Businesses

Disastrous 'Pokemon Go' Event Leads To Mass Refunds (techcrunch.com) 145

thegarbz writes: A Pokemon Go Fest hosted in Chicago and attended by between 15-20,000 people has ended in disaster. The event was plagued by logistical issues resulting in 3+ hour long delays getting into Chicago's Grant Park... Those people who were lucky enough to get into the paid event were greeted with a completely overloaded cell network unable to cope with the number of people trying to get online at the same time. The occasional person who was able to connect experienced a never ending string of game-breaking bugs when attempting to catch the rare Pokemon created specifically for this event.
Gaming company Niantic finally just gave a rare Pokemon Go character to everyone who attended -- though one attendee still called it a "horrible, terrible day." The Kansas City Star reported some people had paid as much as $400 for their tickets -- which had sold out within minutes -- and that some attendees had even started lining up for the event at 6 a.m.
Microsoft

Microsoft Launches A Counterattack Against Russia's 'Fancy Bear' Hackers (thedailybeast.com) 78

Kevin Poulsen writes on the Daily Beast: It turns out Microsoft has something even more formidable than Moscow's malware: Lawyers. Last year attorneys for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft's trademarks... Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear... Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them. These are addresses like "livemicrosoft[.]net" or "rsshotmail[.]com" that Fancy Bear registers under aliases for about $10 each. Once under Microsoft's control, the domains get redirected from Russia's servers to the company's, cutting off the hackers from their victims, and giving Microsoft a omniscient view of that servers' network of automated spies. "In other words," Microsoft outside counsel Sten Jenson explained in a court filing last year, "any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server."
Encryption

Let's Encrypt Criticized Over Speedy HTTPS Certifications (threatpost.com) 178

100 million HTTPS certificates were issued in the last year by Let's Encrypt -- a free certificate authority founded by Mozilla, Cisco and the Electronic Frontier Foundation -- and they're now issuing more than 100,000 HTTPS certificates every day. Should they be performing more vetting? msm1267 shared this article from Kaspersky Lab's ThreatPost blog: [S]ome critics are sounding alarm bells and warning that Let's Encrypt might be guilty of going too far, too fast, and delivering too much of a good thing without the right checks and balances in place. The primary concern has been that while the growth of SSL/TLS encryption is a positive trend, it also offers criminals an easy way to facilitate website spoofing, server impersonation, man-in-the-middle attacks, and a way to sneak malware through company firewalls... Critics do not contend Let's Encrypt is responsible for these types of abuses. Rather, because it is the 800-pound gorilla when it comes to issuing basic domain validation certificates, critics believe Let's Encrypt could do a better job vetting applicants to weed out bad actors... "I think there should be some type of vetting process. That would make it more difficult for malicious actors to get them," said Justin Jett, director of audit and compliance at Plixer, a network traffic analytics firm...

Josh Aas, executive director of the Internet Security Research Group, the organization that oversees Let's Encrypt, points out that its role is not to police the internet, rather its mission is to make communications secure. He added that, unlike commercial certificate authorities, it keeps a searchable public database of every single domain it issues. "When people get surprised at the number of PayPal phishing sites and get worked up about it, the reason they know about it is because we allow anyone to search our records," he said. Many other certificate authorities keep their databases of issued certificates private, citing competitive reasons and that customers don't want to broadcast the names of their servers... The reason people treat us like a punching bag is that we are big and we are transparent. "

The criticism intensified after Let's Encrypt announced they'd soon offer wildcard certificates for subdomains. But the article also cites security researcher Scott Helme, who "argued if encryption is to be available to all then that includes the small percent of bad actors. 'I don't think it's for Signal, or Let's Encrypt, to decide who should have access to encryption."
Google

Linus Torvalds Now Reviews Gadgets On Google+ (zdnet.com) 50

An anonymous reader quotes ZDNet: If you know anything about Linus Torvalds, you know he's the mastermind and overlord of Linux. If you know him at all well, you know he's also an enthusiastic scuba diver and author of SubSurface, a do-it-all dive log program. And, if you know him really well, you'd know, like many other developers, he loves gadgets. Now, he's starting his own gadget review site on Google+: Working Gadgets...

"[W]hile waiting for my current build to finish, I decided to write a note about some of the gadgets I got that turned out to work, rather than all the crazy crap that didn't. Because while 90% of the cool toys I buy aren't all that great, there's still the ones that actually do live up to expectations. So the rule is: no rants. Just good stuff. Because this is about happy gadgets."

So far Linus has reviewed an automatic cat litter box, a scuba diving pressure regulator, and a Ubiquiti UniFi Wi-Fi access point that complements his Google WiFi mesh network.

Linus will be great at this. Just last week I saw him recommending a text editor.
Businesses

Verizon Accused of Throttling Netflix and YouTube, Admits To 'Video Optimization' (arstechnica.com) 51

New submitter dgatwood writes: According to an Ars Technica article, Verizon recently began experimenting with throttling of video traffic. The remarkable part of this story is not that a wireless ISP would throttle video traffic, but rather that Verizon's own Go90 video platform is also affected by the throttling. From the article, "Verizon Wireless customers this week noticed that Netflix's speed test tool appears to be capped at 10Mbps, raising fears that the carrier is throttling video streaming on its mobile network. When contacted by Ars this morning, Verizon acknowledged using a new video optimization system but said it is part of a temporary test and that it did not affect the actual quality of video. The video optimization appears to apply both to unlimited and limited mobile plans. But some YouTube users are reporting degraded video, saying that using a VPN service can bypass the Verizon throttling."
If even Verizon can get on board with throttling sans paid prioritization, why is Comcast so scared of the new laws that are about to go into effect banning it?

Network

Senator Doesn't Buy FCC Justification For Killing Net Neutrality (dslreports.com) 39

From a report: Senator Edward Markey this week questioned FCC boss Ajit Pai's justifications for killing popular net neutrality rules in a hearing in Washington. We've noted repeatedly that while large ISPs claim net neutrality killed broadband investment, objective analysis repeatedly finds that to be a lie. That's not just based on publicly-available SEC filings and earnings reports, but the industry's own repeated comments to investors and analysts. But that doesn't stop AT&T, Verizon, Comcast and Charter (and the ocean of politicians, think tankers, consultants and other PR vessels they employ to make this misleading argument in the media on a daily basis) from making the claim anyway. And while Pai once again this week breathlessly proclaimed that net neutrality put a damper on network investment, Markey simply wasn't having it. "Publicly traded companies are required by law to provide investors accurate financial information, including reporting any risks or financial burdens," Markey said. "However, I have found no publicly traded ISP that has reported to its investors by law that Title II has negatively impacted investment in their networks. Many, in fact, have increased deployment and investment."
Transportation

Lyft Launches a New Self-driving Division and Will Develop Its Own Autonomous Ride-hailing Technology (techcrunch.com) 49

An anonymous reader shares a report: Lyft is betting the future of the road centers on sharing autonomous vehicles. It aims to be at the forefront of that technology with a new self-driving division and a self-driving system car manufacturers could plug into their self-driving cars. The company expects to hire "hundreds" of people for the new division by the end of next year and has just signed a lease for 50,000-square-feet on the first floor of a Palo Alto facility where it plans to build out several labs and open testing spaces. The building Lyft refers to as "Level 5" will be developing its new "open self-driving platform" and a combination hardware and software system still in development. Lyft hopes auto manufacturers will then bring in a fleet of autonomous cars to its ride-hailing network. The plan is somewhat similar to one Uber announced earlier. Lyft's larger rival uses Volvo's XC90 to test its self-driving tech on the roads. Uber announced earlier this year it was also partnering with Daimler to operate self-driving cars on its network.
Ubuntu

Ask Slashdot: Ubuntu 18.04 LTS Desktop Default Application Survey 279

Dustin Kirkland, Ubuntu Product and Strategy at Canonical, writes: Howdy all- Back in March, we asked the HackerNews community, "What do you want to see in Ubuntu 17.10?": https://ubu.one/AskHN. A passionate discussion ensued, the results of which are distilled into this post: http://ubu.one/thankHN. In fact, you can check that link, http://bit.ly/thankHN and see our progress so far this cycle. We already have a beta code in 17.10 available for your testing for several of those:

- GNOME replaced Unity
- Bluetooth improvements with a new BlueZ
- Switched to libinput
- 4K/Multimonitor/HiDPI improvements
- Upgraded to Network Manager 1.8
- New Subiquity server installer
- Minimal images (36MB, 18% smaller)

And several others have excellent work in progress, and will be complete by 17.10:

- Autoremove old kernels from /boot
- EXT4 encryption with fscrypt
- Better GPU/CUDA support

In summary -- your feedback matters! There are hundreds of engineers and designers working for *you* to continue making Ubuntu amazing! Along with the switch from Unity to GNOME, we're also reviewing some of the desktop applications we package and ship in Ubuntu. We're looking to crowdsource input on your favorite Linux applications across a broad set of classic desktop functionality. We invite you to contribute by listing the applications you find most useful in Linux in order of preference.


Click through for info on how to contribute.
AI

IBM's AI Can Predict Schizophrenia With 74 Percent Accuracy By Looking at the Brain's Blood Flow (engadget.com) 92

Andrew Tarantola reports via Engadget: Schizophrenia is not a particularly common mental health disorder in America, affecting just 1.2 percent of the population or around 3.2 million people, but its effects can be debilitating. However, pioneering research conducted by IBM and the University of Alberta could soon help doctors diagnose the onset of the disease and the severity of its symptoms using a simple MRI scan and a neural network built to look at blood flow within the brain. The research team first trained its neural network on a 95-member dataset of anonymized fMRI images from the Function Biomedical Informatics Research Network which included scans of both patients with schizophrenia and a healthy control group. These images illustrated the flow of blood through various parts of the brain as the patients completed a simple audio-based exercise. From this data, the neural network cobbled together a predictive model of the likelihood that a patient suffered from schizophrenia based on the blood flow. It was able to accurately discern between the control group and those with schizophrenia 74 percent of the time. What's more, the model managed to also predict the severity of symptoms once they set in. The study has been published in the journal Nature.
Intel

Intel Launches Movidius Neural Compute Stick: 'Deep Learning and AI' On a $79 USB Stick (anandtech.com) 59

Nate Oh, writing for AnandTech: Today Intel subsidiary Movidius is launching their Neural Compute Stick (NCS), a version of which was showcased earlier this year at CES 2017. The Movidius NCS adds to Intel's deep learning and AI development portfolio, building off of Movidius' April 2016 launch of the Fathom NCS and Intel's later acquisition of Movidius itself in September 2016. As Intel states, the Movidius NCS is "the world's first self-contained AI accelerator in a USB format," and is designed to allow host devices to process deep neural networks natively -- or in other words, at the edge. In turn, this provides developers and researchers with a low power and low cost method to develop and optimize various offline AI applications. Movidius's NCS is powered by their Myriad 2 vision processing unit (VPU), and, according to the company, can reach over 100 GFLOPs of performance within an nominal 1W of power consumption. Under the hood, the Movidius NCS works by translating a standard, trained Caffe-based convolutional neural network (CNN) into an embedded neural network that then runs on the VPU. In production workloads, the NCS can be used as a discrete accelerator for speeding up or offloading neural network tasks. Otherwise for development workloads, the company offers several developer-centric features, including layer-by-layer neural networks metrics to allow developers to analyze and optimize performance and power, and validation scripts to allow developers to compare the output of the NCS against the original PC model in order to ensure the accuracy of the NCS's model. According to Gary Brown, VP of Marketing at Movidius, this 'Acceleration mode' is one of several features that differentiate the Movidius NCS from the Fathom NCS. The Movidius NCS also comes with a new "Multi-Stick mode" that allows multiple sticks in one host to work in conjunction in offloading work from the CPU. For multiple stick configurations, Movidius claims that they have confirmed linear performance increases up to 4 sticks in lab tests, and are currently validating 6 and 8 stick configurations. Importantly, the company believes that there is no theoretical maximum, and they expect that they can achieve similar linear behavior for more devices. Though ultimately scalability will depend at least somewhat with the neural network itself, and developers trying to use the feature will want to play around with it to determine how well they can reasonably scale. As for the technical specifications, the Movidius Neural Compute Stick features a 4Gb LPDDR3 on-chip memory, and a USB 3.0 Type A interface.
Mars

SpaceX Pulls the Plug On Its Red Dragon Plans (arstechnica.com) 158

SpaceX has largely confirmed the rumors that the company is no longer planning to send an uncrewed version of its Dragon spacecraft to Mars in 2020, or later. Ars Technica reports: The company had planned to use the propulsive landing capabilities on the Dragon 2 spacecraft -- originally developed for the commercial crew variant to land on Earth -- for Mars landings in 2018 or 2020. Previously, it had signed an agreement with NASA to use some of its expertise for such a mission and access its deep-space communications network. On Tuesday, however, during a House science subcommittee hearing concerning future NASA planetary science missions, Florida Representative Bill Posey asked what the agency was doing to support privately developed planetary science programs. Jim Green, who directs NASA's planetary science division, mentioned several plans about the Moon and asteroids, but he conspicuously did not mention Red Dragon. After this hearing, SpaceX spokesman John Taylor didn't return a response to questions from Ars about the future of Red Dragon. Then, during a speech Wednesday at the International Space Station Research and Development Conference, Musk confirmed that the company is no longer working to land Dragon propulsively for commercial crew.

"Yeah, that was a tough decision," Musk acknowledged Wednesday with a sigh. "The reason we decided not to pursue that heavily is that it would have taken a tremendous amount of effort to qualify that for safety for crew transport," Musk explained Wednesday. "There was a time when I thought the Dragon approach to landing on Mars, where you've got a base heat shield and side mounted thrusters, would be the right way to land on Mars. But now I'm pretty confident that is not the right way." Musk added that his company has come up with a "far better" approach to landing on Mars that will be incorporated into the next iteration of the company's proposed Mars transportation hardware.

AI

Researchers Have Figured Out How To Fake News Video With AI (qz.com) 85

An anonymous reader quotes a report from Quartz: A team of computer scientists at the University of Washington have used artificial intelligence to render visually convincing videos of Barack Obama saying things he's said before, but in a totally new context. In a paper published this month, the researchers explained their methodology: Using a neural network trained on 17 hours of footage of the former U.S. president's weekly addresses, they were able to generate mouth shapes from arbitrary audio clips of Obama's voice. The shapes were then textured to photorealistic quality and overlaid onto Obama's face in a different "target" video. Finally, the researchers retimed the target video to move Obama's body naturally to the rhythm of the new audio track. In their paper, the researchers pointed to several practical applications of being able to generate high quality video from audio, including helping hearing-impaired people lip-read audio during a phone call or creating realistic digital characters in the film and gaming industries. But the more disturbing consequence of such a technology is its potential to proliferate video-based fake news. Though the researchers used only real audio for the study, they were able to skip and reorder Obama's sentences seamlessly and even use audio from an Obama impersonator to achieve near-perfect results. The rapid advancement of voice-synthesis software also provides easy, off-the-shelf solutions for compelling, falsified audio. You can view the demo here: "Synthesizing Obama: Learning Lib Sync from Audio"
Communications

Telecom Lobbyists Downplayed 'Theoretical' Security Flaws in Mobile Data Backbone (vice.com) 33

An anonymous reader shares a report: According to a confidential document obtained by Motherboard, wireless communications lobby group CTIA took issue with an in-depth report by the Department of Homeland Security on mobile device security, including flaws with the SS7 network. In a white paper sent to members of Congress and the Department of Homeland Security, CTIA, a telecom lobbying group that represents Verizon, AT&T, and other wireless carriers, argued that "Congress and the Administration should reject the [DHS] Report's call for greater regulation" while downplaying "theoretical" security vulnerabilities in a mobile data network that hackers may be able to use to monitor phones across the globe, according to the confidential document obtained by Motherboard. However, experts strongly disagree about the threat these vulnerabilities pose, saying the flaws should be taken seriously before criminals exploit them. SS7, a network and protocol often used to route messages when a user is roaming outside their provider's coverage, is exploited by criminals and surveillance companies to track targets, intercept phone calls or sweep up text messages. In some cases, criminals have used SS7 attacks to obtain bank account two-factor authentication tokens, and last year, California Rep. Ted Lieu said that, for hackers, "the applications for this vulnerability are seemingly limitless."
Power

India is Rolling Out Trains With Solar-powered Coaches That'll Save Thousands of Litres of Diesel (qz.com) 135

An anonymous reader shares a report: India's massive diesel-guzzling railway network is getting serious about its experiments with solar. On July 14, Indian Railways rolled out its first train with rooftop solar panels that power the lights, fans, and information display systems inside passenger coaches. Although the train will still be pulled by a diesel-powered locomotive, a set of 16 solar panels atop each coach will replace the diesel generators that typically power these appliances. The railways estimate that a train with six solar-powered coaches could save around 21,000 litres (5,547 gallons) of diesel every year, worth around $108,000. In 2014, Indian Railways consumed 2.6 billion litres of diesel, accounting for around 70% to the network's total fuel bill of $4.4 billion. The first of these trains will be pressed into service on the suburban railway network of New Delhi, one of the world's most polluted cities, before two dozen more coaches are fitted with similar rooftop solar systems. Retrofitting each coach with these system, including an inverter to optimise power generation and battery for storing surplus power, costs around $14,000.
AMD

AMD Has No Plans To Release PSP Code (twitch.tv) 125

AMD has faced calls from Edward Snowden, Libreboot and the Reddit community to release the source code to the AMD Secure Processor (PSP), a network-capable co-processor which some believe has the capacity to act as a backdoor. But despite some signs earlier that it might consider opening the PSP code at some point, the chip-maker has now confirmed that there hasn't been a change of heart yet. "We have no plans on releasing it to the public," the company executives said in a tech talk (video).
Social Networks

Nearly 90,000 Sex Bots Invaded Twitter in 'One of the Largest Malicious Campaigns Ever Recorded on a Social Network' (gizmodo.com) 53

An anonymous reader shares a report: Last week, Twitter's security team purged nearly 90,000 fake accounts after outside researchers discovered a massive botnet peddling links to fake "dating" and "romance" services. The accounts had already generated more than 8.5 million posts aimed at driving users to a variety of subscription-based scam websites with promises of -- you guessed it -- hot internet sex. The accounts were first identified by ZeroFOX, a Baltimore-based security firm that specializes in social-media threat detection. The researchers dubbed the botnet "SIREN" after sea-nymphs described in Greek mythology as half-bird half-woman creatures whose sweet songs often lured horny, drunken sailors to their rocky deaths. ZeroFOX's research into SIREN offers a rare glimpse into how efficient scammers have become at bypassing Twitter's anti-spam techniques. Further, it demonstrates how effective these types of botnets can be: The since-deleted accounts collectively generated upwards of 30 million clicks -- easily trackable since the links all used Google's URL shortening service.
Network

Mesh Networking Comes To Bluetooth, Which Could Set Off a New Wave of Smart Buildings (geekwire.com) 70

One of the most widely used technologies in mobile computing is getting an important upgrade that could accelerate the development of the smart home and industrial internet. From a report: The Bluetooth Special Interest Group, the Kirkland, Wash.-based group that enforces compatibility among the billions of devices that use the short-range Bluetooth wireless technology, plans to announce Tuesday that the standard now supports mesh networking. Mesh networks connect a variety of access points and devices across a distributed network, rather than the one-to-one connection that currently exists between your smartphone and that headset that makes you look ridiculous. This approach dramatically improves the range and reliability of a wireless network, since information can be relayed across several different devices rather than having to stretch between two far-apart devices. And if part of the network goes offline, mesh technology has the capability to route around that outage and still carry out its original mission. Wi-Fi networks have also been getting in on this mesh networking act, which has an additional bonus: mesh networks are much easier to set up than traditional wireless networks.
Google

Google Glass Makes an Official Return (cnbc.com) 106

Alphabet's Google has officially launched the "Enterprise Edition" of its smart glasses hardware, which is now available to a network of Google partners. From a report: The company's developer partners range from logistics and manufacturing to patient care. These apps have long-been involved with Glass through the business-focused "Glass at Work" program. In a blog post Tuesday, Google Glass project leader Jay Kothari said partners such as GE Aviation, AGCO, DHL, Dignity Health, NSF International, Sutter Health, Boeing and Volkswagen have been using Glass over the past several years, and make up just a sampling of 50 companies using the wearable. Wired said several of these companies found the original Google Glass to be very useful in factories and other enterprise environments. Google discovered this and began work on a product built by a team dedicated to building a new version of Glass for the enterprise. According to Kothari, the Google Glass Enterprise Edition glasses are lighter and more "comfortable for long term wear." They also offer more power and longer battery life and, offer support for folks with prescription lenses, Wired said. The glasses, too, are stronger and do double duty as safety glasses. Further reading: Google Glass 2.0 Is a Startling Second Act.
Microsoft

US Appeals Court Upholds Nondisclosure Rules For Surveillance Orders (reuters.com) 53

An anonymous reader shares a report: A U.S. federal appeals court on Monday upheld nondisclosure rules that allow the FBI to secretly issue surveillance orders for customer data to communications firms, a ruling that dealt a blow to privacy advocates. A unanimous three-judge panel on the 9th U.S. Circuit Court of Appeals in San Francisco sided with a lower court ruling in finding that rules permitting the FBI to send national security letters under gag orders are appropriate and do not violate the First Amendment of the U.S. Constitution's free speech protections. Content distribution firm CloudFlare and phone network operator CREDO Mobile had sued the government in order to notify customers of five national security letters received between 2011 and 2013.
Security

It's Trivially Easy to Hack into Anybody's Myspace Account (vice.com) 68

If you are one of the almost half a billion people who at some point used to be on Myspace, the hottest social network of the early 2000s, you should know that almost anyone can hack into your account. From a report: Myspace offers a mechanism to recover an account for people who have lost access to their old associated email address. A security researcher has discovered that it's relatively easy to abuse this mechanism to hack into anyone's account. All a wannabe hacker needs is the target's full name, username, and date of birth. Security researcher Leigh-Anne Galloway disclosed the vulnerability on Monday. She says she informed Myspace about the vulnerability almost three months ago and the site hasn't acknowledged or fixed it.

Slashdot Top Deals