Android

Essential Phone Will Ship Next Week, Shortly After Breaking $1 Billion Valuation (9to5google.com) 70

New submitter cloud.pt writes: Andy Rubin's Essential Phone will be released next week according to 9to5Google, just shy from its initial June mark. The company has been speculated to be worth around $1.2 billion, after giant Foxconn filed yesterday for a 0.25% acquisition at around $3 million -- clearing unicorn status as it hasn't shipped a single unit at the time. According to Engadget, future and existing pre-orders will have a chance to switch to the Pure White version of the slab, despite initial shipments being scheduled to be of the Black Moon variety. Essential's storefront orders will get the device unlocked, while the only parties offering the device will initially be Sprint. Rumor has it Amazon plans to sell the device as it invested in the company through its Alexa fund. No matter the contract attached, it will come with the full range of network capabilities unlocked.
Communications

Neo-Nazi Site The Daily Stormer Moves To Dark Web After Shutdown (vice.com) 334

After being shutdown by Google and GoDaddy, prominent neo-Nazi website The Daily Stormer has moved their site to the dark web. "The new site is now only available through the Tor network, which allows users to set up their own domains," reports VICE News. "The original site, Dailystormer.com, is now fully offline." From the report: The homepage, as of Tuesday morning, contained articles that make light of the car ramming attack that claimed the life of 32-year-old Heather Heyer; admonish the "Jew media;" liberally employ various racial epithets; and, in a less offensive post, provided an update on which characters are available on Pokemon Go. In a statement, the site's founder promised to bring his site back online. "The Daily Stormer will be live in internet prison with drug dealers, terrorists and perverts, which is where we've been exiled to, for all time," Andrew Anglin said in a statement sent to VICE News. "We should have a real domain online within 24 hours. If it gets shut down again, people will know we are on the black web."
The Internet

Cloudflare is the One Tech Company Still Sticking By Neo-Nazi Websites (qz.com) 549

An anonymous reader shares a report: One company is sticking by The Daily Stormer and other far-right websites: the cloud security and performance service Cloudflare. Cloudflare acts as a shield between websites and the outside world, protecting them from hackers and preserving the anonymity of the sites' owners. But Cloudflare is not a hosting service: It does not store website content on its servers. And that fact, as far as the company is concerned, exempts it from judgment over who its clients are -- even if those clients are literally Nazis. In a statement Cloudflare sent to Quartz and other publications yesterday, the company refused to explicitly say it will continue to do business with sites like The Daily Stormer, but pointed out that the content would exist regardless of what Cloudflare does or doesn't do. "Cloudflare is aware of the concerns that have been raised over some sites that have used our network. We find the content on some of these sites repugnant. While our policy is to not comment on any user specifically, we are cooperating with law enforcement in any investigation. Cloudflare is not the host of any website. Cloudflare is a network that provides performance and security services to more than 10% of all Internet requests. Cloudflare terminating any user would not remove their content from the Internet, it would simply make a site slower and more vulnerable to attack."
UPDATE: The Daily Stormer now says Cloudflare has decided to drop their site after all.
The Courts

Judge Says LinkedIn Cannot Block Startup From Public Profile Data (reuters.com) 162

A U.S. federal judge on Monday ruled that LinkedIn cannot prevent a startup from accessing public profile data, in a test of how much control a social media site can wield over information its users have deemed to be public. Reuters reports: U.S. District Judge Edward Chen in San Francisco granted a preliminary injunction request brought by hiQ Labs, and ordered LinkedIn to remove within 24 hours any technology preventing hiQ from accessing public profiles. The dispute between the two tech companies has been going on since May, when LinkedIn issued a letter to hiQ Labs instructing the startup to stop scraping data from its service. HiQ Labs responded by filing a suit against LinkedIn in June, alleging that the Microsoft-owned social network was in violation of antitrust laws. HiQ Labs uses the LinkedIn data to build algorithms capable of predicting employee behaviors, such as when they might quit. "To the extent LinkedIn has already put in place technology to prevent hiQ from accessing these public profiles, it is ordered to remove any such barriers," Chen's order reads. Meanwhile, LinkedIn said in a statement: "We're disappointed in the court's ruling. This case is not over. We will continue to fight to protect our members' ability to control the information they make available on LinkedIn."
AI

Elon Musk + AI + Microsoft = Awesome Dota 2 Player (theverge.com) 105

An anonymous reader quotes the Verge: Tonight during Valve's yearly Dota 2 tournament, a surprise segment introduced what could be the best new player in the world -- a bot from Elon Musk-backed startup OpenAI. Engineers from the nonprofit say the bot learned enough to beat Dota 2 pros in just two weeks of real-time learning, though in that training period they say it amassed "lifetimes" of experience, likely using a neural network judging by the company's prior efforts. Musk is hailing the achievement as the first time artificial intelligence has been able to beat pros in competitive e-sports... Elon Musk founded OpenAI as a nonprofit venture to prevent AI from destroying the world -- something Musk has been beating the drum about for years.
"Nobody likes being regulated," Musk wrote on Twitter Friday, "but everything (cars, planes, food, drugs, etc) that's a danger to the public is regulated. AI should be too."

Musk also thanked Microsoft on Twitter "for use of their Azure cloud computing platform. This required massive processing power."
Communications

iOS 10 Quietly Deprecated A Crucial API For VoIP and Communication Apps (apple.com) 122

neutrino38 warns that iOS 10 includes a significant change "overlooked by the general public": It deprecates an API that is crucial for VoIP and other instant messaging applications that enable keeping one socket active despite the fact that the application would run in the background. As a replacement, developers need to use PushKit: when an incoming call is to be forwarded to an iOS VoIP client, the VoIP infrastructure needs to:

- withold the call
- contact Apple push infrastructure using a proprietary protocol to wake up the client app remotely
- wait for the application to reconnect to the infrastructure and release the call when it is ready

This "I know better than you" approach is meant to further optimize battery life on iOS devices by avoiding the use of resources by apps running in background. It has also the positive effect of forcing developers to switch to a push model and remove all periodic pollings that ultimately use mobile data and clog the Internet. However, the decision to use an Apple infrastructure has many consequences for VoIP providers:

- the reliability of serving incoming calls is directly bound to Apple service
- Apple may revoke the PushKit certificate. It thus has life and death decision power over third-party communication infrastructures
- organizations wanting to setup IPBX and use iOS client have no option but to open access for the push services of Apple in their firewall
- It is not possible to have iOS VoIP or communication clients in network disconnected from the Internet - Pure standard SIP clients are now broken on iOS

The original submission argues that Apple is creating "the perfect walled garden," adding that "Ironically, the only VoIP 'app' that is not affected is the (future?) VoLTE client that will be added to iOS one day."
Democrats

Russian Group That Hacked DNC Used NSA Attack Code In Attack On Hotels (arstechnica.com) 190

An anonymous reader quotes a report from Ars Technica: A Russian government-sponsored group accused of hacking the Democratic National Committee last year has likely been infecting other targets of interest with the help of a potent Windows exploit developed by, and later stolen from, the National Security Agency, researchers said Friday. Eternal Blue, as the exploit is code-named, is one of scores of advanced NSA attacks that have been released over the past year by a mysterious group calling itself the Shadow Brokers. It was published in April in the group's most damaging release to date. Its ability to spread from computer to computer without any user action was the engine that allowed the WCry ransomware worm, which appropriated the leaked exploit, to shut down computers worldwide in May. Eternal Blue also played a role in the spread of NotPetya, a follow-on worm that caused major disruptions in June. Now, researchers at security firm FireEye say they're moderately confident the Russian hacking group known as Fancy Bear, APT 28, and other names has also used Eternal Blue, this time in a campaign that targeted people of interest as they connected to hotel Wi-Fi networks. In July, the campaign started using Eternal Blue to spread from computer to computer inside various staff and guest networks, company researchers Lindsay Smith and Ben Read wrote in a blog post. While the researchers didn't directly observe those attacks being used to infect guest computers connected to the network, they said a related campaign from last year used the control of hotel Wi-Fi services to obtain login credentials from guest devices.
Government

FBI Says Islamic State Used eBay, PayPal To Channel Money To the US (theverge.com) 57

An anonymous reader quotes a report from The Verge: Islamic State allegedly used PayPal and fake eBay transactions to channel money to an operative in the U.S., The Wall Street Journal reports. The man who allegedly received the money was American citizen Mohamed Elshinawy, who was arrested last year in Maryland. The FBI claims that Elshinawy, in his early 30s, sold computer printers on eBay as a front in order to receive the payments through PayPal. The details have come to light because of a recently unsealed FBI affidavit, which alleges Elshinawy was part of a worldwide network that used such channels to fund ISIS. Elshinawy received $8,700 from ISIS, including five PayPal payments from senior ISIS official Siful Sujan through his technology company. Those funds were used to buy a laptop, a cellphone, and a VPN to communicate with IS, according to the affidavit. Sujan was killed in a drone strike in 2015. eBay told The Wall Street Journal it "has zero tolerance for criminal activities taking place on our marketplace." Meanwhile, a spokeswoman for PayPal said it "invests significant time and resources in working to prevent terrorist activity on our platform. We proactively report suspicious activities and respond quickly to lawful requests to support law enforcement agencies in their investigations."
Businesses

Almost All of FCC's New Advisory Panel Works For Telecoms (thedailybeast.com) 84

New submitter simkel writes: When the Federal Communications Commission went looking this year for experts to sit on an advisory committee regarding deployment of high-speed internet, Gary Carter thought he would be a logical choice. Carter works for the city of Santa Monica, California, where he oversees City Net, one of the oldest municipal-run networks in the nation. The network sells high-speed internet to local businesses, and uses the revenue in part to connect low-income neighborhoods. That experience seemed to be a good match for the proposed Broadband Deployment Advisory Committee (BDAC), which FCC Chairman Ajit Pai created this year. One of the panel's stated goals is to streamline city and state rules that might accelerate installation of high-speed internet. But one of the unstated goals, members say, is to make it easier for companies to build networks for the next generation wireless technology, called 5G. The advanced network, which promises faster speeds, will require that millions of small cells and towers be erected nationwide on city- and state-owned public property. The assignment seemed to call out for participation from city officials like Carter, since municipal officials approve where and what equipment telecommunications companies can place on public rights of way, poles and buildings. But the FCC didn't choose Carter -- or almost any of the other city or state government officials who applied. Sixty-four city and state officials were nominated for the panel, but the agency initially chose only two: Sam Liccardo, mayor of San Jose, California, and Kelleigh Cole from the Utah Governor's Office, according to documents obtained by the Center for Public Integrity through a Freedom of Information Act request. Pai later appointed another city official, Andy Huckaba, a member of the Lenexa, Kansas, city council. Instead the FCC loaded the 30-member panel with corporate executives, trade groups and free-market scholars. More than three out of four seats on the BDAC are filled by business-friendly representatives from the biggest wireless and cable companies such as AT&T, Comcast, Sprint, and TDS Telecom. Crown Castle International Corp., the nation's largest wireless infrastructure company, and Southern, the nation's second-largest utility firm, have representatives on the panel.
Security

HBO Hacker Leaks Message From HBO Offering $250,000 'Bounty Payment' (variety.com) 60

The HBO hacker has struck yet again. From a report: Variety has obtained a copy of another message released Thursday by the anonymous hacker to select journalists in which HBO is apparently responding to the initial video letter that was sent informing the Time Warner-owned company of the massive data breach. The message from HBO, dated July 27, features the network's offer to make a "bounty payment" of $250,000 as part of a program in which "white hat IT professionals" are rewarded for "bringing these types of things to our attention." While the message takes a curiously non-confrontational tone in response to a hacker out to damage HBO, a source close to the investigation who confirmed the veracity of the email explained it was worded that way to stall for time while the company attempted to assess the serious situation.
China

China Working On 'Repression Network' Which Lets Cameras Identify Cars With Unprecedented Accuracy (thesun.co.uk) 80

schwit1 shares a report from The Sun: Researchers at a Chinese university have revealed the results of an investigation aimed at creating a "repression network" which can identify cars from "customized paintings, decorations or even scratches" rather than by scanning its number plate. A team from Peking University said the technology they have developed to perform this task could also be used to recognize the faces of human beings. Essentially, it works by learning from what it sees, allowing it to differentiate between cars (or humans) by spotting small differences between them. "The growing explosion in the use of surveillance cameras in public security highlights the importance of vehicle search from large-scale image databases," the researcher wrote. "Precise vehicle search, aiming at finding out all instances for a given query vehicle image, is a challenging task as different vehicles will look very similar to each other if they share same visual attributes." They added: "We can extend our framework [software] into wider applications like face and person retrieval [identification] as well."
China

China's VPN Developers Face Crackdown (bbc.com) 55

China recently launched a crackdown on the use of software which allows users to get around its heavy internet censorship. Now as the BBC reports, developers are facing growing pressure. From the report: The three plain-clothes policemen tracked him down using a web address. They came to his house and demanded to see his computer. They told him to take down the app he was selling on Apple's App Store, and filmed it as it was happening. His crime was to develop and sell a piece of software that allows people to get round the tough restrictions that limit access to the internet in China. A virtual private network (VPN) uses servers abroad to provide a secure link to the internet. It's essential in China if you want to access parts of the outside world like Facebook, Gmail or YouTube, all of which are blocked on the mainland. "They insisted they needed to see my computer," the software developer, who didn't want us to use his name, told us during a phone interview. "I said this is my private stuff. How can you search as you please?" No warrant was produced and when he asked them what law he had violated they didn't say. Initially he refused to co-operate but, fearing detention, he relented. Then they told him what they wanted: "If you take the app off the shelf from Apple's App Store then this will be all over." 'Sorry, I can't help you with that'. Up until a few months ago his was a legal business. Then the government changed the regulations. VPN sellers need a licence now.
Facebook

Facebook Launches Watch Tab For Video Shows, Uses TV's 75-Year-Old Marketing Pitch (marketwatch.com) 40

From a report: Facebook's push toward original video content will take a big step forward Thursday with the launch of a new section, dubbed Watch. The new tab, which Facebook FB, said late Wednesday will launch for a limited number of U.S. users for now, will feature about 40 original series, with plans to eventually scale up to hundreds of shows. Facebook said it will become available to more users in the coming weeks. The Mountain View, Calif., social network is hoping to tap into lucrative TV advertising revenue to boost its ever-expanding bottom line. If successful, Watch could stem the ad-load slowdown for the rest of the year that Chief Financial Officer David Wehner warned about last month when Facebook filed its quarterly earnings. Facebook also hopes the Watch tab will open up a new method of advertising that doesn't clutter users' News Feeds, and keep its 2 billion users on its site longer. Company's founder Mark Zuckerberg is understandably very excited about the move. He says the company believes "it's possible to rethink a lot of experiences through the lens of building community -- including watching video. Watching a show doesn't have to be passive. It can be a chance to share an experience and bring people together who care about the same things." If that pitch sounds familiar to you, it's because TV has been doing it for more than 75 years.
Facebook

Facebook Is Cracking Down On Deceptive Ads For Porn, Diet Pills (adweek.com) 90

According to Adweek, the next target in Facebook's efforts to keep its News Feed clean is cloaking -- a technique used by "bad actors" to circumvent Facebook's review processes and show content to people that violates Facebook's Community Standards and Advertising Policies. For example, they will set up web pages so that when a Facebook reviewer clicks a link to check whether it's consistent with Facebook's policies, they are taken to a different web page than when someone using the Facebook app clicks that same link. "Facebook product management director Rob Leathern and software engineer Bobbie Chang described in a Newsroom post how 'bad actors' -- such as those promoting diet pills, pornography or muscle-building scams -- attempt to game the social network's review processes," reports Adweek. From the report: Leathern and Chang said Facebook has removed "thousands" of offenders from its platform over the past few months, and any advertisers or pages that are caught cloaking will be banned, as well. Facebook is using artificial intelligence in its anti-cloaking efforts, expanding efforts by human reviewers to identify, capture and verify incidents of cloaking and revising its policies. Pages that are not engaging in these practices should see no impact in their referral traffic.
Technology

How a Port Misconfiguration Exposed Critical Infrastructure Data (helpnetsecurity.com) 49

An anonymous reader writes: Attacks hitting companies' electrical systems are possible, especially when information that provides insight into those systems' weak points is freely accessible online. If you think that such a thing is unlikely, you probably haven't yet heard about the most recent discovery made by UpGuard researchers: an open port used for rsync server synchronization has left the network of Power Quality Engineering (PQE) wide open to malicious attackers. They managed to access and exfiltrate 205 GB of data from PQE's servers, up until the moment when the company secured its systems two days later after being notified of the problem.
Cloud

Cisco Meraki Loses Customer Data in Engineering Gaffe (cloudpro.co.uk) 63

Cisco has admitted to losing customer data during a configuration change its enginners applied to its Meraki cloud managed IT service. From a report: Specific data uploaded to Cisco Meraki before 11:20 am PT last Thursday was deleted after engineers created an erroneous policy in a configuration change to its US object storage service, Cisco admitted on Friday. The company did say that the issue has been fixed, and while the error will not affect network operations in most cases, it admitted the faulty policy "but will be an inconvenience as some of your data may have been lost." Cisco hasn't said how many of its 140,000+ Meraki customers have been affected. The deleted data includes custom floor plans, logos, enterprise apps and voicemail greetings found on users' dashboard, systems manager and phones. The engineering team was working over the weekend to find out whether the data can be recovered and potentially build tools so that customers can find out what data has been lost.
Cellphones

Ask Slashdot: Are My Drone Apps Phoning Home? 132

Slashdot reader bitwraith noticed something suspicious after flying "a few cheap, ready-to-fly quadcopters" with their smartphone apps, including drones from Odyssey and Eachine. I often turn off my phone's Wi-Fi support before plugging it in to charge at night, only to discover it has mysteriously turned on in the morning. After checking the Wi-Fi Control History on my S7, it appears as though the various cookie-cutter apps for these drones wake up to phone home in the night after they are opened, while the phone is charging. I tried contacting the publisher of the Odyssey VR app, with no reply.

I would uninstall the app, but then how would I fly my drone? Why did Google grant permission to control Wi-Fi state implicitly to all apps, including these abusers? Are the apps phoning home to report my flight history?

The original submission asks about similar experiences from other drone-owning Slashdot users -- so leave your best answers in the comments. What's making this phone wake up in the night?

Are the drone apps phoning home?
Government

'Elon Musk's Hyperloop Is Doomed For the Worst Reason' (bloomberg.com) 304

schwit1 quotes a Bloomberg column by Virginia Postrel: What makes Musk's Hyperloop plan seem like fantasy isn't the high-tech part. Shooting passengers along at more than 700 miles per hour seems simple -- engineers pushed 200 miles-per-hour in a test this week -- compared to building a tunnel from New York to Washington. And even digging that enormously long tunnel -- twice as long as the longest currently in existence -- seems straightforward compared to navigating the necessary regulatory approvals... The eye-rolling comes less from the technical challenges than from the bureaucratic ones.

With his premature declaration, Musk is doing public debate a favor. He's reminding us of what the barriers to ambitious projects really are: not technology, not even money, but getting permission to try. "Permits harder than technology," Musk tweeted after talking with Los Angeles mayor Eric Garcetti about building a tunnel network. That's true for the public sector as well as the private... SpaceX and its commercial-spaceflight competitors can experiment because Congress and President Barack Obama agreed to protect them from Federal Aviation Administration standards. usk is betting that his salesmanship will have a similar effect on the ground. He's trying to get the public so excited that the political pressures to allow the Hyperloop to go forward become irresistible. He seems to believe that he can will the permission into being. If he succeeds, he'll upend not merely intercity transit but the bureaucratic process by which things get built. That would be a true science-fiction scenario.

Red Hat Software

Red Hat Acquires Data-Cleaning Company Permabit (fortune.com) 85

An anonymous reader quotes Fortune: Business software company Red Hat said on Monday that it is acquiring the technology assets of Permabit, a small company that specializes in cleaning up corporate data to make storage more efficient and data access faster. Terms of the deal were not disclosed but a Red Hat spokesman said 16 people from Permabit will be joining that company...

While the conventional wisdom is that data storage is cheap, it is not free. And with companies turning to more expensive flash storage, it saves money to remove redundant data, said Richard Fichera, vice president and principal analyst at Forrester Research... Red Hat, which sells a version of the Linux operating system used by many Fortune 500 companies, also offers its own storage software. And, it wants to become a more formidable challenger in data storage, a goal that can be furthered by buying Permabit's technology, Fichera said.

Slashdot reader See Attached points out that this week Red Hat also released RHEL 7.4, which introduces support for Network Bound Disk Encryption (NBDE) and system protection against intrusive USB devices.
The Military

US Army Calls Halt On Use of Chinese-Made Drones By DJI (theverge.com) 45

Due to "an increased awareness of cyber vulnerabilities with DJI products," the U.S. Army is asking all units to discontinue the use of DJI drones. The news comes from an internal memo obtained by the editor of SUAS News. It notes that the Army had issued over 300 separate releases authorizing the use of DJI products for Army missions, meaning a lot of hardware may have been in active use prior to the memo, which is dated August 2nd, 2017. The Verge reports: SUAS News published a piece back in May of this year that made a number of serious accusations about data gathered by DJI drones. Author Kevin Pomaski starts out writing, "Using a simple Google search the data mined by DJI from your provided flights (imagery, position and flight logs) and your audio can be accessed without your knowing consent." However, he never follows up with evidence to demonstrate how this data becomes public or can be found through a Google search. Pomaski also point out, correctly, that when DJI users elect to upload data to their SkyPixel accounts through the DJI app, this data can be stored on servers in the U.S., Hong Kong, and China. This data can include videos, photos, and audio recorded by your phone's microphone, and telemetry data detailing the height, distance, and position of your recent flights. DJI provided the following statement to The Verge: "People, businesses and governments around the world rely on DJI's products and technology for a variety of uses including sensitive and mission critical operations. The Department of the Army memo even reports that they have 'issued over 300 separate Airworthiness Releases for DJI products in support of multiple organizations with a variety of mission sets.' We are surprised and disappointed to read reports of the U.S. Army's unprompted restriction on DJI drones as we were not consulted during their decision. We are happy to work directly with any organization, including the U.S. Army, that has concerns about our management of cyber issues. We'll be reaching out to the U.S. Army to confirm the memo and to understand what is specifically meant by 'cyber vulnerabilities.' Until then, we ask everyone to refrain from undue speculation."

Slashdot Top Deals