Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Communications

AT&T Offering Day Pass For International Travelers (cnet.com) 13

Starting Friday, AT&T customers who travel abroad can sign up for a new International Day Pass plan. Instead of paying by the minute, message or megabyte, the plan lets you pay a $10-a-day flat free so you can talk and text "all you want" and also access your data plan as though you're in the states. From a report: AT&T said the new plan is available for customers traveling to more than 100 countries listed here. To use the new plan, customers just need to add it once and it will automatically kick in each time they travel to a supported country, until it's removed.
Android

Google Voice Receives First Update in Five Years (zdnet.com) 25

Google Voice hasn't seen a lot of love or attention since it launched with some fanfare in 2009, but surprisingly Google wants people to know that it still cares about the communication app. In a new sprawling release -- the first of its kind in years -- Google has revamped all versions of its Voice app and site with a clean, modern look, new features, and, perhaps the best news of all, the promise of regular updates. From a report: Google is finally adding two features Google Voice users have long missed out on: MMS support for photo messaging and group chats. Previously workarounds were required to send and receive picture messages, and group chats were flat out not possible.
Technology

Alexa and Google Assistant Have a Problem: People Aren't Sticking With Voice Apps They Try (recode.net) 86

Amazon Echo and Google Home were the breakaway hits of the holiday shopping season. But both devices -- and the voice technologies that power them -- have some major hurdles to overcome if they want to keep both consumers and software developers engaged. From a report on Recode: That's one of the big takeaways from a new report that an industry startup, VoiceLabs, released on Monday. For starters, 69 percent of the 7,000-plus Alexa "Skills" -- voice apps, if you will -- have zero or one customer review, signaling low usage. What's more, when developers for Alexa and its competitor, Google Assistant, do get someone to enable a voice app, there's only a 3 percent chance, on average, that the person will be an active user by week 2, according to the report. (There are outliers that have week 2 retention rates of more than 20 percent.) For comparison's sake, Android and iOS apps have average retention rates of 13 percent and 11 percent, respectively, one week after first use. "There are lots of [voice] apps out there, but they are zombie apps," VoiceLabs co-founder Adam Marchick said in an interview.
Transportation

When Their Shifts End, Uber Drivers Set Up Camp in Parking Lots Across the US (bloomberg.com) 296

A feature report on Bloomberg today illustrates the lives of several Uber drivers, who find shelter in car parking at nights when it's too pricey and tiring to go home. An excerpt from the story: In Chicago, Walter Laquian Howard sleeps most nights at the "Uber Terminal." "I left my job thinking this would work, and it's getting harder and harder," Howard said. "They have to understand that some of us have decided to make this a full-time career." Howard has been parking and sleeping at the 7-Eleven four to five nights a week since March 2015, when he began leasing a car from Uber and needed to work more hours to make his minimum payments. Now that it's gotten cold, he wakes up every three hours to turn on the heater. He's rarely alone. Most nights, two to three other ride-hailing drivers sleep in cars parked next to his. It's safe, he said, and the employees let the drivers use the restroom. Howard has gotten to know the convenience store's staff -- Daddy-O and Uncle Mike -- over the past two years while driving for this global ride-hailing gargantuan, valued at $69 billion. "These guys have become my extended family," said Howard, 53. "It's my second home. We have this joke that I'm the resident. I keep asking them: 'Hey, did my mail come in yet?'"
Oracle

Oracle Lays Off More Than 1,000 Employees (zdnet.com) 101

An anonymous reader writes: According to the Mercury News, Oracle is laying off approximately 450 employees in its Santa Clara hardware systems division. Reports at The Layoff, a discussion board for technology business firings, claim about 1,800 employees company-wide are being pink-slipped. Oracle claims the company isn't closing the Santa Clara facility with this reduction in force. Instead, "Oracle is refocusing its Hardware Systems business, and for that reason, has decided to lay off certain of its employees in the Hardware Systems Division."
Security

Android Device's Pattern Lock Can Be Cracked Within Five Attempts, Researchers Show (phys.org) 110

The popular Pattern Lock system used to secure millions of Android phones can be cracked within just five attempts -- and more complicated patterns are the easiest to crack, security experts reveal. From a research paper: Pattern Lock is a security measure that protects devices, such as mobile phones or tablets, and which is preferred by many to PIN codes or text passwords. It is used by around 40 percent of Android device owners. In order to access a device's functions and content, users must first draw a pattern on an on-screen grid of dots. If this matches the pattern set by the owner then the device can be used. However, users only have five attempts to get the pattern right before the device becomes locked. New research from Lancaster University, Northwest University in China, and the University of Bath, which benefitted from funding from the Engineering and Physical Sciences Research Council (EPSRC), shows for the first time that attackers can crack Pattern Lock reliably within five attempts by using video and computer vision algorithm software. By covertly videoing the owner drawing their Pattern Lock shape to unlock their device, while enjoying a coffee in a busy cafe; for example, the attacker, who is pretending to play with their phone, can then use software to quickly track the owner's fingertip movements relative to the position of the device. Within seconds the algorithm produces a small number of candidate patterns to access the Android phone or tablet.
Google

More People Than Ever Are Using DuckDuckGo; Site Says It Observed 14M Searches in One Day This Month (betanews.com) 131

An anonymous reader shares a BetaNews article: A lot of people are more privacy aware than they have been in the past, and are wary of entrusting everything they search for to Google. That's where privacy-focused sites like DuckDuckGo come in. Its growth since it launched 8 years ago has been nothing short of staggering, with the number of searches skyrocketing since 2013, when Edward Snowden first revealed how the US government was spying on its people. The search site says it has to date served up over 10 billion anonymous searches, with 4 billion of those occurring in the last year alone, and the company says it is growing faster than ever. On January 10 2017, the site received in excess of 14 million private searches.
Chrome

Every Upcoming Chromebook Will Run Android Apps (laptopmag.com) 58

Google announced last year that it will be bringing Android apps to Chromebooks. The company has now announced that moving forward all the new Chromebooks will have access to the Google Play Store, the marquee store for Android apps. From a report: The news comes from a single line of text in Google's list of Chromebooks that can support the programs: "All Chromebooks launching in 2017 and after as well as the Chromebooks listed below will work with Android apps in the coming future." We knew this would eventually come, and now isn't terribly surprising timing. There are more Chromebooks with touchscreens than ever, including the Asus Chromebook Flip C302CA and Samsung's upcoming Chromebook Plus and Pro, all of which were announced at CES in Las Vegas.
Businesses

Sprint Purchases 33 Percent Stake in Tidal For $200 Million (billboard.com) 59

Sprint has acquired a 33 percent stake in Jay Z's music streaming service Tidal, the two companies announced today. From a report: A source familiar with the matter tells Billboard that the purchase was for $200 million and that Jay and each of the company's two dozen artist-owners will remain part owners. As part of the deal, Tidal will become available to Sprint's 45 million retail customers, while the companies will partner for exclusives from its artists, according to a press release.
Electronic Frontier Foundation

Three States Propose DMCA-Countering 'Right To Repair' Laws (ifixit.org) 187

Automakers are using the Digital Millennium Copyright Act to shut down tools used by car mechanics -- but three states are trying to stop them. An anonymous reader quotes IFixIt.Org: in 2014, Ford sued Autel for making a tool that diagnoses car trouble and tells you what part fixes it. Autel decrypted a list of Ford car parts, which wound up in their diagnostic tool. Ford claimed that the parts list was protected under copyright (even though data isn't creative work) -- and cracking the encryption violated the DMCA. The case is still making its way through the courts. But this much is clear: Ford didn't like Autel's competing tool, and they don't mind wielding the DMCA to shut the company down...

Thankfully, voters are stepping up to protect American jobs. Just last week, at the behest of constituents, three states -- Nebraska, Minnesota, and New York -- introduced Right to Repair legislation (more states will follow). These 'Fair Repair' laws would require manufacturers to provide service information and sell repair parts to owners and independent repair shops.

Activist groups like the EFF and Repair.org want to "ensure that repair people aren't marked as criminals under the DMCA," according to the site, arguing that we're heading towards a future with many more gadgets to fix. "But we'll have to fix copyright law first."
Transportation

'IT Issue' Grounded All United Airlines Flights In The US (nbcnews.com) 108

For two and a half hours -- no take-offs. An anonymous reader quotes NBC News: All of United Airlines' domestic flights were grounded Sunday night because of a computer outage, the Federal Aviation Administration said as scores of angry travelers sounded off on social media... U.S. officials told NBC News that the Aircraft Communications Addressing and Reporting System, or ACARS, had issues with low bandwidth. No further explanation was immediately available for what United described only as "an IT issue."
An hour ago United tweeted that they'd finally lifted the stop and were "working to get flights on their way." 66 flights were cancelled just at Chicago's O'Hare Airport, the Chicago Department of Aviation told the Associated Press, and though the article doesn't identify the total number of flights affected, "Chicago-based United Airlines and United Express operate more than 4,500 flights a day to 339 airports across five continents."
Android

Do Android Users Still Use Custom Roms? (androidauthority.com) 202

"With all of the drama at CyanogenMod, Android Authority takes a look at the current state of custom ROM development," writes Slashdot reader Thelasko. From the article: The future of CyanogenMod appears uncertain, after the open source ROM was forced to fork under the name Lineage OS. Fortunately there are already other remixed versions of Android available, with some of the most popular being Paranoid Android, Resurrection Remix, and Dirty Unicorns... [But] with each new version of Android, the gap between Android and popular custom ROMs has shrunk, which begs an interesting question: Are custom ROMs even necessary anymore? To answer this, let's take a quick look at the state of custom ROM development as it exists today.
The article points out that mobile virtual reality is "on the verge of becoming mainstream and the wearable market has grown tremendously," asking whether custom firmware will also integrate these newer technologies. But the original submission also asks a question that's closer to home. What custom ROMs do Slashdot users have installed?
Mozilla

Mozilla Releases New Open Source 'Internet Health Report' (venturebeat.com) 65

Slashdot reader Krystalo shared this VentureBeat article: Fresh off its brand redesign, Mozilla has released The Internet Health Report, an open-source initiative to document the state of the internet, combining research and reporting from multiple sources... Mozilla's goal is to start a constructive discussion about the health of the internet by exploring what is currently healthy and unhealthy, as well as what lies ahead...

One notable statistic is the number of people who can't get online in the first place. The report shows that 57.8% of the world's population cannot afford broadband internet, and 39.5% cannot afford an internet connection on their mobile device. Other findings include the fact that there were 51 intentional internet shutdowns across 18 countries in the first 10 months of 2016; almost one-third of the world's population has no data protection rights; and 52% of all websites are in English, even though only 25% of the global population understands the language.

They're now gathering feedback and choosing which metrics to revisit every year, but five key topics include "decentralization: who controls the internet" and "open innovation: how open is it?" as well as security, web literacy, and digital inclusion. But Mozilla says their ultimate goal is very simple: to identify what's helping -- and what's hurting -- the internet.
Education

The 32-Bit Dog Ate 16 Million Kids' CS Homework (code.org) 148

"Any student progress from 9:19 to 10:33 a.m. on Friday was not saved..." explained the embarrassed CTO of the educational non-profit Code.org, "and unfortunately cannot be recovered." Slashdot reader theodp writes: Code.org CTO Jeremy Stone gave the kids an impromptu lesson on the powers of two with his explanation of why The Cloud ate their homework. "The way we store student coding activity is in a table that until today had a 32-bit index... The database table could only store 4 billion rows of coding activity information [and] we didn't realize we were running up to the limit, and the table got full. We have now made a new student activity table that is storing progress by students. With the new table, we are switching to a 64-bit index which will hold up to 18 quintillion rows of information.
The issue also took the site offline, temporarily making the work of 16 million K-12 students who have used the nonprofit's Code Studio disappear. "On the plus side, this new table will be able to store student coding information for millions of years," explains the site's CTO. But besides Friday's missing saves, "On the down side, until we've moved everything over to the new table, some students' code from before today may temporarily not appear, so please be patient with us as we fix it."
Bug

Army Bug Bounty Researcher Compromises US Defense Department's Internal Network (threatpost.com) 41

Thursday the U.S. Army shared some surprising results from its first bug bounty program -- a three-week trial in which they invite 371 security researchers "trained in figuring out how to break into computer networks they're not supposed to." An anonymous reader quotes Threatpost: The Army said it received more than 400 bug reports, 118 of which were unique and actionable. Participants who found and reported unique bugs that were fixed were paid upwards of $100,000... The Army also shared high-level details on one issue that was uncovered through the bounty by a researcher who discovered that two vulnerabilities on the goarmy.com website could be chained together to access, without authentication, an internal Department of Defense website.

"They got there through an open proxy, meaning the routing wasn't shut down the way it should have been, and the researcher, without even knowing it, was able to get to this internal network, because there was a vulnerability with the proxy, and with the actual system," said a post published on HackerOne, which managed the two bounty programs on its platform. "On its own, neither vulnerability is particularly interesting, but when you pair them together, it's actually very serious."

Crime

Geek Avenges Stolen Laptop By Remotely Accessing Thief's Facebook Account (hothardware.com) 331

An anonymous reader quotes Hot Hardware: Stu Gale, who just so happens to be a computer security expert, had the misfortune of having his laptop stolen from his car overnight. However, Gale did have remote software installed on the device which allowed him to track whenever it came online. So, he was quite delighted to see that a notification popped up on one of his other machines alerting him that his stolen laptop was active. Gale took the opportunity to remote into the laptop, only to find that the not-too-bright thief was using his laptop to login to her Facebook account.

The thief eventually left her Facebook account open and left the room, after which Gale had the opportunity to snoop through her profile and obtain all of her private information. "I went through and got her phone numbers, friends list and pictures..." Given that Gale was able to see her phone numbers listed on Facebook, he sent text messages to all of those numbers saying that he was going to report her to the police. He also posted her info to a number of Facebook groups, which spooked the thief enough to not only delete her Facebook account, but also her listed phone numbers.

In 2008 Slashdot ran a similar story, where it took several weeks of remote monitoring before a laptop thief revealed his identity. (The victim complained that "It was kind of frustrating because he was mostly using it to watch porn.") But in this case, Gale just remotely left a note on the laptop -- and called one of the thief's friends -- and eventually turned over all the information to the police, who believe an arrest will follow.

Gale seems less confident, and tells one Calgary newspaper "I'm realistic. I'm not going to see that computer again. But at least I got some comic relief."
Firefox

The SHA-1 End Times Have Arrived (threatpost.com) 47

"Deadlines imposed by browser makers deprecating support for the weakened SHA-1 hashing algorithm have arrived," writes Slashdot reader msm1267. "And while many websites and organizations have progressed in their migrations toward SHA-2 and other safer hashing algorithms, pain points and potential headaches still remain." Threatpost reports: Starting on Jan. 24, Mozilla's Firefox browser will be the first major browser to display a warning to its users who run into a site that doesn't support TLS certificates signed by the SHA-2 hashing algorithm... "SHA-1 deprecation in the context of the browser has been an unmitigated success. But it's just the tip of the SHA-2 migration iceberg. Most people are not seeing the whole problem," said Kevin Bocek, VP of security strategy and threat intelligence for Venafi. "SHA-1 isn't just a problem to solve by February, there are thousands more private certificates that will also need migrating"...

Experts warn the move to SHA-2 comes with a wide range of side effects; from unsupported applications, new hardware headaches tied to misconfigured equipment and cases of crippled credit card processing gear unable to communicate with backend servers. They say the entire process has been confusing and unwieldy to businesses dependent on a growing number of digital certificates used for not only their websites, but data centers, cloud services, and mobile apps... According to Venafi's research team, 35 percent of the IPv4 websites it analyzed in November are still using insecure SHA-1 certificates. However, when researchers scanned Alexa's top 1 million most popular websites for SHA-2 compliance it found only 536 sites were not compliant.
The article describes how major tech companies are handling the move to SHA-2 compliance -- including Apple, Google, Microsoft, Facebook, Salesforce and Cloudflare
AI

Newest Tesla Autopilot Data Shows A 40% Drop in Crashes (bloomberg.com) 164

There's a surprise in the data from an investigation into Tesla safety by the U.S. National Highway Traffic Safety Administration. An anonymous reader quotes Bloomberg: [W]hile all Tesla vehicles come with the hardware necessary for Autopilot, you need a software upgrade that costs thousands of dollars to make it work. Since buyers can add Autopilot features after purchase, this provides a perfect before-and-after comparison. It turns out that, according to the data Tesla gave investigators, installing Autopilot prevents crashes -- by an astonishing 40 percent...

Now -- thanks to an investigation that initially hurt the company -- there is finally some real data, and it's good news for Tesla... As the software matures to match the new hardware, Musk said on Thursday via a Tweet, Tesla is targeting a 90 percent reduction in car crashes.

Security

Pwn2Own 2017 Offers Big Bounties For Linux, Browser, and Apache Exploits (eweek.com) 51

Now that TrendMicro owns TippingPoint, there'll be "more targets and more prize money" according to eWeek, and something special for Pwn2Own's 10th anniversary in March. Slashdot reader darthcamaro writes: For the first time in its ten-year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu.
"We are nine weeks away," TrendMicro posted Wednesday, pointing out that they're giving out over $1 million in bounties, including the following:
  • $100,000 for escaping a virtualization hypervisor
  • $80,000 for a Microsoft Edge or Google Chrome exploit
  • $50,000 for an exploit of Adobe Reader, Microsoft Word, Excel or PowerPoint
  • $50,000 for an Apple Safari exploit
  • $30,000 for a Firefox exploit
  • $30,000, $20,000 and $15,000 for privilege-escalating kernel vulnerabilities on Windows, macOS and Linux (respectively)
  • $200,000 for an Apache Web Server exploit

Google

Google Pressured 90,000 Android Developers Over Insecure Apps (pcworld.com) 50

An anonymous reader quotes PCWorld: Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future updates to the insecure apps...

In the early days of the App Security Improvement program, developers only received notifications, but were under no pressure to do anything. That changed in 2015 when Google expanded the types of issues it scanned for and also started enforcing deadlines for fixing many of them... Google added checks for six new vulnerabilities in 2015, all of them with a patching deadline, and 17 in 2016, 12 of which had a time limit for fixes. These issues ranged from security flaws in third-party libraries, development frameworks and advertising SDKs to insecure implementations of Android Java classes and interfaces.

100,000 applications had been patched by April of 2016, but that number tripled over the next nine months, with 90,000 developers fixing flaws in over 275,000 apps.

Slashdot Top Deals