Slashdot Mirror

An anonymous reader quotes a report from The New York Times (Warning: source may be paywalled; alternative source): Twitter said on Thursday that it had overstated its monthly-user figures since 2014 after mistakenly including data from third-party applications in its counting. The revelation came as the company reported that its net loss had narrowed in the third quarter and that its number of daily active users had risen 14 percent. The company said it had discovered that its measure of monthly active users had been improperly including figures from third-party applications that used Digits, a software-development program. Digits is part of the Fabric mobile application platform that Twitter sold to Alphabet, Google's parent company, this year. Digits allowed third-party applications to send authentication messages through Twitter's systems and did not reflect activity on the Twitter platform, the company said. As a result, the company lowered the number of monthly active users by two million for the first and second quarters of this year and by one million for the fourth quarter of 2016. Twitter said its data-retention policies made it unable to reconcile the figures for periods before last year's fourth quarter.

In its careers section this week, science journal Nature surveyed more than 5,700 early-career scientists worldwide who are working on PhDs. Three-quarters of them, they told the journal, think it's likely that they will pursue an academic career when they graduate. How many of them will succeed? The editorial board of the journal wrote in a column published on Wednesday. Most PhD students will have to look beyond academia for a career, the editorial board added. From the article: Statistics say these young researchers will have a better chance of pursuing their chosen job than the young footballers. But not by much. Global figures are hard to come by, but only three or four in every hundred PhD students in the United Kingdom will land a permanent staff position at a university. It's only a little better in the United States. Simply put, most PhD students need to make plans for a life outside academic science. And more universities and PhD supervisors must make this clear. That might sound like an alarmist and negative attitude for the International Weekly Journal of Science. But it has been evident for years that international science is training many more PhD students than the academic system can support. Most of the keen and talented young scientists who responded to our survey will probably never get a foot in the door. Of those who do, a sizeable number are likely to drift from short-term contract to short-term contract until they become disillusioned and look elsewhere.

MojoKid writes: AMD is officially launching a processor family today known by the code name Raven Ridge, but now referred to as Ryzen Mobile. The architecture combines AMD's new Zen CPU core architecture, along with its RX Vega GPU integrated into a single chip for laptops. There are two initial chips in the mobile processor family that AMD is announcing today: the Ryzen 5 2500U and the Ryzen 7 2700U. Both processors feature four cores capable of executing 8 threads with SMT. However, there are differences with respect to processor clocks and GPU specs. AMD's Ryzen 5 2500U has a base clock of 2GHz and a boost clock of 3.6GHz, while Ryzen 7 2700U cranks up another 200MHz on both of those figures. Ryzen 5 2500U features 8 Radeon Vega graphics CUs (Compute Units) and a GPU clock of 1.1GHz, compared to 10 Radeon Vega CUs and a GPU clock of 1.3GHz for the higher-end Ryzen 7 2700U. AMD is making rather ambitious claims for the new processors, and promises some impressive gains over its 7th generation Bristol Ridge predecessors. According to AMD, CPU and GPU performance will see 200 percent and 128 percent uplifts, respectively. AMD is also showcasing benchmark numbers that have the new CPUs outgunning Intel's new quad-core Kaby Lake R chips in spots, along with significant performance advantages in gaming and graphics, on par with discrete, entry-level laptop GPUs like NVIDIA's GeForce 950M. Thin and light laptops from HP, Lenovo and Acer powered by Ryzen Mobile are expected to ship in Q4 this year.

A reader shares a research report: The world of email marketing has changed pretty significantly over the past five years. Where desktop clients like Outlook were once a more important delivery medium, readers of email are now in the thrall of mobile clients and webmail services like Gmail. In fact, new research from Return Path found that more than half of emails worldwide (55%) are opened in a mobile environment in 2017, significantly more than either webmail (28%) or desktop (16%). Mobile has emerged as the dominant email environment since Return Path last conducted its survey in 2012, when only 29% of emails were opened on a mobile device, and webmail clients were the most popular method of accessing such electronic missives. Return Path also found that Apple's iOS was dominant among mobile email users worldwide, with 79% of mobile emails opened on either an iPhone or iPad this year. While only 20% of emails were opened on a device running Android, that was actually an increase of 6 percentage points from 2012's figure.

According to The Information, Snapchat expected demand for its camera-equipped glasses known as Spectacles to continue after the holidays and ordered "hundreds of thousands" of additional units. But demand didn't pick up after the company opened up its sales to a wider audience, leaving those units to collect dust in warehouses. The Verge reports: It's not known exactly how many Spectacles have been sold so far, but from the sound of it, Snap may have dramatically over-ordered units of its debut hardware device. Earlier this month, Snap CEO Evan Spiegel said the company had sold "over 150,000 units," which sounds pretty bad in the context of having hundreds of thousands sitting around waiting to be sold; although The Information says that figure includes unassembled units with parts that could potentially be used in other products. Spiegel has tried to paint Spectacles as both relatively successful and merely an early start in hardware. He claims they outsold Apple's first iPod -- a comparison clearly meant to suggest they could eventually have enormous success. But Spiegel also said hardware would really only be important to Snap a decade from now.

An anonymous reader shares a report: You might want to hold off on buying a Pixel 2 XL until Google addresses its screen issues. Now that Google's new flagship Android phone is officially out and in people's hands, reports have come out that call into question the quality of its display. Pixel 2 XL owners took to social media to voice their complaints about discoloration and screen burn-in. The first issue Pixel 2 XL owners started noticing was the screen's inconsistent color temperature, most noticeable when viewing anything with a white background. From a dead-on vantage point, the screen has a warm color temperature. But shift your position off-angle just a bit, and you'll notice the color temperature changes to a bluish tint. Mashable has confirmed the color shifting on our Pixel 2 XL review unit. While there are some real advantages to OLED displays over traditional LCDs -- they're thinner, more power efficient, brighter, and display more vibrant colors and deeper blacks -- they're also prone to defects like screen burn-in. Even Samsung, the world's largest manufacturer of OLED displays, hasn't figured out how to perfect them. The Super AMOLED displays used in its Galaxy S8 and Note 8 phones are rated as the brightest screens for mobile devices by DisplayMate's Dr. Raymond Soneira, but they're still susceptible to burn-in. To prevent burn-in from the screen's virtual home button, Samsung's programmed it to move by a few pixels every few seconds. It's not a perfect solution, but it does the trick.

Michael J. Coren reports via Quartz: Every two years, the U.S. Energy Information Administration (EIA), America's official source for energy statistics, issues 10-year projections about how much solar, wind and conventional energy the future holds for the U.S. Every two years, since the mid-1990s, the EIA's projections turn out to be wrong. Last year, they proved spectacularly wrong. The Natural Resources Defense Council, an environmental advocacy group, and Statista recently teamed up to analyze the EIA's predictions for energy usage and production. They found that the EIA's 10-year estimates between 2006 to 2016 systematically understated the share of wind, solar and gas. Solar capacity, in particular, was a whopping 4,813% more in 2016 than the EIA had predicted in 2006 it would be. To be fair, there is a caveat here: The prediction in 2006 was that 10 years hence the U.S. would be generating just 0.8 gigawatts (GW) of solar energy. With such a low baseline figure, any increase will look huge in percentage terms. Nonetheless, there is an unmistakable trend in the data: The EIA regularly underestimates the growth in renewables but overestimates U.S. fossil-fuel consumption, which some critics see as an attempt to boost the oil and gas industry.

The Apple Watch Series 3's best new feature has been mysteriously blocked in China. According to a report from The Wall Street Journal, China has cut off the Apple Watch's LTE connectivity on Sept. 28 after brief availability from China Unicom. Industry analysts claim that the suspension is probably from governmental concerns about not being able to track and confirm users of the device. AppleInsider reports: Apple issued a brief statement confirming the situation, and referring customers to China Unicom. Neither China Unicom, nor Chinese regulators have made any statement on the matter. The issue may stem from the eSIM in the Apple Watch. Devices like the iPhone have state-owned telecom company-issued SIM cards -- and the eSIM is embedded in the device by Apple. "The eSIM (system) isn't mature enough yet in China," one analyst said. "The government still needs to figure out how they can control the eSIM." The LTE version of the Apple Watch had only a trial certificate to operate on the Chinese LTE network. An analyst who asked not to be identified expects that Ministry of Industry and Information Technology may take months to figure out how the government will deal with the eSIM, and issue a formal certificate for operation.

An anonymous reader writes: Google Chrome engineers are considering adding a special browser permission that will thwart the rising trend of in-browser cryptocurrency miners. Discussions on the topic of in-browser miners have been going on the Chromium project's bug tracker since mid-September when Coinhive, the first such service, launched. "Here's my current thinking," Ojan Vafai, a Chrome engineering working on the Chromium project, wrote in one of the recent bug reports. "If a site is using more than XX% CPU for more than YY seconds, then we put the page into 'battery saver mode' where we aggressively throttle tasks and show a toast [notification popup] allowing the user to opt-out of battery saver mode. When a battery saver mode tab is backgrounded, we stop running tasks entirely. I think we'll want measurement to figure out what values to use for XX and YY, but we can start with really egregious things like 100% and 60 seconds. I'm effectively suggesting we add a permission here, but it would have unusual triggering conditions [...]. It only triggers when the page is doing a likely bad thing."

An earlier suggestion had Google create a blacklist and block the mining code at the browser level. That suggestion was shut down as being too impractical and something better left to extensions.

Google announced on Tuesday that it would offer stronger online security for "high risk" users who may be frequent targets of online attacks. The company said anyone with a personal Google account can enroll in the new "advanced protection," while noting that it will require users to "trade off a bit of convenience" for extra security. Motherboard reports: The main advantage in terms of security is the need for a key or token to log in as the second factor, instead of a code sent via SMS or via app. This is much better because there's no way for hackers to steal or phish this key from afar (there have been isolated incidents of hackers using social engineering to gain access to someone's cell phone number by getting the provider to issue a new SIM card, for instance). Thanks to these new features, Gmail is now the most secure email provider available on the internet if you are worried about hackers breaking into your private correspondence. "This is a major step in the right direction in offering the same kind of protection available to high-profile figures to everyday people," Kenneth White, a Washington D.C. based security consultant to federal agencies, told Motherboard. "They have really thought this through, and while it may not make sense for everyone, for those that need it, it's a much needed option."

An anonymous reader shares a Bloomberg report: Over the past two years, after decades of declining deaths on the road, U.S. traffic fatalities surged by 14.4 percent. In 2016 alone, more than 100 people died every day in or near vehicles in America, the first time the country has passed that grim toll in a decade. Regulators, meanwhile, still have no good idea why crash-related deaths are spiking: People are driving longer distances but not tremendously so; total miles were up just 2.2 percent last year. Collectively, we seemed to be speeding and drinking a little more, but not much more than usual. Together, experts say these upticks don't explain the surge in road deaths. There are however three big clues, and they don't rest along the highway. One, as you may have guessed, is the substantial increase in smartphone use by U.S. drivers as they drive. From 2014 to 2016, the share of Americans who owned an iPhone, Android phone, or something comparable rose from 75 percent to 81 percent. The second is the changing way in which Americans use their phones while they drive. These days, we're pretty much done talking. Texting, Twitter, Facebook, and Instagram are the order of the day -- all activities that require far more attention than simply holding a gadget to your ear or responding to a disembodied voice. By 2015, almost 70 percent of Americans were using their phones to share photos and follow news events via social media. In just two additional years, that figure has jumped to 80 percent.

Steve Wozniak wants you to work in tech, and he's going to help you do it. From a report: The Apple co-founder is launching Woz U, a digital institute aimed at helping folks not only figure out what type of tech job they might be best at, but train for it. "People often are afraid to choose a technology-based career because they think they can't do it. I know they can, and I want to show them how," Wozniak said in a statement Friday. Woz U starts off as online programs, but there are plans to build campuses in 30 cities around the world. Those cities will be announced within the next 60 days, Shelly Murphy, corporate relations for Woz U told CNET. In a press statement, Wozniak said Woz U will start as an online learning platform focused on both students and companies that will eventually hire those students. Woz U is based out of Arizona, and hopes to launch physical locations for learning in more than 30 cities across the globe. At launch, the curriculum will center around computer support specialists and software developers, with courses on data science, mobile applications and cybersecurity coming in the future.

mirandakatz writes: Tech companies' worst crises used to come in the form of pranks like Google bombs: Users figured out how to game search results, such as when a search for "miserable failure" turned up links to information about then-president George W. Bush. Today, in the era of fake news and Russian interference, that's basically our new normal -- but as Karen Wickre, a former communications lead at companies like Google and Twitter, points out, tech companies' approaches to dealing with the new breed of crises haven't evolved much since the age of Google bombs. Wickre suggests a new, collaborative approach that she dubs the "Federation," writing that "No single company, no matter how massive and wealthy, can hire its way out of a steady gusher of bad information or false and manipulative ads...The era of the edge case -- the exception, the outlier—is over. Welcome to our time, where trouble is forever brewing."

For several hours on Wednesday Equifax's website was compromised again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers, reports Dan Goodin at Ars Technica. From the report: Randy Abrams, an independent security analyst by day, happened to visit the site Wednesday evening to contest what he said was false information he had just found on his credit report. Eventually, his browser opened up a page on the domain hxxp:centerbluray.info. He was understandably incredulous. The site that previously gave up personal data for virtually every US person with a credit history was once again under the control of attackers, this time trying to trick Equifax visitors into installing crapware Symantec calls Adware.Eorezo. Knowing a thing or two about drive-by campaigns, Abrams figured the chances were slim he'd see the download on follow-on visits. To fly under the radar, attackers frequently serve the downloads to only a select number of visitors, and then only once. Abrams tried anyway, and to his amazement, he encountered the bogus Flash download links on at least three subsequent visits. Update: Equifax said on Thursday it was taking one of its web pages offline as its security team looks into reports of another potential cyber breach.

Scientists are perplexed over a giant hole that has opened up in Antarctica. According to Motherboard, the "gigantic, mysterious hole" is as large as Lake Superior or the state of Maine. From the report: The gigantic, mysterious hole "is quite remarkable," atmospheric physicist Kent Moore, a professor at the University of Toronto's Mississauga campus, told me over the phone. "It looks like you just punched a hole in the ice." Areas of open water surrounded by sea ice, such as this one, are known as polynyas. They form in coastal regions of Antarctica, Moore told me. What's strange here, though, is that this polynya is "deep in the ice pack," he said, and must have formed through other processes that aren't understood. "This is hundreds of kilometers from the ice edge. If we didn't have a satellite, we wouldn't know it was there." (It measured 80,000 km^2 at its peak.) "This is now the second year in a row it's opened after 40 years of not being there," Moore said. (It opened around September 9.) "We're still trying to figure out what's going on."

A reader shares a Bloomberg report: There's a $19 billion black box inside Google. That's the yearly amount Google pays to companies that help generate its advertising sales, from the websites lined with Google-served ads to Apple and others that plant Google's search box or apps in prominent spots. Investors are obsessed with this money, called traffic acquisition costs, and they're particularly worried about the growing slice of those payments going to Apple and Google's Android allies. That chunk of fees now amounts to 11 percent of revenue for Google's internet properties. The figure was 7 percent in 2012. These Google traffic fees are the result of contractual arrangements parent company Alphabet makes to ensure its dominance. The company pays Apple to make Google the built-in option for web searches on Apple's Safari browsers for Mac computers, iPhones and other places. Google also pays companies that make Android smartphones and the phone companies that sell those phones to make sure its search box is front and center and to ensure its apps such as YouTube and Chrome are included in smartphones. In the last year, Google has paid these partners $7.2 billion, more than three times the comparable cost in 2012.

Slashdot reader Orome1 quotes Help Net Security: A group of Virginia Tech researchers has analyzed hundreds of posts on Stack Overflow, a popular developer forum/Q&A site, and found that many of the developers who offer answers do not appear to understand the security implications of coding options, showing a lack of cybersecurity training. Another thing they discovered is that, sometimes, the most upvoted posts/answers contain insecure suggestions that introduce security vulnerabilities in software, while correct fixes are less popular and visible simply because they have been offered by users with a lower reputation score...

The researchers concentrated on posts relevant to Java security, from both software engineering and security perspectives, and on posts addressing questions tied to Spring Security, a third-party Java framework that provides authentication, authorization and other security features for enterprise applications... Developers are frustrated when they have to spend too much time figuring out the correct usage of APIs, and often end up choosing completely insecure-but-easy fixes such as using obsolete cryptographic hash functions, disabling cross-site request forgery protection, trusting all certificates in HTTPS verification, or using obsolete communication protocols. "These poor coding practices, if used in production code, will seriously compromise the security of software products," the researchers pointed out.
The researchers blame "the rapidly increasing need for enterprise security applications, the lack of security training in the software development workforce, and poorly designed security libraries." Among their suggested solutions: new developer tools which can recognize security errors and suggest patches.

An anonymous reader quotes a report from Ars Technica: Americans bought more electric vehicles in September than any other month this year. According to Inside EV's monthly sales report, 21,325 battery EVs and plug-in hybrid EVs found homes last month. That's 20 percent more than this time last year and the second highest number ever. 2017 looks like it will be a record year; a total of 159,614 EVs were sold, a figure that should easily be eclipsed by the end of October. Tesla leads the pack, thanks to healthy increases in both Model S and Model X sales this month. Tesla may suffer some good-natured teasing about frequently missed deadlines, but you could set your watch by the regularity of its quarter-ending jump in deliveries. Barring some unforeseen circumstance, the Model S will remain the best-selling EV for the third year running. Like the overall trend, sales for the startup EV maker are up compared to last year, and even if the Model 3 continues to frustrate, we expect it to break the 50,000 car barrier by year-end.

General Motors is the only other company within reach of Tesla, whether we're talking about range or sales volume. The Chevrolet Bolt EV is now on sale in all 50 states and finding traction -- 2,632 sold in September and more than 14,000 on the road in 2017 so far. That still only gets it to fifth overall on the score chart, and there are three months left to go. The Chevy Volt, the Bolt's plug-in hybrid EV stablemate, is still the second-most popular EV among American buyers, but its sales have leveled off for the last few months. Toyota is the only other OEM to make the top five, less than 300 units behind the Volt.

An anonymous reader shares a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): A massive data breach at Yahoo in 2013 was far more extensive than previously disclosed, affecting all of its 3 billion user accounts, new parent company Verizon Communications Inc. said on Tuesday. The figure, which Verizon said was based on new information, is three times the 1 billion accounts Yahoo said were affected when it first disclosed the breach in December 2016. The new disclosure, four months after Verizon completed its acquisition of Yahoo, shows that executives are still coming to grips with the extent of the security problem in what was already the largest hacking incident in history by number of users.

A spokesman for Oath, the new name of Verizon's Yahoo unit, said the company determined last week that the break-in was much worse than thought, after it received new information from outside the company. He declined to elaborate on the source of that information. Compromised customer information included usernames, passwords, and in some cases telephone numbers and dates of birth, the spokesman said.

An anonymous reader shares a report: Essential Products has sold an estimated 5,000 phones through Sprint since the gadget made its big retail debut in the United States earlier this month, according to estimates from BayStreet Research. That figure would put Essential, whose maker became a unicorn without shipping handset, well below market heavyweights like Apple and Samsung, which typically sell tens of millions of phones per quarter in the United States. BayStreet tracks shipments of phones and other devices across the United States. Essential representatives didn't respond to requests for comment on the BayStreet estimates. BayStreet also clarified that its 5,000 figure is an estimate of Essential's sell-through (when a customer buys a product from a retailer) rather than its sell-in (when a retailer buys something from a manufacturer). Sprint is the exclusive carrier for the phone; most phones in the United States are sold through carriers. However, Essential also offers an unlocked version of its gadget. Essential, the first major startup from Android founder Andy Rubin's venture capital firm Playground, currently sells the $699 Android-powered Essential Phone through Sprint and promises to release the Essential Home smart-home hub later this year. Essential was named as one of FierceWireless' top 15 startups to watch in 2017.