"Proprietary software makes it possible to design products to cheat ordinary users..." writes Richard Stallman -- linking to a new essay by Cory Doctorow: Carriers adapted custom versions of Android to lock customers to their networks with shovelware apps that couldn't be removed from the home-screen and app store lock-in that forced customers to buy apps through their phone company. What began with printers and spread to phones is coming to everything: this kind of technology has proliferated to smart thermostats (no apps that let you turn your AC cooler when the power company dials it up a couple degrees), tractors (no buying your parts from third-party companies), cars (no taking your GM to an independent mechanic), and many categories besides.

All these forms of cheating treat the owner of the device as an enemy of the company that made or sold it, to be thwarted, tricked, or forced into conducting their affairs in the best interest of the company's shareholders. To do this, they run programs and processes that attempt to hide themselves and their nature from their owners, and proxies for their owners (like reviewers and researchers). Increasingly, cheating devices behave differently depending on who is looking at them. When they believe themselves to be under close scrutiny, their behavior reverts to a more respectable, less egregious standard. This is a shocking and ghastly turn of affairs, one that takes us back to the dark ages.

An anonymous reader writes: Google Chrome 63 will include a new security feature that will detect when third-party software is performing a Man-in-the-Middle (MitM) attack that hijacks the user's Internet connection.... Most MitM toolkits fail to correctly rewrite the user's encrypted connections, causing SSL errors that Chrome will detect. The new Chrome 63 feature is in the form of a new warning screen. This new error will appear whenever Chrome detects a large number of SSL connection errors in a short timespan, a sign that someone is trying -- and failing -- to intercept the user's web traffic. This includes both malware and legitimate applications, such as antivirus and firewall applications. The new Chrome error won't show up for all antivirus and firewall software, but only for those that do not rewrite SSL connections in a proper way, resulting in SSL errors.
Chrome 63 is set for release on December 5, but users can already test it by enabling it in the Google Chrome dev branch.

One million households lost power in Florida, and at least three people died, after Hurricane Irma made landfall Sunday morning. Bloomberg reports how Uber tried to help: Uber Technologies Inc. is offering free rides to shelters near Tampa as Hurricane Irma barrels toward the Florida mainland. The City of Tampa's Office of Emergency Management publicized the free rides on its Twitter feed, @AlertTampa, and mobile news alert service. Uber's offer helps serve a vital need for transportation, as Tampa Bay area residents got late notice that the monster storm that changed track on Saturday and was heading their way. It also provided a chance for the company to burnish an image... Uber has also been criticized for using its so-called surge pricing in times of crisis.

An anonymous reader quotes Wired: Last fall, a group of music industry heavyweights gathered in New York City to do something they'd mostly failed to do up to that point: work together. Representatives from major labels like Universal, Sony, and Warner sat next to technologists from companies like Spotify, YouTube, and Ideo and discussed the collective issues threatening their industry... The participants of that confab would later form a group called the Open Music Initiative... "Pretty early on it was obvious that there's an information gap in the industry," says Erik Beijnoff, a product developer at Spotify and a member of the OMI.

That "information gap" refers to the data around who helped create a song. Publishers might keep track of who wrote the underlying composition of a song, or the session drummer on a recording, but that information doesn't always show up in a digital file's metadata. This disconnect between the person who composed a song, the person who recorded it, and the subsequent plays, has led to problems like writers and artists not getting paid for their work, and publishers suing streaming companies as they struggle to identify who is owed royalties. "It's a simple question of attribution," says Berklee College of Music's vice president of innovation and strategy, Panos A. Panay. "And payments follow attribution."

Over the last year, members of the OMI -- almost 200 organizations in total -- have worked to develop just that. As a first step, they've created an API that companies can voluntarily build into their systems to help identify key data points like the names of musicians and composers, plus how many times and where tracks are played. This information is then stored on a decentralized database using blockchain technology -- which means no one owns the information, but everyone can access it.

An anonymous reader quotes VentureBeat: Native honeybees, one of the most prolific pollinators in the animal kingdom, are dying off at an unprecedented rate from Colony Collapse Disorder and threatening an ecosystem service worth about $15 billion. Supported by the National Science Foundation, the RoboBees project looks to minimize the loss of this critical resource with new microbots that can mimic the pollinating role of a honeybee... In a remarkable display of biomimicry, scientists have developed a flight-capable robot that's just half the size of a paperclip and weighs in at one tenth of a gram... The RoboBees project pushes the boundaries of research in a variety of fields, from micromanufacturing to energy storage and even the computer algorithms that control the robots by the swarm...

While the effect of a single robot might be miniscule, a coordinated group of hundreds, thousands, or millions of RoboBees could perform a host of unprecedented tasks. Aside from pollinating plants for agricultural purposes, the RoboBees could coordinate to digitally map terrain, monitor weather conditions, and even assist in relief efforts after a disaster, through data collection. While RoboBees are only intended as a stopgap measure for honeybee loss, the potential applications of the technology have the world holding its breath for the next breakthrough.

Fake reviews used to be crowdsourced. Now they can be auto-generated by AI, according to a new research paper shared by AmiMoJo: In this paper, we identify a new class of attacks that leverage deep learning language models (Recurrent Neural Networks or RNNs) to automate the generation of fake online reviews for products and services. Not only are these attacks cheap and therefore more scalable, but they can control rate of content output to eliminate the signature burstiness that makes crowdsourced campaigns easy to detect. Using Yelp reviews as an example platform, we show how a two phased review generation and customization attack can produce reviews that are indistinguishable by state-of-the-art statistical detectors.
Humans marked these AI-generated reviews as useful at approximately the same rate as they did for real (human-authored) Yelp reviews.

An anonymous reader quotes Phys.org: Swamped by too much raw intel data to sift through, US spy agencies are pinning their hopes on artificial intelligence to crunch billions of digital bits and understand events around the world. Dawn Meyerriecks, the Central Intelligence Agency's deputy director for technology development, said this week the CIA currently has 137 different AI projects, many of them with developers in Silicon Valley. These range from trying to predict significant future events, by finding correlations in data shifts and other evidence, to having computers tag objects or individuals in video that can draw the attention of intelligence analysts. Officials of other key spy agencies at the Intelligence and National Security Summit in Washington this week, including military intelligence, also said they were seeking AI-based solutions for turning terabytes of digital data coming in daily into trustworthy intelligence that can be used for policy and battlefield action.

An anonymous reader quotes AFP: Hurricane Irma, now taking aim at Florida, has stunned experts with its sheer size and strength, churning across the ocean with sustained Category 5 winds of 183 miles per hour (295 kilometers per hour) for more than 33 hours, making it the longest-lasting, top-intensity cyclone ever recorded. Meanwhile Jose, a Category 4 on the Saffir Simpson scale of 1 to 5, is fast on the heels of Irma, pummeling the Caribbean for the second time in the span of a few days. Many have wondered what is contributing to the power and frequency of these extreme storms. "Atlantic hurricane seasons over the years have been shaped by many complex factors," said Jim Kossin, a NOAA hurricane scientist at the University of Wisconsin. "Those include large scale ocean currents, air pollution -- which tends to cool the ocean down -- and climate change"...

Some think a surge in industrial pollution after World War II may have produced more pollutant particles that blocked the Sun's energy and exerted a cooling effect on the oceans. "The pollution reduced a lot of hurricane activity," said Gabriel Vecchi, professor of geosciences at Princeton University's Environmental Institute. Pollution began to wane in the 1980s due to regulations such as the Clean Air Act, allowing more of the Sun's rays to penetrate the ocean and provide warming fuel for storms. Vecchi said the "big debate" among scientists is over which plays a larger role -- variations in ocean currents or pollution cuts. There is evidence for both, but there isn't enough data to answer a key question...

The burning of fossil fuels, which spew greenhouse gases into the atmosphere and warm the Earth, can also be linked to a rise in extreme storms in recent years. Warmer ocean temperatures yield more moisture, more rainfall, and greater intensity storms. "It is not a coincidence that we're seeing more devastating hurricanes," climatologist Michael Mann of Penn State University told AFP in an email. "Over the past few years, as global sea surface temperatures have been the warmest on record, we've seen the strongest hurricanes -- as measured by peak sustained winds -- globally, in both Southern and Northern Hemisphere, in both Pacific and now, with Irma, the open Atlantic," he added. "The impacts of climate change are no longer subtle. We're seeing them play out in real time, and the past two weeks have been a sadly vivid example."

An anonymous reader quotes Reuters: France, Germany, Italy and Spain want digital multinationals like Amazon and Google to be taxed in Europe based on their revenues, rather than only profits as now, their finance ministers said in a joint letter. France is leading a push to clamp down on the taxation of such companies, but has found support from other countries also frustrated at the low tax they receive under current international rules. Currently such companies are often taxed on profits booked by subsidiaries in low-tax countries like Ireland even though the revenue originated from other EU countries. "We should no longer accept that these companies do business in Europe while paying minimal amounts of tax to our treasuries," the four ministers wrote in a letter seen by Reuters.

A 31-year-old autistic man in the U.K. is suspected of hacking U.S. government computer systems in 2013 -- and he has one final chance to appeal his extradition. An anonymous reader quotes the Guardian Even if Love is guilty, however, there are important legal and moral questions about whether he should be extradited to the US -- a nation that has prosecuted hackers with unrivalled severity, and one where Love could be sentenced to spend the rest of his life in prison... His remaining hope for mercy is a final appeal against extradition in the high court in November. Love's hope is for a full and fair trial in Britain.

Even if he is found guilty in a British court of the most serious crimes in the US government's indictment, his legal team estimate that he faces just a few months in prison. Failure means Love will be flown to a holding facility in New York, placed on suicide watch and probably forced to take antidepressants, prior to a trial. If he refuses to accept a plea deal and is convicted, he will face $9m (£6.8m) in fines and, experts estimate, a prison term of up to 99 years, a punishment illustrative of the US's aggressive sentencing against hackers under the controversial Computer Fraud and Abuse Act.
Naomi Colvin, from the human rights group the Courage Foundation, tells the Guardian that "Lauri's case is critically important in determining the reach of America's unusually harsh punitive sanctions for computer crimes."

Though Apple officially unveils their newest iPhone on Tuesday, information is already leaking on the internet.

• Mashable: "Physically, it's expected to be about the same size as an iPhone 7, but with an edge-to-edge OLED display that's bigger than what is currently on the iPhone 7 Plus. It won't have a home button or Touch ID, and will likely use some kind of facial recognition tech to unlock."

• MacRumors cites a report from KGI Securities analyst Ming-Chi Kuo suggesting facial recognition may just be one feature of a complex front camera with 3D sensing hardware, including a proximity sensor, ambient light sensor, and a structured light transmitter (using a surface-emitting laser) and receiver.

• CNET: "Irish iPhone programming guru Steve Troughton-Smith now feels sure he has the names of the three phones to be launched by Apple on Tuesday.... they'll (probably) be called the iPhone 8, iPhone 8 Plus and -- ta-da -- the iPhone X."

• Troughton-Smith also predicts a 3x screen at 1125x2436 resolution

• Fortune: "Apple's iPhone line is expected to catch up with Android phones in the area of wireless charging this year... just lay the phone down on a compatible charger mat or base or dock, and watch the battery fill up."

• 9to5Mac: "We've found a brand new feature called 'Animoji', which uses the 3D face sensors to create custom 3D animated emoji based on the expressions you make into the camera. Users will be able to make Animoji of unicorns, robots, pigs, pile of poo and many more."

Slashdot reader unixisc writes: While it's always been well known that Windows phones in the market have floundered, one saving grace has always been that one could at least use it for the barest minimum of apps, even if updates have stopped... Aside from a door stop or a hand me down to someone who'll use it like a dumb phone, what are your suggested uses for this phone? A music player (if the songs are on an SD card)? Games? As far as phones go, I have what I need, so for this, anything it's good for?
The original submission suggests problems connecting to wi-ifi -- something partially corroborated by complaints at Windows Central -- though Microsoft's site says they're still supporting wifi connections.

Slashdot reader thegreatbob suggested "shuffleboard puck" -- then added, "Snark aside, if you're into writing custom applications and such for them, there's probably a bootloader/root solution for you out there."

Leave your own best suggestions in the comments. What can you do with an old Windows Phone?

An anonymous reader quotes security researcher Brian Krebs: The web site that Equifax advertised as the place where concerned Americans could go to find out whether they were impacted by this breach -- equifaxsecurity2017.com -- is completely broken at best, and little more than a stalling tactic or sham at worst. In the early hours after the breach announcement, the site was being flagged by various browsers as a phishing threat. In some cases, people visiting the site were told they were not affected, only to find they received a different answer when they checked the site with the same information on their mobile phones.
TechCrunch has concluded that "the checker site, hosted by Equifax product TrustID, seems to be telling people at random they may have been affected by the data breach." One user reports that entering the same information twice produced two different answers. And ZDNet's security editor reports that even if you just enter Test or 123456, "it says your data has been breached." TechCrunch writes: The assignment seems random. But, nevertheless, they were still asked to continue enrolling in TrustID. What this means is not only are none of the last names tied to your Social Security number, but there's no way to tell if you were really impacted. It's clear Equifax's goal isn't to protect the consumer or bring them vital information. It's to get you to sign up for its revenue-generating product TrustID.
Meanwhile, one web engineer claims the secret 10-digit "security freeze" PIN being issued by Equifax "is just a timestamp of when you made the freeze."

An anonymous reader quotes Stack Overflow Blog: In this post, we'll explore the extraordinary growth of the Python programming language in the last five years, as seen by Stack Overflow traffic within high-income countries. The term "fastest-growing" can be hard to define precisely, but we make the case that Python has a solid claim to being the fastest-growing major programming language... June 2017 was the first month that Python was the most visited [programming language] tag on Stack Overflow within high-income nations. This included being the most visited tag within the US and the UK, and in the top 2 in almost all other high income nations (next to either Java or JavaScript). This is especially impressive because in 2012, it was less visited than any of the other 5 languages, and has grown by 2.5-fold in that time. Part of this is because of the seasonal nature of traffic to Java. Since it's heavily taught in undergraduate courses, Java traffic tends to rise during the fall and spring and drop during the summer.

Does Python show a similar growth in the rest of the world, in countries like India, Brazil, Russia and China? Indeed it does. Outside of high-income countries Python is still the fastest growing major programming language; it simply started at a lower level and the growth began two years later (in 2014 rather than 2012). In fact, the year-over-year growth rate of Python in non-high-income countries is slightly higher than it is in high-income countries... We're not looking to contribute to any "language war." The number of users of a language doesn't imply anything about its quality, and certainly can't tell you which language is more appropriate for a particular situation. With that perspective in mind, however, we believe it's worth understanding what languages make up the developer ecosystem, and how that ecosystem might be changing. This post demonstrated that Python has shown a surprising growth in the last five years, especially within high-income countries.
The post was written by Stack Overflow data scientist David Robinson, who notes that "I used to program primarily in Python, though I have since switched entirely to R."

Slashdot reader troublemaker_23 writes, "A number of security researchers have dismissed an article by reporter Brian Krebs about Marcus Hutchins, the Briton who is awaiting trial in the US on charges of writing and distributing the Kronos banking malware, by pointing out that it has nothing to do with the case." An anonymous reader writes: Krebs investigated dozens of hacker forum pseudonyms, concluding "The clues suggest that Hutchins began developing and selling malware in his mid-teens -- only to later develop a change of heart and earnestly endeavor to leave that part of his life squarely in the rearview mirror." Krebs believes 15-year-old Hutchins registered a domain he'd later advertise as "mainly for blackhats wanting to phish," and in 2010 may have filmed YouTube videos about password-stealing malware. Krebs says the early activities are "fairly small-time -- and hardly rise to the level of coding from scratch a complex banking trojan and selling it to cybercriminals," though he believes Hutchins moved on to advertising exploit kits, password-stealers, and bot rentals.

Krebs also talked to 27-year-old Brendan Johnston, a friend of Hutchins who did time in prison in 2014 for selling Trojans, who "said his old friend sincerely tried to turn things around in late 2012... 'I feel like I know Marcus better than most people do online, and when I heard about the accusations I was completely shocked,. He tried for such a long time to steer me down a straight and narrow path that seeing this tied to him didn't make sense to me at all." Krebs stresses that Hutchins didn't try to hide the fact that he'd written malware, "which in the United States at least is a form of protected speech." And his essay concludes, "Let me be clear: I have no information to support the claim that Hutchins authored or sold the Kronos banking trojan."
Symantec's former cybersecurity czar Tarah Wheeler has now set up a new legal fund after it was discovered that most of the online donations to Hutchins' previous defense fund came from stolen or fake credit card numbers. Hutchins returns to court in October, and the new fund has already received more than $16,000 in donations from more than 200 contributors.