Mickeycaskill writes: Jim Zemlin, executive director of the Linux Foundation, has outlined the organization's plans to improve open source security. He says failing to do so could threaten a "golden age" which has created billion dollar companies and seen Microsoft, Apple, and others embrace open technologies. Not long ago, the organization launched the Core Infrastructure Initiative (CII), a body backed by 20 major IT firms, and is investing millions of dollars in grants, tools, and other support for open source projects that have been underfunded. This was never move obvious than following the discovery of the Heartbleed Open SSL bug last year. "Almost the entirety of the internet is entirely reliant on open source software," Zemlin said. "We've reached a golden age of open source. Virtually every technology and product and service is created using open source. Heartbleed literally broke the security of the Internet. Over a long period of time, whether we knew it or not, we became dependent on open source for the security and Integrity of the internet."
An anonymous reader writes: Mozilla announced that it will follow the lead of Google Chrome and Microsoft Edge in phasing out support for NPAPI plugins. They expect to have it done by the end of next year. "Plugins are a source of performance problems, crashes, and security incidents for Web users. ... Moreover, since new Firefox platforms do not have to support an existing ecosystem of users and plugins, new platforms such as 64-bit Firefox for Windows will launch without plugin support." Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture." There's no exception for Java, though.
Artem Tashkinov writes: Researchers from Dutch and Singapore universities have successfully carried out an initial attack on the SHA-1 hashing algorithm by finding a collision at the SHA1 compression function. They describe their work in the paper "Freestart collision for full SHA-1". The work paves the way for full SHA-1 collision attacks, and the researchers estimate that such attacks will become reality at the end of 2015. They also created a dedicated web site humorously called The SHAppening.
Perhaps the call to deprecate the SHA-1 standard in 2017 in major web browsers seems belated and this event has to be accelerated.
Perhaps the call to deprecate the SHA-1 standard in 2017 in major web browsers seems belated and this event has to be accelerated.
theodp writes: Android users have long complained publicly that it's way too easy to accidentally dial 911. So it's pretty astonishing that it took a team of Google Researchers and San Francisco Department of Emergency Management government employees to figure out that butt-dialing was increasing the number of 911 calls. The Google 9-1-1 Team presented its results in How Googlers helped San Francisco Use Data Science to Understand a Surge in 911 Calls, a Google-sponsored presentation at the Code for America Summit, and in San Francisco's 9-1-1 Call Volume Increase, an accompanying 26-page paper.
Mark Wilson writes: With Apple embracing ad blocking and the likes of AdBlock Plus proving more popular than ever, content blocking is making the headlines at the moment. There are many sides to the debate about blocking ads — revenue for sites, privacy concerns for visitors, speeding up page loads times (Google even allows for the display of ads with its AMP Project), and so on — but there are no signs that it is going to go away. Getting in on the action, Mozilla has set out what it believes are some reasonable principles for content blocking that will benefit everyone involved. Three cornerstones have been devised with a view to ensuring that content providers and content consumers get a fair deal, and you can help to shape how they develop.
An anonymous reader writes: Volvo has announced it will accept "full liability" for accidents when one of its cars is driving autonomously. It joins Mercedes and Google in this claim, hoping to convince regulators that it's worthwhile to allow testing of such vehicles on public roads. Volvo's CTO said, "Everybody is aware of the fact that driverless technology will never be perfect — one day there will be an accident. So the question becomes who is responsible and we think it's unrealistic to put that responsibility on our customers." Of course, this is limited to flaws in the self-driving system. If the driver does something inappropriate, or if another vehicle causes the accident, then they're still liable. It's also questionable how the courts would treat a promise for liability, but presumably this can be cleared up with agreements when customers start actually using the technology.
itwbennett writes: Apple is splitting the manufacture of the A9 processor for its iPhone 6s between TSMC (~60%) and rival Samsung (~40%) — "and they are not created equal," writes Andy Patrizio. For starters, Chipworks noted that Samsung uses 14nm while TSMC uses 16nm. A Reddit user posted tests of a pair of 6s Plus phones and found the TSMC chip had eight hours of battery life vs. six hours for the Samsung. Meanwhile, benchmark tests from the folks at MyDriver (if Mr. Patrizio's efforts with Google Translate got it right) also found that the Samsung chip is a bigger drain on the phone's battery, while the TSMC chip is slightly faster and runs a bit cooler. So how do you know which chip you got? There's an app for that.
An anonymous reader writes: According to two unnamed Reuters sources the IP address of Lyft CTO Chris Lambert has been revealed by Uber's investigations to be associated with the accessing of a security key that was accidentally deposited on GitHub in 2014 and used to access 50,000 database records of Uber drivers later that year. However, bearing in mind that the breach was carried out through a fiercely protectionist Scandinavian VPN, and that Lambert was a Google software engineer before become CTO of a major technology company, it does seem surprising that he would have accessed such sensitive data with his own domestic IP address.
New submitter tanstaaf1 writes: I was thinking about the whole tracking and privacy train-wreck and I'm wondering why specific information on how it is done, and how it can be micromanaged or undone by a decent programmer (at least), isn't vastly more accessible? By searching, I can only find information on how to erase cookies using the browser. Browser level (black box) solutions aren't anywhere near good enough; if it were, the exploits would be few and far between instead everywhere everyday. Read below for the rest of tanstaaf1's question.
merbs writes: If all goes according to plan, the world's first private lunar mission will be launched just two years from now. SpaceIL, an Israeli nonprofit, has secured a launch contract with Spaceflight Industries, and will aim to land a rover on the moon in the second half of 2017. It's the first such launch contract to be verified by the $30 million Google Lunar XPrize competition. Another group called Moon Express has signed a deal with New Zealand-based company, Rocket Lab, to launch and put a lander on the lunar surface 2017.
An anonymous reader writes: A post by security company Avast says not only are a large amount of fake apps available from the third-party marketplace of the Windows Phone Store, but they also remain available for quite a while despite negative comments and other flags from end-users. Avast speculates that improved security and auditing procedures at rival stores such as Google Play account for the increasing attention that fake app-publishers are giving to the Windows phone app market.
countach44 writes: As reported in number 5 of this list from Motor Trend, Porsche went with Apple over Google for the infotainment system in its new 911. Apparently, Android Auto wants vehicle data (throttle position, speed, coolant temp, etc.) whereas Apple Play only needs to know if the car is in motion. Naturally, people are curious what Google, as a company building its own car, wants that data for.
alphadogg writes: LTE-U is a technology developed by Qualcomm that lets a service provider broadcast and receive signals over unlicensed spectrum, which is usable by anybody – specifically, in this case, the spectrum used by Wi-Fi networks in both businesses and homes. By opening up this new spectrum, major U.S. wireless carriers hope to ease the load on the licensed frequencies they control and help their services keep up with demand. Unsurprisingly, several outside experiments that pitted standard LTE technology or 'simulated LTE-U' technology, in the case of one in-depth Google study, against Wi-Fi transmitters on the same frequencies found that LTE drastically reduced the throughput on the Wi-Fi connection.
Sique writes: Europe's highest court ruled on Tuesday that a widely used international agreement for moving people's digital data between the European Union and the United States was invalid. The decision, by the European Court of Justice, throws into doubt how global technology giants like Facebook and Google can collect, manage and analyze online information from their millions of users in the 28-member bloc. The court decreed that the data-transfer agreement was invalid as of Tuesday's ruling. New submitter nava68 adds links to coverage at the Telegraph; also at TechWeek Europe. From TechWeek Europe's article: The ruling was the court’s final decision in a data-protection case brought by 27-year-old Austrian law student Max Schrems against the Irish data protection commissioner. That case, in turn, was spurred by Schrems’ concerns over the collection of his personal data by Facebook, whose European headquarters is in Ireland, and the possibility that the data was being handed over to US intelligence services.
An anonymous reader writes: Google's new advertising product, called Customer Match, lets advertisers upload their customer and promotional email address lists into AdWords. The new targeting capability extends beyond search to include both YouTube Trueview ads and the newly launched native ads in Gmail. Customer Match marks the first time Google has allowed advertisers to target ads against customer-owned data in Adwords. Google matches the email addresses against those of signed-in users on Google. Individual addresses are hashed and are supposedly anonymized. Advertisers will be able to set bids and create ads specifically geared to audiences built from their email lists. This new functionality seems to make de-anonymization of google's supposedly proprietary customer data just a hop, skip and jump away. If you can specify the list of addresses that get served an ad, and the criteria like what search terms will trigger that ad, you can detect if and when your target searches for specific terms. For example, create an email list that contains your target and 100 invalid email addresses that no one uses (just in case google gets wise to single-entry email lists). Repeat as necessary for as many keywords and as many email addresses that you wish to monitor.
theodp writes: In an interesting contrast to the Disney princess-themed Hour of Code tutorial that 'taught President Obama to code' last December, Chile is kicking off its 2015 Hora del Codigo this week with a top-featured Blockly tutorial that teaches computer science by having kids drag-and-drop blocks of code to pick up dog poop. "Collect all the shit you have left your dog," reads the Google translated instructions for the final coding exercise. In its new video for the Hour of Code 2015 campaign, tech billionaire-backed Code.org notes that it's striving to reach 200 million schoolchildren worldwide by this December. Presumably towards that end, Code.org warns that it will penalize Computer Science tutorials that "work only in English."
CNet, The Verge, and many other outlets are reporting that with the official transition of Google (as overarching company) to Google, a subsidiary of Alphabet, Google's made another change that's caught a lot of people's attention: the company has swapped out their famous motto "Don't be evil" for one with a slightly different ring: "Do the right thing." Doing the right thing sounds like a nice thing to aspire to, but doesn't seem quite as exciting.
MarkWhittington writes: According to a story in Space.com, Moon Express, one of the leading contestants in the Google Lunar X Prize competition, has made a giant leap toward its goal of being the first private group to land on the moon. The company has signed a contract with Rocket Lab, a new launch company based in New Zealand, for five launches of its upcoming Electron rocket. The first two launches will take place in 2017 and will be attempts to land the MX-1 lander on the lunar surface in time to win the prize by the current deadline by the end of that year.