Facebook is planning to open a new data center in Singapore in 2022. The more than $1 billion facility will be located in the west of the country, according to the BBC. From the report: It has been designed as an 11-floor structure, in an attempt to conserve space in the crowded nation, according to Facebook. One analyst told the BBC it was another sign of the country's popularity with large technology companies. The new, 170,000-sq-m (1.8-million-sq-ft) data centre will support "hundreds" of local jobs. Facebook said it expected the building to be powered by 100% renewable energy and noted that it would feature a liquid cooling system that minimized water and power use.

An anonymous reader quotes a report from Ars Technica: A Verizon lobbyist is trying to become the attorney general of New York in the upcoming November election. Verizon executive Leecia Eve is one of four candidates in the Democratic primary for the seat vacated when Eric Schneiderman resigned after assault allegations from four women. If elected, Eve says she would recuse herself from Verizon matters and New York State's appeal of the federal net neutrality repeal. As a Verizon executive, Eve defended the company from the city's allegations. Still, Eve has argued that her Verizon experience will help her prosecute "bad corporate actors" -- but without being so harsh that businesses would stop coming to the state. "Her Verizon experience, Eve contends, is 'extremely helpful: I know how corporations work,' leaving her 'best prepared to go after bad corporate actors,' but 'not to radiate to business not to come to New York,'" news organization City Limits wrote Tuesday after interviewing Eve.

Eve would not be involved in investigating Verizon if she won the election. "Under ethics rules, Eve confirms, she'd recuse herself from cases involving Verizon or other telecom issues, leaving policy decisions to senior staff," City Limits reported. Eve also confirmed that she would recuse herself from the New York attorney general office's ongoing lawsuit against the Federal Communications Commission. Along with more than 20 other states, New York has asked a federal court to reverse the FCC's repeal of net neutrality rules, a repeal that was supported by Verizon. Here's an excerpt from Eve's bio on her campaign site: "As Vice President for Government Affairs for Verizon for New York, New Jersey, and Connecticut, Leecia oversees policy and ensures governmental compliance for a company that innovates and invests billions in New York State and puts nearly 20,000 New Yorkers to work every day. She also serves as a Commissioner of the Port Authority of New York & New Jersey."

According to Ars, recent polls show that Eve is in last place behind three other Democrats running for the office.

In a letter last Tuesday to Rhode Island Sen. Sheldon Whitehouse, Apple said it is working on an online portal for law enforcement officials to submit and track requests for data and obtain responses from the company. Apple also said it's "creating a dedicated team to help train law enforcement officials around the world in digital forensics," reports CNET. From the report: The letter, seen by CNET, addresses recommendations made in a report issued earlier this year by the Center for Strategic and International Studies (CSIS) regarding cybersecurity and the "digital evidence needs" of law enforcement agencies. Apple said in the letter that it's eager to adopt the report's recommendations, including making upgrades to its law enforcement training program. This includes developing an online training module for police that mirrors Apple's current in-person training, according to the letter and to details on the company's website.

"This will assist Apple in training a larger number of law enforcement agencies and officers globally, and ensure that our company's information and guidance can be updated to reflect the rapidly changing data landscape," the site says. Apple also reiterated in the letter that it's "committed to protecting the security and privacy of our users" and that company initiatives and "the work we do to assist investigations uphold this fundamental commitment."

Sony is the latest multinational conglomerate corporation to announce plans to have all its energy come from renewable sources by 2040. Nikkei Asian Review reports: The electronics company has 111 business sites around the world. Renewables will supply all power used not only in manufacturing televisions and cameras, but also in such content creation work as moviemaking. The goal will be achieved through such means as installing solar panels atop production facilities and purchasing green-certified power. Sony will gradually increase use of such energy, aiming first for a rate of 30% in 2030. Sony has already gone fully green in Europe. But 80% of the group's energy consumption is in Japan, mainly because of semiconductor manufacturing. Purchasing solar power facilities will likely be pursued as well.

An anonymous reader quotes a report from Medical Xpress: Ever wonder why some people seem to feel less pain than others? A study conducted at Wake Forest School of Medicine may have found one of the answers -- mindfulness. The researchers analyzed data obtained from a study published in 2015 that compared mindfulness meditation to placebo analgesia. In this follow-up study, Zeidan sought to determine if dispositional mindfulness, an individual's innate or natural level of mindfulness, was associated with lower pain sensitivity, and to identify what brain mechanisms were involved. In the study, 76 healthy volunteers who had never meditated first completed the Freiburg Mindfulness Inventory, a reliable clinical measurement of mindfulness, to determine their baseline levels. Then, while undergoing functional magnetic resonance imaging, they were administered painful heat stimulation.

Whole brain analyses revealed that higher dispositional mindfulness during painful heat was associated with greater deactivation of a brain region called the posterior cingulate cortex, a central neural node of the default mode network. Further, in those that reported higher pain, there was greater activation of this critically important brain region. The default mode network extends from the posterior cingulate cortex to the medial prefrontal cortex of the brain. These two brain regions continuously feed information back and forth. This network is associated with processing feelings of self and mind wandering. The study provided novel neurobiological information that showed people with higher mindfulness ratings had less activation in the central nodes (posterior cingulate cortex) of the default network and experienced less pain. Those with lower mindfulness ratings had greater activation of this part of the brain and also felt more pain, Zeidan said.

Richard Sackler, the billionaire businessman behind Purdue Pharma, has patented a new drug to help treat opioid addiction (Warning: source may be paywalled; alternative source). The news of the patented form of buprenorphine, a mild opioid that is used to ease withdrawal symptoms, comes as Colorado's attorney general is suing the OxyContin creator for profiting from opioid addictions. Some now believe that Sackler and his family, who owns Purdue Pharma, will be trying to profit from the antidote. The Washington Post reports: The lawsuit claims Purdue Pharma L.P. and Purdue Pharma Inc. deluded doctors and patients in Colorado about the potential for addiction with prescription opioids and continued to push the drugs. And it comes amid news that the company's former chairman and president, Richard Sackler, has patented a new drug to help wean addicts from opioids. "Purdue's habit-forming medications coupled with their reckless marketing have robbed children of their parents, families of their sons and daughters, and destroyed the lives of our friends, neighbors, and co-workers," Colorado Attorney General Cynthia Coffman said Thursday in a statement. "While no amount of money can bring back loved ones, it can compensate for the enormous costs brought about by Purdue's intentional misconduct."

The lawsuit states that Purdue Pharma "downplayed the risk of addiction associated with opioids," "exaggerated the benefits" and "advised health care professionals that they were violating their Hippocratic Oath and failing their patients unless they treated pain symptoms with opioids," according to the statement from the Colorado attorney general's office. But Purdue Pharma "vigorously" denied the accusations Friday in a statement to The Washington Post, saying that although it shares "the state's concern about the opioid crisis," it did not mislead health-care providers about prescription opioids. "The state claims Purdue acted improperly by communicating with prescribers about scientific and medical information that FDA has expressly considered and continues to approve," a spokesman for Purdue Pharma said in the statement. "We believe it is inappropriate for the state to substitute its judgment for the judgment of the regulatory, scientific and medical experts at FDA." The report makes note of the patent's description, which acknowledges the risk of addiction associated with opioids and states that the drug could be used both in drug replacement therapy and pain management.

hackingbear writes: President Trump acknowledged in a tweet that "Apple prices may increase because of the massive Tariffs we may be imposing on China," but suggested the issue was not with the tariffs themselves. "There is an easy solution where there would be ZERO tax, and indeed a tax incentive. Make your products in the United States instead of China. Start building new plants now," Trump wrote. The U.S. is threatening to impose 25% tariffs on all $500 billion worth of Chinese imports over issues such as intellectual property theft.

While Apple et al are still making their products in China, Trump didn't offer Apple a place to find the millions of laborers needed to make their products, given that the official unemployment rate is at a historic low of 3.9%. Manufacturers also need to compete in the labor market with garbage companies who need to find American laborers willing to recycle their own trash -- a job once imposed upon China as a condition to enter the World Trade Organization and enjoy advantageous tariff rates. China is gracefully giving back those jobs as the U.S. is complaining of unfair trades.

An anonymous reader quotes a report from TechCrunch about the little fallout Equifax has faced for one of the worst data breaches in U.S. history: The credit rating giant, one of the largest in the world, was trusted with some of the most sensitive data used by banks and financiers to determine who can be lent money. But the company failed to patch a web server it knew was vulnerable for months, which let hackers crash the servers and steal data on 147 million consumers. Names, addresses, Social Security numbers and more -- and millions more driver license and credit card numbers were stolen in the breach. Millions of British and Canadian nationals were also affected, sparking a global response to the breach. Yet, a year on from following the devastating hack that left the company reeling from a breach of almost every American adult, the company has faced little to no action or repercussions.

"There was a failure of the company, but also of lawmakers," said Mark Warner, a Democratic senator, in a call with TechCrunch. Warner, who serves Virginia, was one of the first lawmakers to file new legislation after the breach. Alongside his Democratic colleague, Sen. Elizabeth Warren, the two senators said their bill, if passed, would hold credit agencies accountable for data breaches. "With Equifax, they knew for months before they reported, so at what point is that violating securities laws by not having that notice?," said Warner. "The message sent to the market is 'if you can endure some media blowback, you can get through this without serious long-term ramifications', and that's totally unacceptable," he said. Earlier this year, the company asked a federal judge to reject claims from dozens of banks and credit unions for costs taken to prevent fraud following the data breach. The claims, if accepted, could force Equifax to shell out tens of millions of dollars -- perhaps more. The hundreds of class action suits filed to date have yet to hit the courts, but historically even the largest class action cases have resulted in single dollar amounts for the individuals affected. And when the credit agent giant isn't fighting the courts, federal regulators have shown little interest in pursuit of legal action. Sen. Elizabeth Warren wrote a letter Thursday to the heads of the Federal Trade Commission (FTC) and Consumer Financial Protection Bureau (CFPB) complaining about their lack of action. "Companies like Equifax do not ask the American people before they collect their most sensitive information," said Warren. "This information can determine their ability to access credit, obtain a job, secure a home loan, purchase a car, and make dozens of other transactions that are critical to their personal financial security. The American people deserve an update on your investigations."

"[O]nly the Securities and Exchange Commission has brought charges -- not for the breach itself, but against three former staffers for allegedly insider trading," TechCrunch points out.

Reuters reports: Amazon said on Friday it plans to open its checkout-free 'Amazon Go' grocery store in New York, expanding beyond Seattle where it is headquartered. The Amazon Go store, which has no cashiers and allows shoppers to buy things with the help of a smartphone app, is widely seen as a concept that can alter brick-and-mortar retail... Customers have to scan a smartphone app to enter the store. Once inside, cameras and sensors track what they pick up from the shelves and what they put back. Amazon then bills shoppers' credit cards on file after they leave.
CNET adds: The expansion comes after two Amazon Go stores opened in Seattle. The first one debuted in January 2018 and the second opened last month... Amazon confirmed in May that it'll open Amazon Go stores in San Francisco and Chicago, but it didn't say when.

An anonymous reader quotes ZDNet: With the Windows 7 end-of-support clock slowly winding down to January 14, 2020, Microsoft is announcing it will offer, for a fee, continuing security updates for the product through January 2023. This isn't the first time Microsoft has done this for a version of Windows, but it may be the first time it has been so public about its plans to do so.

The paid Windows 7 Extended Security Updates (ESUs) will be sold on a per-device basis, with the price increasing each year. These ESUs will be available to any Windows 7 Professional and Windows 7 Enterprise users with volume-licensing agreements, and those with Windows Software Assurance and/or Windows 10 Enterprise or Education subscriptions will get a discount. Office 365 ProPlus will continue to work on devices with Windows 7 Extended Security Updates through January 2023.

"Have you heard of Google AMP? That stands for Accelerated Mobile Pages, and it's a way of making webpages so that they load faster and display more efficiently on mobile devices. Oh, and it puts your website under Google's control."

That's Mac Observer co-founder Bryan Chaffin, linking to an "interesting reading" titled "Google AMP Can Go To Hell." AMP allows Google to basically take over hosting the web as well. The Google AMP Cache will serve AMP pages instead of a website's own hosting environment, and also allow Google to perform their own optimisations to further enhance user experience. As a side benefit, it also allows Google full control over content monetisation. No more rogue ad networks, no more malicious ads, all monetisation approved and regulated by Google. If anything happens that falls outside of the AMP standard's restrictions, the page in question simply becomes AMP-invalid and is ejected from the AMP cache -- and subsequently from Google's results. At that point the page might as well not exist any more....

The easy thing to do is to simply obey. Do what Google says. Accept their proclamations and jump when they tell you to. Or you could fight back. You could tell them to stuff it, and find ways to undermine their dominance. Use a different search engine, and convince your friends and family to do the same. Write to your elected officials and ask them to investigate Google's monopoly. Stop using the Chrome browser. Ditch your Android phone. Turn off Google's tracking of your every move. And, for goodness sake, disable AMP on your website.

Don't feed the monster -- fight it.
Here's how web developer Macieg Ceeglowski put it in 2015. "Out of an abundance of love for the mobile web, Google has volunteered to run the infrastructure, especially the user tracking parts of it." But are these assessments too harsh? Leave your own thoughts in the comment.

Should webmasters resist Google's push for AMP pages?

At this year's Open Source Summit, Linus Torvalds sat for a wide-ranging "keynote" interview with Dirk Hohndel, chief open source officer at VMWare, which has been partially transcribed below. And Linus explained, among other things, why the last merge window was harder than others: One of the issues we have is when we've had these hardware security issues, and they've kept happening now, the last year -- they're kept under wraps. So we knew about the issue for the last several months, but because it was secret and we weren't allowed to talk about it, we couldn't do our usual open development model. We do the best we can, and people really care deeply about getting a good product out, but when you have to do things in secret, and when you can't use all the nice infrastructure for development and for testing that we have for all the usual code, it just is way more painful than it should be. And then that just means that, especially when the information becomes public during what is otherwise a busy period anyway, it's just annoying...

I still love speculative execution. Don't get me wrong. I used to work for a CPU company. We did it in software, back when I worked there. I think a CPU has to do speculative execution. It's somewhat sad that then people didn't always think about or didn't always heed the warnings about what can go wrong when you take a few shortcuts in the name of making it slightly simpler for everybody, because you're going to throw away all that work anyway, so why bother to do it right. And that's when the security -- every single security problem we've had has been basically of that kind, where people knew that "Hey, this is speculative work. If something goes wrong we'll throw all the data away, so we don't need to be as careful as we would otherwise." I think it was a good lesson for the industry, but it was certainly not a fun lesson for us on the OS side, where we had to do a lot of extra work for problems that weren't our problems.

It feels somehow unfair. I mean, when we have a security bug that was our own fault, it's like, "Okay, it was us screwing up. It's fair that we have to do all the work to then fix our own bugs." But it feels slightly less fair when you have to fix somebody else's...
"The good news -- I mean the really good news, and I'm serious about this -- is that the bugs have become clearly more and more esoteric," Linus adds. "So it impacts fewer and fewer cases, and clearly hardware people at Intel and other places are now so aware of it that I'm hoping we're really getting to the dregs of the hardware security bugs, and going forward we'll have much fewer of them. I think we're going to the better days, when A.) we got the bugs fixed, and B.) people were thinking about them beforehand."

There's a lot more, so read on for more excerpts...

Microsoft Research has pre-published a new paper to be presented at the IEEE Cybersecurity Development Conference 2018 describing their progress on Checked C, "an extension to C designed to support spatial safety, implemented in Clang and LLVM."

From "Checked C: Making C Safe By Extension": Checked C's design is distinguished by its focus on backward-compatibility, incremental conversion, developer control, and enabling highly performant code... Any part of a program may contain, and benefit from, checked pointers. Such pointers are binary-compatible with legacy, unchecked pointers but have explicitly annotated and enforced bounds. Code units annotated as checked regions provide guaranteed safety: The code within may not use unchecked pointers or unsafe casts that could result in spatial safety violations.

Checked C's bounds-safe interfaces provide checked types to unchecked code, which is useful for retrofitting third party and standard libraries. Together, these features permit incrementally adding safety to a legacy program, rather than making it an all-or-nothing proposition. Our implementation of Checked C as an LLVM extension enjoys good performance, with relatively low run-time and compilation overheads. It is freely available at https://github.com/Microsoft/checkedc and continues to be actively developed.
The extension is enabled as a flag passed to Clang -- the average run-time overhead introduced by adding dynamic checks was 8.6%, though in more than half of the benchmarks the overhead was less than 1%. They also note that from 2012 to 2018, buffer overruns were the leading single cause of CVEs.

Microsoft Research says they're now evaluating Checked C, formalizing a proof of its safety guarantee -- and developing a tool to semi-automatically rewrite legacy C programs.

Recently the CFO of Stripe revealed a surprising statistic: As our global economy increasingly comes to run on technology-enabled rails and every company becomes a tech company, demand for high-quality software engineers is at an all-time high. A recent study from Stripe and Harris Poll found that 61 percent of C-suite executives believe access to developer talent is a threat to the success of their business. Perhaps more surprisingly -- as we mark a decade after the financial crisis -- this threat was even ranked above capital constraints.

And yet, despite being many corporations' most precious resource, developer talents are all too often squandered. Collectively, companies today lose upward of $300 billion a year paying down "technical debt," as developers pour time into maintaining legacy systems or dealing with the ramifications of bad software... When deployed correctly, developers can be economic multipliers -- coefficients that dramatically ratchet up the output of the teams and companies of which they're a part.
His article even ends with tips for managers about how to get the most out of their developers.

• Consider very carefully the current and potential allocation of developer time.
• Embrace the cloud, saving in-house developers to work on higher-impact projects.
• Hire leaders who have technical backgrounds, so they can make better hiring and strategic decisions, and offer better management of developers.

But first managers have to decide if they agree with his initial premise.

Are software developers more valuable to companies than money?

The Los Angeles Dodgers will try a high-tech giveaway for their September 21st game: "Digital Bobblehead Night." DevNull127 quotes the digital editor for the Los Angeles Dodgers: While supplies last at guest's point of entry, the first 40,000 ticketed fans in attendance will receive a card with a unique code and directions to a website where a digital bobblehead can be unlocked and added to their Ethereum wallet. The player Crypto token received will be randomly selected, with approximately an equal number of Kershaw, Turner and Jansen codes distributed at the stadium gates.

"We're excited for our first-ever Crypto giveaway, and to explore an entirely new marketplace with our fanbase," said Lon Rosen, Dodger Executive Vice President and Chief Marketing Officer. "We hope this piques the interest of Dodger fans, and will help launch a new age of digital collectibles and promotions."
That stadium already has another high-tech gimmick: Flippy the Burger-Flipping Robot, who reportedly was "called up to the Majors" to help feed hungry baseball fans by cooking up fried chicken tenders and tater tots.