The Wassenaar Arrangement "is threatening to choke the cyber-security industry, according to a consortium of cyber-security companies...supported by Microsoft among others," reports SC Magazine. "'Because the regulation is so overly broad, it would require cyber responders and security researchers to obtain an export license prior to exchanging essential information to remediate a newly identified network vulnerability, even when that vulnerability is capable of being exploited for purposes of surveillance,' wrote Alan Cohn from the CRC on a Microsoft blog." Reporter Darren Pauli contacted Slashdot with this report: If the Wassenaar Arrangement carries through under its current state, it will force Microsoft to submit some 3800 applications for arms export every year, company assistant general counsel Cristin Goodwin says... The Wassenaar Arrangement caught all corners of the security industry off guard, but its full potentially-devastating effects will only be realised in coming months and years... Goodwin and [Symantec director of government affairs] Fletcher are calling on the industry to lobby their agencies to overhaul the dual-use software definition of the Arrangement ahead of a closed-door meeting in September where changes can be proposed.
itwbennett writes: Tinder users should be on the lookout for Tinder profiles asking them to get "verified" and then sending them a link to a site called "Tinder Safe Dating." The service asks for credit card information, saying this will verify the user's age. Once payment information has been captured, the user is then signed up for a free trial of porn, which will end up costing $118.76 per month unless the service is cancelled. In Tinder's safety guidelines, the company warns users to avoid messages that contain links to third-party websites or ask money for an address.
An anonymous reader writes: In celebration of Sonic the Hedgehog's 25th anniversary, Sega has announced two new Sonic games at Comic-Con in San Diego. The first game is called Sonic Mania and it's a 2D platformer that features visuals and gameplay reminiscent of the classic Genesis games. "It revamps zones and acts from Sonic the Hedgehog, Sonic the Hedgehog 2, Sonic CD, Sonic the Hedgehog 3, and Sonic and Knuckles, in addition to introducing new ones into the fold," writes Mat Paget from GameSpot. The second game has no title [besides "Project Sonic 2017"], but it does have a holiday 2017 release date for PS4, Xbox One, and Nintendo NX consoles. It reportedly features both classic and modern versions of Sonic, similar to 2011's Sonic Generations. Sega made two additional announcements. "Mobile game Sonic Dash has passed 200 million downloads and will receive a special in-game event that adds the Green Hill Zone and Classic Sonic as a playable character," reports GameSpot. "The event only lasts a week, but players can unlock both the classic level and character for use after the event." The second additional announcement is that the animated Sonic Boom series will be renewed for a second season. "Sonic Mania was born out of our fans' love of the classic Sonic 2D platform games,â said Sonic Team head Takashi Iizuka. "This type of collaboration is a first for Sega and we hope everyone will be both surprised and delighted by this title. Sonic Mania has been a passion project for the entire team and we look forward to sharing more details about it later this year. Having the game actually playable at the event itself tonight was testament to the dedication of the team behind it.â
An anonymous reader writes: Android Police is reporting that the Android software company Cyanogen Inc. will be laying off 20 percent of its workforce, and will transition from OS development to applications. The Android Police report says "roughly 30 out of the 136 people Cyanogen Inc. employs" are being cut, and that the layoffs "most heavily impact the open source arm" of the company. Android Police goes on to say that CyanogenMod development by Cyanogen Inc "may be eliminated entirely." Ars Technica notes the differences between each "Cyanogen" branding. Specifically, CyanogenMod is a "free, open source, OS heavily based on Android and compatible with hundreds of devices," while Cyanogen Inc. is "a for-profit company that aims to sell Cyanogen OS to OEMs." It appears that many of the core CyanogenMod developers will no longer be paid to work on CyanogenMod, though the community is still free to develop the software." Android Police details the firing process in their report: "Layoffs reportedly came after a long executive retreat for the company's leaders and were conducted with no advanced notice. Employees who were not let go were told not to show up to work today. Those who did show up were the unlucky ones: they had generic human resources meetings rather ominously added to their calendars last night. So, everyone who arrived at Cyanogen Inc. in Seattle this morning did so to lose their job (aside from those conducting the layoffs)." Early last year, Microsoft invested in a roughly $70 million round of equity financing for the then-startup Cyanogen Inc. Not too long before that, Google tried to acquire Cyanogen Inc., but the company turned down Google's offer to seek funding from investors and major tech companies at a valuation of around $1 billion. Cyanogen Inc. CEO Kirt McMaster once said the company was "attempting to take Android away from Google" and that it was "putting a bullet through Google's head."
chicksdaddy quotes a report from Security Ledger: The Automotive industry's main group for coordinating policy on information security and "cyber" threats has published a "Best Practices" document, giving individual automakers guidance on implementing cybersecurity in their vehicles for the first time. The Automotive Information Sharing and Analysis Center (ISAC) released the Automotive Cybersecurity Best Practices document on July 21st, saying the guidelines are for auto manufacturers as well as their suppliers. The Best Practices cover organizational and technical aspects of vehicle cybersecurity, including governance, risk management, security by design, threat detection, incident response, training, and collaboration with appropriate third parties. Taken together, they move the auto industry closer to standards pioneered decades ago and embraced by companies like Microsoft. They call on automakers to design software to be secure from the ground up and to take a sober look at risks to connected vehicles as part of the design process. Automakers are urged to test for and respond to software vulnerabilities, to develop methods for assessing and fixing security vulnerabilities, to create training programs, promote cybersecurity awareness for both information technology and vehicle specific risks, and educate employees about security awareness. The document comes after a Kelly Blue Book survey that found that 62% of drivers think "connected cars will be hacked," and that 42% say they "want cars to be more connected."
An anonymous reader writes from a report via Portland Press Herald: Volkswagen plans to fix the engines that were rigged to cheat on emissions tests by updating computer software and installing a larger catalytic converter to trap harmful nitrogen oxide, according to two dealers who were briefed by executives on the matter. The dealers said that limited details of the plan were made public last week at a regional dealer meeting in Newark, New Jersey, by Volkswagen of America Chief Operating Officer Mark McNabb. Portland Press Herald reports: "One dealer said the group was told that early testing of a small sample of repaired cars showed that the fix made 'no discernible difference' in the cars' mileage, horsepower or torque. Both dealers said they were told that more testing was needed and that the plans still had to be approved by the U.S. Environmental Protection Agency and the California Air Resources Board. One of the dealers said the so-called 'Generation 1' diesels -- about 325,000 VW Jettas, Golfs, Passats and Beetles from the 2009 to 2014 model years – would get new software and bigger catalytic converters in January or February of next year. About 90,000 'Generation 2' Passats already have sufficient emissions systems and would get only a software update early next year. Another 67,000 'Generation 3' 2015 models would get software in October and would get additional hardware a year later, the dealer said. Dealers also were told that they'd be reimbursed by VW for sales losses due to the scandal, and that new vehicles are coming." Last month, Volkswagen agreed to a record $14.7 billion settlement over the emissions cheating.
In March, Microsoft announced native support for cross-platform play between Xbox One and Windows 10. At the time, the company also added that this support could be extended to "other console and PC networks," something which led people to wonder if truly cross-platform gaming, on any platform, was next. When asked, Sony did say that it was open to the idea. "PlayStation has been supporting cross-platform play between PC on several software titles starting with Final Fantasy 11 on PS2 and PC back in 2002. We would be happy to have the conversation with any publishers or developers who are interested in cross-platform play." But since then, it appears that Sony has had a change of heart, which has resulted in developers asking the company for an update. Kotaku reports: In recent days, the developers behind Rocket League and The Witcher 3 have both called for Sony to break down the walls separating PlayStation Network and Xbox Live and allow cross-platform multiplayer. What's changed in the last few days are developers making an open call for Sony to make good on having that conversation with publishers and developers. In an interview with IGN, Psyonix president Jeremy Dunham explained how the Rocket League developer had already taken care of the technical side of things. "We're literally at the point where all we need is the go-ahead on the Sony side," said Dunham, "and we can, in less than a business day, turn it on and have it up and working no problem. It'd literally take a few hours to propagate throughout the whole world, so really we're just waiting on the permission to do so." In another statement to IGN, CD Projekt RED CEO Marcin Iwinski supported Psyonix.
CIStud writes: This $1.5 million "Star Trek" home theater is the envy of every geek on the planet. The theater is a reconstruction of the bridge of the Starship Enterprise from "Star Trek: Next Generation" and also includes $1 million worth of memorabilia from the classic sci-fi TV show. The home theater was created by financier Marc Bell with the help from Jay Miller of Boca Raton-based Acoustic Innovations. The two started working on the home cinema in 2002 -- before construction of Bell's house even began -- and it took them four years to complete. CEPro reports: "A D-Box controller manipulates hydraulics installed beneath the floorboards, meaning the entire room shakes when anything loud happens on screen. The room also includes a JBL Synthesis sound system, which at the time of installation was only used in commercial theaters. The audio system is currently being upgraded to Dolby Atmos specifications and Bell plans to install a 4K projector. A big movie fan, Bell has had over 3,500 films digitized, which are stored and streamed through a Kaleidescape server. He also spent approximately $35,000 on a Prima Cinema system, allowing him and his family to watch films at home the day they are released in commercial cinemas. A wraparound control center surrounds the 11 custom leather chairs in the theater, eight of which recline into beds, while the doors that open into the theater are exact replicas of the Turbolift doors as seen on the TV show. When someone steps on the circular "transporter," the doors open with that familiar "whoosh" sound." Bell apparently likes to spend his money on others too. He has rented a local movie theater for every Star Trek film released in the past 25 years and has taken all of his employees, friends and their children along on opening night. The Wall Street Journal posted a video on YouTube of the home theater.
An anonymous reader writes from a report via Engadget: Spotify is now opening its data to targeted advertising. "Everything from your age and gender, to the music genres you like to listen to will be available to various third-party companies," reports Engadget. "Spotify is calling it programmatic ad buying (Warning: source may be paywalled) and has already enabled it." The nearly 70 million people that currently use Spotify's free, ad-supported streaming service across 59 countries will be affected. The ads will be audio-based and stretch between 15-30 seconds in length. The advertisers who buy ad spots will be able to look for specific users by viewing their song picks to find the best matches for the products they're selling. Two weeks ago, China has released its first ever set of digital ad regulations that seems to all but ban ad blocking.
An anonymous reader writes: Following reports of Tesla's Autopilot mode being linked to a fatal crash, one Tesla Model S owner is reporting that the Autopilot mode has likely saved a pedestrian's life. The driver sent an email to Elon Musk explaining the situation, which was confirmed by Tesla through the vehicle logs: "I wanted to let you know that I think my car probably saved the life of a pedestrian last night, 7/16 around 10:30pm when I was driving in Washington DC with my daughter." The driver says him and his daughter were trying to locate where sirens were coming from "when a pedestrian stepped out in front of [their] Model S in the dark with dark clothes and in the middle of the road." The car slammed on its breaks before he could and "stopped just inches from hitting the pedestrian." The driver said, "I am not sure if I would have been able to stop before hitting him but I am so glad the car did." The Automatic Emergency Braking (AEB), which is standard on all Tesla vehicles and is part of Tesla's Autopilot mode, is what was at work here. It appears that many of the convenience features of Autopilot were not activated at the time of the incident. This is likely the first of many good press stories released by Elon Musk, who said he would consider releasing the stories of accidents prevented by the Autopilot mode with the authorization of the Tesla owners and by confirming the events through the vehicle logs. Elon Musk did also announce Tesla's 'Master Plan, Part Deux,' which includes new kinds of Tesla vehicles, expanded solar initiatives, updates on Tesla's 'autopilot' technology, and a ride-sharing program.
Google has finally removed App Launcher that it bundles with the Chrome browser for Windows and Mac with the release of Chrome v52. The Mac client, in addition, now embraces Google's Material Design approach, and comes with new icons and flatter and transparent interface. 9to5Mac documents more changes on Chrome for Mac and Windows: Besides a new flatter, sharper, and transparent design, Material is also a "huge engineering feat," especially for Chrome OS and Windows. Chrome is "now rendered fully programmatically including iconography, effectively removing the ~1200 png assets we were maintaining before," Google noted. "It also allows us to deliver a better rendering for a wide range of PPI configuration."
Cory Doctorow, writes for BoingBoing: The Electronic Frontier Foundation has just filed a lawsuit that challenges the Constitutionality of Section 1201 of the DMCA, the "Digital Rights Management" provision of the law, a notoriously overbroad law that bans activities that bypass or weaken copyright access-control systems, including reconfiguring software-enabled devices (making sure your IoT light-socket will accept third-party lightbulbs; tapping into diagnostic info in your car or tractor to allow an independent party to repair it) and reporting security vulnerabilities in these devices. EFF is representing two clients in its lawsuit: Andrew "bunnie" Huang, a legendary hardware hacker whose NeTV product lets users put overlays on DRM-restricted digital video signals; and Matthew Green, a heavyweight security researcher at Johns Hopkins who has an NSF grant to investigate medical record systems and whose research plans encompass the security of industrial firewalls and finance-industry "black boxes" used to manage the cryptographic security of billions of financial transactions every day. Both clients reflect the deep constitutional flaws in the DMCA, and both have standing to sue the US government to challenge DMCA 1201 because of its serious criminal provisions (5 years in prison and a $500K fine for a first offense).Doctorow has explained aspects of this for The Guardian today. You should also check Huang's blog post on this.
An anonymous reader writes from a report via Los Angeles Times: After teasing Part 2 of his "master product plan" for over a week, Elon Musk finally delivered. Los Angeles Times reports: "In a blog post published on the automaker's website, Musk introduced a multiyear, four-pronged strategy that includes new kinds of Tesla vehicles, expanded solar initiatives, updates on Tesla's 'autopilot' technology and a ride-sharing program. Commercial trucks, buses, a 'future compact SUV' and a 'new kind of pickup truck' will be added to Tesla's fleet of electric cars. A heavy-duty truck called the Tesla Semi and a shrunken bus that Musk called a 'high passenger density urban transport' vehicle are in early development stages 'and should be ready for unveiling next year,' he said. The smaller bus would be designed without a center aisle, with seats close to the entrances, and would be able to automatically pace themselves with traffic, the post said. The bus driver would become a 'fleet manager.' Musk also used the master plan to defend his bid for rooftop solar power provider SolarCity and said he aims to make Tesla's Autopilot robotic driver-assist system 10 times safer than cars that humans drive manually. Musk also plans to move Tesla into the popular ride-sharing business, not only with an Uber-like fleet but also with an app that lets Tesla owners rent out their vehicles when they're not using them, perhaps defraying a portion of their auto loans. This will happen, he said, 'when true self-driving is approved by regulators,' a turn of events that's at least several years away."
An anonymous reader quotes a report from HotHardware: The U.S. Navy has been accused of pirating 3D software after first testing a software package offered by Germany company Bitmanagement Software GmbH. The company is suing the United States of America for nearly $600 million. HotHardware reports: "According to the court filing, Bitmanagement licensed its BS Contact Geo software for use on 38 Navy computers from 2011 to 2012. This limited rollout was 'for the purposes of testing, trial runs, and integration into Navy systems.' While this test period was underway, the Navy reportedly began negotiating to license the software for use on thousands of additional computers. However, even as the negotiations were ongoing, the Navy decided to go ahead and initiate its full-scale rollout without actually paying for the software. In total, the initial 38 computers allegedly swelled to 104,922 computers by October 2013. As of today, BS Contact GEO is claimed to be installed on 558,466 Navy computers, although 'likely this unauthorized copying has taken place on an even larger scale' according to the filing. As if the unauthorized installation of software onto hundreds of thousands of computers wasn't enough, Bitmanagement is alleging that the Navy during 2014 began disabling the Flexwrap software that is tasked with tracking the use of BS Contact Geo and helping to prevent it from being duplicated. When this software piracy was taking place, the retail price of a single BS Contact Geo license was $1067.76. With nearly 600,000 computers now in play, Bitmanagement is seeking a whopping $596,308,103 in damages. The lawsuit, which alleges willful copyright infringement was filed on July 15th."
Gurb, 75 kilometers north of Barcelona, is a quiet farming community of 2,500. It has suddenly become a popular place, thanks to being the birthplace of Guifi.net, one of the world's "most important experiments in telecommunications." It was built by an engineer who got tired of waiting for Telefonica, the Spanish telecom giant, to provide internet access to the people of his community. At first he wanted an internet access for himself, but it soon became clear that he also wanted to help his neighbors. Guifi has grown from a single wifi node in 2004, to 30,000 working nodes today, including some fiber connections, with thousands more in the planning stages. An article on Backchannel today documents the tale of Guifi. From the article: The project is a testament to tireless efforts -- in governance, not just in adding hardware and software -- by Ramon Roca (the engineer who started it) and his colleagues. They've been unwavering in their commitment to open access, community control, network neutrality, and sustainability. In 2004, he bought some Linksys WiFI hackable routers with a mission to get himself and his neighbors connected to the Internet. This is how he did it: Roca turned on a router with a directional antenna he'd installed at the top of a tall building near the local government headquarters, the only place in town with Internet access -- a DSL line Telefonica had run to municipal governments throughout the region. The antenna was aimed, line of sight, toward Roca's home about six kilometers away. Soon, neighbors started asking for connections, and neighbors of neighbors, and so on. Beyond the cost of the router, access was free. Some nodes were turned into "supernodes" -- banks of routers in certain locations, or dedicated gear that accomplishes the same thing -- that could handle much more traffic in more robust ways. The network connected to high-capacity fiber optic lines, to handle the growing demand, and later connected to a major "peering" connection to the global Internet backbone that provides massive bandwidth. Guifi grew, and grew, and grew. But soon it became clear that connecting more and more nodes wasn't enough, so he created a not-for-profit entity, the Guifi.net Foundation. The foundation, thanks to its cause and a cheerful community, has received over a million Euros to date -- from various sources including several levels of government. But as the article notes, a million Euros is a drop in the bucket next to the lavish subsidies and favors that state-approved monopolies such as Telefonica have enjoyed for decades. The article adds: The Guifi Foundation isn't the paid provider of most Internet service to end-user (home and business) customers. That role falls to more than 20 for-profit internet service providers that operate on the overall platform. The ISPs share infrastructure costs according to how much demand they put on the overall system. They pay fees to the foundation for its services -- a key source of funding for the overall project. Then they offer various kinds of services to end users, such as installing connections -- lately they've been install fiber-optic access in some communities -- managing traffic flows, offering email, handling customer and technical support, and so on. The prices these ISPs charge are, to this American (Editor's note: the author is referring to himself) who's accustomed to broadband-cartel greed, staggeringly inexpensive: 18 to 35 Euros (currently about $26-$37) a month for gigabit fiber, and much less for slower WiFi. Community ownership and ISP competition does wonders for affordability. Contrast this with the U.S. broadband system, where competitive dial-up phone access -- phone companies were obliged to let all ISPs use the lines as the early commercial Internet flourished in the 1990s -- gave way to a cartel of DSL and cable providers. Except in a few places where there's actual competition, we pay way more for much less.Read the story in its entirety here.
An anonymous reader shares a report on Android Authority: In a bid to increase the security of the Android operating system, Google has introduced a new check for malware as part of the boot process in all Android devices. Until Marshmallow, Android devices ran the check as part of the boot process and in Marshmallow, the phone would warn you that it was compromised but would continue to let the phone boot up. In Nougat however, Google is taking this security check to the next level. On the Android Developer's blog, the company explains that Android Nougat strictly enforces that boot check, giving you far more than a warning. The good news is that if your phone is infected with types of malware, it will refuse to boot or will boot in a limited capacity mode (presumably akin to safe mode). The bad news however, is that some non-malicious corruption of data could also mean that your phone will refuse to boot up. Considering that corrupted data may not always be malicious -- even a single-byte error could cause your phone to refuse to boot up -- Android Nougat brings additional code to guard against corruption.
Dan Goodin, reporting for Ars Technica: A newly disclosed vulnerability could allow attackers to seize control of mobile phones and key parts of the world's telecommunications infrastructure and make it possible to eavesdrop or disrupt entire networks, security experts warned Tuesday. The bug resides in a code library used in a wide range of telecommunication products, including radios in cell towers, routers, and switches, as well as the baseband chips in individual phones. Although exploiting the heap overflow vulnerability would require great skill and resources, attackers who managed to succeed would have the ability to execute malicious code on virtually all of those devices. The code library was developed by Pennsylvania-based Objective Systems and is used to implement a telephony standard known as ASN.1, short for Abstract Syntax Notation One."The vulnerability could be triggered remotely without any authentication in scenarios where the vulnerable code receives and processes ASN.1 encoded data from untrusted sources," researchers who discovered the flaw wrote in an advisory published Monday evening. "These may include communications between mobile devices and telecommunication network infrastructure nodes, communications between nodes in a carrier's network or across carrier boundaries, or communication between mutually untrusted endpoints in a data network."
An anonymous reader writes: Google is looking at artificial intelligence technology to help it identify opportunities for data center energy savings. The company is approaching the end of an initial 2-year trial of the machine learning tool, and hopes to see it applied across the entire data center portfolio by the end of 2016. The new AI software, which is being developed at Google's DeepMind, has already helped to cut energy use for cooling by 40%, and to improve overall data center efficiency by 15%. DeepMind said that the program has been an enormous help in analyzing data center efficiency, from looking at energy used for cooling and air temperature to pressure and humidity. The team now hopes to expand the system to understand other infrastructure challenges, in the data center and beyond, including improving power plant conversion, reducing semiconductor manufacturing energy, water usage, and helping manufacturers increase throughput.
Speaking of instant messaging and VoIP call apps, Facebook announced on Wednesday that Facebook Messenger has hit the 1 billion monthly active users milestone. The company adds that Messenger is just more than a text messenger -- in addition to the ambitious bot gamble, a digital assistant, and the ability to send money to friends -- Messenger now accounts for 10 percent of all VoIP calls made globally. Messenger's tremendous growth also underscores Facebook's mammoth capture of the world. The social network is used by more than 1.6 billion people actively every month. WhatsApp, the chat client it owns, is also used by more than one billion people.
TechCrunch has a brilliant story on the growth of Messenger from the scratch.
TechCrunch has a brilliant story on the growth of Messenger from the scratch.
An anonymous reader writes from a report via Fast Company: The average day for a doctor consists of hours of data entry. Since the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 took effect in January of 2011, which incentivized providers to adopt electronic medical records, hospitals have spent millions, sometimes billions, on computer systems that weren't designed to help providers treat patients to begin with. The technology was supposed to reduce inefficiencies, make doctors' lives easier, and improve patient outcomes, but in fact it has done the opposite. "Frankly, the main incentive is to document exhaustively so you cover your ass and get paid," says Jay Parkinson, a New York-based pediatrician and the founder of health-tech startup Sherpa. The systems are flooding doctors with important and utterly meaningless alerts. One of the biggest problems is that the systems have made it very difficult for doctors to share information between one another, which is what the systems were intended to do all along. Why? "Because it doesn't help the bottom line of the biggest medical record vendors or the hospitals to make it easy for patients to change doctors," reports Fast Company. Since it often takes weeks, or months for data to be sent to and from facilities, that, according to Consumers Union staff attorney Dana Mendelsohn, increases the chances of doctors ordering duplicate tests. All of this reduces the time doctors have with their patients. A recent study shows that the average time doctors spend with their patients is about eight minutes and 12% of their time, down from 20% of their time in the late 1980s. "This group is 15 times more likely to burn out than professionals in any other line of work," reports Fast Company. "And much of the research on the topic concludes that 'documentation overload' is a key factor." To help alleviate this pain, medical groups are working to reduce the data-entry burden for doctors, so they can in turn spend more of their time with patients.