Chrome

Google Engineers Explore Ways To Stop In-Browser Cryptocurrency Miners in Chrome (bleepingcomputer.com) 23

An anonymous reader writes: Google Chrome engineers are considering adding a special browser permission that will thwart the rising trend of in-browser cryptocurrency miners. Discussions on the topic of in-browser miners have been going on the Chromium project's bug tracker since mid-September when Coinhive, the first such service, launched. "Here's my current thinking," Ojan Vafai, a Chrome engineering working on the Chromium project, wrote in one of the recent bug reports. "If a site is using more than XX% CPU for more than YY seconds, then we put the page into 'battery saver mode' where we aggressively throttle tasks and show a toast [notification popup] allowing the user to opt-out of battery saver mode. When a battery saver mode tab is backgrounded, we stop running tasks entirely. I think we'll want measurement to figure out what values to use for XX and YY, but we can start with really egregious things like 100% and 60 seconds. I'm effectively suggesting we add a permission here, but it would have unusual triggering conditions [...]. It only triggers when the page is doing a likely bad thing."

An earlier suggestion had Google create a blacklist and block the mining code at the browser level. That suggestion was shut down as being too impractical and something better left to extensions.

EU

EU: No Encryption Backdoors But, Let's Help Each Other Crack That Crypto (theregister.co.uk) 29

The European Commission has proposed that member states help each other break into encrypted devices by sharing expertise around the bloc. From a report: In an attempt to tackle the rise of citizens using encryption and its effects on solving crimes, the commission decided to sidestep the well-worn, and well-ridiculed, path of demanding decryption backdoors in the stuff we all use. Instead, the plans set out in its antiterrorism measures on Wednesday take a more collegiate approach -- by offering member states more support when they actually get their hands on an encrypted device. "The commission's position is very clear -- we are not in favour of so-called backdoors, the utilisation of systemic vulnerabilities, because it weakens the overall security of our cyberspace, which we rely upon," security commissioner Julian King told a press briefing. "We're trying to move beyond a sometimes sterile debate between backdoors or no backdoors, and address some of the concrete law enforcement challenges. For instance, when [a member state] gets a device, how do they get information that might be encrypted on the device." [...] Share the wealth. "Some member states are more equipped technically to do that [extract information from a seized device] than others," King said. "We want to make sure no member state is at a disadvantage, by sharing the tech expertise among the member states and reinforcing the support that Europol can offer."
Android

Samsung To Let Proper Linux Distros Run on Galaxy Smartphones (theregister.co.uk) 99

An anonymous reader shares a report: Samsung has announced it will soon become possible to run actual proper Linux on its Note8, Galaxy S8 and S8+ smartphones -- and even Linux desktops. Yeah, yeah, we know Android is built on Linux, but you know what we mean. Samsung said it's working on an app called "Linux on Galaxy" that will let users "run their preferred Linux distribution on their smartphones utilizing the same Linux kernel that powers the Android OS." "Whenever they need to use a function that is not available on the smartphone OS, users can simply switch to the app and run any program they need to in a Linux OS environment," Samsung says. The app also allows multiple OSes to run on a device. Linux desktops will become available if users plug their phones into the DeX Station, the device that lets a Galaxy 8 run a Samsung-created desktop-like environment when connected to the DeX and an external monitor.
Ubuntu

Ubuntu 17.10 Artful Aardvark Released 87

Canonical has made available the download links for Ubuntu 17.10 "Artful Aardvark". It comes with a range of new features, changes, and improvements including GNOME as the default desktop, Wayland display server by default, Optional X.org server session, Mesa 17.2 or Mesa 17.3, Linux kernel 4.13 or kernel 4.14, new Subiquity server installer, improved hardware support, new Ubuntu Server installer, switch to libinput, an always visible dock using Dash to Dock GNOME Shell extension, and Bluetooth improvements with a new BlueZ among others.
Robotics

Bankers Publicly Embracing Robots Are Privately Fearing Job Cuts (bloomberg.com) 138

An anonymous reader quotes a report from Bloomberg: Within the upper echelons of many financial firms, there's a lot of soul searching as executives prepare to roll out a new generation of technology. Publicly, they're upbeat, predicting machines will perform almost all repetitive tasks, freeing humans to focus on more valuable pursuits. Privately, many confide to peers, consultants and sometimes journalists that they're worried about what will happen to their staffs -- and what to tell them. There's also uncertainty. Maybe it's all overblown, executives say, because the tech will be hard to implement and humans will find new roles. Or perhaps it's the beginning of the end for legions of professionals in one of the world's most lucrative fields. Can jobs held by office-dwelling millionaires disappear like those on factory floors? The result, is that employees aren't getting a clear message on what's to come.

For a rosy scenario, look to McKinsey & Co. In July, the consulting firm published a report estimating machines are ready to assume roughly a third of the work now performed by banks' rank and file. The authors framed it as positive: People will have more time to tend to clients, conduct research or brainstorm ideas. So far, it noted, firms at the forefront aren't slashing jobs. At JPMorgan Chase & Co., one of the most tech-savvy banks, Chief Executive Officer Jamie Dimon predicted in June that his workforce will more likely grow than shrink over the next 20 years. Technology may displace workers, he's said, but it also creates opportunities. Yet in interviews, about a dozen Wall Street executives and consultants responsible for deploying technologies -- and steeped in their capabilities -- were more bearish on humans. Machines will take over task after task, they said, and banks simply won't need nearly as many people.

Security

Ask Slashdot: What Are Ways To Get Companies To Actually Focus On Security? 137

New submitter ctilsie242 writes: Many years ago, it was said that we would have a "cyber 9/11," a security event so drastic that it fundamentally would change how companies and people thought about security. However, this has not happened yet (mainly because the bad guys know that this would get organizations to shut their barn doors, stopping the gravy train.) With the perception that security has no financial returns, coupled with the opinion that "nobody can stop the hackers, so why even bother," what can actually be done to get businesses to have an actual focus on security. The only "security" I see is mainly protection from "jailbreaking," so legal owners of a product can't use or upgrade their devices. True security from other attack vectors are all but ignored. In fact, I have seen some development environments where someone doing anything about security would likely get the developer fired because it took time away from coding features dictated by marketing. I've seen environments where all code ran as root or System just because if the developers gave thought to any permission model at all, they would be tossed, and replaced by other developers who didn't care to "waste" their time on stuff like that.

One idea would be something similar to Underwriters Labs, except would grade products, perhaps with expanded standards above the "pass/fail" mark, such as Europe's "Sold Secure," or the "insurance lock" certification (which means that a security device is good enough for insurance companies to insure stuff secured by it.) There are always calls for regulation, but with regulatory capture being at a high point, and previous regulations having few teeth, this may not be a real solution in the U.S. Is our main hope the new data privacy laws being enacted in Europe, China, and Russia, which actually have heavy fines as well as criminal prosecutions (i.e. execs going to jail)? This especially applies to IoT devices where it is in their financial interest to make un-upgradable devices, forcing people to toss their 1.0 lightbulbs and buy 1.0.1 lightbulbs to fix a security issue, as opposed to making them secure in the first place, or having an upgrade mechanism. Is there something that can actually be done about the general disinterest by companies to make secure products, or is this just the way life is now?
Government

CNN Gets a First-Of-Its-Kind Waiver To Fly Drones Over Crowds (techcrunch.com) 50

The FAA has granted CNN a waiver that allows it to fly its Vantage Robotics Snap drone over open-air crowds of people at altitudes of up to 150 feet. "This is a new precedent in this kind of waiver: Previous exemptions allowed flight of drones over people in closed set operations (like for filmmaking purposes) and only when tethered, with a max height of 21 feet," reports TechCrunch. From the report: The new waiver granted to CNN, as secured through its legal counsel Hogan Lovells, allows for flight of the Vantage UAV (which is quite small and light) above crowds regardless of population density. It was a big win for the firm and the company because it represents a change in perspective on the issue for the FAA, which previously viewed all requests for exceptions from a "worst-case scenario" point of view. Now, however, the FAA has accepted CNN's "reasonableness Approach," which takes into account not just the potential results of a crashed drone, but also the safe operating history of the company doing the flying, their built-in safety procedures, and the features included on the drone model itself that are designed to mitigate the results of any negative issues.
Power

Microsoft Teases Multi-Day Battery Life For Upcoming ARM-Powered Windows Devices (techspot.com) 63

An anonymous reader quotes a report from TechSpot: Microsoft late last year announced a partnership with Qualcomm to bring the full Windows 10 experience to ARM-powered devices. Terry Myerson, Executive Vice President of Microsoft's Windows and Devices Group, promised at the time that Snapdragon-powered Windows 10 devices would be efficient in the power consumption department. We're still waiting for the partnership to bear fruit but in the interim, new details regarding efficiency (and a few other subjects) have emerged. With regard to battery life, Pete Bernard, Principal Group Program Manager for Connectivity Partners at Microsoft, said that to be frank, battery life at this point is beyond their expectations: ""We set a high bar for [our developers], and we're now beyond that. It's the kind of battery life where I use it on a daily basis. I don't take my charger with me. I may charge it every couple of days or so. It's that kind of battery life."
AI

DeepMind's Go-Playing AI Doesn't Need Human Help To Beat Us Anymore (theverge.com) 120

An anonymous reader quotes a report from The Verge: Google's AI subsidiary DeepMind has unveiled the latest version of its Go-playing software, AlphaGo Zero. The new program is a significantly better player than the version that beat the game's world champion earlier this year, but, more importantly, it's also entirely self-taught. DeepMind says this means the company is one step closer to creating general purpose algorithms that can intelligently tackle some of the hardest problems in science, from designing new drugs to more accurately modeling the effects of climate change. The original AlphaGo demonstrated superhuman Go-playing ability, but needed the expertise of human players to get there. Namely, it used a dataset of more than 100,000 Go games as a starting point for its own knowledge. AlphaGo Zero, by comparison, has only been programmed with the basic rules of Go. Everything else it learned from scratch. As described in a paper published in Nature today, Zero developed its Go skills by competing against itself. It started with random moves on the board, but every time it won, Zero updated its own system, and played itself again. And again. Millions of times over. After three days of self-play, Zero was strong enough to defeat the version of itself that beat 18-time world champion Lee Se-dol, winning handily -- 100 games to nil. After 40 days, it had a 90 percent win rate against the most advanced version of the original AlphaGo software. DeepMind says this makes it arguably the strongest Go player in history.
The Internet

Mozilla To Document Cross-Browser Web Dev Standards with Google, Microsoft, Samsung, and W3C (venturebeat.com) 42

Mozilla has announced deeper partnerships with Microsoft, Google, Samsung, and web standards body W3C to create cross-browser documentation on MDN Web Docs, a web development documentation portal created by Mozilla. From a report: MDN Web Docs first came to fruition in 2005, and it has since been known under various names, including the Mozilla Developer Network and Mozilla Developer Center. Today, MDN Web Docs serves as a community and library of sorts covering all things related to web technologies and standards, including JavaScript, HTML, CSS, open web app development, Firefox add-on development, and more. The web constitutes multiple players from across the technology spectrum and, of course, multiple browsers, including Microsoft's Edge, Google's Chrome, Mozilla's Firefox, and the Samsung Internet Browser. To avoid fragmentation and ensure end-users have a (fairly) consistent browsing experience, it helps if all the players involved adhere to a similar set of standards.
Security

The Internet Is Ripe With In-Browser Miners and It's Getting Worse Each Day (bleepingcomputer.com) 319

Catalin Cimpanu, reporting for BleepingComputer: Ever since mid-September, when Coinhive launched and the whole cryptojacking frenzy started, the Internet has gone crazy with in-browser cryptocurrency miners, and new sites that offer similar services are popping up on a weekly basis. While one might argue that mining Monero in a site's background is an acceptable alternative to viewing intrusive ads, almost none of these services that have recently appeared provide a way to let users know what's happening, let alone a way to stop mining behavior. In other words, most are behaving like malware, intruding on users' computers and using resources without permission. [...] Bleeping Computer spotted two new services named MineMyTraffic and JSEcoin, while security researcher Troy Mursch also spotted Coin Have and PPoi, a Coinhive clone for Chinese users. On top of this, just last night, Microsoft spotted two new services called CoinBlind and CoinNebula, both offering similar in-browser mining services, with CoinNebula configured in such a way that users couldn't report abuse. Furthermore, none of these two services even have a homepage, revealing their true intentions to be deployed in questionable scenarios.
Businesses

Amazon's Next Big Bet is Letting You Communicate Without a Smartphone, Says Alexa's Chief Scientist (cnbc.com) 141

An anonymous reader shares a report: The next big function to take off on Amazon's Echo devices will be voice or video calling -- which is a way Alexa can reduce the need to have your smartphone on your at all times, said Rohit Prasad, VP and Head Scientist at Alexa Machine Learning. "If you have not played with calling and the video calls on Echo Show, you should try it because that is revolutionizing how you can communicate," Prasad said in an exclusive interview with CNBC at an Alexa Accelerator event in Seattle Tuesday night. (The event is dedicating to developing new voice-powered technologies.) "When you can drop in on people who have given you access -- so I can drop in and call my mom in her kitchen without her picking any device -- it's just awesome." (Amazon added the ability to call mobile numbers and landlines for free onto Echo devices a few weeks ago.) Amazon doesn't have a smartphone that lets customers bring a digital assistant everywhere -- like Apple's Siri and Google's Assistant -- and communicating through Alexa devices is one way of reducing the need for a personal handset, Prasad said "I can easily drop in and talk to my kids," Prasad says. "They don't have a smartphone so that's my easiest way to talk to them. It's yet another area where Alexa is taking the friction away."
Chrome

Chrome 62 Released With OpenType Variable Fonts, HTTP Warnings In Incognito Mode (bleepingcomputer.com) 76

An anonymous reader writes: Earlier today, Google released version 62 of its Chrome browser that comes with quite a few new features but also fixes for 35 security issues. The most interesting new features are support for OpenType variable fonts, the Network Quality Estimator API, the ability to capture and stream DOM elements, and HTTP warnings for the browser's Normal and Incognito mode. The most interesting of the new features is variable fonts. Until now, web developers had to load multiple font families whenever they wanted variations on a font family. For example, if a developer was using the Open Sans font family on a site, if he wanted a font variation such as Regular, Bold, Black, Normal, Condensed, Expanded, Highlight, Slab, Heavy, Dashed, or another, he'd have to load a different font file for each. OpenType variable fonts allow font makers to merge all these font family variations in one file that developers can use on their site and control via CSS. This results in fewer files loaded on a website, saving bandwidth and improving page load times. Two other features that will interest mostly developers are the Network Quality Estimator and the Media Capture from DOM Elements APIs. As the name hints, the first grants developers access to network speed and performance metrics, information that some websites may use to adapt video streams, audio quality, or deliver low-fi versions of their sites. Developers can use the second API -- the Media Capture from DOM Elements -- to record videos of how page sections behave during interaction and stream the content over WebRTC. This latter API could be useful for developers debugging a page, but also support teams that want to see what's happening on the user's side.
The Military

SpaceX's Reusable Rockets Win US Air Force General's Endorsement (bloomberg.com) 70

As the military looks to drive down costs, the head of U.S. Air Force Space Command said he's "completely committed" to launching future missions with recycled rockets like those championed by SpaceX's Elon Musk. "It would be 'absolutely foolish' not to begin using pre-flown rockets, which brings such significant savings that they'll soon be commonplace for the entire industry, General John W. 'Jay' Raymond said," reports Bloomberg. From the report: "The market's going to go that way. We'd be dumb not to," he said. "What we have to do is make sure we do it smartly." The Air Force won't be able to use the recycled boosters until they're certified for military use, a process that Raymond suggested may already be in the works. "The folks out at Space and Missile Systems Center in Los Angeles that work for me would be in those dialogues," he said, declining to specify when certification could take place. "I don't know how far down the road we've gotten, but I am completely committed to launching on a reused rocket, a previously flown rocket, and making sure that we have the processes in place to be able to make sure that we can do that safely."
The Internet

Russian Troll Factory Paid US Activists To Fund Protests During Election (theguardian.com) 622

bestweasel writes: The Guardian reports on another story about Russian meddling, but interestingly, this one comes from a respected Russian news source, the RBC. From the report: "Russian trolls posing as Americans made payments to genuine activists in the U.S. to help fund protest movements on socially divisive issues. On Tuesday, the newspaper RBC published a major investigation into the work of a so-called Russian 'troll factory' since 2015, including during the period of the U.S. election campaign, disclosures that are likely to put further spotlight on alleged Russian meddling in the election. RBC said it had identified 118 accounts or groups in Facebook, Instagram and Twitter that were linked to the troll factory, all of which had been blocked in August and September this year as part of the U.S. investigation into Russian electoral meddling. Perhaps the most alarming element of the article was the claim that employees of the troll factory had contacted about 100 real U.S.-based activists to help with the organization of protests and events. RBC claimed the activists were contacted by Facebook group administrators hiding their Russian origin and were offered financial help to pay for transport or printing costs. About $80,000 was spent during a two-year period, according to the report."
Software

EA Shuts Down Visceral Games, Shifting Development On Its Star Wars Game (kotaku.com) 75

Visceral Games, the studio behind games like Battlefield Hardline and Dead Space, is being shut down by EA. The Star Wars game in development at Visceral will be revamped and moved to a different studio. Kotaku reports: "Our Visceral studio has been developing an action-adventure title set in the Star Wars universe," EA's Patrick Soderlund said in a blog post. "In its current form, it was shaping up to be a story-based, linear adventure game. Throughout the development process, we have been testing the game concept with players, listening to the feedback about what and how they want to play, and closely tracking fundamental shifts in the marketplace. It has become clear that to deliver an experience that players will want to come back to and enjoy for a long time to come, we needed to pivot the design." Soderlund added that Visceral will be "ramping down and closing" and that "we're in the midst of shifting as many of the team as possible to other projects and teams at EA." "Lastly," he said, "while we had originally expected this game to launch late in our fiscal year 2019, we're now looking at a new timeframe that we will announce in the future."
Android

ZTE Launches Axon M, a Foldable, Dual-Screened Smartphone (theverge.com) 60

ZTE's new Axon M is a full-featured smartphone with a hinge that connects two full-size displays, making the Axon M a flip phone of sorts. "Its front screen is a 5.2-inch, 1080p panel, it has last year's Qualcomm Snapdragon 821 processor, 4GB of RAM, and a 20-megapixel camera," reports The Verge. "But flip the phone over and there's an identical 5.2-inch display on the back, making the Axon M anything but run-of-the-mill." From the report: The M's hinge allows the rear screen to flip forward and slot right next to the main display, creating an almost tablet sized canvas. You can stretch the home screen and apps across the two displays for a larger working area, or you can run two different apps at the same time, one on each screen. You can also "tent" the phone, and mirror the displays so two people can see the same content at the same time. ZTE says that it is utilizing Android's default split-screen features to enable many of the dual-screen functions, and it has made sure the "top 100" Android apps work on the phone. In the "extended" mode, which stretches a single app across both screens, the tablet version of the app is presented (provided there is one, which isn't always a guarantee with Android apps). It's even possible to stream video on both screens at the same time and switch the audio between them on the fly, which might be useful if you want to watch a sports game and YouTube at the same time, I guess.
Android

Android Oreo Helps Google's Pixel 2 Smartphones Outperform Other Android Flagships (hothardware.com) 77

MojoKid highlights Hot Hardware's review of Google's new Pixel 2 and Pixel 2 XL smartphones: Google officially launched it's Pixel 2 phones today, taking the wraps off third-party reviews. Designed by Google but manufactured by HTC (Pixel 2) and LG (Pixel 2 XL), the two new handsets also boast Google's latest Android 8.0 operating system, aka Oreo, an exclusive to Google Pixel and certain Nexus devices currently. And in some ways, this is also a big advantage. Though they are based on the same Qualcomm Snapdragon 835 processor as many other Android devices, Google's new Pixel 2s manage to outpace similarly configured smartphones in certain benchmarks by significant margins (Basemark, PCMark and 3DMark). They also boot dramatically faster than any other Android handset on the market, in as little as 10 seconds. Camera performance is also excellent, with both the 5-inch Pixel 2 and 6-inch Pixel 2 XL sporting identical electronics, save for their displays and chassis sizes. Another notable feature built into Android Oreo is Google Now Playing, an always-listening, Shazam-like service (if you enable it) that displays song titles on the lock screen if it picks up on music playing in the room you're in. Processing is done right on the Pixel 2 and it doesn't need network connectivity. Another Pixel 2 Oreo-based trick is Google Lens, a machine vision system that Google notes "can recognize places like landmarks and buildings, artwork that you'd find in a museum, media covers such as books, movies, music albums, and video games..." The Google Pixel 2 and Pixel 2 XL are available now on Verizon or unlocked via the Google Store starting at $649 and $849 respectively for 64GB storage versions, with a $100 up-charge for 128GB variants.
Google

Google Maps Ditches Walking Calorie Counter After Backlash (engadget.com) 343

Following online backlash, Google is removing a planned feature in Maps that shows you how many calories you'd burn when in walking mode. Google's attempt to promote a healthy lifestyle caused a number of people to lambast the feature on Twitter, claiming it would "shame" and even "trigger" those with eating disorders. Engadget reports: Taking note of the negative reaction, Google is now dumping the experiment. It confirmed to Engadget that the update was briefly tested on iOS, and has been abandoned based on user feedback. As The Hill's Taylor Lorenz noted in her tweets, there was no way to turn off the feature. Lorenz also claimed that using pink cupcakes as the unit of measurement was "lowkey aimed at women." Others pointed out that Maps wasn't the appropriate place for the update. After all, there are plenty of fitness and calorie counting apps that keep track of your activity and consumption -- again emphasizing how misplaced the feature was.
Piracy

Netflix, Amazon, Movie Studios Sue Over TickBox Streaming Device (arstechnica.com) 128

Movies studios, Netflix, and Amazon have teamed up to file a lawsuit against a streaming media player called TickBox TV. The device in question runs Kodi on top of Android 6.0, and searches the internet for streams that it can make available to users without actually hosting any of the content itself. An anonymous reader quotes a report from Ars Technica: The complaint (PDF), filed Friday, says the TickBox devices are nothing more than "tool[s] for mass infringement," which operate by grabbing pirated video streams from the Internet. The lawsuit was filed by Amazon and Netflix Studios, along with six big movie studios that make up the Motion Picture Association of America: Universal, Columbia, Disney, Paramount, 20th Century Fox, and Warner Bros.

"What TickBox actually sells is nothing less than illegal access to Plaintiffs' copyrighted content," write the plaintiffs' lawyers. "TickBox TV uses software to link TickBox's customers to infringing content on the Internet. When those customers use TickBox TV as Defendant intends and instructs, they have nearly instantaneous access to multiple sources that stream Plaintiffs' Copyrighted Works without authorization." The device's marketing materials let users know the box is meant to replace paid-for content, with "a wink and a nod," by predicting that prospective customers who currently pay for Amazon Video, Netflix, or Hulu will find that "you no longer need those subscriptions." The lawsuit shows that Amazon and Netflix, two Internet companies that are relatively new to the entertainment business, are more than willing to join together with movie studios to go after businesses that grab their content.

Slashdot Top Deals