Government

President Donald Trump and His Daughter Ivanka To Unveil a New Federal Computer Science Initiative With Major Tech Backers (recode.net) 157

From a report: President Donald Trump will issue a new directive Monday to supercharge the U.S. government's support for science, tech, engineering and mathematics, including coding education, three sources familiar with the White House's thinking told Recode. To start, Trump is set to sign a presidential memorandum at the White House later today that tasks the Department of Education to devote at least $200 million of its grant funds each year to so-called STEM fields, as the administration seeks to train workers for high-demand computer-science jobs of the future. And on Tuesday, Trump's daughter and advisor, Ivanka, is expected to head to Detroit, where she will join business leaders for an event unveiling a series of private-sector commitments -- from Amazon, Facebook, Google, GM, Quicken Loans and others -- meant to boost U.S. coding and computer-science classes and programs, the sources said.
Books

'Banned Books Week' Recognizes 2016's Most-Censored Books (and Comic Books) (newsweek.com) 150

An anonymous reader quotes Newsweek: The American Library Association's yearly Banned Books Week, held this year between Sunday September 24 and Saturday September 30, is both a celebration of freedom and a warning against censorship. Launched in 1982 in response to a sudden surge in the number of challenges to books in schools, bookstores and libraries, the event spotlights the risk of censorship still present... "While books have been and continue to be banned, part of the Banned Books Week celebration is the fact that, in a majority of cases, the books have remained available. This happens only thanks to the efforts of librarians, teachers, students, and community members who stand up and speak out for the freedom to read," the ALA stated.
"This Banned Books Week, we're asking people of all political persuasions to come together and celebrate Our Right to Read," says a coalition supporting the event. The ALA reports that half of the most frequently challenged books were in fact actually banned last year, according to the library group's Office for Intellectual Freedom (OIF), which calculates there were 17% more attempts to censor books in America in 2016. The five most-challenged books all contained LGBT characters, and the most common phrase used to complain about books is "sexually explicit," the OIF told Publisher's Weekly -- perhaps reflecting a change in targets. He believes one reason is that most challenges now are reported not for books in the library but against books in the advanced English curricula of some schools. This change also represents a shift upward in the age of the readers of the most challenged books. "We've moved from helicopter parenting, where people were hovering over their kids, to Velcro parenting," LaRue says. "There's no space at all between the hand of the parent and the head of the child. These are kids who are 16, 17; in one year they're going to be old enough to sign up for the military, get married, or vote, and their parents are still trying to protect them from content that is sexually explicit. I think that's a shift from overprotectiveness to almost suffocating."
Three of the 10 most-challenged books were graphic novels, so the Comic Book Legal Defense Fund is sharing their own list of banned and challenged comics.

Their list includes two Neil Gaiman titles, Sandman and The Graveyard Book , as well two popular Batman titles -- Frank Miller's The Dark Knight Strikes Again and Alan Moore's The Killing Joke -- plus Moore's graphic novel Watchmen, Maus by Art Spiegelman, and even Amazing Spider-Man: Revelations by J. Michael Straczynski and John Romita, Jr.
The Courts

Equifax Hit With 'Dozens' of Lawsuits from Shareholders and Consumers -- Plus a Possible Class Action (chicagotribune.com) 61

An anonymous reader quotes the Washington Post: Since it announced a massive data breach earlier this month, Equifax has been hit with dozens of lawsuits from shareholders, consumers and now one filed by a small Wisconsin credit union that represents what could be the first by a financial institution attempting to preemptively recoup losses caused by alleged fraud the hack could cause... In the lawsuit, which seeks class action status, Madison-based Summit Credit Union says that financial institutions will have to bear the cost of canceling and reissuing credit cards as well as absorbing the cost of any fraudulent charges. They will also lose "profits because their members or customers were unwilling or unable to use their credit cards following the breach," according to the lawsuit...

"For financial institutions it is important: They bear the financial responsibility for identity theft," said Summit's attorney Stacey Slaughter of the law firm Robins Kaplan. "All of the components that would allow someone to create a new identity" were exposed in the Equifax hack.

Equifax responded that they can't comment on pending litigation, according to the article, though "Equifax has said it did its best to respond to the breach and alerted consumers as quickly as it could..."

"The company's stock price has fallen 27 percent since it announced the hack September 7."
Patents

Cloudflare Pays First $7,500 Bounties In War Against Patent Troll (cloudflare.com) 34

Cloudflare declared war on a group of lawyers that files patent lawsuits against tech firms, by offering bounties for the discovery of patent-invalidating "prior art." Now an anonymous reader writes: On Thursday, Cloudflare announced it has paid out the first $7,500 to people who discovered documents that could help invalidate Blackbird's patents. The money is part of a $100,000 war chest the company announced this spring... The company said it is ready to launch individual challenges to specific Blackbird patents. The company believes it has enough examples of prior art on US Patent 7,797,448, "GPS-internet Linkage" and US Patent 6,453,335 (the one asserted against Cloudflare) to lodge a challenge.
"We have received more than 230 submissions so far," Cloudflare reports, "and have only just begun to scratch the surface."
United States

Governments Turn Tables By Suing Public Records Requesters (apnews.com) 138

schwit1 quotes the AP: Government bodies are increasingly turning the tables on citizens who seek public records that might be embarrassing or legally sensitive. Instead of granting or denying their requests, a growing number of school districts, municipalities and state agencies have filed lawsuits against people making the requests -- taxpayers, government watchdogs and journalists who must then pursue the records in court at their own expense.

The lawsuits generally ask judges to rule that the records being sought do not have to be divulged. They name the requesters as defendants but do not seek damage awards. Still, the recent trend has alarmed freedom-of-information advocates, who say it's becoming a new way for governments to hide information, delay disclosure and intimidate critics. "This practice essentially says to a records requester, 'File a request at your peril,'" said University of Kansas journalism professor Jonathan Peters, who wrote about the issue for the Columbia Journalism Review in 2015, before several more cases were filed. "These lawsuits are an absurd practice and noxious to open government."

Government

Spain's Crackdown on Catalonia Includes Internet Censorship (internetsociety.org) 336

Spain's autonomous Catalonia region wants to hold a referendum on independence next weekend. Spain's Constitutional Court insists that that vote is illegal, and has taken control of Catalonia's police force to try to stop the vote. They're deploying thousands of additional police officers and have seized nearly 10 million ballots. And now the Internet Society has gotten involved, according to an announcement shared by Slashdot reader valinor89: Measures restricting free and open access to the Internet related to the independence referendum have been reported in Catalonia. There have been reports that major telecom operators have been asked to monitor and block traffic to political websites, and following a court order, law enforcement has raided the offices of the .cat registry in Barcelona, examining a computer and arresting staff.

We are concerned by reports that this court order would require a top-level domain (TLD) operator such as .cat to begin to block "all domains that may contain any kind of information about the referendum."

Open Source

Facebook Relents, Switches React, Flow, Immuable.js and Jest To MIT License (theregister.co.uk) 50

An anonymous reader quotes the Register: Faced with growing dissatisfaction about licensing requirements for some of its open-source projects, Facebook said it will move React, Jest, Flow, and Immutable.js under the MIT license next week. "We're relicensing these projects because React is the foundation of a broad ecosystem of open source software for the web, and we don't want to hold back forward progress for nontechnical reasons," said Facebook engineering director Adam Wolff in a blog post on Friday. Wolff said while Facebook continues to believe its BSD + Patents license has benefits, "we acknowledge that we failed to decisively convince this community"... Wolff said the updated licensing scheme will arrive next week with the launch of React 16, a rewrite of the library designed for more efficient operation at scale.
Facebook was facing strong criticism from the Apache Software Foundation and last week Wordpress.com had announced plans to move away from React.

"Wolff said Facebook considered a license change for its other open-source projects, but wasn't ready to commit to anything," the Register adds. "Some projects, he said, will keep the BSD + Patents license."
Cellphones

Super-Accurate GPS Chips Coming To Smartphones In 2018 (ieee.org) 112

schwit1 writes about a new mass-market Broadcom chip designed for the next generation of smartphones: It'll know where you are to within 30 centimeters (11.8 inches), rather than five meters. At least that's the claim chip maker Broadcom is making. It says that some of its next-generation smartphone chips will use new global positioning satellite signals to boost accuracy. In a detailed report on the announcement and how the new signals work, IEEE Spectrum says that the new chips, which are expected to appear in some phones as soon as next year, will also use half the power of today's chips and even work in cities where tower blocks often interfere with existing systems. All told, it sounds like a massive change for those who rely on their phones to find their way.
Iphone

Hackers Using iCloud's Find My iPhone Feature To Remotely Lock Macs, Demand Ransom Payments (macrumors.com) 61

AmiMoJo shares a report from Mac Rumors: Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone. With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on, and that's what's going on here. Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device. The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers. Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details.
Power

Court Rules That Imported Solar Panels Are Bad For US Manufacturing (theverge.com) 349

The International Trade Commission has ruled that American companies are being hurt by cheap solar panels from overseas, providing an opportunity for President Donald Trump to tax imports from countries like China. The Verge reports: Today's unanimous decision ruled that the companies SolarWorld Americans and Suniva were struggling financially not because of their own poor management, but because they couldn't compete with cheap panels from countries like China, Mexico, and South Korea. Suniva is now suggesting import duties of 40 cents a watt for solar cells, and a floor price of 78 cents a watt for panels. (Right now, the average floor price, worldwide, for panels is about 32 cents.) The Solar Energy Industries Association warned that implementing these suggestions could end up doubling the price of solar, thus destroying demand and causing Americans to lose their jobs.
Google

Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs (bleepingcomputer.com) 105

An anonymous reader writes from a report via Bleeping Computer: The Project Zero team at Google has created a new tool for testing browser DOM engines and has unleashed it on today's top five browsers, finding most bugs in Apple's Safari. Results showed that Safari had by far the worst DOM engine, with 17 new bugs discovered after Fratric's test. Second was Edge with 6, then IE and Firefox with 4, and last was Chrome with only 2 new issues. The tests were carried out with a new fuzzing tool created by Google engineers named Domato, also open-sourced on GitHub. This is the third fuzzing tool Google creates and releases into open-source after OSS-Fuzz and syzkaller. Researchers focused on testing DOM engines for vulnerabilities because they expect them to be the next target for browser exploitation after Flash reaches end-of-life in 2020.
Privacy

Walmart Wants To Deliver Groceries Straight To Your Fridge (consumerist.com) 178

New submitter Rick Schumann writes: Walmart has a new marketing idea: "Going to the store? No one has time for that anymore," Walmart says. They want to partner with a company called August Home, who makes smart locks, so a delivery service can literally deliver groceries right into your refrigerator -- while you watch remotely on your phone. Great, time-saving idea, or super-creepy invasion of your privacy? You decide. Here's how the company says it would work:
1. Place an order on Walmart.com for groceries or other goods.
2. A driver for Deliv -- a same-day delivery service -- retrieves items when the order is ready, and brings them to the customer's home.
3. If no one answers, the delivery person can use a one-time passcode that's been pre-authorized by the customer to open the home's smart lock.
4. The customer receives a smartphone notification when the delivery is occurring, and can choose to watch it all play out in real-time on home security cameras through a dedicated app.
5. Delivery person leaves packages in the foyer, then brings the groceries to the kitchen, unloads them into the fridge, and leaves.
6. Customer receives notification that the door has locked behind them.
Security

Adobe Security Team Accidentally Posts Private PGP Key On Blog (arstechnica.com) 60

A member of Adobe's Product Security Incident Response Team (PSIRT) accidentally posted the PGP keys for PSIRT's email account -- both the public and the private keys. According to Ars Technica, "the keys have since been taken down, and a new public key has been posted in its stead." From the report: The faux pas was spotted at 1:49pm ET by security researcher Juho Nurminen. Nurminen was able to confirm that the key was associated with the psirt@adobe.com e-mail account. To be fair to Adobe, PGP security is harder than it should be. What obviously happened is that a PSIRT team member exported a text file from PSIRT's shared webmail account using Mailvelope, the Chrome and Firefox browser extension, to add to the team's blog. But instead of clicking on the "public" button, the person responsible clicked on "all" and exported both keys into a text file. Then, without realizing the error, the text file was cut/pasted directly to Adobe's PSIRT blog.
Privacy

Passwords For 540,000 Car Tracking Devices Leaked Online (thehackernews.com) 33

An anonymous reader quotes a report from The Hacker News: Login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking have leaked online, potentially exposing the personal data and vehicle details of drivers and businesses using its service. Just two days ago, Viacom was found exposing the keys to its kingdom on an unsecured Amazon S3 server, and this data breach is yet another example of storing sensitive data on a misconfigured cloud server. The Kromtech Security Center was first to discover a wide-open, public-facing misconfigured Amazon Web Server (AWS) S3 cloud storage bucket containing a cache belonging to SVR that was left publicly accessible for an unknown period. Stands for Stolen Vehicle Records, the SVR Tracking service allows its customers to track their vehicles in real time by attaching a physical tracking device to vehicles in a discreet location, so their customers can monitor and recover them in case their vehicles are stolen. The leaked cache contained details of roughly 540,000 SVR accounts, including email addresses and passwords, as well as users' vehicle data, like VIN (vehicle identification number), IMEI numbers of GPS devices. The leaked database also exposed 339 logs that contained photographs and data about vehicle status and maintenance records, along with a document with information on the 427 dealerships that use SVR's tracking services.
Red Hat Software

Red Hat Pledges Patent Protection For 99 Percent of FOSS-ware (theregister.co.uk) 65

Red Hat says it has amassed over 2,000 patents and won't enforce them if the technologies they describe are used in properly-licensed open-source software. From a report: The company has made more or less the same offer since 2002, when it first made a "Patent Promise" in order to "discourage patent aggression in free and open source software." Back then the company didn't own many patents and claimed its non-enforcement promise covered 35 per cent of open-source software. The Promise was revised in order to reflect the company's growing patent trove and to spruce up the language it uses to make it more relevant. The revised promise "applies to all software meeting the free software or open source definitions of the Free Software Foundation (FSF) or the Open Source Initiative (OSI)." [...] It's not a blank cheque. Hardware isn't covered and Red Hat is at pains to point out that "Our Promise is not an assurance that Red Hat's patents are enforceable or that practicing Red Hat's patented inventions does not infringe others' patents or other intellectual property." But the company says 99 percent of FOSS software should be covered by the Promise.
Iphone

'Dear Apple, The iPhone X and Face ID Are Orwellian and Creepy' (hackernoon.com) 438

Trent Lapinski from Hacker Noon writes an informal letter to Apple, asking "who the hell actually asked for Face ID?" and calling the iPhone X and new face-scanning security measure "Orwellian" and "creepy": For the company that famously used 1984 in its advertising to usher in a new era of personal computing, it is pretty ironic that 30+ years later they would announce technology that has the potential to eliminate global privacy. I've been waiting 10-years since the first iPhone was announced for a full-screen device that is both smaller in my hand but has a larger display and higher capacity battery. However, I do not want these features at the cost of my privacy, and the privacy of those around me. While the ease of use and user experience of Face ID is apparent, I am not questioning that, the privacy concerns are paramount in today's world of consistent security breaches. Given what we know from Wikileaks Vault7 and the CIA / NSA capabilities to hijack any iPhone, including any sensor on the phone, the very thought of handing any government a facial ID system for them to hack into is a gift the world may never be able to return. Face ID will have lasting privacy implications from 2017 moving forward, and I'm pretty sure I am not alone in not wanting to participate.

The fact of the matter is the iPhone X does not need Face ID, Apple could have easily put a Touch ID sensor on the back of the phone for authentication (who doesn't place their finger on the back of their phone?). I mean imagine how cool it would be to put your finger on the Apple logo on the back of your iPhone for Touch ID? It would have been a highly marketable product feature that is equally as effective as Face ID without the escalating Orwellian privacy implications. [...] For Face ID to work, the iPhone X actively has to scan faces looking for its owner when locked. This means anyone within a several foot range of an iPhone X will get their face scanned by other people's phones and that's just creepy.

Privacy

DC Court Rules Tracking Phones Without a Warrant Is Unconstitutional (cbsnews.com) 84

An anonymous reader writes: Law enforcement use of one tracking tool, the cell-site simulator, to track a suspect's phone without a warrant violates the Constitution, the D.C. Court of Appeals said Thursday in a landmark ruling for privacy and Fourth Amendment rights as they pertain to policing tactics. The ruling could have broad implications for law enforcement's use of cell-site simulators, which local police and federal agencies can use to mimic a cell phone tower to the phone connect to the device instead of its regular network. In a decision that reversed the decision of the Superior Court of the District of Columbia and overturned the conviction of a robbery and sexual assault suspect, the D.C. Court of Appeals determined the use of the cell-site simulator "to locate a person through his or her cellphone invades the person's actual, legitimate and reasonable expectation of privacy in his or her location information and is a search."
EU

EU Paid For Report That Said Piracy Isn't Harmful -- And Tried To Hide Findings (thenextweb.com) 160

According to Julia Reda's blog, the only Pirate in the EU Parliament, the European Commission in 2014 paid the Dutch consulting firm Ecorys 360,000 euros (about $428,000) to research the effect piracy had on sales of copyrighted content. The final report was finished in May 2015, but was never published because the report concluded that piracy isn't harmful. The Next Web reports: The 300-page report seems to suggest that there's no evidence that supports the idea that piracy has a negative effect on sales of copyrighted content (with some exceptions for recently released blockbusters). The report states: "In general, the results do not show robust statistical evidence of displacement of sales by online copyright infringements. That does not necessarily mean that piracy has no effect but only that the statistical analysis does not prove with sufficient reliability that there is an effect. An exception is the displacement of recent top films. The results show a displacement rate of 40 per cent which means that for every ten recent top films watched illegally, four fewer films are consumed legally."

On her blog, Julia Reda says that a report like this is fundamental to discussions about copyright policies -- where the general assumption is usually that piracy has a negative effect on rightsholders' revenues. She also criticizes the Commissions reluctance to publish the report and says it probably wouldn't have released it for several more years if it wasn't for the access to documents request she filed in July.
As for why the Commission hadn't published the report earlier, Reda says: "all available evidence suggests that the Commission actively chose to ignore the study except for the part that suited their agenda: In an academic article published in 2016, two European Commission officials reported a link between lost sales for blockbusters and illegal downloads of those films. They failed to disclose, however, that the study this was based on also looked at music, ebooks and games, where it found no such connection. On the contrary, in the case of video games, the study found the opposite link, indicating a positive influence of illegal game downloads on legal sales. That demonstrates that the study wasn't forgotten by the Commission altogether..."
Encryption

Distrustful US Allies Force Spy Agency To Back Down In Encryption Fight (reuters.com) 104

schwit1 shares a report from Reuters: An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies. In interviews and emails seen by Reuters, academic and industry experts from countries including Germany, Japan and Israel worried that the U.S. electronic spy agency was pushing the new techniques not because they were good encryption tools, but because it knew how to break them. The NSA has now agreed to drop all but the most powerful versions of the techniques -- those least likely to be vulnerable to hacks -- to address the concerns.
Security

Security Researchers Warn that Third-Party GO Keyboard App is Spying on Millions of Android Users (betanews.com) 65

An anonymous reader shares a report: Security researchers from Adguard have issued a warning that the popular GO Keyboard app is spying on users. Produced by Chinese developers GOMO Dev Team, GO Keyboard was found to be transmitting personal information about users back to remote servers, as well as "using a prohibited technique to download dangerous executable code." Adguard made the discovery while conducting research into the traffic consumption and unwanted behavior of various Android keyboards. The AdGuard for Android app makes it possible to see exactly what traffic an app is generating, and it showed that GO Keyboard was making worrying connections, making use of trackers, and sharing personal information. Adguard notes that there are two versions of the keyboard in Google Play which it claims have more than 200 million users in total.

Slashdot Top Deals