Nintendo

Hackers Seem Close To Publicly Unlocking the Nintendo Switch (arstechnica.com) 16

Ars Technica reports that "hackers have been finding partial vulnerabilities in early versions of the [Nintendo] Switch firmware throughout 2017." They have discovered a Webkit flaw that allows for basic "user level" access to some portions of the underlying system and a service-level initialization flaw that gives hackers slightly more control over the Switch OS. "But the potential for running arbitary homebrew code on the Switch really started looking promising late last month, with a talk at the 34th Chaos Communication Congress (34C3) in Leipzig Germany," reports Ars. "In that talk, hackers Plutoo, Derrek, and Naehrwert outlined an intricate method for gaining kernel-level access and nearly full control of the Switch hardware." From the report: The full 45-minute talk is worth a watch for the technically inclined, it describes using the basic exploits discussed above as a wedge to dig deep into how the Switch works at the most basic level. At one point, the hackers sniff data coming through the Switch's memory bus to figure out the timing for an important security check. At another, they solder an FPGA onto the Switch's ARM chip and bit-bang their way to decoding the secret key that unlocks all of the Switch's encrypted system binaries. The team of Switch hackers even got an unexpected assist in its hacking efforts from chipmaker Nvidia. The "custom chip" inside the Switch is apparently so similar to an off-the-shelf Nvidia Tegra X1 that a $700 Jetson TX1 development kit let the hackers get significant insight into the Switch's innards. More than that, amid the thousand of pages of Nvidia's public documentation for the X1 is a section on how to "bypass the SMMU" (the System Memory Management Unit), which gave the hackers a viable method to copy and write a modified kernel to the Switch's system RAM. As Plutoo put it in the talk, "Nvidia backdoored themselves."
Government

France Says 'Au Revoir' to the Word 'Smartphone' (smithsonianmag.com) 228

Hoping to prevent English tech vocabulary from entering the French language, officials have suggested 'mobile multifunction' as an alternative. An anonymous reader shares a report: The official journal of the French Republic, the Journal officiel, has suggested "internet clandestin" instead of dark net. It's dubbed a casual gamer "joueur occasionnel" for messieurs and "joueuse occasionnelle" for mesdames. To replace hashtag, it's selected "mot-diese." Now, as the Local reports, the latest word to get the official boot in France is smartphone. It's time to say bonjour to the "le mobile multifonction." The recommendation was put forth by the Commission d'enrichissement de la langue francaise, which works in conjunction with the Academie Francaise to preserve the French language. This isn't the first time that the commission has tried to encourage French citizens to switch over to a Franco-friendly word for "smartphone." Previous suggestions included "ordiphone" (from "ordinateur," the French word for computer) and "terminal de poche" (or pocket terminal). These, it seems, did not quite stick.
AT&T

US Lawmakers Urge AT&T To Cut Commercial Ties With Huawei and Oppose China Mobile Citing National Security Concerns (reuters.com) 60

U.S. lawmakers are urging AT&T, the No. 2 wireless carrier, to cut commercial ties to Chinese phone maker Huawei Technologies and oppose plans by telecom operator China Mobile to enter the U.S. market because of national security concerns, two congressional aides told Reuters. From the report: The warning comes after the administration of U.S. President Donald Trump took a harder line on policies initiated by his predecessor Barack Obama on issues ranging from Beijing's role in restraining North Korea to Chinese efforts to acquire U.S. strategic industries. Earlier this month, AT&T was forced to scrap a plan to offer its customers Huawei handsets after some members of Congress lobbied against the idea with federal regulators, sources told Reuters. The U.S. government has also blocked a string of Chinese acquisitions over national security concerns, including Ant Financial's proposed purchase of U.S. money transfer company MoneyGram International.
Google

Google Starts Certificate Program To Fill Empty IT Jobs (axios.com) 193

An anonymous reader shares a report: There are 150,000 open IT jobs in the U.S., and Google wants to make it easier to fill them. Today the company is announcing a certificate program on the Coursera platform to help give people with no prior IT experience the basic skills they need to get an entry-level IT support job in 8 to 12 months. Why it matters: Entry-level IT jobs are are typically higher-paying than similar roles in other fields. But they're harder to fill because, while IT support roles don't require a college degree, they do require prior experience. The median annual wage for a computer network support specialist was $62,670 in May 2016 The median annual wage for a computer user support specialist was $52,160 in May 2016. The impetus: Natalie Van Kleef Conley, head recruiter of Google's tech support program, was having trouble finding IT support specialists so she helped spearhead the certificate program. It's also part of Google's initiative to help Americans get skills needed to get a new job in a changing economy, the company told us.
The Almighty Buck

City-Owned Internet Services Offer Cheaper and More Transparent Pricing, Says Harvard Study (arstechnica.com) 111

An anonymous reader quotes a report from Ars Technica: Municipal broadband networks generally offer cheaper entry-level prices than private Internet providers, and the city-run networks also make it easier for customers to find out the real price of service, a new study from Harvard University researchers found. Researchers collected advertised prices for entry-level broadband plans -- those meeting the federal standard of at least 25Mbps download and 3Mbps upload speeds -- offered by 40 community-owned ISPs and compared them to advertised prices from private competitors. The report by researchers at the Berkman Klein Center for Internet & Society at Harvard doesn't provide a complete picture of municipal vs. private pricing. But that's largely because data about private ISPs' prices is often more difficult to get than information about municipal network pricing, the report says. In cases where the researchers were able to compare municipal prices to private ISP prices, the city-run networks almost always offered lower prices. This may help explain why the broadband industry has repeatedly fought against the expansion of municipal broadband networks.
Communications

The Tech Failings of Hawaii's Missile Alert 228

Over the weekend, Hawaii incorrectly warned citizens of a missile attack via their phones. According to The Washington Post, the error was a result of a staffer picking the wrong option -- missile alert instead of test missile alert -- from a drop down software menu. Hawaiian officials say they have already changed protocols to avoid a repeat of the scenario. The report goes on to add: Part of what worsened the situation Saturday was that there was no system in place at the state emergency agency for correcting the error, HEMA (Hawaii Emergency Management Agency) spokesman Richard Rapoza said. The state agency had standing permission through FEMA to use civil warning systems to send out the missile alert -- but not to send out a subsequent false alarm alert, he said. Though the Hawaii Emergency Management Agency posted a follow-up tweet at 8:20 a.m. saying there was "NO missile threat," it wouldn't be until 8:45 a.m. that a subsequent cellphone alert was sent telling people to stand down. Motherboard notes that new regulations require telecom companies to offer a testing system for local and state alert originators, but because of lobbying by Verizon and CTIA, this specific regulation does not go into effect until March 2019.

In a piece, The Atlantic argues that the 90-character messages sent by the system aren't suited to the way we use our devices.
Censorship

How Millions of Iranians Are Evading Internet Censors (msn.com) 47

schwit1 quotes the Wall Street Journal: Authorities in Tehran have ratcheted up their policing of the internet in the past week and a half, part of an attempt to stamp out the most far-reaching protests in Iran since 2009. But the crackdown is driving millions of Iranians to tech tools that can help them evade censors, according to activists and developers of the tools. Some of the tools were attracting three or four times more unique users a day than they were before the internet crackdown, potentially weakening government efforts to control access to information online. "By the time they wake up, the government will have lost control of the internet," said Mehdi Yahyanejad, executive director of NetFreedom Pioneers, a California-based technology nonprofit that largely focuses on Iran and develops educational and freedom of information tools.
Wired calls it "the biggest protest movement in Iran since the 2009 Green Movement uprising," criticing tech companies which "continue to deny services to Iranians that could be crucial to free and open communications."
Government

Many US States Propose Their Own Laws Protecting Net Neutrality (seattletimes.com) 144

An anonymous reader quotes the New York Times: Lawmakers in at least six states, including California and New York, have introduced bills in recent weeks that would forbid internet providers to block or slow down sites or online services. Legislators in several other states, including North Carolina and Illinois, are weighing similar action... By passing their own law, the state lawmakers say, they would ensure that consumers would find the content of the choice, maintain a diversity of voices online and protect businesses from having to pay fees to reach users.

And they might even have an effect beyond their states. California's strict auto-emissions standards, for example, have been followed by a dozen other states, giving California major sway over the auto industry. "There tends to be a follow-on effect, particularly when something happens in a big state like California," said Harold Feld, a senior vice president at a nonprofit consumer group, Public Knowledge, that supports net-neutrality efforts by the states. Bills have also been introduced in Massachusetts, Nebraska, Rhode Island and Washington.

In addition, a representative in Alaska's legislature has also pre-filed legislation requiring the state's ISPs to practice net neutrality, which will be introduced when the state legislature resumes on January 16th.

"The recent FCC decision eliminating net neutrality was a mistake that favors the big internet providers and those who want to restrict the kinds of information a free-thinking Alaskan can access," representative Scott Kawasaki told a local news station. "That is not the Alaskan way, and I am hopeful my colleagues in the House and Senate will agree..."

The Independent also notes that Europe "is still strongly committed" to net neutrality.
Intel

Researcher Finds Another Security Flaw In Intel Management Firmware (arstechnica.com) 87

An anonymous reader quotes a report from Ars Technica: Meltdown and Spectre are not the only security problems Intel is facing these days. Today, researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware -- remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel. [T]he latest vulnerability -- discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post -- is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer -- even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords -- by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel's Management Engine BIOS Extension (MEBx).

If MEBx hasn't been configured by the user or by their organization's IT department, the attacker can log into the configuration settings using Intel's default password of "admin." The attacker can then change the password, enable remote access, and set the firmware to not give the computer's user an "opt-in" message at boot time. "Now the attacker can gain access to the system remotely," F-Secure's release noted, "as long as they're able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)."

Google

Ex-Google Employee's Memo Says Executives Shut Down Pro-Diversity Discussions (gizmodo.com) 387

An anonymous reader shares a report: A memo written by a former Google engineer claims that the company's human resources department and a senior vice president pressured him to stop discussing diversity initiatives on company forums, interactions that ultimately motivated him to leave the company. The document, which was written in 2016 and shared publicly this week, provides a striking counterpoint to allegations made by former Google employees James Damore and David Gudeman in a discrimination lawsuit filed against their former employer. Cory Altheide, the former employee who wrote the memo, began work as a security engineer at Google in 2010 and departed the company in January 2016. He recently published his account in a public Google document. Altheide posted several articles and comments to internal discussion groups that promoted diversity in the workplace and was chastised for doing so, he wrote.
Patents

TiVo Sues Comcast Again, Alleging Operator's X1 Infringes Eight Patents (variety.com) 57

TiVo's Rovi subsidiary on Wednesday filed two lawsuits in federal district courts, alleging Comcast's X1 platform infringes eight TiVo-owned patents. "That includes technology covering pausing and resuming shows on different devices; restarting live programming in progress; certain advanced DVR recording features; and advanced search and voice functionality," reports Variety. From the report: A Comcast spokeswoman said the company will "aggressively defend" itself. "Comcast engineers independently created our X1 products and services, and through its litigation campaign against Comcast, Rovi seeks to charge Comcast and its customers for technology Rovi didn't create," the Comcast rep said in a statement. "Rovi's attempt to extract these unfounded payments for its aging and increasingly obsolete patent portfolio has failed to date."

TiVo's legal action comes after entertainment-tech vendor Rovi (which acquired the DVR company in 2016 and adopted the TiVo name) sued Comcast and its set-top suppliers in April 2016, alleging infringement of 14 patents. In November 2017, the U.S. International Trade Commission ruled that Comcast infringed two Rovi patents -- with the cable operator prevailing on most of the patents at issue. However, because one of the TiVo patents Comcast was found to have violated covered cloud-based DVR functions, the cable operator disabled that feature for X1 customers. Comcast is appealing the ITC ruling.

Businesses

Circuit City Is Coming Back (arstechnica.com) 84

Following a tease of a CES announcement, current Circuit City CEO Ronny Shmoel confirmed on Monday that something called Circuit City will arrive as "a new, more personalized online shopping experience" starting February 15. The announcement even included promises of AI-driven recommendations fueled by IBM's Watson platform, plus unexplained "augmented reality" and "search by photo" features. Ars Technica reports: Curiously, Shmoel also promised "real-time tech support via video chat," but it's unclear whether this feature will include two-way video feeds -- and, thus, whether Circuit City is prepared for a deluge of Chatroulette-caliber video surprises from trolls. This online Circuit City rebirth may very well actually come to exist, as Shmoel claims that the company has put together a fully fledged inventory and distribution system, with a mix of known electronics brand names and "tier-two and tier-three" names (Shamsung? Panafauxnoic?). The same cannot be said for its CES tease of eventual brick-and-mortar showrooms in the neighborhood of 8,000-10,000 square feet, however. Shmoel already backtracked on similar showroom promises in 2016, and his CES pronouncement of future shops included no hard confirmations of locations or dates. But for anybody who dares to dream, Circuit City's showroom design partner, Taylored Group, released a concept render of its store vision which looks like a Radio Shack as if rendered in a Taiwanese hot-take news video.
Google

When It Comes to Gorillas, Google Photos Remains Blind (wired.com) 305

Tom Simonite, writing for Wired: In 2015, a black software developer embarrassed Google by tweeting that the company's Photos service had labeled photos of him with a black friend as "gorillas." Google declared itself "appalled and genuinely sorry." An engineer who became the public face of the clean-up operation said the label gorilla would no longer be applied to groups of images, and that Google was "working on longer-term fixes." More than two years later, one of those fixes is erasing gorillas, and some other primates, from the service's lexicon. The awkward workaround illustrates the difficulties Google and other tech companies face in advancing image-recognition technology, which the companies hope to use in self-driving cars, personal assistants, and other products. WIRED tested Google Photos using a collection of 40,000 images well-stocked with animals. It performed impressively at finding many creatures, including pandas and poodles. But the service reported "no results" for the search terms "gorilla," "chimp," "chimpanzee," and "monkey."
China

Chinese Workers Abandon Silicon Valley for Riches Back Home (bloomberg.com) 250

From a report on Bloomberg: U.S.-trained Chinese-born talent is becoming a key force in driving Chinese companies' global expansion and the country's efforts to dominate next-generation technologies like artificial intelligence and machine learning. Where college graduates once coveted a prestigious overseas job and foreign citizenship, many today gravitate toward career opportunities at home, where venture capital is now plentiful and the government dangles financial incentives for cutting-edge research. "More and more talent is moving over because China is really getting momentum in the innovation area," said Ken Qi, a headhunter for Spencer Stuart and leader of its technology practice. "This is only the beginning."

Chinese have worked or studied abroad and then returned home long enough that there's a term for them -- "sea turtles." But while a job at a U.S. tech giant once conferred near-unparalleled status, homegrown companies -- from giants like Tencent to up-and-comers like news giant Toutiao -- are now often just as prestigious. Baidu Inc. -- a search giant little-known outside of China -- convinced ex-Microsoft standout Qi Lu to helm its efforts in AI, making him one of the highest-profile returnees of recent years.

Businesses

Uber Used Another Secret Software To Evade Police, Report Says (bloomberg.com) 226

schwit1 shares a Bloomberg report: In May 2015 about 10 investigators for the Quebec tax authority burst into Uber Technologies's office in Montreal. The authorities believed Uber had violated tax laws and had a warrant to collect evidence. Managers on-site knew what to do, say people with knowledge of the event. Like managers at Uber's hundreds of offices abroad, they'd been trained to page a number that alerted specially trained staff at company headquarters in San Francisco. When the call came in, staffers quickly remotely logged off every computer in the Montreal office, making it practically impossible for the authorities to retrieve the company records they'd obtained a warrant to collect. The investigators left without any evidence.

Most tech companies don't expect police to regularly raid their offices, but Uber isn't most companies. The ride-hailing startup's reputation for flouting local labor laws and taxi rules has made it a favorite target for law enforcement agencies around the world. That's where this remote system, called Ripley, comes in. From spring 2015 until late 2016, Uber routinely used Ripley to thwart police raids in foreign countries, say three people with knowledge of the system. Allusions to its nature can be found in a smattering of court filings, but its details, scope, and origin haven't been previously reported. The Uber HQ team overseeing Ripley could remotely change passwords and otherwise lock up data on company-owned smartphones, laptops, and desktops as well as shut down the devices. This routine was initially called the unexpected visitor protocol. Employees aware of its existence eventually took to calling it Ripley, after Sigourney Weaver's flamethrower-wielding hero in the Alien movies. The nickname was inspired by a Ripley line in Aliens, after the acid-blooded extraterrestrials easily best a squad of ground troops. 'Nuke the entire site from orbit. It's the only way to be sure.'

Slashdot Top Deals