Earth

Reid Hoffman, Bill Gates, Others Ante Up Another $30 Million To Change.org the World (fortune.com) 3

theodp writes: Fortune reports that LinkedIn co-founder Reid Hoffman is "leading a $30 million funding round in Change.org, a for-profit petition and fundraising website focused on social and political change." Joining Hoffman in this round, as well as an earlier $25 million round in 2014, is Bill Gates. Change.org, Hoffman explained in a Friday LinkedIn post, "helps enable a world where you don't need to hire a lobbyist to have real impact on the issues and policies that matter to you." He added, "In its decade of existence, Change.org petitions have resulted in more than 21,000 victories, i.e., instances in which a government agency, corporation, or other entity has changed a regulation or a policy in the face of a Change.org petition urging it to do so." Last year, Hoffman joined Gates and some of the biggest names in tech and corporate America who threw their weight behind a Change.org petition that tried to get Congress to fund K-12 Computer Science education. The Change.org petition fell short of its 150,000-signature goal despite claims of support from 90% of the parents of the nation's 58 million K-12 schoolchildren (based on a Google-funded survey of 1,685 parents), widespread press coverage (including a full-page ad in petition signer Jeff Bezos's Washington Post), lobbying efforts by the tech coalition that organized the petition (which counts LinkedIn and Microsoft among its members), and even some free PR from Change.org.
Bug

Wormable Code-Execution Bug Lurked In Samba For 7 Years (arstechnica.com) 19

Long-time Slashdot reader williamyf was the first to share news of "a wormable bug [that] has remained undetected for seven years in Samba verions 3.5.0 onwards." Ars Technica reports: Researchers with security firm Rapid7...said they detected 110,000 devices exposed on the internet that appeared to run vulnerable versions of Samba. 92,500 of them appeared to run unsupported versions of Samba for which no patch was available... Those who are unable to patch immediately can work around the vulnerability by adding the line nt pipe support = no to their Samba configuration file and restart the network's SMB daemon. The change will prevent clients from fully accessing some network computers and may disable some expected functions for connected Windows machines.
The U.S. Department of Homeland Security's CERT group issued an anouncement urging sys-admins to update their systems, though SC Magazine cites a security researcher arguing this attack surface is much smaller than that of the Wannacry ransomware, partly because Samba is just "not as common as Windows architectures." But the original submission also points out that while the patch came in fast, "the 'Many eyes' took seven years to 'make the bug shallow'."
Space

New Zealand Joins Space Race With Successful Launch Of Lightweight 'Electron' Rocket (nzherald.co.nz) 20

"Rocket Lab: We have lift-off!" wrote long-time Slashdot reader ClarkMills on Wednesday. "History made as Electron launches successfully from Mahia." The New Zealand Herald reports: Rocket Lab engineers have started analyzing data from yesterday's historic launch from the Mahia Peninsula that took the company to space but not able to complete its orbital mission. Lift-off at 4.20 pm was the first orbital-class rocket launched from a private launch site in the world. New Zealand became the 11th country with potential to launch cargo into space, joining superpowers and tech heavyweights. The Government hailed the lift-off as a major milestone for the country's space industry...

"We didn't quite reach orbit and we'll be investigating why, however reaching space in our first test puts us in an incredibly strong position to accelerate the commercial phase of our program," said founder and chief executive Peter Beck.

Beck added they'd developed their rocket "from scratch" in under four years, and the company's official Twitter feed is now proudly tweeting photos and videos from the launch.
Government

Investigation Demanded Over Fake FCC Comments Submitted By Dead People (bbc.com) 57

An anonymous reader writes: Fight for the Future has found another issue with the fake comments submitted to the FCC opposing net neutrality. "The campaign group says that some of the comments were posted using the names and details of dead people," according to the BBC. The exact same comment was also submitted more than 7,000 times using addresses in Colorado, where a reporter discovered that contacting the people at those addresses drew reactions which included "I have never seen this before in my life" and "No, I did not post this comment. In fact, I disagree with this comment." Fight for the Future also knocked on doors in Tampa, Florida, where the few people who answered "were shocked to hear that their name and address were publicly listed alongside a political message they did not necessarily understand or agree with." An alleged commenter in Montana told a reporter she didn't even know what net neutrality was.

14 people have already signed Fight for the Future's official complaint to the FCC, which calls for notification of all people affected, an investigation, and the immediate removal of all fake comments from the public docket. "Based on numerous media reports, nearly half a million Americans may have been impacted by whoever impersonated us," states the letter, "in a dishonest and deceitful campaign to manufacture false support for your plan to repeal net neutrality protections."

Fight for the Future says they've already verified "dozens" of instance of real people discovering a fake comment was submitted in their name -- and that in addition, more than 2,400 people have already used their site to contact their state Attorneys General demanding an investigation. They note the FCC has taken no steps to remove the fake comments from its docket, "risking the safety and privacy of potentially hundreds of thousands of people," while a campaign director at Fight for the Future added, "For the FCC's process to have any legitimacy, they simply cannot move forward until an investigation has been conducted."
Google

Accused of Underpaying Women, Google Says It's Too Expensive To Get Wage Data (theguardian.com) 165

An anonymous reader quotes a report from The Guardian: Google argued that it was too financially burdensome and logistically challenging to compile and hand over salary records that the government has requested, sparking a strong rebuke from the U.S. Department of Labor (DoL), which has accused the Silicon Valley firm of underpaying women. Google officials testified in federal court on Friday that it would have to spend up to 500 hours of work and $100,000 to comply with investigators' ongoing demands for wage data that the DoL believes will help explain why the technology corporation appears to be systematically discriminating against women. Noting Google's nearly $28 billion annual income as one of the most profitable companies in the U.S., DoL attorney Ian Eliasoph scoffed at the company's defense, saying, "Google would be able to absorb the cost as easy as a dry kitchen sponge could absorb a single drop of water."
Amiga

A New Amiga Arrives On the Scene -- the A-EON Amiga X5000 (arstechnica.com) 67

dryriver writes: It is 2017 and the long dead Amiga platform has suddenly been resurrected. The new Amiga X5000 costs about $1,800 and is an exotic mix of PC parts and completely new custom chips, including "Xena," an XMOS 16-core programmable 32-bit 500 MHz coprocessor that can be configured by software to act as any type of custom chip imaginable. It is connected to a special "Xorro" slot that has the same physical connection as a PCIe x8 expansion card, but it is dedicated to adding more Xena chips as desired. Amiga X5000 can run all legacy Amiga software, including software written for later PowerPC Amigas. It boots from a U-Boot BIOS. The OS is AmigaOS 4.1, but the X5000 can also boot into MorphOS or Linux. The test system used by Ars came with a ATI Radeon R9 270X video card.
Republicans

Hackers Have Targetted Both the Trump Organization And Democrat Election Data (arstechnica.com) 158

An anonymous reader writes: Two recent news stories give new prominence to politically-motivated data breaches. Friday the Wall Street Journal reported that last year Guccifer 2.0 sent 2.5 gigabytes of Democratic Congressional Campaign Committee election data to a Republican operative in Florida, including their critical voter turnout projections. At the same time ABC News is reporting that the FBI is investigating "an attempted overseas cyberattack against the Trump Organization," adding that such an attack would make his network a high priority for government monitoring.

"In the course of its investigation," they add, "the FBI could get access to the Trump Organization's computer network, meaning FBI agents could possibly find records connected to other investigations." A senior FBI official (now retired) concedes to ABC that "There could be stuff in there that they [the Trump organization] do not want to become part of a separate criminal investigation."

It seems like everyone's talking about the privacy of their communications. Tonight the Washington Post writes that Trump's son-in-law/senior advisor Jared Kushner "discussed the possibility of setting up a secret and secure communications channel between Trump's transition team and the Kremlin, using Russian diplomatic facilities in an apparent move to shield their pre-inauguration discussions from monitoring, according to U.S. officials briefed on intelligence reports." And Friday Hillary Clinton was even quoted as saying, "I would have won had I not been subjected to the unprecedented attacks by Comey and the Russians..."
Earth

A Third of the Nation's Honeybee Colonies Died Last Year (usatoday.com) 94

A third of the honeybees in the United States were lost over the last year, part of a decade-long die-off experts said may threaten our food supply. USA Today reports: The annual survey of roughly 5,000 beekeepers showed the 33% dip from April 2016 to April 2017. The decrease is small compared to the survey's previous 10 years, when the decrease hovered at roughly 40%. From 2012 to 2013, nearly half of the nation's colonies died. The death of a colony doesn't necessarily mean a loss of bees, explains vanEngelsdorp, a project director at the Bee Informed Partnership. A beekeeper can salvage a dead colony, but doing so comes at labor and productivity costs. That causes beekeepers to charge farmers more for pollinating crops and creates a scarcity of bees available for pollination. It's a trend that threatens beekeepers trying to make a living and could lead to a drop-off in fruits and nuts reliant on pollination, vanEngelsdor said. So what's killing the honeybees? Parasites, diseases, poor nutrition, and pesticides among many others. The chief killer is the varroa mite, a "lethal parasite," which researchers said spreads among colonies.
Displays

UCF Research Could Bring 'Drastically' Higher Resolution To Your Phone and TV (ucf.edu) 79

New submitter cinemetek quotes a report from University of Central Florida: Researchers at the University of Central Florida have developed a new color changing surface tunable through electrical voltage that could lead to three times the resolution for televisions, smartphones and other devices. Current LCD's are made up of hundreds of thousands of pixels that display different colors. With current technology, each of these pixels contain three subpixels -- one red, one green, one blue. UCF's NanoScience Technology Center (Assistant Professor Debashis Chanda and physics doctoral student Daniel Franklin) have come up with a way to tune the color of these subpixels. By applying differing voltages, they are able to change the color of individual subpixels to red, green or blue -- the RGB scale -- or gradations in between. By eliminating the three static subpixels that currently make up every pixel, the size of individual pixels can be reduced by three. Three times as many pixels means three times the resolution. That would have major implications for not only TVs and other general displays, but augmented reality and virtual-reality headsets that need very high resolution because they're so close to the eye.
Encryption

10 Years Later: FileZilla Adds Support For Master Password That Encrypts Your Logins (bleepingcomputer.com) 64

An anonymous reader writes: "Following years of criticism and user requests, the FileZilla FTP client is finally adding support for a master password that will act as a key for storing FTP login credentials in an encrypted format," reports BleepingComputer. "This feature is scheduled to arrive in FileZilla 3.26.0, but you can use it now if you download the 3.26.0 (unstable) release candidate from here." By encrypting its saved FTP logins, FileZilla will finally thwart malware that scrapes the sitemanager.xml file and steals FTP credentials, which were previously stolen in plain text. The move is extremely surprising, at least for the FileZilla user base. Users have been requesting this feature for a decade, since 2007, and they have asked it many and many times since then. All their requests have fallen on deaf ears and met with refusal from FileZilla maintainer, Tim Kosse. In November 2016, a user frustrated with Koose's stance forked the FileZilla FTP client and added support for a master password via a spin-off app called FileZilla Secure.
Facebook

Facebook Bans Sale of Piracy-Enabling Set-Top Boxes 53

Lirodon quotes a report from Variety: Facebook has joined the fight against illegal video-streaming devices. The social behemoth recently added a new category to products it prohibits users to sell under its commerce policy: Products or items that "facilitate or encourage unauthorized access to digital media." The change in Facebook's policy, previously reported by The Drum, appears primarily aimed at blocking the sale of Kodi-based devices loaded with software that allows unauthorized, free access to piracy-streaming services. Kodi is free, open-source media player software. The app has grown popular among pirates, who modify the code with third-party add-ons for illegal streaming. Even with the ban officially in place, numerous "jail-broken" Kodi-enabled devices remain listed in Facebook's Marketplace section, indicating that the company has yet to fully enforce the new ban. A Facebook rep confirmed the policy went into effect earlier this month. In addition, the company updated its advertising policy to explicitly ban ads for illegal streaming services and devices.
Bug

Two Different Studies Find Thousands of Bugs In Pacemakers, Insulin Pumps and Other Medical Devices 45

Two studies are warning of thousands of vulnerabilities found in pacemakers, insulin pumps and other medical devices. "One study solely on pacemakers found more than 8,000 known vulnerabilities in code inside the cardiac devices," reports BBC. "The other study of the broader device market found only 17% of manufacturers had taken steps to secure gadgets." From the report: The report on pacemakers looked at a range of implantable devices from four manufacturers as well as the "ecosystem" of other equipment used to monitor and manage them. Researcher Billy Rios and Dr Jonathan Butts from security company Whitescope said their study showed the "serious challenges" pacemaker manufacturers faced in trying to keep devices patched and free from bugs that attackers could exploit. They found that few of the manufacturers encrypted or otherwise protected data on a device or when it was being transferred to monitoring systems. Also, none was protected with the most basic login name and password systems or checked that devices they were connecting to were authentic. Often, wrote Mr Rios, the small size and low computing power of internal devices made it hard to apply security standards that helped keep other devices safe. In a longer paper, the pair said device makers had work to do more to "protect against potential system compromises that may have implications to patient care." The separate study that quizzed manufacturers, hospitals and health organizations about the equipment they used when treating patients found that 80% said devices were hard to secure. Bugs in code, lack of knowledge about how to write secure code and time pressures made many devices vulnerable to attack, suggested the study.
AI

Apple Is Working On a Dedicated Chip To Power AI On Devices (bloomberg.com) 44

According to Bloomberg, Apple is working on a processor devoted specifically to AI-related tasks. "The chip, known internally as the Apple Neural Engine, would improve the way the company's devices handle tasks that would otherwise require human intelligence -- such as facial recognition and speech recognition," reports Bloomberg, citing a person familiar with the matter. From the report: Engineers at Apple are racing to catch their peers at Amazon.com Inc. and Alphabet Inc. in the booming field of artificial intelligence. While Siri gave Apple an early advantage in voice-recognition, competitors have since been more aggressive in deploying AI across their product lines, including Amazon's Echo and Google's Home digital assistants. An AI-enabled processor would help Cupertino, California-based Apple integrate more advanced capabilities into devices, particularly cars that drive themselves and gadgets that run augmented reality, the technology that superimposes graphics and other information onto a person's view of the world. Apple devices currently handle complex artificial intelligence processes with two different chips: the main processor and the graphics chip. The new chip would let Apple offload those tasks onto a dedicated module designed specifically for demanding artificial intelligence processing, allowing Apple to improve battery performance.
Security

Chipotle Says 'Most' of Its Restaurants Were Infected With Credit Card Stealing Malware (theverge.com) 108

Earlier this year, Chipotle announced that the their payment processing system was hacked. Today, the company has released more information about the hack, identifying the malware that was responsible and releasing a new tool to help customers check whether the restaurant they visited was involved. The company did not say how many restaurants were affected, but it did tell The Verge that "most" locations nationwide may have been involved. The Verge reports: "The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device," Chipotle said in a statement. "There is no indication that other customer information was affected." We browsed through the tool and found that every state Chipotle operates in had restaurants that were breached, including most major cities. The restaurants were vulnerable in various time frames between March 24th and April 18th, 2017. Chipotle also operates another chain called Pizzeria Locale, which was affected by the hack as well. (The list of identified restaurants can be found here, which includes locations in Kansas, Missouri, Colorado, and Ohio.) Chipotle noted that not all locations have been identified, but it's a starting guide to check whether your visit lines up with the breached period.
Businesses

Comcast Customer Satisfaction Drops 6% After TV Price Hikes, ACSI Says (arstechnica.com) 49

An anonymous reader quotes a report from Ars Technica: Comcast's customer satisfaction score for subscription TV service fell 6 percent in a new survey, putting the company near the bottom of rankings published by the American Customer Satisfaction Index (ACSI). Comcast's score fell from 62 to 58 on ACSI's 100-point scale, a drop of more than 6 percent between 2016 and 2017. The ACSI's 2017 report on telecommunications released this week attributed the decrease to "price hikes for Xfinity (Comcast) subscriptions." Satisfaction with pay-TV providers dropped industry-wide, tying the segment with Internet service (a product offered by the same companies) for last place in the ACSI's rankings. The ACSI summarized the trend as follows: "Customer satisfaction with subscription television service slips 1.5 percent to 64, tied with Internet service providers for last place among 43 industries tracked by the ACSI. Many of the same large companies offer service for Internet, television, and voice via bundling. The threat of competition from streaming services has done little to spur improvement for pay TV. Customer service remains poor, and cord-cutting continues to accelerate. More than half a million subscribers defected from cable and satellite TV providers during the first quarter of 2017 -- the largest loss in the history of the industry. Customers still prefer fiber optic and satellite to cable, putting FiOS (Verizon Communications) in first place with a 1 percent uptick to 71. AT&T takes the next two spots with its fiber optic and satellite services."

Slashdot Top Deals