DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Transportation

Red-Light Camera Grace Period Goes From 0.1 To 0.3 Seconds, Chicago To Lose $17 Million (arstechnica.com) 10

The Chicago Department of Transportation announced a new policy earlier this week that will increase the "grace period" -- the time between when a traffic light turns red to when a ticket is automatically issued. The decision has been made to increase the time from 0.1 seconds to 0.3 seconds, following recommendations part of a recent study of its red-light cameras. Ars Technica reports: This will bring the Windy City in line with other American metropolises, including New York City and Philadelphia. In a statement, the city agency said that this increase would "maintain the safety benefits of the program while ensuring the program's fairness." On Tuesday, the Chicago Tribune reported that the city would lose $17 million in revenue this year alone as a result of the expanded grace period. Michael Claffey, a CDOT spokesman, confirmed that figure to Ars. "We want to emphasize that extending this enforcement threshold is not an invitation to drivers to try to beat the red light," CDOT Commissioner Rebekah Scheinfeld also said in the statement. "By accepting the recommendation of the academic team, we are giving the benefit of the doubt to well-intentioned drivers while remaining focused on the most reckless behaviors."
Government

US Ordered 'Mandatory Social Media Check' For Visa Applicants Who Visited ISIS Territory (theverge.com) 81

An anonymous reader quotes a report from The Verge: U.S. Secretary of State Rex Tillerson has ordered a "mandatory social media check" on all visa applicants who have ever visited ISIS-controlled territory, according to diplomatic cables obtained by Reuters. The four memos were sent to American diplomatic missions over the past two weeks, with the most recent issued on March 17th. According to Reuters, they provide details into a revised screening process that President Donald Trump has described as "extreme vetting." A memo sent on March 16th rescinds some of the instructions that Tillerson outlined in the previous cables, including an order that would have required visa applicants to hand over all phone numbers, email addresses, and social media accounts that they have used in the past. The secretary of state issued the memo after a Hawaii judge blocked the Trump administration's revised travel ban on citizens from six predominantly Muslim countries. In addition to the social media check, the most recent memo calls for consular officials to identify "populations warranting increased scrutiny." Two former government officials tell Reuters that the social media order could lead to delays in processing visa applications, with one saying that such checks were previously carried out on rare occasions.
Chrome

Google Reducing Trust In Symantec Certificates Following Numerous Slip-Ups (bleepingcomputer.com) 29

An anonymous Slashdot reader writes from a report via BleepingComputer: Google Chrome engineers announced plans to gradually remove trust in old Symantec SSL certificates and intent to reduce the accepted validity period of newly issued Symantec certificates, following repeated slip-ups on the part of Symantec. Google's decision comes after the conclusion of an investigation that started on January 19, which unearthed several problems with Symantec's certificate issuance process, such as 30,000 misused certificates. In September 2015, Google also discovered that Symantec issued SSL certificates for Google.com without authorization. Symantec blamed the incident on three rogue employees, whom it later fired. This move from Google will force all owners of older Symantec certificates to request a new one. Google hopes that by that point, Symantec would have revamped its infrastructure and will be following the rules agreed upon by all the other CAs and browser makers.
Twitter

Twitter Considers Premium Version After 11 Years As a Free Service (reuters.com) 45

Twitter is considering whether or not to build a premium version of its site for select users. It's unclear what the cost would be at this time, but it's very possible it could be in the form of a subscription. Reuters reports: Like most other social media companies, Twitter since its founding 11 years ago has focused on building a huge user base for a free service supported by advertising. Last month it reported it had 319 million users worldwide. Twitter is conducting a survey "to assess the interest in a new, more enhanced version of Tweetdeck," which is an existing tool that helps users navigate the network, spokeswoman Brielle Villablanca said in a statement on Thursday. She went on: "We regularly conduct user research to gather feedback about people's Twitter experience and to better inform our product investment decisions, and we're exploring several ways to make Tweetdeck even more valuable for professionals." There was no indication that Twitter was considering charging fees from all its users. Word of the survey had earlier leaked on Twitter, where a journalist affiliated with the New York Times posted screenshots of what a premium version of Tweetdeck could look like. That version could include "more powerful tools to help marketers, journalists, professionals, and others in our community find out what is happening in the world quicker," according to one of the screenshots posted on the account @andrewtavani.
Patents

Apple Explores Using An iPhone, iPad To Power a Laptop (appleinsider.com) 35

According to the U.S. Patent and Trademark Office, Apple has filed a patent for an "Electronic accessory device." It describes a "thin" accessory that contains traditional laptop hardware like a large display, physical keyboard, GPU, ports and more -- all of which is powered by an iPhone or iPad. The device powering the hardware would fit into a slot built into the accessory. AppleInsider reports: While the accessory can take many forms, the document for the most part remains limited in scope to housings that mimic laptop form factors. In some embodiments, for example, the accessory includes a port shaped to accommodate a host iPhone or iPad. Located in the base portion, this slot might also incorporate a communications interface and a means of power transfer, perhaps Lightning or a Smart Connector. Alternatively, a host device might transfer data and commands to the accessory via Wi-Fi, Bluetooth or other wireless protocol. Onboard memory modules would further extend an iOS device's capabilities. Though the document fails to delve into details, accessory memory would presumably allow an iPhone or iPad to write and read app data. In other cases, a secondary operating system or firmware might be installed to imitate a laptop environment or store laptop-ready versions of iOS apps. In addition to crunching numbers, a host device might also double as a touch input. For example, an iPhone positioned below the accessory's keyboard can serve as the unit's multitouch touchpad, complete with Force Touch input and haptic feedback. Coincidentally, the surface area of a 5.5-inch iPhone 7 Plus is very similar to that of the enlarged trackpad on Apple's new MacBook Pro models. Some embodiments also allow for the accessory to carry an internal GPU, helping a host device power the larger display or facilitate graphics rendering not possible on iPhone or iPad alone. Since the accessory is technically powered by iOS, its built-in display is touch-capable, an oft-requested feature for Mac. Alternatively, certain embodiments have an iPad serving as the accessory's screen, with keyboard, memory, GPU and other operating guts located in the attached base portion. This latter design resembles a beefed up version of Apple's Smart Case for iPad.
Advertising

YouTube Loses Major Advertisers Over Offensive Videos (rollingstone.com) 121

An anonymous reader quotes a report from Rolling Stone: Verizon, AT&T, Johnson & Johnson and other major companies have pulled advertisements from YouTube after learning they were paired with videos promoting extremism, terrorism and other offensive topics, The New York Times reports. Among the other companies involved are pharmaceutical giant GSK, HSBC, the Royal Bank of Scotland and L'Oreal, amounting to a potential loss of hundreds of millions of dollars to the Google-owned company. The boycott began last week after a Times of London investigation spurred many major European companies to pull their ads from YouTube. American companies swiftly followed, even after Google promised Tuesday to work harder to block ads on "hateful, offensive and derogatory" videos. Like AT&T, most companies are only pulling their ads from YouTube and will continue to place ads on Google's search platforms, which remain the biggest source of revenue for Google's parent company, Alphabet. Still, the tech giant offered up a slew of promises to assuage marketers and ensure them that they were fixing the problems on YouTube. Due to the massive number of videos on YouTube -- about 400 hours of video is posted each minute -- the site primarily uses an automated system to place ads. While there are some failsafes in place to keep advertisements from appearing alongside offensive content, Google's Chief Business Officer Philipp Schindler wrote in a blog post that the company would hire "significant numbers" of employees to review YouTube videos and mark them as inappropriate for ads. He also said Google's latest advancements in artificial intelligence and machine learning will help the company review and flag large swaths of videos.
Canada

Canada To Tax Ride-Sharing Providers Like Uber (www.cbc.ca) 47

Canadian Prime Minister Justin Trudeau and his government announced plans to tax ride-sharing providers like Uber for the first time. According to CBC, the latest consumer tax changes included in Wednesday's federal budget "will add to the cost of Uber rides while ending a public-transit credit." The idea behind the decision is to "help level the playing field and create tax fairness." From the report: The proposed levy on Uber and other ride-hailing services would for the first time impose GST/HST on fares, in the same way they are charged on traditional taxi services. The change will broaden the definition of a taxi business to ensure Uber and other web-based ride-hailing services are required to charge and remit GST/HST, adding to the cost of each trip. The effect on federal revenues will be modest, just $3 million in additional revenue in 2017-18, but the budget suggests the measure is to help level the playing field and create tax fairness. The non-refundable public transit tax credit -- a so-called boutique tax credit introduced by the previous Conservative government -- will be phased out on July 1. The credit enabled public transit users to apply 15 per cent of their eligible expenses on monthly passes and other fares toward reducing the amount of tax they owe. Ending that tax break is expected to save Ottawa more than $200 million a year. Of course, Uber Canada isn't so fond of the idea, calling it a "tax on innovation" that would hurt Uber drivers and users. The company said in a statement: "At a time when Canadians spend far too much time stuck in traffic -- and people should be encouraged to leave their cars at home, take public transit, and share rides -- we should be supporting policies that make sustainable transportation more affordable, not more expensive. Federal tax laws already offer small business owners a break on collecting sales tax, but unfairly exclude taxi drivers. The best way to support taxi drivers and level the playing field is to extend the same exemption to them."
The Internet

SixXS IPv6 Tunnel Provider Is Shutting Down (sixxs.net) 32

yakatz writes: SixXS started providing IPv6 tunnels in 1999 to try to break the "chicken-and-egg" problem of IPv6 adoption. After 18 years, the service is shutting down. The cited reasons are:

1) growth has been stagnant
2) many ISPs offer IPv6
3) some ISPs have told customers that they don't need to provide IPv6 connectivity because the customer can just use a tunnel from SixXS

This last reason in particular made the SixXS team think they are doing more harm than good in the fight for native IPv6, so they will be shutting down on June 6.

The Military

Massive Ukraine Munitions Blasts May Have Been Caused By a Drone (bbc.com) 64

dryriver writes: The BBC reports that 20,000 people are being evacuated from the immediate area around a munition dump in Ukraine that has gone up in flames. The 350 hectare munition dump near Kharkiv is around 100km (60 miles) from fighting against Russian-backed separatists and was used to supply military units in the conflict zone in nearby Luhansk and Donetsk. A drone was reported to have been used in an earlier attempt to set the facility on fire in December 2015. Authorities are now investigating whether someone possibly flew a drone over the facility that dropped an explosive device that caused the stored munitions to catch fire and explode. Ukrainian authorities believe that the conflagration at the facility is the result of sabotage.
AI

Boy, 4, Uses Siri To Help Save Mum's Life (bbc.com) 120

A four-year-old boy saved his mother's life by using her thumb to unlock her iPhone and then asking it to call 999. From a report: Roman, who lives in Kenley, Croydon, south London, used the phone's voice control -- Siri -- to call emergency services. Police and paramedics were sent to the home and were able to give live-saving first aid to his mother.
United States

71 Percent of Android Phones On Major US Carriers Have Out of Date Security Patches (betanews.com) 87

Ian Barker, writing for BetaNews: Slow patching of security flaws is leaving many US mobile users at risk of falling victim to data breaches according to the findings of a new report. The study from mobile defense specialist Skycure analyzed patch updates among the five leading wireless carriers in the US and finds that 71 percent of mobile devices still run on security patches more than two months old. This is despite Google releasing Android patches every month, indeed six percent of devices are running patches that are six or more months old. Without the most updated patches, these devices are susceptible to attacks, including rapidly rising network attacks and new malware, also detailed in the report.
Communications

Senate Votes To Kill FCC's Broadband Privacy Rules (pcworld.com) 342

The Senate voted 50-48 along party lines Thursday to repeal an Obama-era law that requires internet service providers to obtain permission before tracking what customers look at online and selling that information to other companies. PCWorld adds: The Senate's 50-48 vote Thursday on a resolution of disapproval would roll back Federal Communications Commission rules requiring broadband providers to receive opt-in customer permission to share sensitive personal information, including web-browsing history, geolocation, and financial details with third parties. The FCC approved the regulations just five months ago. Thursday's vote was largely along party lines, with Republicans voting to kill the FCC's privacy rules and Democrats voting to keep them. The Senate's resolution, which now heads to the House of Representatives for consideration, would allow broadband providers to collect and sell a "gold mine of data" about customers, said Senator Bill Nelson, a Florida Democrat. Kate Tummarello, writing for EFF: [This] would be a crushing loss for online privacy. ISPs act as gatekeepers to the Internet, giving them incredible access to records of what you do online. They shouldn't be able to profit off of the information about what you search for, read about, purchase, and more without your consent. We can still kill this in the House: call your lawmakers today and tell them to protect your privacy from your ISP.
Australia

Australia Shelves Copyright Safe Harbor For Google, Facebook (torrentfreak.com) 24

In a surprise setback for companies such as Google and Facebook that leverage user-generated content, Australia has dropped plans to extend its copyright safe harbor provisions. From a report: In a blow to Google, Facebook and others, the government dropped the amendments before they were due to be introduced to parliament yesterday. That came as a big surprise, particularly as Prime Minister Malcolm Turnbull had given the proposals his seal of approval just last week. "Provisions relating to safe harbor were removed from the bill before its introduction to enable the government to further consider feedback received on this proposal whilst not delaying the passage of other important reforms," Communications Minister Mitch Fifield said in a statement. There can be little doubt that intense lobbying from entertainment industry groups played their part, with a series of articles published in News Corp-owned The Australian piling on the pressure in favor of rightsholders.
Security

WikiLeaks' New Dump Shows How The CIA Allegedly Hacked Macs and iPhones Almost a Decade Ago (vice.com) 107

WikiLeaks said on Thursday morning it will release new documents it claims are from the Central Intelligence Agency which show the CIA had the capability to bug iPhones and Macs even if their operating systems have been deleted and replaced. From a report on Motherboard: "These documents explain the techniques used by CIA to gain 'persistenc'' on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware," WikiLeaks stated in a press release. EFI and UEFI is the core firmware for Macs, the Mac equivalent to the Bios for PCs. By targeting the UEFI, hackers can compromise Macs and the infection persists even after the operating system is re-installed. The documents are mostly from last decade, except a couple that are dated 2012 and 2013. While the documents are somewhat dated at this point, they show how the CIA was perhaps ahead of the curve in finding new ways to hacking and compromising Macs, according to Pedro Vilaca, a security researcher who's been studying Apple computers for years. Judging from the documents, Vilaca told Motherboard in an online chat, it "looks like CIA were very early adopters of attacks on EFI."
Earth

Let There Be Light: Germans Switch on 'Largest Artificial Sun' (theguardian.com) 113

German scientists are switching on "the world's largest artificial sun" in the hope that intense light sources can be used to generate climate-friendly fuel. From a report: The Synlight experiment in Julich, about 19 miles west of Cologne, consists 149 souped-up film projector spotlights and produces light about 10,000 times the intensity of natural sunlight on Earth. When all the lamps are swivelled to concentrate light on a single spot, the instrument can generate temperatures of around 3,500C -- around two to three times the temperature of a blast furnace. "If you went in the room when it was switched on, you'd burn directly," said Prof Bernard Hoffschmidt, a research director at the German Aerospace Center, where the experiment is housed in a protective radiation chamber. The aim of the experiment is to come up with the optimal setup for concentrating natural sunlight to power a reaction to produce hydrogen fuel.
Software

Researchers Develop App That Accurately Determines Sperm Quality (scientificamerican.com) 97

New submitter omaha393 writes: A team of researchers at Harvard Medical School have developed a point-of-care microfluidic detector capable of determining sperm quality using the simple device and a standard smartphone. Typical male fertility screens require a team of trained laboratory professionals and a screening process taking days to weeks and incurring high costs. The alternative home sperm measuring kits rely on chemical probes and only give measurements of quantity, not quality.The new method offers an easier, cheaper approach, with processing time taking about 5 seconds with no sample processing or wash steps required. The team found their device meets WHO guidelines with 98% accuracy of sperm quality measurements and is comparable to clinical results. The new device uses 35 microliters of sample to accurately measure both concentration and motility at a manufacturing cost of less than $5 per device. The device must still undergo FDA evaluations before being available to consumers, and the technology has yet to be named. The results of the study were published in the journal Science Translational Medicine. Further reading: NPR, Ars Technica, Scientific American
Businesses

A Lithuanian Phisher Tricked Two Big US Tech Companies Into Wiring Him $100 Million (theverge.com) 123

According to a recent indictment from the U.S. Department of Justice, a 48-year-old Lithuanian scammer named Evaldas Rimasauskas managed to trick two American technology companies into wiring him $100 million. He was able to perform this feat "by masquerading as a prominent Asian hardware manufacturer," reports The Verge, citing court documents, "and tricking employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries." From the report: What makes this remarkable is not Rimasauskas' particular phishing scam, which sounds rather standard in the grand scheme of wire fraud and cybersecurity exploits. Rather, it's the amount of money he managed to score and the industry from which he stole it. The indictment specifically describes the companies in vague terms. The first company is "multinational technology company, specializing in internet-related services and products, with headquarters in the United States," the documents read. The second company is a "multinational corporation providing online social media and networking services." Both apparently worked with the same "Asia-based manufacturer of computer hardware," a supplier that the documents indicate was founded some time in the late '80s. What's more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money. Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted -- each charge of wire fraud and laundering carries a max sentence of 20 years. The court documents don't reveal the names of the two companies. Though, one could surely think of a few candidates that would fit the descriptions provided in the court documents.
Bug

LastPass Bugs Allow Malicious Websites To Steal Passwords (bleepingcomputer.com) 123

Earlier this month, a Slashdot reader asked fellow Slashdotters what they recommended regarding the use of password managers. In their post, they voiced their uncertainty with password managers as they have been hacked in the past, citing an incident in early 2016 where LastPass was hacked due to a bug that allowed users to extract passwords stored in the autofill feature. Flash forward to present time and we now have news that three separate bugs "would have allowed a third-party to extract passwords from users visiting a malicious website." An anonymous Slashdot reader writes via BleepingComputer: LastPass patched three bugs that affected the Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. All bugs were reported by Google security researcher Tavis Ormandy, and all allowed the theft of user credentials, one bug affecting the LastPass Chrome extension, while two impacted the LastPass Firefox extension [1, 2]. The exploitation vector was malicious JavaScript code that could be very well hidden in any online website, owned by the attacker or via a compromised legitimate site.
DRM

W3C Erects DRM As Web Standard (theregister.co.uk) 211

The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.
The Internet

'Dig Once' Bill Could Bring Fiber Internet To Much of the US (arstechnica.com) 168

An anonymous reader quotes a report from Ars Technica: If the U.S. adopts a "dig once" policy, construction workers would install conduits just about any time they build new roads and sidewalks or upgrade existing ones. These conduits are plastic pipes that can house fiber cables. The conduits might be empty when installed, but their presence makes it a lot cheaper and easier to install fiber later, after the road construction is finished. The idea is an old one. U.S. Rep. Anna Eshoo (D-Calif.) has been proposing dig once legislation since 2009, and it has widespread support from broadband-focused consumer advocacy groups. It has never made it all the way through Congress, but it has bipartisan backing from lawmakers who often disagree on the most controversial broadband policy questions, such as net neutrality and municipal broadband. It even got a boost from Rep. Marsha Blackburn (R-Tenn.), who has frequently clashed with Democrats and consumer advocacy groups over broadband -- her "Internet Freedom Act" would wipe out the Federal Communications Commission's net neutrality rules, and she supports state laws that restrict growth of municipal broadband. Blackburn, chair of the House Communications and Technology Subcommittee, put Eshoo's dig once legislation on the agenda for a hearing she held yesterday on broadband deployment and infrastructure. Blackburn's opening statement (PDF) said that dig once is among the policies she's considering to "facilitate the deployment of communications infrastructure." But her statement did not specifically endorse Eshoo's dig once proposal, which was presented only as a discussion draft with no vote scheduled. The subcommittee also considered a discussion draft that would "creat[e] an inventory of federal assets that can be used to attach or install broadband infrastructure." Dig once legislation received specific support from Commerce Committee Chairman Greg Walden (R-Ore.), who said that he is "glad to see Ms. Eshoo's 'Dig Once' bill has made a return this Congress. I think that this is smart policy and will help spur broadband deployment across the country."

Slashdot Top Deals