Submission + - Firefox Users Spooked by Mysterious Add-On

Dutch Gun writes: Some Firefox users were recently spooked by the sudden appearance of an add-on named Looking Glass, with a mysterious description of MY REALITY IS JUST DIFFERENT THAN YOURS. As it turns out, the add-on is an "experiment" from Mozilla's Shield group, but there was no way to identify it as such via normal UI methods, except for a single mozilla.com e-mail at the end of a list of contributors.

While the plug-in is benign in nature, the concern it caused users due to its opaque name and description has sparked a small furor on Reddit, apparently prompting some to turn off Telemetry and Experiments even among those who had willingly enabled them previously.

Perhaps this Shield study was actually attempting to find out how users would react to a random, vaguely-threatening-sounding add-on suddenly appearing in their browser without any user intervention?

Submission + - Washington will keep net neutrality in state (spokesman.com)

Trax3001BBS writes: if FCC won’t for the nation, Inslee says

"OLYMPIA – Washington will enforce its own version of net neutrality if the Federal Communications Commission votes Thursday to change national rules, Gov. Jay Inslee said Wednesday.

Standing with a bipartisan group of lawmakers, tech executives and state Attorney General Bob Ferguson, Inslee said internet service providers that restrict access, block content or charge varying rates to different customers could find themselves facing sanctions from the state.

“There are some things worth fighting for,” Inslee said. “This is a free-speech issue as well as a business development issue.”"

Yep, my State is fighting back...

Submission + - Microsoft releases preview of OpenSSH server and client for Windows 10 (servethehome.com)

kriston writes: Microsoft released a preview of the OpenSSH server and client for Windows 10. Go to Settings, Apps & Features, and click "Manage optional features" to install them.

The software only supports AES-CTR and chacha20 ciphers and supports a tiny subset of keys and KEXs, but, on the other hand, a decent set of MACs.

It also says that it doesn't use the OpenSSL library. That's the really big news, here.

I understand leaving out arcfour/RC4 and IDEA, but why wouldn't MSFT include Blowfish, Twofish, CAST, and 3DES? At least they chose the CTR versions of these ciphers. (Blowfish isn't compromised in any practical way, by the way). I prefer faster and less memory- and CPU-intensive ciphers.

Still, it's a good start. The SSH server is compelling enough to check out especially since I just started using X2GO for remote desktop access which requires an SSH server for its file sharing feature.

Security

Author of BrickerBot Malware Retires, Says He Bricked 10 Million IoT Devices (bleepingcomputer.com) 39

An anonymous reader writes: The author of BrickerBot -- the malware that bricks IoT devices -- has announced his retirement in an email to Bleeping Computer, also claiming to have bricked over 10 million devices since he started the "Internet Chemotherapy" project in November 2016. Similar to the authors of the Mirai malware, the BrickerBot developer dumped his malware's source code online, allowing other crooks to profit from his code. The code is said to contain at least one zero-day. In a farewell message left on hundreds of hacked routers, the BrickerBot author also published a list of incidents (ISP downtimes) he caused, while also admitting he is likely to have drawn the attention of law enforcement agencies. "There's also only so long that I can keep doing something like this before the government types are able to correlate my likely network routes (I have already been active for far too long to remain safe). For a while now my worst-case scenario hasn't been going to jail, but simply vanishing in the middle of the night as soon as some unpleasant government figures out who I am," the hacker said.
Cloud

Trump Administration Calls For Government IT To Adopt Cloud Services (reuters.com) 74

According to Reuters, The White House said Wednesday the U.S. government needs a major overhaul of information technology systems and should take steps to better protect data and accelerate efforts to use cloud-based technology. The report outlined a timeline over the next year for IT reforms and a detailed implementation plan. One unnamed cloud-based email provider has agreed to assist in keeping track of government spending on cloud-based email migration. From the report: The report said the federal government must eliminate barriers to using commercial cloud-based technology. "Federal agencies must consolidate their IT investments and place more trust in services and infrastructure operated by others," the report found. Government agencies often pay dramatically different prices for the same IT item, the report said, sometimes three or four times as much. A 2016 U.S. Government Accountability Office report estimated the U.S. government spends more than $80 billion on IT annually but said spending has fallen by $7.3 billion since 2010. In 2015, there were at least 7,000 separate IT investments by the U.S. government. The $80 billion figure does not include Defense Department classified IT systems and 58 independent executive branch agencies, including the Central Intelligence Agency. The GAO report found some agencies are using systems that have components that are at least 50 years old.
Open Source

Avast Launches Open-Source Decompiler For Machine Code (techspot.com) 48

Greg Synek reports via TechSpot: To help with the reverse engineering of malware, Avast has released an open-source version of its machine-code decompiler, RetDec, that has been under development for over seven years. RetDec supports a variety of architectures aside from those used on traditional desktops including ARM, PIC32, PowerPC and MIPS. As Internet of Things devices proliferate throughout our homes and inside private businesses, being able to effectively analyze the code running on all of these new devices becomes a necessity to ensure security. In addition to the open-source version found on GitHub, RetDec is also being provided as a web service.

Simply upload a supported executable or machine code and get a reasonably rebuilt version of the source code. It is not possible to retrieve the exact original code of any executable compiled to machine code but obtaining a working or almost working copy of equivalent code can greatly expedite the reverse engineering of software. For any curious developers out there, a REST API is also provided to allow third-party applications to use the decompilation service. A plugin for IDA disassembler is also available for those experienced with decompiling software.

Software

T-Mobile Is Becoming a Cable Company (engadget.com) 63

T-Mobile has revealed that it's launching a TV service in 2018, and that is has acquired Layer3 TV (a company that integrates TV, streaming and social networking) to make this happen. The company thinks people are ditching cable due to the providers, not TV itself. Engadget reports: It claims that it can "uncarrier" TV the way it did with wireless service, and has already targeted a few areas it thinks it can fix: it doesn't like the years-long contracts, bloated bundles, outdated tech and poor customer service that are staples of TV service in the U.S. T-Mobile hasn't gone into detail about the functionality of the service yet. How will it be delivered? How much will it cost? Where will it be available? And will this affect the company's free Netflix offer? This is more a declaration of intent than a concrete roadmap, so it's far from certain that the company will live up to its promises. Ultimately, the move represents a big bet on T-Mobile's part: that people like TV and are cutting the cord based on a disdain for the companies, not the service. There's a degree of truth to that when many Americans are all too familiar with paying ever-increasing rates to get hundreds of channels they don't watch. However, there's no guarantee that it'll work in an era when many people (particularly younger people) are more likely to use Netflix, YouTube or a streaming TV service like Sling TV.
Robotics

Robots Are Being Used To Shoo Away Homeless People In San Francisco (qz.com) 188

An anonymous reader quotes a report from Quartz: San Francisco's Society for the Prevention of Cruelty to Animals (SPCA) has been ordered by the city to stop using a robot to patrol the sidewalks outside its office, the San Francisco Business Times reported Dec. 8. The robot, produced by Silicon Valley startup Knightscope, was used to ensure that homeless people didn't set up camps outside of the nonprofit's office. It autonomously patrols a set area using a combination of Lidar and other sensors, and can alert security services of potentially criminal activity.

In a particularly dystopian move, it seems that the San Francisco SPCA adorned the robot it was renting with stickers of cute kittens and puppies, according to Business Insider, as it was used to shoo away the homeless from near its office. San Francisco recently voted to cut down on the number of robots that roam the streets of the city, which has seen an influx of small delivery robots in recent years. The city said it would issue the SPCA a fine of $1,000 per day for illegally operating on a public right-of-way if it continued to use the security robot outside its premises, the San Francisco Business Times said.

AT&T

AT&T Begins Testing High-Speed Internet Over Power Lines (reuters.com) 86

AT&T has started trials to deliver high-speed internet over power lines. The company announced the news on Wednesday and said that trials have started in Georgia state and a non-U.S. location. Reuters reports: AT&T aims to eventually deliver speeds faster than the 1 gigabit per second consumers can currently get through fiber internet service using high-frequency airwaves that travel along power lines. While the Georgia trial is in a rural area, the service could potentially be deployed in suburbs and cities, the company said in a statement. AT&T said it had no timeline for commercial deployment and that it would look to expand trials as it develops the technology.

"We think this product is eventually one that could actually serve anywhere near a power line," said Marachel Knight, AT&T's senior vice president of wireless network architecture and design, in an interview. She added that AT&T chose an international trial location in part because the market opportunity extends beyond the United States.

Submission + - Solar + Storage incroaching on natural gas in energy production (electrek.co)

Socguy writes: The relentless downward march in cost of both solar + battery storage is poised to displace 10GW worth of natural gas peaker plant electricity production in the USA by 2027. Already we are seeing the net cost of combined solar + batteries cheaper than the equivalent natural gas peaker plant. Some particularly aggressive estimates from major energy companies predict that we may not see another natural gas peaker plant built in the USA after 2020. GE has already responded to the weakness in the gas turbine market by laying off 12,000 workers.
The Almighty Buck

Patreon Scraps New Service Fee, Apologizes To Users (theverge.com) 37

Patreon has decided to halt its plans to add a service fee to patrons' pledges, a proposed update that angered many users. "We're going to press pause," CEO Jack Conte tells The Verge. "Folks have been adamant about the problems with the new system, and so basically, we have to solve those problems first." The company plans to work with creators on a plan that will solve issues with the current payment system, but won't create major new problems in their stead. From the report: Conte published a blog post laying out the core problems, alongside an apology. "Many of you lost patrons, and you lost income. No apology will make up for that, but nevertheless, I'm sorry," it reads. "We recognize that we need to be better at involving you more deeply and earlier in these kinds of decisions and product changes. Additionally, we need to give you a more flexible product and platform to allow you to own the way you run your memberships. I know it will take a long time for us to earn back your trust. But we are utterly devoted to your success and to getting you sustainable, reliable income for being a creator."

Conte says that any new system will need to take the popularity of small pledges into account, and preserve the benefits of aggregation. It will also need to give artists more autonomy, rather than announcing a sweeping overall change directly to users. "The overwhelming sentiment was that we overstepped our bounds" with the non-negotiable fee, he says. "I agree, we messed that up. We put ourselves between the creator and their fans and we basically told them how to run their business, and that's not okay." Webcomic creator Jeph Jacques previously quoted Conte as saying Patreon "absolutely fucked up that rollout."

Submission + - Author of BrickerBot Malware Retires. Says He Bricked 10 Million IoT Devices (bleepingcomputer.com)

An anonymous reader writes: The author of BrickerBot, the malware that bricks IoT devices, has announced his retirement in an email to Bleeping Computer, also claiming to have bricked over 10 million devices since he started the "Internet Chemotherapy" project in November 2016. Similar to the authors of the Mirai malware, the BrickerBot developer dumped his malware's source code online, allowing other crooks to profit from his code. The code is said to contain at least one zero-day.

In a farewell message left on hundreds of hacked routers, the BrickerBot author also published a list of incidents (ISP downtimes) he caused, while also admitting he is likely to have drawn the attention of law enforcement agencies.

"There's also only so long that I can keep doing something like this before the government types are able to correlate my likely network routes (I have already been active for far too long to remain safe). For a while now my worst-case scenario hasn't been going to jail, but simply vanishing in the middle of the night as soon as some unpleasant government figures out who I am," the hacker said.

AI

Google To Open AI Center In China Despite Search Ban (bbc.com) 32

An anonymous reader quotes a report from BBC: Google is deepening its push into artificial intelligence (AI) by opening a research center in China, even though its search services remain blocked in the country. Google said the facility would be the first its kind in Asia and would aim to employ local talent. In a blog post on the company's website, Google said the new research center was an important part of its mission as an "AI first company." "Whether a breakthrough occurs in Silicon Valley, Beijing or anywhere else, [AI] has the potential to make everyone's life better for the entire world," said Fei-Fei Li, chief scientist at Google Cloud AI and Machine Learning. The research center, which joins similar facilities in London, New York, Toronto and Zurich, will be run by a small team from its existing office in Beijing. The tech giant operates two offices in China, with roughly half of its 600 employees working on global products, company spokesperson Taj Meadows told the AFP news agency. But Google's search engine and a number of other services are banned in China. The country has imposed increasingly strict rules on foreign companies over the past year, including new censorship restrictions.

Submission + - Patreon rolls back planned fee changes (patreon.com)

An anonymous reader writes: Recently Patreon announced changing their fee structure to make donors cover payment-processing fees. https://tech.slashdot.org/stor... Responding to the huge pushback from users over the planned changes, they have rolled them back and apologized.

Dear creators, From the bottom of our hearts, we’re truly sorry. Last week’s service fee announcement caused a tough week for you, your patrons, and your teams. We were trying to solve a problem for creators and, in turn, caused more problems for you and your patrons. You’ve spoken loud and clear. We’re not going to rollout the changes to our payments system that we announced last week, and are currently assessing other options. Our CEO & co-founder, Jack, explains more here:

https://blog.patreon.com/not-r...

Slashdot Top Deals