posted 8 days ago on ars technica
"You should be able to use the Web without fear that a criminal or state-sponsored actor is exploiting software bugs to infect your computer, steal secrets, or monitor your communications," writes Google security researcher Chris Evans. To help make that a reality, Google has put together a new team of researchers whose sole purpose is to find security flaws in software—any software—that's used on the Internet. Google employees have found and reported security flaws in the past, but only as a part-time effort. The new "Project Zero" team will be dedicated to hunting for the kind of exploitable flaws that could be used to spy on human rights activists or conduct industrial espionage. Aiming to disrupt targeted attacks, the team will look at any software that's depended on by a large number of people. Project Zero will report bugs it finds only to the software vendor, and it will give those vendors 60 to 90 days to issue patches before public disclosure. This time frame may be reduced for bugs that appear to be actively exploited. Read 4 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
Steven Depolo There are a lot of good things for Comcast in the Federal Communications Commission’s network neutrality proposal, and Comcast is smart enough to recognize it. Today, Comcast Executive VP David Cohen announced that “we support the FCC putting in place legally enforceable rules to ensure that there is a free and open Internet, including transparency, no blocking, and anti-discrimination rules.” Comcast submitted a 71-page filing to the FCC in which Senior VP of Regulatory Affairs Kathryn Zachem laid out the reasons for the company’s support. The rules are so good, Comcast said, that it might be wise to apply them to cellular carriers as well as fixed Internet providers. Read 17 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
The hotspot for ultrahigh-energy cosmic rays. Telescope Array People make a big deal about the energies reached by the Large Hadron Collider, to the extent that they filed suit to block its operation over fears it would destroy the Universe. But as the physicists running the accelerator noted in their response, when it comes to high energies, nature got there first. While the LHC will eventually reach energies of 14 Tera-electronVolts, a cosmic ray called the Oh-My-God particle struck Earth with an energy of 300 Exa-electronVolts—over 10,000,000 times more energetic. Such insanely energetic particles, while uncommon, aren't exactly rare. Over the last five years, an observatory in Utah built to study cosmic rays has identified 72 particles that struck the Earth with energies above 50 Exa-electronVolts. By roughly mapping their origin, the observatory found that many seem to originate in a cosmic hotspot located in the northern hemisphere sky. But the source (sources?) that raises particles to these energies remains unidentified. Any particle physicist hoping to accelerate something to these energies better be incredibly patient. "To accelerate particles up to the ultrahigh-energy region," the authors of the paper describing the hotspot write, "particles must be confined to the accelerator site for more than a million years by a magnetic field and/or a large-scale confinement volume." Once released, however, they have a finite lifetime. Over time, they will interact with the cosmic microwave background in a way that will gradually slow them down. Read 8 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
Ulf Bodin Are Ikea lawyers on a trademark crusade? The Swedish furniture giant Ikea has made two attempts in recent months to knock out a pair of high-profile websites where some of their biggest fans gather, Ikeahackers.com and Ikeafans.com. Both sites operated peacefully for several years, but now Ikea has demanded the websites must be transferred to its control. Last month, the founder of Ikeahackers.com was served with a "cease and desist" letter ordering her to hand over the Web domain, eight years after Jules Yap (a pseudonym) founded it. After a massive online outcry, Ikea has backed away from its demands, at least for the time being. The case of Ikeafans.com is similar, in that it experienced a long period of cooperation with the famed Swedish chain and is now locked in conflict with Ikea lawyers. After nearly two years of negotiations failed, the founders of Ikeafans.com, James and Susan Martin, lawyered up and prepared to plead their case in federal court. They filed a lawsuit (PDF), seeking a ruling that Ikea breached its contract with the owners and the "implied license" that it gave the site to use the trademarks. Read 20 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
Flickr user: Michael Theis The first release of OpenSSL alternative LibreSSL is out, and already a researcher says he has found a "catastrophic failure" in the version for Linux. The problem resides in the pseudo random number generator (PRNG) that LibreSSL relies on to create keys that can't be guessed even when an attacker uses extremely fast computers. When done correctly, the pool of numbers supplied is so vast that the numbers will almost never be repeated in subsequent requests, and there should be no way for adversaries to accurately predict which numbers are more likely than others to be chosen. Generators that don't produce an extremely large pool of truly random numbers can undermine an otherwise robust encryption scheme. The Dual EC_DRBG influenced by the National Security Agency and used by default in RSA's BSAFE toolkit, for instance, is reportedly so predictable that it can undermine the security of applications that rely on it. Edge cases A security researcher has warned that there are cases where the LibreSSL PRNG will produce identical output two or more times when running on Linux systems, something he called a "catastrophic failure." The same data can be returned when an application process is cloned—or "forked," in computing parlance—something that can happen when an operating system repeats a similar task over and over, like each time a Web server opens a new connection, for example. In most cases, LibreSSL will detect that a process has been forked because its identifier, known as a PID, will differ. In those cases, LibreSSL will automatically reseed the random numbers to ensure they're unique to the new process. Read 7 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
The Federal Communications Commission has extended the deadline for submitting initial comments on its network neutrality plan. Instead of expiring today, the initial comment period will last until Friday, July 18 at midnight. "Not surprisingly, we have seen an overwhelming surge in traffic on our website that is making it difficult for many people to file comments through our Electronic Comment Filing System (ECFS)," an FCC announcement this afternoon said. "Please be assured that the Commission is aware of these issues and is committed to making sure that everyone trying to submit comments will have their views entered into the record." The FCC website buckled under the pressure of thousands of people trying to comment before the deadline, as we reported earlier. The FCC has received about 670,000 comments on its proposal, though about two-thirds of those came through e-mail rather than the online system. Read 2 remaining paragraphs | Comments

Read More...
posted 8 days ago on ars technica
Google Google's glucose-monitoring contact lens is still alive and kicking, despite the founder of the project leaving the company to work at Amazon. The Financial Times reports that Google is teaming up with Novartis, one of the world's largest pharmaceutical firms, to make the smart contact a reality. Novartis will license, develop, and commercialize the lenses via its eyecare-focused Alcon division, which makes the "Dailies," "Air Optix," and "Fresh Look" contact lenses. The two companies have a few ideas for a smart contact lens. The first is the original glucose-monitoring lens, which could detect a diabetic person's glucose level via his or her tears. The second is an "autofocus" lens for people who have difficulty switching between near and long-distance vision. Novartis said this focusing problem affects 1.7 billion people, with Joe Jimenez, Novartis' chief executive, calling it “the holy grail for vision care.” While Google's original announcement had an air of unbelievability to it, teaming up with one of the biggest players in pharmaceuticals makes the smart lenses seem a lot closer to reality. Jimenez said he would be “disappointed” if the smart contact was not ready for commercialization within five years. Read on Ars Technica | Comments

Read More...
posted 9 days ago on ars technica
The American Bar Association is urging its 400,000-lawyer membership to show some restraint when it comes to lodging online file sharing lawsuits. "Finally, while it is technically possible for trademark and copyright owners to proceed with civil litigation against the consuming public who affirmatively seek out counterfeited products or pirated content or engage in illegal file sharing, campaigns like this have been expensive, do not yield significant financial returns, and can cause a public relations problem for the plaintiff in addressing its consuming public," the association recommended. [PDF] The Intellectual Property Law section of the group, while urging new congressional legislation and educational outreach, noted as Exhibit A the litigation campaigns of the Recording Industry Association of America and the Motion Picture Association of America. Read 3 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Valve While Steam's year-long experiment with selling unfinished games through its "Early Access" program has had its share of issues, it's hard to understate the impact it has had on the way PC games are developed, marketed, and sold, with games like Day Z and Rust becoming best sellers before they're even finished. This hasn't gone unnoticed by console developers or by Sony and Microsoft, both of which have been hinting they might introduce their own "Early Access" style programs for their consoles soon. In a recent interview with Gamasutra, Sony Publisher and Developer Relations VP Adam Boyes said finding a smart way to give players access to games that aren't finished yet is "one of the massive conversations we have internally." One of the major barriers, he said, is making the development state of the game clear to potential purchasers. "We don't want somebody to stumble across that title and expect a full product, and have a negative experience." Boyes went on to say that Sony is working out guidelines for just how early a game can be before being offered to PlayStation customers. "We obviously have our tech requirement checklist that people have to adhere to," Boyes said. "So we're internally discussing, what does that list look like? What are the caveats? Stuff like this. So it's still a project that a lot of minds are considering. No details yet, but it's something on the top of my mind every day." Read 3 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Google is almost ready to ship dev kits for Project Ara, the modular smartphone concept from the company's ATAP division, to hardware developers. Google hopes the modular smartphone concept will someday allow users to replace and upgrade hardware components about as easily as you can swap out a removable battery. An entire ecosystem of innovative boutique smartphone hardware manufacturers could result from Ara, providing a change from the handful of large companies that control the market today. Making this system a reality is a massive challenge, but it seems that Google is making progress and is now taking requests for the developer boards, with a plan to ship later this month. No one outside of Google has ever actually seen Project Ara work. The closest we've come was at Google I/O last month, where a prototype device was able to show the Android boot screen and half of the lock screen before crashing. The developer boards aren't in a smartphone form factor, though—they look to be about the size of a small PC motherboard and are only meant for hardware development and testing. What one of the Ara dev kit boards actually looks like. It isn't quite as compact as the concept. Project Ara/Ron Amadeo One of the developer boards is pictured above, but there are actually three separate pieces of hardware. One is the application processor board (basically smartphone guts), which runs the horrifically old (and no longer supported) TI OMAP 4460, the same processor that's in the Galaxy Nexus and Google Glass. Since this is "the smartphone part," it will need to run software, which Google only identifies as "modified Linaro Android." Ara needs to run on a fork of Android that supports things like hot-swapping hardware components and additional drivers for the hardware ecosystem. We're going to guess this is the board pictured above, which is quite a bit bigger than the final concept, but it's good enough for testing. Read 4 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Though streaming video is a bigger user of bandwidth overall, it's images, not video, that are the big bandwidth user during regular browsing. A big proportion of this bandwidth is taken by lossy image formats, specifically JPEG, used to shrink photographic pictures to a more download-friendly size. The desire to make these images smaller—and hence faster to download—has inspired a lot of investigation to determine if some other format might do the job better. Google has been promoting the use of WebP, the still image derivative of its WebM video codec. Mozilla has also been looking at the issue, but the open source browser organization has come up with a different conclusion: we don't need a new image format, we just need to make better JPEGs. To that end, the group has released its own JPEG compression library, mozjpeg 2.0, which reduces file sizes by around five percent compared to the widely used libjpeg-turbo. Facebook has announced that it will be testing mozjpeg 2.0 to reduce its bandwidth costs, similar to its WebP trial. Read 8 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Microsoft CEO Satya Nadella addressing employees. Microsoft According to a Bloomberg report, Microsoft is preparing to undergo a significant staff reduction, potentially shedding as much as five percent of its employees around the world. Citing "people with knowledge of the company’s plans," Bloomberg elaborates that the cuts—which could exceed 5,800 people—will be made public potentially some time this week and will focus on areas of the company that were acquired from Nokia, as well as some marketing and engineering groups. The report specifically notes that some of the cuts "will be in marketing departments for businesses such as the global Xbox team." Microsoft’s current headcount is just north of 127,000, counting the 30,000 employees added during the acquisition of Nokia’s handset division earlier this year. Read 2 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
If you can get the FCC comment site to work, this is what it looks like. Today is the last day to file initial comments on the Federal Communications Commission's network neutrality proposal, and the FCC's ancient technology is unable to handle the load. This morning when trying to access the form to submit comments and the list of already submitted comments, I got an error message that said: "could not inspect JDBC autocommit mode." I also got this much longer and more entertaining error message: The site did load for me a couple of times, but the problems don't appear to be a fluke. In other cases, I just received a blank page, and FCC watchers are reporting trouble too. Here's Tim Karr, senior director of strategy at consumer advocacy group Free Press: Read 11 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Thread Group We are still in the early days for smart home devices. While products like the Nest thermostat have attracted some consumer interest, the concept still hasn't broken into the mainstream. To help this process along, Google-owned Nest, Samsung, and others are creating a new wireless IP protocol called "Thread" to help connect various smart devices together. Other Thread backers include Yale Security, Silicon Labs, Freescale Semiconductor, Big Ass Fans, and ARM. Current smart home devices use Wi-Fi, Bluetooth, or other standards to communicate with other devices, but the Thread Group believes these standards are insufficient. Bluetooth in particular is called out for its current "inability to carry IPv6 communications" (though Bluetooth 4.1 lays the groundwork to support IPv6), and the group criticizes both standards for their high power consumption and their "hub-and-spoke" models in which multiple devices rely on one centralized device to communicate with one another. By contrast, Thread is designed to be a "mesh" network that doesn't rely on a single router, and its power consumption is apparently low enough that devices can last "for years using even a single AA battery." The group claims that up to 250 devices can be connected together in a single Thread network. Products that use other 802.15.4-based protocols like ZigBee or MiWi can apparently be upgraded to support Thread via a software update. Read 2 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Mr.TinDC A Comcast customer service representative tried to keep a customer with a stunning display of hysteria and desperation over the weekend, and his failure was recorded for all to enjoy. Gdgt founder and AOL Vice President of Product Ryan Block posted a recording of his attempt to cancel his Comcast cable service over the phone Monday night, showing remarkable patience and reserve in the face of adversity. Block wrote on SoundBlock that the eight-minute recording was the tail end of a 18-minute conversation with a customer service rep desperate to get Block to keep his service. The rep insisted that Block had to return his Cablecard in person and give reasons for canceling the service, and he grew shriller with each workaround that Block tried to suggest. "It sounds like you don't want to go over this information with me," the rep said. Read 10 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
When my parents informed me that my blood type was A+, I felt a strange sense of pride. If A+ was a top grade in school, then surely A+ must also be the most excellent of blood types—a biological mark of distinction. It didn’t take long for me recognize just how silly that feeling was, but I didn’t learn much more about what it really meant to have A+. By the time I was an adult, all I really knew was that if I should end up in a hospital in need of blood, the doctors there would need to make sure they transfused me with a suitable type. And yet there remained some nagging questions. Why do 40 percent of Caucasians have Type A, while only 27 percent of Asians do? Where do different blood types come from, and what do they do? Read 59 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
In the day one keynote of its Worldwide Partner Conference, Microsoft was working hard to persuade its hardware and software partners of the opportunity that its platforms offered them. Key to that is convincing the assembled partners that its platform represented a growth opportunity. That means talking about the growth when products are doing well—and talking about the size of the potential market when they aren't. Doing well, of course, are Windows and Office—a billion users of the pair—and perhaps more importantly, as it represents the future, Office 365. Microsoft calls it its fastest growing commercial product, claiming in January a 150 percent increase in the number of small and medium sized businesses (SMBs) using it in the last year. This growth seems only likely to continue, with new pricing plans announced last week that should give SMBs a little more for their money. Azure, too, is looking like a success story, with Microsoft claiming 250,000 customers, adding 1,000 more every day. Just as Microsoft is having to sell the cloud to IT departments, it's also having to sell it to its partners. Here, the pitch is one that the company has been making since the start of the year: being "cloud-oriented" boosts profit and growth, with the company claiming that companies doing at least 50 percent of their business "in the cloud" have 1.6 times the gross profit margin, and 2.4 times faster growth. Read 8 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
It was Google's policy in November 2007 to counter offers to its employees from Facebook within an hour, according to e-mails released last week during the wage conspiracy case going on in California. Former Google CEO Eric Schmidt confirmed in the e-mails that the policy had been in existence for only 24 hours before it leaked outside of the executive management group. In the lawsuit, Google, Apple, Intel, and Adobe were accused by current and former employees of agreeing not to poach each others' workers to avoid being played against one another to raise salaries. Both sides in the case agreed on a settlement of $324 million, but US District Judge Lucy Koh has yet to approve it. Koh posted the Google e-mails Friday after considering a motion from Google to seal them, according to the Wall Street Journal. In the e-mails, Vijay Gill, an engineering manager at Google, forwards a snippet of an e-mail he received from an undisclosed source to two executives saying that "Google is open to significantly enhancing the offers to candidates who also have offers from Facebook… within an hour to Googlers who give notice about getting a Facebook offer." One of the executives, Bill Coughran, passed Gill's e-mail along to the executive management group e-mail list writing that the discussion had leaked. "Since I announced our 1 hour policy exactly 24 hours ago we should be embarrassed and disgusted by this leak," Schmidt wrote. Read 1 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Dish A federal appeals court has denied Fox’s bid to immediately shut down the Dish Anywhere streaming platform. The United States Court of Appeals for the 9th Circuit thinks that the broadcaster's issues with the service are best sorted out through a trial. Fresh off of its victory over TV startup Aereo, Fox had argued that Dish “engages in virtually identical conduct when it streams Fox's programming to Dish subscribers over the Internet—albeit also in violation of an express contractual prohibition—has repeatedly raised the same defenses as Aereo which have now been rejected by the Supreme Court.” Fox asked the 9th Circuit to impose a preliminary injunction, one that would put a halt to the service—but the court declined to do so. Fox's request is part of a broader case that will take far longer to complete. Read 4 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
The US Secret Service is warning hotel operators to be on the lookout for malware that steals passwords and other sensitive data from guests using PCs in business centers, according to a published report. The non-public advisory was issued on last Thursday, KrebsOnSecurity reporter Brian Krebs reported Monday. Krebs said the notice warned that authorities recently arrested suspects who infected computers at several major hotel business centers around Dallas. In that case, crooks using stolen credit card data to register as hotel guests used business center computers to access Gmail accounts. From there, they downloaded and installed keylogging software. The malware then surreptitiously captured login credentials for banking and other online services accessed by guests who later used the compromised PCs. The report is a poignant reminder why it's rarely a good idea to use public PCs for anything more than casual browsing of websites. Even when PCs are within eyesight of a business center employee, librarian, or other supervisor, and even when it is locked down with limited "guest" privileges, there are usually a host of ways attackers can compromise machines running either Windows or Mac OS X. Krebs wrote: Read 1 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Google I/O 2014 Keynote The tablet version of Gmail (the phone version is pictured below). 21 more images in gallery .related-stories { display: none !important; } We've already gathered up a bunch of screenshots from the Android L preview release, but there will be way more to Android L than just the notification panel, settings, dialer, and calculator. To get a better idea of what's in store for us, we went on a screenshot hunt for Google-created Material Design apps. Between various Google I/O sessions and the Material Design guidelines, the company has been dropping a ton of hints about what L will look like. After scouring all the design docs and I/O sessions, we threw together a gallery of the more revealing design examples. Left: The e-mail app from the Material Design docs. Right: Gmail Google A lot of these mockups are from the Material Design guidelines and (mostly) don't represent Google-branded products. You can see an example of this above, where the example e-mail app (left) doesn't have the correct color theme or action button, items have an extra line of text, and the app is missing some minor UI elements like stars and a timestamp. Read 2 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Miami police are probing footage of a fracas between two officers that was captured on a GoPro and eventually made public on YouTube. The recording is among the latest video to surface involving police shenanigans,  and it underscores that it's not just the populace under today's surveillance microscope. Local media describe the video as officer Marcel Jackson stopping a Chevrolet for allegedly unsafe driving. The driver turns out to be Lt. David Ramras, an internal affairs veteran. The video shows the internal affairs officer get out of the car before a tussle eventually ensues. Jackson throws Ramras to the ground and backup officers hit the scene. Read 7 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
Schoelkopf Lab, Yale The RAM in our computers is constantly refreshed to ensure that it maintains the intended information. For most of us, however, a bit flipped somewhere in the memory of our cell phones or laptops is no big deal. But in many data situations, like banking or rocketry data, a flipped bit can be catastrophic. For this, there's error-correcting RAM, which does exactly what its name implies: catches and fixes any errors that occur. One way to catch an error involves what's called a parity bit. These bits are tacked on to the end of a larger collection of bits (typically a byte) and simply indicate whether the collection sums up to an even or odd number. If the parity and the contents of the byte don't match, then an error must have occurred. Although the ability to catch and correct errors is very useful in traditional RAM, it may be even more essential in quantum memory, as most of these memory technologies have a fairly short life span before they interact with their environment and lose their contents. In a potential step toward error correcting quantum memory, researchers have created the first quantum parity bit, which keeps track of the number of photons stored in a neighboring optical cavity. Read 9 remaining paragraphs | Comments

Read More...
posted 9 days ago on ars technica
EETimes Google Glass has been struggling a bit lately: Android Wear showed up to eat the product's lunch, and there was almost no mention of Glass at the company's recent I/O conference. To make matters worse, The Glass KitKat update made the device slow and buggy, and it removed video chat, one of Glass' highlight features. Now the founder and former head of Google Glass, Babak Parviz, is leaving Google for Amazon. Parviz announced the move on his Google+ page, updating the "About" section to say: I founded and led a few efforts at Google (among them, Google Glass and Google Contact Lenses are public so far :) prior to moving to Amazon and work on a few other things now... The contact lens mentioned in Parviz's profile is the glucose-detecting Google Contact Lens, which was announced at the beginning of the year. Parviz has been working for some time on embedding technology into contacts; he previously put an LED in a contact lens. Late last year, Parviz stepped down as the head of Glass to work on other projects, and he was eventually replaced by Ivy Ross, a marketing executive from Art.com. Read 1 remaining paragraphs | Comments

Read More...
posted 10 days ago on ars technica
Microsoft, Sandyford, Co. Dublin Red Agenda Global governments, the tech sector, and scholars are closely following a legal flap in which the US Justice Department claims that Microsoft must hand over e-mail stored in Dublin, Ireland. In essence, President Barack Obama's administration claims that any company with operations in the United States must comply with valid warrants for data, even if the content is stored overseas. It's a position Microsoft and companies like Apple say is wrong, arguing that the enforcement of US law stops at the border. A magistrate judge has already sided with the government's position, ruling in April that "the basic principle that an entity lawfully obligated to produce information must do so regardless of the location of that information." Microsoft appealed to a federal judge, and the case is set to be heard on July 31. Read 8 remaining paragraphs | Comments

Read More...