The UK's recycling industry says it doesn't know how to cope with a Chinese ban on imports of plastic waste. From a report: Britain has been shipping up to 500,000 tonnes of plastic for recycling in China every year, but now the trade has been stopped. At the moment the UK cannot deal with much of that waste, says the UK Recycling Association. Its chief executive, Simon Ellin, told the BBC he had no idea how the problem would be solved in the short term. "It's a huge blow for us... a game-changer for our industry," he said. "We've relied on China so long for our waste... 55% of paper, 25% plus of plastics. "We simply don't have the markets in the UK. It's going to mean big changes in our industry." China has introduced the ban from this month on "foreign garbage" as part of a move to upgrade its industries.

BrianFagioli shares a report from BetaNews: Earlier this year, we shared with you that a pre-release version of Kodi 18 "Leia" 64-bit for Windows was available. There was a big catch, however -- it was not up to par with its 32-bit brother. And so, many people just stuck with the 32-bit version, because, well... why not? It is finally time to make the jump to the 64-bit variant, however, as according to the Kodi team, it is now identical to the 32-bit version from a feature perspective. "The 64-bit Kodi version for Windows is now feature complete and on the same level as 32-bit. From now on the 32-bit installer will include a warning to ask you to install the 64-bit instead. This upgrade from 32-bit to 64-bit version is seamless and you just need to install on top of the old version," says Kodi.

An anonymous Slashdot reader is asking whether or not there are any alternatives to Android or iOS smartphones: Like most of us, I've owned a few smartphones over time, ranging from a Nokia E71 to a Samsung Android phone and now, an Apple iPhone. It is close to phone upgrade time, and I've been reviewing the features that I use on my phone. When I think honestly about it, the only features I really need are:

1. Phone calls (loads of conference calls, for which I use a wired headset with a microphone)
2. SMS Messaging (unlimited on my plan)
3. Navigation (very important, and is probably the most-used app on my phone)
4. Occasional internet browsing

All of this could be done by the Nokia E71, when Nokia Maps was a thing. If I want to move away from Apple, Google and the like, do I have any options now? Are there any trustable (and by trustable, I mean avoiding unknown Chinese manufacturers) phones in the market today that could do all four and (ideally) have better battery life than one day?

An anonymous reader quotes a report from Ars Technica: The cost to complete a Bitcoin transaction has skyrocketed in recent days. A week ago, it cost around $6 on average to get a transaction accepted by the Bitcoin network. The average fee soared to $26 on Friday and was still almost $20 on Sunday. The reason is simple: until recently, the Bitcoin network had a hard-coded 1 megabyte limit on the size of blocks on the blockchain, Bitcoin's shared transaction ledger. With a typical transaction size of around 500 bytes, the average block had fewer than 2,000 transactions. And with a block being generated once every 10 minutes, that works out to around 3.3 transactions per second. A September upgrade called segregated witness allowed the cryptographic signatures associated with each transaction to be stored separately from the rest of the transaction. Under this scheme, the signatures no longer counted against the 1 megabyte blocksize limit, which should have roughly doubled the network's capacity. But only a small minority of transactions have taken advantage of this option so far, so the network's average throughput has stayed below 2,500 transactions per block -- around four transactions per second.

Catalin Cimpanu, writing for BleepingComputer: Over the course of the last four days, Apple has released updates to address security issues for several products, such as macOS High Sierra, Safari, watchOS, tvOS, and iOS. The most relevant security update is the one to macOS, as it also permanently fixes the bug that allowed attackers to access macOS root accounts without having to type a password. Apple issued a patch for the bug the next day after it was discovered, but because the patch was delivered as an out-of-band update that did not alter the macOS version number, when users from older macOS versions updated to 10.13.1 (the vulnerable version), the bug was still present. With today's update, the patch for the bug -- now known as "IAmRoot" (CVE-2017-13872) -- has received a permanent fix. All users who upgrade to macOS High Sierra 10.13.2 are safe.

An anonymous reader writes: A Michigan man pleaded guilty last week to hacking the computer network of the Washtenaw County Jail, where he modified inmate records in an attempt to have an inmate released early. To breach the jail's network, the attacker used only spear-phishing emails and telephone social engineering.

The man called jail employees and posed as local IT staffers, tricking some into accessing a website, and downloading and installing malware under the guise of a jail system upgrade. Once the man (Konrads Voits) had access to this data, investigators said he accessed the XJail system, searched and accessed the records of several inmates, and modified at least one entry "in an effort to get that inmate released early." Jail employees noticed the modification right away and alerted the FBI. The man as arrested a month later and is now awaiting sentencing (maximum 10 years and a fine of up to $250,000).

Mark Wilson writes: A few days ago, a serious security flaw with macOS High Sierra came to light. It was discovered that it was possible to log into the 'root' account without entering a password, and -- although the company seemed to have been alerted to the issue a couple of weeks back -- praise was heaped on Apple for pushing a fix out of the door quickly. But calm those celebrations. It now transpires that the bug fix has a bug of its own. Upgrade to macOS 10.13.1 and you could well find that the patch is undone. Slow hand clap.

Tesla has been removed from Germany's list of electric cars eligible for subsidies because its Model S sedan is too expensive for the scheme. Tesla customers cannot order the Model S base version without extra features that pushed the car above the 60,000 euro ($71,500) price limit, a spokesman for the German Federal Office for Economic Affairs and Export Controls (BAFA) said on Friday. From the report: Germany last year launched the incentive scheme worth about 1 billion euros, partly financed by the German car industry, to boost electric car usage. A price cap was included to exempt premium models. "This is a completely false accusation. Anyone in Germany can order a Tesla Model S base version without the comfort package, and we have delivered such cars to customers," Tesla said in a statement. The carmaker said the upper price limit was initially set by the German government to exclude Tesla, but later a compromise was reached "that allows Tesla to sell a low option vehicle that qualifies for the incentive and customers can subsequently upgrade if they wish." It said, however, it would investigate whether any car buyers were denied the no-frills version. Under the subsidy scheme, buyers get 4,000 euros off their all-electric vehicle purchase and 3,000 euros off plug-in hybrids.

Open source guru Eric S. Raymond followed up his post on alternatives to C by explaining why he won't touch C++ any more, calling the story "a launch point for a disquisition on the economics of computer-language design, why some truly unfortunate choices got made and baked into our infrastructure, and how we're probably going to fix them." My problem with [C++] is that it piles complexity on complexity upon chrome upon gingerbread in an attempt to address problems that cannot actually be solved because the foundational abstractions are leaky. It's all very well to say "well, don't do that" about things like bare pointers, and for small-scale single-developer projects (like my eqn upgrade) it is realistic to expect the discipline can be enforced. Not so on projects with larger scale or multiple devs at varying skill levels (the case I normally deal with)... C is flawed, but it does have one immensely valuable property that C++ didn't keep -- if you can mentally model the hardware it's running on, you can easily see all the way down. If C++ had actually eliminated C's flaws (that is, been type-safe and memory-safe) giving away that transparency might be a trade worth making. As it is, nope.
He calls Java a better attempt at fixing C's leaky abstractions, but believes it "left a huge hole in the options for systems programming that wouldn't be properly addressed for another 15 years, until Rust and Go." He delves into a history of programming languages, touching on Lisp, Python, and programmer-centric languages (versus machine-centric languages), identifying one of the biggest differentiators as "the presence or absence of automatic memory management." Falling machine-resource costs led to the rise of scripting languages and Node.js, but Raymond still sees Rust and Go as a response to the increasing scale of projects.
Eventually we will have garbage collection techniques with low enough latency overhead to be usable in kernels and low-level firmware, and those will ship in language implementations. Those are the languages that will truly end C's long reign. There are broad hints in the working papers from the Go development group that they're headed in this direction... Sorry, Rustaceans -- you've got a plausible future in kernels and deep firmware, but too many strikes against you to beat Go over most of C's range. No garbage collection, plus Rust is a harder transition from C because of the borrow checker, plus the standardized part of the API is still seriously incomplete (where's my select(2), again?).

The only consolation you get, if it is one, is that the C++ fans are screwed worse than you are. At least Rust has a real prospect of dramatically lowering downstream defect rates relative to C anywhere it's not crowded out by Go; C++ doesn't have that.

An anonymous reader quotes BGR: A few days after the iPhone X launched in stores, Samsung came out with an anti-iPhone campaign... I actually did not expect Samsung to pull off cheap tricks like that, but it sure looks like the iPhone X is a pretty scary device to fight against. But what probably nobody saw coming is Motorola trolling Samsung with an ad of its own... The "Up-upgrade to Motorola" ad offers the alternate ending to Samsung's ad, as Motorola explains on its Facebook page... Motorola doesn't even mention the iPhone X, so if you haven't seen Samsung's ad, you'd think it's just going after Galaxy handsets.
Elsewhere on Facebook, Motorola specifically referenced the attachable accessories available for their Moto Z when mocking the Galaxy Note 8.

"Why settle for edge-to-edge, when you could project your screen up to 70 inches?"

It looks like Logitech didn't anticipate the barrage of criticism it received after announcing this week that it would be intentionally bricking its Harmony Link hub next March. The company is now reversing course. Its Harmony Link will still die next summer, but if you own one, the company is happy to give you a free upgrade to the more recent Harmony Hub model. From a report: Originally, Logitech planned to only offer Harmony Link owners with active warranties free upgrades to its new Harmony Hub devices. But for people out of warranty -- possibly the majority of Harmony Link users, as the devices were last sold in 2015 -- they would just get a one-time, 35 percent discount on a new $100 Harmony Hub. However, after customer outrage, Logitech revised it plans and announced that the company will give every Harmony Link owner a new Hub for free. Additionally, users who had already used the coupon to purchase a new Hub will also be able to contact Logitech in order to obtain a refund for the difference in price. However, Logitech is still not planning to extend support for the Harmony Link. The company says, "We made the business decision to end the support and services of the Harmony Link when the encryption certificate expires in the spring of 2018 -- we would be acting irresponsibly by continuing the service knowing its potential/future vulnerability."

Alyssa Hertig, writing for CoinDesk: The organizers of a controversial bitcoin scaling proposal are suspending an attempt to increase the block size by way of a software upgrade. Known for its strong early support from bitcoin startups and mining pools, the plan, called Segwit2x, or simply 2x, was to trigger a block size increase at block 494784, expected to occur on or around November 16th. The suspension was announced today in an email, written by Mike Belshe, CEO and co-founder of bitcoin wallet software provider BitGo. One of the leaders of the Segwit2x project, he argued that the scaling proposal is too controversial to move forward. He wrote: "Unfortunately, it is clear that we have not built sufficient consensus for a clean block size upgrade at this time. Continuing on the current path could divide the community and be a setback to Bitcoin's growth. This was never the goal of Segwit2x."

Ed Bott, writing for ZDNet: If you've been waiting to claim your free Windows 10 upgrade using the "assistive technologies" exception, you need to act soon. In a quiet change to an obscure web page, Microsoft announced this week that those exceptions will end on December 31, 2017. On July 29, 2016, Microsoft officially ended the Get Windows 10 program, which offered free Windows 10 upgrades to anyone currently running a supported earlier version of Windows. But the company left a giant loophole in a separate announcement at the same time. Under the terms of that announcement, individuals who use "assistive technologies" received an automatic extension of the free upgrade offer. Sometime in the past week, Microsoft quietly edited that page, to add "The accessibility upgrade offer expires on December 31, 2017."

Lance Ulanoff, writing for Mashable: Somewhere, 254 miles above us, an astronaut is probably printing something. Ever since the International Space Station (ISS) welcomed its first residents in November of 2000, there have been printers on board. Astronauts use them to print out critical mission information, emergency evacuation procedures and, sometimes, photos from home. According to NASA, they print roughly 1,000 pages a month on two printers; one is installed on the U.S. side of the ISS, the other in the Russian segment. ISS residents do all this on 20-year-old technology. "When the printer was new, it was like 2000-era tech and we had 2000-era laptop computers. Everything worked pretty good," recalled NASA Astronaut Don Pettit, who brought the first printer up to the ISS. But "the printer's been problematic for the last five or six years," said Pettit who's spent a total of one year on the station. It's not that the Space Station has been orbiting with the same printer since Justin Timberlake was still N'Sync. NASA had dozens of this printer and, as one failed, they'd send up another identical model. But now it's time for something truly new. In 2018, NASA will send two brand new, specialized printers up to the station. However, figuring out the right kind of printer to send was a lot more complicated than you'd probably expect. NASA has turned to HP for its IT supply and needs. The agency requires the following things in its printer: print and handle paper management in zero gravity, handle ink waste during printing, be flame retardant, and be power efficient. HP, Mashable reports, has recommended the HP Envy 5600, its all-in-one (printer, scanner, copier, fax) device that retails for $129.99. The model has been modified, according to the report.

"[N]early 200 F-35s might permanently remain unready for combat because the Pentagon would rather buy new aircraft than upgrade the ones the American people have already paid for," according to one defense news site. And now Bloomberg reports: The Pentagon is accelerating production of Lockheed Martin Corp.'s F-35 jet even though the planes already delivered are facing "significantly longer repair times" than planned because maintenance facilities are six years behind schedule, according to a draft audit. The time to repair a part has averaged 172 days -- "twice the program's objective" -- the Government Accountability Office, Congress's watchdog agency, found. The shortages are "degrading readiness" because the fighter jets "were unable to fly about 22 percent of the time" from January through August for lack of needed parts.

The Pentagon has said soaring costs to develop and produce the F-35, the costliest U.S. weapons system, have been brought under control, with the price tag now projected at $406.5 billion. But the GAO report raises new doubts about the official estimate that maintaining and operating them will cost an additional $1.12 trillion over their 60-year lifetime.
Slashdot reader schwit1 writes, "This is akin to buying an exotic car you can barely afford, without also budgeting for insurance, repairs, and tuneups."

Susan Crawford, writing for Backchannel: Last week, San Francisco became the first major city in America to pledge to connect all of its homes and businesses to a fiber optic network. I urge you to read that sentence again. It's a ray of light. In an era of short-term, deeply partisan do-nothing-ism, the city's straightforward, deeply practical determination shines. Americans, it turns out, are capable of great things -- even if only at the city level these days. [...] San Francisco's dilemma is a compact form of the crisis in communications facing the rest of the country: Although fiber is the necessary infrastructure for every policy goal we have -- advanced healthcare, the emergence of new forms of industries, a chance for every child to get an education, managed use of energy, and on and on -- the private sector, left to its own devices, has no particular incentive to ensure a widespread upgrade to fiber optic connections. Comcast dominates access in the city, but has no plans to replace its cable lines -- great at downloads, not so great at uploads, no opportunity to scale to the capacity of fiber thanks to the laws of physics, and expensive to subscribe to -- with fiber. And its planned enhancements to its cable lines have, in other cities, resulted in a product costing $150 per month. AT&T will say it's upgrading to fiber in San Francisco, but so far its work in many other US cities has been incremental, confined to areas where it has existing business customers to serve or where it already has fiber in place. Other, smaller providers similarly have no plans to do a city-wide upgrade, leaving San Francisco with a deeply uneven patchwork of connectivity. Just as in the rest of the country, poorer and less-well-educated San Franciscans tend not to subscribe to a wire at home, but instead rely wholly on smartphone data plans -- no substitutes, given their expense and throttled capacity, for what's possible using a wired connection.

24 years after its release, NetBSD is getting a security upgrade -- specifically, Address Space Layout Randomization (ASLR). An anonymous reader writes: Support for Kernel ASLR was added on NetBSD-amd64 a few weeks ago. KASLR basically randomizes the address of the kernel, and makes it harder to exploit several classes of vulnerabilities [including privilege escalations and remote code execution]. It is still a work-in-progress, but it's already fully functional, and can be used following the instructions on this post from the NetBSD blog. It will be available starting from NetBSD 9, but may be backported to NetBSD 8 once it is stabilized.
NetBSD says they're the first BSD system to support ASLR.

New submitter ctilsie242 writes: Many years ago, it was said that we would have a "cyber 9/11," a security event so drastic that it fundamentally would change how companies and people thought about security. However, this has not happened yet (mainly because the bad guys know that this would get organizations to shut their barn doors, stopping the gravy train.) With the perception that security has no financial returns, coupled with the opinion that "nobody can stop the hackers, so why even bother," what can actually be done to get businesses to have an actual focus on security. The only "security" I see is mainly protection from "jailbreaking," so legal owners of a product can't use or upgrade their devices. True security from other attack vectors are all but ignored. In fact, I have seen some development environments where someone doing anything about security would likely get the developer fired because it took time away from coding features dictated by marketing. I've seen environments where all code ran as root or System just because if the developers gave thought to any permission model at all, they would be tossed, and replaced by other developers who didn't care to "waste" their time on stuff like that.

One idea would be something similar to Underwriters Labs, except would grade products, perhaps with expanded standards above the "pass/fail" mark, such as Europe's "Sold Secure," or the "insurance lock" certification (which means that a security device is good enough for insurance companies to insure stuff secured by it.) There are always calls for regulation, but with regulatory capture being at a high point, and previous regulations having few teeth, this may not be a real solution in the U.S. Is our main hope the new data privacy laws being enacted in Europe, China, and Russia, which actually have heavy fines as well as criminal prosecutions (i.e. execs going to jail)? This especially applies to IoT devices where it is in their financial interest to make un-upgradable devices, forcing people to toss their 1.0 lightbulbs and buy 1.0.1 lightbulbs to fix a security issue, as opposed to making them secure in the first place, or having an upgrade mechanism. Is there something that can actually be done about the general disinterest by companies to make secure products, or is this just the way life is now?

New submitter mirandakatz writes: Comcast is suing Vermont's Public Utility Commission, claiming -- among many other things -- that its First Amendment rights have been violated. But as Susan Crawford argues at Backchannel, there are far too many holes in that argument. Crawford writes that 'Comcast, which Wall Street knows is essentially an unregulated public utility for high-speed internet access in the areas it covers, has unlimited resources to fight off this public-spirited regulator...[And] although there are many efforts in Vermont to provide fiber (including ECFiber), they're still small: Comcast isn't feeling any pressure to upgrade its lines to fiber. And, as [Craig] Moffett has reported, Comcast from now on will be growing through price hikes, not through building new lines. It's done with building new lines. The whole thing is dispiriting.'

An anonymous reader quotes the Verge: Google plans on upgrading its two-factor authentication tool with an improved, physical security measure aimed at protecting high-profile users from politically motivated cyberattacks, according to a report from Bloomberg. The new service, to be called Advanced Protection Program and potentially slated to launch next month, will trade out the standard authentication process for services like Gmail and Google Drive with physical USB security keys. The service would also restrict the types of third-party apps and services that could connect to a user's Google account.

The changes are not likely to affect standard Google account owners, as Bloomberg reports that Google "plans to market the product to corporate executives, politicians and others with heightened security concerns."