Cisco has built a new network operating system that will allow users to run its most sophisticated networking features on older and lower-cost Cisco routers and switches, according to a report. From a report: The move to potentially disrupt its networking hardware business was first reported by The Information, which said that Cisco, for now, is not looking to have its network operating system available for non-Cisco switches. Customers who want to run the new operating system, known as Lindt, will be able to move away from switches based on proprietary high-performance Cisco chips to Cisco hardware that works with lower-cost chips, according to the report.

An anonymous reader quotes a report from Bleeping Computer: A new attack on smart TVs allows a malicious actor to take over devices using rogue DVB-T (Digital Video Broadcasting -- Terrestrial) signals, get root access on the smart TV, and use the device for all sorts of nasty actions, ranging from DDoS attacks to spying on end users. The attack, developed by Rafael Scheel, a security researcher working for Swiss cyber security consulting company Oneconsult, is unique and much more dangerous than previous smart TV hacks. Scheel's method, which he recently presented at a security conference, is different because the attacker can execute it from a remote location, without user interaction, and runs in the TV's background processes, meaning users won't notice when an attacker compromises their TVs. The researcher told Bleeping Computer via email that he developed this technique without knowing about the CIA's Weeping Angel toolkit, which makes his work even more impressing. Furthermore, Scheel says that "about 90% of the TVs sold in the last years are potential victims of similar attacks," highlighting a major flaw in the infrastructure surrounding smart TVs all over the globe. At the center of Scheel's attack is Hybrid Broadcast Broadband TV (HbbTV), an industry standard supported by most cable providers and smart TV makers that "harmonizes" classic broadcast, IPTV, and broadband delivery systems. TV transmission signal technologies like DVB-T, DVB-C, or IPTV all support HbbTV. Scheel says that anyone can set up a custom DVB-T transmitter with equipment priced between $50-$150, and start broadcasting a DVB-T signal.

An anonymous reader shares a report: For years, Apple's App Store, the place where people download apps for games and social networking services on their iPhones, has generated far more revenue worldwide than its Android competitors. This year, things are changing: The App Store will fall second to the amount of revenue generated by Android app distributors, predicts analytics firm App Annie. In 2017, the App Store will generate $40 billion in revenue, while Android app stores run by Google and other parties will generate $41 billion, App Annie said. That gap is expected to widen in 2021, with Android app stores generating $78 billion in revenue and Apple's App Store at $60 billion in revenue, according to App Annie's report released on Wednesday. The surge in revenue for Android comes from a growing number of consumers in China who are buying Android phones and are willing to pay for apps. In 2021, App Annie expects there to be eight Android smartphone users to every single iPhone user in China.

BrianFagioli writes: Google is an essential member of the open source community. The search giant contributes some really great projects, offering code to be used many -- it claims more than 2,000 such contributions! Heck, the company even hosts the annual Summer of Code program, where it pairs students with open source projects teams. In other words, Google is helping to get young folks excited about open source. Today, Google announced that it is launching an all-new website to focus on open source. It is not a general open source site, but a destination to learn more about the search-giant's relationship with it. "Today, we're launching opensource.google.com, a new website for Google Open Source that ties together all of our initiatives with information on how we use, release, and support open source. This new site showcases the breadth and depth of our love for open source. It will contain the expected things: our programs, organizations we support, and a comprehensive list of open source projects we've released. But it also contains something unexpected: a look under the hood at how we 'do' open source," says Will Norris, Open Source Programs Office, Google.

dryriver writes: A company named Arca Noae is working on a new release of the X86 OS/2 operating system code named "Blue Lion" and likely called ArcaOS 5 in its final release. Blue Lion wants to be a modern 21st Century OS/2 Warp, with support for the latest hardware and networking standards, a modern accelerated graphics driver, support for new cryptographic security standards, full backward compatibility with legacy OS/2, DOS and Windows 3.1 applications, suitability for use in mission-critical applications, and also, it appears, the ability to run "ported Linux applications". Blue Lion, which appears to be in closed beta with March 31st 2017 cited as the target release date, will come with up to date Firefox browser and Thunderbird mail client, Apache OpenOffice, other productivity tools, a new package manager, and software update and support subscription to ensure system stability. It is unclear from the information provided whether Blue Lion will be able to run modern Windows applications.

According to a recent indictment from the U.S. Department of Justice, a 48-year-old Lithuanian scammer named Evaldas Rimasauskas managed to trick two American technology companies into wiring him $100 million. He was able to perform this feat "by masquerading as a prominent Asian hardware manufacturer," reports The Verge, citing court documents, "and tricking employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries." From the report: What makes this remarkable is not Rimasauskas' particular phishing scam, which sounds rather standard in the grand scheme of wire fraud and cybersecurity exploits. Rather, it's the amount of money he managed to score and the industry from which he stole it. The indictment specifically describes the companies in vague terms. The first company is "multinational technology company, specializing in internet-related services and products, with headquarters in the United States," the documents read. The second company is a "multinational corporation providing online social media and networking services." Both apparently worked with the same "Asia-based manufacturer of computer hardware," a supplier that the documents indicate was founded some time in the late '80s. What's more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money. Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted -- each charge of wire fraud and laundering carries a max sentence of 20 years. The court documents don't reveal the names of the two companies. Though, one could surely think of a few candidates that would fit the descriptions provided in the court documents.

An anonymous reader quotes a report from Digital Journal: Reddit has announced it has begun trialling a radical new profile page design that's reminiscent of Facebook and Twitter. It will evolve the discussion board site towards being a social network by enabling users to post directly to their new profile page. At present, posts on Reddit have to be directed into a specific sub-Reddit community. You can't simply write a post and have it appear across the network which can make it difficult to get your voice heard. Unless you've got some reputation in a relevant sub-Reddit, your posts may end up going unnoticed. That could soon change. Last night, Reddit announced it's working on a drastic revision of its user profile page experience. The site has commenced testing of an early version of the design. According to a report from Reuters, just three "high-profile" users currently have access to the feature. When the new pages are eventually opened up to all, they'll showcase the user's profile picture and description. Below the header, posts from the user will be publicly displayed. The user will be able to add new posts to their page, without submitting to a sub-Reddit. Users will be able to follow each other to stay informed of new posts, effectively creating a social network atmosphere above the discussion boards.

A year after Google released the Android N Developer Preview, the company has made available the developer preview of the next major version of Android, "Android O." You will not want to put it on your primary Android smartphone as the preview is likely to have rough edges. Google says as much. "it's early days, there are more features coming, and there's still plenty of stabilization and performance work ahead of us. But it's booting :)."

The company is using the developer preview to give beta testers a sneak peek into some new features, such as "notification channels," which will offer users the ability to group notifications. There is also Picture in Picture, which will enable you to have a video appear in a small window on top of homescreen or any application. Google is also adding "multi-display support" and improved "keyboard navigation." Your guess is as good as mine as to what these features will actually do. There's also better "background limits" which will supposedly help save battery, and wider Wi-Fi support to include things like Neighborhood Aware Networking (NAN).

No word on what "O" in Android O stands for.

An anonymous reader quotes a report from Ars Technica: Some Kansas City residents who have been waiting years for Google Fiber to install service at their homes recently received e-mails canceling their installations, with no word on whether they'll ever get Internet service from the company. KSHB 41 Action News in Kansas City, Missouri, "spoke to several people, living in different parts of the metro, all who have recently received cancellation e-mails," the station reported last week. "The e-mails do not provide a specific reason for the cancellations. Instead they say the company was 'unable to build our network to connect your home or business at this time.'" While Google Fiber refuses to say how many installations have been canceled, KSHB said, "there is speculation the number of cancellations in the metro is as high as 2,700." "The company says it has slowed down in some areas to experiment with new techniques," such as wireless technology, the report also said. Google Fiber is still hooking up fiber for some new customers in parts of the Kansas City area. One resident who had his installation canceled is Larry Meurer, who was seeing multiple Google Fiber trucks in his neighborhood nearly two years ago, in the spring of 2015. "I'm left wondering what's going on," he told KSHB after getting the cancellation e-mail. Meurer lives in Olathe, Kansas, one of the largest cities in the Kansas City metro area. Residents only five houses away and around the corner have Google Fiber service, the report said. But Meurer said he and several neighbors who never got service were "terminated."

Zack Whittaker, writing for ZDNet: Cisco is warning that the software used in hundreds of its products are vulnerable to a "critical"-rated security flaw, which can be easily and remotely exploited with a simple command. The vulnerability can allow an attacker to remotely gain access and take over an affected device. More than 300 switches are affected by the vulnerability, Cisco said in an advisory. According to the advisory, the bug is found in the cluster management protocol code in Cisco's IOS and IOS XE software, which the company installs on the routers and switches it sells. An attacker can exploit the vulnerability by sending a malformed protocol-specific Telnet command while establishing a connection to the affected device, because of a flaw in how the protocol fails to properly process some commands. Cisco said that there are "no workarounds" to address the vulnerability, but it said that disabling Telnet would "eliminate" some risks.

An anonymous reader writes: "An Oregon sportswear company is suing its former IT administrator, alleging he left backdoor accounts on their network and used them more than 700 times to search for information for the benefit of its new employer," reports BleepingComputer. Court papers reveal the IT admin left to be the CTO at one of the sportswear company's IT suppliers after working for 14 years at his previous employer. For more than two years, he's [allegedly] been using an account he created before he left to access his former colleagues' emails and gather information about the IT services they might need in the future. The IT admin was fired from his CTO job after his new employer found out what he was doing.
One backdoor, which enabled both VPN and VDI connections to the company's network, granted access to a "jmanming" account for a non-existent employee named Jeff Manning...

Recently-leaked CIA documents prove that encryption works, according to the Associated Press. But how should sys-admins implement site-wide file encryption? Very-long-time Slashdot reader Pig Hogger writes: If you decide to implement server-level encryption across all your servers, how do you manage the necessary keys/passwords/passphrases to insure that you have both maximum uptime (you can access your data if you need to reboot your servers), yet that the keys cannot be compromised... What are established practices to address this issue?
Keep in mind that you can't change your password once the server's been seized, bringing up the issue of how many people know that password. Or is there a better solution? Share you suggestions and experiences in the comments. How would you implement site-wide file encryption?

Club Penguin, a decade-old tween-focused social network by Disney is shutting down. From a report on The Outline: Club Penguin, which launched in 2005, will shutter on March 29, ending an 11-year run that at its peak drew 200 million users to the site. While the traffic has reportedly been in decline over the past few years -- the OG Club Penguin kids have mostly aged out (most of the site's user are 8-13), and there's growing competition from other social networking games, like the new LEGO Life -- fans both young and old are reacting to the news with emotions that run the Kubler-Ross gamut. Some have been reduced to shell-like human embodiments of the Loudly Crying Face emoji. James Charles, the beauty-obsessed 17-year-old Instagram star who was recently announced as the first male face of CoverGirl, tweeted, "my entire childhood is going down the drain wow I'm gonna cry RIP greendude50." Others are lashing out, attempting speedruns or willfully disobeying chat rules in the hopes of getting booted in an act of you-can't-fire-me-I-quit defiance. And of course, plenty are soaking up the last days, taking part in the community-wide "Waddle On" celebration that's essentially a G-rated version of an end-of-days rager.

davegravy writes: I work at a small but quickly growing acoustic consulting engineering firm, consisting of a mix of mechanical, electrical, civil, and other engineering backgrounds. When I joined almost 10 years ago I was in good company with peers who were very computer literate -- able to develop their own complex excel macros, be their own IT tech support, diagnose issues communicating with or operating instrumentation, and generally dive into any technology-related problem to help themselves. In 2017, these skills and tendencies are more essential than they were 10 years ago; our instruments run on modern OS's and are network/internet-capable, the heavy data processing and analysis we need to do is python-based (SciPy, NumPy) and runs on AWS EC2 instances, and some projects require engineers to interface various data-acquisition hardware and software together in unique ways. The younger generation, while bright in their respective engineering disciplines, seems to rely on senior staff to a concerning degree when it comes to tech challenges, and we're stuck in a situation where we've provided procedures to get results but inevitably the procedures don't cover the vast array of scenarios faced day-to-day. Being a small company we don't have dedicated IT specialists. I believe I gathered my skills and knowledge through insatiable curiosity of all things technology as a child, self-teaching things like Pascal, building and experimenting with my own home LAN, and assembling computers from discrete components. Technology was a fringe thing back then, which I think drew me in. I doubt I'd be nearly as curious about it growing up today given its ubiquity, so I sort of understand why interest might be less common in today's youth.

How do we instill a desire to learn the fundamentals of networking, computing, and coding, so that the younger generation can be self-sufficient and confident working with the modern technology and tools they need to perform -- and be innovative in -- their jobs? I believe that the most effective learning occurs when there's a clearly useful purpose or application, so I'm hesitant to build a training program that consists solely of throwing some online courses at staff. That said, online courses may be a good place to get some background that can be built upon, however most that I've come across are intended for people pursuing careers in computer science, web development, software engineering, etc. Are there any good resources that approach these topics from a more general purpose angle?

An anonymous reader quotes a report from The Guardian: Facebook and Instagram have banned developers from using their data for surveillance with a new privacy policy that civil rights activists have long sought to curb spying by law enforcement. Following revelations last year that police departments had gained special access to the social networks to track protesters, Facebook, which owns Instagram, announced on Monday that it had updated its rules to state that developers could not "use data obtained from us to provide tools that are used for surveillance." The American Civil Liberties Union obtained government records last year revealing that Facebook, Instagram and Twitter had provided users' data to a software company that aids police surveillance programs and had helped law enforcement monitor Black Lives Matter demonstrations. The ACLU found that the social networking sites had given "special access" to Geofeedia, a controversial startup that has partnered with law enforcement to track streams of user content. "Our goal is to make our policy explicit," Facebook said in its announcement on Monday. "Over the past several months we have taken enforcement action against developers who created and marketed tools meant for surveillance, in violation of our existing policies; we want to be sure everyone understands the underlying policy and how to comply."

Artem Tashkinov writes: The XKCD comics has posted a wonderful and exceptionally relevant post in regard to the today's situation with various instant messaging solutions. E-mail has served us well in the past, however, it's not suitable for any real-time communications involving video and audio. XMPP was a nice idea, however, it has largely failed except for a low number of geeks who stick to it. Nowadays, some people install up to seven instant messengers to be able to keep up with various circles of people. How do you see this situation being resolved?

People desperately need a universal solution which is secure, decentralized, fault tolerant, not attached to your phone number, protects your privacy, supports video and audio chats and sending of files, works behind NATs and other firewalls and has the ability to send offline messages. I believe we need a modern version of SMTP. [How would you solve the instant messaging problem?]

"If the tech industry is drawing one lesson from the latest WikiLeaks disclosures, it's that data-scrambling encryption works," writes the Associated Press, "and the industry should use more of it." An anonymous reader quotes their report: Documents purportedly outlining a massive CIA surveillance program suggest that CIA agents must go to great lengths to circumvent encryption they can't break. In many cases, physical presence is required to carry off these targeted attacks. "We are in a world where if the U.S. government wants to get your data, they can't hope to break the encryption," said Nicholas Weaver, who teaches networking and security at the University of California, Berkeley. "They have to resort to targeted attacks, and that is costly, risky and the kind of thing you do only on targets you care about. Seeing the CIA have to do stuff like this should reassure civil libertarians that the situation is better now than it was four years ago"... Cindy Cohn, executive director for Electronic Frontier Foundation, a group focused on online privacy, likened the CIA's approach to "fishing with a line and pole rather than fishing with a driftnet."
The article points out that there are still some exploits that bypass encryption, according to the recently-released CIA documents. "Although Apple, Google and Microsoft say they have fixed many of the vulnerabilities alluded to in the CIA documents, it's not known how many holes remain open."

An anonymous reader quotes a report from TmoNews: T-Mobile's new deprioritization threshold is 30GB of usage in a single billing cycle. While T-Mo didn't make an official announcement about the change, you can see in this cached page that the network management policy says 28GB: "Based on network statistics for the most recent quarter, customers who use more than 28GB of data during a billing cycle will have their data usage prioritized below other customers' data usage for the remainder of the billing cycle in times and at locations where there are competing customer demands for network resources." Navigating to the webpage today now says 30GB. What this change means is that if you use more than 30GB of data in one billing cycle, your data usage will be prioritized below others for the remainder of that billing cycle. The only time that you're likely to see the effects of that, though, is when you're at a location on the network that is congested, during which time you may see slower speeds. Once you move to a different location or the congestion goes down, your speeds will likely go back up. And once the new billing cycle rolls around, your usage will be reset.

AT&T says it has fixed a nationwide outage that prevented its wireless customers from making 911 emergency calls. "Service has been restored for wireless customers affected by an issue connecting to 911. We apologize to those affected," the company officials said in a statement. The outage was serious enough to gain the attention of the Federal Communications Commission. The FCC chairman, Ajit Pai, said via Twitter that they are investigating what went wrong. NBC News reports: The company didn't say how widespread the outage was, but as reports poured in from across the country, Karima Holmes, director of unified communications for the Washington, D.C., government, said her office had been "advised there is a nationwide outage for AT&T." At 10:20 p.m. ET, about 10 minutes before AT&T gave the all-clear, DownDetector, a site that monitors internet traffic for real-time information on wireless and broadband carriers, indicated that outage reports for AT&T were clustered most prominently around New York City, Philadelphia, Washington, D.C., Chicago, Miami, Dallas, Houston, San Francisco, Los Angeles and Seattle. But emergency authorities across the country confirmed 911 outages and publicized direct police, fire and ambulance dispatch telephone numbers that AT&T customers should call in emergencies.

meshrepublic shares a report: As per the latest announcement, Google AMP is rolling out for 1 billion people in Asia Pacific. Baidu and Sogou, which account for around 90% of the search market in China, made the announcement on the opening day of the first AMP developer conference which is taking place in New York. Also, Yahoo Japan will connect to AMP pages from their Search results. This will bring all the benefits of AMP to their 58m daily users in Japan. With the addition of these search giant's, means, a billion more people will be using Google Accelerated Mobile Pages. Per Google research, 70 percent of conventional mobile pages take seven to 10 seconds for visual page content to load. By comparison, AMP pages' load in less than one second, on average.