Security

Sandboxed Mac Apps Can Record Screen Any Time Without You Knowing (bleepingcomputer.com) 59

Catalin Cimpanu, writing for BleepingComputer: Malicious app developers can secretly abuse a macOS API function to take screenshots of the user's screen and then use OCR (Optical Character Recognition) to programmatically read the text found in the image. The function is CGWindowListCreateImage, often utilized by Mac apps that take screenshots or live stream a user's desktop. According to Fastlane Tools founder Felix Krause, any Mac app, sandboxed or not, can access this function and secretly take screenshots of the user's screen. Krause argues that miscreants can abuse this privacy loophole and utilize CGWindowListCreateImage to take screenshots of the screen without the user's permission.
Cloud

Can Docker Survive Google? (bloomberg.com) 98

Though Docker has 400 corporate customers -- and plans to double its sales staff -- "here's what happens to a startup when Google gets all up in its business," reads a recent headline at Bloomberg: Docker Inc. helped establish a type of software tool known as containers...and they've made the company rich. Venture capitalists have poured about $240 million into the startup, according to research firm CB Insights. Then along came Google, with its own free container system called Kubernetes. Google has successfully inserted Kubernetes into the coder toolbox. While Docker and Kubernetes serve slightly different purposes, customers who choose Google's tool can avoid paying Docker.

The startup gives away its most popular product while trying to convince developers to pay for extras, notably a program that does the same thing as Google's. "Kubernetes basically has ruled the industry, and it is the de facto standard," said Gary Chen, an analyst at IDC. "Docker has to figure out how do they differentiate themselves." It's up to [Docker CEO] Steve Singh to escape a situation that's trapped many startups battling cash-rich tech giants like Google, dangling free alternatives... "They invented this great tech, but they are not the ones profiting from it," said Gary Chen, an analyst at IDC.

Though Docker's CEO is hoping to take the company public someday, Slashdot reader oaf357 predicts a different future: To say that Docker had a very rough 2017 is an understatement. Aside from Uber, I can't think of a more utilized, hyped, and well funded Silicon Valley startup (still in operation) fumbling as bad as Docker did in 2017. People will look back on 2017 as the year Docker, a great piece of software, was completely ruined by bad business practices leading to its end in 2018.
His article criticizes things like the new Moby upstream for the Docker project, along with "Docker's late and awkward embrace of Kubernetes... It's almost as if Docker is conceding itself to being a marginal consulting firm in the container space." And he suggests that ultimately Docker could be acquired by "a large organization like Oracle or Microsoft."
Security

Some Sonos and Bose Speakers Are Being Hijacked To Play Ghostly Sounds (theverge.com) 41

An anonymous reader quotes a report from The Verge: Researchers at Trend Micro have found that certain models of Sonos and Bose speakers have vulnerabilities that leave them open to hijacking, as reported by Wired. The accessible speakers are being exploited by hackers that are using them to play spooky sounds, Alexa commands, and Rick Astley tracks. Only a small percentage of speakers by the two companies are actually affected, including some of the Sonos Play:1, the Sonos One, and the Bose SoundTouch. All it takes is for the speaker to be connected to a misconfigured network and a simple internet scan. Once the speaker is discovered via the scan, the API it uses to talk to apps can be utilized to tell the speakers to play any audio file hosted at a specific URL. Of all the models, between 2,500 to 5,000 Sonos devices and 400 to 500 Bose devices were found by Trend Micro to be open to audio hacking.
The Almighty Buck

Did Elon Musk Create Bitcoin? (cryptocoinsnews.com) 189

An anonymous reader quotes CryptoCoinsNews: It should be no surprise that the elusive hunt for Satoshi, often referred to as the father of Bitcoin, has led to the theory that Elon Musk has been hiding a big secret from all of us. Sahil Gupta, a computer science student at Yale University and former intern at SpaceX, believes just this... Bitcoin was written by someone with mastery of C++, a language Musk has utilized heavily at SpaceX. Musk's 2013 Hyperloop paper also provided insight into his deep understanding of cryptography and economics...

One week before Gupta's Medium post on Musk, another Medium blog was published with a theory that Musk invented Bitcoin for future use on Mars. As radical as this may sounds, the point around Paypal in this article was relevant. Musk has already revolutionized digital currency with his founding role in Paypal, which he sold to eBay in 2002. The author claims Musk is under a non-compete from this deal, leaving him to secrecy about his role in Bitcoin.

Gupta's article cites other clues that suport his theory, including Musk's interest in solving global problems, his unusual silence on the topic of cryptocurrencies, and the fact that "Elon has said publicly he doesn't own any bitcoin, which is consistent with a 'Good Satoshi' who deleted his private keys. This means Satoshi's one million coins (worth about $8 billion) are gone for good." And of course, with a net worth of $19.7 billion, Elon Musk is one of the few people who wouldn't need the money.

UPDATE (11/28/17): On Twitter, Elon Musk has responded, saying the rumors that he created Bitcoin are "not true."
Transportation

Tesla Unveils 500-Mile Range Semi Truck, 620-Mile Range Roadster 2.0 373

Rei writes: During a live reveal on Thursday, Tesla unveiled its new electric Class 8 Heavy Duty vehicle. As most people familiar with Tesla products would expect, the day cab truck features staggeringly fast acceleration for a vehicle of its size. It can accelerate 0-60 in 5 seconds without a trailer and 20 seconds with a 40-ton gross weight while being able to pull its maximum payload up a 5-degree grade at 65mph (versus a typical maximum of 45mph). The 500-mile range is for the vehicle at full load and highway speeds (80% of U.S. freight routes are 250 miles or less). Tesla also boasts a million mile no-breakdown guarantee; even losing two of its four motors it can out-accelerate a typical diesel truck. The total cost per mile is pegged at 83% of operating a diesel, but when convoying is utilized -- where multiple trucks mirror the action of a lead truck -- the costs drop to 57%, a price cheaper than rail. Tesla went a step further and stole the show from their own event by having the first prototype of the new Tesla Roadster drive out of the back of the truck. With the base model alone boasting a 620 mile range on a 200kWh battery pack with 10kN torque, providing a 1.9 second 0-60, 4.2 second 0-100, and 8.9 second quarter mile, the 2+2-seating convertible will easily be the fastest-accelerating production car in the world. Top speed is not disclosed, but said to be "at least 250mph." The vehicle's release date, however, is not scheduled until 2020.
Privacy

In a 'Plot Twist', Wikileaks Releases Documents It Claims Detail Russia Mass Surveillance Apparatus (techcrunch.com) 168

WikiLeaks, believed by many to be a Kremlin front, surprised some observers Tuesday morning (Snowden called it a "plot twist") when it released documents linking a Russian tech company with access to thousands of citizens' telephone and internet communications with Moscow. From a report: Writing a summary of the cache of mostly Russian-language documents, Wikileaks claims they show how a long-established Russian company which supplies software to telcos is also installing infrastructure, under state mandate, that enables Russian state agencies to tap into, search and spy on citizens' digital activity -- suggesting a similar state-funded mass surveillance program to the one utilized by the U.S.'s NSA or by GCHQ in the U.K. (both of which were detailed in the 2013 Snowden disclosures). The documents which Wikileaks has published (there are just 34 "base documents" in this leak) relate to a St. Petersburg-based company, called Peter-Service, which it claims is a contractor for Russian state surveillance. The company was set up in 1992 to provide billing solutions before going on to become a major supplier of software to the mobile telecoms industry.
Crime

State Prison Officials Blame An Escape On Drones And Cellphones (usatoday.com) 223

An anonymous reader quotes USA Today: A fugitive South Carolina inmate recaptured in Texas this week had chopped his way through a prison fence using wire cutters apparently dropped by a drone, prison officials said Friday. Jimmy Causey, 46, fled the Lieber Correctional Institution in Ridgeville, S.C., on the evening of July 4th after leaving a paper mache doll in his bed to fool guards into thinking he was asleep. He was not discovered missing until Wednesday afternoon. Causey was captured early Friday 1,200 miles away in a motel in Austin by Texas Rangers acting on a tip, WLTX-TV reported... "We believe a drone was used to fly in the tools that allow(ed) him to escape," South Carolina Corrections Director Bryan Stirling said...

Stirling said prison officials are investigating the performance by prison guards that night but pointed to cellphones and drones as the main problem. The director said he and other officials have sought federal help for years to combat the use of drones to drop contraband into prison. "It's a simple fix," Stirling said. "Allow us to block the signal... They are physically incarcerated, but they are not virtually incarcerated."

It's the second time the same convict escaped from South Carolina's maximum security prison -- albeit the first time he's (allegedly) used a drone. The state's Law Enforcement Division Chief also complains that the federal government still prohibits state corrections officials from blocking cellphones, and "as long as cellphones continue to be utilized by inmates in prisons we're going to have things like this -- we're going to have very well-planned escapes..."
IBM

After 25 Years, 'Lost' OS/2 2.0 Build 6.605 Finally Re-Discovered (os2museum.com) 93

"In a fascinating example of poor timing, disk images of OS/2 2.0 pre-release level 6.605 from July/September 1991 were missing for over 25 years, only to show up literally one day after after the 25th anniversary of the OS/2 2.0 release," writes the site OS/2 Museum. An anonymous reader writes: It's the last OS/2 2.0 pre-release which didn't use the Workplace Shell (WPS), but "instead utilized the same old Desktop Manager as OS/2 1.2/1.3, which makes it the closest surviving relative of the Microsoft OS/2 2.0 SDK." Featuring a 16-bit/32-bit hybrid kernel and a "DOS Window" icon (as well as a few games like Reversi and Klondike Solitaire), "the look and feel was not quite the same as OS/2 1.3 and in fact was a cross between OS/2 1.3 and Windows 3.1."
The elusive 6.605 pre-release fell between 6.149 and 6.167 -- and "It is not known what possessed IBM to assign it a completely out-of-sequence number."
Communications

IMDb Is Shutting Down Its Long-Running, Popular Message Boards After 16 Years (polygon.com) 168

An anonymous reader quotes a report from Polygon: After 16 years, IMDb's message boards and the ability to privately message other users is shutting down, with many members of the community openly mourning the loss of the section. IMDb, which stands from the Internet Movie Database, is one of the world's biggest databases for film and television. According to the company, there is information on more than 4.1 million titles and 7.7 million personalities available on the site as of January 2017. The message board, which was introduced in 2001, reportedly remains one of the most used services on the website, but despite that, the company is getting ready to shut it down, citing a desire to foster a positive environment and serve its audience the best way it can. "After in-depth discussion and examination, we have concluded that IMDb's message boards are no longer providing a positive, useful experience for the vast majority of our more than 250 million monthly users worldwide," a statement on the site reads. "The decision to retire a long-standing feature was made only after careful consideration and was based on data and traffic. Because IMDb's message boards continue to be utilized by a small but passionate community of IMDb users, we announced our decision to disable our message boards on February 3, 2017 but will leave them open for two additional weeks so that users will have ample time to archive any message board content they'd like to keep for personal use. During this two-week transition period, which concludes on February 19, 2017, IMDb message board users can exchange contact information with any other board users they would like to remain in communication with (since once we shut down the IMDb message boards, users will no longer be able to send personal messages to one another)."
Moon

Scientists Calculate the Moon To Be 4.51 Billion Years Old (go.com) 140

Scientists used rocks and soil collected by the Apollo 14 moonwalkers in 1971 to calculate the age of the moon. It turns out that it is much older than scientists suspected, coming in at 4.51 billion years old. ABC News reports: A research team reported Wednesday that the moon formed within 60 million years of the birth of the solar system. Previous estimates ranged within 100 million years, all the way out to 200 million years after the solar system's creation, not quite 4.6 billion years ago. The scientists conducted uranium-lead dating on fragments of the mineral zircon extracted from Apollo 14 lunar samples. The pieces of zircon were minuscule -- no bigger than a grain of sand. The moon was created from debris knocked off from Earth, which itself is thought to be roughly 4.54 billion years old. Some of the eight zircon samples were used in a previous study, also conducted at UCLA, that utilized more limited techniques. Melanie Barboni, lead author of the study from the University of California, Los Angeles, said she is studying more zircons from Apollo 14 samples, but doesn't expect it to change her estimate of 4.51 billion years for the moon's age, possibly 4.52 billion years at the most. The study was published today in the journal Science.
Google

Did Google.org Steal the Christmas Spirit? (theregister.co.uk) 103

Google.org gives nonprofits roughly $100 million each year. But now the Register argues that festive giving "has become a 'Googlicious' sales push." Among other things, The Register criticizes the $30 million in grant funding that Google.org gave this Christmas "to nonprofits to bring phones, tablets, hardware and training to communities that can benefit from them most," some of which utilized the crowdfunding site DonorsChoose (which tacks a fee of at least $30 fee onto every donation). "The most critical learning resources that teachers need are often exercise books, pen and paper, but incentives built into the process steer educators to request and receive Google hardware, rather than humble classroom staples," claims the Register. theodp writes: [O]ne can't help but wonder if Google.org's decision to award $18,130 to teachers at Timberland Charter Academy for Chromebooks to help make students "become 'Google'licious" while leaving another humbler $399 request from a teacher at the same school for basic school supplies -- pencils, paper, erasers, etc. -- unfunded is more aligned with Google's interests than the Christmas spirit. Google, The Register reminds readers, lowered its 2015 tax bill by $3.6 billion using the old Dutch Sandwich loophole trick, according to new regulatory filings in the Netherlands.
The article even criticizes the "Santa's Village" site at Google.org, which includes games like Code Boogie, plus a game about airport security at the North Pole. Their complaint is its "Season of Giving" game, which invites children to print out and color ornaments that represent charities -- including DonorsChoose.org. The article ends by quoting Slashdot reader theodp ("who documents the influence of Big Tech in education") as saying "Nothing says Christmas fun more than making ornaments to celebrate Google's pet causes..."
Network

Wi-Fi Alliance Begins Certification Process For Short-Range Wireless Standard WiGig (802.11ad) (cnet.com) 69

The stars have finally aligned for WiGig, an ultra-fast, short-range wireless network. The Wi-Fi Alliance has launched a certification process for WiGig products, which it claims, can go as fast as 8Gbps. The technology was first announced in 2009, and it is based on IEEE 802.11ad standard that is supported by many new products. CNET adds:That speed is good enough to replace network cables today. And tomorrow, WiGig should be good for beaming high-resolution video from your phone to your 4K TV or linking a lightweight virtual-reality headset to its control computer. VR and its cousin, augmented reality, work better when you don't have a thick cable tethering your head to a PC. New speed is especially helpful when conventional wireless networks clog up. We're all streaming video at higher resolutions, hooking up new devices like cars and security cameras to the network, and getting phones for our kids. Another complication: Phones using newer mobile data networks can barge in on the same radio airwaves that Wi-Fi uses. Saturation of regular Wi-Fi radio channels "will create a demand for new spectrum to carry this traffic," said Yaron Kahana, manager of Intel's WiGig product line. "In three years we expect WiGig to be highly utilized for data transfer." WiGig and Wi-Fi both use unlicensed radio spectrum available without government permission -- 2.4 gigahertz and 5GHz in the case of Wi-Fi. Unlicensed spectrum is great, but airwaves are already often crowded. WiGig, though, uses the 60GHz band that's unlicensed but not so busy. You will want to check for WiGig sticker in the next gear you purchase.
Books

Spanish Police Arrest Their First Ever eBook Pirate (torrentfreak.com) 48

An anonymous reader writes: Spain's Ministry of the Interior has announced the first ever arrest of an eBook pirate. The suspect is said to have uploaded more than 11,000 literary works online, many on the same day as their official release. More than 400 subsequent sites are said to have utilized his releases. The investigation began in 2015 following a complaint from the Spanish Reproduction Rights Centre (CEDRO), a non-profit association of authors and publishers of books, magazines, newspapers and sheet music. According to the Ministry, CEDRO had been tracking the suspect but were only able to identify him by an online pseudonym. However, following investigations carried out by the police, his real identity was discovered.
Television

Sharp Unveils 27-inch 8K 120Hz IGZO Monitor With HDR (monitornerds.com) 105

Sharp has unveiled a next-gen monitor that is an absolute mouthful. It measures in at 27-inches and features a 8K resolution (7,680 x 4,320), HDR (high dynamic range), and a 120Hz refresh rate. Monitornerds reports: Sharp says that the IGZO name is an acronym for the semiconductor materials used in the monitor's backplane. It is comprised of indium, gallium, zinc, and oxygen. This material can also be utilized with several types of panels such as IPS, TN, and even OLED. The IGZO technology has benefits compared to standard silicon semiconductors in which the electron mobility is 20 to 50 times higher which translates to higher frame rates. It also uses smaller transistors, which translates to higher pixel density as well as lower power consumption. The panel which is show at the Sharp exhibit is a 27-inch model with a very notable pixel density of 326ppi: double in comparison to the average 150ppi of 4K monitors. It has a stunning 33 million pixels under its belt as well as HDR technology which promises that this monitor can deliver stunning images with ease. Sharp didn't disclose a price for the television, nor did they say whether or not the unit will be mass produced. However, we can imagine the monitor will cost a pretty penny if it ever makes it to the market.
Security

Alleged Hacker Lauri Love To Be Extradited To US (bbc.com) 71

An anonymous reader quotes a report from BBC: An autistic man suspected of hacking into U.S. government computer systems is to be extradited from Britain to face trial, a court has ruled. Lauri Love, 31, who has Asperger's syndrome, is accused of hacking into the FBI, the U.S. central bank and the country's missile defense agency. Mr Love, from Stradishall, Suffolk, has previously said he feared he would die in a U.S. prison if he was extradited. Earlier, his lawyer said his alleged hacking had "embarrassed" U.S. authorities. Tor Ekeland said the U.S. government "had very, very bad security and these hacks utilized exploits that were publicly-known for months." Mr Love's lawyers said he could face up to 99 years in prison if convicted of the hacking offenses. Mr Love's defense team argues his depression and Asperger's syndrome mean he should not be sent abroad, but U.S. prosecutors say he is using his mental health issues as an excuse to escape justice.
Government

Where Does America's E-Waste End Up? GPS Tracker Tells All (pbs.org) 100

The United States produces more e-waste than any country in the world, reports PBS News Hour. But where does this e-waste go? The publication utilized the GPS coordinates in some of the e-waste to find out. Basel Action Network, a Seattle-based e-waste watchdog group partnered with MIT to put 200 geolocating tracking devices inside old computers, TVs and printers. They dropped them off nationwide at donation centers, recyclers and electronic take-back programs -- enterprises that advertise themselves as "green," "sustainable," "earth friendly" and "environmentally responsible." From the report: About a third of the tracked electronics went overseas -- some as far as 12,000 miles. That includes six of the 14 tracker-equipped electronics that e-waste watchdog group dropped off to be recycled in Washington and Oregon. The tracked electronics ended up in Mexico, Taiwan, China, Pakistan, Thailand, Dominican Republic, Canada and Kenya. Most often, they traveled across the Pacific to rural Hong Kong. You can read the report in its entirety here.
Open Source

11 Years After Git, BitKeeper Is Open-Sourced (phoronix.com) 197

An anonymous reader writes: Eleven years after Linus Torvalds developed Git after a falling out with BitKeeper for managing the Linux kernel source code, BitMover Inc has finally decided to open-source the BitKeeper VCS. The latest BitKeeper release has made the code open-source under the terms of the Apache 2.0 license. The community edition code is available from BitKeeper.org. Does BitKeeper now stand a chance against free software systems like Git and SVN?To offer some context, Larry McVoy, the CEO of BitMover -- the company that makes BitKeeper -- offered free BitKeeper licenses to various open source projects -- Linux kernel utilized it as well. However, later, Australian computer programmer Andrew Tridgell reverse engineered BitKeeper protocol in an attempt to make his own client. Torvalds didn't like this practice, and accused Tridgell of "playing dirty tricks with his proprietary source code tool of choice," and as a result, he wrote Git.
Communications

FBI Paid Professional Hackers One-Time Fee To Crack San Bernardino iPhone 149

There's another new wrinkle in the never-ending FBI vs Apple saga. The Washington Post is claiming that FBI did not require Cellebrite's assistance in hacking San Bernardino iPhone. Instead, the report claims, the government intelligence organization bought a previously unknown security bug from a group of professional hackers. According to the report, the hacker group provided FBI with at least one zero-day flaw in the iPhone 5c's security, which enabled FBI to circumvent the lockscreen and other security features. The bug hasn't been disclosed. FBI has previously noted that the technique it utilized in breaking into the iPhone 5c does not work with any new iPhone models (iPhone 5s or newer).
Earth

Behind the Scenes of NASA's Orbital ATK ISS Resupply Mission (hothardware.com) 25

Reader MojoKid sheds more light on NASA's unmanned cargo ship: The Orbital ATK CRS-6 mission that launched last week at NASA Cape Canaveral, Florida not only delivered supplies to the International Space Station (ISS), but also carried a number of research projects on NASA's Cygnus spacecraft. On board the CRS-6 were Gecko Grippers, which attempt to mimic the adhesion properties of gecko feet. Through the use of nanomaterials, Gecko Grippers can be repeatedly applied and removed from a surface without losing their adhesive properties via the use of van der Waals forces. They are also unaffected by temperature, pressure or radiation. Also in tow for the mission are supplies for the Saffire Experiment, which will be the largest man-made fire in space with data beamed back to earth so researchers can understand its properties and results. It's also impressive to see the NASA VAB (Vehicle Assembly Building), which is one of the biggest structures in the world covering 8 acres and measuring 525 ft tall, as well as the SLS Crawler, which is designed to move large spacecraft components supporting up to 18 million pounds and has been utilized for the Apollo and Space Shuttle programs.

Slashdot Top Deals