Slashdot Mirror

Apple has decided to adopt a flexible display for at least one model of the new iPhone, reports WSJ. From the report: People with direct knowledge of Apple's production plans said the Cupertino, Calif., company has decided to go ahead with the technology, and it will release a phone model using the OLED screens this year (Editor's note: the link could be paywalled; alternate source). The technology allows manufacturers to bend screens in ways they couldn't previously -- such as by introducing a curve at the edge of the phone as in some Samsung models. However, once the phone is manufactured, the OLED screen can't be bent or folded by the user, at least with current technology. Using OLED displays would allow Apple to introduce a phone with a new look to fuel sales. They said Apple would introduce other updates including a USB-C port for the power cord and other peripheral devices instead of the company's original Lightning connector. The models would also do away with a physical home button, they said. Those updates would give the iPhone features already available on other smartphones.

Matthew Miller, writing for ZDNet: Google has announced that Google Assistant is coming to smartphones running Android 7.0 Nougat and Android 6.0 Marshmallow, starting this week. The Google Assistant will begin rolling out this week to English users in the US, followed by English in Australia, Canada and the United Kingdom, as well as German speakers in Germany. Google continue to add more languages in the future.

Google's researchers specifically cited Git when they announced a new SHA-1 attack vector, according to ZDNet. "The researchers highlight that Linus Torvald's code version-control system Git 'strongly relies on SHA-1' for checking the integrity of file objects and commits. It is essentially possible to create two Git repositories with the same head commit hash and different contents, say, a benign source code and a backdoored one,' they note." Saturday morning, Linus responded: First off - the sky isn't falling. There's a big difference between using a cryptographic hash for things like security signing, and using one for generating a "content identifier" for a content-addressable system like git. Secondly, the nature of this particular SHA1 attack means that it's actually pretty easy to mitigate against, and there's already been two sets of patches posted for that mitigation. And finally, there's actually a reasonably straightforward transition to some other hash that won't break the world - or even old git repositories...

The reason for using a cryptographic hash in a project like git is because it pretty much guarantees that there is no accidental clashes, and it's also a really really good error detection thing. Think of it like "parity on steroids": it's not able to correct for errors, but it's really really good at detecting corrupt data... if you use git for source control like in the kernel, the stuff you really care about is source code, which is very much a transparent medium. If somebody inserts random odd generated crud in the middle of your source code, you will absolutely notice... It's not silently switching your data under from you... And finally, the "yes, git will eventually transition away from SHA1". There's a plan, it doesn't look all that nasty, and you don't even have to convert your repository. There's a lot of details to this, and it will take time, but because of the issues above, it's not like this is a critical "it has to happen now thing".
In addition, ZDNet reports, "Torvalds said on a mailing list yesterday that he's not concerned since 'Git doesn't actually just hash the data, it does prepend a type/length field to it', making it harder to attack than a PDF... Do we want to migrate to another hash? Yes. Is it game over for SHA-1 like people want to say? Probably not."

An anonymous reader writes: "Chats that seem to be more ephemeral than email are still being recorded on a server somewhere," reports Fast Company, noting that Slack's Data Request Policy says the company will turn over data from customers when "it is compelled by law to do so or is subject to a valid and binding order of a governmental or regulatory body...or in cases of emergency to avoid death or physical harm to individuals." Slack will notify customers before disclosure "unless Slack is prohibited from doing so," or if the data is associated with "illegal conduct or risk of harm to people or property."

The article also warns that like HipChat and Campfire, Slack "is encrypted only at rest and in transit," though a Slack spokesperson says they "may evaluate" end-to-end encryption at some point in the future. Slack has no plans to offer local hosting of Slack data, but if employers pay for a Plus Plan, they're able to access private conversations.
Though Slack has 4 million users, the article points out that there's other alternatives like Semaphor and open source choices like Wickr and Mattermost. I'd be curious to hear what Slashdot readers are using at their own workplaces -- and how they feel about the privacy and security of Slack?

An anonymous reader quotes a report from ZDNet: A security lapse at a New York international airport left its server backups exposed on the open internet for almost a year, ZDNet has found. The internet-connected storage drive contained several backup images of servers used by Stewart International Airport, but neither the backup drive nor the disk images were password protected, allowing anyone to access their contents. Since April last year, the airport had been inadvertently leaking its own highly-sensitive files as a result of the drive's misconfiguration. Vickery, who also posted an analysis of his findings, said the drive "was, in essence, acting as a public web server" because the airport was backing up unprotected copies of its systems to a Buffalo-branded drive, installed by a contract third-party IT specialist. When contacted Thursday, the contractor dismissed the claims and would not comment further. Though the listing still appears on Shodan, the search engine for unprotected devices and databases, the drive has since been secured. The files contained eleven disk images, accounting for hundreds of gigabytes of files and folders, which when mounted included dozens of airport staff email accounts, sensitive human resources files, interoffice memos, payroll data, and what appears to be a large financial tracking database. Many of the files we reviewed include "confidential" internal airport documents, which contain schematics and details of other core infrastructure.

ZDNet editor-in-chief Steve Ranger writes that desktop dominance is less important with today's cloud-based apps running independent of operating system, arguing that the desktop is now "just one computing platform among many." An anonymous reader quotes his report: Linux on the desktop has about a 2% market share today and is viewed by many as complicated and obscure. Meanwhile, Windows sails on serenely, currently running on 90% of PCs in use... That's probably OK because Linux won the smartphone war and is doing pretty well on the cloud and Internet of Things battlefields too.

There's a four-in-five chance that there's a Linux-powered smartphone in your pocket (Android is based on the Linux kernel) and plenty of IoT devices are Linux-powered too, even if you don't necessarily notice it. Devices like the Raspberry Pi, running a vast array of different flavours of Linux, are creating an enthusiastic community of makers and giving startups a low-cost way to power new types of devices. Much of the public cloud is running on Linux in one form or another, too; even Microsoft has warmed up to open-source software.

In the wake of security breach revelations, many of you might have considered deleting your Yahoo account. Many of you might be thinking about doing so soon. Heads up, it turns out, deleting a Yahoo email account isn't as straightforward as you may have imagined, and you again have Yahoo to blame for that. From a report on ZDNet: Several Yahoo users, who last year decided to leave the service, told us that their accounts remained open for weeks or months after the company said they would be closed. David Clarke was one of those departing users, whose dormant account was slowly accumulating junk over the past few years. "This was an ancient email I had set up, had no personal data in it anymore and had a unique password," writing about his troubles on Medium. "But it's a part of my digital footprint that I no longer required and decided, given the horrible security practices going on at Yahoo, to vote with my account and have it removed." Yahoo makes the account deletion process straightforward enough, but users have to wait "in most cases... approximately 90 days" for the account to close. The company says this is to "discourage users from engaging in fraudulent activity." On day 91, Clarke logged back into his account to find that it was still active. Unbeknownst to him, logging back in simply to check would reset the clock back to zero. "Yahoo confirmed via email yesterday if you access your account it resets the timer," he told me. "So, if you login to ensure your account has been deleted and it hasn't, you have to wait at least another 90 days."

Take that, Verizon! Sprint's unlimited data plan now has HD video too. From a report: On February 16, Sprint upped its unlimited plan, launching the "best unlimited HD plan ever", according to its press release. The new plan matches Verizon Wireless' new unlimited plan by offering unlimited calls, text, data, HD video streaming, and 10 GB of mobile hotspot for $22.50 per line, for four lines. That equates to $90 per month for four lines, or half of what Verizon Wireless is charging. Sprint's plan requires the account owner to enable AutoPay, ensuring the bill is paid on time each month. For those who don't need four lines, the first line will set you back $50 per month, two lines of service will bump it $90 per month.

ZDNet summarizes some of the surprises in this year's poll on LinuxQuestions, "one of the largest Linux groups with 550,000 member". An anonymous reader quotes their report: The winner for the most popular desktop distribution? Slackware...! Yes, one of the oldest of Linux distributions won with just over 16% of the vote. If that sounds a little odd, it is. On DistroWatch, a site that covers Linux distributions like paint, the top Linux desktop distros are Mint, Debian, Ubuntu, openSUSE, and Manjaro. Slackware comes in 28th place... With more than double the votes for any category, it appears there was vote-stuffing by Slackware fans... The mobile operating system race was a runaway for Android, with over 68% of the vote. Second place went to CyanogenMod, an Android clone, which recently went out of business...

Linux users love to debate about desktop environments. KDE Plasma Desktop took first by a hair's breadth over the popular lightweight Xfce desktop. Other well-regarded desktop environments, such as Cinnamon and MATE, got surprisingly few votes. The once popular GNOME still hasn't recovered from the blowback from its disliked design change from GNOME 2 to GNOME 3.

Firefox may struggle as a web browser in the larger world, but on Linux it's still popular. Firefox took first place with 51.7 percent of the vote. Chrome came in a distant second place, with the rest of the vote being divided between a multitude of obscure browsers.
LibreOffice won a whopping 89.6% of the vote for "best office suite" -- and Vim beat Emacs.

An anonymous reader writes:An attacker compromised over 5,000 IoT devices on a campus network -- including vending machines and light sensors -- and then used them to attack that same network. "In this instance, all of the DNS requests were attempting to look up seafood restaurants," reports ZDNet, though the attack was eventually blocked by cybersecurity professionals. Verizon's managing principal of investigative response blames the problem on devices configured using default credentials -- and says it's only gong to get worse. "There's going to be so many of these things used by people with very limited understanding of what they are... There's going to be endless amounts of technology out there that people are going to easily be able to get access to."
The article suggests "ensuring that IoT devices are on a completely different network to the rest of the IT estate." But it ends by warning that "until IoT manufacturers bother to properly secure their devices -- and the organizations which deploy them learn to properly manage them -- DDoS attacks by IoT botnets are going to remain a huge threat."

The first alleged screenshots of Microsoft's Windows 10 Cloud operating system have leaked, courtesy of Windows Blog Italia. "The screenshots seem to show a coming version of the operating system that is locked down in a way similar to the way Microsoft locked down Windows RT and, before that the Windows 8.1 with Bing version of Windows," reports ZDNet. From the report: According to Windows Blog Italia, which said they've had a chance to test the current version of Windows 10 Cloud, the product can run Windows Store apps only. The site noted that Windows Store apps built using Microsoft's "Centennial" Desktop bridge, which enables developers to move their Win32 apps to the Windows Store, work on the version of Windows 10 Cloud to which they have access. UWP apps and Windows Store apps have not been synonymous terms. But the important point here is Windows Cloud will be locked down so as to prevent users from installing apps that are not in the Windows 10 Store, which can be seen as a plus from a security and manageability standpoint, but a minus given the less-than-robust collection of UWP/Store apps available for Windows 10. Microsoft is believed to be planning to position Windows 10 Cloud, at least in part, as an alternative to Chrome OS and Chromebooks.

Microsoft officials have some fairly specific ideas about what they want their Windows-device-making partners to build in calendar 2017. From a report: Microsoft wants its OEMs and ODMs to make more Windows 10 detachables, convertibles, and ultraslims. They also are advising their partners to make devices and peripherals that highlight the "hero experiences" of Windows 10 involving Cortana, Windows Hello authentication, and Windows Ink. And another wish-list topper: Microsoft is looking for more Windows 10 PCs that can power mixed-reality peripherals and that are ready for gamers and "media fanatics."

Google paid researchers over $3m last year for their contributions to its vulnerability rewards programs. From a ZDNet report: Payouts in 2016 take Google's total payments under its bug bounty schemes to $9m since it started rewarding researchers in 2010. In 2015 it paid researchers $2m, which brought its total then to $6m. It's not uncommon for tech companies to run bug bounties these days, but while many rely on third-party platforms, Google has been responsible for verifying bugs for over six years now. Occasionally, Google expands its program to cover new products, such as Android, and new devices such as OnHub and Nest. Facebook, Microsoft, and most recently Apple are also running their own bug bounties.

Last week, several users spotted a mention of "Windows Cloud" in Windows 10 inside builds, speculating if it is a new version of Windows 10 which will stream from Azure. That's not the case, according to long-time Microsoft journalist Mary Jo Foley. From a report: Windows 10 Cloud is a simplifed version of Windows 10 that will be able to run only Unified Windows Platform (UWP) apps installed from the Windows Store, my contacts say. Think of it as being similar to the version of Windows 10 formerly known as Windows RT or the Windows 8.1 with Bing SKU. Windows 10 Cloud is meant to help Microsoft in its ongoing campaign to attempt to thwart Chromebooks with a simpler, safer, cheaper version of Windows 10, my contacts say, though Microsoft is unlikely to position it that way (publicly). Windows 10 Cloud seemingly has little or nothing to do with the cloud.

Friday Avaya's Corporate Treasurer explained why they're filing for a chapter 11 "restructuring." After examining their debt, "we decided it was a critical next step in our transformation from a hardware company to a software and services company and the best path forward for our customers, partners and employees." skidv writes: ZDNet breaks down the deal... "Avaya noted that its foreign affiliates aren't included in the filing and will operate as normal. Avaya said the $725 million in debtor-in-possession financing, via Citibank, is enough to minimize disruption and continue business operations." Not surprising, Avaya has canceled the planned IPO.
PC World reports that Avaya "emerged from Lucent Technologies in 2000 with a focus on phone switches, enterprise networking gear, and call-center systems. But with the shift toward mobile phones and cloud-based tools for communication, and a tight market for enterprise network equipment, the company has been changing its focus... Like much of the networking and collaboration industry, Avaya is looking toward software-defined networking, IoT, and cloud-based platforms that work on many different devices and the web."

Google is planning to bring artificial intelligence and machine learning tools to the diminutive Raspberry Pi this year. The Raspberry Pi Foundation said in a statement, "Google is going to arrive in style in 2017. The tech titan has exciting plans for the maker community." ZDNet reports: The advertising-to-cloud-computing giant intends to make a range of smart tools available this year, according to the Foundation. "Google's range of AI and machine learning technology could enable makers to build even more powerful projects," it said. Google has developed a huge range of tools for machine learning, IoT, wearables, robotics, and home automation, and it wants Raspberry Pi fans to fill out a survey that will help it to understand what tools to provide. The survey mentions face- and emotion-recognition and speech-to-text translation, as well as natural language processing and sentiment analysis. "The tech giant also provides powerful technology for navigation, bots, and predictive analytics. The survey will help them get a feel for the Raspberry Pi community, but it'll also help us get the kinds of services we need," said the Foundation.

Last year, Google previewed a new feature that would allow a user to try out an app without having to download and install it first. China's WeChat recently made the service live on its platform, but Google too hasn't forgotten about it. From a report: Google said it has started live testing of its Instant App initiative in a move that could make it easier for developers and companies to manage their mobile footprints. Developers will have to make their apps more modular to work with Instant Apps, but if you're an enterprise you have to watch this project closely. Here's why: With modular apps that are tied to the Web support, maintenance and updating could become easier. Instant Apps, which blend the app and mobile Web, could curb the need to support Android apps as heavily. Integration with the Web could provide a native experience yet lead to more up sell, subscription and data activity for companies.

Google Voice hasn't seen a lot of love or attention since it launched with some fanfare in 2009, but surprisingly Google wants people to know that it still cares about the communication app. In a new sprawling release -- the first of its kind in years -- Google has revamped all versions of its Voice app and site with a clean, modern look, new features, and, perhaps the best news of all, the promise of regular updates. From a report: Google is finally adding two features Google Voice users have long missed out on: MMS support for photo messaging and group chats. Previously workarounds were required to send and receive picture messages, and group chats were flat out not possible.

An anonymous reader writes: According to the Mercury News, Oracle is laying off approximately 450 employees in its Santa Clara hardware systems division. Reports at The Layoff, a discussion board for technology business firings, claim about 1,800 employees company-wide are being pink-slipped. Oracle claims the company isn't closing the Santa Clara facility with this reduction in force. Instead, "Oracle is refocusing its Hardware Systems business, and for that reason, has decided to lay off certain of its employees in the Hardware Systems Division."

Earlier this month, Microsoft announced several privacy changes in Windows 10, but it didn't give users an option to completely opt-out of data-collection feature. The announcement came at a time to coincide with a statement by the Swiss data protection and privacy regulator, the FDPIC, which last week said it would drop its threats of a lawsuit after the company "agreed to implement" a string of recommendations it made last year. The news closed the books on an investigation that began in 2015, shortly after Windows 10 was released. Though the Swiss appear satisfied, other critics are waiting for more. The French data protection watchdog, the CNIL, was equally unimpressed by Microsoft's actions, and it served the company with a notice in July to demand that it clean up its privacy settings. In an email, the CNIL said that the changes "seem to comply" with its complaint, but it's "now analyzing more in [sic] details Microsoft answers in order to know whether all the failures underlined in the formal notice do now comply with the law." ZDNet adds: Microsoft still hasn't said exactly what gets collected as part of the basic level of collection, except that the data is used to improve its software and services down the line; a reasonable ask -- but one that nonetheless lacks specifics. Microsoft said it wants users to "trust" it. And while the likelihood that the company is doing anything nefarious with users' information is frankly unlikely, the running risk is that the data could somehow be turned over to a government agency or even stolen by hackers is inescapable. That risk alone is enough for many to want to keep what's on their computer in their homes. While changing the privacy controls is a move in the right direction, it's still short of what many have called for. By ignoring the biggest privacy complaint from its consumer users -- the ability to switch off data collection altogether -- Microsoft has favored the "just enough" approach to appease the regulators. Without a way to truly opt-out, Microsoft's repeated pledge (eight times in the blog post, no less) to give its users "control" of their data comes off as a hollow soundbite.

An anonymous reader quotes a report from ZDNet: Nevada's state government website has leaked the personal data on over 11,700 applicants for dispensing medical marijuana in the state. Each application, eight pages in length, includes the person's full name, home address, citizenship, and even their weight and height, race, and eye and hair color. The applications also include the applicant's citizenship, their driving license number (where applicable), and social security number. Security researcher Justin Shafer found the bug in the state's website portal, allowing anyone with the right web address to access and enumerate the thousands of applications. Though the medical marijuana portal can be found with a crafted Google search query, we're not publishing the web address out of caution until the bug is fixed. A spokesperson for the Nevada Dept. Health and Human Services, which runs the medical marijuana application program, told ZDNet that the website has been pulled offline to limit the vulnerability. The spokesperson added that the leaked data was a "portion" of one of several databases.

South Korea's antitrust regulator has fined Qualcomm $854 million for what it called unfair business practices in patent licensing and modem chip sales, a decision the U.S. chipmaker said it will challenge in court. From a report on ZDNet: Qualcomm's business model includes collecting royalty payments from clients, which are calculated on the price of the handset using the chip, rather than the price of the chipset itself, and royalties from its patents. The KFTC has said it will issue a corrective order specifying the precise business practices with which it took issue, although Qualcomm has pointed out that this usually takes between four and six months. "Qualcomm strongly believes that the KFTC findings are inconsistent with the facts, disregard the economic realities of the marketplace, and misapply fundamental tenets of competition law," Don Rosenberg, executive vice president and general counsel for Qualcomm, said in response to the fine.

An anonymous reader quotes a report from ZDNet: Earlier this year, we were sent a series of large, encrypted files purportedly belonging to a U.S. police department as a result of a leak at a law firm, which was insecurely synchronizing its backup systems across the internet without a password. Among the files was a series of phone dumps created by the police department with specialist equipment, which was created by Cellebrite, an Israeli firm that provides phone-cracking technology. We obtained a number of these so-called extraction reports. One of the more interesting reports by far was from an iPhone 5 running iOS 8. The phone's owner didn't use a passcode, meaning the phone was entirely unencrypted. The phone was plugged into a Cellebrite UFED device, which in this case was a dedicated computer in the police department. The police officer carried out a logical extraction, which downloads what's in the phone's memory at the time. (Motherboard has more on how Cellebrite's extraction process works.) In some cases, it also contained data the user had recently deleted. To our knowledge, there are a few sample reports out there floating on the web, but it's rare to see a real-world example of how much data can be siphoned off from a fairly modern device. We're publishing some snippets from the report, with sensitive or identifiable information redacted.

An anonymous reader quotes a report from ZDNet: Earlier this year, we were sent a series of large, encrypted files purportedly belonging to a U.S. police department as a result of a leak at a law firm, which was insecurely synchronizing its backup systems across the internet without a password. Among the files was a series of phone dumps created by the police department with specialist equipment, which was created by Cellebrite, an Israeli firm that provides phone-cracking technology. We obtained a number of these so-called extraction reports. One of the more interesting reports by far was from an iPhone 5 running iOS 8. The phone's owner didn't use a passcode, meaning the phone was entirely unencrypted. The phone was plugged into a Cellebrite UFED device, which in this case was a dedicated computer in the police department. The police officer carried out a logical extraction, which downloads what's in the phone's memory at the time. (Motherboard has more on how Cellebrite's extraction process works.) In some cases, it also contained data the user had recently deleted. To our knowledge, there are a few sample reports out there floating on the web, but it's rare to see a real-world example of how much data can be siphoned off from a fairly modern device. We're publishing some snippets from the report, with sensitive or identifiable information redacted.

An anonymous reader quotes a report from ZDNet: People buying new computers and devices in South Carolina would be blocked from accessing porn under a newly proposed law. A bill, pre-filed earlier this month by state lawmaker Bill Chumley, is called the Human Trafficking Prevention Act, and would require computer makers and sellers to install filters that would prevent users from accessing porn and other sexual material. The aim is to prevent access to sites that facilitate prostitution and trafficking, Chumley told a local newspaper this weekend, which the state has struggled to curtail in recent years. "If we could have manufacturers install filters that would be shipped to South Carolina, then anything that children have access on for pornography would be blocked," Chumley reportedly said. "We felt like that would be another way to fight human trafficking."

Some of the world's leading photojournalists and filmmakers are calling on the manufacturers of the cameras they use to add encryption to their products, as the number of threats they face from having their devices seized is "literally too high to count." From a ZDNet report: Over 150 documentary makers and reporters signed an open letter by the Freedom of the Press Foundation, asking for camera makers -- including Nikon, Sony, and Canon -- to ensure that their work is protected while often "attempting to uncover wrongdoing in the interests of justice." "Documentary filmmakers and photojournalists work in some of the most dangerous parts of the world, often risking their lives to get footage of newsworthy events to the public," said Trevor Timm, the foundation's executive director. But, he said, "they face a variety of threats from border security guards, local police, intelligence agents, terrorists, and criminals when attempting to safely return their footage so that it can be edited and published." The filmmakers say that camera security has lagged behind the rest of the industry, leaving their work "dangerously vulnerable."

Microsoft plans to add Cortana support to Windows 10 IoT Core devices with screens as part of its Windows 10 Creators Update release. ZDNet adds: That's according to information Microsoft officials provided to the company's OEM partners at WinHEC 2016 in Shenzhen last week, in a session titled "Cortana and the Speech Platform." Microsoft Principal Program Manager May Ji outlined the ways that Microsoft wants its PC and device partners to make use of new "Wake on Voice from Modern Standby" and "Far-field Voice" support that's being added to Windows 10 with the Creators Update that's due out in the Spring of 2017. Wake on Voice from Modern Standby is a feature that allows Cortana to turn on PCs from off to a full-powered state on devices with Windows 10 "Modern Standby" power-management support. Far-field voice is what will allow Cortana to work in rooms with ambient noise at a distance of up to 13 feet/4 meters away.

An anonymous reader quotes a report from ZDNet: A security research firm has released details of a "critical" flaw in a security tool, despite being threatened with legal threats. The advisory said that an attacker could "manipulate accounting documents and financial results, bypass change management controls, and bypass segregation of duties restrictions," which could result in "fraud, theft or manipulation of sensitive data," as well as the "unauthorized payment transactions and transfer of money." An attacker could also add a backdoor to the affected server, the advisory said. The researchers contacted and met with PwC in August to discuss the scope of the flaw. As part of its responsible disclosure policy, the researchers gave PwC three months to fix the flaw before a public advisory would be published. Three days later, the corporate giant responded with legal threats. A portion of the cease-and-desist letter, seen by ZDNet, said that PwC demanded the researchers "not release a security advisory or similar information" relating to the buggy software. The legal threat also said that the researchers are not to "make any public statements or statements to users" of the software. The researchers told PwC that they would publicly disclose their findings once the three-month window expires, which is in line with industry standard disclosure practices. That was when PwC hit the security firm with a second cease-and-desist letter. Undeterred, the researchers released a security advisory a little over two weeks later.

Microsoft has added the ability to use Skype Translator on calls to mobiles and landlines to its latest Skype Preview app. From a report on ZDNet: Up until now, Skype Translator was available to individuals making Skype-to-Skype calls. The new announcement of the expansion of Skype Translator to mobiles and landlines makes Skype Translator more widely available. To test drive this, users need to be members of the Windows Insider Program. They need to install the latest version of Skype Preview on their Windows 10 PCs and to have Skype Credits or a subscription. Skype Translator, available in nine languages, uses artificial intelligence (AI) techniques such as deep-learning to train artificial neural networks and convert spoken chats in almost real time. The company says the app improves as it listens to more conversations.

AI will soon help programmers improve development, says Diego Lo Giudice, VP and principal analyst at Forrester, in an article published on ZDNet today. He isn't saying that programmers will be out of jobs soon and AIs will take over. But he is making a compelling argument for how AI has already begun disrupting how developers build applications. An excerpt from the article: We can see early signs of this: Microsoft's Intellisense is integrated into Visual Studio and other IDEs to improve the developer experience. HPE is working on some interesting tech previews that leverage AI and machine learning to enable systems to predict key actions for participants in the application development and testing life cycle, such as managing/refining test coverage, the propensity of a code change to disrupt/break a build, or the optimal order of user story engagement. But AI will do much more for us in the future. How fast this happens depends on the investments and focus on solving some of the harder problems, such as "unsupervised deep learning," that firms like Google, FaceBook, Baidu and others are working on, with NLP linguists that are too researching on how to improve language comprehension by computers leveraging ML and neural networks. But in the short term, AI will most likely help you be more productive and creative as a developer, tester, or dev team rather than making you redundant.

Yahoo says it has fixed a severe security vulnerability in its email service that allowed an attacker to read a victim's email inbox. From a report on ZDNet: The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail. The internet giant paid out $10,000 to security researcher Jouko Pynnonen for privately disclosing the flaw through the HackerOne bug bounty, In a write-up, Pynnonen said that the flaw was similar to last year's Yahoo Mail bug, which similarly let an attacker compromise a user's account. Yahoo filters HTML messages to ensure that malicious code won't make it through into the user's browser, but the researcher found that the filters didn't catch all of the malicious data attributes.

Millions of accounts associated with video sharing site Dailymotion, one of the biggest video platforms in the world, have been stolen. From a ZDNet report: A hacker extracted 85.2 million unique email addresses and usernames from the company's systems, but about one-in-five accounts -- roughly 18.3 million-- had associated passwords, which were scrambled with the bcrypt hashing function, making the passwords difficult to crack. The hack is believed to have been carried out on October 20 by a hacker, whose identity isn't known, according to LeakedSource, a breach notification service, which obtained the data. Dailymotion launched in 2005, and is currently the 113rd most visited website in the world, according to Alexa rankings.

U.S. regulators are calling out AT&T and Verizon for exempting their own video apps from data caps on customers' smartphones. The FCC has sent letters to the country's biggest wireless carriers saying the way they handle the practice, known as "zero rating," can hurt competition and consumers. From a report on ZDNet: AT&T launched DirecTV Now earlier this week. AT&T Mobility customers can stream video data over LTE without impacting their data allowance. Verizon offers something similar with its go90 service. AT&T and Verizon don't see any wrongdoing. In a statement Friday, AT&T said exempting services like DirecTV Now from data caps saves customers money. Verizon said its practices are good for consumers and comply with regulations. "We will provide the FCC with additional information on why the government should not take away a service that saves consumers money," AT&T wrote in a statement Friday. The FCC hasn't released any official ruling on "zero rating," just guidance. It said on Thursday a similar letter was sent to AT&T in November, but the FCC didn't like AT&T's original response.

Google has partnered with TIME to release an improved version of Google Earth Timelapse that provides animated satellite imagery covering the past 32 years, from 1984 to 2016. In 2013, Google and TIME launched Timelapse with a time-lapse from 1984 to 2012. However, this time around the project uses the higher-resolution maps introduced back in June to provide a look that's more detailed and more seamless than in the past. ZDNet reports: The 10-second snapshots of Earth from space over 32 years captures urban sprawl, deforestation and reforestation, receding glaciers, and major engineering feats, such as the Oresund Bridge connecting Denmark to Sweden, or the spread of the Alberta Tar Sands in Canada. Google Earth engine program manager, Chris Herwig says it created the new "annual mosaics" by stitching together 33 images of the Earth, each representing one year. Each image contains 3.95 trillion pixels, cherry-picked from an original set of three quadrillion pixels. "Using Google Earth Engine, we sifted through about three quadrillion pixels, that's three followed by 15 zeroes, from more than 5,000,000 satellite images," Herwig said. "We took the best of all those pixels to create 33 images of the entire planet, one for each year. We then encoded these new 3.95-terapixel global images into just over 25,000,000 overlapping multi-resolution video tiles, made interactively explorable by Carnegie Mellon CREATE Lab's Time Machine library, a technology for creating and viewing zoomable and pannable time-lapses over space and time." The satellite images come from the NASA Goddard Space Flight Center and US Geological Survey. Since 2015, they also contain some data from the European Space Agency's Copernicus Program and its Sentinel-2A satellite.

Cyber Monday is likely to have been the biggest online shopping day in history, according to an analysis of visits to US retail websites. Online spending in the US yesterday hit a new record with $3.39bn spent online, a 10.2 percent increase year-over-year -- ahead even of Black Friday, when $3.34bn was spent. ZDNet adds:Cyber Monday is expected to generate slightly less mobile revenue than Black Friday at $1.19bn, but that's still a 48 percent increase on last year, according to the analysis by Adobe. Consumers have spent a total of $39.9bn online so far this month, it said, up 7.4 percent on last November, with 27 out of 28 days seeing online sales of over $1bn. The five best-selling toys in terms of quantity sold on Cyber Monday were Lego, Shopkins, Nerf, Barbie, and Little Live Pets. The five best-selling electronic products were Sony PlayStation 4, Microsoft Xbox, Samsung 4K TVs, Apple iPads, and Amazon Fire tablets, the company said.

Quantum-dot televisions promise "better picture quality and are also cheaper to manufacture than organic light-emitting diode sets," ZDNet reports. And now Samsung has confirmed their acquisition of Massachusetts-based QD Vision for $70 million, according to this article shared by Dthief: QD Vision, previously known as Color IQ, is a specialist in quantum dot display technology. Developed for displays including PC monitors and television sets, quantum-dot technology uses semiconductor nanoparticles to change the properties of quantum dots, improving color definition and sharpness... QD Vision will become part of Samsung's research and development unit in the hope of creating quantum-dot LED displays suitable for the consumer market which could, in turn, become a strong competitor against OLED displays... The agreement follows Samsung's pledge earlier this year to launch a total of 14 SUHD television models this year, all of which use quantum dot technology.

Cybercriminals have hacked ATMs in more than a dozen countries in Europe this year using software that forces the machines to spit out cash, according to Russian cybersecurity firm Group IB. ZDNet adds: This type of attack, known as "jackpotting", is part of hackers' shifting focus from stealing card numbers and online banking details towards a more lucrative method that gives them access to both ATMs and electronic payments. The firm said attacks had successfully compromised banks in Armenia, Belarus, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, Poland, Romania, Russia, Spain, and the United Kingdom, as well as in Malaysia. However, the firm declined to disclose the banks' names. ATM makers Diebold Nixdorf and NCR Corp said that they are aware of the attacks, and have been working with customers to mitigate the threat. Dmitry Volkov, head of intelligence at Group IB said that he expects more heists on ATMs in the future.

Mary Jo Foley, reporting for ZDNet:Since January 2016 (and maybe before), there's been talk that Microsoft was working on bringing x86 emulation to ARM processors. Sources of mine are now saying that this capability is coming to Windows 10, though not until "Redstone 3" in the Fall of 2017. Here's why this matters: Microsoft officials continue to claim that Continuum -- the capability that will allow Windows 10 Mobile devices to connect to external displays and keyboards -- is going to be a key for the company, its partners and its customers. There's been one very big limitation to Continuum so far, however: It only allows users to run Universal Windows Platform (UWP), and not full-fledged x86 apps. What if an ARM64-based device could run x86 apps via emulation, the same way that the WOW (Windows on Windows) emulator allowed 32-bit apps to run on 64-bit Windows? That would make Windows 10 Mobile, which as of now, continues to support ARM only, and Continuum a lot more interesting, especially to business users who need certain Win32/line-of-business apps.

Microsoft has partnered with networking equipment manufacturer D-Link to deliver speedier Wi-Fi to rural communities around the world. From a report on ZDNet:Dubbed "Super Wi-Fi", the wireless infrastructure is set to be based on the 802.11af protocol, and will take advantage of unused bandwidth in the lower-frequency white spaces between television channel frequencies where signals travel further than at higher frequencies. A pilot of the first phase is commencing in an unnamed American state, with trials also slated to run in three other countries. "D-Link sees ourselves at the very heart of this kind of technical innovation and development. We also acknowledge that we have a role to play in helping all countries and future generations better connect," said Sydney-based D-Link managing director for ANZ Graeme Reardon. "Our goal is to use all of our 30 years' experience and expertise and our global footprint to help deliver Super Wi-Fi as a technological platform for growth to the world's underdeveloped regions."

mcpublic writes: Tuesday marked the 45th anniversary of the 4004, Intel's first microprocessor chip, announced to the world in the November 15, 1971 issue of Electronic News . It seems that everyone (except Intel) loves to argue whether it was truly the "first microprocessor"... But what's indisputable is that the 4004 was the computer chip that started Intel's pivot from a tiny semiconductor memory company to the personal computing giant we know today. Federico Faggin, an Italian immigrant who invented the self-aligned, silicon gate MOS transistor and buried contacts technology, joined Intel in 1970. He needed both his inventions to squeeze the 4004's roughly 2,300 transistors into a single 3x4mm silicon die. He later went on to design the Intel 8080 and the Zilog Z80 with Masatoshi Shima, a Japanese engineer with a "steel trap mind," the once-unsung hero of the 4004 team [YouTube].
Long-time Slashdot reader darkharlequin also flags the " fascinating, if true" story of Wayne D. Pickette, who was hired by Intel in 1970, worked on the 4004 project, and according to ZDNet "claims that prior to that, during his job interview with Intel founder Bob Noyce, he showed the company a block diagram of a microprocessor he'd started to work on three years previously when he was 17."

An anonymous reader quotes Mashable: Manhattan District Attorney Cyrus Vance said Thursday that he wants Apple's encryption to go back to how it was in early 2014. Back then, police could basically extract any information they wanted after getting a warrant. "Doing nothing about this problem will perpetuate an untenable arms race between private industry and law enforcement," Vance said on Thursday. "Federal legislation is our only chance to lay these arms aside."

Vance said he's got 423 "lawfully-seized Apple devices" that his employees can't do anything with. Forty-two of those devices "pertain to homicide or attempted murder cases" according to the district attorney's office, and a similar number "relate to sex crimes." The argument, of course, is that the district attorney's office would have an easier time solving crimes if they had access to these phones... Apple believes being forced to hack into phones at the government's will is an unreasonable burden.
ZDNet adds that "the call for federal legislation could be given a popular boost by president elect Donald Trump, who previously called for a boycott on Apple products when it refused to help the FBI."

Zack Whittaker, reporting for ZDNet: The UK has just passed a massive expansion in surveillance powers, which critics have called "terrifying" and "dangerous." The new law, dubbed the "snoopers' charter," was introduced by then-home secretary Theresa May in 2012, and took two attempts to get passed into law following breakdowns in the previous coalition government. Four years and a general election later -- May is now prime minister -- the bill was finalized and passed on Wednesday by both parliamentary houses. Civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government "document everything we do online." It's no wonder, because it basically does. The law will force internet providers to record every internet customer's top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand -- though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch. Not only that, the law also gives the intelligence agencies the power to hack into computers and devices of citizens (known as equipment interference), although some protected professions -- such as journalists and medical staff -- are layered with marginally better protections. In other words, it's the "most extreme surveillance law ever passed in a democracy," according to Jim Killock, director of the Open Rights Group.

Zack Whittaker, reporting for ZDNet: The UK has just passed a massive expansion in surveillance powers, which critics have called "terrifying" and "dangerous." The new law, dubbed the "snoopers' charter," was introduced by then-home secretary Theresa May in 2012, and took two attempts to get passed into law following breakdowns in the previous coalition government. Four years and a general election later -- May is now prime minister -- the bill was finalized and passed on Wednesday by both parliamentary houses. Civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government "document everything we do online." It's no wonder, because it basically does. The law will force internet providers to record every internet customer's top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand -- though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch. Not only that, the law also gives the intelligence agencies the power to hack into computers and devices of citizens (known as equipment interference), although some protected professions -- such as journalists and medical staff -- are layered with marginally better protections. In other words, it's the "most extreme surveillance law ever passed in a democracy," according to Jim Killock, director of the Open Rights Group.

"Almost every account password was cracked, thanks to the company's poor security practices," reports ZDNet -- even for "deleted" accounts. An anonymous reader quotes their article: The hack includes 339 million accounts from AdultFriendFinder.com, which the company describes as the "world's largest sex and swinger community [and] also includes over 15 million "deleted" accounts that weren't purged from the databases. On top of that, 62 million accounts from Cams.com, and 7 million from Penthouse.com were stolen, as well as a few million from other smaller properties owned by the company. The data accounts for two decades' worth of data from the company's largest sites, according to breach notification LeakedSource, which obtained the data... The three largest site's SQL databases included usernames, email addresses, and the date of the last visit, and passwords, which were either stored in plaintext or scrambled with the SHA-1 hash function, which by modern standards isn't cryptographically as secure as newer algorithms.
The attack apparently coincides with the discovery of "a local file inclusion flaw on the AdultFriendFinder site, which if successfully exploited could allow an attacker to remotely run malicious code on the web server. " Ironically, Friend Finder Networks doesn't even own Penthouse.com anymore. They sold the site to a new owner last February.

An anonymous reader shares a report on ZDNet:Four bucks buys a lot of hardware these days, and nothing highlights this more than a project like the VoCore2 Lite. VoCore2 is an open source Linux computer and a fully-functional wireless router that is smaller than a coin. It can also act as a VPN gateway for a network, an AirPlay station to play lossless music, a private cloud to store your photos, video, and code, and much more. The Lite version of the VoCore2 features a 580MHz MT7688AN MediaTek system on chip (SoC), 64MB of DDR2 RAM, 8MB of NOR storage, and a single antenna slot for Wi-Fi that supports 150Mbps. Spend $12 and go for the full VoCore2 option and you get the same SoC, but you get 128MB of DDR2 RAM, 16MB of NOR storage, two antenna slots supporting 300Mbps, an on-board antenna, and PCIe 1.1 support.

Zack Whittaker, reporting for ZDNet: One of the largest distributed denial-of-service attacks happened this week and almost nobody noticed. Since the cyberattack on Dyn two weeks ago, the internet has been on edge, fearing another massive attack that would throw millions off the face of the web. The attack was said to be upwards of 1.1 Tbps -- more than double the attack a few weeks earlier on security reporter Brian Krebs' website, which was about 620 Gbps in size, said to be one of the largest at the time. The attack was made possible by the Mirai botnet, an open-source botnet that anyone can use, which harnesses the power of insecure Internet of Things devices. This week, another Mirai botnet, known as Botnet 14, began targeting a small, little-known African country Liberia, sending it almost entirely offline each time. Security researcher Kevin Beaumont, who was one of the first to notice the attacks and wrote about what he found, said that the attack was one of the largest capacity botnets ever seen. One transit provider said the attacks were over 500 Gbps in size. Beaumont said that given the volume of traffic, it "appears to be the owned by the actor which attacked Dyn." An attack of that size is enough to flatten even a large network -- or as was seen this week, a small country. Update: 11/03 19:37 GMT: The title of the story (same as the ZDNet's story) was updated to mention the name of the country. The summary was updated to reflect the same, as well.

A hospital system in the United Kingdom has canceled all planned operations and diverted major trauma cases to neighboring facilities citing a computer virus outbreak. From a report on ZDNet: The Northern Lincolnshire and Goole NHS Foundation Trust says a "major incident" has been caused by a "computer virus" which infected its electronic systems on Sunday. As a result of the attack, the hospital has taken the decision to shut down the majority of its computer networks in order to combat the virus. "A virus infected our electronic systems [on Sunday] and we have taken the decision, following expert advice, to shut down the majority of our systems so we can isolate and destroy it," said Dr Karen Dunderdale, the trust's deputy chief executive. The use of a shared IT system also means the United Lincolnshire Hospitals Trust has been taken offline as staff attempt to combat the attack. As a result of the attack, all outpatient appointments and diagnostic procedures that were set to take place at the infected hospitals on Monday and Tuesday have been canceled, while medical emergencies involving major trauma and women in high-risk labor are being diverted to neighboring hospitals.

Earlier today, Dyn, an internet infrastructure company, was hit by several DDoS attacks, which interestingly affected several popular websites including The New York Times, Reddit, Spotify, and Twitter that were directly or indirectly using Dyn's services. The attack is mostly visible across the US eastern seaboard with rest of the world noticing a few things broken here and there. Dyn says it's currently investigating a second round of DDoS attacks, though the severity of the outage is understandably less now. In the meantime, the Homeland Security said that it is aware of the attack and is investigating "all potential causes." Much of who is behind these attacks is unknown for now, and it is unlikely that we will know all the details until at least a few days. The attacks however have revealed how unprepared many websites are when their primary DNS provider goes down. ZDNet adds: The elephant in the room is that this probably shouldn't have happened. At very least there's a lot to learn already about the frailty of the internet DNS system, and the lack of failsafes and backups for websites and tech companies that rely on outsourced DNS service providers. "It's also a reminder of one risk of relying on multi-tenant service providers, be they DNS, or a variety of many other managed cloud service providers," said Steve Grobman, chief technology officer at Intel Security. Grobman warned that because this attack worked, it can be exploited again. "Given how much of our connected world must increasingly rely upon such cloud service providers, we should expect more such disruptions," he said. "We must place a premium of service providers that can present backup, failover, and enhance security capabilities allowing them to sustain and deflect such attacks." And that's key, because even though Dyn is under attack, it's the sites and services that rely on its infrastructure who should rethink their own "in case of emergency" failsafes. It may only be the east coast affected but lost traffic means lost revenue. Carl Levine, senior technical evangelist for NS1, another major managed DNS provider, said that the size and scale of recent attacks "has far exceeded what the industry thought was the upper end of the spectrum." "Large companies need to constantly upgrade their flood defenses. Some approaches that worked just a few years ago are now basically useless," said Kevin Curran, senior member with IEEE.We also recommend reading security reporter Brian Krebs's take on this.

An NSA contractor siphoned off dozens of hard drives' worth of data from government computers over two decades, prosecutors will allege on Friday. From a ZDNet report: The contractor, Harold T. Martin III, is also accused of stealing thousands of highly classified documents, computers, and other storage devices during his tenure at the agency. It's not known exactly what Martin allegedly stole, but a report from The New York Times on Wednesday suggests that the recently-leaked hacking tools used by the agency to conduct surveillance were among the stolen cache of files. Prosecutors will on Friday charge Martin with violating the Espionage Act. If convicted, he could face ten years in prison on each count. The charges, news of which was first reported by The Washington Post, outline a far deeper case than first thought, compared to the felony theft and a lesser misdemeanor charge of removal and retention of classified information revealed in an unsealed indictment last month.

On Tuesday in a conversation with Gartner analysts, Satya Nadella talked about the future of AI, the cloud, Windows, and what his company plans to do with LinkedIn. But the most notable remark from Nadella was when he said this, "Windows is the most open platform there is." ZDNet adds: It came in the context of Nadella talking about Microsoft's mission to unite the three big constituencies in the technology world. "That's the approach we've always taken," said Nadella, "bringing users, IT, and developers together... When you bring them together, that's where the magic happens." He reminded the audience of several thousand technology leaders that Microsoft began by making tools, then it made apps, and now it makes platforms. Or, it buys them.