Security

Under Pressure, Western Tech Firms Including Cisco and IBM Bow To Russian Demands To Share Cyber Secrets (reuters.com) 13

An anonymous reader shares a Reuters report: Western technology companies, including Cisco, IBM and SAP, are acceding to demands by Moscow for access to closely guarded product security secrets, at a time when Russia has been accused of a growing number of cyber attacks on the West, a Reuters investigation has found. Russian authorities are asking Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country. The requests, which have increased since 2014, are ostensibly done to ensure foreign spy agencies have not hidden any "backdoors" that would allow them to burrow into Russian systems. But those inspections also provide the Russians an opportunity to find vulnerabilities in the products' source code -- instructions that control the basic operations of computer equipment -- current and former U.S. officials and security experts said. [...] In addition to IBM, Cisco and Germany's SAP, Hewlett Packard Enterprise Co and McAfee have also allowed Russia to conduct source code reviews of their products, according to people familiar with the companies' interactions with Moscow and Russian regulatory records.
Google

Google Will Stop Reading Your Emails For Gmail Ads (bloomberg.com) 43

Google will soon stop scanning emails received by some Gmail users, a practice that has allowed it to show them targeted advertising but which stirred privacy worries. From a report: The decision didn't come from Google's ad team, but from its cloud unit, which is angling to sign up more corporate customers. Alphabet's Google Cloud sells a package of office software, called G Suite, that competes with market leader Microsoft. Paying Gmail users never received the email-scanning ads like the free version of the program, but some business customers were confused by the distinction and its privacy implications, said Diane Greene, Google's senior vice president of cloud. "What we're going to do is make it unambiguous," she said. Ads will continue to appear inside the free version of Gmail, as promoted messages. But instead of scanning a user's email, the ads will now be targeted with other personal information Google already pulls from sources such as search and YouTube.
Government

The US Government Wants To Permanently Legalize the Right To Repair (vice.com) 127

An anonymous reader quotes a report from Motherboard: In one of the biggest wins for the right to repair movement yet, the U.S. Copyright Office suggested Thursday that the U.S. government should take actions to make it legal to repair anything you own, forever -- even if it requires hacking into the product's software. Manufacturers -- including John Deere, Ford, various printer companies, and a host of consumer electronics companies -- have argued that it should be illegal to bypass the software locks that they put into their products, claiming that such circumvention violated copyright law. Thursday, the U.S. Copyright Office said it's tired of having to deal with the same issues every three years; it should be legal to repair the things you buy -- everything you buy -- forever. "The growing demand for relief under section 1201 has coincided with a general understanding that bona fide repair and maintenance activities are typically non infringing," the report stated. "Repair activities are often protected from infringement claims by multiple copyright law provisions." "The Office recommends against limiting an exemption to specific technologies or devices, such as motor vehicles, as any statutory language would likely be soon outpaced by technology," it continued.
Security

Fireball Browser Hijack Impact Revised After Microsoft Analysis (eweek.com) 10

Sean Michael Kerner, writing for eWeek: A browser hijacking operation initially reported to have 250 million victims by security firm Check Point isn't quite that large, according to a new analysis by Microsoft. On June 1, security firm Check Point reported that a browser hijacking operation called "Fireball" had already claimed 250 million victims. According to a Microsoft analysis published June 22, Check Point's estimate of the number of victims was "overblown" and the attack is not nearly as widespread as initially reported. The Fireball attack is a browser hijacking that is potentially able to download malware onto victims' systems, as well as manipulate pageviews and redirect search requests. Check Point's initial analysis claimed that Fireball was being bundled as part of free software downloads to unsuspecting users. "Indeed, we have been working with Microsoft on their analysis, feeding them with some additional data," Maya Horowitz, group manager of threat intelligence at Check Point, said in a statement sent to eWEEK. "We tried to reassess the number of infections, and from recent data we know for sure that numbers are at least 40 million, but could be much more."
Firefox

Chrome and Firefox Headless Modes May Spur New Adware & Clickfraud Tactics (bleepingcomputer.com) 78

From a report: During the past month, both Google and Mozilla developers have added support in their respective browsers for "headless mode," a mechanism that allows browsers to run silently in the OS background and with no visible GUI. [...] While this feature sounds very useful for developers and very uninteresting for day-to-day users, it is excellent news for malware authors, and especially for the ones dabbling with adware. In the future, adware or clickfraud bots could boot-up Chrome or Firefox in headless mode (no visible GUI), load pages, and click on ads without the user's knowledge. The adware won't need to include or download any extra tools and could use locally installed software to perform most of its malicious actions. In the past, there have been quite a few adware families that used headless browsers to perform clickfraud. Martijn Grooten, an editor at Virus Bulletin, also pointed Bleeping Computer to a report where miscreants had abused PhantomJS, a headless browser, to post forum spam. The addition of headless mode in Chrome and Firefox will most likely provide adware devs with a new method of performing surreptitious ad clicks.
Intel

AMD Looks To 'Crush' Intel's Xeon With New Epyc Server Chips (extremetech.com) 125

AMD has unveiled the first generation of Epyc, its new range of server processors built around its Zen architecture. Processors will range from the Epyc 7251 -- an eight-core, 16-thread chip running at 2.1 to 2.9GHz in a 120W power envelope -- up to the Epyc 7601: a 32-core, 64-thread monster running at 2.2 to 3.2GHz, with a 180W design power. From a report: These chips are built on the same fundamental architecture as the company's Ryzen CPU cores, and they're aimed at the incredibly powerful data center market. AMD's 32-core / 64-thread Epyc CPUs combine four eight-core dies, each connected to the other via the company's Infinity Fabric. According to AMD, this approach is significantly cheaper than trying to pack 32 cores into a single monolithic die -- that approach would leave the company potentially throwing away huge amounts of silicon during its production ramp. The Infinity Fabric is deliberately over-provisioned to minimize any problems with non-NUMA aware software, according to Anandtech. Each 32-core Epyc CPU will support eight memory channels and two DIMMs per channel, for a total maximum memory capacity of 2TB per socket, or 4TB of RAM in a two-socket system. Each CPU will also offer 128 lanes of PCI Express 3.0 support -- enough to connect up to six GPUs at x16 each with room left over for I/O support. That's in a one-socket system, mind you. In a two-socket system, the total number of available PCI Express 3.0 lanes is unchanged, at 128 (64 PCIe 3.0 lanes are used to handle CPU -- CPU communication). Anandtech has a longer writeup with more details on the CPUs power efficiency and TDP scaling. Further reading: ZDNet, press release.
Mars

Curiosity Rover Decides, By Itself, What To Investigate On Mars (sciencemag.org) 72

sciencehabit writes: NASA's Curiosity rover landed on Mars in 2012, in part to analyze rocks to see whether the Red Planet was ever habitable (or inhabited). But now the robot has gone off script, picking out its own targets for analysis -- precisely as planned. Last year, NASA scientists uploaded a piece of software called Autonomous Exploration for Gathering Increased Science (AEGIS) adapted from the older Opportunity rover. Curiosity can now scan each new location and use artificial intelligence to find promising targets for its ChemCam. Compared with the estimated 24% success rate of random aiming at picking out outcrops -- a prime target for investigation -- the current version of AEGIS lets the rover find them 94% of the time, researchers report.
Microsoft

Microsoft Admits Disabling Anti-Virus Software For Windows 10 Users (bbc.com) 206

An anonymous reader quotes a report from the BBC: Microsoft has admitted that it does temporarily disable anti-virus software on Windows PCs, following an competition complaint to the European Commission by a security company. In early June, Kaspersky Lab filed the complaint against Microsoft. The security company claims the software giant is abusing its market dominance by steering users to its own anti-virus software. Microsoft says it implemented defenses to keep Windows 10 users secure. In an extensive blog post that does not directly address Kaspersky or its claims, Microsoft says it bundles the Windows Defender Antivirus with Windows 10 to ensure that every single device is protected from viruses and malware. To combat the 300,000 new malware samples being created and spread every day, Microsoft says that it works together with external anti-virus partners. The technology giant estimates that about 95% of Windows 10 PCs were using anti-virus software that was already compatible with the latest Windows 10 Creators Update. For the applications that were not compatible, Microsoft built a feature that lets users update their PCs and then reinstall a new version of the anti-virus software. "To do this, we first temporarily disabled some parts of the AV software when the update began. We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating," writes Rob Lefferts, a partner director of the Windows and Devices group in enterprise and security at Microsoft.
Software

NSA Opens GitHub Account, Lists 32 Projects Developed By the Agency (thehackernews.com) 62

An anonymous reader quotes a report from The Hacker News: The National Security Agency (NSA) -- the United States intelligence agency which is known for its secrecy and working in the dark -- has finally joined GitHub and launched an official GitHub page. GitHub is an online service designed for sharing code amongst programmers and open source community, and so far, the NSA is sharing 32 different projects as part of the NSA Technology Transfer Program (TTP), while some of these are "coming soon." "The NSA Technology Transfer Program (TTP) works with agency innovators who wish to use this collaborative model for transferring their technology to the commercial marketplace," the agency wrote on the program's page. "OSS invites the cooperative development of technology, encouraging broad use and adoption. The public benefits by adopting, enhancing, adapting, or commercializing the software. The government benefits from the open source community's enhancements to the technology." Many of the projects the agency listed are years old that have been available on the Internet for some time. For example, SELinux (Security-Enhanced Linux) has been part of the Linux kernel for years.
Communications

Snapchat's New Snap Map Lets You Share Your Location With Friends (theverge.com) 26

Snapchat is expanding into the world of mapping. A new feature announced on Wednesday called Snap Maps will let the app's 166 million users share their locations with each other, according to a company blog post. From a report: From the default camera view, you pinch with two fingers to zoom out and see the map. Friends who have opted into sharing their location through Snap Map (it's off by default) will appear in Bitmoji form. You can share with select friends, all friends, or with no one if you pick "Ghost Mode." Snapchat is very quick to note that your location is only updated when you open the app -- so there shouldn't be any background tracking to worry about.
Apple

Chris Lattner, Poached From Apple To Become Tesla's Top Software Executive, Quits After 6 Months (bizjournals.com) 139

Tesla said last night Chris Lattner, the vice president of Autopilot software, has left the company about six months after the electric car-maker hired him away from Apple. From a report: Lattner had led the software development team in charge of Autopilot. Tesla executive Jim Keller is now in charge of Autopilot hardware and software. The company announced it had also hired OpenAI research scientist Andrej Karpathy, who will serve as Tesla's new director of artificial intelligence and Tesla Vision. "Chris just wasn't the right fit for Tesla, and we've decided to make a change," the company told reporters in a statement. "We wish him the best." Lattner tweeted last night, "Turns out that Tesla isn't a good fit for me after all. I'm interested to hear about interesting roles for a seasoned engineering leader!" Lattner is a widely respected figure in the industry. He is the main author of LLVM as well as Apple's Swift programming language. We interviewed him earlier this year.
Open Source

Opus 1.2 Released 22

jmv writes: The Opus audio codec, used in WebRTC and now included in all major web browsers, gets another major upgrade with the release of version 1.2. This release brings quality improvements to both speech and music, while remaining fully compatible with RFC 6716. There are also optimizations, new options, as well as many bug fixes. This Opus 1.2 demo describes a few of the upgrades that users and implementers will care about the most. It includes audio samples comparing to previous versions of the codec, as well as speed comparisons for x86 and ARM.
Software

Uber Finally Adds a Tipping Option To Its App (gizmodo.com) 85

After years of complaints, Uber is rolling out a tipping option for drivers. "Tipping is available in Seattle, Minneapolis and Houston as of today. We're starting with only 3 cities so we can create the best tipping experience for you and your riders. We'll be adding more cities over the next few weeks, and will make tips available to all U.S. drivers, by the end of July 2017," Uber said in an email to drivers. Gizmodo reports: Uber will also roll out a full set of driver-friendly features. The cancellation window will narrow to two minutes (it was previously five) and drivers will get a per-minute fee if a rider makes them wait beyond two minutes. Drivers will also get a cut of Uber's "teen fare" which had previously gone exclusively to Uber. Now, drivers will get $2 of the fee. Uber will also offer drivers the option to enroll in injury-protection insurance. Uber has always argued that it offers a seamless experience and that adding a tip feature into its app would interfere with that. The company promises an up-front fare to the rider, with no fumbling around for cash or evaluation of a driver's performance beyond assigning a rating.
Google

Google Launches Its AI-Powered Jobs Search Engine (techcrunch.com) 38

Now you can search for jobs across virtually all of the major online job boards like LinkedIn, Monster, WayUp, DirectEmployers, CareerBuilders, Facebook and others -- directly from Google's search result pages. The company will also include job listings it finds on a company's homepage. TechCrunch reports: The idea here is to give job seekers an easy way to see which jobs are available without having to go to multiple sites only to find duplicate postings and lots of irrelevant jobs. With this new feature, which is now available in English on desktop and mobile, all you have to type in is a query like "jobs near me," "writing jobs" or something along those lines and the search result page will show you the new job search widget that lets you see a broad range of jobs. From there, you can further refine your query to only include full-time positions, for example. When you click through to get more information about a specific job, you also get to see Glassdoor and Indeed ratings for a company. You can also filter jobs by industry, location, when they were posted, and employer. Once you find a query that works, you can also turn on notifications so you get an immediate alert when a new job is posted that matches your personalized query.
Transportation

Driver Killed In a Tesla Crash Using Autopilot Ignored At Least 7 Safety Warnings (usatoday.com) 500

An anonymous reader quotes a report from USA Today: U.S. investigators said a driver who was killed while using Tesla's partially self-driving car ignored repeated warnings to put his hands on the wheel. In a 538-page report providing new details of the May 2016 crash that killed Ohio resident Joshua Brown in a highway crash in Florida, the National Transportation Safety Board described the scene of the grisly incident and the minutes leading up to it. The agency, which opened an investigation to explore the possibility that Tesla's Autopilot system was faulty, said it had drawn "no conclusions about how or why the crash occurred." The NTSB report appears to deliver no conflicting information. The agency said the driver was traveling at 74 miles per hour, above the 65 mph limit on the road, when he collided with the truck. The driver used the vehicle's self-driving system for 37.5 minutes of the 41 minutes of his trip, according to NTSB. During the time the self-driving system was activated, he had his hands on the wheel for a total of only about half a minute, investigators concluded. NTSB said the driver received seven visual warnings on the instrument panel, which blared "Hold Steering Wheel," followed by six audible warnings.
Businesses

Amazon Web Services Quietly Forms a Mixed Reality Team, But What Is It Building? (geekwire.com) 41

Nat Levy, reporting for GeekWire: Amazon is building a new "two pizza team" within Amazon Web Services focused on mixed-reality technology, another sign that the cloud powerhouse is expanding its reach and branching out into new areas. AWS isn't talking publicly about the initiative, but a job posting for a software engineer sheds some light on the team's goals. The posting says the company is "building a set of services, and platform to bring AWS and Amazon into the world of Mixed Reality." The company wants engineers with experience in "Computer Vision, 3D objects, rendering and data storage by designing, developing and testing software solutions." The posting further states that "applications would include real-time 3D modeling, image and video stream processing all within a scalable distributed environment." The posting calls the group a "true start-up within AWS (a real two pizza team)." The two-pizza term goes back to Amazon CEO Jeff Bezos, and his well-known rule that any team or meeting that can't be fed with two pizzas is too large.
OS X

The Behind-the-Scenes Changes Found In MacOS High Sierra (arstechnica.com) 204

Apple officially announced macOS High Sierra at WWDC 2017 earlier this month. While the new OS doesn't feature a ton of user-visible improvements and is ultimately shaping up to be a low-key release, it does feature several behind-the-scenes changes that could help make it the most stable macOS update in years. Andrew Cunningham from Ars Technica has "browsed the dev docs and talked with Apple to get some more details of the update's foundational changes." Here are some excerpts from three key areas of the report: APFS
Like iOS 10.3, High Sierra will convert your boot drive to APFS when you first install it -- this will be true for all Macs that run High Sierra, regardless of whether they're equipped with an SSD, a spinning HDD, or a Fusion Drive setup. In the current beta installer, you're given an option to uncheck the APFS box (checked by default) before you start the install process, though that doesn't necessarily guarantee that it will survive in the final version. It's also not clear at this point if there are edge cases -- third-party SSDs, for instance -- that won't automatically be converted. But assuming that most people stick with the defaults and that most people don't crack their Macs open, most Mac users who do the upgrade are going to get the new filesystem.

HEVC and HEIF
All High Sierra Macs will pick up support for HEVC, but only very recent models will support any kind of hardware acceleration. This is important because playing HEVC streams, especially at high resolutions and bitrates, is a pretty hardware-intensive operation. HEVC playback can consume most of a CPU's processor cycles, and especially on slower dual-core laptop processors, smooth playback may be impossible altogether. Dedicated HEVC encode and decode blocks in CPUs and GPUs can handle the heavy lifting more efficiently, freeing up your CPU and greatly reducing power consumption, but HEVC's newness means that dedicated hardware isn't especially prevalent yet.

Metal 2
While both macOS and iOS still nominally support open, third-party APIs like OpenGL and OpenCL, it's clear that the company sees Metal as the way forward for graphics and GPU compute on its platforms. Apple's OpenGL support in macOS and iOS hasn't changed at all in years, and there are absolutely no signs that Apple plans to support Vulkan. But the API will enable some improvements for end users, too. People with newer GPUs should expect to benefit from some performance improvements, not just in games but in macOS itself; Apple says the entire WindowServer is now using Metal, which should improve the fluidity and consistency of transitions and animations within macOS; this can be a problem on Macs when you're pushing multiple monitors or using higher Retina scaling modes on, especially if you're using integrated graphics. Metal 2 is also the go-to API for supporting VR on macOS, something Apple is pushing in a big way with its newer iMacs and its native support for external Thunderbolt 3 GPU enclosures. Apple says that every device that supports Metal should support at least some of Metal 2's new features, but the implication there is that some older GPUs won't be able to do everything the newer ones can do.

Microsoft

Microsoft Now Lets Surface Laptop Owners Revert Back To Windows 10 S (mspoweruser.com) 81

Microsoft is kind enough to offer Surface Laptop users the option to upgrade to Windows 10 Pro for free until later this year if they don't like Windows 10 S, which is installed by default and is only able to run apps or games that are in the Windows Store. The company is taking that generosity one step further by letting users revert back to Windows 10 S if they installed Windows 10 Pro and aren't happy with the performance and battery life. The option to revert back to the default OS wasn't available until now. MSPoweruser reports: Microsoft recently released the official recovery image for the Surface Laptop which will technically let you go back to Windows 10 S on your device but you'll be required to remove all of your files which is a bit frustrating. The recovery image wasn't available a few days after the Surface Laptop started shipping, but it is now available and you can download it to effectively reset your Surface Laptop. The recovery image is 9GB, so make sure you have a good internet connection before downloading the file. It is quite interesting how Microsoft isn't letting users go back to Windows 10 S from Windows 10 Pro without having to completely reset their devices, as the company would want more users to use its new version of Windows 10 for many reasons. Maybe this is something Microsoft will be adding in the future, but for now, we'll just have to do with the recovery image. If you own a Surface Laptop, you can find the recovery image here.
Businesses

Dropbox Is Rolling Out a Private Network to Speed Up File Access (fortune.com) 40

Dropbox, the file storage company that last year moved 90 percent of its data out of Amazon Web Services cloud and into its own data centers, is at it again. From a report on Fortune: The San Francisco company is building its own international private network to make sure users abroad can access their files -- most of which reside in those aforementioned Dropbox U.S. data centers -- faster. "What people don't realize about the internet is that it is very 'bursty' and can hit bottlenecks," Akhil Gupta, vice president of engineering at Dropbox tells Fortune. That is why the company is ripping out third-party load balancers and replacing them with its own software running on standard Linux hardware. Insulating itself from the balky internet is also the reason Dropbox is contracting to use its own dedicated fiber cable to carry that traffic. "We want to make user experience as real time as possible since 70 percent of our users are outside the U.S. and most of the data lives in North America," says Dan Williams, Dropbox's head of production engineering. Dropbox still partners with Amazon for customers in some countries, like Germany, which require user data to stay in the country of origin.
Government

Using Texts as Lures, Government Spyware Targets Mexican Journalists and Their Families (nytimes.com) 54

Mexico's most prominent human rights lawyers, journalists and anti-corruption activists have been targeted by advanced spyware sold to the Mexican government on the condition that it be used only to investigate criminals and terrorists, reports the New York Times. From the report: The targets include lawyers looking into the mass disappearance of 43 students (alternative source), a highly respected academic who helped write anti-corruption legislation, two of Mexico's most influential journalists and an American representing victims of sexual abuse by the police. The spying even swept up family members, including a teenage boy. Since 2011, at least three Mexican federal agencies have purchased about $80 million worth of spyware created by an Israeli cyberarms manufacturer. The software, known as Pegasus, infiltrates smartphones to monitor every detail of a person's cellular life -- calls, texts, email, contacts and calendars. It can even use the microphone and camera on phones for surveillance, turning a target's smartphone into a personal bug.

Slashdot Top Deals