An anonymous reader quotes a report from Motherboard: An election security expert who has done risk-assessments in several states since 2016 recently found a reference manual that appears to have been created by one voting machine vendor for county election officials and that lists critical usernames and passwords for the vendor's tabulation system. The passwords, including a system administrator and root password, are trivial and easy to crack, including one composed from the vendor's name. And although the document indicates that customers will be prompted periodically by the system to change the passwords, the document instructs customers to re-use passwords in some cases -- alternating between two of them -- and in other cases to simply change a number appended to the end of some passwords to change them.

The vendor, California-based Unisyn Voting Solutions, makes an optical-scan system called OpenElect Voting System for use in both precincts and central election offices. The passwords in the manual appear to be for the Open Elect Central Suite, the backend election-management system used to create election definition files for each voting machine before every election -- the files that tell the machine how to apportion votes based on the marks voters make on a ballot. The suite also tabulates votes collected from all of a county's Unisyn optical scan systems. The credentials listed in the manual include usernames and passwords for the initial log-in to the system as well as credentials to log into the client software used to tabulate and store official election results.

FCC Chairman Ajit Pai on Monday wrote the chief executives of major telephone service providers and other companies, demanding they launch a system no later than 2019 to combat billions of "robocalls" and other nuisance calls received by American consumers. Reuters reports: In May, Pai called on companies to adopt an industry-developed "call authentication system" or standard for the cryptographic signing of telephone calls aimed at ending the use of illegitimate spoofed numbers from the telephone system. Monday's letters seek answers by Nov. 19 on the status of those efforts.

The letters went to 13 companies including AT&T, Verizon, T-Mobile, Alphabet, Comcast, Cox, Sprint, CenturyLink, Charter, Bandwith and others. Pai's letters raised concerns about some companies current efforts including Sprint, CenturyLink, Charter, Vonage, Telephone and Data Systems and its U.S. Celullar unit and Frontier. The letters to those firms said they do "not yet have concrete plans to implement a robust call authentication framework," citing FCC staff. The authentication framework "digitally validates the handoff of phone calls passing through the complex web of networks, allowing the phone company of the consumer receiving the call to verify that a call is from the person supposedly making it," the FCC said.

China's Tencent will soon require gamers to prove their ages and identities against police records, according to a new official statement yesterday. Under the new system, users will need to register their Chinese national IDs in order to play any games from Tencent. The Verge reports: Ten mobile games will get the new verification system by the end of the year, and all games offered by Tencent, including PlayerUnknown's Battlegrounds and League of Legends, will get the system by 2019. Tencent has been criticized by state-run People's Daily, which called Arena of Valor "poison," after reports that students were ditching their homework to play the mobile game.

Tencent has also faced direct regulatory pressure this summer, after President Xi Jinping pointed out that too many children were nearsighted and said the government was taking action. Beijing officially ruled to ban new games, cementing an unofficial pause that started back in March, costing Tencent up to $1.5 billion in lost revenue as it was unable to launch games it had been developing. In September, Tencent imposed the new verification system on Arena of Valor and created a feature that blurs the screen if minors look too closely at it. The new system simply enforces rules that Tencent had in place since last year: barring gamers who are 12 and under from playing more than an hour a day and establishing a curfew of 9PM. Those who are 13 to 18 can play up to two hours a day. Still, the system won't prevent minors from borrowing the phones of their parents and other adults.

Longtime Slashdot reader King_TJ writes: I've worked in I.T. for almost 30 years now in various capacities, from bench PC technician to web page designer, support specialist, network manager, and was self-employed for a while doing on-site service and consulting too. In all that time, I've always felt like I had a good handle on troubleshooting and problem-solving while providing good, friendly customer service at the same time. But recently, I've started feeling like there's just a little too much knowledge to keep straight in my brain. If I'm able to work on a project on my own terms, without interruptions or distractions? Sure, I can get almost anything figured out. But it's the stress of users needing immediate assistance with random problems, thrown out willy-nilly in the constant barrage of trouble tickets, that I'm starting to struggle with.

For example, just this morning, a user had a question about whether or not she should open an email about quarantined junk mail to actually look through it. I briefly noted a screenshot she attached that showed a typical MS Office quarantined email message and replied that she could absolutely view them at her discretion. (I also noted that I tend to ignore and delete those myself, unless I'm actually expecting a specific piece of email that I didn't receive -- in case it was actually in the junk mail filter.) Well, that was the wrong answer, because that message was a nicely done phishing attempt; not a legit message -- and she tried to sign in through it. Then, I had to do a mad scramble to change her password and help her get the new one working on her phone and computer. With more time to think about what happened, I'm realizing now that I should have known the email was fake because we recently made some changes to our Office 365 environment so junk mail is going directly into Junk folders in Outlook -- and those types of messages aren't really coming in to people anymore. On top of that? We're trying to migrate people to using two-factor authentication so I was instructed to get this user on it while I'm changing her account info. Makes sense, but I had to dig all over to find our document with instructions on how to do that too. I just couldn't remember where they told me they saved the thing, several weeks ago, when they talked about creating the new document in one of our weekly meetings. Am I just getting old and starting to lose it? Is everybody feeling this way about I.T. support these days? Are things just changing at too quick a pace for anyone to stay on top of it all?

I mean, in just the last few weeks, we've dealt with users failing to get their single sign-on passwords to work because something broke that only an upgrade to the latest build of Windows 10 corrected. We've had an office network go berserk and randomly drop people's Internet access, ability to print, etc. -- because one of the switches started intermittently failing under load. We've had online training to set up a new MDM solution, company-wide. And I had to single-handedly set up a new server running the latest version of vCenter for our ESXi servers. And all of that is while trying to get in some studying on the side to get my Security Plus cert., getting Macs with broken screens mailed out for service, a couple of new computers deployed, and accounts properly shut down for an employee who left, plus the usual grind of "mindless" tickets like requests to create new shared DropBox team folders for groups. It's a LOT to juggle, but I was pretty happy with my ability to keep all of it moving right along for years. Now -- I'm starting to have doubts.

An anonymous reader quotes a report from TechCrunch: An unexpected declaration by whistleblower Edward Snowden filed in court [last] week adds a new twist in a long-running lawsuit against the NSA's surveillance programs. The case, filed by the EFF a decade ago, seeks to challenge the government's alleged illegal and unconstitutional surveillance of Americans, who are largely covered under the Fourth Amendment's protections against warrantless searches and seizures. It's a big step forward for the case, which had stalled largely because the government refused to confirm that a leaked document was authentic or accurate. News of the surveillance broke in 2006 when an AT&T technician Mark Klein revealed that the NSA was tapping into AT&T's network backbone. He alleged that a secret, locked room -- dubbed Room 641A -- in an AT&T facility in San Francisco where he worked was one of many around the U.S. used by the government to monitor communications -- domestic and overseas. President George W. Bush authorized the NSA to secretly wiretap Americans' communications shortly after the September 11 terrorist attacks in 2001.

Much of the EFF's complaint relied on Klein's testimony until 2013, when Snowden, a former NSA contractor, came forward with new revelations that described and detailed the vast scope of the U.S. government's surveillance capabilities, which included participation from other phone giants -- including Verizon (TechCrunch's parent company). Snowden's signed declaration, filed on October 31, confirms that one of the documents he leaked, which the EFF relied heavily on for its case, is an authentic draft document written by the then-NSA inspector general in 2009, which exposed concerns about the legality of the Bush's warrantless surveillance program -- Stellar Wind -- particularly the collection of bulk email records on Americans. "I read its contents carefully during my employment," he said in his declaration. "I have a specific and strong recollection of this document because it indicated to me that the government had been conducting illegal surveillance."

Amazon is hiring around 100,000 additional employees this holiday season, which is fewer than the company added in either the 2016 or 2017 holiday seasons, when it brought in 120,000 additional workers. "Citi analyst Mark May says he thinks the reduction in seasonal hiring is strong evidence that Amazon is succeeding with plans to automate operations in its warehouses," reports Quartz. From the report: "We've seen an acceleration in the use of robots within their fulfillment centers, and that has corresponded with fewer and fewer workers that they're hiring around the holidays," May told CNBC. He added that 2018 is the "first time on record" Amazon plans to hire fewer holiday workers than it did the previous year. "Since the last holiday season, we've focused on more ongoing full-time hiring in our fulfillment centers and other facilities," Amazon spokesperson Ashley Robinson said in an email, adding that the company has "created over 130,000 jobs" in the last year. "We are proud to have created over 130,000 new jobs in the last year alone."

Amazon bought robotics company Kiva Systems for $775 million in 2012, and began using its orange robots in warehouses in late 2014. By mid-2016, it had become clear just how big a difference those robots were making. The little orange guys could handle in 15 minutes the sorting, picking, packing, and shipping that used to take human workers an hour or more to complete. In June 2016, Deutsche Bank predicted Kiva automation could save Amazon nearly $2.5 billion (those savings dropped to $880 million after accounting for the costs of installing robots in every warehouse).

7-Eleven is testing cashier-less shopping systems, similar to Amazon's "Go" stores that use an array of cameras and machine-learning technology to determine what customers are buying. According to TechSpot, "customers can simply pick up select items, scan the barcode, pay through their phone, and leave; there is no need to wait in line or even speak to another human being." From the report: As previously stated, this is just a test right now. There's no guarantee that 7-Eleven will actually ditch its cashiers anytime soon; particularly not while it continues to serve age-restricted beverages and drugs. For now, this scan-and-go system is purely serving as an augmentation to its current way of handling customers. Furthermore, there's a catch: customers who want to use the new shopping method will need to have 7-Eleven's rewards app.

An anonymous reader quotes a report from the Electronic Frontier Foundation: The Electronic Frontier Foundation (EFF) launched a virtual reality (VR) experience on its website today that teaches people how to spot and understand the surveillance technologies police are increasingly using to spy on communities. Spot the Surveillance, which works best with a VR headset but will also work on standard browsers, places users in a 360-degree street scene in San Francisco. In the scene, a young resident is in an encounter with police. Users are challenged to identify surveillance tools by looking around the scene. The experience takes approximately 10 minutes to complete. The surveillance technologies featured in the scene include a body-worn camera, automated license plate readers, a drone, a mobile biometric device, and pan-tilt-zoom cameras. The project draws from years of research gathered by EFF in its Street-Level Surveillance project, which shines a light on how police use, and abuse, technology to spy on communities.

Google wants NASA to help it prove quantum supremacy within a matter of months, MIT Technology Review reported Monday, citing the Space Act Agreement. From the report: Quantum supremacy is the idea, so far undemonstrated, that a sufficiently powerful quantum computer will be able to complete certain mathematical calculations that classical supercomputers cannot. Proving it would be a big deal because it could kick-start a market for devices that might one day crack previously unbreakable codes, boost AI, improve weather forecasts, or model molecular interactions and financial systems in exquisite detail. The agreement, signed in July, calls on NASA to "analyze results from quantum circuits run on Google quantum processors, and ... provide comparisons with classical simulation to both support Google in validating its hardware and establish a baseline for quantum supremacy." Google confirmed to MIT Technology Review that the agreement covered its latest 72-qubit quantum chip, called Bristlecone. Where classical computers store information in binary bits that definitely represent either 1 or 0, quantum computers use qubits that exist in an undefined state between 1 and 0. For some problems, using qubits should quickly provide solutions that could take classical computers much longer to compute.

An anonymous reader writes: Researchers have found flaws that can be exploited to bypass hardware encryption in well known and popular SSD drives. Master passwords and faulty standards implementations allow attackers access to encrypted data without needing to know the user-chosen password.

SSDs from Micron (Crucial) and Samsung are affected. These are SSDs that support hardware-level encryption via a local built-in chip, separate from the main CPU. Some of these devices have a factory-set master password that bypasses the user-set password, while other SSDs store the encryption key on the hard drive, from where it can be retrieved. The issue is worse on Windows, where BitLocker defers software-level encryption to hardware encryption-capable SSDs, meaning user data is vulnerable to attacks without the user's knowledge. More in the research paper.

Two of the world's largest biomedical research funders have backed a plan to make all papers resulting from work they fund open access on publication by 2020. From a report: On 5 November, the London-based Wellcome Trust and the Bill and Melinda Gates Foundation in Seattle, Washington, announced they were both endorsing 'Plan S,' adding their weight to an initiative already backed by 13 research funders across Europe since its launch in September. The plan was spearheaded by Robert-Jan Smits, the European Commission's special envoy on open access. The Wellcome Trust, which gave out $1.4 billion in grants in 2016-17, is also the first funder to detail how it intends to implement Plan S. Its approach suggests that journals may not need to switch wholesale to open-access (OA) models by 2020 to be compliant with Plan S -- if the initiative's other backers decide on a similar line.

The biomedical charity already has an OA policy, but in some cases it allows an embargo of up to six months after publication before papers have to be made free to read. The organization says that by 1 January 2020, it will ban all such embargoes. Wellcome-funded work will not be able to appear in Nature, Science and other influential subscription journals unless these publications permit Wellcome-funded papers to be published under OA terms. Researchers that the charity funds could still publish in subscription journals, says Robert Kiley, Wellcome's head of open research. But only if those journals agree that the authors can immediately deposit their accepted manuscript in the PubMed Central repository under a liberal publishing licence. Some publishers, such as the Royal Society in London, already allow this.

Tim Berners-Lee has launched a global campaign to save the web from the destructive effects of abuse and discrimination, political manipulation, and other threats that plague the online world. A report adds: In a talk at the opening of the Web Summit in Lisbon on Monday, the inventor of the web called on governments, companies and individuals to back a new "Contract for the Web" that aims to protect people's rights and freedoms on the internet. The contract outlines central principles that will be built into a full contract and published in May 2019, when half of the world's population will be able to get online. More than 50 organisations have already signed the contract, which is published by Berners-Lee's World Wide Web Foundation alongside a report that calls for urgent action.

"For many years there was a feeling that the wonderful things on the web were going to dominate and we'd have a world with less conflict, more understanding, more and better science, and good democracy," Berners-Lee told the Guardian. "But people have become disillusioned because of all the things they see in the headlines. Humanity connected by technology on the web is functioning in a dystopian way. We have online abuse, prejudice, bias, polarisation, fake news, there are lots of ways in which it is broken. This is a contract to make the web one which serves humanity, science, knowledge and democracy." Under the principles laid out in the document, which Berners-Lee calls a "Magna Carta for the web", governments must ensure that its citizens have access to all of the internet, all of the time, and that their privacy is respected so they can be online "freely, safely and without fear." Berners-Lee, added, "We're at a 50/50 moment for the web. We've created something amazing together, but half the world is still not online, and our online rights and freedoms are at risk. The web has done so much for us, but now we need to stand up #ForTheWeb." You can watch his talk here (skip the first 10 minutes).

The U.S. Supreme Court on Monday refused a request by the Trump administration and the telecommunications industry to wipe away a lower court decision that had upheld Obama-era net neutrality rules aimed at ensuring a free and open internet. The justices' action, however, does not undo the 2017 repeal of the policy. A report adds: The Federal Communications Commission's 2015 order to impose net neutrality rules and strictly regulate broadband was already reversed by Trump's pick for FCC chairman, Ajit Pai. But AT&T and broadband industry lobby groups were still trying to overturn court decisions that upheld the FCC order. A win for the broadband industry could have prevented future administrations from imposing a similarly strict set of rules. The Trump administration supported the industry's case, asking the US Supreme Court to vacate the Obama-era ruling.

But the Supreme Court today said it has denied petitions filed by AT&T and broadband lobby groups NCTA, CTIA, USTelecom, and the American Cable Association. Four of nine justices must agree to hear a case, but only three voted to grant the petitions. Further reading: Reuters and Variety.

OnePlus has made a name for itself selling devices that punch above the price class. The Chinese smartphone maker has also built a loyal fanbase by proactively reaching out to its users and incorporating the changes and suggestions they make in its product lineup. But as the company grows bigger and embarks on a new journey -- entering the United States -- it is increasingly turning a blind eye to its community. From a story: To get the whole picture, we have to look at all of 2018. OnePlus releases two phones per year, and it makes sure to hype these before each debut. This year was the same in this regard, except for the obvious fan backlash. I'm of course talking about notches and headphone jacks. In March, OnePlus cofounder Carl Pei tweeted that users should "learn to love the notch." The outcry was so great that Pei deleted the tweet. The OnePlus 6 of course launched in May with a notch. Earlier in March, Pei also tweeted his usual annual poll about headphone jacks. The OnePlus 6T, which started shipping in the U.S. on November 1 and will hit the rest of the world on November 6, has a smaller "teardrop" notch. But as you likely already know, it doesn't have a headphone jack. [...] It's a bizarre set of decisions given OnePlus has always prided itself on giving its fans exactly what they want. This year, OnePlus seems to be happily pushing its fans to Samsung, which at least for now still offers headphone jacks in all its phones and has completely ignored the ugly notch trend.