Medicine

Medicare To Require Hospitals To Post Prices Online (pbs.org) 60

An anonymous reader quotes a report from PBS: Medicare will require hospitals to post their standard prices online and make electronic medical records more readily available to patients, officials said Tuesday. The program is also starting a comprehensive review of how it will pay for costly new forms of immunotherapy to battle cancer. Hospitals are required to disclose prices publicly, but the latest change would put that information online in machine-readable format that can be easily processed by computers. It may still prove to be confusing to consumers, since standard rates are like list prices and don't reflect what insurers and government programs pay.

Likewise, many health care providers already make computerized records available to patients, but starting in 2021 Medicare would base part of a hospital's payments on how good a job they do. Using electronic medical records remains a cumbersome task, and the Trump administration has invited technology companies to design secure apps that would let patients access their records from all their providers instead of having to go to different portals.
Seema Verma, head of the Centers for Medicare and Medicaid Services, also announced Medicare is starting a comprehensive review of how it will pay for a costly new form of immunotherapy called CAR-T. It's an expensive gene therapy that turbocharges a patient's own immune system cells to attack cancer. The cost for such a procedure can exceed $370,000 per patient.
Businesses

Appliance Companies Are Lobbying To Protect Their DRM-Fueled Repair Monopolies (vice.com) 63

Electronics companies Dyson, LG, and Wahl are fighting right-to-repair legislation, Motherboard reported Wednesday, citing letters it has obtained. From a report: The manufacturers of your appliances do not want you to be able to fix them yourself. Last week, at least three major appliance manufacturers -- Dyson, LG, and Wahl -- sent letters to Illinois lawmakers opposing "fair repair" legislation in that state. The letters were written with the help of a trade group called the Association of Home Appliance Manufacturers (AHAM). All three letters are similar but include slightly different wording and examples in parts. The letters ask lawmakers to "withdraw" a bill that would protect and expand the ability for consumers and independent repair professionals to repair everything from iPhones to robot vacuums, electric shavers, toasters, and tractors. Here are links to the Wahl, Dyson, and LG letters.
Security

Hackers Built a 'Master Key' For Millions of Hotel Rooms (zdnet.com) 112

An anonymous reader writes: Security researchers have built a master key that exploits a design flaw in a popular and widely used hotel electronic lock system, allowing unfettered access to every room in the building. The electronic lock system, known as Vision by VingCard and built by Swedish lock manufacturer Assa Abloy, is used in more than 42,000 properties in 166 countries, amounting to millions of hotel rooms -- as well as garages and storage units. These electronic lock systems are commonplace in hotels, used by staff to provide granular controls over where a person can go in a hotel -- such as their room -- and even restricting the floor that the elevator stops at. And these keys can be wiped and reused when guests check-out.

It turns out these key cards aren't as secure as first thought. F-Secure's Tomi Tuominen and Timo Hirvonen, who carried out the work, said they could create a master key 'basically out of thin air.' Any key card will do. Even old and expired, or discarded keys retain enough residual data to be used in the attack. Using a handheld device running custom software, the researchers can steal data off of a key card -- either using wireless radio-frequency identification (RFID) or the magnetic stripe. That device then manipulates the stolen key data, which identifies the hotel, to produce an access token with the highest level of privileges, effectively serving as a master key to every room in the building.

Windows

E-Waste Innovator Will Go To Jail For Making Windows Restore Disks That Only Worked With Valid Licenses (gizmodo.com) 366

An anonymous reader quotes a report from The Washington Post: California man Eric Lundgren, an electronic waste entrepreneur who produced tens of thousands of Windows restore disks intended to extend the lifespan of aging computers, lost a federal appeals court case in Miami after it ruled "he had infringed Microsoft's products to the tune of $700,000," the Washington Post reported on Tuesday. Per the Post, the appeals court ruled Lundgren's original sentence of 15 months in prison and a $50,000 fine would stay, despite the software being freely available online and only compatible with valid Windows licenses: "The appeals court upheld a federal district judge's ruling that the disks made by Eric Lundgren to restore Microsoft operating systems had a value of $25 apiece, even though they could be downloaded free and could be used only on computers with a valid Microsoft license. The U.S. Court of Appeals for the 11th Circuit initially granted Lundgren an emergency stay of his prison sentence, shortly before he was to surrender, but then affirmed his original 15-month sentence and $50,000 fine without hearing oral argument in a ruling issued April 11." All told, the court valued 28,000 restore disks he produced at $700,000, despite testimony from software expert Glenn Weadock that they were worth essentially zero.
XBox (Games)

Xbox One April Update Rolling Out With Low-Latency Mode, FreeSync, and 1440p Support; 120Hz Support Coming In May Update (theverge.com) 46

Microsoft is rolling out a new Xbox One update that brings 1440p support for the Xbox One S and X, as well as support for AMD's FreeSync technology to allow compatible displays to sync refresh rates with Microsoft's consoles. A subsequent update in May will bring 120Hz-display refresh-rate support to the Xbox One. The Verge reports: FreeSync, like Nvidia's G-Sync, helps remove tearing or stuttering usually associated with gaming on monitors, as the feature syncs refresh rates to ensure games run smoothly. Alongside this stutter-free tech, Microsoft is also supporting automatic switching to a TV's game mode. Auto Low-Latency Mode, as Microsoft calls it, will be supported on new TVs, and will automatically switch a TV into game mode to take advantage of the latency reductions. The Xbox One will also support disabling game mode when you switch to another app like Netflix. Microsoft is also making some audio tweaks with the April update for the Xbox One. New system sounds take advantage of spatial sound to fully support surround sound systems when you navigate around. Gamers who listen to music while playing can also now balance game audio against background music right inside the Xbox Guide. Other features in this update include sharing game clips direct to Twitter, dark to light mode transitions based on sunrise / sunset, and improvements to Microsoft Edge to let you download or upload pictures, music, and videos.
Social Networks

Instagram Launches 'Data Download' Tool To Let You Leave (techcrunch.com) 15

An anonymous reader quotes a report from TechCrunch: Two weeks ago TechCrunch called on Instagram to build an equivalent to Facebook's "Download Your Information" feature so if you wanted to leave for another photo sharing network, you could. The next day it announced this tool would be coming and now TechCrunch has spotted it rolling out to users. Instagram's "Data Download" feature can be accessed here or through the app's privacy settings. It lets users export their photos, videos, archived Stories, profile, info, comments, and non-ephemeral messages, though it can take a few hours to days for your download to be ready. An Instagram spokesperson now confirms to TechCrunch that "the Data Download tool is currently accessible to everyone on the web, but access via iOS and Android is still rolling out." We'll have more details on exactly what's inside once my download is ready.
Piracy

Netflix, Amazon, and Major Studios Try To Shut Down $20-Per-Month TV Service (arstechnica.com) 209

An anonymous reader quotes a report from Ars Technica: Netflix, Amazon, and the major film studios have once again joined forces to sue the maker of a TV service and hardware device, alleging that the products are designed to illegally stream copyrighted videos. The lawsuit was filed against the company behind Set TV, which sells a $20-per-month TV service with more than 500 channels.

"Defendants market and sell subscriptions to 'Setvnow,' a software application that Defendants urge their customers to use as a tool for the mass infringement of Plaintiffs' copyrighted motion pictures and television shows," the complaint says. Besides Netflix and Amazon, the plaintiffs are Columbia Pictures, Disney, Paramount Pictures, Twentieth Century Fox, Universal, and Warner Bros. The complaint was filed Friday in U.S. District Court for the Central District of California. The companies are asking for permanent injunctions to prevent further distribution of Set TV software and devices, the impoundment of Set TV devices, and for damages including the defendants' profits.

The Internet

Mosaic, the First HTML Browser That Could Display Images Alongside Text, Turns 25 (wired.com) 131

NCSA Mosaic 1.0, the first web browser to achieve popularity among the general public, was released on April 22, 1993. It was developed by a team of students at the University of Illinois' National Center for Supercomputing Applications (NCSA), and had the ability to display text and images inline, meaning you could put pictures and text on the same page together, in the same window. Wired reports: It was a radical step forward for the web, which was at that point, a rather dull experience. It took the boring "document" layout of your standard web page and transformed it into something much more visually exciting, like a magazine. And, wow, it was easy. If you wanted to go somewhere, you just clicked. Links were blue and underlined, easy to pick out. You could follow your own virtual trail of breadcrumbs backwards by clicking the big button up there in the corner. At the time of its release, NCSA Mosaic was free software, but it was available only on Unix. That made it common at universities and institutions, but not on Windows desktops in people's homes.

The NCSA team put out Windows and Mac versions in late 1993. They were also released under a noncommercial software license, meaning people at home could download it for free. The installer was very simple, making it easy for just about anyone to get up and running on the web. It was then that the excitement really began to spread. Mosaic made the web come to life with color and images, something that, for many people, finally provided the online experience they were missing. It made the web a pleasure to use.

Youtube

YouTube Says Computers Helped It Pull Down Millions of Objectionable Videos Last Quarter (recode.net) 144

YouTube says it has successfully trained computers to flag objectionable videos. In the last quarter of 2017, the company reportedly pulled down more than six million of these videos before any users saw them. The news comes from a brief aside in Google CEO Sundar Pichai's scripted remarks during parent company Alphabet's earnings call today. "He said YouTube had pulled down more than six million videos in the last quarter of 2017 after first being flagged by its 'machine systems,' and that 75 percent of those videos 'were removed before receiving a single view,'" reports Recode.
Software

Algorithm Automatically Spots 'Face Swaps' In Videos (technologyreview.com) 40

yagoda shares a report from MIT Technology Review: Andreas Rossler at the Technical University of Munich in Germany and colleagues have developed a deep-learning system that can automatically spot face-swap videos. The new technique could help identify forged videos as they are posted to the web. But the work also has sting in the tail. The same deep-learning technique that can spot face-swap videos can also be used to improve the quality of face swaps in the first place -- and that could make them harder to detect. The new technique relies on a deep-learning algorithm that Rossler and co have trained to spot face swaps. These algorithms can only learn from huge annotated data sets of good examples, which simply have not existed until now. In semi-related news, the Screen Actors Guild-American Federation of Television and Radio Artists (SAG-AFTRA) says it's "fighting back" against the dangers posed by new face-swapping technologies that have been used to digitally superimpose the faces of its members onto the bodies of porn stars.

"SAG-AFTRA has undertaken an exhaustive review of our collective bargaining options and legislative options to combat any and all uses of digital re-creations, not limited to deepfakes, that defame our members and inhibit their ability to protect their images, voices and performances from misappropriation. We are talking with our members' representatives, union allies, and with state and federal legislators about this issue right now and have legislation pending in New York and Louisiana that would address this directly in certain circumstances. We also are analyzing state laws in other jurisdictions, including California, to make sure protections are in place. To the degree that there are not sufficient protections in place, we will work to fix that..."
Cellphones

Surface Phone Speculation Spurred By New Phone APIs In Windows (arstechnica.com) 75

Microsoft has been rumored to be working on a "Surface Phone" for years now, with little concrete evidence that such a device actually exists. "But the latest Windows 10 Insider Preview has given new fuel for the speculative fire, it has a set of new APIs for cellular phones," reports Ars Technica. From the report: Windows has had integrated support for cell modems since Windows 8, but this has been restricted to supporting data connections. Telephony -- dialing numbers, placing calls -- has always required either Windows Phone or Windows 10 Mobile. This has made the full Windows 10 unsuitable for a phone. That may be changing. Windows 10 build 17650 -- a preview of Redstone 5, the next Windows update after the delayed April update -- includes some telephony APIs. The new APIs cover support for a range of typical phone features: dialing numbers and contacts, blocking withheld numbers, support for Bluetooth headsets and spearphone mode, and so on and so forth. There also looks to be some kind of video-calling support, suggesting support for 3G or LTE video calling.
Operating Systems

Microsoft Readies Windows 10 April Update With New Features and Enhancements (hothardware.com) 106

MojoKid writes: Microsoft has been preparing a Spring Creators Update for Windows 10 for a while now, which was recently pushed out as an RTM (Release To Manufacturing) build to all rings of the Windows Insider program. Now dubbed the "Windows 10 April Update," Redmond is billing that "lots of new features" are rolling out with this release, including the ability to resume past activities in timeline and a file sharing feature with nearby devices. Also, based on what has been tested in pre-release builds, there will be other features coming as well, including a rebuilt Game Bar with a new Fluent design UI, a diagnostic data viewing tool in the Security and Privacy section, and Cortana is reportedly easier to use with a new Organizer interface and My Skills tab. It is expected Microsoft will be pushing out this update for Windows 10 this week sometime.
Nintendo

The 'Unpatchable' Exploit That Makes Every Current Nintendo Switch Hackable (arstechnica.com) 95

An anonymous reader quotes a report from Ars Technica: A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusee Gelee coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch. "Fusee Gelee isn't a perfect, 'holy grail' exploit -- though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ. The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code. The exploit can't be fixed via a downloadable patch because the flawed bootROM can't be modified once the Tegra chip leaves the factory. As Temkin writes, "unfortunately, access to the fuses needed to configure the device's ipatches was blocked when the ODM_PRODUCTION fuse was burned, so no bootROM update is possible. It is suggested that consumers be made aware of the situation so they can move to other devices, where possible." Ars notes that Nintendo may however be able to detect "hacked" systems when they sign on to Nintendo's servers. "The company could then ban those systems from using the Switch's online functions."
Businesses

Amazon Has a Top-Secret Plan to Build Home Robots (bloomberg.com) 91

After making smart speakers a household product (at least to some), Amazon seems to have found its next big consumer product: robots. Amazon is building smart robots that are equipped with cameras that let them drive around homes, Bloomberg reported Monday. These robots could launch as soon as next year. From the report: Codenamed "Vesta," after the Roman goddess of the hearth, home and family, the project is overseen by Gregg Zehr, who runs Amazon's Lab126 hardware research and development division based in Sunnyvale, California. Lab126 is responsible for Amazon devices such as the Echo speakers, Fire TV set-top-boxes, Fire tablets and the ill-fated Fire Phone.

The Vesta project originated a few years ago, but this year Amazon began to aggressively ramp up hiring. There are dozens of listings on the Lab 126 Jobs page for openings like "Software Engineer, Robotics" and "Principle Sensors Engineer." People briefed on the plan say the company hopes to begin seeding the robots in employees' homes by the end of this year, and potentially with consumers as early as 2019, though the timeline could change, and Amazon hardware projects are sometimes killed during gestation.

Displays

Are Widescreen Laptops Dumb? (theverge.com) 404

"After years of phones, laptops, tablets, and TV screens converging on 16:9 as the 'right' display shape -- allowing video playback without distracting black bars -- smartphones have disturbed the universality recently by moving to even more elongated formats like 18:9, 19:9, or even 19.5:9 in the iPhone X's case," writes Amelia Holowaty Krales via The Verge. "That's prompted me to consider where else the default widescreen proportions might be a poor fit, and I've realized that laptops are the worst offenders." Krales makes the case for why a 16:9 screen of 13 to 15 inches in size is a poor fit: Practically every interface in Apple's macOS, Microsoft's Windows, and on the web is designed by stacking user controls in a vertical hierarchy. At the top of every MacBook, there's a menu bar. At the bottom, by default, is the Dock for launching your most-used apps. On Windows, you have the taskbar serving a similar purpose -- and though it may be moved around the screen like Apple's Dock, it's most commonly kept as a sliver traversing the bottom of the display. Every window in these operating systems has chrome -- the extra buttons and indicator bars that allow you to close, reshape, or move a window around -- and the components of that chrome are usually attached at the top and bottom. Look at your favorite website (hopefully this one) on the internet, and you'll again see a vertical structure.

As if all that wasn't enough, there's also the matter of tabs. Tabs are a couple of decades old now, and, like much of the rest of the desktop and web environment, they were initially thought up in an age where the predominant computer displays were close to square with a 4:3 aspect ratio. That's to say, most computer screens were the shape of an iPad when many of today's most common interface and design elements were being developed. As much of a chrome minimalist as I try to be, I still can't extricate myself from needing a menu bar in my OS and tab and address bars inside my browser. I'm still learning to live without a bookmarks bar. With all of these horizontal bars invading our vertical space, a 16:9 screen quickly starts to feel cramped, especially at the typical laptop size. You wind up spending more time scrolling through content than engaging with it.
What is your preferred aspect ratio for a laptop? Do you prefer Microsoft and Google's machines that have a squarer 3:2 aspect ratio, or Apple's MacBook Pro that has a 16:10 display?
Google

Who Has More of Your Personal Data Than Facebook? Try Google (wsj.com) 149

Facebook may be in the hot seat right now for its collection of personal data without our knowledge or explicit consent, but as The Wall Street Journal points out, "Google is a far bigger threat by many measures: the volume of information it gathers, the reach of its tracking and the time people spend on its sites and apps." From the report (alternative source): It's likely that Google has shadow profiles (data the company gathers on people without accounts) on as at least as many people as Facebook does, says Chandler Givens, CEO of TrackOff, which develops software to fight identity theft. Google allows everyone, whether they have a Google account or not, to opt out of its ad targeting, though, like Facebook, it continues to gather your data. Google Analytics is far and away the web's most dominant analytics platform. Used on the sites of about half of the biggest companies in the U.S., it has a total reach of 30 million to 50 million sites. Google Analytics tracks you whether or not you are logged in. Meanwhile, the billion-plus people who have Google accounts are tracked in even more ways. In 2016, Google changed its terms of service, allowing it to merge its massive trove of tracking and advertising data with the personally identifiable information from our Google accounts.

Google uses, among other things, our browsing and search history, apps we've installed, demographics like age and gender and, from its own analytics and other sources, where we've shopped in the real world. Google says it doesn't use information from "sensitive categories" such as race, religion, sexual orientation or health. Because it relies on cross-device tracking, it can spot logged-in users no matter which device they're on. Google fuels even more data harvesting through its dominant ad marketplaces. There are up to 4,000 data brokers in the U.S., and collectively they know everything about us we might otherwise prefer they didn't -- whether we're pregnant, divorced or trying to lose weight. Google works with some of these brokers directly but the company says it vets them to prevent targeting based on sensitive information. Google also is the biggest enabler of data harvesting, through the world's two billion active Android mobile devices.

Security

'Drupalgeddon2' Touches Off Arms Race To Mass-Exploit Powerful Web Servers (arstechnica.com) 60

Researchers with Netlab 360 warn that attackers are mass-exploiting "Drupalgeddon2," the name of an extremely critical vulnerability Drupal maintainers patched in late March. The exploit allows them to take control of powerful website servers. Ars Technica reports: Formally indexed as CVE- 2018-7600, Drupalgeddon2 makes it easy for anyone on the Internet to take complete control of vulnerable servers simply by accessing a URL and injecting publicly available exploit code. Exploits allow attackers to run code of their choice without having to have an account of any type on a vulnerable website. The remote-code vulnerability harkens back to a 2014 Drupal vulnerability that also made it easy to commandeer vulnerable servers.

Drupalgeddon2 "is under active attack, and every Drupal site behind our network is being probed constantly from multiple IP addresses," Daniel Cid, CTO and founder of security firm Sucuri, told Ars. "Anyone that has not patched is hacked already at this point. Since the first public exploit was released, we are seeing this arms race between the criminals as they all try to hack as many sites as they can." China-based Netlab 360, meanwhile, said at least three competing attack groups are exploiting the vulnerability. The most active group, Netlab 360 researchers said in a blog post published Friday, is using it to install multiple malicious payloads, including cryptocurrency miners and software for performing distributed denial-of-service attacks on other domains. The group, dubbed Muhstik after a keyword that pops up in its code, relies on 11 separate command-and-control domains and IP addresses, presumably for redundancy in the event one gets taken down.

Google

Google's AR Microscope Quickly Highlights Cancer Cells (uploadvr.com) 41

An anonymous reader quotes a report from UploadVR: Google Research this week revealed an AR microscope (ARM) capable of detecting cancerous cells in real-time with the help of machine learning. Locating cancer with a standard microscope is a difficult and time-consuming process, with a raft of information for doctors to study and investigate. With this new solution, though, the microscope is able to quickly locate cancerous cells and then highlight them as a doctor peers inside. The platform uses a modified light microscope integrated with image analysis and machine learning algorithms into its field of view. An AR display sits above a camera that communicates with the algorithm to display data as soon as it locates an issue. In order words, the microscope immediately begins looking for cancerous cells as soon as you place a sample beneath it. It's effectively doing the same job as a doctor just, according to Google, a lot faster. Google posted a video about the AR microscope on YouTube.
Software

Dutch Study Finds Some Video Game Loot Boxes Broke the Law (vice.com) 90

The Netherlands Gaming Authority has published a study it conducted of 10 video games that reward players with loot boxes, packages players can sometimes buy with real money that contain random-in game rewards, and found that 4 of the 10 games it studied violated the Dutch Gaming Act. "It determined that loot boxes are, in general, addictive and that four of the games allowed players to trade items they'd won outside of the game, which means they've got a market value," reports Motherboard. From the report: According to the study, the authorities picked games "based on their popularity on a leading Internet platform that streams videos of games and players." Motherboard has reached out to the Gaming Authority for clarification on both the games it picked (the study doesn't name them) and the method by which it picked them, but did not receive an immediate reply. However, Twitch is the most popular way gamers watch others play and it's a good bet that Twitch is how the Gaming Authority focused its attention. Six of the ten games the Gaming Authority studied aren't in violation of Dutch law. "With these games, there is no opportunity to sell the prizes won outside of the game," the press release said. "This means that the goods have no market value and these loot boxes do not satisfy the definition of a prize in Section 1 of the Betting and Gaming Act."

The four others though offer the opportunity for players to trade items outside of the game and therefore meet the the Netherlands definition of gambling. To come into compliance, those games need to make their loot boxes less interesting to open. The Gaming Authority wants the companies to "remove the addiction-sensitive elements ('almost winning' effects, visual effects, ability to keep opening loot boxes quickly one after the other and suchlike)...and to implement measures to exclude vulnerable groups or to demonstrate that the loot boxes on offer are harmless."

Open Source

Apple Open Sources FoundationDB (macrumors.com) 48

Apple's FoundationDB company announced on Thursday that the FoundationDB core has been open sourced with the goal of building an open community with all major development done in the open. The database company was purchased by Apple back in 2015. As described in the announcement, FoundationDB is a distributed datastore that's been designed from the ground up to be deployed on clusters of commodity hardware. Mac Rumors reports: By open sourcing the project to drive development, FoundationDB is aiming to become "the foundation of the next generation of distributed databases: "The vision of FoundationDB is to start with a simple, powerful core and extend it through the addition of "layers". The key-value store, which is open sourced today, is the core, focused on incorporating only features that aren't possible to write in layers. Layers extend that core by adding features to model specific types of data and handle their access patterns. The fundamental architecture of FoundationDB, including its use of layers, promotes the best practices of scalable and manageable systems. By running multiple layers on a single cluster (for example a document store layer and a graph layer), you can match your specific applications to the best data model. Running less infrastructure reduces your organization's operational and technical overhead." The source for FoundationDB is available on Github, and those who wish to join the project are encouraged to visit the FoundationDB community forums, submit bugs, and make contributions to the core software and documentation.

Slashdot Top Deals