Businesses

Uber Shareholder Group Wants Benchmark Off Board (axios.com) 31

Dan Primack, reporting for Axios: A group of Uber investors has asked that venture capital firm Benchmark step down from the company's board of directors, Axios has learned. It also wants Benchmark to divest enough shares so as to no longer have board appointment rights. The move comes one day after Benchmark sued former Uber CEO Travis Kalanick for fraud, in an attempt to have him removed from the board. From the letter: Mr. Kalanick's resignation, along with other concessions, on a few hours' notice and within weeks of a personal tragedy, under threat of public scandal. Even less so your escalation of this fratricidal course -- notwithstanding Mr. Kalanick's resignation -- through your recent lawsuit, which we fear will cost the company public goodwill, interfere with fundraising and impede the critical search for a new, world-class Chief Executive Officer. Benchmark has used false allegations from lawsuits like Waymo as a matter of fact and this and many actions has crossed the fiduciary line. Benchmark's investment of $27M is worth $8.4 billion today and you are suing the founder, the company and the employees who worked so hard to create such unprecedented value. We ask you to please consider the lives of these employees and allow them to continue to grow this company in peace and make it thrive. These actions do the opposite.
The Courts

Developers File Antitrust Complaint Against Apple in China (reuters.com) 27

A Chinese law firm has filed a complaint against Apple on behalf of 28 local developers alleging the firm breached antitrust regulations. From a report: The complaint, lodged by Beijing-based Dare & Sure Law Firm, accuses Apple of charging excessive fees and removing apps from its local store without proper explanation, Lin Wei, an attorney at the firm told Reuters on Thursday. "During its localization process Apple has run into several antitrust issues ... after an initial investigation we consulted a number of enterprises and got a very strong response," said Lin. The law firm invited developers to join the complaint in April and on Tuesday filed it to China's State Administration for Industry and Commerce and the National Development and Reform Commission, which oversees antitrust matters in the country.
United States

Hearing Loss of US Diplomats In Cuba Is Blamed On Covert Device (bostonglobe.com) 224

bsharma shares a report from The Boston Globe: The two-year-old U.S. diplomatic relationship with Cuba was roiled Wednesday by what U.S. officials say was a string of bizarre incidents that left a group of American diplomats in Havana with severe hearing loss attributed to a covert sonic device. In the fall of 2016, a series of U.S. diplomats began suffering unexplained losses of hearing, according to officials with knowledge of the investigation into the case. Several of the diplomats were recent arrivals at the embassy, which reopened in 2015 as part of former President Barack Obama's reestablishment of diplomatic relations with Cuba. Some of the diplomats' symptoms were so severe that they were forced to cancel their tours early and return to the United States, officials said. After months of investigation, U.S. officials concluded that the diplomats had been exposed to an advanced device that operated outside the range of audible sound and had been deployed either inside or outside their residences. It was not immediately clear if the device was a weapon used in a deliberate attack, or had some other purpose.
Businesses

Why Amazon's UK Tax Bill Has Dropped 50% (bbc.com) 139

An anonymous reader quotes a report from BBC: Amazon has seen a 50% fall in the amount of UK corporation tax it paid last year, while recording a 54% increase in turnover for the same period. This snippet of news raised eyebrows this morning when it was revealed. So what's going on? Taxes are paid on profit not turnover. It paid lower taxes because it made lower profits. Last year it made 48 million British Pounds (BP) or ~$62 million U.S. dollars (USD) in profit -- this year it made only 24 million BP or ~$31 million USD so it paid 7 million BP (~$9 million USD) tax compared to 15 million BP (~$19 million USD). What is more interesting is WHY its profits were lower. Part of the reason is the way it pays its staff. Amazon UK Services is the division which runs the fulfillment centers which process, package and post deliveries to UK customers. It employs about 16,000 of the 24,000 people Amazon have in the UK. Each full-time employee gets given at least 1,000 BP (~$1,297 USD) worth of shares every year. They can't cash them in immediately -- they have to hold them for a period of between one and three years.

If Amazon's share price goes up in that time, those shares are worth more. Amazon's share price has indeed gone up over the past couple of years -- a lot. In fact, in the past two years the share price has nearly doubled, so 1,000 BP (~$1,297 USD) in shares granted in August 2015 are now worth nearly 2,000 BP (~$2,595 USD). Staff compensation goes up, compensation is an expense, expenses can be deducted from revenue -- so profits are lower and so are the taxes on those profits.

United States

Wisconsin Won't Break Even On Foxconn Plant Deal For Over Two Decades (theverge.com) 309

Last month, Foxconn announced plans to build a $10 billion factory in southeastern Wisconsin in exchange for $3 billion in tax breaks. While the factory was heralded as a big win for President Trump and Governor Scott Walker, a report issued last week says the plan is looking less and less like a good deal for the state. In the report, Wisconsin's Legislative Fiscal Bureau said that the state wouldn't break even on its investment until 2043 -- and that's in an absolute best-case scenario. The Verge reports: How many workers Foxconn actually hires, and where Foxconn hires them from, would have a significant impact on when the state's investment pays off, the report says. The current analysis assumes that "all of the construction-period and ongoing jobs associated with the project would be filled by Wisconsin residents." But the report says it's likely that some positions would go to Illinois residents, because the factory would be located so close to the border. That would lower tax revenue and delay when the state breaks even. And that's still assuming that Foxconn actually creates the 13,000 jobs it claimed it might create, at the average wage -- just shy of $54,000 -- it promised to create them at. In fact, the plant is only expected to start with 3,000 jobs; the 13,000 figure is the maximum potential positions it could eventually offer. If the factory offers closer to 3,000 positions, the report notes, "the breakeven point would be well past 2044-45."
China

China Working On 'Repression Network' Which Lets Cameras Identify Cars With Unprecedented Accuracy (thesun.co.uk) 80

schwit1 shares a report from The Sun: Researchers at a Chinese university have revealed the results of an investigation aimed at creating a "repression network" which can identify cars from "customized paintings, decorations or even scratches" rather than by scanning its number plate. A team from Peking University said the technology they have developed to perform this task could also be used to recognize the faces of human beings. Essentially, it works by learning from what it sees, allowing it to differentiate between cars (or humans) by spotting small differences between them. "The growing explosion in the use of surveillance cameras in public security highlights the importance of vehicle search from large-scale image databases," the researcher wrote. "Precise vehicle search, aiming at finding out all instances for a given query vehicle image, is a challenging task as different vehicles will look very similar to each other if they share same visual attributes." They added: "We can extend our framework [software] into wider applications like face and person retrieval [identification] as well."
Security

Password Power Rankings: a Look At the Practices of 40+ Popular Websites (helpnetsecurity.com) 127

Orome1 shares a report from Help Net Security: Nothing should be more important for these sites and apps than the security of the users who keep them in business. Unfortunately, Dashlane found that that 46% of consumer sites, including Dropbox, Netflix, and Pandora, and 36% of enterprise sites, including DocuSign and Amazon Web Services, failed to implement the most basic password security requirements. The most popular sites provide the least guidance when it comes to secure password policies. Of the 17 consumer sites that failed Dashlane's tests, eight are entertainment/social media sites, and five are e-commerce. Most troubling? Researchers created passwords using nothing but the lowercase letter "a" on Amazon, Google, Instagram, LinkedIn, Venmo, and Dropbox, among others. GoDaddy emerged as the only consumer website with a perfect score, while enterprise sites Stripe and QuickBooks also garnered a perfect score of 5/5. Here's a screenshot of how each consumer/enterprise website performed.
Security

Scientists Create DNA-Based Exploit of a Computer System (technologyreview.com) 43

Archeron writes: It seems that scientists at University of Washington in Seattle have managed to encode malware into genomic data, allowing them to gain full access to a computer being used to analyze the data. While this may be a highly contrived attack scenario, it does ask the question whether we pay sufficient attention to data-driven exploits, especially where the data is instrument-derived. What other systems could be vulnerable to a tampered raw data source? Perhaps audio and RF analysis systems? MIT Technology Review reports: "To carry out the hack, researchers led by Tadayoshi Kohno and Luis Ceze encoded malicious software in a short stretch of DNA they purchased online. They then used it to gain 'full control' over a computer that tried to process the genetic data after it was read by a DNA sequencing machine. The researchers warn that hackers could one day use faked blood or spit samples to gain access to university computers, steal information from police forensics labs, or infect genome files shared by scientists. To make the malware, the team translated a simple computer command into a short stretch of 176 DNA letters, denoted as A, G, C, and T. After ordering copies of the DNA from a vendor for $89, they fed the strands to a sequencing machine, which read off the gene letters, storing them as binary digits, 0s and 1s. Yaniv Erlich, a geneticist and programmer who is chief scientific officer of MyHertige.com, a genealogy website, says the attack took advantage of a spill-over effect, when data that exceeds a storage buffer can be interpreted as a computer command. In this case, the command contacted a server controlled by Kohno's team, from which they took control of a computer in their lab they were using to analyze the DNA file." You can read their paper here.
China

China's VPN Developers Face Crackdown (bbc.com) 55

China recently launched a crackdown on the use of software which allows users to get around its heavy internet censorship. Now as the BBC reports, developers are facing growing pressure. From the report: The three plain-clothes policemen tracked him down using a web address. They came to his house and demanded to see his computer. They told him to take down the app he was selling on Apple's App Store, and filmed it as it was happening. His crime was to develop and sell a piece of software that allows people to get round the tough restrictions that limit access to the internet in China. A virtual private network (VPN) uses servers abroad to provide a secure link to the internet. It's essential in China if you want to access parts of the outside world like Facebook, Gmail or YouTube, all of which are blocked on the mainland. "They insisted they needed to see my computer," the software developer, who didn't want us to use his name, told us during a phone interview. "I said this is my private stuff. How can you search as you please?" No warrant was produced and when he asked them what law he had violated they didn't say. Initially he refused to co-operate but, fearing detention, he relented. Then they told him what they wanted: "If you take the app off the shelf from Apple's App Store then this will be all over." 'Sorry, I can't help you with that'. Up until a few months ago his was a legal business. Then the government changed the regulations. VPN sellers need a licence now.
Crime

UK Wants To Criminalize Re-Identification of Anonymized User Data (bleepingcomputer.com) 120

An anonymous reader writes: European countries are currently implementing new data protection laws. Recently, despite leaving the European Union, the United Kingdom has expressed intent to implement the law called General Data Protection Regulation. As an extension, the UK wants to to ban re-identification (with a penalty of unlimited fines), the method of reversing anonymization, or pointing out the weakness of the used anonymisation process. One famous example was research re-identifying Netflix users from published datasets. By banning re-identification, UK follows the lead of Australia which is considering enacting similarly controversial law that can lead to making privacy research difficult or impossible. Privacy researchers express concerns about the effectiveness of the law that could even complicate security, a view shared by privacy advocates.
Movies

Disney Ditching Netflix Keeps Piracy Relevant (torrentfreak.com) 263

Yesterday, Disney announced its intent to pull its movies from Netflix and start its own streaming service. This upset many users across the web as the whole appeal of the streaming model becomes diluted when there are too many "Netflixes." TorrentFreak argues that "while Disney expects to profit from the strategy, more fragmentation is not ideal for the public" and that the move "keeps piracy relevant." From the report: Although Disney's decision may be good for Disney, a lot of Netflix users are not going to be happy. It likely means that they need another streaming platform subscription to get what they want, which isn't a very positive prospect. In piracy discussions, Hollywood insiders often stress that people have no reason to pirate, as pretty much all titles are available online legally. What they don't mention, however, is that users need access to a few dozen paid services, to access them all. In a way, this fragmentation is keeping the pirate ecosystems intact. While legal streaming services work just fine, having dozens of subscriptions is expensive, and not very practical. Especially not compared to pirate streaming sites, where everything can be accessed on the same site.
Privacy

Disney Sued For Allegedly Spying On Children Through 42 Gaming Apps (washingtonpost.com) 40

schwit1 shares a report from The Washington Post (Warning: may be paywalled; alternative source): The Walt Disney Co. secretly collects personal information on some of their youngest customers and shares that data illegally with advertisers without parental consent, according to a federal lawsuit filed late last week in California. The class-action suit targets Disney and three other software companies -- Upsight, Unity and Kochava -- alleging that the mobile apps they built together violate the law by gathering insights about app users across the Internet, including those under the age of 13, in ways that facilitate "commercial exploitation."

The plaintiffs argue that Disney and its partners violated COPPA, the Children's Online Privacy Protection Act, a federal law designed to protect the privacy of children on the Web. The lawsuit, filed in U.S. District Court for the District of Northern California, seeks an injunction barring the companies from collecting and disclosing the data without parental consent, as well as punitive damages and legal fees. The lawsuit alleges that Disney allowed the software companies to embed trackers in apps such as "Disney Princess Palace Pets" and "Where's My Water? 2." Once installed, tracking software can then "exfiltrate that information off the smart device for advertising and other commercial purposes," according to the suit. Disney should not be using those software development companies, said Jeffrey Chester, the executive director of the Center for Digital Democracy. "These are heavy-duty technologies, industrial-strength data and analytic companies whose role is to track and monetize individuals," Chester said. "These should not be in little children's apps."
Disney responded to the lawsuit, saying: "Disney has a robust COPPA compliance program, and we maintain strict data collection and use policies for Disney apps created for children and families. The complaint is based on a fundamental misunderstanding of COPPA principles, and we look forward to defending this action in court."
The Internet

Maybe Americans Don't Need Fast Home Internet Service, FCC Suggests (arstechnica.com) 376

An anonymous reader shares an excerpt from a report via Ars Technica: Americans might not need a fast home Internet connection, the Federal Communications Commission suggests in a new document. Instead, mobile Internet via a smartphone might be all people need. The suggestion comes in the FCC's annual inquiry into broadband availability. Section 706 of the Telecommunications Act requires the FCC to determine whether broadband (or more formally, "advanced telecommunications capability") is being deployed to all Americans in a reasonable and timely fashion. If the FCC finds that broadband isn't being deployed quickly enough to everyone, it is required by law to "take immediate action to accelerate deployment of such capability by removing barriers to infrastructure investment and by promoting competition in the telecommunications market."

The FCC found during George W. Bush's presidency that fast Internet service was being deployed in a reasonable and timely fashion. But during the Obama administration, the FCC determined repeatedly that broadband isn't reaching Americans fast enough, pointing in particular to lagging deployment in rural areas. These analyses did not consider mobile broadband to be a full replacement for a home (or "fixed") Internet connection via cable, fiber, or some other technology. Last year, the FCC updated its analysis with a conclusion that Americans need home and mobile access. Because home Internet connections and smartphones have different capabilities and limitations, Americans should have access to both instead of just one or the other, the FCC concluded under then-Chairman Tom Wheeler.
The report goes on to add that with Republican Ajit Pai as chairman of the FCC, "the FCC seems poised to change that policy by declaring that mobile broadband with speeds of 10Mbps downstream and 1Mbps upstream is all one needs." Furthermore, "In doing so, the FCC could conclude that broadband is already being deployed to all Americans in a reasonable and timely fashion, and thus the organization would take fewer steps to promote deployment and competition."
Privacy

Prison Time For Manager Who Hacked Ex-Employer's FTP Server, Email Account (bleepingcomputer.com) 37

Catalin Cimpanu, writing for BleepingComputer: Jason Needham, 45, of Arlington, Tennessee was sentenced last week to 18 months in prison and two years of supervised release for hacking his former company's FTP server and the email account of one of his former colleagues. Needham did all the hacking after he left his former employer, Allen & Hoshall (A&H), a design and engineering firm for which he worked until 2013. Needham left to create his own company named HNA Engineering together with a business partner. HNA is also a design and engineering firm. According to court documents obtained by Bleeping Computer, between May 2014 and March 2016, Needham hacked into the email account of one of his former co-workers. From this account, the FBI says Needham took sensitive business information, company fee structures, marketing plans, project proposals, and lists of credentials for A&H's FTP server. A&H rotated its FTP credentials every six months, but Needham acquired new logins from his former colleague's email account.
Privacy

In Less Than Five Years, 45 Billion Cameras Will Be Watching Us (fastcompany.com) 85

An anonymous reader writes: It was a big deal for many when Apple added a second camera to the back of the iPhone 7 Plus last year. In five years, that will be considered quaint. By then, smartphones could sport 13 cameras, allowing them to capture 360-degree, 3D video; create complex augmented reality images onscreen; and mimic with digital processing the optical zoom and aperture effects of an SLR. That's one of the far-out, but near-term, predictions in a new study by LDV Capital, a VC firm that invests in visual technologies such as computer vision. It polled experts at its own portfolio companies and beyond to predict that by 2022, the total number of cameras in the world will reach about 45 billion. Jaw-dropping as that figure is, it doesn't seem so crazy when you realize that today there are already about 14 trillion cameras in the world, according to data from research firms such as Gartner. Next to phones, other camera-hungry products will include robots (including autonomous cars), security cameras, and smart home products like the new Amazon Echo Show, according to LDV. UPDATE: Story has been updated to reflect the updates made to The Fast Company article. The outreach figures are 45 billion cameras by 2022, not trillion.
Canada

An Image Site Is Victimizing Countless Women and Little Can Be Done (vice.com) 271

Allison Tierney, reporting for Vice: An international anonymous photo-sharing site where people post explicit photos without consent is playing host to the victimization of countless women. In the Canadian section of Anon-IB alone, there are currently over a hundred threads -- often organized by region, city, or calling out for nudes of a specific woman to be posted publicly. "Hamilton hoes," "Nanaimo Thread!," and "Markham wins" are some titles of Canadian threads. (Language used on the site equates the word "win" with sexually explicit photos of women.) Many major Canadian cities are represented on the site, and some threads even focus on women from specific schools. While it's a crime to share an "intimate image" of a person without their consent in Canada, sites that host this kind of activity don't necessarily fall under this. "[In terms of organizing content], is it criminal? No. Is it illegal? No," Toronto-based lawyer Jordan Donich, of Donich Law, told VICE. "It's a newer version of an older problem -- sites like these have been around for a long time." Anon-IB is not a new site; its current domain was registered to a "private person" in 2015 and ends in an ".ru." However, the site was initially up several years before 2015, going offline briefly in 2014.
Google

Google May Be In Trouble For Firing James Damore (inc.com) 1016

Google fired engineer James Damore after he wrote a 10-page document about "Google's Ideological Echo Chamber." taustin writes from a report via Inc. about the potential legal trouble the company may face from firing the "anti-diversity" engineer: Whether Demore is right or wrong, whether one agrees with him or not, Google may have legal trouble for firing him. Employees are protected by federal law when they discuss working conditions with other employees (and this was an internal memo). His memo could be considered whistleblowing, which is also protected (and it is very clear that he was fired as retribution). And, in California, political opinions are protected in the work place as well. Just because one side is wrong doesn't mean the other side is right.
Earth

Leaked Federal Climate Report Finds Link Between Climate Change, Human Activity (washingtonpost.com) 450

An anonymous reader shares a report from The New York Times (Warning: source may be paywalled; alternative source): The average temperature in the United States has risen rapidly and drastically since 1980, and recent decades have been the warmest of the past 1,500 years, according to a sweeping federal climate change report awaiting approval by the Trump administration. The draft report by scientists from 13 federal agencies, which has not yet been made public, concludes that Americans are feeling the effects of climate change right now. It directly contradicts claims by President Trump and members of his cabinet who say that the human contribution to climate change is uncertain, and that the ability to predict the effects is limited. "Evidence for a changing climate abounds, from the top of the atmosphere to the depths of the oceans," a draft of the report states. A copy of it was obtained by The New York Times. The authors note that thousands of studies, conducted by tens of thousands of scientists, have documented climate changes on land and in the air. "Many lines of evidence demonstrate that human activities, especially emissions of greenhouse (heat-trapping) gases, are primarily responsible for recent observed climate change," they wrote. The report was completed this year and is a special science section of the National Climate Assessment, which is congressionally mandated every four years. The National Academy of Sciences has signed off on the draft report, and the authors are awaiting permission from the Trump administration to release it. "The report concludes that even if humans immediately stopped emitting greenhouse gases into the atmosphere, the world would still feel at least an additional 0.50 degrees Fahrenheit (0.30 degrees Celsius) of warming over this century compared with today," reports The New York Times. "The projected actual rise, scientists say, will be as much as 2 degrees Celsius." Given the Trump administration's stance on climate change, some of the scientists who worked on the report are concerned that the report will be suppressed.
Security

The Man Who Wrote the Password Rules Regrets Doing So (gizmodo.com) 239

New submitter cdreimer writes: According to a report in The Wall Street Journal (Warning: source may be paywalled, alternative source), the author behind the U.S. government's password requirements regrets wasting our time on changing passwords so often. From the report: "The man who wrote the book on password management has a confession to make: He blew it. Back in 2003, as a midlevel manager at the National Institute of Standards and Technology, Bill Burr was the author of 'NIST Special Publication 800-63. Appendix A.' The 8-page primer advised people to protect their accounts by inventing awkward new words rife with obscure characters, capital letters and numbers -- and to change them regularly. The document became a sort of Hammurabi Code of passwords, the go-to guide for federal agencies, universities and large companies looking for a set of password-setting rules to follow. The problem is the advice ended up largely incorrect, Mr. Burr says. Change your password every 90 days? Most people make minor changes that are easy to guess, he laments. Changing Pa55word!1 to Pa55word!2 doesn't keep the hackers at bay. Also off the mark: demanding a letter, number, uppercase letter and special character such as an exclamation point or question mark -- a finger-twisting requirement." "Much of what I did I now regret," Bill Burr told The Wall Street Journal. "In the end, [the list of guidelines] was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree."
The Military

North Korea Now Making Missile-Ready Nuclear Weapons, US Analysts Say (washingtonpost.com) 338

schwit1 shares a report from The Washington Post: North Korea has successfully produced a miniaturized nuclear warhead that can fit inside its missiles, crossing a key threshold on the path to becoming a full-fledged nuclear power, U.S. intelligence officials have concluded in a confidential assessment. The new analysis completed last month by the Defense Intelligence Agency comes on the heels of another intelligence assessment that sharply raises the official estimate for the total number of bombs in the communist country's atomic arsenal. The U.S. calculated last month that up to 60 nuclear weapons are now controlled by North Korean leader Kim Jong Un. Some independent experts believe the number of bombs is much smaller. "The IC [intelligence community] assesses North Korea has produced nuclear weapons for ballistic missile delivery, to include delivery by ICBM-class missiles," the assessment states, in an excerpt read to The Washington Post. "It is not yet known whether the reclusive regime has successfully tested the smaller design, although North Korea officially last year claimed to have done so," reports The Washington Post.

Slashdot Top Deals