BLACK FRIDAY DEAL: Trust the World's Fastest VPN with Your Internet Security & Freedom--A Lifetime Subscription of PureVPN at $48 with coupon code "BFRIDAY20" ×
Star Wars Prequels

Legislators Take Aim At Star Wars Battlefront II, EA Over 'Gambling In Games' (polygon.com) 49

dryriver writes: A number of pay-to-win microtransaction FPS games, including Dirty Bomb and the $60 Star Wars Battlefront II, have drawn the ire of legislators in countries like Belgium and the United States. Not only are advanced characters like Luke Skywalker and Darth Vader and various weapons and abilities in these games "locked" -- you pay for them in hard cash, or play for them for dozens and dozens of tedious hours -- the games also feature so called "Loot Boxes," which are boxes that contain a random item, weapon, character or ability. So like playing slot machines in Vegas, each time you can get something good, something mediocre or something totally crap. You cannot determine with any certainty what you will get for your real-world dollars or in-game achievements. Angry Reddit users recently downvoted a blundering statement by EA on the topic with a whopping 249,000 downvotes -- an all time downvote record on Reddit, shocking EA into retreating from its pay-to-win model and announcing unspecified "changes" now being made to Star Wars Battlefront II. Legislators in a number of countries have also sharply criticized "Loot Boxes" and "microtransactions" in games, with one legislator in Belgium vowing to have the sale of such games banned completely in the EU, because children are essentially being forced to "gamble with real money" in these games. Forbes has written a great piece about how EA is now essentially stuck with a $60 Star Wars game that cost a lot to make but probably cannot be monetized any further, because there is considerable risk of all games with loot boxes, microtransactions and "pay to win" monetization models being completely banned from sale in a number of different countries now. The morale of the story? Maybe people should not pay a game developer any more than the $40-60 they paid when they thought they "bought" the game in the first place.
Open Source

Linux Pioneer Munich Confirms Switch To Windows 10 (techrepublic.com) 218

The German city of Munich, once seen as a open-source pioneer, has decided to return to Windows. Windows 10 will be rolled out to about 29,000 PCs at the city council, a major shift for an authority that has been running Linux for more than a decade. From a report: Back in 2003 the council decided to to switch to a Linux-based desktop, which came to be known as LiMux, and other open-source software, despite heavy lobbying by Microsoft. But now Munich will begin rolling out a Windows 10 client from 2020, at a cost of about Euro 50m ($59.6m), with a view to Windows replacing LiMux across the council by early 2023. Politicians who supported the move at a meeting of the full council today say using Windows 10 will make it easier to source compatible applications and hardware drivers than it has been using a Linux-based OS, and will also reduce costs associated with running Windows and LiMux PCs side-by-side.
Businesses

Belgium Denounces Loot Boxes as Gambling; Hawaiian Legislator Calls Them 'Predatory' (arstechnica.co.uk) 194

Peter Bright, writing for ArsTechnica: Belgium's Gaming Commission has ruled that loot boxes -- in-game purchases where what you receive is randomized and only known once you open the box -- are gambling. The country's minister of justice, Koen Geens, has said that he wants to see them banned Europe-wide, reports PC Gamer. Amid outcry over the use of loot boxes in Overwatch and Star Wars Battlefront 2, the Belgian Gaming Commission decided last week to look into the issue, with Commission Director Peter Naessens specifically saying that the combination of paying money and receiving something "dependent on chance" prompted the investigation. Rather swiftly, it seems, the Commission has made its decision. In October, the US' Entertainment Software Rating Board (ESRB) rejected calls to classify loot boxes as gambling. It told Kotaku that since players receive some reward from opening the loot box -- even if it's useless or unwanted -- that it's not gambling. As such, loot box games will receive neither ESRB's "Real Gambling" nor "Simulated Gambling" labels, the former of which automatically gives a game an "Adults Only" rating. Many retailers refuse to sell A-O games, so giving every title that uses loot boxes such a rating would likely be harmful to their sales. The question of whether loot boxes are gambling may see some new scrutiny in the US. Hawaiian Democratic State Representative Chris Lee has described loot boxes as predatory behavior.
Programming

More Than Half of GitHub Is Duplicate Code, Researchers Find (theregister.co.uk) 107

Richard Chirgwin, writing for The Register: Given that code sharing is a big part of the GitHub mission, it should come at no surprise that the platform stores a lot of duplicated code: 70 per cent, a study has found. An international team of eight researchers didn't set out to measure GitHub duplication. Their original aim was to try and define the "granularity" of copying -- that is, how much files changed between different clones -- but along the way, they turned up a "staggering rate of file-level duplication" that made them change direction. Presented at this year's OOPSLA (part of the late-October Association of Computing Machinery) SPLASH conference in Vancouver, the University of California at Irvine-led research found that out of 428 million files on GitHub, only 85 million are unique. Before readers say "so what?", the reason for this study was to improve other researchers' work. Anybody studying software using GitHub probably seeks random samples, and the authors of this study argued duplication needs to be taken into account.
Math

Devs Working To Stop Go Math Error Bugging Crypto Software (theregister.co.uk) 66

Richard Chirgwin, writing for The Register: Consider this an item for the watch-list, rather than a reason to hit the panic button: a math error in the Go language could potentially affect cryptographic libraries. Security researcher Guido Vranken (who earlier this year fuzzed up some bugs in OpenVPN) found an exponentiation error in the Go math/big package. Big numbers -- particularly big primes -- are the foundation of cryptography. Vranken posted to the oss-sec mailing list that he found the potential issue during testing of a fuzzer he wrote that "compares the results of mathematical operations (addition, subtraction, multiplication, ...) across multiple bignum libraries." Vranken and Go developer Russ Cox agreed that the bug needs specific conditions to be manifest: "it only affects the case e = 1 with m != nil and a pre-allocated non-zero receiver."
Google

Google Wipes 786 Pirate Sites From Search Results (torrentfreak.com) 83

Google and several leading Russian search engines have completely wiped 786 "pirate" sites from their search results. That's according to telecoms watch Rozcomnadzor, which reports that the search providers delisted the sites after ISPs were ordered by a Moscow court to permanently block them. TorrentFreak reports: Late July, President Vladimir Putin signed a new law which requires local telecoms watchdog Rozcomnadzor to maintain a list of banned domains while identifying sites, services, and software that provide access to them. [...] Nevertheless, on October 1 the new law ("On Information, Information Technologies and Information Protection") came into effect and it appears that Russia's major search engines have been very busy in its wake. According to a report from Rozcomnadzor, search providers Google, Yandex, Mail.ru, Rambler, and Sputnik have stopped presenting information in results for sites that have been permanently blocked by ISPs following a decision by the Moscow City Court. "To date, search engines have stopped access to 786 pirate sites listed in the register of Internet resources which contain content distributed in violation of intellectual property rights," the watchdog reports. The domains aren't being named by Rozcomnadzor or the search engines but are almost definitely those sites that have had complaints filed against them at the City Court on multiple occasions but have failed to take remedial action. Also included will be mirror and proxy sites which either replicate or facilitate access to these blocked and apparently defiant domains.
Android

Samsung's Galaxy S9 Will Appear At CES In January, Says Report (venturebeat.com) 41

According to VentureBeat, Samsung is planning to show off its next-generation Galaxy S9 and S9+ smartphones at January's Consumer Electronics Show in Las Vegas. Some of the information about the devices will be shared at CES, but Samsung is still apparently holding an official launch event in March, as it did this past year for the Galaxy S8 and S8+. From the report: Codenamed Star 1 and Star 2 -- and going by model numbers SM-G960 and SM-G965 -- the S9 and S9+ will feature the same 5.8-inch and 6.2-inch curved-edge Super AMOLED "Infinity" displays, respectively, as their predecessors. While no specific processor was mentioned, it is said to employ 10-nanometer fabrication techniques, which is highly suggestive of the upcoming Snapdragon 845 from Qualcomm (and likely a similar Exynos model for some regions). Besides a bigger screen, the S9+ will reportedly offer more RAM (6GB versus 4GB) and a second rear camera, similar to the Note8. Both models pack 64GB of internal storage, supplemented by a microSD slot, and both leave the 3.5-millimeter headphone jack intact. Regardless of rear camera configuration, both phones orient the elements on the back of the device vertically -- with the fingerprint sensor on the bottom, in acknowledgement of one of the most frequent complaints about all three of Samsung's 2017 flagship handsets. Another change that's sure to be well-received is the addition of AKG stereo speakers. Finally, Samsung plans to introduce a backward-compatible DeX docking station that situates the phones flat and utilizes the screens as either a touchpad or a virtual keyboard.
Wine

Ask Slashdot: What Are Your Greatest Successes and Weaknesses With Wine (Software)? 242

wjcofkc writes: As a distraction, I decided to get the video-editing software Filmora up and running on my Ubuntu box. After some tinkering, I was able to get it installed, only to have the first stage vaporize on launch. This got me reflecting on my many hits and misses with Wine (software) over the years. Before ditching private employment, my last job was with a software company. They were pretty open minded when I came marching in with my System76 laptop, and totally cool with me using Linux as my daily driver after quickly getting the Windows version of their software up and running without a hitch. They had me write extensive documentation on the process. It was only two or three paragraphs, but I consider that another Wine win since to that end I scored points at work. Past that, open source filled in the blanks. That was the only time I ever actually needed (arguably) for it to work. Truth be told, I mostly tinker around with it a couple times a year just to see what does and does not run. Wine has been around for quite awhile now, and while it will never be perfect, the project is not without merit. So Slashdot community, what have been your greatest successes and failures with Wine over the years?
Software

Apple Scientists Disclose Self-Driving Car Research (reuters.com) 34

Apple's first publicly disclosed paper on autonomous vehicles has been posted online by the company's computer scientists. The research describes a new software approach called "VoxelNet" that helps computers detect three-dimensional objects like cyclists and pedestrians while using fewer sensors. Reuters reports: The paper by Yin Zhou and Oncel Tuzel, submitted on Nov. 17 to independent online journal arXiv, is significant because Apple's famed corporate secrecy around future products has been seen as a drawback among artificial intelligence and machine learning researchers. The scientists proposed a new software approach called "VoxelNet" for helping computers detect three-dimensional objects.

Self-driving cars often use a combination of normal two-dimensional cameras and depth-sensing "LiDAR" units to recognize the world around them. While the units supply depth information, their low resolution makes it hard to detect small, faraway objects without help from a normal camera linked to it in real time. But with new software, the Apple researchers said they were able to get "highly encouraging results" in spotting pedestrians and cyclists with just LiDAR data. They also wrote they were able to beat other approaches for detecting three-dimensional objects that use only LiDAR. The experiments were computer simulations and did not involve road tests.

Medicine

The Feds Are Officially Cracking Down on Basement Biohackers (gizmodo.com) 213

Kristen Brown, reporting for Gizmodo: The Food and Drug Agency has issued a stern warning to anyone who might be crazy enough to undertake gene therapy in the do-it-yourself fashion. Definitely don't do this at home, a statement released on Tuesday implies. And if you do, we'll throw every law we can at you. The FDA's deterrent comes on the heels of a brazen DIY gene therapy experiment, in which a 27-year-old software engineer injected himself with an unprove gene therapy for HIV designed by three biohacker friends. The first injection was streamed live on Facebook in October, and went viral after it was covered by Gizmodo. "You can't stop it, you can't regulate these things," patient zero, Tristan Roberts, told Gizmodo at the time. Apparently the FDA begs to differ.
Microsoft

Stop Using Excel, Finance Chiefs Tell Staffs (wsj.com) 264

Tatyana Shumsky, reporting for WSJ: Adobe's finance chief Mark Garrett says his team struggles keeping track of which jobs have been filled at the software company. The process can take days and requires finance staff to pull data from disparate systems that house financial and human-resources information into Microsoft's Excel spreadsheets. From there they can see which groups are hiring and how salary spending affects the budget. "I don't want financial planning people spending their time importing and exporting and manipulating data, I want them to focus on what is the data telling us," Mr. Garrett said. He is working on cutting Excel out of this process, he said. CFOs at companies including P.F. Chang's China Bistro, ABM Industries and Wintrust Financial are on a similar drive to reduce how much their finance teams use Excel for financial planning, analysis and reporting (Editor's note: the link could be paywalled; an alternative source wasn't immediately available). Finance chiefs say the ubiquitous spreadsheet software that revolutionized accounting in the 1980s hasn't kept up with the demands of contemporary corporate finance units. Errors can bloom because data in Excel is separated from other systems and isn't automatically updated.
Privacy

How a Wi-Fi Pineapple Can Steal Your Data (And How To Protect Yourself From It) (vice.com) 45

An anonymous reader writes: The Wi-Fi Pineapple is a cheap modified wireless router enables anyone to execute sophisticated exploits on Wi-Fi networks with little to no networking expertise. A report in Motherboard explains how it can be used to run a Wall of Sheep and execute a man-in-the-middle attack, as well as how you can protect yourself from Pineapple exploits when you're connected to public Wi-Fi. "... it's important that whenever you are done connecting to a public Wi-Fi network that you configure your phone or computer to 'forget' that network. This way your device won't be constantly broadcasting the SSIDs of networks it has connected to in the past, which can be spoofed by an attacker with a Pineapple," reports Motherboard. "Unfortunately there is no easy way to do this on an Android or an iPhone, and each network must be forgotten manually in the 'Manage Network' tab of the phone's settings. Another simple solution is to turn off your Wi-Fi functionality when you're not using it -- though that isn't as easy to do on some devices anymore -- and don't allow your device to connect to automatically connect to open Wi-Fi networks."
Windows

Microsoft Confirms Surface Book 2 Can't Stay Charged During Gaming Sessions (engadget.com) 138

The Verge mentioned in their review that the Surface Book 2's power supply can't charge the battery fast enough to prevent it from draining in some cases. Microsoft has since confirmed that "in some intense, prolonged gaming scenarios with Power Mode Slider set to 'best performance' the battery may discharge while connected to the power supply." Engadget reports: To let you choose between performance and battery life, the Surface Book has a range of power settings. If you're doing video editing or other GPU intensive tasks, you can crank it up to "best performance" to activate the NVIDIA GPU and get more speed. Battery drain is normally not an issue with graphics apps because the chip only kicks in when needed. You'll also need the "best performance" setting for GPU-intensive games, as they'll slow down or drop frames otherwise. The problem is that select titles like Destiny 2 use the NVIDIA chip nearly continuously, pulling up to 70 watts of power on top of the 35 watt CPU. Unfortunately, the Surface Book comes with a 102-watt charger, and only about 95 watts of that reaches the device, the Verge points out. Microsoft says that the power management system will prevent the battery from draining completely, even during intense gaming, but it would certainly mess up your Destiny 2 session. It also notes that the machine is intended for designers, developers and engineers, with the subtext that it's not exactly marketed as a gaming rig.
Bitcoin

$31 Million In Tokens Stolen From Dollar-Pegged Cryptocurrency Tether 59

Mark Wilson shares a report from BetaNews: All eyes may be on the meteoric rise of Bitcoin at the moment, but it's far from being the only cryptocurrency on the block. Startup Tether issued a critical announcement after it was discovered that "malicious action by an external attacker" had led to the theft of nearly $31 million worth of tokens. Tether is a dollar-pegged cryptocurrency formerly known as Realcoin, and it says that $30,950,010 was stolen from a treasury wallet. The company says it is doing what it can to ensure exchanges do not process these tokens, including temporarily suspending its backend wallet service. Tether knows the address used by the attacker to make the theft, but is not aware of either who the attacker is, or how the attack took place. The company is releasing a new version of its Omni Core software client in what it says is "effectively a temporary hard fork to the Omni Layer."
Security

Ask Slashdot: How Are So Many Security Vulnerabilities Possible? 348

dryriver writes: It seems like not a day goes by on Slashdot and elsewhere on the intertubes that you don't read a story headline reading "Company_Name Product_Name Has Critical Vulnerability That Allows Hackers To Description_Of_Bad_Things_Vulnerability_Allows_To_Happen." A lot of it is big brand products as well. How, in the 21st century, is this possible, and with such frequency? Is software running on electronic hardware invariably open to hacking if someone just tries long and hard enough? Or are the product manufacturers simply careless or cutting corners in their product designs? If you create something that communicates with other things electronically, is there no way at all to ensure that the device is practically unhackable?
Security

Sacramento Regional Transit Systems Hit By Hacker (cbslocal.com) 35

Zorro shares a report from CBS Local: Sacramento Regional Transit is the one being taken for a ride on this night, by a computer hacker. That hacker forced RT to halt its operating systems that take credit card payments, and assigns buses and trains to their routes. The local transit agency alerted federal agents following an attack on their computers that riders may not have noticed Monday. "We actually had the hackers get into our system, and systematically start erasing programs and data," Deputy General Manager Mark Lonergan. Inside RT's headquarters, computer systems were taken down after the hacker deleted 30 million files. The hacker also demanded a ransom in bitcoin, and left a message on the RT website reading "I'm sorry to modify the home page, I'm good hacker, I just want to help you fix these vulnerability."
Privacy

Uber Concealed Cyberattack That Exposed 57 Million People's Data (bloomberg.com) 31

According to Bloomberg, hackers stole the personal data of 57 million customers and drivers from Uber. The massive breach was reportedly concealed by the company for more than a year. From the report: Compromised data from the October 2016 attack included names, email addresses and phone numbers of 50 million Uber riders around the world, the company told Bloomberg on Tuesday. The personal information of about 7 million drivers were accessed as well, including some 600,000 U.S. driver's license numbers. No Social Security numbers, credit card details, trip location info or other data were taken, Uber said. At the time of the incident, Uber was negotiating with U.S. regulators investigating separate claims of privacy violations. Uber now says it had a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. Instead, the company paid hackers $100,000 to delete the data and keep the breach quiet. Uber said it believes the information was never used but declined to disclose the identities of the attackers.

Here's how the hack went down: Two attackers accessed a private GitHub coding site used by Uber software engineers and then used login credentials they obtained there to access data stored on an Amazon Web Services account that handled computing tasks for the company. From there, the hackers discovered an archive of rider and driver information. Later, they emailed Uber asking for money, according to the company.

OS X

New Windows Search Interface Borrows Heavily From MacOS (arstechnica.com) 84

An anonymous reader quotes a report from Ars Technica: Press clover-space on a Mac (aka apple-space or command-space to Apple users) and you get a search box slap bang in the middle of the screen; type things into it and it'll show you all the things it can find that match. On Windows, you can do the same kind of thing -- hit the Windows key and then start typing -- but the results are shown in the bottom left of your screen, in the Start menu or Cortana pane. The latest insider build of Windows, build 17040 from last week, has a secret new search interface that looks a lot more Mac-like. Discovered by Italian blog Aggiornamenti Lumia, set a particular registry key and the search box appears in the middle of the screen. The registry key calls it "ImmersiveSearch" -- hit the dedicated key, and it shows a simple Fluent-designed search box and results. This solution looks and feels a lot like Spotlight on macOS.
Microsoft

Microsoft Offering Free Windows 10 Development Environment VM for a Limited Time (bleepingcomputer.com) 81

An anonymous reader shares a report: Microsoft is providing a free virtual machine that comes preloaded with Windows 10 Enterprise, Visual Studio 2017, and various utilities in order to promote the development of Universal Windows Platform apps. Before you get too excited about a free version of Windows 10 Enterprise, this Virtual Machine will expire on January 15th 2018. When downloading the development environment, you can choose either a VMware, VirtualBox, Hyper-V, or Parallels virtual machine depending on what virtual machine software you use. Each of these images are about 17-20GB when extracted from the downloaded archive and include almost everything you need to develop Universal Windows Platform apps.
Privacy

Over 400 of the World's Most Popular Websites Record Your Every Keystroke (vice.com) 261

An anonymous reader quotes a report from Motherboard: The idea of websites tracking users isn't new, but research from Princeton University released last week indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled "No Boundaries," three researchers from Princeton's Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world's most popular websites track your every keystroke and then send that information to a third-party server. Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers' findings. If you accidentally paste something into a form that was copied to your clipboard, it's also recorded. These scripts, or bits of code that websites run, are called "session replay" scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don't just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don't run on every page, but are often placed on pages where users input sensitive information, like passwords and medical conditions. Most troubling is that the information session replay scripts collect can't "reasonably be expected to be kept anonymous," according to the researchers.

Slashdot Top Deals