Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Businesses

How Cable Monopolies Hurt ISP Customers (backchannel.com) 34

"New York subscribers have had to overpay month after month for services that Spectrum deliberately didn't provide," reports Backchannel -- noting these practices are significant because together Comcast and Charter (formerly Time Warner Cable) account for half of America's 92 million high-speed internet connections. An anonymous reader quotes Backchannel: Based on the company's own documents and statements, it appears that just about everything it has been saying since 2012 to New York State residents about their internet access and data services is untrue...because of business decisions the company deliberately made in order to keep its capital expenditures as low as possible... Its marketing department kept sending out advertising claims to the public that didn't match the reality of what consumers were experiencing or square with what company engineers were telling Spectrum executives. That gives the AG's office its legal hook: Spectrum's actions in knowingly saying one thing but doing another amount to fraudulent, unfair, and deceptive behavior under New York law...

The branding people went nuts, using adjectives like Turbo, Extreme, and Ultimate for the company's highest-speed 200 or 300 Mbps download offerings. But no one, or very few people, could actually experience those speeds...because, according to the complaint, the company deliberately required that internet data connections be shared among a gazillion people in each neighborhood... [T]he lawsuit won't by itself make much of a difference. But maybe the public nature of the attorney-general's assault -- charging Spectrum for illegal misconduct -- will lead to a call for alternatives. Maybe it will generate momentum for better, faster, wholesale fiber networks controlled by cities and localities themselves. If that happened, retail competition would bloom. We'd get honest, straightforward, inexpensive service, rather than the horrendously expensive cable bundles we're stuck with today.

The article says Spectrum charged 800,000 New Yorkers $10 a month for outdated cable boxes that "weren't even capable of transmitting and receiving wifi at the speeds the company advertised customers would be getting," then promised the FCC in 2013 that they'd replace them, and then didn't. "With no competition, it had no reason to upgrade its services. Indeed, the company's incentives went exactly in the other direction."
Open Source

Linus Torvalds On Git's Use Of SHA-1: 'The Sky Isn't Falling' (zdnet.com) 156

Google's researchers specifically cited Git when they announced a new SHA-1 attack vector, according to ZDNet. "The researchers highlight that Linus Torvald's code version-control system Git 'strongly relies on SHA-1' for checking the integrity of file objects and commits. It is essentially possible to create two Git repositories with the same head commit hash and different contents, say, a benign source code and a backdoored one,' they note." Saturday morning, Linus responded: First off - the sky isn't falling. There's a big difference between using a cryptographic hash for things like security signing, and using one for generating a "content identifier" for a content-addressable system like git. Secondly, the nature of this particular SHA1 attack means that it's actually pretty easy to mitigate against, and there's already been two sets of patches posted for that mitigation. And finally, there's actually a reasonably straightforward transition to some other hash that won't break the world - or even old git repositories...

The reason for using a cryptographic hash in a project like git is because it pretty much guarantees that there is no accidental clashes, and it's also a really really good error detection thing. Think of it like "parity on steroids": it's not able to correct for errors, but it's really really good at detecting corrupt data... if you use git for source control like in the kernel, the stuff you really care about is source code, which is very much a transparent medium. If somebody inserts random odd generated crud in the middle of your source code, you will absolutely notice... It's not silently switching your data under from you... And finally, the "yes, git will eventually transition away from SHA1". There's a plan, it doesn't look all that nasty, and you don't even have to convert your repository. There's a lot of details to this, and it will take time, but because of the issues above, it's not like this is a critical "it has to happen now thing".

In addition, ZDNet reports, "Torvalds said on a mailing list yesterday that he's not concerned since 'Git doesn't actually just hash the data, it does prepend a type/length field to it', making it harder to attack than a PDF... Do we want to migrate to another hash? Yes. Is it game over for SHA-1 like people want to say? Probably not."
Bug

Severe IE 11 Bug Allows 'Persistent JavaScript' Attacks (bleepingcomputer.com) 76

An anonymous reader writes: New research published today shows how a malicious website owner could show a constant stream of popups, even after the user has left his site, or even worse, execute any kind of persistent JavaScript code while the user is on other domains. In an interview, the researcher who found these flaws explains that this flaw is an attacker's dream, as it could be used for: ad fraud (by continuing to load ads even when the user is navigating other sites), zero-day attacks (by downloading exploit code even after the user has left the page), tech support scams (by showing errors and popups on legitimate and reputable sites), and malvertising (by redirecting users later on, from other sites, even if they leave the malicious site too quickly).

This severe flaw in the browser security model affects only Internet Explorer 11, which unfortunately is the second most used browser version, after Chrome 55, with a market share of over 10%. Even worse for IE11 users, there's no fix available for this issue because the researcher has decided to stop reporting bugs to Microsoft after they've ignored many of his previous reports. For IE11 users, a demo page is available here.

Social Networks

Are Your Slack Conversations Really Private and Secure? (fastcompany.com) 59

An anonymous reader writes: "Chats that seem to be more ephemeral than email are still being recorded on a server somewhere," reports Fast Company, noting that Slack's Data Request Policy says the company will turn over data from customers when "it is compelled by law to do so or is subject to a valid and binding order of a governmental or regulatory body...or in cases of emergency to avoid death or physical harm to individuals." Slack will notify customers before disclosure "unless Slack is prohibited from doing so," or if the data is associated with "illegal conduct or risk of harm to people or property."

The article also warns that like HipChat and Campfire, Slack "is encrypted only at rest and in transit," though a Slack spokesperson says they "may evaluate" end-to-end encryption at some point in the future. Slack has no plans to offer local hosting of Slack data, but if employers pay for a Plus Plan, they're able to access private conversations.

Though Slack has 4 million users, the article points out that there's other alternatives like Semaphor and open source choices like Wickr and Mattermost. I'd be curious to hear what Slashdot readers are using at their own workplaces -- and how they feel about the privacy and security of Slack?
Education

Arizona Bill Would Make Students In Grades 4-12 Participate Once In An Hour of Code (azpbs.org) 135

theodp writes: Christopher Silavong of Cronkite News reports: "A bill, introduced by [Arizona State] Sen. John Kavanagh [R-Fountain Hills] would mandate that public and charter schools provide one hour of coding instruction once between grades 4 to 12. Kavanagh said it's critical for students to learn the language -- even if it's only one session -- so they can better compete for jobs in today's world. However, some legislators don't believe a state mandate is the right approach. Senate Bill 1136 has passed the Senate, and it's headed to the House of Representatives. Kavanagh said he was skeptical about coding and its role in the future. But he changed his mind after learning that major technology companies were having trouble finding domestic coders and talking with his son, who works at a tech company." According to the Bill, the instruction can "be offered by either a nationally recognized nonprofit organization [an accompanying Fact Sheet mentions tech-backed Code.org] that is devoted to expanding access to computer science or by an entity with expertise in providing instruction to pupils on interactive computer instruction that is aligned to the academic standards."
The Courts

Appeals Court: You Have the Right To Film the Police (arstechnica.com) 154

An anonymous reader quotes a report from Ars Technica: A divided federal appeals court is ruling for the First Amendment, saying the public has a right to film the police. But the 5th U.S. Circuit Court of Appeals, in upholding the bulk of a lower court's decision against an activist who was conducting what he called a "First Amendment audit" outside a Texas police station, noted that this right is not absolute and is not applicable everywhere. The facts of the dispute are simple. Phillip Turner was 25 in September 2015 when he decided to go outside the Fort Worth police department to test officers' knowledge of the right to film the police. While filming, he was arrested for failing to identify himself to the police. Officers handcuffed and briefly held Turner before releasing him without charges. Turner sued, alleging violations of his Fourth Amendment right against unlawful arrest and detention and his First Amendment right of speech. The 2-1 decision Thursday by Judge Jacques Wiener is among a slew of rulings on the topic, and it provides fresh legal backing for the so-called YouTube society where people are constantly using their mobile phones to film themselves and the police. A dissenting appellate judge on the case -- Edith Brown Clement -- wrote Turner was not unlawfully arrested and that the majority opinion from the Texas-based appeals court jumped the gun to declare a First Amendment right here because one "is not clearly established."
Government

FCC To Halt Rule That Protects Your Private Data From Security Breaches (arstechnica.com) 116

According to Ars Technica, "The Federal Communications Commission plans to halt implementation of a privacy rule that requires ISPs to protect the security of its customers' personal information." From the report: The data security rule is part of a broader privacy rulemaking implemented under former Chairman Tom Wheeler but opposed by the FCC's new Republican majority. The privacy order's data security obligations are scheduled to take effect on March 2, but Chairman Ajit Pai wants to prevent that from happening. The data security rule requires ISPs and phone companies to take "reasonable" steps to protect customers' information -- such as Social Security numbers, financial and health information, and Web browsing data -- from theft and data breaches. The rule would be blocked even if a majority of commissioners supported keeping them in place, because the FCC's Wireline Competition Bureau can make the decision on its own. That "full commission vote on the pending petitions" could wipe out the entire privacy rulemaking, not just the data security section, in response to petitions filed by trade groups representing ISPs. That vote has not yet been scheduled. The most well-known portion of the privacy order requires ISPs to get opt-in consent from consumers before sharing Web browsing data and other private information with advertisers and other third parties. The opt-in rule is supposed to take effect December 4, 2017, unless the FCC or Congress eliminates it before then. Pai has said that ISPs shouldn't face stricter rules than online providers like Google and Facebook, which are regulated separately by the Federal Trade Commission. Pai wants a "technology-neutral privacy framework for the online world" based on the FTC's standards. According to today's FCC statement, the data security rule "is not consistent with the FTC's privacy standards."
Apple

Treasure Trove of Internal Apple Memos Discovered in Thrift Store (gizmodo.com) 28

An anonymous reader shares a Gizmodo report: Peeking inside a book bin at a Seattle Goodwill, Redditor vadermeer caught an interesting, unexpected glimpse into the early days of Apple: a cache of internal memos, progress reports, and legal pad scribbles from 1979 and 1980, just three years into the tech monolith's company history. The documents at one point belonged to Jack MacDonald -- then the manager of systems software for the Apple II and III (in these documents referred to by its code name SARA). The papers pertain to implementation of Software Security from Apple's Friends and Enemies (SSAFE), an early anti-piracy measure. Not much about MacDonald exists online, and the presence of his files in a thrift store suggests he may have passed away, though many of the people included in these documents have gone on to long and lucrative careers. The project manager on SSAFE for example, Randy Wigginton, was Apple's sixth employee and has since worked for eBay, Paypal, and (somewhat tumultuously) Google. Apple co-founder Steve Wozniak also features heavily in the implementation of these security measures.
The Courts

Founder of India's $4 Smartphone Firm Arrested on Allegations of Fraud (reuters.com) 24

Remember the $4 smartphone from India? Yeah, things haven't really materialized. Reuters reports: The founder of an Indian tech firm that shot to prominence by offering a $4 smartphone has been arrested on allegations of fraud, after a handset dealer accused the company of not refunding him for an unfulfilled order, the police said. Mohit Goel, the founder of Ringing Bells, was arrested Thursday afternoon in Uttar Pradesh and will be produced in court later on Friday, said Rahul Srivastav, a police spokesman from the northern Indian state. Goel and his company made headlines last year with the "Freedom" smartphone, which was priced at 251 rupees ($3.77), attracting strong demand but also widespread scepticism and scrutiny from regulators even in price-conscious India, where cheap smartphones are big sellers. The founder was arrested after a dealer said he had paid 3 million Indian rupees for an order of handsets but had received only a fraction of the order. He further said some of the phones received were defective, according to the police.
Google

Alphabet's Waymo Sues Uber For Allegedly Stealing Self-Driving Secrets (bloomberg.com) 63

An anonymous reader quotes a report from Bloomberg: It took Alphabet Inc.'s Waymo seven years to design and build a laser-scanning system to guide its self-driving cars. Uber Technologies Inc. allegedly did it in nine months. Waymo claims in a lawsuit filed Thursday that was possible because a former employee stole the designs and technology and started a new company. Waymo accuses several employees of Otto, a self-driving startup Uber acquired in August for $680 million, of lifting technical information from Google's autonomous car project. The "calculated theft" of Alphabet's technology earned Otto's employees more than $500 million, according to the complaint in San Francisco federal court. The claims in Thursday's case include unfair competition, patent infringement and trade secret misappropriation. Waymo was inadvertently copied on an e-mail from one of its vendors, which had an attachment showing an Uber lidar circuit board that had a "striking resemblance" to Waymo's design, according to the complaint. Anthony Levandowski, a former manager at Waymo, in December 2015 downloaded more than 14,000 proprietary and confidential files, including the lidar circuit board designs, according to the complaint. He also allegedly created a domain name for his new company and confided in some of his Waymo colleagues of plans to "replicate" its technology for a competitor. Levandowski left Waymo in January 2016 and went on in May to form Otto LLC, which planned to develop hardware and software for autonomous vehicles.
Transportation

Self-Driving Cars Should Be Liable For Accidents, Not the Passengers: UK Government (arstechnica.co.uk) 244

"Electric charging points at all major motorway services and petrol stations, and the occupants of a self-driving car aren't liable in the case of an accident -- those are two of the measures proposed by a new law that the UK government hopes will let us reap the rewards of improved transport technology over the next few years," reports Ars Technica. "These changes are part of the Vehicle Technology and Aviation Bill (VTAB), a draft law that is basically a shopping list of governmental desires." From the report: The first item on the bill involves automated vehicles, and how to ensure that the vehicle's owner (which may or may not be a driver) and potential accident victims are protected. The bill says that insurance companies must offer two types of protection: for when a vehicle is acting autonomously, but also if the human driver decides to takes control. Essentially, the government wants to make sure that an accident victim can always claim compensation from the insurance company, even if the car was acting autonomously. It would then be up for the insurance company to try and reclaim that money from the car maker through existing common law and product liability arrangements. In a somewhat rare display of tech savviness, there are two exemptions listed in the bill. If the vehicle owner makes unauthorized changes to the car's software, or fails to install a software update as mandated by their insurance policy, then the insurer doesn't have to pay. It isn't clear at this point which capabilities will be enough to classify a vehicle as "self-driving." The draft law asks the department for transport (DfT) to work it out, post haste, and then to determine which vehicles qualify for the new type of insurance. The planned law also outlines new governmental powers to improve the UK's electric charging infrastructure.
Privacy

Judge Rules Against Forced Fingerprinting (thestack.com) 126

An anonymous reader quotes a report from The Stack: A federal judge in Chicago has ruled against a government request which would require forced fingerprinting of private citizens in order to open a secure, personal phone or tablet. In the ruling, the judge stated that while fingerprints in and of themselves are not protected, the government's method of obtaining the fingerprints would violate the Fourth and Fifth amendments. The government's request was given as part of a search warrant related to a child pornography ring. The court ruled that the government could seize devices, but that it could not compel people physically present at the time of seizure to provide their fingerprints "onto the Touch ID sensor of any Apple iPhone, iPad, or other Apple brand device in order to gain access to the contents of any such device." The report mentions that the ruling was based on three separate arguments. "The first was that the boilerplate language used in the request was dated, and did not, for example, address vulnerabilities associated with wireless services. Second, the court said that the context in which the fingerprints were intended to be gathered may violate the Fourth Amendment search and seizure rights of the building residents and their visitors, all of whom would have been compelled to provide their fingerprints to open their secure devices. Finally, the court noted that historically the Fifth Amendment, which protects against self-incrimination, does not allow a person to circumvent the fingerprinting process." You can read more about the ruling via Ars Technica.
News

Tech Reporting Is More Negative Now Than in the Past (betanews.com) 154

Wayne Williams, writing for BetaNews: A new study finds that tech reporting is generally more pessimistic now than in the past, and for two very different reasons. The new report from the Information Technology and Innovation Foundation (ITIF), and based on textual analysis of 250 articles from The New York Times, The Wall Street Journal, and The Washington Post from 1986 to 2013, highlights how the tone of tech reporting has shifted in the past 20 years. In general, the ITIF found that in the 1980s and 1990s, coverage of technology was largely positive, but this changed from the mid-1990s to 2013, when more negative reports covering the downside of technology, its failure to live up to its promises, and potential ill effects, started to appear. The ITIF attributes this shift to two main causes, the first being that "there has been a significant increase in the number of civil-society organizations and attention-seeking scholars focused on painting a threatening picture of technology," and second, and perhaps most pertinent, "news organizations are under increased financial pressure, and as a result, reporters may have less time and fewer resources to dig deep into technology issues."
Microsoft

Microsoft Creates Skype Lite Especially For India (cnet.com) 43

There's a new Skype app in town, and it is made just for India. According to a report on CNET: Microsoft is the latest US tech giant to help keep Indians connected. Skype Lite is a new version of the company's popular video and voice-calling app that's "built in India." Skype Lite functions much like its big brother Skype, but it's designed to work well on low-speed, 2G networks, which are still prevalent in India and many developing nations. It uses less data and battery power than the fully fledged app, and at 13MB it's around a third of the download size. Skype Lite, available for Android, also uses India's controversial Aadhaar biometric authentication.
Businesses

Inside Uber's Aggressive, Unrestrained Workplace Culture (cnbc.com) 191

Excerpts from Mike Isaac's report for the New York Times: Interviews with more than 30 current and former Uber employees, as well as reviews of internal emails, chat logs and tape-recorded meetings, paint a picture of an often unrestrained workplace culture. Among the most egregious accusations from employees, who either witnessed or were subject to incidents and who asked to remain anonymous because of confidentiality agreements and fear of retaliation: One Uber manager groped female co-workers' breasts at a company retreat in Las Vegas. A director shouted a homophobic slur at a subordinate during a heated confrontation in a meeting. Another manager threatened to beat an underperforming employee's head in with a baseball bat. Until this week, this culture was only whispered about in Silicon Valley. Then on Sunday, Susan Fowler, an engineer who left Uber in December, published a blog post about her time at the company. [...] One group appeared immune to internal scrutiny, the current and former employees said. Called the A-Team and composed of a small group of executives who were personally close to Mr. Kalanick, its members were shielded from much accountability over their actions. One member of the A-Team was Emil Michael, senior vice president for business, who was caught up in a public scandal over comments he made in 2014 about digging into the private lives of journalists who opposed the company. Mr. Kalanick defended Mr. Michael, saying he believed Mr. Michael could learn from his mistakes.

Slashdot Top Deals