The Internet

Mozilla To Document Cross-Browser Web Dev Standards with Google, Microsoft, Samsung, and W3C (venturebeat.com) 42

Mozilla has announced deeper partnerships with Microsoft, Google, Samsung, and web standards body W3C to create cross-browser documentation on MDN Web Docs, a web development documentation portal created by Mozilla. From a report: MDN Web Docs first came to fruition in 2005, and it has since been known under various names, including the Mozilla Developer Network and Mozilla Developer Center. Today, MDN Web Docs serves as a community and library of sorts covering all things related to web technologies and standards, including JavaScript, HTML, CSS, open web app development, Firefox add-on development, and more. The web constitutes multiple players from across the technology spectrum and, of course, multiple browsers, including Microsoft's Edge, Google's Chrome, Mozilla's Firefox, and the Samsung Internet Browser. To avoid fragmentation and ensure end-users have a (fairly) consistent browsing experience, it helps if all the players involved adhere to a similar set of standards.
Security

The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) 314

Catalin Cimpanu, reporting for BleepingComputer: Ever since mid-September, when Coinhive launched and the whole cryptojacking frenzy started, the Internet has gone crazy with in-browser cryptocurrency miners, and new sites that offer similar services are popping up on a weekly basis. While one might argue that mining Monero in a site's background is an acceptable alternative to viewing intrusive ads, almost none of these services that have recently appeared provide a way to let users know what's happening, let alone a way to stop mining behavior. In other words, most are behaving like malware, intruding on users' computers and using resources without permission. [...] Bleeping Computer spotted two new services named MineMyTraffic and JSEcoin, while security researcher Troy Mursch also spotted Coin Have and PPoi, a Coinhive clone for Chinese users. On top of this, just last night, Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios.
The Internet

Russian Troll Factory Paid US Activists To Fund Protests During Election (theguardian.com) 612

bestweasel writes: The Guardian reports on another story about Russian meddling, but interestingly, this one comes from a respected Russian news source, the RBC. From the report: "Russian trolls posing as Americans made payments to genuine activists in the U.S. to help fund protest movements on socially divisive issues. On Tuesday, the newspaper RBC published a major investigation into the work of a so-called Russian 'troll factory' since 2015, including during the period of the U.S. election campaign, disclosures that are likely to put further spotlight on alleged Russian meddling in the election. RBC said it had identified 118 accounts or groups in Facebook, Instagram and Twitter that were linked to the troll factory, all of which had been blocked in August and September this year as part of the U.S. investigation into Russian electoral meddling. Perhaps the most alarming element of the article was the claim that employees of the troll factory had contacted about 100 real U.S.-based activists to help with the organization of protests and events. RBC claimed the activists were contacted by Facebook group administrators hiding their Russian origin and were offered financial help to pay for transport or printing costs. About $80,000 was spent during a two-year period, according to the report."
Piracy

Netflix, Amazon, Movie Studios Sue Over TickBox Streaming Device (arstechnica.com) 127

Movies studios, Netflix, and Amazon have teamed up to file a lawsuit against a streaming media player called TickBox TV. The device in question runs Kodi on top of Android 6.0, and searches the internet for streams that it can make available to users without actually hosting any of the content itself. An anonymous reader quotes a report from Ars Technica: The complaint (PDF), filed Friday, says the TickBox devices are nothing more than "tool[s] for mass infringement," which operate by grabbing pirated video streams from the Internet. The lawsuit was filed by Amazon and Netflix Studios, along with six big movie studios that make up the Motion Picture Association of America: Universal, Columbia, Disney, Paramount, 20th Century Fox, and Warner Bros.

"What TickBox actually sells is nothing less than illegal access to Plaintiffs' copyrighted content," write the plaintiffs' lawyers. "TickBox TV uses software to link TickBox's customers to infringing content on the Internet. When those customers use TickBox TV as Defendant intends and instructs, they have nearly instantaneous access to multiple sources that stream Plaintiffs' Copyrighted Works without authorization." The device's marketing materials let users know the box is meant to replace paid-for content, with "a wink and a nod," by predicting that prospective customers who currently pay for Amazon Video, Netflix, or Hulu will find that "you no longer need those subscriptions." The lawsuit shows that Amazon and Netflix, two Internet companies that are relatively new to the entertainment business, are more than willing to join together with movie studios to go after businesses that grab their content.

Google

Toronto To Be Home To Google Parent's Biggest Smart City Project Yet (techcrunch.com) 53

Sidewalk Labs, the smart city subsidiary of Alphabet (the parent company of Google) with the stated goal of "reimagining cities from the Internet up," now has a very big sandbox in which to conduct its high-tech experiments. From a report: That's obviously an ambitious project, but some of the groundwork is already being laid: Alphabet's Google will be the flagship tenant for the new neighbourhood, anchoring the easter waterfront, to be called "Quayside," and Sidewalk Labs has committed $50 million to kick off pilot testing and planning in partnership with the City of Toronto. Sidewalk Labs won the contract through its response to a Request for Proposals issues by Waterfront Toronto, and organization created by the Canadian federal government, the Ontario provincial government and the City of Toronto together to foster development of Toronto's lakefront areas in ways that address urban sprawl while respecting the realities of climate change and taking into account the ability of the city's residents to get around efficiently. The area involved in the RFP that Sidewalk Labs will work with the government coalition to develop spans around 800 acres (though 12 acres are specified for the initial project), and is one of the largest underdeveloped urban areas in any North American city, making it a good target for Sidewalk's ambitious vision, which involves building smart cities holistically from the very start. Ultimately, the partners hope to turn the area into a "place for tens of thousands of people to live, work, learn and play -- and to create and advance new ideas that improve city life," according to a release from Sidewalk.
Open Source

Companies Overlook Risks in Open Source Software, Survey Finds (betanews.com) 130

An anonymous reader shares a report: Open source code helps software suppliers to be nimble and build products faster, but a new report reveals hidden software supply chain risks of open source that all software suppliers and IoT manufacturers should know about. The recent Equifax breach for example exploited a vulnerability in a widely used open source web framework, Apache Struts, and the study by software monetization specialist Flexera points out that as much as 50 percent of code in commercial and IoT software products is open source. "We can't lose sight that open source is indeed a clear win. Ready-to-go code gets products out the door faster, which is important given the lightning pace of the software space," says Jeff Luszcz, vice president of product management at Flexera. "However, most software engineers don't track open source use, and most software executives don't realize there's a gap and a security/compliance risk." Flexera surveyed 400 software suppliers, Internet of Things manufacturers and in-house development teams. It finds only 37 percent of respondents to the survey have an open source acquisition or usage policy, while 63 percent say either their companies either don't have a policy, or they don't know if one exists. Worryingly, of the 63 percent who say their companies don't have an open source acquisition or usage policy, 43 percent say they contribute to open source projects. There is an issue over who takes charge of open source software too. No one within their company is responsible for open source compliance, or they don't know who is, according to 39 percent of respondents.
Google

'Google Just Made Gmail the Most Secure Email Provider on the Planet' (vice.com) 197

Google announced on Tuesday that it would offer stronger online security for "high risk" users who may be frequent targets of online attacks. The company said anyone with a personal Google account can enroll in the new "advanced protection," while noting that it will require users to "trade off a bit of convenience" for extra security. Motherboard reports: The main advantage in terms of security is the need for a key or token to log in as the second factor, instead of a code sent via SMS or via app. This is much better because there's no way for hackers to steal or phish this key from afar (there have been isolated incidents of hackers using social engineering to gain access to someone's cell phone number by getting the provider to issue a new SIM card, for instance). Thanks to these new features, Gmail is now the most secure email provider available on the internet if you are worried about hackers breaking into your private correspondence. "This is a major step in the right direction in offering the same kind of protection available to high-profile figures to everyday people," Kenneth White, a Washington D.C. based security consultant to federal agencies, told Motherboard. "They have really thought this through, and while it may not make sense for everyone, for those that need it, it's a much needed option."
AT&T

Mobile Phone Companies Appear To Be Selling Your Location To Almost Anyone (techcrunch.com) 149

An anonymous reader quotes a report from TechCrunch: You may remember that last year, Verizon (which owns Oath, which owns TechCrunch) was punished by the FCC for injecting information into its subscribers' traffic that allowed them to be tracked without their consent. That practice appears to be alive and well despite being disallowed in a ruling last March: companies appear to be able to request your number, location, and other details from your mobile provider quite easily. The possibility was discovered by Philip Neustrom, co-founder of Shotwell Labs, who documented it in a blog post earlier this week. He found a pair of websites which, if visited from a mobile data connection, report back in no time with numerous details: full name, billing zip code, current location (as inferred from cell tower data), and more. (Others found the same thing with slightly different results depending on carrier, but the demo sites were taken down before I could try it myself.)
Television

Netflix Adds 5.3 Million Subs In Q3, Beating Forecasts (variety.com) 67

Netflix shows no signs of slowing down. The company announced its third quarter results, adding more subscribers in both the U.S. and abroad than expected. Variety reports: The company gained 850,000 streaming subs in the U.S. and 4.45 million overseas in the period. Analysts had estimated Netflix to add 784,000 net subscribers in the U.S. and 3.62 million internationally for Q3. "We added a Q3-record 5.3 million memberships globally (up 49% year-over-year) as we continued to benefit from strong appetite for our original series and films, as well as the adoption of internet entertainment across the world," the company said in announcing the results, noting that it had under-forecast both U.S. and international subscriber growth. Netflix also indicated that its content spending may be even higher next year than previously projected. The company had said it was targeting programming expenditures of $7 billion in 2018; on Monday, Netflix said it will spend between $7 billion and $8 billion on content (on a profit-and-loss basis) next year. For 2017, original content will represent more than 25% of total programming spending, and that "will continue to grow," Netflix said.
Google

Google Chrome for Windows Gets Basic Antivirus Features (betanews.com) 54

Google is rolling out a trio of important changes to Chrome for Windows users. From a report: At the heart of these changes is Chrome Cleanup. This feature detects unwanted software that might be bundled with downloads, and provides help with removing it. Google's Philippe Rivard explains that Chrome now has built-in hijack detection which should be able to detect when user settings are changes without consent. This is a setting that has already rolled out to users, and Google says that millions of users have already been protected against unwanted setting changes such as having their search engine altered. But it's the Chrome Cleanup tool that Google is particularly keen to highlight. A redesigned interface makes it easier to use and to see what unwanted software has been detected and singled out for removal.
Social Networks

Elon Musk Teases Reddit With Bad Answers About BFR Rocket (reddit.com) 100

Long-time Slashdot reader Rei writes: On Saturday evening, Elon Musk took questions in a Reddit AMA (Ask-Me-Anything) concerning SpaceX's new design for the BFR (Big F* Rocket). But unlike the 2016 IAC conference where many audience questions seemed to be trolling Musk, this time the tables were turned. Asked why Raptor thrust was reduced from 300 tons to 170, Musk replied, "We chickened out." He responded to a statement about landing on the moon by quoting Bob the Builder, while responding to a user's suggestion about caching internet data from Mars by writing simply "Nerd." A question as to whether BFR autogenous pressurization would be heat-exchanger based, Musk replied that they planned to utilize the Incendio spell from Harry Potter -- helpfully providing a Wikipedia link for the spell.

A technical question about the lack of a tail? "Tails are lame." A question about why the number of landing legs was increased from 3 to 4? "Because 4." After one Redditor observed "This is one bizarre AMA so far," Musk replied "Just wait..." While Musk ultimately did follow up some of the trolling with some actual responses, the overall event could be best described as "surreal".

To be fair, Musk provided some serious answers. (And his final comment ended with "Great questions nk!!") But one Redditor suggested Musk's stranger answers were like a threat, along the lines of "Just wait. It will get way more bizarre than that. Let me finish my whiskey."

Musk replied, "How did you know? I am actually drinking whiskey right now. Really."
Television

Cord-Cutters Drive Cable TV Subscribers to a 17-Year Low (houstonchronicle.com) 197

An anonymous reader quotes the Washington Post: On Wednesday, AT&T told regulators that it expects to finish the quarter with about 90,000 fewer TV subscribers than it began with. AT&T blamed a number of issues, including hurricane damage to infrastructure, rising credit standards and competition from rivals. The report also shows AT&T lost more traditional TV customers than it gained back through its online video app, DirecTV Now. And analysts are suggesting that that's evidence that cord-cutting is the main culprit... "DirecTV, like all of its cable peers, is suffering from the ravages of cord-cutting," said industry analyst Craig Moffett in a research note this week. Moffett added that while nobody expected AT&T's pay-TV numbers to look good, hardly anyone could have predicted they would look "this bad."

The outlook doesn't look much healthier for the rest of the television industry. Over the past year, cable and satellite firms have collectively lost nearly 3 million customers, according to estimates by market analysts at SNL Kagan and New Street Research. The number of households with traditional TV service is hovering at about the level it was in 2000, according to New Street's Jonathan Chaplin, in a study last week. Other analysts predict that, after factoring in AT&T's newly disclosed losses, the industry will have lost 1 million traditional TV subscribers by the end of this quarter.

The Internet

Not Just Equifax. Rival Site Transunion Served Malware Too -- and 1,000 More Sites (arstechnica.com) 68

An anonymous reader quotes Ars Technica: Equifax isn't the only credit-reporting behemoth with a website redirecting visitors to fake Adobe Flash updates. A security researcher from AV provider Malwarebytes said transunioncentroamerica.com, a TransUnion site serving people in Central America, [was] also sending visitors to the fraudulent updates and other types of malicious pages... Malwarebytes security researcher Jerome Segura says he was able to repeatedly reproduce a similar chain of fraudulent redirects when he pointed his browser to the transunioncentroamerica.com site. On some occasions, the final link in the chain would push a fake Flash update. In other cases, it delivered an exploit kit that tried to infect computers with unpatched browsers or browser plugins... "This is not something users want to have," Segura told Ars...

Equifax on Thursday was quick to say that its systems were never compromised in the attacks. TransUnion said much the same thing. This is an important distinction in some respects because it means that the redirections weren't the result of attackers having access to restricted parts of either company's networks. At the same time, the incidents show that visitors to both sites remain much more vulnerable to malicious content than they should be.

Both sites hosted fireclick.js, an old script from a small web analytics company which pulls pages from sites like Akamai, SiteStats.info, and Ostats.net. "It appears that attackers have compromised the third-party library," writes BankInfoSecurity, adding that Malwarebytes estimates over a 1,000 more sites are using the same library.
Communications

Russia Reportedly Used Pokemon Go In an Effort To Inflame Racial Tensions (theverge.com) 211

An anonymous reader quotes a report from The Verge: Russia's far-ranging campaign to promote dissension in the United States reportedly included an effort to weaponize Pokemon Go. CNN reported that in July 2016, a Tumblr page linked to Russia's now-notorious Internet Research Agency promoted a contest encouraging people sympathetic to the Black Lives Matter movement to play the game near famous sites of police brutality. Players were told to change their characters' names to the victims of those incidents -- an apparent effort to inflame racial tensions. The Tumblr page was linked to Do Not Shoot Us, a multi-platform campaign designed to mimic aspects of Black Lives Matter. (As CNN notes, the name plays on "hands up, don't shoot," one of the movement's slogans.) Do Not Shoot Us included a website, donotshoot.us, along with related pages on Facebook, Instagram, Twitter, and YouTube. The Facebook page was one of 470 pages that were removed after the company determined that it was linked to Russian groups attempting to interfere in US politics.
Bitcoin

Over 500 Million PCs Are Secretly Mining Cryptocurrency, Researchers Reveal (newsweek.com) 78

Ad blocking firm AdGuard has found that over 500 million people are inadvertently mining cryptocurrencies through their computers after visiting websites that are running background mining software. The company found 220 popular websites with an aggregated audience of half a billion people use so-called crypto-mining scripts when a user opens their main page. Newsweek reports: The mining tool works by hijacking a computer's central processing unit (CPU), commonly referred to as "the brains" of a computer. Using part of a computer's CPU to mine bitcoin effects the machine's overall performance and will slow it down by using up processing power. The researchers found that bitcoin browser mining is mostly found on websites "with a shady reputation" due to the trouble such sites have with earning revenue through advertising. However, in the future it could become a legitimate and ethical way of making money if the website requests the permission of the visitor first.

"220 sites may not seem like a lot," the researchers wrote in a blogpost detailing their discovery. "But CoinHive was launched less than one month ago on September 14. The growth has been extremely rapid: from nearly zero to .22 percent of Alexa's top 100,000 websites. "This analysis well illustrates the whole web, so it's safe to say that one of every forty websites currently mines cryptocurrency (namely Monero) in the browsers their users employ."

Businesses

Real Moviegoers Don't Care About Rotten Tomatoes 173

In a recent essay published on the Hollywood Reporter, Martin Scorsese inveighs against two conjoined trends -- the widespread reporting of box-office results and the grading of movies by consumers on CinemaScore and by critics on Rotten Tomatoes -- and blames it for "a tone that is hostile to serious filmmakers." In particular, he contends that this hostile environment is worsening "as film criticism written by passionately engaged people with actual knowledge of film history has gradually faded from the scene." Richard Brody, a movie critic at the New Yorker, thinks Scorsese is missing the mark. He writes: I think that film criticism is, over all, better than ever, because, with its new Internet-centrism, it's more democratic than ever and many of the critics who write largely online are more film-curious than ever. Anyone who is active on so-called Film Twitter -- who sees links by critics, mainly younger critics, to his or her work -- can't help but be impressed by the knowledge, the curiosity, and the sensibility of many of them. Their tastes tend to be broader and more daring than those of many senior critics on more established publications. And, even if readers of the wider press aren't reading these more obscure critics, the critics whom general readers read are often reading those young critics (and if they're not, it shows). This is, of course, not universally so, any more than it ever was. The Internet is democratic in all directions -- it's also available to writers of lesser knowledge, duller taste, and dubious agendas, and it may be their work that's advertised most loudly -- but the younger generation of critics is present online and there for the finding. [...] What Scorsese doesn't exactly say, but what, I think, marks a generation gap in movie thinking that his essay reflects, is the appearance of an increasing divide between artistically ambitious films and Hollywood films -- the gap between the top box-office films and the award winners. For filmmakers ready to work on lower budgets, the gap is irrelevant. The filmmakers whose conceptions tend toward the spectacular are the ones whose styles may, literally, be cramped by shrinking budgets -- filmmakers such as Scorsese and Wes Anderson, whose work has both an original and elaborate sense of style and a grand historical reach.
Twitter

Twitter Is Crawling With Bots and Lacks Incentive To Expel Them (bloomberg.com) 95

An anonymous reader shares a report: On Wednesday, the exterior of Twitter's San Francisco headquarters bore an eerie message: "Ban Russian Bots." Someone -- the company doesn't know who -- projected the demand onto the side of its building. Bots, or automated software programs, can be programmed to periodically send out messages on the internet. Now Twitter is scrambling to explain how bots controlled by Russian meddlers may have been used to impact the 2016 president election. Twitter was designed to be friendly to bots. They can help advertisers quickly spread their messages and respond to customer service complaints. Research from the University of Southern California and Indiana University shows that 9 to 15 percent of active Twitter accounts are bots. Many innocuously tweet headlines, the weather or Netflix releases. After the election, there was little discussion inside the company about whether the platform may have been misused, according to people familiar with the matter who asked not to be identified because it is private. But the ubiquity and usefulness of bots did come up. At one point, there were talks about whether Twitter should put a marking on bot accounts, so that users would know they were automated, one of the people said. Yet most of the conversation after the election focused on whether Trump's tweets violated Twitter's policies, the person said.
Education

'Maybe Wikipedia Readers Shouldn't Need Science Degrees To Digest Articles About Basic Topics' (vice.com) 304

Wikipedia articles about "hard science" (physics, biology, chemistry) topics are really mostly written for other scientists, writes Michael Byrne, a reporter on Science beat at Vice's Motherboard news outlet. From the article: This particular class of Wikipedia article tends to take the high-level form of a scientific paper. There's a brief intro (an abstract) that is kinda-sorta comprehensible, but then the article immediately degenerates into jargon and equations. Take, for example, the page for the electroweak interaction in particle physics. This is a topic of potentially broad interest; its formulation won a trio of physicists the Nobel Prize in 1979. Generally, it has to do with a fundamental linkage between two of the four fundamental forces of the universe, electromagnetism and the weak force. The Wikipedia article for the electroweak force consists of a two-paragraph introduction that basically just says what I said above plus some fairly intimidating technical context. The rest of the article is almost entirely gnarly math equations. I have no idea who the article exists for because I'm not sure that person actually exists: someone with enough knowledge to comprehend dense physics formulations that doesn't also already understand the electroweak interaction or that doesn't already have, like, access to a textbook about it. For another, somewhat different example, look at the article for graphene. Graphene is, of course, an endlessly hyped superstrong supermaterial. It's in the news constantly. The article isn't just a bunch of math equations, but it's also not much more penetrable for a reader without at least some chemistry/materials science background.
Businesses

Hollywood Studios Join Disney To Launch Movies Anywhere Digital Locker Service (theverge.com) 48

There may be a grand unifying service to make accumulating a large digital cinematic library feasible, or so is the hope anyway. From a report: For several years now, Disney has been the only Hollywood studio with a digital movie locker worth using, but a host of other industry heavyweights have now jumped on board to launch an expanded version of the service called Movies Anywhere. It's both a cloud-based digital locker and a one-stop-shop app: customers connect Movies Anywhere to their iTunes, Amazon Video, Google Play, or Vudu accounts, and all of the eligible movies they've purchased through those retailers appear as part of their Movies Anywhere library. Given that the Movies Anywhere app works across a number of platforms, it basically allows them to take their digital film library with them no matter what device or operating system they're using. [...] The launch of Movies Anywhere should be the merciful, final blow that puts an end to UltraViolet, one of the entertainment industry's first attempts at putting together a comprehensive digital locker service. That service flailed due to a poor customer experience and lack of adoption on the part of big digital retailers like Apple. The team behind Movies Anywhere seems to have learned from UltraViolet's mistakes, however, as well as Disney's previous successes.

Slashdot Top Deals