ShaunC writes: In a bug that's been christened "Cloudbleed," Cloudflare disclosed today that some of their products accidentally exposed private user information from a number of websites. Similar to 2014's Heartbleed, Cloudflare's problem involved a buffer overrun that allowed uninitialized memory contents to leak into normal web traffic. Tavis Ormandy, of Google's Project Zero, discovered the flaw last week. Affected sites include Uber, Fitbit, and OKCupid, as well as unnamed services for hotel booking and password management. Cloudflare says the bug has been fixed, and Google has purged affected pages from its search index and cache.
ShaunC writes: Amazon's Echo digital assistant is supposed to make our lives easier, but one recent incident is causing headaches for some Echo owners. In San Diego, TV news anchor Jim Patton was covering a separate story about a child who accidentally ordered a doll house using her family's Echo. Commenting on the story, Patton said "I love the little girl, saying 'Alexa ordered me a dollhouse.'" Viewers across San Diego reported that in response to the news anchor's spoken words, their own Echo devices activated and tried to order doll houses from Amazon. Amazon says that anyone whose Echo inadvertently ordered a physical item can return it at no charge.
ShaunC writes: Hours after making their debut in San Francisco, one of Uber's self-driving cars has been caught on camera running a red light while a pedestrian was in the crosswalk. The source video shows that the traffic signal was red for several seconds before the car proceeded through the crossing. A human driver is required to be in each self-driving car, ostensibly to seize control in situations the AI can't handle. In this case, it appears both the car and its attendant failed.
ShaunC writes: William Fisher, a professor of intellectual property law at Harvard, posted to YouTube a lecture titled "The Subject Matter of Copyright: Music." In discussing the complexities of music licensing and cover songs, Fisher played several short clips of music by Hendrix, Santana, and others. Sony responded by having the lecture removed from YouTube, ignoring any fair use protection in excerpting works for educational purposes. While the video was restored after public backlash, most YouTube users don't have Harvard Law School backing them up. Once again, a company has issued overreaching copyright claims with no penalty or consequence for harming an innocent party.
ShaunC writes: Soon after Comcast implemented its data caps in Tennessee, one customer began getting calls warning that he was approaching his monthly usage limit. The company's data cap meter was ticking up rapidly, even attributing 120GB of use — almost half of the monthly cap — to a period of time when he was out of the country. After months of back and forth and troubleshooting by the customer, Comcast finally admitted that a typo in a MAC address was causing another customer's usage to appear on his account. With data caps like Comcast's carrying a real financial cost in terms of overage fees, how can we trust providers to accurately track customers' bandwidth usage?
ShaunC writes: Is there a glut of qualified American tech workers, or isn't there? Some companies like Facebook and Airbnb are now actively courting and recruiting high school students as young as 13 with promises of huge stipends and salaries. As one student put it, “it’s kind of insane that you can make more than the U.S. average income in a summer,” and another who attended a Facebook-sponsored trip said he'd "forego college for a full-time job" if it were offered. Is Silicon Valley taking advantage of naive young workers?
Have you even seen an elephant penis? Because I have, and the colors align to Slashdot. The beta is so bad, Roland Piquepaille is surrendering his account (as the French do). The GNAA has reorganized to post fake job offerings on Dice.com with an emphasis on affirmative action. Profane Motherfucker has come out of retirement simply to say: "fuck this shit."
ShaunC writes: Comcast today withdrew a charitable commitment after one of the charity's Twitter messages criticized the cable giant's recent hire of the former FCC commissioner. Said a Comcast VP, "I cannot in good conscience continue to provide you with funding." Comcast has since attempted to backpedal, saying "we sincerely apologize for the unauthorized action of our employee."
ShaunC writes: The iconic Paul Allen has been diagnosed with non-Hodgkin's lymphoma, more than 25 years after he was treated for Hodgkin's disease. Allen has begun chemotherapy treatments. I would hope that we can set aside our platform wars and wish Mr. Allen the best.
Bulworth writes: Late Friday, I started seeing a noticeable delay in email traffic on a server that uses several DNSBLs for spam prevention. After some investigating, I discovered that blackholes.us seems to be suffering a DNS outage, at the very least. blackholes.us operates a number of country-level DNSBLs; the idea is that if you don't receive any legitimate email from a particular country, you can safely implement [country].blackholes.us as a DNSBL, to automatically block all inbound email from hosts in that nation. They've been a reliable DNSBL for several years without presenting any problems or delays for me, but now, not even their website is resolving. Does anyone have any information about the cause of the outage?
ShaunC writes: "In a move being criticized by Mac fans and Windows users alike, Apple's recent Windows iTunes software update also installs the Safari browser. Users who click through the update process without explicitly changing the default options will get not just the iTunes update, but also Safari, a totally separate (and unexpected) application."
ShaunC writes: A Florida high school senior recently had his home raided by a SWAT team after he made a one-word change on his school's website. Authorities spent two months investigating the "hacker," who had legitimate access and write permission on the web server.
ShaunC writes: "The PHP Group and Zend have released PHP 5.2.0, and upgrades are encouraged. The 5.2.0 update offers several security fixes, including patches for a couple recently announced buffer overflows in input parsing. This release also includes a number of library upgrades, bug fixes, and default bundling of the popular JSON extension to help with AJAX development. See the full changelog for more details."