An anonymous reader quotes a report from NewAtlas: After an almost two-year shutdown for repairs and upgrades, CERN's Large Hadron Collider (LHC) is beginning to fire back up for its next phase of probing the mysteries of physics. Its newest particle accelerator, Linac 4, completed its first test run over the past few weeks, with the potential to provide much more energetic beams than ever before. The LHC paused operations in December 2018, beginning a massive overhaul called the High-Luminosity Large Hadron Collider (HL-LHC). When it's fully finished and finally fired up in 2026, the upgraded facility will be seven times more powerful and will collect around 10 times more data in the following decade than it did during the previous run.

And now, the first incremental stage of this upgrade is coming online. The new linear accelerator, called Linac 4, has been installed and tested over the last few weeks. This device is the starting point for accelerating protons, which are then injected into the Proton Synchrotron (PS) Booster and onto the rest of the accelerator complex. Linac 4 replaces Linac 2, which was in operation at CERN for 40 years. As you might expect the new model is significantly more powerful, injecting particles into the PS Booster at energies up to 160 MeV -- much higher than Linac 2's 50 MeV. By the time these beams are boosted, they'll reach energies of 2 GeV, compared to the 1.4 GeV that Linac 2 was capable of. This extra energy is thanks to the fact that scientists can tweak Linac 4's beams in much more detail than its predecessor.

In the three weeks up to mid-August, Linac 4 was tested with low-energy beams of negative hydrogen ions, running only through the first part of the accelerator. On August 20, it was finally cranked right up to maximum energy, with beams accelerated through the whole machine. These were then sent into a "beam dump" at the end, a device that catches and absorbs the particles.

For over six years, one Wikipedia user -- AmaryllisGardener -- has written well over 23,000 articles on the Scots Wikipedia and done well over 200,000 edits. The only problem is that AmaryllisGardener isn't Scottish, they don't speak Scots, and none of their articles are written in Scots. From a report: Since 2013, this user -- a self-professed Christian INTP furry living somewhere in North Carolina -- has simply written articles that are written in English, riddled with misspellings that mimic a spoken Scottish accent. Many of the articles were written while they were a teenager. AmaryllisGardener is an admin of the Scots Wikipedia, and Wikipedians now have no idea what to do, because their influence over the country's pages has been so vast that their only options seem to be to delete the Scots language version entirely or revert the entire thing back to 2012. This ridiculous situation was discovered by a redditor on r/Scotland who happened to check the edit history of one article. By the redditor u/Ultach's count, Amaryllis was responsible for well over one-third of Scots Wikipedia in 2018, but Amaryllis stopped updating their milestones that year.

Nicolas Rougier, a computational neuroscientist and programmer at INRIA, the French National Institute for Research in Digital Science and Technology in Bordeaux, writes: I organized with [Konrad Hinsen, a theoretical biophysicist at the French National Centre for Scientific Research (CNRS) in Orleans] the "Ten Years Reproducibility Challenge," whose goal was to check if researchers would be able to run their own code that has been published at least ten years ago (i.e. before 2010). Most participants managed to run it, but it was not without pain. Today, Nature published an article summarizing the different problems we encountered. I myself tried to re-run an Apple II program I wrote 32 years ago on a vintage Apple IIe. This was quite instructive, especially regarding modern software system with the dependencies hell.

An anonymous reader quotes a report from Wired: FritzFrog has been used to try and infiltrate government agencies, banks, telecom companies, and universities across the US and Europe. Researchers have found what they believe is a previously undiscovered botnet that uses unusually advanced measures to covertly target millions of servers around the world. The botnet uses proprietary software written from scratch to infect servers and corral them into a peer-to-peer network, researchers from security firm Guardicore Labs reported on Wednesday. Peer-to-peer (P2P) botnets distribute their administration among many infected nodes rather than relying on a control server to send commands and receive pilfered data. With no centralized server, the botnets are generally harder to spot and more difficult to shut down.

The botnet, which Guardicore Labs researchers have named FritzFrog, has a host of other advanced features, including: In-memory payloads that never touch the disks of infected servers; At least 20 versions of the software binary since January; A sole focus on infecting secure shell, or SSH, servers that network administrators use to manage machines; The ability to backdoor infected servers; and A list of login credential combinations used to suss out weak login passwords that's more "extensive" than those in previously seen botnets. Taken together, the attributes indicate an above-average operator who has invested considerable resources to build a botnet that's effective, difficult to detect, and resilient to takedowns. The new code base -- combined with rapidly evolving versions and payloads that run only in memory -- make it hard for antivirus and other end-point protection to detect the malware.

The botnet has so far succeeded in infecting 500 servers belonging to "well-known universities in the US and Europe, and a railway company."Once installed, the malicious payload can execute 30 commands, including those that run scripts and download databases, logs, or files. To evade firewalls and endpoint protection, attackers pipe commands over SSH to a netcat client on the infected machine. Netcat then connects to a "malware server." (Mention of this server suggests that the FritzFrog peer-to-peer structure may not be absolute. Or it's possible that the "malware server" is hosted on one of the infected machines, and not on a dedicated server. Guardicore Labs researchers weren't immediately available to clarify.)

New submitter bondman writes: Windows 95 was released a full quarter century ago today, on August 24th, 1995. Long gone, nearly forgotten? I'm surprised to not have come across a retrospective article yet. I've linked to the Wikipedia article.

As for me I still haven't grown to re-like The Rolling Stones "Start Me Up" yet. I got so sick of hearing it with all the pre-launch and post-launch hype, as the song was tied heavily to the Win 95 launch event. Microsoft paid the Stones a princely sum to use it.

I still remember how exciting it was to see the full-length, full-screen video included on the installation CD-ROM, "Buddy Holly" by Weezer. Mind-blowing to watch a whole music video on your computer. Crappy resolution by our standards today, and a very limited palette to my memory. But as I said, amazing in the day.

Windows 95 had many fans and many critics. At the time, I recall it as an exciting OS (or GUI on top of DOS, if you prefer). PC users were riveted to all the magazine and other media coverage pre-launch. I remember it fondly (with all the obligatory respect due Mac OS, the Amiga, and all the other early GUIs of course).

Bridgefy, a popular messaging app for conversing with one another when internet connections are heavily congested or completely shut down, is a privacy disaster that can allow moderately-skilled hackers to take a host of nefarious actions against users, according to a paper published on Monday. The findings come after the company has for months touted the app as a safe and reliable way for activists to communicate in large gatherings. Ars Technica reports: By using Bluetooth and mesh network routing, Bridgefy lets users within a few hundred meters -- and much further as long as there are intermediary nodes -- to send and receive both direct and group texts with no reliance on the Internet at all. Bridgefy cofounder and CEO Jorge Rios has said he originally envisioned the app as a way for people to communicate in rural areas or other places where Internet connections were scarce. And with the past year's upswell of large protests around the world -- often in places with hostile or authoritarian governments -- company representatives began telling journalists that the app's use of end-to-end encryption (reiterated here, here, and here) protected activists against governments and counter protesters trying to intercept texts or shut down communications.

[R]esearchers said that the app's design for use at concerts, sports events, or during natural disasters makes it woefully unsuitable for more threatening settings such as mass protests. They wrote: "Though it is advertised as 'safe' and 'private' and its creators claimed it was secured by end-to-end encryption, none of aforementioned use cases can be considered as taking place in adversarial environments such as situations of civil unrest where attempts to subvert the application's security are not merely possible, but to be expected, and where such attacks can have harsh consequences for its users. Despite this, the Bridgefy developers advertise the app for such scenarios and media reports suggest the application is indeed relied upon."

The researchers are: Martin R. Albrecht, Jorge Blasco, Rikke Bjerg Jensen, and Lenka Marekova from Royal Holloway, University of London. After reverse engineering the app, they devised a series of devastating attacks that allow hackers -- in many cases with only modest resources and moderate skill levels -- to take a host of nefarious actions against users. The attacks allow for: deanonymizing users; building social graphs of users' interactions, both in real time and after the fact; decrypting and reading direct messages; impersonating users to anyone else on the network; completely shutting down the network; and performing active man-in-the-middle attacks, which allow an adversary not only to read messages, but to tamper with them as well. "The key shortcoming that makes many of these attacks possible is that Bridgefy offers no means of cryptographic authentication, which one person uses to prove she's who she claims to be," the report adds. "Instead, the app relies on a user ID that's transmitted in plaintext to identify each person. Attackers can exploit this by sniffing the ID over the air and using it to spoof another user."

The app also uses PKCS #1, an outdated way of encoding and formatting messages so that they can be encrypted with the RSA cryptographic algorithm. "This encoding method, which was deprecated in 1998, allows attackers to perform what's known as a padding oracle attack to derive contents of an encrypted message," reports Ars.

theodp writes: That was then: Lamenting a dire shortage of U.S. computer science grads, tech investors Ali and Hadi Partovi launched Code.org in 2013 with backing from the world's largest tech firms to push coding into America's K-12 classrooms.

This is now: CS graduation can wait. Bloomberg News' Ellen Huet reports that some Silicon Valley startups, hungry for young talent, are making lemonade from COVID-19 lemons, presenting pandemic-weary CS students with an alternative to school: remote gap-year internships aimed specifically at young people looking for alternatives to a dismal school year.

Huet writes: "Dozens of Silicon Valley startups are looking to hire fall interns, according to a list assembled by startup accelerator Y Combinator. This month, venture firm Neo organized a virtual career fair for 120 students and a range of startups (including Code.org), hoping to match pairs for internships during the upcoming academic year. And venture firm Contrary Capital is offering to invest $100,000 in five teams of entrepreneurs if they take a gap year from school to build a company. Such arrangements allow interns to get paid and learn on the job, while avoiding paying tens of thousands of dollars for Zoom University. It also means that companies willing to improvise on hiring and gamble on younger workers may get new access to fresh talent. Ali Partovi, Neo's chief executive officer, said the firm surveyed 120 students who are part of its mentorship programs and found that 46% of them are interested in taking a gap semester and 21% are interested in taking a gap year."

So, is now a good time for CS majors to turn on, tune in, drop out?

Researchers have demonstrated that they can make a working 3D-printed copy of a key just by listening to how the key sounds when inserted into a lock. Slashdot reader colinwb writes: While you cannot hear the shape of a drum it seems you can hear the shape of one type of key from the sound it makes in the lock. That says it all really, but [here's how Soundarya Ramesh and her team at the National University of Singapore accomplished this feat]: "[The NUS team developed and tested what it calls SpiKey, an end-to-end attack technique for, as its name suggests, spying on Yale/Schlage type keys and using signal processing software to infer their correct shapes.] Once they have a key-insertion audio file, SpiKey's inference software gets to work filtering the signal to reveal the strong, metallic clicks as key ridges hit the lock's pins [and you can hear those filtered clicks online here]. These clicks are vital to the inference analysis: the time between them allows the SpiKey software to compute the key's inter-ridge distances and what locksmiths call the 'bitting depth' of those ridges: basically, how deeply they cut into the key shaft, or where they plateau out. If a key is inserted at a nonconstant speed, the analysis can be ruined, but the software can compensate for small speed variations.

The result of all this is that SpiKey software outputs the three most likely key designs that will fit the lock used in the audio file, reducing the potential search space from 330,000 keys to just three. 'Given that the profile of the key is publicly available for commonly used [pin-tumbler lock] keys, we can 3D-print the keys for the inferred bitting codes, one of which will unlock the door,' says Ramesh." The article has a link to a 15-minute video presentation of the research and to another article on the research.

An anonymous reader quotes long-time technology pundit Robert Cringely: Forty-five days from now, we're told, President Trump will shut down TikTok and WeChat. TikTok, maybe, but WeChat? Impossible...

Trump has a chance of taking down TikTok, the short form video sharing site, because that service is dependent on advertising. He can force the app out of U.S. app stores (though not out of foreign ones) and he can cut off the flow of ad dollars... at least those dollars that flow through American pockets. But there are workarounds, I'm sure, even for TikTok and 45 days is a lot of time to come up with them. So maybe the service will be sold to Microsoft or maybe not. In either case I'm sure TikTok will survive in some form.

WeChat, on the other hand, will thrive.

WeChat, if you haven't used it, is the mobile operating system for China. It's an app platform in its own right that is used for communication, entertainment, and commerce. Imagine Facebook, LinkedIn, PayPal, Venmo, Skype, Uber, Gmail and eBay all in a single application. That's WeChat. It's even a third-party application platform, so while U.S. banks operate on the Internet, Chinese banks operate on WeChat. Shutting WeChat down in the U.S. would be a huge blow to WeChat's parent company, TenCent, and a huge blow to the Chinese diaspora. Except it won't work.

To defeat President Trump, all WeChat users need is a Virtual Private Network and any WeChat users already in the U.S. already have a VPN to defeat the much more formidable Great Firewall of China.

"In a new paper, Cornell Tech researchers identified a problem that holds the key to whether all encryption can be broken — as well as a surprising connection to a mathematical concept that aims to define and measure randomness," according to a news release shared by Slashdot reader bd580slashdot: "Our result not only shows that cryptography has a natural 'mother' problem, it also shows a deep connection between two quite separate areas of mathematics and computer science — cryptography and algorithmic information theory," said Rafael Pass, professor of computer science at Cornell Tech...

Researchers have not been able to prove the existence of a one-way function. The most well-known candidate — which is also the basis of the most commonly used encryption schemes on the internet — relies on integer factorization. It's easy to multiply two random prime numbers — for instance, 23 and 47 — but significantly harder to find those two factors if only given their product, 1,081. It is believed that no efficient factoring algorithm exists for large numbers, Pass said, though researchers may not have found the right algorithms yet.

"The central question we're addressing is: Does it exist? Is there some natural problem that characterizes the existence of one-way functions?" he said. "If it does, that's the mother of all problems, and if you have a way to solve that problem, you can break all purported one-way functions. And if you don't know how to solve that problem, you can actually get secure cryptography...."

In the paper, Pass and doctoral student Yanyi Liu showed that if computing time-bounded Kolmogorov Complexity is hard, then one-way functions exist. Although their finding is theoretical, it has potential implications across cryptography, including internet security.

A recent series of malware attacks on U.S.-based merchants suggest thieves are exploiting weaknesses in how certain financial institutions have implemented the technology in chip-based credit and debit cards to sidestep key security features and effectively create usable, counterfeit cards. Brian Krebs reports via Krebs on Security: Traditional payment cards encode cardholder account data in plain text on a magnetic stripe, which can be read and recorded by skimming devices or malicious software surreptitiously installed in payment terminals. That data can then be encoded onto anything else with a magnetic stripe and used to place fraudulent transactions. Newer, chip-based cards employ a technology known as EMV that encrypts the account data stored in the chip. The technology causes a unique encryption key -- referred to as a token or "cryptogram" -- to be generated each time the chip card interacts with a chip-capable payment terminal.

Virtually all chip-based cards still have much of the same data that's stored in the chip encoded on a magnetic stripe on the back of the card. This is largely for reasons of backward compatibility since many merchants -- particularly those in the United States -- still have not fully implemented chip card readers. This dual functionality also allows cardholders to swipe the stripe if for some reason the card's chip or a merchant's EMV-enabled terminal has malfunctioned. But there are important differences between the cardholder data stored on EMV chips versus magnetic stripes. One of those is a component in the chip known as an integrated circuit card verification value or "iCVV" for short -- also known as a "dynamic CVV." The iCVV differs from the card verification value (CVV) stored on the physical magnetic stripe, and protects against the copying of magnetic-stripe data from the chip and the use of that data to create counterfeit magnetic stripe cards. Both the iCVV and CVV values are unrelated to the three-digit security code that is visibly printed on the back of a card, which is used mainly for e-commerce transactions or for card verification over the phone. The appeal of the EMV approach is that even if a skimmer or malware manages to intercept the transaction information when a chip card is dipped, the data is only valid for that one transaction and should not allow thieves to conduct fraudulent payments with it going forward.

However, for EMV's security protections to work, the back-end systems deployed by card-issuing financial institutions are supposed to check that when a chip card is dipped into a chip reader, only the iCVV is presented; and conversely, that only the CVV is presented when the card is swiped. If somehow these do not align for a given transaction type, the financial institution is supposed to decline the transaction. More recently, researchers at Cyber R&D Labs published a paper detailing how they tested 11 chip card implementations from 10 different banks in Europe and the U.S. The researchers found they could harvest data from four of them and create cloned magnetic stripe cards that were successfully used to place transactions. There are now strong indications the same method detailed by Cyber R&D Labs is being used by point-of-sale (POS) malware to capture EMV transaction data that can then be resold and used to fabricate magnetic stripe copies of chip-based cards.

Dreamwidth is an online journal service based on the LiveJournal codebase, according to Wikipedia — "a code fork of the original service, set up by ex-LiveJournal staff Denise Paolucci and Mark Smith, born out of a desire for a new community based on open access, transparency, freedom and respect."

"I discovered, about an hour ago, that all of my posts on Facebook which were links to Dreamwidth had vanished. Suddenly gone as if they'd never existed," complained Dreamwidth user Andrew Ducker on Sunday morning.

Though that afternoon he posted "All working fine now," thousands had already seen his original post (quoted below): I checked with Denise (one of the owners of Dreamwidth) to find out if she knew about it, and discovered that Facebook have stuck Dreamwidth on a block list...

This is unbelievably frustrating. And the kind of centralised, autocratic, opaque decision making which I loathe. Tens of thousands of active users, unable to share blog posts with Facebook (which, let's face it, is where most of my friends go for their socialising)...
"This may be an overzealous spam filter at work," Slashdot reader JoshuaZ had argued. But even before Facebook adjusted their filtering, Dreamwidth co-owner Mark Smith was calling it "definitely a bit of a /shrug moment... 'Facebook gonna Facebook' I think is approximately how we feel about this...

"We do not have any goals around growth, we don't advertise, and we ultimately don't care that much what the other platforms do. Our goal is to give people a stable home where they don't have to worry about their data being sold, their writing being monetized..."

"DNA is millions of times more efficient at storing data than your laptop's magnetic hard drive," reports Popular Mechanics.

"Since DNA can store data far more densely than silicon, you could squeeze all of the data in the world inside just a few grams of it." In a new paper published this week in the journal Proceedings of the National Academy of Sciences, Ilya Finkelstein, an associate professor of molecular biosciences at the University of Texas at Austin and company detail their new error correction method... They were able to store the entirety of The Wizard of Oz, translated into Esperanto, with more accuracy than prior DNA storage methods ever could have. We're on the yellow brick road toward the future of data storage.

Researchers at the University of Texas at Austin are certainly not the first to have encoded a work of art onto strands of DNA... [A] team of researchers from Microsoft and the University of Washington fit 200 megabytes of data onto lengths of DNA, including the entirety of War and Peace. In March 2019, they even came up with the first automated system for storing and retrieving data in the manufactured genetic material. Today, other major technology firms are also working in the space, including both IBM and Google. The ultra-secretive U.S. Intelligence Advanced Research Projects Activity — the government's version of DARPA, but for spies — is even invested in the work. These researchers envision a future where some of the most precious, but rarely accessed data, can be stored in vials of DNA, only pulled down from the cool, dark storage of the lab, as needed....

Because there are four building blocks in DNA, rather than the binary 1s and 0s in magnetic hard drives, the genetic storage method is far more dense, explains John Hawkins, another co-author of the new paper. "A teaspoon of DNA contains so much data it would require about 10 Walmart Supercenter-sized data centers to store using current technology," he tells Popular Mechanics. "Or, as some people like to put it, you could fit the entire internet in a shoe box." Not only that, but DNA is future-proof. Hawkins recalls when CDs were the dominant storage method, back in the 1990s, and they held the promise that their storage could last forever, because plastic does (but scratches can be devastating). Data stored on DNA, on the other hand, can last for hundreds of thousands of years. In fact, there is a whole field of science called archaeogenetics that explores the longevity of DNA to understand the ancient past... DNA storage doesn't require any energy, either — just a cool, dark place to hang out until someone decides to access it. But the greatest advantage, Hawkins says, is that our ability to read and write DNA will never become obsolete....

But like all data storage methods, DNA has a few shortcomings as well. The most significant upfront hurdle is cost. Hawkins says that current methods are similar to the cost for an Apple Hard Disk 20 back in 1980. Back then, about 20 megabytes of storage — or the amount of data you'd need to use to download a 15-minute video — went for about $1,500.

"NASA's Juno Jupiter probe has captured unprecedented views of the largest moon in the solar system," reports Space.com: During a close flyby of Jupiter on Dec. 26, 2019, Juno mapped the north polar regions of the icy satellite Ganymede in infrared light, something no other spacecraft had done before. The data, which Juno gathered using its Jovian Infrared Auroral Mapper (JIRAM) instrument, show that Ganymede's northern reaches are very different than locales closer to the equator of the moon, which is bigger than the planet Mercury. "The JIRAM data show the ice at and surrounding Ganymede's north pole has been modified by the precipitation of plasma," Alessandro Mura, a Juno co-investigator at the National Institute for Astrophysics in Rome, said in a statement.

"It is a phenomenon that we have been able to learn about for the first time with Juno because we are able to see the north pole in its entirety."

This plasma consists of charged particles from the sun, which have been trapped by Jupiter's powerful magnetic field. Unlike any other moon, the 3,274-mile-wide (5,269 kilometers) Ganymede has a magnetic field of its own, which funnels the plasma toward its poles. A similar phenomenon occurs here on Earth, which explains why the auroras occur at high latitudes on our planet. But Ganymede has no atmosphere to obstruct and be lit up by these particles, so they slam hard into the ice at and around both poles.
The article notes that the $1.1 billion Juno probe "launched in August 2011 and arrived at Jupiter in July 2016."

"A photo and film restoration specialist, who goes by the name of DutchSteamMachine, has worked some AI magic to enhance original Apollo film, creating strikingly clear and vivid video clips and images," reports Universe Today: Take a look at this enhanced footage from an Apollo 16 lunar rover traverse with Charlie Duke and John Young, where the footage that was originally shot with 12 frames per second (FPS) has been increased to 60 FPS... And I was blown away by the crisp view of the Moon's surface in this enhanced view of Apollo 15's landing site at Hadley Rille... Or take a look at how clearly Neil Armstrong is visible in this enhanced version of the often-seen "first step" video from Apollo 11 taken by a 16mm video camera inside the Lunar Module...

The AI that DutchSteamMachine uses is called Depth-Aware video frame INterpolation, or DAIN for short. This AI is open source, free and constantly being developed and improved upon... "People have used the same AI programs to bring old film recordings from the 1900s back to life, in high definition and colour," he said. "This technique seemed like a great thing to apply to much newer footage...."

DutchSteamMachine does this work in his spare time, and posts it for free on his YouTube page. His tagline is "Preserving the past for the future..." And he's planning to keep it all coming. "I plan to improve tons of Apollo footage like this," he said. "A lot more space and history-related footage is going to be published on my YT channel continuously." He also has a Flickr page with more enhanced imagery. [And a Patreon page...]
Long-time Slashdot reader schwit1 calls it "similar to what Peter Jackson did with old World War I footage for They Shall Not Grow Old ."

emil (Slashdot reader #695) writes: The advent of quantum computing poses a well-recognized threat to RSA and other well-known asymmetric cryptosystems. It has been four years since NIST opened the post-quantum cryptography competition, and we are seeing extensive delays compared to AES.

A new and (hopefully) quantum-secure SSH key exchange, based on NTRU Prime, has been present in OpenSSH since January 2019, first implemented in TinySSH shortly before. This key exchange is marked by OpenSSH as experimental, and not enabled by default.

For those ready to evaluate NTRU Prime, or otherwise seeking an SSH server with "state-of-the-art crypto" (as described by TinySSH author Jan Mojí), a complete procedure for a Musl build and Busybox container deployment is presented, with additional focus on supplemental servers and key conversion.

When asked for the most efficient way to sort a million 32-bit integers in 2008, then-presidential candidate Barack Obama answered, "I think the bubble sort would be the wrong way to go."

But people are still searching for the best possible sorting algorithms, explains Slashdot reader scandum: Long has the conviction been held that quicksort is faster than merge sort. Timsort (derived from merge sort and insertion sort) was introduced in 2002 and while slower than quicksort for random data, Timsort performs better on ordered data.

Quadsort (derived from merge sort) was introduced in 2020 and is faster than quicksort for random data, and slightly faster than Timsort on ordered data.

Also of notice is the significant performance difference on small arrays, quadsort is on average two times faster than Timsort on data sets between 10 and 1000 elements. Quadsort achieves this performance through several optimizations spread out over 1500 lines of code that get the maximum performance out of merge sort.
Quadsort's GitHub page explains: After the first round of sorting a single if check determines if the four swap variables are sorted in order, if that's the case the swap finishes up immediately. Next it checks if the swap variables are sorted in reverse-order, if that's the case the sort finishes up immediately. If both checks fail...two checks remain to determine the final order.

An anonymous reader quotes a report from Vox: [T]he story really starts in 2008, when Netflix broke into streaming in a big way, through a backdoor: It purchased the digital streaming rights to movies from Disney and Sony -- that is, movies you've heard of, like Pirates of the Caribbean -- from Starz, the pay TV channel. Starz had ambitions for its own streaming service, but those fizzled, which is why you have probably never heard of Vongo. And that's why Netflix got those movies for a song -- around $30 million a year -- while becoming a pretty good streaming service almost overnight. For context: In 2012, when Netflix wanted to make a new streaming deal for content from Disney, which by then had realized that streaming was a real thing, Netflix paid an estimated $300 million a year.

A contractual loophole let Netflix get Disney's and Sony's stuff without cutting deals with Disney and Sony. But soon enough, media companies were scrambling to sell their stuff directly to Netflix: They saw Netflix as an easy source of nearly free money -- if Reed Hastings and company wanted to pay them for old shows and movies they were already selling other places, then they'd be happy to do it. But that free money wasn't really free: Netflix took the stuff Hollywood considered its leftovers and built a giant business with it -- and ended up competing directly with the established media players, using their own content. Which leads us to today, where the biggest media companies in the world find themselves years behind what used to be a Silicon Valley upstart. The full story on the impact Netflix has had on Hollywood and the people who run it and work in it was told in this week's episode of Land of the Giants: The Netflix Effect.

An anonymous reader writes: A rare 1944 four-rotor M4 Enigma cipher machine, considered one of the hardest challenges for the Allies to decrypt, has sold at a Christie's auction for $437,955. As noted by Christie's, the M4 Enigma has a special place in computing history as the Allied efforts to break its encryption led to the development of the first programmable computer, the one developed at Bletchley Park that was used to secretly break the M4, giving Allied forces visibility into German naval planning during the Battle of the Atlantic until its surrender in mid-1945.

The M4 Enigmas are considered rare because they were made in smaller numbers than three-rotor machines. After Germany capitulated, the country ordered troops to destroy remaining Enigmas in order to keep them from Allied forces. After the war Winston Churchill also ordered all remaining Enigmas destroyed to help preserve the secret of Allied decoding successes at Bletchley. The M4 Enigmas were made on the order of Admiral Karl Donitz, the commander of the German U-boat fleet, who had concerns over repeated Allied successes against his submarines. The M4 became available to the U-boat fleet in May 1941, preventing Allies from knowing where German's U-boats were positioned for almost a year until Turing and Joe Desch in Dayton, Ohio developed the computer that broke M4 encryption to decipher German messages. By mid-1943 the majority of M4 Enigma messages were being read by the Allies, but it was not until the 1970s that knowledge of the Allied successes against the Enigma was made public. "Rival auction house Sotheby's sold an M4 Enigma last year for $800,000, which may have reached a higher selling price because it was one of one of 15 Enigma machines found in a bunker at Germany's key Northern European naval base in Trondheim, Norway, which Germany had occupied since 1940," adds ZDNet.

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 84 for Windows, Mac, Linux, Android, and iOS. Chrome 84 resumes SameSite cookie changes, includes the Web OTP API and Web Animations API, and removes older Transport Layer Security (TLS) versions. First deprecated with Chrome 81 in April, TLS 1.0 and TLS 1.1 have now been completely removed with Chrome 84. This is notable for anyone who manages a website, even if they don't use Chrome at home or at work. TLS is a cryptographic protocol designed to provide communications security over a computer network -- websites use it to secure all communications between their servers and browsers. TLS also succeeds Secure Sockets Layer (SSL) and thus handles the encryption of every HTTPS connection.

In May 2016, Chrome 51 introduced the SameSite attribute to allow sites to declare whether cookies should be restricted to a same-site (first-party) context. The hope was this would mitigate cross-site request forgeries (CSRF). Chrome 80 began enforcing a new secure-by-default cookie classification system, treating cookies that have no declared SameSite value as SameSite=Lax cookies. Only cookies set as SameSite=None; Secure are available in third-party contexts, provided they are being accessed from secure connections. Due to the coronavirus crisis, however, Google paused the SameSite cookie changes, with plans to resume enforcement sometime over the summer. SameSite cookie enforcement has now resumed with a gradual rollout ramping up over the next several weeks for Chrome 80 and newer.

Chrome 84 introduces the Web OTP API (formerly called the SMS Receiver API). This API helps users enter a one-time password (OTP) on a webpage when a specially crafted SMS message is delivered to their Android phone. When verifying the ownership of a phone number, developers typically send an OTP over SMS that must be manually entered by the user (or copied and pasted). The user has to switch to their native SMS app and back to their web app to input the code. The Web OTP API lets developers help users enter the code with one tap. Chrome 84 also adopts the Web Animations API, which gives developers more control over web animations. These can be used to help users navigate a digital space, remember your app or site, and provide implicit hints around how to use your product. Parts of the API have been around for some time, but this implementation brings greater spec compliance and supports compositing operations, which control how effects are combined and offer many new hooks that enable replaceable events. The API also supports Promises, which allow for animation sequencing and provide greater control over how animations interact with other app features.