all came crashing down. At Backchannel, Jessica Pishko has the untold story of how such a promising company went so wrong.

From the report: "The magic of the Lily Drone was in its concept: It was a product you could unpack and throw -- so easy, Antoine Balaresque, the cofounder and CEO of Lily Robotics, wrote in emails, that even an old person could do it. But translating that idea into a tangible product proved difficult, and the storytelling that made the Lily Drone so tantalizing to consumers ultimately factored into its downfall. In one of his presentations, Balaresque presented a PowerPoint slide with the sentence, 'Humans have a fundamental need to put themselves in the center of stories.' It appeared to be a quote he made up, but the idea that human nature needs stories is fundamental. Stories are how we make sense of our lives. But while a good story can get you funding and acclaim, ultimately it isn't enough."

David Pierce, writing for Wired: Push notifications are ruining my life. Yours too, I bet. Download more than a few apps and the notifications become a non-stop, cacophonous waterfall of nonsense. Here's just part of an afternoon on my phone:
"Hi David! We found new Crown jewels and Bottle caps Pins for you!"
"Everyone's talking about Bill Nye's new book, Everything All at Once. Read a free sample."
"Alex just posted for the first time in a while."
I get notifications when an acquaintance comments on a stranger's Facebook posts, when shows I don't care about come to Netflix, and every single day at 6 PM when the crossword puzzle becomes available. Recently, I got a buzz from my close personal friends at Yelp. "We found a hot new business for you," it said. I opened the notification, on the off chance that Yelp had finally found the hot new business I've been waiting for. It did not. So I closed Yelp, stared into space for a second, and then opened Instagram. Productivity over. Over the last few years, there's been an increasingly loud call for a re-evaluation of the relationship between humans and smartphones. For all the good that phones do, their grip on our eyes, ears, and thoughts creates real and serious problems. "I know when I take [technology] away from my kids what happens," Tony Fadell, a former senior VP at Apple who helped invent both the iPod and the iPhone, said in a recent interview. "They literally feel like you're tearing a piece of their person away from them. They get emotional about it, very emotional. They go through withdrawal for two to three days." Smartphones aren't the problem. It's all the buzzing and dinging, endlessly calling for your attention.

theodp writes: In A Son's Race to Give His Dying Father Artificial Immortality (Warning: may be paywalled; alternate source), James Vlahos recounts his efforts to turn the story of his father's life -- as told by his 80-year-old Dad in his final months after being diagnosed with stage IV lung cancer -- into what Vlahos calls "a Dadbot -- a chatbot that emulates not a children's toy but the very real man who is my father." Given the limits of tech at the time (2016) and his own inexperience as a programmer, Vlahos recognized that the bot would never be more than a shadow of his real dad, but hoped to get the bot to communicate in his father's distinctive manner and convey at least some sense of his personality. Of the first time he demoed the bot for his parents, Vlahos writes: "Emboldened, I bring up something that has preoccupied me for months. 'This is a leading question, but answer it honestly,' I say, fumbling for words. 'Does it give you any comfort, or perhaps none -- the idea that whenever it is that you shed this mortal coil, that there is something that can help tell your stories and knows your history?' My dad looks off. When he answers, he sounds wearier than he did moments before. 'I know all of this shit,' he says, dismissing the compendium of facts stored in the Dadbot with a little wave. But he does take comfort in knowing that the Dadbot will share them with others. 'My family, particularly. And the grandkids, who won't know any of this stuff.' He's got seven of them, including my sons, Jonah and Zeke, all of whom call him Papou, the Greek term for grandfather. 'So this is great,' my dad says. 'I very much appreciate it.'"

Alphabet's Google has officially launched the "Enterprise Edition" of its smart glasses hardware, which is now available to a network of Google partners. From a report: The company's developer partners range from logistics and manufacturing to patient care. These apps have long-been involved with Glass through the business-focused "Glass at Work" program. In a blog post Tuesday, Google Glass project leader Jay Kothari said partners such as GE Aviation, AGCO, DHL, Dignity Health, NSF International, Sutter Health, Boeing and Volkswagen have been using Glass over the past several years, and make up just a sampling of 50 companies using the wearable. Wired said several of these companies found the original Google Glass to be very useful in factories and other enterprise environments. Google discovered this and began work on a product built by a team dedicated to building a new version of Glass for the enterprise. According to Kothari, the Google Glass Enterprise Edition glasses are lighter and more "comfortable for long term wear." They also offer more power and longer battery life and, offer support for folks with prescription lenses, Wired said. The glasses, too, are stronger and do double duty as safety glasses. Further reading: Google Glass 2.0 Is a Startling Second Act.

Alphabet's Google has officially launched the "Enterprise Edition" of its smart glasses hardware, which is now available to a network of Google partners. From a report: The company's developer partners range from logistics and manufacturing to patient care. These apps have long-been involved with Glass through the business-focused "Glass at Work" program. In a blog post Tuesday, Google Glass project leader Jay Kothari said partners such as GE Aviation, AGCO, DHL, Dignity Health, NSF International, Sutter Health, Boeing and Volkswagen have been using Glass over the past several years, and make up just a sampling of 50 companies using the wearable. Wired said several of these companies found the original Google Glass to be very useful in factories and other enterprise environments. Google discovered this and began work on a product built by a team dedicated to building a new version of Glass for the enterprise. According to Kothari, the Google Glass Enterprise Edition glasses are lighter and more "comfortable for long term wear." They also offer more power and longer battery life and, offer support for folks with prescription lenses, Wired said. The glasses, too, are stronger and do double duty as safety glasses. Further reading: Google Glass 2.0 Is a Startling Second Act.

theodp writes: Back in ye olde days of the information superhighway," begins Clive Thompson in It's Time to Make Code More Tinker-Friendly, "curious newbies had an easy way to see how websites worked: View Source." But no more. "Websites have evolved into complex, full-featured apps," laments Thompson. "Click View Source on Google.com and behold the slurry of incomprehensible Javascript. This increasingly worries old-guard coders. If the web no longer has a simple on-ramp, it could easily discourage curious amateurs." What the world needs now, Thompson argues, are "new tools that let everyone see, understand, and remix today's web. We need, in other words, to reboot the culture of View Source." Thompson cites Fog Creek Software's Glitch, Chris Coyier's CodePen, and Google's TensorFlow Playground as examples of efforts that embrace the spirit of View Source and help people recombine code in useful ways. Any other suggestions?

mirandakatz writes: When a small company called Space Data sued Alphabet's Project Loon last summer, not much came of it. But last month, Space Data scored a major win: It got the U.S. Patent and Trademark Office to cancel most of one of Project Loon's foundational patents, and say that Space Data came up with the idea first. That means it can now file for an injunction, and get Project Loon to stop using its internet-beaming balloons. At Backchannel, Mark Harris has dug into court records to present the full story of how Alphabet, which is currently suing Uber over trade secrets, came to be accused of doing exactly the same thing.

New submitter mirandakatz writes: New York City is lagging far behind when it comes to ensuring ubiquitous, reasonably priced fiber optic internet access for every resident. There's a jaw-dropping digital divide in the city, and more than a quarter of households are still using dial-up. The city could be doing more to fix that -- but it's not. That's why Susan Crawford, a professor at Harvard Law School and fierce advocate for nationwide fiber, is suing the city. At Backchannel, Crawford writes that "the city's intransigence should be embarrassing to it. Instead of a plan, instead of exercising power and acting coherently, all we've got is shuffling and nay-saying. Getting information regarding access is the key to transforming telecommunications policy in the U.S. -- as well as in New York City. We must do better." "New York City is the regulator of all the underground conduit in those two boroughs -- meaning the pipes running under the streets through which fiber optic lines are threaded," Crawford writes. "At any moment, it could require that additional conduit be built where it doesn't now exist. It could require that choked-up conduit that is now decades old be cleaned and repaired. And it could require that that conduit run to every building in the city, and require that all new buildings have neutral connection points in their basements allowing many competitors to hawk their services to tenants. If the city took these steps [...] it would foster a vibrantly competitive marketplace for retail fiber-based services for everyone. Dozens of competitors. Low prices for data transmission. But the problem is that, as far as I can tell, the city that never sleeps is, in fact, asleep: It is not taking advantage of its powers. That is why I sued the city five years ago seeking information about its regulatory efforts."

From an ArsTechnica article: Smartphone companies don't seem to care about cultivating a true "lineup" of phones. If you aren't spending at least $650, most companies will offer you anonymous, second-rate devices that seem like they've had no thought put into them. Enter the OnePlus 5, which continues the company's tradition of offering an all-business, high-end smartphone for a great price. Today OnePlus is both announcing the OnePlus 5 and lifting the review embargo on the device, which we've had for about two weeks now. $479 gets you an aluminum-clad pocket computer with a 2.45GHz Snapdragon 835 SoC, 6GB of RAM, 64GB of storage, and a 3,300mAh battery. You still get OnePlus' physical 3-way alert switch, a USB-C port, capacitive buttons with a front-mounted fingerprint reader, and a headphone jack. The phone has two cameras on the back: one 16MP main camera and one 20MP telephoto camera, arranged in the most iPhone-y way possible. Besides the $479 version, there's a more expensive $539 version, which ups the RAM from 6GB to a whopping 8GB, adds another 64GB of storage for a total of 128GB, and changes the color from "Slate Grey" to "Midnight Black." Further reading: OnePlus 5 review: as fast and smooth as Google Pixel, without the price tag - The Guardian; OnePlus 5 review: the me-too phone - The Verge; OnePlus 5 Review - Wired.

Reader WheezyJoe writes: Four new 9700-series Itanium CPUs will be the last and final Itaniums Intel will ship. For those who might have forgotten, Itanium and its IA-64 architecture was intended to be Intel's successor to 32-bit i386 architecture back in the early 2000's. Developed in conjunction with HP, IA-64 used a new architecture developed at HP that, while capable as a server platform, was not backward-compatible with i386 and required emulation to run i386-compiled software. With the release of AMD's Opteron in 2003 featuring their alternative, fully backward-compatible X86-64 architecture, interest in Itanium fell, and Intel eventually adopted AMD's technology for its own chips and X86-64 is now dominant today. In spite of this, Itanium continued to be made and sold for the server market, supported in part by an agreement with HP. With that deal expiring this year, these new Itaniums will be Intel's last.

Rhett Allain, an Associate Professor of Physics at Southeastern Louisiana University, writing for Wired: What is the traditional lecture? It is a model of learning in which a teacher possesses the knowledge on a given topic and disseminates it to students. This model dates to the beginning of education, when it was the only way of sharing information. In fact, you occasionally still see the person presenting the lecture called a reader, because way back before the internet and even the printing press, a teacher would literally read from a book so students could copy it all down. Now, don't get me wrong. The traditional lecture model worked wonderfully for eons. But it is an outdated idea (free pass for adblockers). Close your eyes and imagine yourself in a college physics course with a professor giving a traditional lecture. Now open your eyes. Did you envision The Best Physics Lecture EVAR? I doubt it. You probably pictured someone droning on and on in front of a chalkboard or PowerPoint presentation. No way that is more engaging or interesting than an episode of The Mechanical Universe , and if you're a teacher who uses traditional lectures, just stop and play the show instead. Everyone will be better off. You may think by now that I think most physics professors are dolts. I promise that's not the case. But traditional lectures simply aren't effective. Research shows students don't learn by hearing or seeing, they learn by doing, a model often called active learning. Physics faculty should start thinking about how they can go beyond just a traditional lecture. There are some easy things they can do (or students can ask them to do) to make learning more engaging. First, make students read the book outside of class, rather than in class. If your lecture merely covers the material in the textbook, why make students buy the textbook? Now, you may put a different spin on the material, but still. You're merely repeating what students can read on their own. Let them do that on their own time, and use the classroom for experiments and demonstrations and so forth.

halfEvilTech quotes a report from Washington Post: The U.S. Senate confirmed Neil M. Gorsuch to serve on the U.S. Supreme Court on Friday. On a vote of 54 to 45, senators confirmed Gorsuch, 49, a Denver-based judge on the U.S. Court of Appeals for the 10th Circuit. He will become the 113th person to serve on the Supreme Court and is scheduled to be sworn in Monday. Gorsuch's confirmation was the result of a rule change in the Senate. Majority Leader Mitch McConnell used the power of his position to change the rules of the Senate to lower the threshold on Supreme Court nominations to end debate from 60 to 51 votes. Therefore, "all presidential nominees for executive branch positions and the federal courts need only a simple majority vote to be confirmed by senators," reports Washington Post.

It is unclear as to what exactly Gorsuch's confirmation means for the tech industry. However, it is certain that Gorsuch will "face cases that demand a solid command of the complex issues digital technology raises, from copyright and privacy to intellectual property rights and data storage," writes Issie Lapowsky via Wired.

Citations play an incredibly important role in academia. To scientists, citations are currency. Citations establish credibility, and determine the impact of a given paper, researcher, and institution. However, the system of how citations work is crippled with a problem. Over the last few decades, only researchers with subscriptions to two proprietary databases, Web of Science and Scopus, have been able to track citation records and measure the influence of a given article or scientific idea. This isn't just a problem for scientists trying to get their resumes noticed; a citation trail tells the general public how it knows what it knows, each link a breadcrumb back to a foundational idea about how the world works, reads an article on Wired. The article adds: On Thursday, a coalition of open data advocates, universities, and 29 journal publishers announced the Initiative for Open Citations with a commitment to make citation data easily available to anyone at no cost (alternative source). "This is the first time we have something at this scale open to the public with no copyright restrictions," says Dario Taraborelli, head of research at the Wikimedia Foundation, a founding member of the initiative. "Our long-term vision is to create a clearinghouse of data that can be used by anyone, not just scientists, and not just institutions that can afford licenses." Here's how it works: When a researcher publishes a paper, the journal registers it with Crossref, a nonprofit you can think of as a database linking millions of articles. The journal also bundles those links with unique identifying metadata like author, title, page number of print edition, and who funded the research. All of the major publishers started doing this when Crossref launched in 2000. But most of them held the reference data -- the information detailing who cited whom and where -- under strict copyright restrictions. Accessing it meant paying tens of thousands of dollars in subscription fees to the companies that own Web of Science or Scopus. Historically, just 1 percent of publications using Crossref made references freely available. Six months after the Initiative for Open Citations started convincing publishers to open up their licensing agreements, that figure is approaching 40 percent, with around 14 million citation links already indexed and ready for anyone to use. The group hopes to maintain a similar trajectory through the year.

From a CNET report: A VPN redirects your internet traffic, disguising where your computer, phone or other device is when it makes contact with websites. It also encrypts information you send across the internet, making it unreadable to anyone who intercepts your traffic. That includes your internet service provider. Ha! Problem solved -- right? Well, sort of. The big catch is, now the VPN has your internet traffic and browsing history, instead of your ISP. What's to stop the VPN from selling your information to the highest bidder? Of course, there are reputable VPN services out there, but it's incumbent on you the user to "do your homework," Ajay Arora, CEO of cybersecurity company Vera said. In addition to making sure the VPN will actually keep your data private, you'll want to make sure there's nothing shady in the terms and conditions. Shady how? Well, in 2015, a group of security-minded coders discovered that free VPN service Hola was selling its users' bandwidth to the paying customers of its Luminati service. That meant some random person could have been using your internet connection to do something illegal. So, shady like that. "I would recommend you do some cursory level research in terms of reputation [and] how long they've been around," Arora said, "And when you sign up, read the fine print." From a report on Wired: Christian Haschek, an Austria-based security researcher, wrote a script that analyzed 443 open proxies, which route web traffic through an alternate, often pseudo-anonymous, computer network. The script tested the proxies to see if they modified site content or allowed users to browse sites while using encryption. According to Haschek's research, just 21 percent of the tested proxies weren't "shady." Haschek found that the other 79 percent of surveyed proxy services forbid secure, HTTPS traffic.

Last week Google released E2EMail, "a Gmail client that exchanges OpenPGP mail." Google's documentation promises that "Any email sent from the app is also automatically signed and encrypted... The target is a simple user experience -- install app, approve permissions, start reading or send sending messages." Trailrunner7 quotes On The Wire: People have been trying to find a replacement for PGP almost since the day it was released, and with limited success. Encrypted email is still difficult to use and painful to implement in most cases, but Google has just released a Chrome plugin designed to address those problems. The new E2EMail extension doesn't turn a user's Gmail inbox into an encrypted mail client. Rather, it is a replacement that gives users a separate inbox for encrypted messages. The system is built on Google's end-to-end encryption library, and the company has released E2EMail as an open-source project.
Wired quotes a web security researcher who calls the open sourcing "a telltale sign the project isn't going anywhere. This is a way for them to get their work out there but to absolve themselves of future obligations." But Google's privacy and security product manager responds that they're tackling some very thorny issues like secure key handling, and "The reason we want to put this into the open source community is precisely because everyone cares about this so much. We don't want everyone waiting for Google to get something done."

Rumors were true. Nokia did launch its 3310 handset at MWC. It's been almost 17 years since the 3310 first came out. In that time the Nokia brand has been bought, sold, and stripped for parts. From a report on Wired: The 3310 is still very much a feature phone. It has a web browser, but only barely -- it's a dumbed-down version of Opera, basically there for emergency tweeting. It exists for you to make phone calls, send texts the way you did a decade ago (T9 FTW!), and play Snake. The 3310 weighs less than three ounces, and its battery lasts an absurd 31 days in standby time, or up to 22 hours of talk time. The new 3310 has a camera, for one thing, a 2-megapixel shooter. It also has a 2.4-inch, 240x320 screen, which is hilariously small and low-res but still a huge improvement over the original. It is priced at 49 Euros ($51). Also at the event, Sony announced that it is not done with putting a 4K screen on smartphones. From a report on The Verge: The XZ Premium has the world's first 4K HDR (2,160 x 3,840, High Dynamic Range) display in a smartphone. Sony has the latest and best Qualcomm chip while others are still offering the Snapdragon 820 and 821, but the Xperia XZ Premium won't be out until late spring or just ahead of the summer. Hell, the demo units shown off ahead of MWC weren't running anywhere close to final software -- so Sony is pre-announcing its new flagship device by a long margin. Other notable features include water resistance, rated to IP65 and IP68, a thinner profile at 7.9mm, and MicroSD storage expandability. The phone's battery is a reasonable 3,230mAh, and there's a fingerprint sensor integrated into the side-mounted power button as usual.

Wired magazine did a profile on The New York Times in its this month's issue. Talking about the paper's transition from print to more digital-focus than ever, author Gabriel Snyder wrote, "It's to transform the Times' digital subscriptions into the main engine of a billion-dollar business, one that could pay to put reporters on the ground in 174 countries even if (OK, when) the printing presses stop forever." Veteran journalist Om Malik analyzes the numbers: -> The company reported revenue of nearly $1.6 billion in 2016 -- remarkably consistent with prior years.
-> Print advertising revenue dipped by $70 million year-over-year to $327 million in 2016.
-> Digital advertising revenue, while a meaningful portion of the Times' revenue, did not grow enough to offset vanishing print ad dollars.
-> Total digital ad revenue in 2016 was $206 million, up only 6% from the prior year.
-> The key revenue driver for the New York Times has been its digital subscription business, which added more than half a million paid subscribers in 2016. Thanks in part to interest around the presidential election, the newspaper added 276,000 new digital subscribers in Q4, the single largest quarterly increase since 2011 (the year the pay model was launched).

The Times' digital success is hinged upon two major drivers: affiliate revenues from services like the Wirecutter and digital subscriptions. Advertising might be a good short term bandaid, but the company needs to focus on how to evolve away from it even more aggressively. The Times needs to simplify their sign-up experience and make it easier for people to pay for the subscriptions. As of now, it is like the sound you hear when scratching your nails on a piece of glass.

New submitter Shane_Optima writes: After losing his Youtube Red show and his contract with Disney, the owner of the most subscribed channel on Youtube, Felix Arvid Ulf Kjellberg (aka "PewDiePie"), has released a video response to the Wall Street Journal and other mainstream news outlets, who have labeled his comedy videos variously as racist, fascist or anti-semitic. In it, he accuses the mainstream media of deliberately fabricating and misrepresenting the evidence used against him because they are afraid of independent content producers such as himself. In the video, PewDiePie discusses the recent actions of the Wall Street Journal, whose reporters sent nine cherry-picked and edited videos to Disney, which led directly to Disney's decision to terminate their relationship with him. These video clips and others used to "prove" PewDiePie's guilt have been edited (he claims) to remove all context, to the extent of using a pose of him pointing at something as a Nazi salute and using a clip where other players are creating swastikas in a game and editing out the part where he is asking them to stop. The most-cited video in the controversy involves seeing if he can use the site Fiverr to hire someone to create a video containing an over-the-top message for a mere $5. After a couple of laughing males unfurl a sign saying "Death to All Jews," he recoils with widened eyes and sits, apparently dumbfounded, for another thirty seconds before the video ends, without him uttering another word.

PewDiePie's video comes several days after a Tumblr post where he attempted to clarify that the videos were intended to be comedy showing "how crazy the modern world is." He has not yet used the phrase "fake news" in his response to the controversy, but given the current trends surrounding that phrase, it isn't surprising that his supporters are resorting to it frequently. Is this all just another unfortunate instance of collateral damage in the war against far-right political movements, is it a campaign of malicious retaliation by old media that is terrified of new media (as Felix claims), or was J.K. Rowling correct when she called out PewDiePie as a Death Eater? Err, I mean, ...as a fascist?

Update: Apparently, canceling his Youtube Red series was deemed an insufficient response. Youtube has now removed the mirror of PewDiePie's "Death to All Jews" video because it "violates Youtube's policy on hate speech." The original posting of the video had already been marked private by PewDiePie shortly after the controversy erupted. A quick check of Vimeo and Daily Motion came up empty, so you're on your own if you wish to find out for yourself what the controversy was all about.

New submitter Shane_Optima writes: After losing his Youtube Red show and his contract with Disney, the owner of the most subscribed channel on Youtube, Felix Arvid Ulf Kjellberg (aka "PewDiePie"), has released a video response to the Wall Street Journal and other mainstream news outlets, who have labeled his comedy videos variously as racist, fascist or anti-semitic. In it, he accuses the mainstream media of deliberately fabricating and misrepresenting the evidence used against him because they are afraid of independent content producers such as himself. In the video, PewDiePie discusses the recent actions of the Wall Street Journal, whose reporters sent nine cherry-picked and edited videos to Disney, which led directly to Disney's decision to terminate their relationship with him. These video clips and others used to "prove" PewDiePie's guilt have been edited (he claims) to remove all context, to the extent of using a pose of him pointing at something as a Nazi salute and using a clip where other players are creating swastikas in a game and editing out the part where he is asking them to stop. The most-cited video in the controversy involves seeing if he can use the site Fiverr to hire someone to create a video containing an over-the-top message for a mere $5. After a couple of laughing males unfurl a sign saying "Death to All Jews," he recoils with widened eyes and sits, apparently dumbfounded, for another thirty seconds before the video ends, without him uttering another word.

PewDiePie's video comes several days after a Tumblr post where he attempted to clarify that the videos were intended to be comedy showing "how crazy the modern world is." He has not yet used the phrase "fake news" in his response to the controversy, but given the current trends surrounding that phrase, it isn't surprising that his supporters are resorting to it frequently. Is this all just another unfortunate instance of collateral damage in the war against far-right political movements, is it a campaign of malicious retaliation by old media that is terrified of new media (as Felix claims), or was J.K. Rowling correct when she called out PewDiePie as a Death Eater? Err, I mean, ...as a fascist?

Update: Apparently, canceling his Youtube Red series was deemed an insufficient response. Youtube has now removed the mirror of PewDiePie's "Death to All Jews" video because it "violates Youtube's policy on hate speech." The original posting of the video had already been marked private by PewDiePie shortly after the controversy erupted. A quick check of Vimeo and Daily Motion came up empty, so you're on your own if you wish to find out for yourself what the controversy was all about.

Business Insider reports on a new video showing a robotic arm apparently defeating the "I am not a robot" captcha test. An anonymous reader quotes their report: The Captcha the robot fools tracks the user's mouse movements to make sure they're a "real" human. So rather than trying to trick it with software -- a tactic that can often be detected -- it goes down the hardware route. Using a capacitive stylus, the robot physically moves the mouse on the trackpad, as if it were a real human wiggling their finger around. The computer doesn't stand a chance.
So all you need is your own robotic arm -- although even then, it's apparently not that simple. The "I am not a robot" captcha grew out of Google's attempts to fight click fraud, according to a 2014 article in Wired, but it does more than watch mouse movements. It also "examines cues every user unwittingly provides: IP addresses and cookies provide evidence that the user is the same friendly human Google remembers from elsewhere on the Web," as well as some undisclosed variables, to create what Google describes as "a bag of cues."

Uber has launched a website for a service called Uber Freight. While there are little details about the company's expansion from ride-hailing, Uber Freight is meant to prepare the world for autonomous delivery trucks, according to Inverse. From the report: Uber acquired a startup called Otto, which planned to bring the first self-driving trucks to market, in August. Since then the company has used its trucks to deliver 50,000 cans of beer and hundreds of Christmas trees in San Francisco. This new service won't use those trucks, at least not at the beginning. Instead it will function much like Uber's existing platform: Some people will sign up to drive items across the country, and others will join so they can send packages without having to sign a contract with established shipping companies. The service will likely bring "surge pricing" to trucking, too. Uber Freight could also help Otto's trucks by using data gathered from drivers on the platform. This would allow the self-driving vehicles to learn from experienced people while regulators figure out how to govern autonomous trucks and the technology catches up to all of the promises made by its creators. Uber Freight's launch coincides with growing interest in trucking from many tech companies. Nikola Motor Company wants to use tech to make trucking more environmentally friendly and appealing to millennials; Tesla's working on self-driving trucks; the list could go on. Uber told Inverse it's going to wait until the new year to elaborate on how the system works. "We don't have any new information to share at the moment," a spokesperson said, "but hope to in the new year so please do stay in touch." It looks like the future of trucking -- or at least one potential future -- is going to take a little while longer to make its debut.

An anonymous reader quotes Recode: Technology that replaces food service workers is already here. Sushi restaurants have been using machines to roll rice in nori for years, an otherwise monotonous and time-consuming task. The company Suzuka has robots that help assemble thousands of pieces of sushi an hour. In Mountain View, California, the startup Zume is trying to disrupt pizza with a pie-making machine. In Shanghai, there's a robot that makes ramen, and some cruise ships now mix drinks with bartending machines.

More directly to the heart of American fast-food cuisine, Momentum Machines, a restaurant concept with a robot that can supposedly flip hundreds of burgers an hour, applied for a building permit in San Francisco and started listing job openings this January, reported Eater. Then there's Eatsa, the automat restaurant where no human interaction is necessary, which has locations popping up across California.

An anonymous reader quotes a report from Motherboard: In 2013, the FBI received permission to hack over 300 specific users of dark web email service TorMail. But now, after the warrants and their applications have finally been unsealed, experts say the agency illegally went further, and hacked perfectly legitimate users of the privacy-focused service. "That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade," Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an email. The move comes after the ACLU pushed to unseal the case dockets in September. The Department of Justice recently decided to publish redacted versions of related documents. In 2013, the FBI seized Freedom Hosting, a service that hosted dark web sites, including a large number of child pornography sites and the privacy-focused email service TorMail. The agency then went on to deploy a network investigative technique (NIT) -- a piece of malware -- designed to obtain the real IP address of those visiting Freedom Hosting sites. According to the new documents, the NIT was used against users of 23 separate websites. As for TorMail, officials have maintained that the government obtained a warrant to deploy the NIT against specific users of the service. Now, we do know that to be true: recently unsealed affidavits include a total of over 300 redacted TorMail accounts that the FBI wanted to target. All of these accounts were allegedly linked to child pornography-related crimes, according to court documents. Importantly, the affidavits say that the NIT would only be used to "investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password." But, according to sources who used TorMail and previous reporting, the NIT was deployed before the TorMail login page was even displayed, raising the question of how the FBI could have possibly targeted specific accounts.

Earlier this year, we ran a story about how even possessions as personal as one's car or tractor, or insulin pump could not be legally hacked by the owner, but those constraints are things of the past now. From a report on Wired: Last Friday, a new exemption to the decades-old law known as the Digital Millennium Copyright Act quietly kicked in, carving out protections for Americans to hack their own devices without fear that the DMCA's ban on circumventing protections on copyrighted systems would allow manufacturers to sue themt (Editor's note: the website may block users who use adblocking tools. Here's an alternate source). One exemption, crucially, will allow new forms of security research on those consumer devices. Another allows for the digital repair of vehicles. Together, the security community and DIYers are hoping those protections, which were enacted by the Library of Congress's Copyright Office in October of 2015 but delayed a full year, will spark a new era of benevolent hacking for both research and repair. "This is a tremendously important improvement for consumer protection," says Andrea Matwyshyn, a professor of law and computer science at Northeastern University. "The Copyright Office has demonstrated that it understands our changed technological reality, that in every aspect of consumers' lives, we rely on code," says Matwyshyn, who argued for the exemptions last year. For now, the exemptions are limited to a two-year trial period. And the security research exemption in particular only applies to what the Copyright Office calls "good-faith" testing, "in a controlled environment designed to avoid any harm to individuals or to the public." As Matwyshyn puts it, "We're not talking about testing your neighbor's pacemaker while it's implanted. We're talking about a controlled lab and a device owned by the researcher."

An anonymous reader writes: 19-year-old hacker qwertyoruiop, aka Luca Todesco, jailbroke the new iPhone 7 just 24 hours after he got it, in what's the first known iPhone 7 jailbreak. Todesco tweeted a screenshot of a terminal where he has "root," alongside the message: "This is a jailbroken iPhone 7." He even has video proof of the jailbreak. Motherboard reports: "He also said that he could definitely submit the vulnerabilities he found to Apple, since they fall under the newly launched bug bounty, but he hasn't decided whether to do that yet. The hacker told me that he needs to polish the exploits a bit more to make the jailbreak 'smoother,' and that he is also planning to make this jailbreak work through the Safari browser just like the famous 'jailbreakme.com,' which allowed anyone to jailbreak their iPhone 4 just by clicking on a link." Apple responded to the news by saying, "Apple strongly cautions against installing any software that hacks iOS."

Dave Knott writes: Today marks the 50th anniversary of the first television broadcast of Star Trek. The first episode of the science fiction series was aired on September 8, 1966. From its humble beginnings, Star Trek has gone on to become one of the best-loved and most successful television concepts of all time, an enduring pop culture touchstone that changed science fiction forever and spawned multiple series and movies that continue to this day. What does Star Trek mean to you? Are you a trekkie/trekker? What are your best memories of the series, and how has it affected your life?

Volkswagen isn't having the best of times. Tens of millions of vehicles sold by Volkswagen AG over the past 20 years are vulnerable to theft because keyless entry systems can be hacked using cheap technical devices, reports Wired (alternate source). Security experts of the University of Birmingham were able to clone VW remote keyless entry controls by eavesdropping nearby when drivers press their key fobs to open or lock up their cars. ArsTechnica reports: The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear. Led by Flavio Garcia at the University of Birmingham in the UK, the group of hackers reverse-engineered an undisclosed Volkswagen component to extract a cryptographic key value that is common to many of the company's vehicles. Alone, the value won't do anything, but when combined with the unique value encoded on an individual vehicle's remote key fob -- obtained with a little electronic eavesdropping, say -- you have a functional clone that will lock or unlock that car. VW has apparently acknowledged the vulnerability, and Greenberg (writer at Wired) notes that the company uses a number of different shared values, stored on different components. The second affects many more makes, "including Alfa Romeo, Citroen, Fiat, Ford, Mitsubishi, Nissan, Opel, and Peugeot," according to Greenberg. It exploits a much older cryptographic scheme used in key fobs called HiTag2. Again it requires some eavesdropping to capture a series of codes sent out by a remote key fob. Once a few codes had been gathered, they were able to crack the encryption scheme in under a minute.

An anonymous reader quotes a report from Help Net Security: Przemek Jaroszewski, the head of Poland's Computer Emergency Response Team (CERT), says anyone can bypass the security of the automated entrances of airlines' airport lounges by using a specially crafted mobile app that spoofs boarding pass QR codes. He created one for himself, and successfully tried it out on a number of European airports. Usually, to enter these lounges, travelers need to let the scanner at the entrance scan the QR code on their boarding pass, and the doors open automatically. Jaroszewski created an Android app that creates fake but acceptable QR codes. He says that aside from a valid flight number, the QR code doesn't have to include correct information (traveller's name, flight destination, etc.). According to WIRED, the U.S. Transportation Security Administration (TSA) and the International Air Transport Association (IATA) don't consider this particular issue a problem that needs fixing. They said "any such boarding pass security flaw would be the airlines' issue." Here is an unlisted video of the hack in action.

An anonymous reader writes from a report via CNET: Researchers from the University of South Carolina, Zhejiang University and Qihoo 360 have discovered how to fool Tesla's Autopilot sensors, according to a report from Wired. The researchers were able to trick the system into thinking an object didn't exist when it did, and that an object existed when in fact it did not. Therefore, possible security concerns arise as Autopilot could drive incorrectly, potentially putting passengers and others in danger. CNET reports: "Two pieces of radio equipment were used to convince Tesla's radar sensor that a cart was not placed directly in front of it. One of those pieces, a signal generator from Keysight Technologies, costs about $90,000. The group also tricked the car's short-range parking sensors into malfunctioning using about $40 worth of equipment. Wired points out that this was, thankfully, a rather difficult feat. Most of the technological tomfoolery was done on a stationary car. Some of the required equipment was expensive, and it didn't always work. But it brings up an important point -- even though Autopilot is quite capable, there's still no substitute for an attentive human driver, ready to take control at a moment's notice."

Smartphones become indispensable tools for journalists, human right workers, and activists in war-torn regions. But at the same time, as Intercept points out, they become especially potent tracking devices that can put users in mortal danger by leaking their location. To address the problem, NSA whistleblower Edward Snowden and hardware hacker Andrew "Bunnie" Huang have been developing a way for potentially imperiled smartphone users to monitor whether their devices are making any potentially compromising radio transmissions. "We have to ensure that journalists can investigate and find the truth, even in areas where governments prefer they don't," Snowden told Intercept. "It's basically to make the phone work for you, how you want it, when you want it, but only when." Snowden and Huang presented their findings in a talk at MIT Media Lab's Forbidden Research event Thursday, and published a detailed paper. From the Intercept article: Snowden and Huang have been researching if it's possible to use a smartphone in such an offline manner without leaking its location, starting with the assumption that "a phone can and will be compromised." [...] The research is necessary in part because most common way to try and silence a phone's radio -- turning on airplane mode -- can't be relied on to squelch your phone's radio traffic. Fortunately, a smartphone can be made to lie about the state of its radios. The article adds: According to their post, the goal is to "provide field-ready tools that enable a reporter to observe and investigate the status of the phone's radios directly and independently of the phone's native hardware." In other words, they want to build an entirely separate tiny computer that users can attach to a smartphone to alert them if it's being dishonest about its radio emissions. Snowden and Haung are calling this device an "introspection engine" because it will inspect the inner-workings of the phone. The device will be contained inside a battery case, looking similar to a smartphone with an extra bulky battery, except with its own screen to update the user on the status of the radios. Plans are for the device to also be able to sound an audible alarm and possibly to also come equipped with a "kill switch" that can shut off power to the phone if any radio signals are detected.Wired has a detailed report on this, too.

schwit1 writes from a report via Behind The Black: The tests the EPA uses to establish the fuel efficiency of cars are unreliable, and likely provide no valid information at all about the fuel efficiency of the cars tested. Robert Zimmerman reports from Behind The Black: "The law requiring cars to meet these fuel efficiency tests was written in the 1970s, and specifically sets standards based on the technology then. Worse, the EPA doesn't know exactly how its CAFE testing correlates with actual results, because it has never done a comprehensive study of real-world fuel economy. Nor does anyone else. The best available data comes from consumers who report it to the DOT (WARNING: Source may be paywalled) -- hardly a scientific sampling. Other than that, everything is fine. Companies are forced to spend billions on this regulation, the costs of which they immediately pass on to consumers, all based on fantasy and a badly-written law. Gee, I'm sure glad we never tried this with healthcare!"

An anonymous reader writes from a report via WIRED: Lab-grown meat appears to be coming to a supermarket near you whether you like it or not. Granted, you have some time before that becomes a reality. Scientists in Belgium and the United States are working on cultured meat substitutes that taste like real meat and cost less than real meat, but don't use as many environmental resources as meat from animals, nor does it involve the slaughtering of animals. They predict such meat substitutes will cost a lot less by the year 2020 when the efficiency of bulk production kicks in. According to a 2014 Pew poll, only 20 percent of Americans would be willing to try cultured meat, while a 2013 survey in Belgium revealed that just 13 percent of 180 subjects knew what cultured meat was. Also, vegetarians surveyed perceived man-made meat to be unhealthy and unfavorable. However, once respondents were told how the meat is grown, most said they might try it. When educated about the environmental benefits, the number of people who were willing to try it nearly doubled. A poll from The Vegan Scholar found that lab-grown meat was much more appealing to vegetarians than to vegans. Similar Reddit and SurveyMonkey polls have come to similar conclusions, but it's important to note that none of these polls were peer-reviewed. Researchers have suggested that the media greatly overestimates the importance of vegetarian and vegan opinions on lab-grown meat. Given the lack of large surveys determining the public's opinion on lab-grown meat, we thought we would pose the question to Slashdotters: Would you eat lab-grown meat?

A vulnerability found in Chrome by researchers allows people to save copies of movies and TV shows from streaming websites such as Netflix and Amazon Prime. From a Gizmodo report:The vulnerability, first reported by Wired (Editor's note: Wired blocks adblockers), takes advantage of the Widevine EME/CDM technology that Chrome uses to stream encrypted video from content providers. Researchers David Livshits from the Cyber Security Research Center at Ben-Gurion University and Alexandra Mikityuk of Telekom Innovation Laboratories discovered a way to hijack streaming video from the decryption module in the Chrome browser after content has been sent from services like Netflix or Amazon Prime. The researchers created a proof-of-concept (which is currently the only evidence of the exploit) to show how easily they could illegally download streaming video once CDM technology has decrypted it.Google was notified of the bug last month but is yet to patch it.

An anonymous reader writes: Back in March 2015, the United States Federal Communications Commission (FCC) issued a security document that included a series of provisions related to the use of wireless devices. In order to comply with these security guidelines, some manufacturers of home routers and other networking equipment decided to lock down the software powering these devices. This caused an outcry from the open source community who demanded that the FCC and manufacturers would not restrict the free use of the operating system and associated software running on their devices. Now Imagination Technologies is presenting a proof of concept demonstration that addresses the next-generation security requirements mandated by the FCC and other similar agencies. The demo makes use of a feature of MIPS Warrior CPUs called multi-domain, secure hardware virtualization. This technology allows developers to create system-wide, hardware-enforced trusted environments that are much secure compared to current solutions. The platform used for the demonstration runs three virtual machines (VMs) on a MIPS P-class CPU integrated in a router-type evaluation kit; this approach securely separates the OpenWrt operating system from the Wi-Fi driver, allowing them to co-exist in isolation and thus comply with the FCC guidelines.Ars Technica has more details.

Joseph Cox, reporting for Motherboard: After details emerged of Stuxnet, arguably the world's first digital weapon, there were concerns that other hackers would copy its techniques. Now, researchers have disclosed a piece of industrial control systems (ICS) malware inspired heavily by Stuxnet. Although the copycat malware -- dubbed IRONGATE by cybersecurity company FireEye -- only works in a simulated environment it, like Stuxnet, replaces certain types of files, and was seemingly written to target a specific control system configuration. [...] IRONGATE works within a simulated Siemens environment called PLCSIM, used for testing programs before they are pushed out into the field. Like Stuxnet, IRONGATE replaces a Dynamic Link Library (DLL), a small collection of code that can be used by different programs at the same time, with a malicious one of its own. IRONGATE's DLL records five seconds of traffic from the Siemens' system to the user interface, and replays it over again, potentially tricking whoever is monitoring the system into thinking everything is fine, while the malware might manipulate something else in the background.Dark Reading's coverage on this is also worth a read.

An anonymous reader writes: On Thursday, Microsoft and Facebook announced a partnership to build a transatlantic subsea data cable. Called 'MAREA' (Editor's note: it is Spanish for "tide"), it will connect the United States to Europe. More specifically, it will connect the State of Virginia to the country of Spain. The project will begin this August, with a targeted completion date of October 2017.Microsoft says: "MAREA will be the highest-capacity subsea cable to ever cross the Atlantic -- featuring eight fiber pairs and an initial estimated design capacity of 160Tbps. The new 6,600 km submarine cable system, to be operated and managed by Telxius, will also be the first to connect the United States to southern Europe: from Virginia Beach, Virginia to Bilbao, Spain and then beyond to network hubs in Europe, Africa, the Middle East and Asia. This route is south of existing transatlantic cable systems that primarily land in the New York/New Jersey region. Being physically separate from these other cables helps ensure more resilient and reliable connections for our customers in the United States, Europe, and beyond."

The fact that these two giants felt the need to have their own cables indicates how much data they intend to move. Wired has an in-depth piece on it (though the publication blocks users with adblockers).

An anonymous reader quotes a report from Wired: [Computer scientists have created a way of letting law enforcement tap any camera that isn't password protected so they can determine where to send help or how to respond to a crime.] The system, which is just a proof of concept, alarms privacy advocates who worry that prudent surveillance could easily lead to government overreach, or worse, unauthorized use. It relies upon two tools developed independently at Purdue. The Visual Analytics Law Enforcement Toolkit superimposes the rate and location of crimes and the location of police surveillance cameras. CAM2 reveals the location and orientation of public network cameras, like the one outside your apartment. You could do the same thing with a search engine like Shodan, but CAM2 makes the job far easier, which is the scary part. Aggregating all these individual feeds makes it potentially much more invasive. [Purdue limits access to registered users, and the terms of service for CAM2 state "you agree not to use the platform to determine the identity of any specific individuals contained in any video or video stream." A reasonable step to ensure privacy, but difficult to enforce (though the team promises the system will have strict security if it ever goes online). Beyond the specter of universal government surveillance lies the risk of someone hacking the system.] EFF discovered that anyone could access more than 100 "secure" automated license plate readers last year.