Nintendo

The 'Unpatchable' Exploit That Makes Every Current Nintendo Switch Hackable (arstechnica.com) 27

An anonymous reader quotes a report from Ars Technica: A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusee Gelee coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch. "Fusee Gelee isn't a perfect, 'holy grail' exploit -- though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ. The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code. The exploit can't be fixed via a downloadable patch because the flawed bootROM can't be modified once the Tegra chip leaves the factory. As Temkin writes, "unfortunately, access to the fuses needed to configure the device's ipatches was blocked when the ODM_PRODUCTION fuse was burned, so no bootROM update is possible. It is suggested that consumers be made aware of the situation so they can move to other devices, where possible." Ars notes that Nintendo may however be able to detect "hacked" systems when they sign on to Nintendo's servers. "The company could then ban those systems from using the Switch's online functions."
Google

Google Accused of Showing 'Total Contempt' for Android Users' Privacy (bleepingcomputer.com) 33

On the heels of a terse privacy debate, Google may have found another thing to worry about: its attempt to rethink the traditional texting system. From a report: Joe Westby is Amnesty International's Technology and Human Rights researcher. Recently, in response to Google's launch of a new messaging service called "Chat", Westby argued that Google, "shows total contempt for Android users' privacy."

"With its baffling decision to launch a messaging service without end-to-end encryption, Google has shown utter contempt for the privacy of Android users and handed a precious gift to cybercriminals and government spies alike, allowing them easy access to the content of Android users' communications. Following the revelations by CIA whistleblower Edward Snowden, end-to-end encryption has become recognized as an essential safeguard for protecting people's privacy when using messaging apps. With this new Chat service, Google shows a staggering failure to respect the human rights of its customers," Westby contended. Westby continued, saying: "In the wake of the recent Facebook data scandal, Google's decision is not only dangerous but also out of step with current attitudes to data privacy."

The Internet

Net Neutrality Is Over Monday, But Experts Say ISPs Will Wait To Screw Us (inverse.com) 207

An anonymous reader quotes a report from Inverse: Parts of the Federal Communication Commission's repeal of net neutrality is slated to take effect on April 23, causing worry among internet users who fear the worst from their internet service providers. However, many experts believe there won't be immediate changes come Monday, but that ISPs will wait until users aren't paying attention to make their move. "Don't expect any changes right out of the gate," Dary Merckens, CTO of Gunner Technology, tells Inverse. Merckens specializes in JavaScript development for government and business, and sees why ISPs would want to lay low for a while before enacting real changes. "It would be a PR nightmare for ISPs if they introduced sweeping changes immediately after the repeal of net neutrality," he says.

While parts of the FCC's new plan will go into effect on Monday, the majority of the order still doesn't have a date for when it will be official. Specific rules that modify data collection requirements still have to be approved by the Office of Management and Budget, and the earliest that can happen is on April 27. Tech experts and consumer policy advocates don't expect changes to happen right away, as ISPs will likely avoid any large-scale changes in order to convince policymakers that the net neutrality repeal was no big deal after all.

Power

White House Reportedly Exploring Wartime Rule To Help Coal, Nuclear (arstechnica.com) 269

An anonymous reader quotes a report from Ars Technica: According to reports from Bloomberg and E&E News, the Trump Administration has been exploring another way to help coal and nuclear generators: the Defense Production Act of 1950. The Act was passed under President Truman. Motivated by the Korean War, it allows the president broad authority to boost U.S. industries that are considered a priority for national security. On Thursday, E&E News cited sources that said "an interagency process is underway" at the White House to examine possible application of the act to the energy industry. The goal would be to give some form of preference to coal and nuclear plants that are struggling to compete with cheap natural gas.

If the DOE decides not to invoke Section 202(c), the president may turn to the Defense Production Act. According to a 2014 summary report (PDF) from the Congressional Research Service (CRS), the act would allow the president to "demand priority for defense-related products," "provide incentives to develop, modernize, and expand defense productive capacity," and establish "a voluntary reserve of trained private sector executives available for emergency federal employment," among other powers. (Some even more permissive applications of the Act were terminated in 1957.) Using the Act to protect coal and nuclear facilities would almost certainly be more controversial, as the link between national defense and keeping uneconomic coal generators running is not well-established.
The Administration could apply the Act to "provide or guarantee loans to industry" for material-specific deliveries and production. "The president may also authorize the purchase of 'industrial items or technologies for installation in government or private industrial facilities,'" reports Ars.
Businesses

SmugMug Buys Flickr, Vows To Revitalize the Photo Service (usatoday.com) 60

On Friday, Silicon Valley photo-sharing and storage company SmugMug announced it had acquired Flickr, the photo-sharing site created in 2004 by Ludicorp and acquired in 2005 by Yahoo. SmugMug CEO Don MacAskill told USA TODAY he's committed to revitalizing the faded social networking site, which hosted photos and videos long before it became trendy. Flickr will reportedly continue to operate separately, and SmugMug and Flickr accounts will "remain separate and independent for the foreseeable future." From the report: He declined to disclose the terms of the deal, which closed this week. "Flickr is an amazing community, full of some of the world's most passionate photographers. It's a fantastic product and a beloved brand, supplying tens of billions of photos to hundreds of millions of people around the world," MacAskill said. "Flickr has survived through thick-and-thin and is core to the entire fabric of the Internet." The surprise deal ends months of uncertainty for Flickr, whose fate had been up in the air since last year when Yahoo was bought by Verizon for $4.5 billion and joined with AOL in Verizon's Oath subsidiary.
Businesses

Many Amazon Warehouse Workers are on Food Stamps (theintercept.com) 391

Many of Amazon's warehouse workers have to buy their groceries with food stamps through America's Supplemental Nutrition Assistance Program, reports the Intercept. In Arizona, new data suggests that one in three of the company's own employees depend on SNAP to put food on the table. In Pennsylvania and Ohio, the figure appears to be around one in 10. Overall, of five states that responded to a public records request for a list of their top employers of SNAP recipients, Amazon cracked the top 20 in four.

Though the company now employs 200,000 people in the United States, many of its workers are not making enough money to put food on the table... "The average warehouse worker at Walmart makes just under $40,000 annually, while at Amazon would take home about $24,300 a year," CNN reported in 2013. "That's less than $1,000 above the official federal poverty line for a family of four."

In addition Amazon uses temp workers who may also be on food stamps, notes the article, adding that in 2017 Amazon received $1.2 billion in state and local subsidies, while effectively paying no federal income tax.

"The American people are financing Amazon's pursuit of an e-commerce monopoly every step of the way: first, with tax breaks, subsidies, and infrastructure improvements meant to lure fulfillment centers into town, and later with federal transfers to pay for warehouse workers' food."
Power

Can Tesla's Batteries Power Puerto Rico? (electrek.co) 85

An anonymous reader quotes Electrek: Almost 1 million ratepayers of the Puerto Rican Electric Power Authority on the island of Puerto Rico were reportedly without power Wednesday during an island-wide blackout. But a few hundred locations with Tesla Energy storage systems were able to keep the lights on, according to CEO Elon Musk... Some of those locations include very critical services. For example, Tesla deployed a series of Powerpack systems on the Puerto Rican islands of Vieques and Culebra for a sanitary sewer treatment plant, the Arcadia water pumping station, the Ciudad Dorada elderly community, the Susan Centeno hospital, and the Boys and Girls Club of Vieques. Furthermore, the automaker's energy division also deployed a solar+battery system at a hospital in Puerto Rico...

It was also reported that the Puerto Rican government was considering Tesla's plan for a series of microgrids to help bring back power on a larger scale. The government has confirmed that they "presented several projects in remote areas that would allow entire communities to be more independent" and they also "presented a proposal to the Authority for Public-Private Partnerships for the deployment of a large-scale battery system designed to help stabilize the entire Puerto Rico electricity network."

The proposal, involving de-centralized local solar farms, "should prove more resilient to natural disaster," Electrek reported earlier, adding " and of course, it would be a lot cleaner than their currently mostly fossil fuel-based power generation." Already Tesla batteries are "live and delivering power" at 662 locations, Elon Musk tweeted Wednesday.

Meanwhile, CNN reports that one Puerto Rico resident spent three weeks building his own solar power system using $7,500 in parts -- which will ultimately prove cheaper than the $350 a month he was spending to run a gas generator (and waiting as long as six hours in the long gas lines).

They're not revealing his name "because he's concerned someone may try to steal his new system."
The Almighty Buck

Kurzweil Predicts Universal Basic Incomes Worldwide Within 20 Years (hackernoon.com) 303

Google's director of engineering Ray Kurzweil made a startling prediction at the 2018 TED conference. Hacker Noon reports: "In the early 2030s, we'll have universal basic income in the developed world, and worldwide by the end of the 2030s. You'll be able to live very well on that. The primary concern will be meaning and purpose," he said onstage at the annual event...

Kurzweil believes that by 2029, computers will have human-level intelligence. It's not inconceivable then that AI will be distributing UBI to humans based on algorithms that are capable of crunching numbers in ways we cannot follow. Indeed, what we call the "State" in even just 10 years time may have been transformed by AI and blockchain tech in a way whereby even our experience of consensus decision making and democracy itself may have evolved.

Canada

Engineers Are Leaving America For Canada (bloomberg.com) 320

An anonymous reader shares an excerpt from a report via Bloomberg: The H-1B was created in 1990, part of an immigration overhaul signed into law by President George H.W. Bush that also created the EB-5 investor visa -- the subject of a fracas involving Kushner Cos. seeking Chinese investment -- and the diversity lottery, which Trump has attacked. Today, an estimated half a million H-1B holders live in the U.S. No one tracks exactly how many ditch their skilled visas for the permanent residency Canada offers, but during the first year of Trump's presidency, the number of tech professionals globally who got permanent residency in Canada ticked up almost 40 percent from 2016, to more than 11,000.

In 1967, Canada became the first country to adopt a points-based immigration system. The country regularly tweaks how it rates applicants based on national goals and research into what makes for successful integration: A job offer used to come with 600 points, but now it's worth just 200. Other factors like speaking fluent English or French -- or, even better, both -- have been given more weight over the years. Country of origin is irrelevant. In 2016, Canada increased national immigration levels to 300,000 new permanent residents annually. Last year, in consultation with trade groups, it created a program called the Global Skills Strategy to issue temporary work permits to people with job offers in certain categories, including senior software engineers, in as little as two weeks. Since the program started in June, more than 5,600 people have been granted permits, from the U.S., India, Pakistan, Brazil, and elsewhere.

Facebook

Facebook Starts Its Facial Recognition Push To Europeans (techcrunch.com) 41

An anonymous reader quotes a report from TechCrunch: Jimmy Nsubuga, a journalist at Metro, is among several European Facebook users who have reported getting notifications asking if they want to turn on face recognition technology. Facebook has previously said an opt-in option would be pushed out to all European users, and also globally, as part of changes to its T&Cs and consent flow. In Europe, the company is hoping to convince users to voluntarily allow it to deploy the privacy-hostile tech -- which was turned off in the bloc after regulatory pressure, back in 2012, when Facebook began using facial recognition to offer features such as automatically tagging users in photo uploads. But under impending changes to its T&Cs -- ostensibly to comply with the EU's incoming GDPR data protection standard -- the company has crafted a manipulative consent flow that tries to sell people on giving it their data; including filling in its own facial recognition blanks by convincing Europeans to agree to it grabbing and using their biometric data after all. Users who choose not to switch on facial recognition still have to click through a "continue" screen before they get to the off switch. On this screen Facebook attempts to convince them to turn it on -- using manipulative examples of how the tech can "protect" them.
The Internet

The 'Terms and Conditions' Reckoning Is Coming (bloomberg.com) 129

Everyone from Uber to PayPal is facing a backlash against their impenetrable legalese. From a report: Personal finance forums online are brimming with complaints from hundreds of PayPal customers who say they've been suspended because they signed up before age 18. PayPal declined to comment on any specific cases, but says it's appropriate to close accounts created by underage people "to ensure our customers have full legal capacity to accept our user agreement." While that may seem "heavy-handed," says Sarah Kenshall, a technology attorney with law firm Burges Salmon, the company is within its rights because the users clicked to agree to the rules -- however difficult the language might be to understand.

Websites have long required users to plow through pages of dense legalese to use their services, knowing that few ever give the documents more than a cursory glance. In 2005 security-software provider PC Pitstop LLC promised a $1,000 prize to the first user to spot the offer deep in its terms and conditions; it took four months before the reward was claimed. The incomprehensibility of user agreements is poised to change as tech giants such as Uber Technologies and Facebook confront pushback for mishandling user information, and the European Union prepares to implement new privacy rules called the General Data Protection Regulation, or GDPR. The measure underscores "the requirement for clear and plain language when explaining consent," British Information Commissioner Elizabeth Denham wrote on her blog last year.

Google

Google Is 'Pausing' Work On Allo In Favor 'Chat,' An RCS-Based Messaging Standard (theverge.com) 144

An anonymous reader shares an exclusive report from The Verge about Google's next big fix for Android's messaging mess: Instead of bringing a better app to the table, it's trying to change the rules of the texting game, on a global scale. Google has been quietly corralling every major cellphone carrier on the planet into adopting technology to replace SMS. It's going to be called "Chat," and it's based on a standard called the "Universal Profile for Rich Communication Services." SMS is the default that everybody has to fall back to, and so Google's goal is to make that default texting experience on an Android phone as good as other modern messaging apps. As part of that effort, Google says it's "pausing" work on its most recent entry into the messaging space, Allo. It's the sort of "pause" that involves transferring almost the entire team off the project and putting all its resources into another app, Android Messages. Google won't build the iMessage clone that Android fans have clamored for, but it seems to have cajoled the carriers into doing it for them. In order to have some kind of victory in messaging, Google first had to admit defeat. Some of the new features associated with Chat include read receipts, typing indicators, full-resolution images and video, and group texts. It's important to keep in mind that it's a carrier-based service, not a Google service. It won't be end-to-end encrypted, and it will follow the same legal intercept standards. The new Chat services will be switched on in the near future, but ultimately carriers will dictate exactly when Chat will go live. Also, you may be persuaded to upgrade your data plan since Chat messages will be sent with your data plan instead of your SMS plan.
Facebook

Audit Approved of Facebook Policies, Even After Cambridge Analytica Leak (nytimes.com) 73

Nicholas Confessore reports via The New York Times: An auditing firm responsible for monitoring Facebook for federal regulators told them last year that the company had sufficient privacy protections in place, even after the social media giant lost control of a huge trove of user data that was improperly obtained by the political consulting firm Cambridge Analytica. The assertion, by PwC, came in a report submitted to the Federal Trade Commission in early 2017. The report, a redacted copy of which is available on the commission's website, is one of several periodic reviews of Facebook's compliance with a 2011 federal consent decree, which required Facebook to take wide-ranging steps to prevent the abuse of users' information and to inform them how it was being shared with other companies. The accounting firm, formerly known as PricewaterhouseCoopers, effectively gave Facebook a clean bill of health. "Facebook's privacy controls were operating with sufficient effectiveness to provide reasonable assurance to protect the privacy" of users, said the assessment, which stretched from February 2015 to February 2017. But during that period, Facebook was aware that a researcher based in Britain, Aleksandr Kogan, had provided Cambridge Analytica with private Facebook data from millions of users.
Transportation

LA Councilman Asks City Attorney To 'Review Possible Legal Action' Against Waze (arstechnica.com) 212

An anonymous reader quotes a report from Ars Technica: Yet another Los Angeles city councilman has taken Waze to task for creating "dangerous conditions" in his district, and the politician is now "asking the City to review possible legal action." "Waze has upended our City's traffic plans, residential neighborhoods, and public safety for far too long," LA City Councilman David Ryu said in a statement released Wednesday. "Their responses have been inadequate and their solutions, non-existent. They say the crises of congestion they cause is the price for innovation -- I say that's a false choice." In a new letter sent to the City Attorney's Office, Ryu formally asked Los Angeles' top attorney to examine Waze's behavior. While Ryu said he supported "advances in technology," he decried Waze and its parent company, Google, for refusing "any responsibility for the traffic problems their app creates or the concerns of residents and City officials."
Businesses

Marissa Mayer is Back (bloomberg.com) 99

Former Yahoo Chief Executive Officer Marissa Mayer is starting a technology business incubator, Lumi Labs, with longtime colleague Enrique Munoz Torres, she revealed in an interview with The New York Times. Bloomberg: The venture will focus on consumer media and artificial intelligence, according to the company's website, which is set against a backdrop of snow-covered peaks. Lumi means snow in Finnish, Mayer told the New York Times, which reported the news earlier Wednesday. The next project for Mayer, who was an early employee at Google and worked there until leaving to run Yahoo in 2012, had been a matter of considerable speculation in Silicon Valley. She left Yahoo, once a leading search engine and web destination, after it was sold to Verizon Communications last year.

Slashdot Top Deals