Tim Berners-Lee, the creator of the World Wide Web, is officially launching his plan to "fix" the internet. From a report: The World Wide Web Foundation, a non-profit campaign group set up by Berners-Lee, has secured the backing of tech giants Facebook, Google and Microsoft for the scheme, dubbed the "contract for the web." The British computer scientist first outlined his vision to overhaul organizations' approach to the internet at the Web Summit event last year. At the time, he said the web was "at a tipping point." The contract calls on companies to respect consumers' data privacy and urges governments to ensure everyone has access to the internet. "Never before has the web's power for good been more under threat," Adrian Lovett, CEO of the World Wide Web Foundation, told CNBC in an interview Friday. He added that the rise of hateful content and fake news being propagated online meant something had to change. "We're launching the contract for the web for the world's first-ever global action plan to protect the web as a force for good, bringing together companies, governments and citizens from around the world to say these are the things that need to be done to put things back on the right track."

Other organizations backing the contract include DuckDuckGo, Reddit, GitHub and Reporters Without Borders. One major component of the pledge is the requirement that the web remains an accessible tool for all users. Lovett said that, "despite the progress we've seen in getting the world connected, half the world doesn't have access." He said the contract comes with nine core principles, while underneath them is a total of 76 clauses. "Not every organization has to abide by all of them," he insisted. "A good number of those 76 will be relevant." Berners-Lee will deliver a speech in Berlin, Germany, on Monday where he is due to say the contract will serve as a blueprint for governments, companies and citizens to safeguard the web as a force for good. The World Wide Web Foundation says it is working with partners to develop tools that can measure progress on the contract's various clauses.

Google announced today that it is willing to dish out bug bounty cash rewards of up to $1.5 million if security researchers find and report bugs in the Android operating system that can also compromise its new Titan M security chip. From a report: Launched last year, the Titan M chip is currently part of Google Pixel 3 and Pixel 4 devices. It's a separate chip that's included in both phones and is dedicated solely to processing sensitive data and processes, like Verified Boot, on-device disk encryption, lock screen protections, secure transactions, and more. Google says that if researchers manage to find "a full chain remote code execution exploit with persistence" that also compromises data protected by Titan M, they are willing to pay up to $1 million to the bug hunter who finds it. If the exploit chain works against a preview version of the Android OS, the reward can go up to $1.5 million.

"After years of countless reviews, discussions, and code rewrites, Linus Torvalds approved on Saturday a new security feature for the Linux kernel, named 'lockdown'," reports ZDNet: The new feature will ship as a LSM (Linux Security Module) in the soon-to-be-released Linux kernel 5.4 branch, where it will be turned off by default; usage being optional due to the risk of breaking existing systems. The new feature's primary function will be to strengthen the divide between userland processes and kernel code by preventing even the root account from interacting with kernel code -- something that it's been able to do, by design, until now.

When enabled, the new "lockdown" feature will restrict some kernel functionality, even for the root user, making it harder for compromised root accounts to compromise the rest of the OS... "When enabled, various pieces of kernel functionality are restricted," said Linus Torvalds, Linux kernel creator, and the one who put the final stamp of approval on the module yesterday. This includes restricting access to kernel features that may allow arbitrary code execution via code supplied by userland processes; blocking processes from writing or reading /dev/mem and /dev/kmem memory; block access to opening /dev/port to prevent raw port access; enforcing kernel module signatures; and many more others, detailed here.

Samsung has been one of the only large smartphone manufacturers to insist on keeping the headphone jack in its flagship phones. But that is about to come to an end with the Galaxy Note 10. According to photos published by the FCC, showing both the bottom and top of the phone, there's no headphone jack in sight. The Verge reports: The FCC seems to have briefly shared these images by mistake. Samsung followed the usual protocols in requesting confidentiality for external photos of the Note 10 test device, and yet here we are. Whoops. There are two different models at the FCC, but neither includes 5G. So as with the S10 series, Samsung will likely produce a standalone 5G model. Aside from the headphone jack being a goner -- renders of the phone had already suggested this was coming -- we get a look at the triple-camera system on the back. There's another sensor positioned under the flash, which could be the same 3D time-of-flight depth sensor that Samsung included in the Galaxy S10 5G. The Note is usually where the company throws in everything it can, so it makes sense for it to carry over everything from the top-tier S10 model. The center-aligned front camera cutout is also faintly visible in one shot. Samsung is expected to formally announce the Note 7 at an August 7th Unpacked event in Brooklyn, New York.

Samsung on Tuesday announced the launch of two new chips that it says will support secure, fast-charging USB-C power delivery controllers. "One of them, the SE8A, is what the company calls the industry's first solution that combines a power delivery controller and Secure Element in a single chip, offering new protections like security key storage," reports BGR. "Another result of the development of these new power delivery controllers is that Samsung's power chargers will now be able to support up to a 100W capacity: A 10x improvement over the 10W of a general smartphone charger." From the report: Samsung said the MM101 supports a symmetric encryption algorithm called the Advanced Encryption Standard that enables product authentication and includes moisture sensing capabilities to ensure safer charging conditions. The SE8A supports USB Type-C Authentication, the certificate-based authentication program for USB-C chargers and devices. "With enhanced security," Samsung explained in the announcement, "the SE8A opens possibilities for new kinds of content and services that may be exclusive to a certain brand, location or event."

Today's announcement is also significant because Samsung says the new power delivery controllers meet the most recent USB specs for fast-charging which addresses things like compatibility and efficiency challenges across mobile devices and other electronics. Those challenges can have effects like causing a device to, for example, charge slower than usual in addition to compromising the battery's life cycle.

An anonymous reader shares an excerpt from an Ars Technica report: Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks. The research, performed at Graz University of Technology by Michael Schwarz, Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's Spectre attack), uses a feature that Intel introduced with its Skylake processors called SGX ("Software Guard eXtensions"). SGX enables programs to carve out enclaves where both the code and the data the code works with are protected to ensure their confidentiality (nothing else on the system can spy on them) and integrity (any tampering with the code or data can be detected). The contents of an enclave are transparently encrypted every time they're written to RAM and decrypted upon being read. The processor governs access to the enclave memory: any attempt to access the enclave's memory from code outside the enclave is blocked; the decryption and encryption only occurs for the code within the enclave.

SGX has been promoted as a solution to a range of security concerns when a developer wants to protect code, data, or both, from prying eyes. For example, an SGX enclave running on a cloud platform could be used to run custom proprietary algorithms, such that even the cloud provider cannot determine what the algorithms are doing. On a client computer, the SGX enclave could be used in a similar way to enforce DRM (digital rights management) restrictions; the decryption process and decryption keys that the DRM used could be held within the enclave, making them unreadable to the rest of the system. There are biometric products on the market that use SGX enclaves for processing the biometric data and securely storing it such that it can't be tampered with. SGX has been designed for this particular threat model: the enclave is trusted and contains something sensitive, but everything else (the application, the operating system, and even the hypervisor) is potentially hostile. While there have been attacks on this threat model (for example, improperly written SGX enclaves can be vulnerable to timing attacks or Meltdown-style attacks), it appears to be robust as long as certain best practices are followed.

In a sea of 3D audio products and true-wireless earbuds, USB Type-C headphones were nowhere in sight at CES 2019. From a report: This absence isn't an accident, however. Rather, it's the deafening silence of an abandoned product category. While many looked to USB-C audio as the successor to the famed physical port, the available models aren't catching on, and they don't seem to be going anywhere. Their absence at CES 2019 doesn't paint a rosy picture of their future, either.

In general, it takes new standards quite a while to catch on, however, USB-C was thrust into the limelight far before its time. When Apple and Google ditched their headphone jacks, it limited the pool of audio peripherals to Bluetooth, or the very young USB-C category. Perhaps with a little more time and backing from a few more serious partners this could have matured alongside its older brother the TRRS plug, but it just wasn't to be. [...] One of the biggest issues that companies need to navigate pertains to source and peripheral device compatibility. USB Type-C headphone cables can either be active or passive -- or manifest as a dongle adapter. This inconsistency, paired with the fact that Audio Accessory Mode has yet to be universally supported, results in a barrage of compatibility issues. Hence why many users are unable to operate playback controls or use a headset's integrated microphone.

Last week, Samsung introduced its latest smartphone, the Galaxy A8s. Not only is it the first phone of theirs with a laser-drilled hole in the display for the front-facing camera sensor, but it is also their first phone to ditch the headphone jack. Slashdot reader TheFakeTimCook shares a report from Mac Rumors that takes a closer look at the move and the hypocrisy behind it: [The A8s] is also Samsung's first smartphone without a headphone jack, much to the amusement of iPhone users, as Samsung has mocked Apple for over two years over its decision to remove the headphone jack from the iPhone 7 in 2016, a trend that has continued through to the iPhone XS, iPhone XS Max, and iPhone XR. While on stage unveiling the new Galaxy Note 7 in 2016, for example, Samsung executive Justin Denison made sure to point out that the device came with a headphone jack. "Want to know what else it comes with?" he asked. "An audio jack. I'm just saying," he answered, smirking as the audience laughed. And earlier this year, Samsung mocked the iPhone X's lack of a headphone jack in one of its "Ingenius" ads promoting the Galaxy S9. Samsung isn't the first tech giant to mock Apple's decision to remove the headphone jack, only to follow suit. Google poked fun at the iPhone 7's lack of headphone jack while unveiling its original Pixel smartphone in 2016, and then the Pixel 2 launched without one just a year later.

In a speech discussing ethics and the Internet, the inventor of the World Wide Web, Sir Tim Berners-Lee, has tasked the technology industry and its coder army with paying continuous attention to the world their software is consuming as they go about connecting humanity through technology. From a report: Coding must mean consciously grappling with ethical choices in addition to architecting systems that respect core human rights like privacy, he suggested. "Ethics, like technology, is design," he told delegates at the 40th International Conference of Data Protection and Privacy Commissioners (ICDPPC) which is taking place in Brussels this week. "As we're designing the system, we're designing society. Ethical rules that we choose to put in that design [impact the society]... Nothing is self evident. Everything has to be put out there as something that we think we will be a good idea as a component of our society." If your tech philosophy is the equivalent of 'move fast and break things' it's a failure of both imagination and innovation to not also keep rethinking policies and terms of service -- "to a certain extent from scratch" -- to account for fresh social impacts, he argued in the speech.

He pointed to how Wikipedia had to rapidly adapt its policies after putting online the power for anyone to edit its encyclopedia, noting: "They introduced a whole lot of bureaucracy around it but that actually makes it work, and it ended up be coming very functional." He described today's digital platforms as "sociotechnical systems" -- meaning "it's not just about the technology when you click on the link it is about the motivation someone has to make such a great thing because then they are read and the excitement they get just knowing that other people are reading the things that they have written."

TorrentFreak: Flight sim company FlightSimLabs has found itself in trouble after installing malware onto users' machines as an anti-piracy measure. Code embedded in its A320-X module contained a mechanism for detecting 'pirate' serial numbers distributed on The Pirate Bay, which then triggered a process through which the company stole usernames and passwords from users' web browsers.

"MakerBot just announced a new Open Source initiative called 'MakerBot Labs'," writes Slashdot reader szczys. "It is a small move, centering around some new APIs and a new extruder which is listed as experimental and not covered by their normal warranty. Largely they missed the mark on making a meaningful move toward openness, but with a new CEO at the helm as of January this could be the first change of the rudder in a larger effort to turn the ship around."

Makerbot's history is "an example of how you absolutely should not operate an open source company," argues Hackaday, saying it's left them skeptical of Makerbot's latest move: It reads like a company making a last ditch effort to win back the users they were so sure they didn't need just a few years ago... The wheels of progress turn slowly in any large organization, and perhaps doubly so in one that has gone through so much turmoil in a relatively short amount of time. It could be that it's taken Goshen these last nine months to start crafting a plan to get MakerBot back into the community's good graces.
From MakerBot's press release: "After setting high industry standards for what makes a quality and reliable 3D printing experience, we're introducing this new, more open platform as a direct response to our advanced users calling for greater freedom with materials and software."

An anonymous reader quotes a report from Ars Technica: Since 2014, a group of volunteers going by the name Revive Network have been working to keep online game servers running for Battlefield 2, Battlefield 2142, and Battlefield Heroes. As of this week, the team is shutting down that effort thanks to a legal request from publisher Electronic Arts. "We will get right to the point: Electronic Arts Inc.' legal team has contacted us and nicely asked us to stop distributing and using their intellectual property," the Revive Network team writes in a note on their site. "As diehard fans of the franchise, we will respect these stipulations."

EA's older Battlefield titles were a victim of the 2014 GameSpy shutdown, which disabled the online infrastructure for plenty of classic PC and console games. To get around that, Revive was distributing modified versions of the older Battlefield titles along with a launcher that allowed access to its own, rewritten server infrastructure. The process started with Battlefield 2 in 2014 and expanded to Battlefield 2142 last year, and Battlefield Heroes a few month ago. It's the distribution of modified copies of these now-defunct games that seems to have drawn the ire of EA's legal department. Revive claimed over 900,000 registered accounts across its games, including nearly 175,000 players for the recently revived Battlefield Heroes.

There may be a grand unifying service to make accumulating a large digital cinematic library feasible, or so is the hope anyway. From a report: For several years now, Disney has been the only Hollywood studio with a digital movie locker worth using, but a host of other industry heavyweights have now jumped on board to launch an expanded version of the service called Movies Anywhere. It's both a cloud-based digital locker and a one-stop-shop app: customers connect Movies Anywhere to their iTunes, Amazon Video, Google Play, or Vudu accounts, and all of the eligible movies they've purchased through those retailers appear as part of their Movies Anywhere library. Given that the Movies Anywhere app works across a number of platforms, it basically allows them to take their digital film library with them no matter what device or operating system they're using. [...] The launch of Movies Anywhere should be the merciful, final blow that puts an end to UltraViolet, one of the entertainment industry's first attempts at putting together a comprehensive digital locker service. That service flailed due to a poor customer experience and lack of adoption on the part of big digital retailers like Apple. The team behind Movies Anywhere seems to have learned from UltraViolet's mistakes, however, as well as Disney's previous successes.

When launching its original Pixel smartphone, Google mocked the iPhone 7's missing headphone jack in its marketing material. According to Cult of Mac, Google won't be doing the same for the Pixel 2. "The company has decided to remove the aging port from its latest handsets," reports Cult of Mac. "A new leak reveals that the lineup will rely solely on USB-C for wired connectivity." From the report: Incredibly reliable leaker Evan Blass has published pictures and details of Google's upcoming Pixel 2 smartphones on VentureBeat. He has also confirmed that neither device will feature a headphone jack, which means users will have to rely on a USB-C adapter or Bluetooth. It also means Google will no longer be able to put out Pixel ads that take sly swipes at the iPhone's missing port. Blass says both Pixel handsets will be powered by a Snapdragon 835 chipset -- the same one found in the Galaxy S8, the LG V30, and other 2017 flagships -- not a faster Snapdragon 836 processor as originally planned. Other features are said to include 12-megapixel cameras, 4GB of RAM, and 64GB or 128GB storage options. The smaller Pixel will pack a 5-inch 1080p display with a 16:9, while its larger sibling will pack a 6-inch Quad HD display with an 18:9 aspect ratio. Is the lack of a headphone jack a deal-breaker, or do you think the Pixel's other features, like stock Android and front-facing stereo speakers, will make up for it?

New submitter Frobnicator writes: Four years ago, the W3C began standardizing Encrypted Media Extensions, or EME. Several organizations, including the EFF, have argued against DRM within web browsers. Earlier this year, after the W3C leadership officially recommended EME despite failing to reach consensus, the EFF filed the first-ever official appeal that the decision be formally polled for consensus. That appeal has been denied, and for the first time the W3C is endorsing a standard against the consensus of its members.

In response, the EFF published their resignation from the body: "The W3C is a body that ostensibly operates on consensus. Nevertheless, as the coalition in support of a DRM compromise grew and grew -- and the large corporate members continued to reject any meaningful compromise -- the W3C leadership persisted in treating EME as topic that could be decided by one side of the debate. [...] Today, the W3C bequeaths an legally unauditable attack-surface to browsers used by billions of people. Effective today, EFF is resigning from the W3C." Jeff Jaffe, CEO of W3C said: "I know from my conversations that many people are not satisfied with the result. EME proponents wanted a faster decision with less drama. EME critics want a protective covenant. And there is reason to respect those who want a better result. But my personal reflection is that we took the appropriate time to have a respectful debate about a complex set of issues and provide a result that will improve the web for its users. My main hope, though, is that whatever point-of-view people have on the EME covenant issue, that they recognize the value of the W3C community and process in arriving at a decision for an inherently contentious issue. We are in our best light when we are facilitating the debate on important issues that face the web."