Facebook has joined the Rust Foundation, the organization driving the Rust programming language, alongside Amazon Web Services, Google, Huawei, Microsoft, and Mozilla. From a report: Facebook is the latest tech giant to ramp up its adoption of Rust, a language initially developed by Mozilla that's become popular for systems programming because of its memory safety guarantees compared to fast languages C and C++. Rust is appealing for writing components like drivers and compilers.

The Rust Foundation was established in February with initial backing from Amazon Web Services, Google, Huawei, Microsoft, and Mozilla. Microsoft is exploring Rust for some components of Windows and Azure while Google is using Rust to build new parts of the Android operating system and supporting an effort to bring Rust to the Linux kernel. Facebook's engineering team has now detailed its use of Rust beginning in 2016, a year after Rust reached its 1.0 milestone. "For developers, Rust offers the performance of older languages like C++ with a heavier focus on code safety. Today, there are hundreds of developers at Facebook writing millions of lines of Rust code," Facebook's software engineering team said.

According to The Verge, citing a new deposition made public as part of the Epic case, Apple's senior VP of software and services, Eddy Cue, pushed to bring iMessage to Android as early as 2013. "[...] Cue wanted to devote a full team to iMessage support on Android, only to be overruled by other executives," adds The Verge. From the report: The latest deposition cites a specific email exchange between Cue and Craig Federighi, currently Apple's SVP of software engineering, beginning on April 7th and 8th, 2013. The exchange came after news circulated that Google had attempted to purchase WhatsApp for $1 billion. According to the exchange, Cue took the rumors as a sign that iMessage should expand to Android to cement Apple's hold on messaging apps:

Cue: We really need to bring iMessage to Android. I have had a couple of people investigating this but we should go full speed and make this an official project.... Do we want to lose one of the most important apps in a mobile environment to Google? They have search, mail, free video, and growing quickly in browsers. We have the best messaging app and we should make it the industry standard. I don't know what ways we can monetize it but it doesn't cost us a lot to run.

Federighi: Do you have any thoughts on how we would make switching to iMessage (from WhatsApp) compelling to masses of Android users who don't have a bunch of iOS friends? iMessage is a nice app/service, but to get users to switch social networks we'd need more than a marginally better app. (This is why Google is willing to pay $1 billion -- for the network, not for the app.)...In the absence of a strategy to become the primary messaging service for [the] bulk of cell phone users, I am concerned [that] iMessage on Android would simply serve to remove an obstacle to iPhone families giving their kids Android phones.

Elsewhere in the deposition, Cue says, "I remember the time of wanting to do an iMessage app on Android ourselves." "Would there have been cross-compatibility with the iOS platform so that users of both platforms would have been able to exchange messages?" the questioner responds. "That was certainly the discussion and the view that I had," Cue says. [...] The line of questioning is likely to play a significant role in Epic's antitrust lawsuit, which argues that iOS app store exclusivity represents an illegal use of market power. Epic has made clear in previous filings that it plans to make iMessage exclusivity part of that argument, citing a 2016 email from Phil Schiller that argues iMessage expansion "will hurt us more than help us."

On the last day of March, DroidScript, a popular Android app for writing JavaScript code, had its Google advertising account suspended and a week later was removed from the Google Play Store for alleged ad fraud. From a report: David Hurren, founder of the non-profit DroidScript.org and of SoftCogs Ltd, a UK-based software firm, is baffled by the charge and asked Google to explain how it came to that conclusion and to reconsider its suspension of DroidScript. But his appeals have been answered by form letters and now the app, used by more than 100,000 developers, including students, teachers and professionals, is losing premium subscribers as well as ad revenue with no further explanation from Google.

The app had only a single banner, added "reluctantly added to cover our development and hosting costs," Hurren explained in a DroidScript forum post about the crisis. Denied access to ad revenue and details about the supposed infraction, Hurren set about creating a new version without the AdMob banner ad shortly after the AdMob account suspension, knowing this might also prevent DroidScript users from implementing AdMob in their own apps. But Google, on April 7, suspended the app on Google Play, preventing any new version from being released. Hurren said that means the app loses all the user-ratings, download statistics, and premium subscribers accrued over the past seven years.

destinyland writes: Mystery Science Theater 3000 will be coming back — with a new home online. Though Netflix didn't pick them up for another season after 2019, "We still want to keep making new episodes," series creator Joel Hodgson explains in an online video on Kickstarter. (Also available through the URL MakeMoreMST3K.com.)

And with 12 days left to go, 18,969 online fans have already pledged $3,348,705, funding six new episodes...

But in addition the first $2 million funded the creation of the Gizmoplex, "our very own virtual online theatre," while the first stretch goal was also funded — the creation of MST3K apps for Android, iOS, and streaming services like AppleTV and Roku. "I'm tired of other people deciding if our show lives or dies," explains Crow T. Robot in the Kickstarter video. "I wanna do that." New host Jonah Heston adds, "If we want MST3K to keep going long-term, maybe networks aren't the most reliable option. Maybe it should be up to the fans to decide how long we keep going..."

Their next stretch goal of $4.4 million would fund three more episodes, but will also allow them to invite backers to the Gizmoplex for live monthly events, "for at least a year." And if they reach their goal of $5.5 million, they'll fund three more episodes — so an entire 12-episode season — as well as 12 short-subject films.

The ultimate hope is to host frequent live screenings, premieres, and community events in the Gizmoplex — while fans can even host their own MST3K watch parties whenever they want. And their Kickstarter page even suggests they might someday extend the Gizmoplex into virtual reality (accessible on computer and headsets).
I still remember how back in 2008 Joel Hodgson answered questions from Slashdot readers. "I've been a fan so long, I can't even remember when," posted CmdrTaco.

According to Sacramento CBS affiliate KOVR-TV, Yana Sydnor called the police to report a possible home invasion. Turns out, it was a robovac that her son turned on before leaving for the weekend. Android Police reports: At 1 a.m., she and her 2-year-old daughter woke up to loud booms coming from her stairs disrupting her meditation music. She texted her friends about the sounds before they quickly responded, urging her to call 911. "I hear someone walking down my stairs, so it's like boom, boom, boom, boom, boom," Sydnor recalls telling the dispatcher. Desperate to exit the house and avoid a run-in with the invader, she ran to the bathroom, put her daughter in the tub, and thought about grabbing a ladder to get them both outside to ground level.

Officers arrived within 10 minutes of Sydnor's call. They rammed the front door wide open only to find a poor robovac, fresh from a tumble down a flight of stairs. "My son turned on the vacuum cleaner because he didn't want to do chores before he left for the weekend," she explained to the reporter after a moment of exasperated silence. The vacuum hadn't been used for 2 years and, even after the fall, it still works. We couldn't make out the make and model of the robovac, so we don't quite know if it could stop itself from going over the ledge much less what exactly happened in this case if it did have the ability.

An anonymous reader quotes a report from Gizmodo: Today, with the expansion of its Galaxy Upcycling at Home service (which is still in beta), users in the U.S., U.K., and South Korea will get access to an experimental feature in the SmartThings app designed to give an old Galaxy handset new life as a useful smart home accessory. By using the app to reconfigure the device's battery usage and optimization, Samsung says even older devices will still be able to deliver good longevity, while the phone's usual assortment of wireless connectivity features makes it easy to pair the phone with other devices in your home.

In the SmartThings app, Samsung provides a range of functions that an old smartphone can perform, including serving as a light sensor that can automatically turn on your smart lights or even your TV when it gets dark. Alternatively, you can also convert an old Galaxy phone into a sound sensor, with the phone using AI to detect common household noises like a barking dog, crying baby, or a knock on the door. In this way, you can also repurpose an old Samsung phone as a baby monitor of sorts [...]. And of course, even without much fiddling, upcycled Samsung phones can also be used as universal remotes, providing an easy way to control your streaming video box, play music on your smart speakers, control your lights, and more.

Now that Apple's lost item finder AirTag has officially been introduced, competitor Tile is going on record ahead of its testimony in front of Congress tomorrow about how it perceives Apple's latest product. In a statement, Tile CEO CJ Prober said today: "Our mission is to solve the everyday pain point of finding lost and misplaced things and we are flattered to see Apple, one of the most valuable companies in the world, enter and validate the category Tile pioneered. The reason so many people turn to Tile to locate their lost or misplaced items is because of the differentiated value we offer our consumers. In addition to providing an industry leading set of features via our app that works with iOS and Android devices, our service is seamlessly integrated with all major voice assistants, including Alexa and Google. And with form factors for every use case and many different styles at affordable prices, there is a Tile for everyone.

Tile has also successfully partnered with top brands like HP, Intel, Skullcandy and fitbit to enable our finding technology in mass market consumer categories like laptops, earbuds and wearables. With over 30 partners, we look forward to extending the benefits of Tile to millions of customers and enabling an experience that helps you keep track of all your important belongings. We welcome competition, as long as it is fair competition. Unfortunately, given Apple's well-documented history of using its platform advantage to unfairly limit competition for its products, we're skeptical. And given our prior history with Apple, we think it is entirely appropriate for Congress to take a closer look at Apple's business practices specific to its entry into this category. We welcome the opportunity to discuss these issues further in front of Congress tomorrow.

Reddit unveiled its take on a Clubhouse-like social audio product on Monday, called Reddit Talk. The Verge reports: The company is billing Monday's announcement as a "sneak preview," since the feature isn't widely available yet. Moderators that want to try the feature out in their subreddit can add themselves to a waitlist for access. Based on Reddit's description and images shared by the company, Reddit Talk appears to look a lot like Clubhouse, Twitter Spaces, and other social audio products. Talks will "live" within subreddits, according to Reddit.

During the initial tests, only subreddit moderators will be able to initiate a Talk, and Talk hosts will have the ability to invite, mute, and remove speakers. While only mods can kick off Talks in the beginning, anyone on iOS and Android can listen to one. Moderation has been an issue for Clubhouse, so it's notable that Reddit is starting small and giving access only to moderators first. At some point in the future, mods will be able to bring on trusted community members as co-hosts. The company says it is "testing ways" for hosts to customize how Talks look with emojis and different background colors, and users will be able to change their avatar, too. Earlier today, Facebook also announced that the company is working on a Clubhouse clone.

Microsoft's Xbox Cloud Gaming service, previously known as xCloud, will begin rolling out in beta to iPhones, iPads and PCs this week. The service will be invite-only to start, Microsoft said in a blog post on Monday. From a report: Xbox Cloud Gaming was on track to launch for iPhones and iPads earlier, but Apple updated its App Store rules in September that impacted services like Xbox Gaming and Google Stadia. Apple's move forced the companies to use web browsers to redesign their services so that they could circumvent the App Store rules. Under the rules, Microsoft, Google and other companies with similar services would have had to offer each game as an individual download instead of offering a complete library the way Netflix does for movies.

Xbox Cloud Gaming is sort of like Netflix for games. People who subscribe to Microsoft's $14.99/month Xbox Game Pass Ultimate plan can access more than 100 titles. The cloud gaming aspect lets you stream the games without having to download them, provided you have a fast enough internet connection. The streaming option is already available for Android phones.

Google's Android team supports Rust for developing the Android operating system. Now they're also helping evaluate Rust for Linux kernel development. Their hopes, among other things, are that "New code written in Rust has a reduced risk of memory safety bugs, data races and logic bugs overall," that "abstractions that are easier to reason about," and "More people get involved overall in developing the kernel, thanks to the usage of a modern language."

Linus Torvalds responded in a new interview with IT Wire (shared by Slashdot reader juul_advocate): The first patches for Rust support in the Linux kernel have been posted and the man behind the kernel says the fact that these are being discussed is much more important than a long post by Google about the language. Linus Torvalds told iTWire in response to queries that Rust support was "not there yet", adding that things were "getting to the point where maybe it might be mergeable for 5.14 or something like that..." Torvalds said that it was still early days for Rust support, "but at least it's in a 'this kind of works, there's an example, we can build on it'."

Asked about a suggestion by a commenter on the Linux Weekly News website, who said, during a discussion on the Google post, "The solution here is simple: just use C++ instead of Rust", Torvalds could not restrain himself from chortling. "LOL," was his response. "C++ solves _none_ of the C issues, and only makes things worse. It really is a crap language.

"For people who don't like C, go to a language that actually offers you something worthwhile. Like languages with memory safety and [which] can avoid some of the dangers of C, or languages that have internal GC [garbage collection] support and make memory management easier. C++ solves all the wrong problems, and anybody who says 'rewrite the kernel in C++' is too ignorant to even know that."

He said that when one spoke of the dangers of C, one was also speaking about part of what made C so powerful, "and allows you to implement all those low-level things efficiently".
Torvalds added that, while garbage collection is "a very good thing in most other situations," it's "generally not necessarily something you can do in a low-level system programming."

Australia's federal court found that Google misled users about personal location data collected through Android mobile devices between 2017 and 2018, the country's competition regulator said Friday. From a report: The Australian Competition and Consumer Commission (ACCC) -- which launched legal proceedings against Google in 2019 -- said the ruling was an "important victory for consumers" with regard to the protection of online privacy. Google misled Android users into thinking the search giant could collect personal data only if the "location history" setting was on, the ACCC said. The court found that Google could still collect, store and use personally identifiable location data if the setting for "web and application activity" was on -- even if "location history" was turned off. "This is an important victory for consumers, especially anyone concerned about their privacy online, as the Court's decision sends a strong message to Google and others that big businesses must not mislead their customers," ACCC Chair Rod Sims said in a statement.

According to a new report from Light Reading, the three major U.S. carriers (four at the time) have reportedly abandoned their joint venture to launch a new Cross Carrier Messaging Initiative (CCMI), that promised interoperability for an RCS Universal Profile-based messaging standard. It was originally set to be launched in 2020. [For a detailed explanation of RCS Messaging, we recommend this article.] Android Police reports: Although the company handling the logistics behind the cross-carrier effort claims that it's still "continuing to move forward with preparations," a Verizon spokesperson told Light Reading that "the owners of the Cross Carrier Messaging Initiative decided to end the joint venture effort." [...] This may seem like bad news, but things have changed since 2019. In the time since the CCMI was announced, Google leapfrogged the carrier's selfish dithering and rolled out its own RCS messaging solution via the Messages app, all connected to its Jibe network (though it will use your carrier network if it's Universal Profile-compatible). It's a move that means customers don't have to wait on their carriers to start the work they should have done five years ago. More recently, T-Mobile has essentially handed the reins for its whole network messaging solution to Google by adopting Messages as the default SMS app for all T-Mobile phones, connecting all its customers to Google's RCS network.

Given what has and hasn't succeeded when it comes to RCS messaging, what we'd like to see is for Verizon and AT&T to follow T-Mobile, give up on their own stupid standards, and simply adopt Google's RCS Messaging -- either by connecting their chat apps to Google's Jibe network somehow or by adopting the Messages app as sanctioned solutions, as T-Mobile did. But in the meantime, there's nothing to prevent customers on either network from just installing the Messages app themselves and bypassing the carrier mess altogether -- especially since it sounds like the carriers have given up on fixing it.

An anonymous reader writes: If you're a frequent user of WhatsApp, you may want to keep an eye on a disturbing hole discovered in its security this weekend. It's possible for an attacker to completely suspend your WhatsApp account, without any recourse for the individual user, and all they need is your phone number. At the time of writing there's no solution for this issue.

This newly-discovered flaw uses two separate vectors. The attacker installs WhatsApp on a new device and enters your number to activate the chat service. They can't verify it, because of course, the two-factor authentication system is sending the login prompts to your phone instead. After multiple repeated and failed attempts, your login is locked for 12 hours. Here's where the tricky part comes in: with your account locked, the attacker sends a support message to WhatsApp from their email address, claiming that their (your) phone has been lost or stolen, and that the account associated with your number needs to be deactivated. WhatsApp "verifies" this with a reply email, and suspends your account without any input on your end. The attacker can repeat the process several times in succession to create a semi-permanent lock on your account. The results are disturbing, but at the very least, this method can't be used to actually gain access to an account, merely to block access by its legitimate owner. Confidential text messages and contacts are not exposed. The proof-of-concept attack was first reported by Forbes from security researchers Luis Marquez Carpintero and Ernesto Canales Perena. There's no indication that it's being used in the wild.

An anonymous reader quotes a report from 9to5Google: A new Google Shopping experience that featured a personalized homepage launched in 2019. On Android, Google rebranded the existing Express app to Shopping, but it's now shutting down the mobile experience in favor of just the web. The [Android and iOS clients] will continue to work through June. It comes as Google has been expanding shopping functionality in Search, Image Search, and YouTube, while increasingly leveraging augmented reality: "Within the next few weeks, we'll no longer be supporting the Shopping app. All of the functionality the app offered users is available on the Shopping tab. We'll continue building features within the Shopping tab and other Google surfaces, including the Google app, that make it easy for people to discover and shop for the products they love."

The Federal Communications Commission has released a new speed test app to help measure internet speeds across the country, available on both Android and iOS. From a report: The FCC Speed Test App works similarly to existing speed-testing apps like Ookla's and Fast by Netflix, automatically collecting and displaying data once users press the "start testing" button. According to the FCC, the data collected through the app will inform the agency's efforts to collect more accurate broadband speed information and aid its broadband deployment efforts. "To close the gap between digital haves and have nots, we are working to build a comprehensive, user-friendly dataset on broadband availability," Acting Chair Jessica Rosenworcel said in a statement Monday. "Expanding the base of consumers who use the FCC Speed Test app will enable us to provide improved coverage information to the public and add to the measurement tools we're developing to show where broadband is truly available throughout the United States."

"Using just your phone number, a remote attacker can easily deactivate WhatsApp on your phone and then stop you getting back in," reports a new article in Forbes. "Even two-factor authentication will not stop this..."

The attacker triggers a 12-hour freeze on new verification codes being sent to your phone — then simply reports that same phone number as a lost/stolen phone needing deactivation. There are apparently no follow-up questions, and "an automated process has been triggered, without your knowledge, and your account will now be deactivated," Forbes writes.

The phone can't be reactivated without one of those verification codes blocked by that 12-hour freeze (which the attacker can renew for another 12-hour window, until the next day WhatsApp blocks those reactivating codes indefinitely). "There is no sophistication to this attack — that's the real issue here and WhatsApp should address it immediately..." Forbes complains. This shouldn't happen. It shouldn't be possible. Not with a platform used by 2 billion people. Not this easily. When researchers, Luis Márquez Carpintero and Ernesto Canales Pereña, warned they could kill WhatsApp on my phone, blocking me from my own account using just my phone number, I was doubtful. But they were right...

Despite its vast user base, WhatsApp is creaking at the seams. Its architecture has fallen behind its rivals, missing key features such as multi-device access and fully encrypted backups. As the world's most popular messenger focuses on mandating new terms of service to enable Facebook's latest money-making schemes, these much-needed advancements remain "in development...."
Reached for comment, WhatsApp told Forbes that any victims of the attack should contact their support team — adding that such an attack would "violate our terms of service."

But Forbes adds "your other option would be to follow Mark Zuckerberg's reported example and start to use Signal..." Unfortunately, playing down the seriousness of security risks has become the in-house style at Facebook. Back in 2019, I reported on a vulnerability that allowed private user phone numbers to be pulled from Facebook databases at scale using automated bots. That hack was acknowledged by Facebook but dismissed as an "unlikely problem." Some 533 million users might now disagree.

An anonymous reader quotes a report from ZDNet: A zero-day vulnerability in Zoom which can be used to launch remote code execution (RCE) attacks has been disclosed by researchers. The researchers from Computest demonstrated a three-bug attack chain that caused an RCE on a target machine, and all without any form of user interaction. As Zoom has not yet had time to patch the critical security issue, the specific technical details of the vulnerability are being kept under wraps. However, an animation of the attack in action demonstrates how an attacker was able to open the calculator program of a machine running Zoom following its exploit. As noted by Malwarebytes, the attack works on both Windows and Mac versions of Zoom, but it has not -- yet -- been tested on iOS or Android. The browser version of the videoconferencing software is not impacted. Computest researchers Daan Keuper and Thijs Alkemade earned themselves $200,000 for this Zoom discovery, as it was part of the Pwn2Own contest.

In a statement to Tom's Guide, Zoom thanked the Computest researchers and said the company was "working to mitigate this issue with respect to Zoom Chat." In-session Zoom Meetings and Zoom Video Webinars are not affected. "The attack must also originate from an accepted external contact or be a part of the target's same organizational account," Zoom added. "As a best practice, Zoom recommends that all users only accept contact requests from individuals they know and trust."

Security researchers say APKPure, a widely popular app for installing older or discontinued Android apps from outside of Google's app store, contained malicious adware that flooded the victim's device with unwanted ads. From a report: Kaspersky Lab said that it alerted APKPure on Thursday that its most recent app version, 3.17.18, contained malicious code that siphoned off data from a victim's device without their knowledge, and pushed ads to the device's lock screen and in the background to generate fraudulent revenue for the adware operators. But the researchers said that the malicious code had the capacity to download other malware, potentially putting affected victims at further risk.

Apple knows that iMessage's blue bubbles are a big barrier to people switching to Android, which is why the service has never appeared on Google's mobile operating system. From a report: That's according to depositions and emails from Apple employees, including some high-ranking executives, revealed in a court filing from Epic Games as part of its legal dispute with the iPhone manufacturer. Epic argues that Apple consciously tries to lock customers into its ecosystem of devices, and that iMessage is one of the key services helping it to do so. It cites comments made by Apple's senior vice president of Internet Software and Services Eddie Cue, senior vice president of software engineering Craig Federighi, and Apple Fellow Phil Schiller to support its argument.

"The #1 most difficult [reason] to leave the Apple universe app is iMessage ... iMessage amounts to serious lock-in," was how one unnamed former Apple employee put it in an email in 2016, prompting Schiller to respond that, "moving iMessage to Android will hurt us more than help us, this email illustrates why." "iMessage on Android would simply serve to remove [an] obstacle to iPhone families giving their kids Android phones," was Federighi's concern according to the Epic filing. Although workarounds to using iMessage on Android have emerged over the years, none have been particularly convenient or reliable.

schwit1 shares a report from Ars Technica: Austrian privacy activist Max Schrems has filed a complaint against Google in France alleging that the US tech giant is illegally tracking users on Android phones without their consent. Android phones generate unique advertising codes, similar to Apple's Identifier for Advertisers (IDFA), that allow Google and third parties to track users' browsing behavior in order to better target them with advertising. In a complaint filed on Wednesday, Schrems' campaign group Noyb argued that in creating and storing these codes without first obtaining explicit permission from users, Google was engaging in "illegal operations" that violate EU privacy laws.

Noyb urged France's data privacy regulator to launch a probe into Google's tracking practices and to force the company to comply with privacy rules. It argued that fines should be imposed on the tech giant if the watchdog finds evidence of wrongdoing. "Through these hidden identifiers on your phone, Google and third parties can track users without their consent," said Stefano Rossetti, privacy lawyer at Noyb. "It is like having powder on your hands and feet, leaving a trace of everything you do on your phone -- from whether you swiped right or left to the song you downloaded." Last year, Schrems won a landmark case at Europe's highest court that ruled a transatlantic agreement on transferring data between the bloc and the US used by thousands of corporations did not protect EU citizens' privacy.