posted 8 days ago on ars technica
Matthew Hadley Private encryption keys have been successfully extracted multiple times from a virtual private network server running the widely used OpenVPN application with a vulnerable version of OpenSSL, adding yet more urgency to the call for operators to fully protect their systems against the catastrophic Heartbleed bug. Developers who maintain the open-source OpenVPN package previously warned that private keys underpinning VPN sessions were vulnerable to Heartbleed. But until Wednesday, there was no public confirmation such a devastating theft was feasible in real-word settings, said Fredrik Strömberg, the operator of a Sweden-based VPN service who carried out the attacks on a test server. An attacker carrying out a malicious attack could use the same exploit to impersonate a target's VPN server, and in some cases decrypt traffic passing between an end user and the real VPN server. Wednesday's confirmation means any OpenVPN server—and likely servers using any other VPN application that may rely on OpenSSL—should follow the multistep path for recovering from Heartbleed, which is among the most serious bugs ever to hit the Internet. The first step is to update the OpenSSL library to the latest version. That step is crucial but by no means sufficient. Because Heartbleed may have leaked the private key that undergirds all VPN sessions, updated users may still be susceptible to attacks by anyone who may have exploited the vulnerability and made off with the key. To fully recover from Heartbleed, administrators should also revoke their old key certificates, ensure all end user applications are updated with a current certificate revocation list, and reissue new keys. Read 4 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
Chris Young AT&T is hopping mad that the Federal Communications Commission wants to give smaller carriers a more favorable shot at buying broadcast TV spectrum that will be shifted to the cellular industry. The airwaves in the 600MHz band are set to be auctioned next year, and the FCC seems to be leaning toward putting restrictions on the biggest carriers. The restrictions could limit the amount of money the auction takes in but help prevent AT&T and Verizon from further dominating the US wireless market. AT&T pulling out of the auction could be good for its rivals, but would make the spectrum sales less lucrative for the government and TV broadcasters. Read 10 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
In San Francisco today, AMD demonstrated a new Opteron X Series processor, codenamed Berlin, that brings AMD's APU concept and HSA technology into the server room. For some years, AMD has been promoting its heterogeneous system architecture (HSA), which enables CPUs, GPUs, and other coprocessors to share data and cooperate more easily. The company released Kaveri, its first desktop APUs ("accelerated processing units"—CPUs with integrated GPUs) that support HSA earlier this year. Berlin is the server counterpart, wedding AMD's Steamroller x86 CPU cores to its Graphics Core Next 1.1 R-series GPU cores. Read 3 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
Google reported its earnings for Q1 2014 on Wednesday. Wall Street was expecting Google to hit earnings of $6.33 a share and revenue of $15.58 billion, but the company missed that mark, only hitting $5.04 a share and revenue of $15.42 billion. Wall Street expectations aside, that's 19 percent more cash than Google brought in this time last year. Google is actually up to two stock tickers after a stock split that happened early this month. Besides the usual GOOG ticker, there is now also Class C "GOOGL" stock. This move basically doubled the outstanding shares, putting the company at 672 million. Site revenue, which represents sites Google operates (like Google.com, YouTube, and Gmail), generated revenue of $10.47 billion, or 68 percent of total revenue. That's a 21 percent increase over last year. Network revenue, aka "Adsense," did $3.4 billion in revenue, a four percent increase over last year. The "Other Revenue" category, which is mostly Google Play app, media, and hardware sales (including the Chromecast), was again up a huge amount—48 percent—doing $1.05 billion in revenue. Read 1 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
marsmett tallahassee A 19-year-old student has been arrested for allegedly exploiting the Heartbleed vulnerability to steal taxpayer data from as many as 900 Canadians, authorities said Wednesday. The arrest of Stephen Arthuro Solis-Reyes by the Royal Canadian Mounted Police marks the first time authorities anywhere have publicly levied charges in connection to the malicious exploitation of a defect in the widely used OpenSSL cryptography library. Canada Revenue Agency officials said they had removed public access to online tax services a day after the defect was discovered earlier this month. Read 6 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
Kim Dotcom More than two years after his home was raided by authorities, Megaupload founder Kim Dotcom stands to get back some of the millions of dollars worth of cash and property that was seized due to his alleged copyright crimes. A New Zealand court has turned down the government's application to continue holding Dotcom's assets past a two-year deadline. The news came via a statement from one of Dotcom's lawyers, Robert Gapes, who shared the statement with Fairfax NZ News. Dotcom reacted on Twitter. "Mona and I are getting our New Zealand assets back, unless the Crown appeals :-)))" he wrote early Wednesday morning, US time. Read 6 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
Zach Copley A Tokyo court has denied Mt. Gox’s application to revive the embattled Bitcoin exchange, and the company has been handed over to a court-appointed administrator as it attempts to deal with its bankruptcy protection case. “There are no prospects for the restart of the business,” wrote CEO Mark Karpeles in a statement posted to the company’s website on Wednesday. Mt. Gox asked the court to begin civil rehabilitation in late February 2014. Read 6 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
The original Project Ara concept render. We're now just a bit closer to reality. Motorola Technology has been getting smaller and more tightly integrated for years, but that doesn't mean everyone likes it that way. Enthusiasts in particular (including many Ars readers) are vocal about things like soldered-in system RAM, non-replaceable batteries, and other design decisions that improve our gadgets in some ways at the expense of repairability and expandability. Google's "Project Ara" is a phone that wants to fight that trend. The goal is to create a smartphone pieced together from individual modules, theoretically giving users the ability to upgrade and repair their phones without replacing the entire thing every couple of years or so. Phone too slow? Upgrade the processor. Hate your camera? Get a new one. Battery worn out? Replace it. And people seem interested, at least in theory—a concept video for "Phonebloks," a modular phone idea not unlike Project Ara, has amassed more than 19 million views on YouTube as of this writing. At Google's first Project Ara developers conference this week, the company showed off an actual prototype and detailed some of the technologies that will take this phone from a nice-looking, nice-sounding concept photo to an actual, usable device. The prototype simultaneously demonstrates the idea's promise and the reasons why it may struggle to succeed. Read 16 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
Google The Android camera app has usually been the worst part of stock Android devices, but it looks like Google is finally going to change that. The company has just released a revamped version of the "Google Camera" app to the Play Store. The new app has an entirely new interface that does away with the nasty sliding arc controls of the old version. Google Camera is compatible with any device running KitKat and up, which means you can replace the terrible stock camera app—plus you have the option of dumping your skinned OEM app for Google's version. Besides opening up the "PhotoSphere" 360-degree panorama feature to more devices, the app also adds a fake depth-of-field mode, which is all the rage nowadays. Google's version is pretty clever. While HTC added an entire extra camera and Samsung just used raw computing guess-work, Google lets you take a picture of the subject and then move the camera upward so it can capture the subject from a second angle. It works pretty well, especially if you go to the settings and turn on the "high quality" mode. Read 5 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
Right now, photovoltaic devices are the cheapest, most efficient way to harvest the energy in sunlight. The problem is that this energy ends up in the form of electricity, which we have difficulty storing in a cost-effective manner. An alternative approach, solar thermal energy, converts solar energy to heat and can use that heat to continue generating power for several hours after the Sun goes down. But that's not enough to make solar an around-the-clock energy source. Researchers are apparently working on a third option, one that could potentially store energy indefinitely. It goes by the name of "solar thermal fuel," but it's not a fuel in the traditional sense. Rather than breaking apart the fuel molecule through combustion, solar thermal fuels release heat by rearranging bonds within a molecule, leaving all the atoms in place. As a result, they can be recycled repeatedly—in the example that introduced me to solar thermal fuels, a research team ran theirs through more than 2,000 cycles with no loss in performance. How do you get energy into and out of a molecule without breaking any bonds? In this case, the authors worked with derivatives of a chemical called azobenzene, shown below. The double bond between the two nitrogens forces the remaining bonds into one of two forms: either both of the rings can be on opposite sides of the molecule (top, called the "trans" form) or they can be on the same side (bottom, called "cis"). Read 10 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
Neil Young's trek into high-end gadgetry didn't just stop with launching and promoting the PonoPlayer. He also apparently installed lasers in his fingers so that he could sign his own limited edition series of the product. PonoPlayer, the Toblerone-shaped portable media player launched last month by classic rocker Neil Young, closed its Kickstarter campaign yesterday with a grand total of $6.2 million. That number makes Pono the third-highest Kickstarter campaign ever, trailing the Pebble smartwatch and the Ouya video game console. After blasting off to the tune of roughly $1.6 million in one day, the player, which staked its reputation on replicating "studio-quality" sound by way of lossless, high-frequency audio and hardware engineering, maintained its sales momentum by adding a slew of limited-edition sales options. The most prominent was the "Artist Signature" series, which came in a whopping 31 varieties and included laser-engraved signatures and hand-selected, pre-loaded albums by a particular artist or band, with offerings from Elton John, The Eagles, Metallica, Arcade Fire, and plenty in between. Yes, you could buy both Crosby, Stills & Nash and Crosby, Stills, Nash & Young versions of the Pono. Additionally, Pono offered tickets to four "VIP dinner and listening party" events at $5,000 a pop; those Young-hosted events raked in $480,000 alone. Read 3 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
IHS has released another one of its trademark bill of materials (BoM) estimates. This time, the subject of the teardown is Samsung's newest flagship, the Galaxy S5. The company pegs the BoM of a 32GB Galaxy S5 at $251.52. A BoM estimate only accounts for the physical parts in a phone—it doesn't include R&D, marketing, software, or a myriad of other costs associated with getting a smartphone to market—but it's still interesting to compare across devices. $250 might not seem like a lot for a $600 smartphone, but it seems Samsung is having to deal with rising costs over the years. The S5 BoM estimate is higher than that of the S4 ($236) and S3 ($205). It's also higher than the much smaller iPhone 5s, which is estimated to be $207. A good chunk of that $250 goes to the 5.1-inch, 1080p AMOLED display, which IHS says costs $63. The next highest item is the 2.5GHz Snapdragon 801 SoC, which—including the cellular modem—costs $41.00. Read 2 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
Image by Rene Walter A federal appeals court on Wednesday upheld a contempt of court ruling against Ladar Levison and his now-defunct encrypted e-mail service provider, Lavabit LLC, for hindering the government's investigation into the National Security Agency leaks surrounding Edward Snowden. In the summer of 2013, Lavabit was ordered to provide real-time e-mail monitoring of one particular user of the service, believed to be Snowden, the former NSA contractor turned whistleblower. Instead of adequately complying with the order to turn over the private SSL keys that protected his company's tens of thousands of users from the government's prying eyes, Levison chose instead to shut down Lavabit last year after weeks of stonewalling the government. However, Levison reluctantly turned over his encryption keys to the government, although not in a manner that the government deemed useful—he provided a lengthy printout in tiny type, a move the authorities said was objectionable. “The company had treated the court orders like contract negotiations rather than a legal requirement,” US Attorney Andrew Peterson, who represented the government, told PC World. Read 5 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
A Google Fiber job posting in New York City has a bunch of tech news sites excited about the prospect of Google bringing its fiber Internet service to the Big Apple. It would certainly be a nice consolation prize for a city bemoaning the comical failure of the New York Knicks. But Google says there are no such plans."Don't read into the job listing," a Google spokesperson told Ars. "We've had a full team of folks working on Fiber in the New York office (and other locations around the world) for years. We don't currently have any plans to bring Google Fiber to New York. We're entirely focused on building out our networks in Kansas City, Austin, and Provo, and on exploring the possibility of bringing Fiber to the 34 locations we announced in February." The job listing is for a regional sales manager position and says, "You will manage multiple teams that evangelize Google Fiber services to MDU (multi-dwelling apartments and condos) and large SMB owners. You will hire and manage a team that proactively reaches out and articulates how Google Fiber Solutions can help make their work more productive." The successful applicant will "lead and motivate multiple sales teams across multiple locations." Read 3 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
Aurich Lawson Verizon doesn't want to deploy high-speed wired broadband service to all New Jersey residents, despite receiving financial perks from the state for the past 20 years in exchange for building a statewide network. To make sure it doesn't have to complete the buildout to all of New Jersey's 8.9 million residents, Verizon led an astroturf campaign that flooded the state Board of Public Utilities (BPU) with hundreds of identical e-mails purporting to support Verizon's case. One person who is listed as having written one of these e-mails told Ars that he didn't submit anything, and if he did, "I would've slammed them." A report in Stop the Cap this month found several other Verizon "supporters" who had no idea e-mails were submitted under their names.Before describing the astroturf campaign, here is a little background. Verizon is on the verge of getting state approval of a settlement eliminating an obligation to provide broadband service to the whole state by 2010. Instead of just getting service automatically, people who want broadband from Verizon would have to complete a "bonafide retail request" process and prove that they and at least 34 neighbors can't get service from anyone else. Even then, Verizon would have nine months to comply and could meet its newly lessened obligation by making 4G cellular service available through its subsidiary, Verizon Wireless. Verizon predecessor New Jersey Bell agreed to the statewide broadband buildout in a 1993 agreement with the state. In exchange for a different form of price regulation that would allow the company to make more money, "Verizon agreed to upgrade its network to provide broadband to every Verizon New Jersey business and residential customer, school, and library for 100 percent of its service territory," according to the state's Division of Rate Counsel. Read 58 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
Late Tuesday night, Marty O'Donnell, the composer for the original Halo games trilogy, announced his firing from developer Bungie, where he had been serving as co-composer for upcoming first-person shooter Destiny. "I'm saddened to say that Bungie's board of directors terminated me without cause on April 11, 2014," O'Donnell posted on his Twitter account. The decade-plus Bungie veteran did not offer any further clarification or comment. Within an hour, Bungie took to its news page with a brief farewell message that stated, in part, "Today, as friends, we say goodbye." We are tempted to assume that O'Donnell's use of "without cause" may bring Bungie's use of the word "friends" into question. O'Donnell was last seen promoting the score of Destiny, which he had been composing with Paul McCartney and longtime Bungie collaborator Mike Salvatori. In the meantime, we're still waiting on more concrete details and gameplay of Bungie's latest online shooter. Read on Ars Technica | Comments

Read More...
posted 8 days ago on ars technica
Flickr user: Bill Dickinson It's no secret that biology research in the US is facing a number of challenges. After years of rapid growth, the funding for biomedical research has dropped by 25 percent in real dollar terms since 2003, leaving researchers scrambling to keep their labs running. Meanwhile, the system is still training far more graduates than there are faculty positions to fill. But it's tempting to think that taking care of the first by increasing the funding would help take care of the second. "Don't kid yourself" seems to be the message of a perspective published this week by PNAS. The authors, Bruce Alberts, Marc Kirschner, Shirley Tilghman, and Harold Varmus (most of whom helped create or expand the current system), say its current course is unsustainable without some deep-rooted reforms. The ones they suggest would produce far fewer graduates and research labs, but they're courses better equipped to keep biomedical research sustainable even without a large budget increase. The grad student problem The researchers identify a couple of major structural problems that have made the current system unsustainable. One is simply that graduate students represent the cheapest form of labor, and so graduate programs have expanded to keep researchers well supplied. The end result is that 8,000 people get a PhD in the biological sciences each year, far more than can ever hope to find faculty positions. Only about 20 percent of them end up staying in research positions, yet graduate education generally provides training in nothing but research. Read 16 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Microsoft CEO Satya Nadella was in San Francisco today to talk about data and Microsoft's data platform. Nadella repeatedly spoke of Microsoft's "data culture"—using data and analytics to enable employees to get the information they need to understand their work, answer questions, and make decisions. At the event, he celebrated the recent launch of SQL Server 2014 and announced a pair of other products: a preview of Azure Intelligent Systems Service and general availability of Analytics Platform System. SQL Server 2014 has been available to developers and others for a few weeks. Its headline feature is broad support for in-memory databases with an engine previously codenamed "Hekaton." As one would expect, in-memory databases are substantially faster than ones stored on-disk. The in-memory database engine is limited in terms of the programmatic features it offers, but when it can be used it can make operations 10 to 30 times faster. Microsoft said that SQL Server 2014 has been developed in a different way from prior versions of the database server. It was described it as "born in the cloud," developed for Azure and the cloud first. It includes a range of Azure-related features too, such as backups to Azure. Read 2 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Rogier Noort/Flickr The second episode of the fourth season of, you guessed it, Game of Thrones, takes the crown. The HBO episode generated more than 193,000 pirates simultaneously sharing the same file late Monday. Other files of the same episode were also being downloaded by the thousands—some 1.5 million downloads in all, TorrentFreak noted. The site predicted that the record will be broken as the Game of Thrones season progresses. Read 5 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Aurich Lawson Right now, I can tell you that about 37 percent of the roughly 781 million games registered to various Steam accounts haven’t even been loaded a single time. I can tell you that Steam users have put an aggregate of about 3.8 billion hours into Dota 2. I can tell you that Steam users tend to put nearly 600 percent more time into the multiplayer mode on Modern Warfare 2 than the single player mode. Basically, I can give you an idea of how any of the thousands of games on Steam have performed, both in terms of sales and gameplay hours. These estimates are based on publicly available information described in much more detail below. It's the kind of data that the public almost never gets access to in the video game industry. Sure, we get a monthly “Top 10” list of best-selling titles in the US from tracking firm NPD, but these results smash together myriad versions of multi-platform releases and don’t even contain specific sales numbers these days (foreign services like Britain’s Chart-Track and Japan’s Media Create are slightly more robust in their public reporting). Those with deep pockets can pay for access to a treasure trove of historic and current sales numbers, but subscribers are contractually forbidden from sharing those numbers with the public. Steam, to its credit, offers real-time and “daily peak” snapshots of how many players use its 100 most popular games, but these numbers can be transitory and don’t reflect total sales or play time very well. Read 37 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Institute for Money, Technology and Financial Inclusion On Monday evening, Re/code wrote about the complicated set of rules that the FCC's wireless bureau is hoping will be adopted for the TV spectrum auction that will take place in 2015. According to these restrictions, carriers with lots of spectrum like AT&T, Verizon, and Sprint could be prohibited from bidding on up to one-third of the auctioned-off spectrum in a given area, at least when the bidding in that area reaches a particular price. The auction rules would dictate how many licenses a wireless company could purchase by creating two classes of spectrum licenses: restricted and unrestricted. According to Re/code, all companies would be allowed to bid on the available spectrum at first, generally in blocks of 5 MHz. Then if the bidding reaches a “threshold price,” 30 percent of the spectrum in that market would be reserved for smaller competitor companies. Additionally, the FCC is looking to adopt new “spectrum screens” which would limit how much spectrum a wireless carrier could hold in a certain market. Under the rules, if a carrier tried to buy up more than a certain amount of spectrum in the market, that would trigger extra scrutiny at the FCC before the deal could go through. The upcoming availability of spectrum, combined with new rules for who can own it, has garnered a lot of attention. Read 8 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Pioneer's $700 AVH-4000NEX is on sale today and will get a CarPlay-compatible firmware update early this summer. Pioneer Yesterday, Alpine Electronics announced plans to release a new in-car display compatible with Apple's CarPlay. It was the first announcement we'd heard about adding CarPlay support to an existing vehicle rather than buying an all-new one, but it will require the purchase of all-new hardware—as far as we know, Alpine's existing in-car displays won't be upgraded to support the feature. Today, the Pioneer Corporation is doing Alpine one better: it will be upgrading five of its existing aftermarket car displays to support CarPlay via a firmware update. That update will be issued in the "early summer." So if everything happens on time, buying one of Pioneer's displays will be the fastest way to get CarPlay in a car you already own. The five displays being upgraded span a variety of price points, from the $1,400 AVIC-8000NEX at the high end to the $700 AVH-4000NEX at the low end. Those two and the $1,200 AVIC-7000NEX have 7-inch 800×480 touchscreens, while the $750 AVIC-5000NEX and $900 AVIC-6000NEX sport 6.1-inch displays with the same resolution. Each display offers a variety of features (including, in some cases, turn-by-turn navigation and Android compatibility) when there's no iPhone connected, though connecting a CarPlay-capable iPhone running iOS 7.1 should offer approximately the same experience no matter which of the screens you use. Read on Ars Technica | Comments

Read More...
posted 9 days ago on ars technica
Google added a paragraph to its terms of service as of Monday to tell customers that, yes, it does scan e-mail content for advertising and customized search results, among other reasons. The change comes as Google undergoes a lawsuit over its e-mail scanning, with the plaintiffs complaining that Google violated their privacy. E-mail users brought the lawsuit against Google in 2013, alleging that the company was violating wiretapping laws by scanning the content of e-mails. The plaintiffs are varied in their complaints, but some of the cases include people who sent their e-mails to Gmail users from non-Gmail accounts and nonetheless had their content scanned. They argue that since they didn't use Gmail, they didn't consent to the scanning. US District Judge Lucy Koh refused Google's motion to dismiss the case in September. Koh also denied the plaintiffs class-action status in March on the grounds that the ways that Google might have notified the various parties of its e-mail scanning are too varied, and she could not decide the case with a single judgment. Read 2 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
In the next few decades, will we need to make room here for our flat panel monitors as well? Scott Beale Oculus VR founder Palmer Luckey has never been shy about sharing his vision for the potential of virtual reality (VR) technology to create wholly new experiences and computing interfaces. But some off-the-cuff statements Luckey made in the halls of PAX East last weekend have got one far-reaching question buzzing around many tech and gaming industry watchers today—will VR ever be so good that it makes traditional panel displays all but obsolete? Luckey certainly seems to think so. Speaking to Maximum PC after a panel on the state of PC gaming, the Oculus founder (and new Facebook employee) gave it about 20 years before today's flat panels are a thing of the past. "I think there's almost no way traditional displays will be around in a couple decades," Luckey told the site. "Why in the world would you buy a 60-inch TV that, even if it were dirt cheap for that, it's still going to cost a lot to ship it and make it from raw materials? A VR headset is going to be much better and much cheaper, and you can take it anywhere." Read 14 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Nathan Borror Rather than waiting for pending legislation to mandate an anti-theft kill switch, the leading mobile phone manufacturers and service providers—including Apple, Samsung, Huawei, AT&T, T-Mobile, Verizon, and Sprint—came together Tuesday to impose their own solution. The new “Smartphone Anti-Theft Voluntary Commitment” stipulates that new phones made after July 2015 will have a “preloaded or downloadable” anti-theft tool. Two months ago, Mark Leno, a California state senator introduced a bill in response to the rise of smartphone theft. More than 50 percent of all robberies in San Francisco involve a smartphone, according to law enforcement statistics Leno cites in his bill. Sections of the bill also note that smartphone theft was up 12 percent in Los Angeles in 2012, and nationwide, 113 smartphones are lost or stolen each minute. Read 5 remaining paragraphs | Comments

Read More...