Software

'The Year That Software Bugs Ate the World' (fastcompany.com) 48

FastCompany's harrymcc writes: It's not like there's ever a year that isn't rife with stories about buggy software. But 2017 seems to have had an unusually rich supply of software flaws that fouled up major products -- from Twitter to iOS 11 to the Google Pixel 2 -- in ways that were very noticeable and sometimes even funny. Sample this: A nagging flaw in Google's Play Services software for Android causes Gmail to demand access to "body sensors" before it will let users send email. Android Police's Artem Russakovskii discovers that his Mini is recording audio 24/7 and storing it on Google's servers. I rounded up a bunch of them over at Fast Company.
Businesses

Kaspersky Lab Sues Trump Administration Over Software Ban (reuters.com) 97

Moscow-based anti-virus company Kaspersky Lab sued the Trump administration in U.S. federal court on Monday, arguing that the American government has deprived it of due process rights by banning its software from U.S. government agencies. From a report: The lawsuit is the latest effort by Kaspersky Lab to push back on allegations that the company is vulnerable to Kremlin influence. The Department of Homeland Security in September issued a directive to U.S. civilian agencies ordering them to remove Kaspersky Lab from their computer networks within 90 days. The order came amid mounting concern among U.S. officials that the software could enable Russian espionage and threaten national security. The ban was codified last week when President Donald Trump signed legislation banning Kasperky Lab from use across civilian and military agencies.
Opera

Opera Software Changes Name To Otello Corporation (reuters.com) 49

Opera Software has changed its name to Otello Corporation, it said in a statement on Monday. From a report: Otello owns companies that develop software for advertising, telecoms, games and other online business. The name changes does not affect Opera Software AS or the Opera and Opera Mini internet browsers, all of which Otello sold in 2016, Opera Software AS said in a separate statement.
Microsoft

Microsoft Releases a Preview of OpenSSH Client and Server For Windows 10 (servethehome.com) 142

kriston (Slashdot user #7,886) writes: Microsoft released a preview of the OpenSSH server and client for Windows 10. Go to Settings, Apps & Features, and click "Manage optional features" to install them. The software only supports AES-CTR and chacha20 ciphers and supports a tiny subset of keys and KEXs, but, on the other hand, a decent set of MACs.

It also says that it doesn't use the OpenSSL library. That's the really big news, here. I understand leaving out arcfour/RC4 and IDEA, but why wouldn't MSFT include Blowfish, Twofish, CAST, and 3DES? At least they chose the CTR versions of these ciphers. (Blowfish isn't compromised in any practical way, by the way). I prefer faster and less memory- and CPU-intensive ciphers.

Still, it's a good start. The SSH server is compelling enough to check out especially since I just started using X2GO for remote desktop access which requires an SSH server for its file sharing feature.

Chrome

Chrome 64 Beta Adds Sitewide Audio Muting, Pop-Up Blocker, Windows 10 HDR Video (9to5google.com) 43

Chrome 64 is now in beta and it has several new features over version 63. In addition to a stronger pop-up blocker and support for HDR video playback when Windows 10 is in HDR mode, Chrome 64 features sitewide audio muting to block sound when navigating to other pages within a site. 9to5Google reports: An improved pop-up blocker in Chrome 64 prevents sites with abusive experiences -- like disguising links as play buttons and site controls, or transparent overlays -- from opening new tabs or windows. Meanwhile, as announced in November, other security measures in Chrome will prevent malicious auto-redirects. Beginning in version 64, the browser will counter surprise redirects from third-party content embedded into pages. The browser now blocks third-party iframes unless a user has directly interacted with it. When a redirect attempt occurs, users will remain on their current page with an infobar popping up to detail the block. This version also adds a new sitewide audio muting setting. It will be accessible from the permissions dropdown by tapping the info icon or green lock in the URL bar. This version also brings support for HDR video playback when Windows 10 is in HDR mode. It requires the Windows 10 Fall Creator Update, HDR-compatible graphics card, and display. Meanwhile, on Windows, Google is currently prototyping support for an operating system's native notification center. Other features include a new "Split view" feature available on Chrome OS. Developers will also be able to take advantage of the Resize Observer API to build responsive sites with "finger control to observe changes to sizes of elements on a page."
AI

Google Is Shutting Down Project Tango (androidpolice.com) 36

Google announced that it is ending support for Project Tango, the company's first attempt to bring a solid augmented-reality experience to the average user. The project used an array of cameras and sensors to accurately map 3D areas, causing the devices support Tango to be relatively large and expensive. Android Police reports: The first Tango device put into production was the "Peanut" phone, which was given to early access partners in 2014. Then came the "Yellowstone" 7-inch tablet, which was initially sold for $1,024 before a massive price drop to $512. The only other devices with Project Tango were the Lenovo Phab2 Pro, which wasn't a very good phone to start off with, and the ZenFone AR. This move isn't entirely surprising, now that Google is working on a software-only solution called ARCore. Not only is ARCore similar to Tango in functionality, but it doesn't require specialized hardware like Tango does.
Security

Lock Out: the Austrian Hotel That Was Hacked Four Times (bbc.com) 53

AmiMoJo shares a BBC report: Christoph Brandstatter is managing director of the four-star Seehotel, Jagerwirt, in Austria's Alps. His hotel's electronic door locks and other systems were hacked for ransom four times, between December 2016 and January 2017. "We got a ransomware mail which was hidden in a bill from Telekom Austria." His hotel's door keys became unusable after he clicked on a link to his bill. So was his hard drive. "Actually, as a small business you do not really think that anybody's interested in you for hacking, so we had no plan what to do," he recalls. He paid a ransom of two bitcoins, saying "at that time it was about $1,882." He has now installed firewalls and new antivirus software, and has trained his staff to recognise phishing emails that may seem genuine but actually contain malware. And he's moved back to traditional metal keys.
Bitcoin

A Cryptocurrency Without a Blockchain Has Been Built To Outperform Bitcoin (technologyreview.com) 186

An anonymous reader quotes a report from MIT Technology Review: Bitcoin isn't the only cryptocurrency on a hot streak -- plenty of alternative currencies have enjoyed rallies alongside the Epic Bitcoin Bull Run of 2017. One of the most intriguing examples is also among the most obscure in the cryptocurrency world. Called IOTA, it has jumped in total value from just over $4 billion to more than $10 billion in a little over two weeks. But that isn't what makes it interesting. What makes it interesting is that it isn't based on a blockchain at all; it's something else entirely. The rally began in late November, after the IOTA Foundation, the German nonprofit behind the novel cryptocurrency, announced that it was teaming up with several major technology firms to develop a "decentralized data marketplace."

Though IOTA tokens can be used like any other cryptocurrency, the protocol was designed specifically for use on connected devices, says cofounder David Sonstebo. Organizations collect huge amounts of data from these gadgets, from weather tracking systems to sensors that monitor the performance of industrial machinery (a.k.a. the Internet of things). But nearly all of that information is wasted, sitting in siloed databases and not making money for its owners, says Sonstebo. IOTA's system can address this in two ways, he says. First, it can assure the integrity of this data by securing it in a tamper-proof decentralized ledger. Second, it enables fee-less transactions between the owners of the data and anyone who wants to buy it -- and there are plenty of companies that want to get their hands on data.
The report goes on to note that instead of using a blockchain, "IOTA uses a 'tangle,' which is based on a mathematical concept called a directed acyclic graph." The team decided to research this new alternative after deciding that blockchains are too costly. "Part of Sonstebo's issue with Bitcoin and other blockchain systems is that they rely on a distributed network of 'miners' to verify transactions," reports MIT Technology Review. "When a user issues a transaction [with IOTA], that individual also validates two randomly selected previous transactions, each of which refer to two other previous transactions, and so on. As new transactions mount, a 'tangled web of confirmation' grows, says Sonstebo."
America Online

PSA: AIM Will Be Discontinued Tomorrow (fortune.com) 105

Cutting_Crew writes: Along with Yahoo Messenger, MSN Messenger and ICQ, I used AIM extensively (without an AOL subscription of course). AIM will finally come to a halt on December 15th, 2017, as reported a few months ago and explained in AOL fashion over on their website. I remember using AIM to keep in touch with friends, co-workers and yes, even tried dating back in the day using the "looking for love" feature not only available to AOL subscribers but also extended to AIM users as well. Any memories you want to share? Speak now, or forever hold your peace.
Security

Fortinet VPN Client Exposes VPN Creds; Palo Alto Firewalls Allow Remote Attacks (bleepingcomputer.com) 32

An anonymous reader shares a report: It's been a bad week for two of the world's biggest vendors of enterprise hardware and software -- Fortinet and Palo Alto Networks. The worst of the bunch is a credentials leak affecting Fortinet's FortiClient, an antivirus product provided by Fortinet for both home and enterprise-level clients. Researchers from SEC Consult said in an advisory released this week that they've discovered a security issue that allows attackers to extract credentials for this VPN client. The second major security issue disclosed this week affects firewall products manufactured by Palo Alto Networks and running PAN-OS, the company's in-house operating system. Security researcher Philip Pettersson discovered that by combining three vulnerabilities together, he could run code on a Palo Alto firewall from a remote location with root privileges.
Security

Author of BrickerBot Malware Retires, Says He Bricked 10 Million IoT Devices (bleepingcomputer.com) 149

An anonymous reader writes: The author of BrickerBot -- the malware that bricks IoT devices -- has announced his retirement in an email to Bleeping Computer, also claiming to have bricked over 10 million devices since he started the "Internet Chemotherapy" project in November 2016. Similar to the authors of the Mirai malware, the BrickerBot developer dumped his malware's source code online, allowing other crooks to profit from his code. The code is said to contain at least one zero-day. In a farewell message left on hundreds of hacked routers, the BrickerBot author also published a list of incidents (ISP downtimes) he caused, while also admitting he is likely to have drawn the attention of law enforcement agencies. "There's also only so long that I can keep doing something like this before the government types are able to correlate my likely network routes (I have already been active for far too long to remain safe). For a while now my worst-case scenario hasn't been going to jail, but simply vanishing in the middle of the night as soon as some unpleasant government figures out who I am," the hacker said.
Open Source

Avast Launches Open-Source Decompiler For Machine Code (techspot.com) 113

Greg Synek reports via TechSpot: To help with the reverse engineering of malware, Avast has released an open-source version of its machine-code decompiler, RetDec, that has been under development for over seven years. RetDec supports a variety of architectures aside from those used on traditional desktops including ARM, PIC32, PowerPC and MIPS. As Internet of Things devices proliferate throughout our homes and inside private businesses, being able to effectively analyze the code running on all of these new devices becomes a necessity to ensure security. In addition to the open-source version found on GitHub, RetDec is also being provided as a web service.

Simply upload a supported executable or machine code and get a reasonably rebuilt version of the source code. It is not possible to retrieve the exact original code of any executable compiled to machine code but obtaining a working or almost working copy of equivalent code can greatly expedite the reverse engineering of software. For any curious developers out there, a REST API is also provided to allow third-party applications to use the decompilation service. A plugin for IDA disassembler is also available for those experienced with decompiling software.

Software

T-Mobile Is Becoming a Cable Company (engadget.com) 92

T-Mobile has revealed that it's launching a TV service in 2018, and that is has acquired Layer3 TV (a company that integrates TV, streaming and social networking) to make this happen. The company thinks people are ditching cable due to the providers, not TV itself. Engadget reports: It claims that it can "uncarrier" TV the way it did with wireless service, and has already targeted a few areas it thinks it can fix: it doesn't like the years-long contracts, bloated bundles, outdated tech and poor customer service that are staples of TV service in the U.S. T-Mobile hasn't gone into detail about the functionality of the service yet. How will it be delivered? How much will it cost? Where will it be available? And will this affect the company's free Netflix offer? This is more a declaration of intent than a concrete roadmap, so it's far from certain that the company will live up to its promises. Ultimately, the move represents a big bet on T-Mobile's part: that people like TV and are cutting the cord based on a disdain for the companies, not the service. There's a degree of truth to that when many Americans are all too familiar with paying ever-increasing rates to get hundreds of channels they don't watch. However, there's no guarantee that it'll work in an era when many people (particularly younger people) are more likely to use Netflix, YouTube or a streaming TV service like Sling TV.
Robotics

Robots Are Being Used To Shoo Away Homeless People In San Francisco (qz.com) 421

An anonymous reader quotes a report from Quartz: San Francisco's Society for the Prevention of Cruelty to Animals (SPCA) has been ordered by the city to stop using a robot to patrol the sidewalks outside its office, the San Francisco Business Times reported Dec. 8. The robot, produced by Silicon Valley startup Knightscope, was used to ensure that homeless people didn't set up camps outside of the nonprofit's office. It autonomously patrols a set area using a combination of Lidar and other sensors, and can alert security services of potentially criminal activity.

In a particularly dystopian move, it seems that the San Francisco SPCA adorned the robot it was renting with stickers of cute kittens and puppies, according to Business Insider, as it was used to shoo away the homeless from near its office. San Francisco recently voted to cut down on the number of robots that roam the streets of the city, which has seen an influx of small delivery robots in recent years. The city said it would issue the SPCA a fine of $1,000 per day for illegally operating on a public right-of-way if it continued to use the security robot outside its premises, the San Francisco Business Times said.

AI

Google To Open AI Center In China Despite Search Ban (bbc.com) 38

An anonymous reader quotes a report from BBC: Google is deepening its push into artificial intelligence (AI) by opening a research center in China, even though its search services remain blocked in the country. Google said the facility would be the first its kind in Asia and would aim to employ local talent. In a blog post on the company's website, Google said the new research center was an important part of its mission as an "AI first company." "Whether a breakthrough occurs in Silicon Valley, Beijing or anywhere else, [AI] has the potential to make everyone's life better for the entire world," said Fei-Fei Li, chief scientist at Google Cloud AI and Machine Learning. The research center, which joins similar facilities in London, New York, Toronto and Zurich, will be run by a small team from its existing office in Beijing. The tech giant operates two offices in China, with roughly half of its 600 employees working on global products, company spokesperson Taj Meadows told the AFP news agency. But Google's search engine and a number of other services are banned in China. The country has imposed increasingly strict rules on foreign companies over the past year, including new censorship restrictions.
Android

Andy Rubin's Essential Phone Considered Anything But (theregister.co.uk) 149

An anonymous reader shares a report: Andy Rubin's ambitions to create a new consumer electronics ecosystem are floundering at base camp. Sales of Essential's phone, which forms a key part of the strategy, are tepid. Google Play reports a mere 50,000 download of Essential's Camera app so far, the Android Police blog notes. This doesn't paint the full picture, but it can be assumed a fairly complete one, barring a few brush strokes. Essential launched in the US with support from Sprint, at a recommended SIM-free retail price of $699. After reported sales of just five thousand in the first month, this was slashed to $499 and could be grabbed for $399 in the post-Thanksgiving sales. As devices from different manufacturers proliferate in the home, Rubin has alluded to "a new operating system so it can speak all those protocols and it can do it securely and privately." But rather than launching a new software platform he's had to launch hardware.
AI

What Does Artificial Intelligence Actually Mean? (qz.com) 130

An anonymous reader writes: A new bill (pdf) drafted by senator Maria Cantwell asks the Department of Commerce to establish a committee on artificial intelligence to advise the federal government on how AI should be implemented and regulated. Passing of the bill would trigger a process in which the secretary of commerce would be required to release guidelines for legislation of AI within a year and a half. As with any legislation, the proposed bill defines key terms. In this, we have a look at how the federal government might one day classify artificial intelligence. Here are the five definitions given:

A) Any artificial systems that perform tasks under varying and unpredictable circumstances, without significant human oversight, or that can learn from their experience and improve their performance. Such systems may be developed in computer software, physical hardware, or other contexts not yet contemplated. They may solve tasks requiring human-like perception, cognition, planning, learning, communication, or physical action. In general, the more human-like the system within the context of its tasks, the more it can be said to use artificial intelligence.
B) Systems that think like humans, such as cognitive architectures and neural networks.
C) Systems that act like humans, such as systems that can pass the Turing test or other comparable test via natural language processing, knowledge representation, automated reasoning, and learning.
D) A set of techniques, including machine learning, that seek to approximate some cognitive task.
E) Systems that act rationally, such as intelligent software agents and embodied robots that achieve goals via perception, planning, reasoning, learning, communicating, decision-making, and acting.

Businesses

Trump Signs Into Law US Government Ban on Kaspersky Lab Software (reuters.com) 138

President Donald Trump signed into law on Tuesday legislation that bans the use of Kaspersky Lab within the U.S. government, capping a months-long effort to purge the Moscow-based antivirus firm from federal agencies amid concerns it was vulnerable to Kremlin influence. From a report: The ban, included as part of a broader defense policy spending bill that Trump signed, reinforces a directive issued by the Trump administration in September that civilian agencies remove Kaspersky Lab software within 90 days. The law applies to both civilian and military networks. "The case against Kaspersky is well-documented and deeply concerning. This law is long overdue," said Democratic Senator Jeanne Shaheen, who led calls in Congress to scrub the software from government computers. She added that the company's software represented a "grave risk" to U.S. national security.
Twitter

Twitter Officially Launches 'Threads,' a New Feature For Easily Posting Tweetstorms (techcrunch.com) 47

New submitter FatdogHaiku writes: For those people that must use multiple tweets to rant (or educate) on Twitter, a feature called "Threads" is being rolled out to aid in creating "tweetstorms" (i.e. gang tweets). Given how tweetstorms are normally used, how about we call them twitphoons? TechCrunch explains just how easy to use the new threads feature is: "There's now a new plus ('+') button in the composer screen where you can type out your series of tweets. Each line represents one tweet, with a character limit of 280 as per usual. You can also add the same amount of media -- like GIFs, images, videos, and more -- to any individual tweet in the thread, as you could on Twitter directly. When you're finished with one tweet, you just tap in the space below to continue your thread. While writing out your tweetstorm, you can go back and edit the tweets at any time as they're still in draft format. When you're ready to post, you tap the 'Tweet all' button at the top to send the stream to Twitter. (Twitter will pace the tweets' posting a bit so they don't all hit at once.)"

"In addition, another handy feature allows you to go back and update a thread by adding new tweets after it already posted," adds TechCrunch. "To do so, you'll write out the new tweet after tapping the 'Add another Tweet' button. This lets you continue to update a thread forever -- something Twitter CEO Jack Dorsey already does with his own threads, for example. Twitter tells us there's currently a limit of 25 entries in a thread, but that number may be subject to change depending on how the feature is adopted by the wider user base."
IT

Tech Support Scammers Invade Spotify Forums To Rank in Search Engines (bleepingcomputer.com) 33

Tech support scammers have been aggressively posting on Spotify forums to inject their phone numbers in a bid to vastly improve their odds of showing up on Google and Bing search results, a new report claims. And that bet seems to be working. From the report: They do this by submitting a constant stream of spam posts to the Spotify forums, whose pages tend to rank well in Google. While this behavior causes the Spotify forums to become harder to use for those who have valid questions, the bigger problem is that it allows tech support scammers to rank extremely well and trick unknowing callers into purchasing unnecessary services and software. BleepingComputer was alerted to this problem by security researcher Cody Johnston who started to see an alarming amount of tech support scam phone numbers being listed in Google search results through indexed Spotify forum posts. The tech support scams being posted to Spotify include Tinder, Linksys, AOL, Turbotax, Coinbase, Amazon, Apple, Microsoft, Norton, McAfee and more.

Slashdot Top Deals