At least two U.S. states are investigating a breach at Alphabet's Google that may have exposed private profile data of at least 500,000 users to hundreds of external developers. From a report: The investigation follows Google's announcement on Monday that it would shut down the consumer version of its social network Google+ and tighten its data-sharing policies after a "bug" potentially exposed user data that included names, email addresses, occupations, genders and ages. "We are aware of public reporting on this matter and are currently undertaking efforts to gain an understanding of the nature and cause of the intrusion, whether sensitive information was exposed, and what steps are being taken or called for to prevent similar intrusions in the future," Jaclyn Severance, a spokeswoman for Connecticut Attorney General George Jepsen, told Reuters in an email. The New York Attorney General's office also said it was looking into the breach.

An anonymous reader shares a report: Last month, an activist from the German art collective Peng! walked into her local government office in Berlin and applied for a new passport. "I probably have broken the law," the woman, a chemist living in the Western Saxony region, told Motherboard, "but our lawyers don't know which one." The woman applied for a passport using a photo of two separate people. Using specialized software created by Peng!, the collective merged the facial vectors from two different faces from two different images into one. Billie Hoffman (a pseudonym used by everyone in the Peng! Collective when talking to journalists), she told me how easy the whole process was: "Officials didn't mention fraud at any point." Hoffman's passport application was approved, and now she has an official German passport using the digitally altered photo. The photo is half her, half Federica Mogherini, an Italian politician who is the High Representative of the European Union for Foreign Affairs and Security Policy. "The software calculated an authentic average of the faces and that's it," Hoffmann recalls.

Hoffman's passport is part of an artwork called "Mask ID," a campaign that's encouraging ordinary citizens to "flood government databases with misinformation" and disrupt mass surveillance programs. Ironically, the project is funded by the Bundeskulturstiftung, the German Federal cultural fund, part one was recently on show in Hamburg accompanied by a photo booth where anyone could upload their image and create their own distorted passport picture in an attempt to confuse government surveillance and circumnavigate facial recognition software. "Passports are tools of oppression" another member of the collective who declined to give me their real name told me.

An anonymous reader writes: The Kaiser Family Foundation's annual review of employer-based insurance shows that 21% of large employers collect health information from employees' mobile apps or wearable devices, as part of their wellness programs -- up from 14% last year. Wellness programs are voluntary, and so is contributing your health information to them. But among companies that offer a wellness program, just 9% of employers (including 35% of large employers) offer workers an incentive to participate.

A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., Bloomberg reported Tuesday. From the report: The security expert, Yossi Appleboum, provided documents, analysis and other evidence of the discovery following the publication of an investigative report in Bloomberg Businessweek that detailed how China's intelligence services had ordered subcontractors to plant malicious chips in Supermicro server motherboards over a two-year period ending in 2015. Appleboum previously worked in the technology unit of the Israeli Army Intelligence Corps and is now co-chief executive officer of Sepio Systems in Gaithersburg, Maryland. His firm specializes in hardware security and was hired to scan several large data centers belonging to the telecommunications company. Bloomberg is not identifying the company due to Appleboum's nondisclosure agreement with the client. Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the server's Ethernet connector, a component that's used to attach network cables to the computer, Appleboum said.

In addition to announcing new flagship phones today, Google took the wraps off a new premium tablet called the Pixel Slate. It's a Chrome OS-powered slate with a 12.3-inch display that's supposed to be the sharpest in its class. Google claims this isn't just a laptop pretending to be a tablet or a phone pretending to be a computer. From a report: It has a resolution of 3,000 x 2,000 -- i.e., a pixel density of 293 ppi, which Google says is the highest for a premium 12-inch tablet. For reference, the Surface Pro 6 and iPad Pro (12.9 inch) come in at 267 ppi and 264 ppi, respectively. Google was able to make the screen so sharp because of an energy-efficient LCD technology called Low Temperature PolySilicon (LTPS), which let the company pack in more pixels without sacrificing size or battery. In fact, the Pixel Slate is supposed to last up to 12 hours on a charge, which is impressive for its skinny 7mm profile. [...] What stands out about the Pixel Slate is the version of Chrome OS it runs. When docked to a mouse or a keyboard accessory with a trackpad, it runs the regular desktop interface most people are familiar with by now. Disconnect peripherals, though, and it switches automatically to tablet mode, which is optimized for touch. In this profile, the home screen features icons for installed apps, much like the app drawer on Android phones. You can split the screen between up to two apps or drag and drop browser tabs to place them side by side. The Pixel Slate will be available with an Intel Celeron or Core M3, i5 or i7 processor, and 4GB to 16GB of RAM at a starting price of $599. The keyboard will cost an additional $200, should you wish to buy one, and the pen accessory will similarly cost $99.

Google on Tuesday unveiled the Pixel 3 and Pixel 3 XL, its latest flagship Android smartphones. "For life on the go, we designed the world's best camera and put it in the world's most helpful phone," said Google's hardware chief Rick Osterloh. From a report: The Pixel 3 starts at $799 for 64GB, with the 3 XL costing $899. Add $100 to either for the 128GB storage option. Core specs for both include a Snapdragon 845, 4GB RAM (there's no option for more), Bluetooth 5.0, and front-facing stereo speakers. Also inside is a new Titan M security chip, which Google says provides "on-device protection for login credentials, disk encryption, app data, and the integrity of the operating system." Preorders for both phones begin today, and buyers will get six months of free YouTube Music service.

The Pixel 3 and 3 XL both feature larger screens than last year's models thanks to slimmed down bezels -- and the controversial notch in the case of the bigger phone. The 3 XL has a 6.3-inch display (up from six inches on the 2 XL), while the regular 3 has a 5.5-inch screen (up from five inches). Overall, though, the actual phones are very similar in size and handling to their direct predecessors. Google has stuck with a single rear 12.2-megapixel camera on both phones, continuing to resist the dual-camera industry trend. But it's a different story up front. Both the Pixel 3 and 3 XL have two front-facing cameras; one of them offers a wider field of view for getting more people or a greater sense of your surroundings into a selfie. [...] A new Top Shot option will select the best image from a burst series of shots. Like Samsung's Galaxy Note 9, it will weed out pictures that are blurry or snaps where someone blinked. Super Res Zoom uses multiple frames and AI to deliver a sharper final photo even without optical zoom. There's another interesting feature on the new Pixel handsets: To help you avoid calls from scammers, Google is adding Call Screen to the Pixel, a new option that appears when you receive a phone call. Whenever someone calls you, you can tap a "Screen call" button, and a robot voice will pick up. "The person you're calling is using a screening service, and will get a copy of this conversation. Go ahead and say your name, and why you're calling," the Google bot will say. As the caller responds, the digital assistant will transcribe the caller's message for you. If you need more information, you can use one of the feature's canned responses, which include, "Tell me more," and "Who is this?" There is an accept and reject call button that's on-screen, so you can hang up or take the call at any time.

An anonymous reader shares a report: Think of how ice skaters extend their arms and legs to slow down rotation coming out of jumps or spins. It's the same principle: conservation of angular momentum. Once the bottle is set in motion, its angular momentum remains constant. But shifting how the mass inside (the water) is distributed increases the bottle's rotational inertia (how much force is required to start or keep it moving). This slows down the bottle's rotational speed. Physicists from the University of Twente in the Netherlands decided to analyze the underlying physics [of flipping a half-full bottle of water so it lands upright] more thoroughly in a series of rigorous experiments and develop a theoretical model. For the first version of the experiment, they used a partially filled water bottle. For the second version, they reduced the variables from the large number of water molecules in the bottle to just two tennis balls in a cylindrical container. In both cases, their measurements clearly showed the dramatic decrease of the container's rotational speed, resulting in a nearly vertical descent, so the bottle landed neatly and upright. Tracking the sloshing of the liquid and the changing positions of the tennis balls demonstrated the redistribution of mass, shifting the moment of inertia.

Sony's president has confirmed that the company is working on the next PlayStation, but stopped short of calling it "PlayStation 5." From a report: "At this point, what I can say is it's necessary to have a next-generation hardware," Kenichiro Yoshida told the Financial Times on Monday. He didn't give a sense of the form the next PlayStation might take, but FT sources suggested that it wouldn't be a major departure from the PS4 and that its fundamental architecture would be pretty similar. The report suggests Sony isn't quite ready to jump from consoles to cloud-based gaming, even as direct competitors such as Microsoft and potential ones like Google reveal game streaming services.

On Monday, Intel unveiled the 9th Gen Core i9-9900K, which will rival AMD's Ryzen 2700X when it goes on sale in two weeks. We will soon be reading reviews of the 9th Gen Core i9-9900K, which Intel claims is the "world's best gaming processor," to see how exactly it fares against its AMD counterpart. But as reviewers test the new CPU and comply with an NDA/embargo (non-disclosure agreement) with Intel, which requires them to not share performance data of Intel's new CPU for another few days, surprisingly, one publication has already made a bold claim. In a story published this week, news outlet PCGamesN said, "Intel's Core i9 9900K is up to 50% faster than AMD's Ryzen 7 2700X in games." The publication cites data from an Intel-commissioned report [PDF] by third-party firm Principle Technologies to make the claim. TechSpot explains the issues with this: So Intel can go and publish their own "testing" done suspiciously through a third party ten days before reviews, while reviewers are prohibited from refuting the claims due to the NDA. First bad sign. Scrolling down PCGamesN says the following when looking over Intel's commissioned benchmarks. "But the real point of all this is for Intel to be able to hold out the 9900K as hands down the best gaming processor compared with the AMD competition, and in that it seems to have excelled. On some games, such as Civ 6 and PUBG, the performance delta isn't necessarily that great, but for the most part you're looking at between 30 and 50% higher frame rates from the 9900K versus the 2700X."

Right away many of the results looked very suspect to me, having spent countless hours benchmarking both the 2700X and 8700K, I have a good idea of how they compare in a wide range of titles and these results looked very off. Having spotted a few dodgy looking results my next thought was, why is PCGamesN publishing this misleading data and why aren't they not tearing the paid benchmark report apart? Do they simply not know better?

Over at the Principled Technologies website you can find the full report which states how they tested and the hardware used. Official memory speeds were used which isn't a particularly big deal, though they have gone out of their way to handicap Ryzen, or at the very least expose its weaknesses. Ryzen doesn't perform that well with fully populated memory DIMMs, two modules is optimal. However timings are also important and they used Corsair Vengeance memory without loading the extreme memory profile or XMP setting, instead they just set the memory frequency to 2933 and left the ridiculously loose default memory timings in place. These loose timings ensure compatibility so systems will boot up, but after that point you need to enable the memory profile. It's misleading to conduct benchmarks without executing this crucial step.

An anonymous reader quotes a report from Bloomberg: Millions of Atlantic salmon could have their faces stored in digital databases to track their health and single out those posing threats to their marine surroundings. And before you ask if fish have faces, they do: A company in Norway has developed a 3D scanner that can tell salmon apart based on the distinct pattern of spots around their eyes, mouth and gills. Fish-farming giant Cermaq Group AS wants to roll out the technology at salmon pens along Norway's fjord-etched coastline, betting it can prevent the spread of epidemics like sea lice that infect hundreds of millions of farmed fish and cost the global industry upwards of $1 billion each year.

Cargill wants to apply facial recognition to aqua farms, and Cermaq, operator of over 200 salmon and trout farms in Norway, Canada and Chile, is already doing tests on the iFarm design with its Norwegian technology partner BioSort AS. It'll look a lot like existing fish farms, with networks of 160-meter (525-foot) circular nets that are typically 35 meters deep and home to up to 200,000 salmon. The difference is that iFarms would be equipped with camera scanners at the water surface. On any given day, about 40,000 salmon in each pen will rise to above water for a gulp of air, something their bladders need to regulate buoyancy. Each time a salmon does this, typically every four days, it would go through a funnel fitted with sensors that would screen its face and body so records can be kept on each fish. If the machines pick up on abnormalities like lice or skin ulcers, the infected fish can be quarantined for medical treatment.

In a blog post on Monday, Tesla said that the Model 3 has been deemed to have the lowest probability of occupant injury than any vehicle ever tested by the National Highway Traffic Safety Administration (NHTSA). The Drive reports: Since 1979, the regulatory body has implemented the New Car Assessment Program (NCAP) which, through a series of tests, ultimately produces a rating for a new-to-market vehicle based on how well it performs in a variety of safety-related tests. Over time the test has evolved to assess the injury to occupants based on data gathered for front, side, and rollover crashes. During the NHTSA's previous tests of Tesla vehicles, the Model S and Model X, respectively, became the two vehicles with the lowest probability for injury, outpacing all other automakers. The Model 3 has now widened that gap as it takes the new number-one position on the leaderboard for the safest overall vehicle for occupants.

The California-based auto manufacturer acknowledges the car's low center of gravity as a major factor in its gracious performance in rollover tests. Similar to The Model 3 places its heaviest component, the battery pack, into the floor, so this helps improve the overall stability and rigidity of the car, making it perform excellently in rollover crashes. Additionally, the automaker gives a subtle nod to its engineering team for their design of the vehicle's crumple zones. Working in conjunction with airbags placed in the front of the vehicle and at the occupant's knees, the Model 3 was able to safely control the deceleration of passengers in frontal crash tests. The NHTSA's assessment involved the Model 3 Long Range Rear-Wheel Drive variant, however, Tesla states that it believes other trims will receive similar results when tested.

Apple has released iOS 12.0.1, the first official update to the iOS 12 OS that brings a number of fixes, including a fix to the charging issue that was affecting some iPhone XS owners. Mac Rumors reports: Today's update fixes several high profile bugs that have been plaguing iOS 12 users. It resolves an issue that could cause some iPhone XS devices not to charge when connected to a Lightning cable, an issue that was discovered shortly after iOS 12 was released. Reports suggested multiple iOS 12 devices were affected rather than just the iPhone XS, and it's likely that if other devices are impacted, the new update solves the problem.

https://www.macrumors.com/2018/10/08/apple-releases-ios-12-0-1-update/ iOS 12.0.1 also fixes a major Wi-Fi bug that could cause some iPhone XS devices to prefer to join a 2.4GHz Wi-Fi network rather than a 5GHz Wi-Fi network, resulting in perceived slower Wi-Fi connection speeds. After this update, many users who were stuck with their phones connecting to a 2.4GHz network should see much faster Wi-Fi connection speeds as the devices once again prefer a 5GHz network. Other bug fixes in this update include a reorientation of the "123" number key on the iPad, which was moved in the iOS 12 update and swapped with the emoji/language key, a fix for a problem that could cause subtitles not to appear in some video apps, and an issue where Bluetooth could become unavailable.

Economist Paul Romer, a co-winner of the 2018 Nobel Prize in economics, uses the programming language Python for his research, according to Quartz. Romer reportedly tried using Wolfram Mathematica to make his work transparent, but it didn't work so he converted to a Jupyter notebook instead. From the report: Romer believes in making research transparent. He argues that openness and clarity about methodology is important for scientific research to gain trust. As Romer explained in an April 2018 blog post, in an effort to make his own work transparent, he tried to use Mathematica to share one of his studies in a way that anyone could explore every detail of his data and methods. It didn't work. He says that Mathematica's owner, Wolfram Research, made it too difficult to share his work in a way that didn't require other people to use the proprietary software, too. Readers also could not see all of the code he used for his equations.

Instead of using Mathematica, Romer discovered that he could use a Jupyter notebook for sharing his research. Jupyter notebooks are web applications that allow programmers and researchers to share documents that include code, charts, equations, and data. Jupyter notebooks allow for code written in dozens of programming languages. For his research, Romer used Python -- the most popular language for data science and statistics. Importantly, unlike notebooks made from Mathematica, Jupyter notebooks are open source, which means that anyone can look at all of the code that created them. This allows for truly transparent research. In a compelling story for The Atlantic, James Somers argued that Jupyter notebooks may replace the traditional research paper typically shared as a PDF.

When Chrome 70 arrives on October 16th, it will drop trust for a major HTTPS certificate provider, putting hundreds of popular websites at risk of breaking. "Chrome 70 is expected to be released on or around October 16, when the browser will start blocking sites that run older Symantec certificates issued before June 2016, including legacy branded Thawte, VeriSign, Equifax, GeoTrust and RapidSSL certificates," reports TechCrunch. From the report: [D]espite more than a year to prepare, many popular sites are not ready. Security researcher Scott Helme found 1,139 sites in the top one million sites ranked by Alexa, including Citrus, SSRN, the Federal Bank of India, Pantone, the Tel-Aviv city government, Squatty Potty and Penn State Federal to name just a few. Ferrari, One Identity and Solidworks were named on the list but recently switched to new certificates, escaping any future outages.

HTTPS certificates encrypt the data between your computer and the website or app you're using, making it near-impossible for anyone -- even on your public Wi-Fi hotspot -- to intercept your data. Not only that, HTTPS certificates prove the integrity of the the site you're visiting by ensuring the pages haven't been modified in some way by an attacker. Most websites obtain their HTTPS certificates from a certificate authority, which abide by certain rules and procedures that over time become trusted by web browsers. If you screw that up and lose their trust, the browsers can pull the plug on all of the certificates from that authority. For these reasons, Google stopped supporting Symantec certificates last year after it was found to be issuing misleading and wrong certificates, as well as allowing non-trusted organizations to issue certificates without the proper oversight.

An anonymous reader quotes a report from the BBC: The High Court has blocked a bid to sue Google for allegedly unlawfully taking data from 4.4 million UK iPhone users. The legal case was mounted by a group called Google You Owe Us, led by former Which director Richard Lloyd. It sought compensation for people whose handsets were tracked by Google for several months in 2011 and 2012. Mr Lloyd said he was "disappointed" by the ruling and his group would appeal, but Google said it was "pleased" and thought the case was "without merit."

Mr Justice Warby who oversaw the case explained that it was blocked because the claims that people suffered damage were not supported by the facts advanced by the campaign group. Another reason for blocking it, he said, was the impossibility of reliably calculating the number of iPhone users affected by the alleged privacy breach. The complaint made by Google You Owe Us alleged that the cookies were used by Google to track people and get around settings on Apple's Safari browser that blocked such monitoring. Ads were sold on the basis of the personal information gathered by Google's cookies. The Safari workaround was used by Google on lots of different devices but the UK case centered on iPhone users. The group hoped to win $1.3 billion in compensation for affected users.