An anonymous reader quotes a report from Ars Technica: Since March, Google has been promising that its streaming Stadia platform would be capable of full 4K, 60fps gameplay (for users with a robust Internet connection and $10/month Stadia Pro subscription). But technical analyses since launch have shown that some of the service's highest profile games aren't hitting that mark. A Digital Foundry analysis of Red Dead Redemption 2 on Stadia, for instance, found that the game actually runs at a native 2560x1440 resolution, which is then upscaled to the 4K standard of 4096x2160 via the Chromecast Ultra. And a Bungie representative said that the Stadia version of Destiny 2 runs at the PC equivalent of "medium" graphics settings and that the game will "render at a native 1080p and then upsample [to 4K] and apply a variety of techniques to increase the overall quality of effect."

Over the weekend, Google issued a statement to 9to5Google that essentially places the blame for this situation on Stadia developers themselves (emphasis added): "Stadia streams at 4K and 60fps -- and that includes all aspects of our graphics pipeline from game to screen: GPU, encoder, and Chromecast Ultra all outputting at 4K to 4K TVs, with the appropriate Internet connection. Developers making Stadia games work hard to deliver the best streaming experience for every game. Like you see on all platforms, this includes a variety of techniques to achieve the best overall quality. We give developers the freedom of how to achieve the best image quality and frame rate on Stadia, and we are impressed with what they have been able to achieve for day one. We expect that many developers can, and in most cases will, continue to improve their games on Stadia. And because Stadia lives in our data centers, developers are able to innovate quickly while delivering even better experiences directly to you without the need for game patches or downloads."

Two senators are asking Facebook to "respect" users' decisions to keep their location data from the company. From a report: In a letter sent Tuesday, Sen. Josh Hawley, R-Mo., and Sen. Chris Coons, D-Del., asked Facebook CEO Mark Zuckerberg to respond to questions about how the company collects location data through the new operating systems for Apple's iPhones and Google's Android. Both Google and Apple updated their operating systems earlier this year to give users more control and insight into which apps can access their location data. Anticipating those changes, Facebook released a blog post in September explaining that even if users opt out of letting Facebook collect their data, it could still determine users' locations in other ways, like through check-ins and users' internet connections.

"If a user has decided to limit Facebook's access to his or her location, Facebook should respect these privacy choices," the senators, members of the Judiciary Committee, wrote in the letter to Zuckerberg. "The language in the blog post, however, indicates that Facebook may continue to collect location data despite user preferences, even if the user is not engaging with the app, and Facebook is simply deducing the user's location from information about his or her internet connection. Given that most mobile devices are connected to the internet nearly all the time, whether through a cellular network or a Wi-Fi connection, this practice would allow Facebook to collect user location data almost constantly, irrespective of the user's privacy preferences. Users who have selected a restrictive location services option could reasonably be under the misimpression that their selection limits all of Facebook's efforts to extract location information."

Xiaomi today unveiled a new iteration of its virtual assistant Xiao Ai and shared a new feature of Android-based MIUI operating system as the publicly listed Chinese technology group pushes to expand its internet services ecosystem. From a report: At its annual Mi Developer conference in Beijing, the company said it is integrating an earthquake warning function into MIUI for select users in China, with plans to expand it nationwide soon. The integration, touted as the first of its kind globally, will enable alerts to be sent to smartphones running MIUI 11 and Mi TV "seconds to tens of seconds" before the quake waves arrive, Xiaomi said. The feature, which was first tested in September this year, has been developed in partnership with Institute of Care-life, a Chengdu-based organization focusing on natural disaster warning. Xiaomi said it has activated the feature for the earthquake-prone Sichuan Province and plans to expand it elsewhere in the nation soon. Wang Tun, head of the institute, said this function, unlike those available through apps in some countries, works more efficiently and does not rely on a working internet connection.

Scott Stein, reviews Google Stadia cloud gaming service for CNET: Stadia's launch day was earlier this week... sort of. Really, consider this the start of Stadia's early-access beta period. Because Google's big promises haven't arrived, and at the price of the Stadia's Founder's Edition, I can't recommend anyone jump onboard at the moment. Google's experimental game streaming service, Stadia, launches without many of its promised features, and just a handful of games. It works, but there's not much incentive to buy in. We've heard about the promises of streaming games over the internet for a decade. Stadia really does work as a way to stream games. I've only played a couple of the 12 games Google promised by Tuesday's launch, though. That short list pales compared to what Microsoft already has on tap for its in-beta game-streaming service, xCloud. It's no match for what Nvidia's game streaming GeForce Now already has or what PlayStation Now offers. Prices of Stadia games at launch in the US are below. They're basically full retail game prices. This could get crazy expensive fast.

[...] Stadia has so few games right now, and I'm trying them with no one else online. It isn't clear how things will work now that the service is going live, and what other features will kick in before year's end. I'm curious, but I might lose interest. Others might, too. I have plenty of other great games to play right now: on Apple Arcade, VR and consoles such as the Switch. Stadia isn't delivering new games yet, it's just trying to deliver a new way to play through streaming. One that you can already get from other providers. Until Google finds a way to loop in YouTube and develop truly unique competitive large-scale games, Stadia isn't worth your time yet. Yes, the future is possibly wild, and you can see hints of the streaming-only cloud-based playground Stadia wants to become. But we'll see what it shapes into over the next handful of months and check back in. Raymond Wong, writing for Input Mag looks at the amount of data playing a game on Stadia consumes and how the current state of things require a very fast internet connection to work: Like streaming video, streaming games is entirely dependent on your internet speed. Faster internet delivers smooth, lag-free visuals, and slower internet means seeing some glitches and dropped framerates. Google recommends a minimum of connection of 10Mbps for 1080p Full HD streaming at 30 fps with stereo sound and 35Mbps for 4K resolution streaming (in HDR if display is supported) at 60 fps with 5.1 surround sound. Reality didn't reflect Google's advertising, though. Despite having a Wi-Fi connection with 16-20Mbps downloads in a hotel room in LA, streaming Shadow of the Tomb Raider and Destiny 2 to my 13-inch MacBook Pro wasn't 100% stable. The visuals would glitch out for a second or two about every 10 minutes of playtime. [...] A fast internet connection isn't the only thing you need for Stadia to work right. You need a lot of bandwidth, too. One hour of playing Red Dead Redemption 2 at 1080p resolution on my 46-inch HDTV via a Chromecast Ultra ate up 5.3GB of data. This seemed insane until I saw an hour of Destiny 2 on a Pixel 3a XL with 6-inch, 1080p-resolution display gobbled up 9.3GB of data!

Is it the web page that's slow or is it your network connection? In the future, Google's Chrome web browser may have an answer for you. From a report: Google announced today a plan to identify and label websites that typically load slowly by way of clear badging. The company says it may later choose to identify sites that are likely to be slow based on the user's device and current network conditions, as well. Google hasn't yet determined how exactly the slow websites will be labeled, but says it may experiment with different options to see which makes the most sense. For example, a slow-loading website may show a "Loading..." page that includes a warning, like a caution icon and text that reads "usually loads slow." Meanwhile, a fast website may display a green progress indicator bar at the top of the page instead of a blue one. And for links, Chrome may use the context menu to help users know if the site will be slow so you can decide whether or not you want to click.

An anonymous reader writes: At Chrome Dev Summit in San Francisco today, Google shared its latest vision for the web. First, the company is trying to make loading disappear via instantaneous experiences. The company demoed Web Bundles, a new platform primitive that lets developers distribute their content across any format without a constant connection, and Portals, an experimental API that lets developers instantly give users access to their web experiences. Secondly, Google wants to have Chrome offer native app-like experiences. The Background Sync API will proactively cache web content and SMS Retriever adds two factor SMS functionality to web apps.

Small-satellite startup Kepler and its nanosatellites have successfully demonstrated achieving over 100Mbps of network speed to a Germany icebreaker sea vessel that acts as a mobile lab for the MOSAiC research expedition. TechCrunch reports: This is the first time there's been a high-bandwidth satellite network for any central Arctic ground-based use, Kepler says, and this connection isn't just a technical demo: it's being used for the researchers in the MOSAiC team, which is made up of hundreds of individuals, to transfer data back and forth between the ship and shore-based research stations, which improves all aspects of working with the considerable quantities of data being gathered by the team. On the icebreaker floating research ship, Kepler has demonstrated 38Mbps down, and 120Mbps up.

An anonymous reader quotes a report from TechCrunch: Security researchers have discovered a vulnerability in Ring doorbells that exposed the passwords for the Wi-Fi networks to which they were connected. Bitdefender said the Amazon-owned doorbell was sending owners' Wi-Fi passwords in cleartext as the doorbell joins the local network, allowing nearby hackers to intercept the Wi-Fi password and gain access to the network to launch larger attacks or conduct surveillance.

"When first configuring the device, the smartphone app must send the wireless network credentials. This takes place in an unsecure manner, through an unprotected access point," said Bitdefender. "Once this network is up, the app connects to it automatically, queries the device, then sends the credentials to the local network." But all of this is carried out over an unencrypted connection, exposing the Wi-Fi password that is sent over the air. Amazon fixed the vulnerability in all Ring devices in September, but the vulnerability was only disclosed today.

Facebook, Mozilla, and Cloudflare announced today a new technical specification called TLS Delegated Credentials, currently undergoing standardization at the Internet Engineering Task Force (IETF). From a report: The new standard will work as an extension to TLS, a cryptographic protocol that underpins the more widely-known HTTPS protocol, used for loading websites inside browsers via an encrypted connection. The TLS Delegate Credentials extension was specifically developed for large website setups, such as Facebook, or for website using content delivery networks (CDNs), such as Cloudflare. For example, a big website like Facebook has thousands of servers spread all over the world. In order to support HTTPS traffic on all, Facebook has to place a copy of its TLS certificate private key on each one. This is a dangerous setup. If an attacker hacks one server and steals the TLS private key, the attacker can impersonate Facebook servers and intercept user traffic until the stolen certificate expires. The same thing is also valid with CDN services like Cloudflare. Anyone hosting an HTTPS website on Cloudflare's infrastructure must upload their TLS private key to Cloudflare's service, which then distributes it to thousands of servers across the world. The TLS Delegate Credentials extension allows site owners to create short-lived TLS private keys (called delegated credentials) that they can deploy to these multi-server setups, instead of the real TLS private key.

Slashdot readers jimminy_cricket and Thelasko share a report from Popular Mechanics about how San Francisco's Salesforce Transit Center went from the Grand Central of the West to a $2.2 billion construction debacle. Here's an excerpt from the report: Built at a cost of $2.2 billion, the Salesforce Transit Center and Park formed the cornerstone of the Bay Area's ambitious regional transportation plan: a vast, clean, efficient web of trains, buses, and streetcars, running through a hub acclaimed as the Grand Central Station of the West. Naming this structure -- the embodiment of a transformative idea -- could yield marketing gold for Salesforce. It also could make [Marc Benioff, founder and co-CEO of Salesforce] a household name on the level of Bezos, Gates, or Zuckerberg. Benioff took the gamble in 2017, pledging $110 million over 25 years, with $9.1 million up front and the rest committed to supporting operations when the trains started running. For now, the train box sat vacant on the bottom level, awaiting a 1.3-mile tunnel connection. [...] As he took the stage on his birthday at the Moscone Center, Marc Benioff must have been confident his gamble on naming rights had paid off. He couldn't imagine that at that moment, less than a mile away, the ambassadors trained to welcome the public to the STC were now frantically waving commuters away. Rather than Grand Central Station or the High Line, the Salesforce Transit Center and Park suddenly resembled the Titanic.

Earlier that day, workers installing panels in the STC's ceiling beneath the rooftop park uncovered a jagged crack in a steel beam supporting the park and bus deck. "Out of an abundance of caution," officials said, they closed the transit center, rerouting buses to a temporary terminal. Inspectors were summoned. They found a similar fracture in a second beam. Structural steel is exceptionally strong, but given certain conditions -- low temperatures, defects incurred during fabrication, heavy-load stress -- it remains vulnerable to cracking. Two types of cracks occur in steel: ductile fractures, which occur after the steel has yielded and deformed, and brittle fractures, which generally happen before the steel yields. Ductile fractures develop over time, as the steel stretches during use, explains Michael Engelhardt, Ph.D., a professor of civil engineering at the University of Texas at Austin and chair of the peer-review committee overseeing the STC's response to the cracked-beam crisis. The cracks discovered beneath the rooftop park were classic brittle fractures. The tapered 4-inch-thick steel beams -- 2.5 feet wide and 60 feet long, with a horizontal flange on the bottom -- undergirded the 5.4-acre park on the building's fourth level, and buttressed the roof of the bus deck on the second level. By themselves, the cracks formed a point of weakness with potentially hazardous consequences. But they also suggested the possibility of a larger crisis. If two brittle fractures had appeared in the building's 23,000 tons of structural steel, couldn't there be others?

harrymcc writes: On October 29, 1969, a graduate student in a UCLA computer science lab logged into a computer hundreds of miles away at the Stanford Research Institute. It was the first connection via ARPANET, which -- after 20 years as a government and academic network -- evolved into the modern internet. Over at Fast Company, Mark Sullivan marked the anniversary by visiting the room where the historic login took place and talking to three of the people who made it happen.

An anonymous reader quotes MediaPost: Faced with a new controversy related to online privacy, Comcast said this week that it doesn't draw on information about the sites broadband users visit for advertising or targeting. The company said Thursday that it deletes information every 24 hours about the domain names people navigate to online. "Millions of Comcast customers look up billions of addresses online every day," Chief Privacy Officer Christin McMeley wrote on the company's blog. "We've never used that data for any sort of marketing or advertising -- and we have never sold it to anyone."

The company's statement came one day after the publication Motherboard reported on Comcast's efforts to rally opposition on Capitol Hill to Google's plan to encrypt domain names... "While cloaked as enhancing user privacy, Google's DNS encryption will in fact vastly expand Google's control over and use of customer data, and will result in the complete commercialization of DNS data for Google's own ends," [Comcast's] presentation states. Google has said its plans were mischaracterized by broadband organizations, and that it has no intention of centralizing the web, or changing people's existing DNS providers to Google by default. "Any claim that we are trying to become the centralized encrypted DNS provider is inaccurate," a company spokesperson said last month...

One day after Motherboard posted the material reportedly prepared by Comcast, the cable provider touted its privacy policies in a blog post. "Where you go on the Internet is your business, not ours," McMeley wrote. "As your Internet Service Provider, we do not track the websites you visit or apps you use through your broadband connection. Because we don't track that information, we don't use it to build a profile about you and we have never sold that information to anyone."

Several years ago, Comcast opposed Federal Communications Commission privacy regulations that would have required broadband providers to obtain consumers' opt-in consent before drawing on their web-browsing activity for advertising. The FCC passed those rules in 2016, but the regulations were revoked by Congress the following year.

America's National Transportation Safety Board has now officially determined the probable causes of a Florida pedestrian bridge's collapse in March of 2018: load and capacity calculation errors made by FIGG Bridge Engineers.

Slashdot reader McGruber shares their report: Contributing to the collapse was Louis Berger's inadequate peer review, which failed to detect FIGG's calculation errors in its design of the main span truss member 11/12 nodal region and connection to the bridge deck. The FIGG engineer of record's failure to identify the significance of structural cracking observed in this node before the collapse, and failure to obtain an independent peer review of the remedial plan to address the cracking, further contributed to the collapse...

Six of the eight lanes of the roadway traveling under the bridge were open at the time of the collapse. The failure of FIGG, MCM, Bolton Perez and Associates Consulting Engineers, FIU and the Florida Department of Transportation to cease bridge work and close SW 8th Street to protect public safety contributed to the severity of the collapse outcome, said the NTSB during the meeting.

"Errors in bridge design, inadequate peer review and poor engineering judgment led to the collapse of this bridge," said NTSB Chairman Robert Sumwalt. "The failure of all concerned parties, to recognize and take action on the threat to public safety presented by the significant observed bridge structure distress prior to the collapse, led to the tragic loss of life in this preventable accident."
The report also concludes that Louis Berger "was not qualified by the Florida Department of Transportation to conduct an independent peer review" -- and that Florida's Department of Transportation "should have verified Louis Berger's qualifications as an independent peer review firm as part of FDOT's oversight of local agency program projects."

A publicly-funded group of designers, artists and privacy experts from Amsterdam have designed a smart home system prototype to "prove it's technically possible to build a privacy respecting smart home while maintaining convenience."

Its controller uses an Arduino Nano to disconnect the system from the internet during times when it's not in use. They're building everything on Mozilla's open smart home gateway software. The system's microphone is a separate USB device that can be easily unplugged. For extra security, the devices don't even use wifi to communicate.

"The Candle devices offer the advantages of a smart home system -- such as voice control, handy automations and useful insights -- without the downsides of sending your data to the cloud and feeling watched in your own home," explains their blurb for Dutch Design Week, where they're launching their prototypes of trust-worthy smart locks, thermostats, and other Internet of Things devices: Most smart devices promises us an easier life, but they increasingly disappoint; they eavesdrop, share our data with countless third parties, and offer attractive targets to hackers. Candle is different. Your data never leaves your home, all devices work fine without an internet connection, and everything is open source and transparent.
One of the group's members is long-time Slashdot reader mrwireless, who shares an interesting observation: Smart homes track everything that happens inside them. For developing teenagers, this makes it more difficult to sneak in a date or break the rules in other subtle ways, which is a normal, healthy part of growing up. Candle is a prototype smart home that tries to mitigate these issue. It has given its sensors the ability to generate fake data for a while. In the future, children could get a monthly fake data allowance.

Some of the devices have "skirts", simple fabric covers that can be draped over the devices to hide their screen. If you own a dust sensor, this can be useful if your mother in law comes over and you haven't vacuumed in a while.

An anonymous reader quotes a report from the Electronic Frontier Foundation: Berkeley has become the third city in California and the fourth city in the United States to ban the use of face recognition technology by the government. After an outpouring of support from the community, the Berkeley City Council voted unanimously to adopt the ordinance introduced by Councilmember Kate Harrison earlier this year. Berkeley joins other Bay Area cities, including San Francisco and Oakland, which also banned government use of face recognition. In July 2019, Somerville, Massachusetts became the first city on the East Coast to ban the government's use of face recognition.

The passage of the ordinance also follows the signing of A.B. 1215, a California state law that places a three-year moratorium on police use of face recognition on body-worn cameras, beginning on January 1, 2020. As EFF's Associate Director of Community Organizing Nathan Sheard told the California Assembly, using face recognition technology "in connection with police body cameras would force Californians to decide between actively avoiding interaction and cooperation with law enforcement, or having their images collected, analyzed, and stored as perpetual candidates for suspicion."