Google Releases Improved Cardboard SDK and Adds Street View ( 16

An anonymous reader writes: Google announced that its Cardboard VR app is now available in 39 languages and 100 countries for both iOS and Android. "With more than 15 million installs of Cardboard apps from Google Play, we're excited to bring VR to even more people around the world," Google Software Engineer Brandon Wuest wrote in a blog post. You can also now explore Google Street View in Cardboard with the Street View app.

The Pepsi P1 Smartphone Takes Consumer Lock-In Beyond the App ( 142

An anonymous reader writes: On the 20th of October Pepsi will launch its own smartphone in China. The P1 is not just a cowling brand, but a custom-made device running Android 5.1 and costing approximately $205. At that price it's almost a burner, but even so it represents new possibilities for a brand to truly control the digital space for its eager consumers in a period where mobile content-blocking is becoming a marketing obstruction, and where there is increasing resistance on Google's part to allow publishers to push web-users from the internet to 'the app'.

Kaspersky Fixes Bug That Allowed Attackers To Block Windows Update & Others ( 32

An anonymous reader writes with this story at Softpedia about Google Project Zero security researcher Tavis Ormandy's latest find. A vulnerability that allowed abuse by attackers was discovered and quickly fixed in the Kaspersky Internet Security antivirus package, one which allowed hackers to spoof traffic and use the antivirus product against the user and itself. Basically, by spoofing a few TCP packets, attackers could have tricked the antivirus into blocking services like Windows Update, Kaspersky's own update servers, or any other IPs which might cripple a computer's defenses, allowing them to carry out further attacks later on.

Ask Slashdot: Selecting a Version Control System For an Inexperienced Team 309

An anonymous reader writes: I have been programming in Python for quite a while, but so far I have not used a version control system. For a new project, a lot more people (10-15) are expected to contribute to the code base, many of them have never written a single line of Python but C, LabVIEW or Java instead. This is a company decision that can be seen as a Python vs. LabVIEW comparison — if successful the company is willing to migrate all code to Python. The code will be mostly geared towards data acquisition and data analysis leading to reports. At the moment I have the feeling, that managing that data (=measurements + reports) might be done within the version control system since this would generate an audit trail on the fly. So far I have been trying to select a version control system, based on google I guess it should be git or mercurial. I get the feeling, that they are quite similar for basic things. I expect, that the differences will show up when more sophisticated topics/problems are addressed — so to pick one I would have to learn both — what are your suggestions? Read below for more specifics.

There Is No .bro In Brotli: Google/Mozilla Engineers Nix File Type As Offensive 747

theodp writes: Several weeks ago, Google launched Brotli, a new open source compression algorithm for the web. Since then, controversy broke out over the choice of 'bro' as the content encoding type. "We are hoping to establish a file ending .bro for brotli compressed files, a command line tool 'bro' for compressing and uncompressing brotli files, and a accept/content encoding type 'bro'," explained Google software engineer Jyrki Alakuijala. "Can I talk you out of it?," replied Mozilla SW engineer Patrick McManus. "'bro' has a gender problem, even though the dual meaning is unintentional. It comes of[f] misogynistic and unprofessional due to the world it lives in." Despite some pushback from commenters, a GitHub commit made by Google's Zoltan Szabadka shows that there will be no '.bro' in Brotli. "I have asked a feminist friend from the North American culture-sphere, and she advised against bro," explained Alakuijala. "We have found a compromise that satisfies us, so we don't need to discuss this further. Even if we don't understand why people are upset from our cultural standpoint, they would be (unnecessarily) upset and this is enough reason not to use it."
Open Source

Linux Foundation: Security Problems Threaten 'Golden Age' of Open Source ( 74

Mickeycaskill writes: Jim Zemlin, executive director of the Linux Foundation, has outlined the organization's plans to improve open source security. He says failing to do so could threaten a "golden age" which has created billion dollar companies and seen Microsoft, Apple, and others embrace open technologies. Not long ago, the organization launched the Core Infrastructure Initiative (CII), a body backed by 20 major IT firms, and is investing millions of dollars in grants, tools, and other support for open source projects that have been underfunded. This was never move obvious than following the discovery of the Heartbleed Open SSL bug last year. "Almost the entirety of the internet is entirely reliant on open source software," Zemlin said. "We've reached a golden age of open source. Virtually every technology and product and service is created using open source. Heartbleed literally broke the security of the Internet. Over a long period of time, whether we knew it or not, we became dependent on open source for the security and Integrity of the internet."

Firefox Support For NPAPI Plugins Ends Next Year ( 146

An anonymous reader writes: Mozilla announced that it will follow the lead of Google Chrome and Microsoft Edge in phasing out support for NPAPI plugins. They expect to have it done by the end of next year. "Plugins are a source of performance problems, crashes, and security incidents for Web users. ... Moreover, since new Firefox platforms do not have to support an existing ecosystem of users and plugins, new platforms such as 64-bit Firefox for Windows will launch without plugin support." Of course, there's an exception: "Because Adobe Flash is still a common part of the Web experience for most users, we will continue to support Flash within Firefox as an exception to the general plugin policy. Mozilla and Adobe will continue to collaborate to bring improvements to the Flash experience on Firefox, including on stability and performance, features and security architecture." There's no exception for Java, though.

First Successful Collision Attack On the SHA-1 Hashing Algorithm ( 84

Artem Tashkinov writes: Researchers from Dutch and Singapore universities have successfully carried out an initial attack on the SHA-1 hashing algorithm by finding a collision at the SHA1 compression function. They describe their work in the paper "Freestart collision for full SHA-1". The work paves the way for full SHA-1 collision attacks, and the researchers estimate that such attacks will become reality at the end of 2015. They also created a dedicated web site humorously called The SHAppening.

Perhaps the call to deprecate the SHA-1 standard in 2017 in major web browsers seems belated and this event has to be accelerated.


Google Helped Cause the Mysterious Increase In 911 Calls SF Asked It To Solve ( 166

theodp writes: Android users have long complained publicly that it's way too easy to accidentally dial 911. So it's pretty astonishing that it took a team of Google Researchers and San Francisco Department of Emergency Management government employees to figure out that butt-dialing was increasing the number of 911 calls. The Google 9-1-1 Team presented its results in How Googlers helped San Francisco Use Data Science to Understand a Surge in 911 Calls, a Google-sponsored presentation at the Code for America Summit, and in San Francisco's 9-1-1 Call Volume Increase, an accompanying 26-page paper.

Mozilla Sets Out Its Proposed Principles For Content Blocking ( 317

Mark Wilson writes: With Apple embracing ad blocking and the likes of AdBlock Plus proving more popular than ever, content blocking is making the headlines at the moment. There are many sides to the debate about blocking ads — revenue for sites, privacy concerns for visitors, speeding up page loads times (Google even allows for the display of ads with its AMP Project), and so on — but there are no signs that it is going to go away. Getting in on the action, Mozilla has set out what it believes are some reasonable principles for content blocking that will benefit everyone involved. Three cornerstones have been devised with a view to ensuring that content providers and content consumers get a fair deal, and you can help to shape how they develop.

Volvo Will Accept Liability For Self-Driving Car Crashes ( 203

An anonymous reader writes: Volvo has announced it will accept "full liability" for accidents when one of its cars is driving autonomously. It joins Mercedes and Google in this claim, hoping to convince regulators that it's worthwhile to allow testing of such vehicles on public roads. Volvo's CTO said, "Everybody is aware of the fact that driverless technology will never be perfect — one day there will be an accident. So the question becomes who is responsible and we think it's unrealistic to put that responsibility on our customers." Of course, this is limited to flaws in the self-driving system. If the driver does something inappropriate, or if another vehicle causes the accident, then they're still liable. It's also questionable how the courts would treat a promise for liability, but presumably this can be cleared up with agreements when customers start actually using the technology.

Not All iPhone 6s Processors Are Created Equal ( 262

itwbennett writes: Apple is splitting the manufacture of the A9 processor for its iPhone 6s between TSMC (~60%) and rival Samsung (~40%) — "and they are not created equal," writes Andy Patrizio. For starters, Chipworks noted that Samsung uses 14nm while TSMC uses 16nm. A Reddit user posted tests of a pair of 6s Plus phones and found the TSMC chip had eight hours of battery life vs. six hours for the Samsung. Meanwhile, benchmark tests from the folks at MyDriver (if Mr. Patrizio's efforts with Google Translate got it right) also found that the Samsung chip is a bigger drain on the phone's battery, while the TSMC chip is slightly faster and runs a bit cooler. So how do you know which chip you got? There's an app for that.

IP Address May Associate Lyft CTO With Uber Data Breach ( 103

An anonymous reader writes: According to two unnamed Reuters sources the IP address of Lyft CTO Chris Lambert has been revealed by Uber's investigations to be associated with the accessing of a security key that was accidentally deposited on GitHub in 2014 and used to access 50,000 database records of Uber drivers later that year. However, bearing in mind that the breach was carried out through a fiercely protectionist Scandinavian VPN, and that Lambert was a Google software engineer before become CTO of a major technology company, it does seem surprising that he would have accessed such sensitive data with his own domestic IP address.
The Internet

Google's Effort To Speed Up the Mobile Web ( 94

An anonymous reader writes: Google has officially taken the wraps off its AMP project — Accelerated Mobile Pages — which aims to speed up the delivery of web content to mobile devices. They say, "We began to experiment with an idea: could we develop a restricted subset of the things we'd use from HTML, that's both fast and expressive, so that documents would always load and render with reliable performance?" That subset is now encapsulated in AMP, their proof-of-concept. They've posted the code to GitHub and they're asking for help from the open source community to flesh it out. Their conclusions are familiar to the Slashdot crowd: "One thing we realized early on is that many performance issues are caused by the integration of multiple JavaScript libraries, tools, embeds, etc. into a page. This isn't saying that JavaScript immediately leads to bad performance, but once arbitrary JavaScript is in play, most bets are off because anything could happen at any time and it is hard to make any type of performance guarantee. With this in mind we made the tough decision that AMP HTML documents would not include any author-written JavaScript, nor any third-party scripts." They're seeing speed boosts anywhere from 15-85%, but they're also looking at pre-rendering options to make some content capable of loading instantaneously. Their FAQ has a few more details.

Ask Slashdot: Where Can I Find "Nuts and Bolts" Info On Cookies & Tracking Mechanisms? 84

New submitter tanstaaf1 writes: I was thinking about the whole tracking and privacy train-wreck and I'm wondering why specific information on how it is done, and how it can be micromanaged or undone by a decent programmer (at least), isn't vastly more accessible? By searching, I can only find information on how to erase cookies using the browser. Browser level (black box) solutions aren't anywhere near good enough; if it were, the exploits would be few and far between instead everywhere everyday. Read below for the rest of tanstaaf1's question.

Privately Funded Lunar Mission Set a Launch Date For 2017 50

merbs writes: If all goes according to plan, the world's first private lunar mission will be launched just two years from now. SpaceIL, an Israeli nonprofit, has secured a launch contract with Spaceflight Industries, and will aim to land a rover on the moon in the second half of 2017. It's the first such launch contract to be verified by the $30 million Google Lunar XPrize competition. Another group called Moon Express has signed a deal with New Zealand-based company, Rocket Lab, to launch and put a lander on the lunar surface 2017.

Windows Phone Store Increasingly Targeted With Fake Mobile Apps 90

An anonymous reader writes: A post by security company Avast says not only are a large amount of fake apps available from the third-party marketplace of the Windows Phone Store, but they also remain available for quite a while despite negative comments and other flags from end-users. Avast speculates that improved security and auditing procedures at rival stores such as Google Play account for the increasing attention that fake app-publishers are giving to the Windows phone app market.

Porsche Chooses Apple Over Google Because Google Wants Too Much Data 422

countach44 writes: As reported in number 5 of this list from Motor Trend, Porsche went with Apple over Google for the infotainment system in its new 911. Apparently, Android Auto wants vehicle data (throttle position, speed, coolant temp, etc.) whereas Apple Play only needs to know if the car is in motion. Naturally, people are curious what Google, as a company building its own car, wants that data for.

Worries Mount Over Upcoming LTE-U Deployments Hurting Wi-Fi 172

alphadogg writes: LTE-U is a technology developed by Qualcomm that lets a service provider broadcast and receive signals over unlicensed spectrum, which is usable by anybody – specifically, in this case, the spectrum used by Wi-Fi networks in both businesses and homes. By opening up this new spectrum, major U.S. wireless carriers hope to ease the load on the licensed frequencies they control and help their services keep up with demand. Unsurprisingly, several outside experiments that pitted standard LTE technology or 'simulated LTE-U' technology, in the case of one in-depth Google study, against Wi-Fi transmitters on the same frequencies found that LTE drastically reduced the throughput on the Wi-Fi connection.

EU Court of Justice Declares US-EU Data Transfer Pact Invalid 203

Sique writes: Europe's highest court ruled on Tuesday that a widely used international agreement for moving people's digital data between the European Union and the United States was invalid. The decision, by the European Court of Justice, throws into doubt how global technology giants like Facebook and Google can collect, manage and analyze online information from their millions of users in the 28-member bloc. The court decreed that the data-transfer agreement was invalid as of Tuesday's ruling. New submitter nava68 adds links to coverage at the Telegraph; also at TechWeek Europe. From TechWeek Europe's article: The ruling was the court’s final decision in a data-protection case brought by 27-year-old Austrian law student Max Schrems against the Irish data protection commissioner. That case, in turn, was spurred by Schrems’ concerns over the collection of his personal data by Facebook, whose European headquarters is in Ireland, and the possibility that the data was being handed over to US intelligence services.