posted 12 days ago on ars technica
Enlarge (credit: Kaspersky Lab) Makers of the Telegram instant messenger have fixed a critical vulnerability that hackers were actively exploiting to install malware on users' computers, researchers said Tuesday. The flaw, which resided in the Windows version of the messaging app, allowed attackers to disguise the names of attached files, researchers from security firm Kaspersky Lab said in a blog post. By using the text-formatting standard known as Unicode, attackers were able to cause characters in file names to appear from right to left, instead of the left-to-right order that's normal for most Western languages. The technique worked by using the special Unicode formatting *U+202E* which causes text strings following it to be displayed from right to left. As a result, Telegram for Windows converted files with names such as "photo_high_regnp.js" to "photo_high_resj.png," giving the appearance they were benign image files rather than files that executed code. Read 2 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Enlarge / Salon's new message for ad-blockers. (credit: Salon) Salon.com has a new, cryptocurrency-driven strategy for making money when readers block ads. If you want to read Salon without seeing ads, you can do so—as long as you let the website use your spare computing power to mine some coins. If you visit Salon with an ad-blocker enabled, you might see a pop-up that asks you to disable the ad-blocker or "Block ads by allowing Salon to use your unused computing power." Salon explains what's going on in a new FAQ. "How does Salon make money by using my processing power?" the FAQ says. "We intend to use a small percentage of your spare processing power to contribute to the advancement of technological discovery, evolution, and innovation. For our beta program, we'll start by applying your processing power to help support the evolution and growth of blockchain technology and cryptocurrencies." Read 14 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Toyota It doesn't use exotic, lightweight materials. It doesn't have a clever electric powertrain. But the Toyota Camry is undoubtedly one of the most important cars we'll ever review, if only because Toyota sells so damn many of them. The Camry is now in its eighth generation, and Toyota says this one is sportier and more upscale than Camrys of old. However, after a week with one—the $32,250 V6 XSE—I'm left with one conclusion: there are evidently an awful lot of car buyers out there who just don't care much about their cars. Read 15 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Enlarge (credit: NASA) There were plenty of striking things about Monday's budget news, given that it contained lots of draconian cuts that were simultaneously restored because Congress had boosted spending the week before. But perhaps the most striking among them was an item in the proposed budget for NASA: Trump wants to shut off a perfectly functional satellite. That in itself is pretty shocking. But to truly appreciate just how awful this is, you have to understand the history of that satellite and what it means to the scientific community as a whole. So let's step back and take a look at why the Orbiting Carbon Observatory (or OCO) exists in the first place. It turns out it was built specifically to handle some outstanding questions of the sort that people in the administration say are important, and killing it would be an even larger waste of taxpayers' money than it may first appear. Real uncertainty The Orbiting Carbon Observatory's primary job is to see what's happening to the carbon dioxide levels in our atmosphere. You may think that's a solved issue: we're emitting a lot, and levels are going up. And that's true to a point. But once you pass that point, you enter a world where there are lots of details, and many of them matter. Read 12 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Greetings, Arsians! While the Dealmaster is making last-minute preparations for his Valentine's Day date with Lady Dealmaster, he's still got time to bring you the usual slate of gadget discounts thanks to our friends at TechBargains. Our list today is highlighted by an early President's Day deal on Dell's popular XPS 13 laptop, more specifically a configuration with a new Core i7-8550U processor, 8GB of RAM, and a 256GB SSD. It normally retails for $1,300; now, it's $1,000. Note that this isn't the absolute newest model of the XPS 13, but given how that notebook has a smaller battery and lacks USB-A ports, you might prefer this version anyway. If you're not in the market for a new laptop, we also have deals on the newest Beats headphones, a wide variety of Amazon Echo and Fire devices, Google WiFi routers, lots of 4K TVs, and, yes, even a few chocolates for Valentine's Day. Have a look for yourself below. (credit: TechBargains) Note: Ars Technica may earn compensation for sales from links on this post through affiliate programs. Read 11 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Enlarge / Gross. (credit: Getty | Tim Graham) A 26-year-old Oregon woman has received the undesirable title of the first human to have tiny parasitic worms previously only ever seen in cattle squirming around in her eyeball. Infectious disease experts reported that the woman had a total of 14 of the wriggling parasites pulled from her left eyeball after she experienced eye irritation. This happened in August 2016, although the experts only published their paper on Monday, February 12. The woman pulled most of the worms out herself over a 20-day period, despite visiting several doctors. The translucent worms were less than a half-inch long. Since then, she’s made a full recovery, with no more irritation or any evidence of additional worms. Several of the parasites pulled from her peepers were sent to experts at the Centers for Disease Control and Prevention’s Parasitic Diseases Reference Laboratory. There, the worms were identified as Thelazia gulosa, a type of tiny worm that’s known to infect the eyeballs of cattle in the US and Southern Canada, as well as Europe, Central Asia, and Australia—but never seen in humans before. The authors report the find in the American Journal of Tropical Medicine and Hygiene. Read 6 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Enlarge / President Donald Trump unveils his infrastructure plan in the State Dining Room at the White House February 12, 2018 in Washington, DC. (credit: Getty Images | Chip Somodevilla ) President Trump's new 10-year plan for "rebuilding infrastructure in America" doesn't contain any funding specifically earmarked for improving Internet access. Instead, the plan sets aside a pool of funding for numerous types of infrastructure projects, and broadband is one of the eligible categories. The plan's $50 billion Rural Infrastructure Program lists broadband as one of five broad categories of eligible projects. Here's the full list: Transportation: roads, bridges, public transit, rail, airports, and maritime and inland waterway ports. Broadband (and other high-speed data and communication conduits). Water and Waste: drinking water, wastewater, storm water, land revitalization, and Brownfields. Power and Electric: governmental generation, transmission, and distribution facilities. Water Resources: flood risk management, water supply, and waterways. Eighty percent of the program's $50 billion would be "provided to the governor of each state." Governors would take the lead in deciding how the money would be spent in their states. The other 20 percent would pay for grants that could be used for any of the above project categories. Read 20 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Games like Rainbow Six: Siege are indicative of a new focus on long-lasting "live" games at Ubisoft. For a long time, Ubisoft was known for cranking out annual or near-annual releases in popular franchises like Assassin's Creed, Just Dance, Far Cry, the Tom Clancy games, and more. Now, though, the company is signaling it is in the middle of a major change in direction, focusing on fewer big-game releases that draw long-term support from both developers and players. "New releases now only represent a part of our business, which is now focused on longterm engagement with our player communities," Ubisoft CEO Yves Guillemot writes in a sprawling 256-page annual report released this week. "Our players not only play for more hours at a time, but do so over a period of months or even years. We are thus able to offer them new experiences and content, thereby extending the lifetime of our games." Guillemot points to Rainbow Six: Siege as the primary example of this new focus; the game saw its player base double between February 2016 and February 2017. But continued developer refinement and player engagement with online-focused titles like The Division, For Honor, and Steep also reflect the company's focus on "live" games, Guillemot says. Read 6 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Enlarge / Cloudflare CEO Matthew Prince at a 2014 TechCrunch Disrupt conference in London. (credit: Anthony Harvey/Getty Images for TechCrunch) A federal judge in San Francisco has unequivocally ruled against a non-practicing entity that had sued Cloudflare for patent infringement. The judicial order effectively ends the case that Blackbird—which Cloudflare had dubbed a "patent troll"—had brought against the well-known security firm and content delivery network. "Abstract ideas are not patentable," US District Judge Vincent Chhabria wrote in a Monday order. The case revolved around US Patent No. 6,453,335, which describes providing a "third party data channel" online. As Ars reported back when the case was filed in May 2017, the invention claims it can incorporate third-party data into an existing Internet connection "in a convenient and flexible way." Blackbird also filed a nearly identical lawsuit against the cloud platform Fastly, which was founded in 2011. Read 7 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Enlarge / A family of sea-level-measuring satellites. (credit: NASA) Some people have eyeballed satellite measurements of sea level rise and claimed that there is no sign of acceleration—just a linear increase. Then, ignoring the physics of melting glacial ice and the expansion of warming water, they declare that future sea level rise won’t be a big deal. Many studies have demonstrated accelerating rates of sea level rise over the past millennia, as well as the tide gauge record spanning the 20th century. But the short satellite record—which only started in 1993—is a slightly different question. While the global satellite record is in many ways cleaner than coastal measurements that can be affected by processes that raise or lower the ground that the tide gauge sits on, there are still complications to account for. Since the record is still short, a small wiggle of natural variability can have a significant impact on seeing the subtle acceleration. The back-and-forth between El Niño and La Niña, for example, causes sea level to vary from year to year by changing the amount of precipitation that temporarily shifts water onto continents. Accounting for all of this is complicated, but that hasn't stopped researchers from trying. Read 9 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Enlarge / The Pixel 2 and Pixel 2 XL. (credit: Ron Amadeo) With the recent acquisition of one of HTC's smartphone teams, Google appears more committed than ever to being a smartphone hardware maker. The company still has a long way to go to reach a substantial customer base, though. The research director for IDC, Francisco Jeronimo, shared some interesting smartphone shipment numbers from the IDC's quarterly industry report. The IDC says Google shipped only 3.9 million Pixel phones in 2017. That's good, in that it is double the previous year's shipments. On the other hand, the IDC says Apple shipped 215.8 million iPhones in 2017, which works out to 4.15 million a week. So Apple ships more phones in a week than Google does in a year. They make good phones Google's jump into the hardware arena with self-branded phones began with the first Pixel phone at the end of 2016, and the company still has a ton of work to do. Google has proven it is good at the "phone building" part of being in the smartphone business—the Pixel 2 and 2 XL are easily the best Android phones you can buy. Google hasn't made a lot of progress in the "sales and support" part of the smartphone business, however. Read 8 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Enlarge / A senior military advisor to Iran's supreme leader claims reptiles can be used for nuclear espionage because they "attract atomic waves." (credit: Dorit Hockman) The senior military advisor to Iran's supreme leader Ayatollah Ali Khamenei claimed in a press conference in Tehran today that Western nations had deployed reptiles as nuclear spies. Agence France-Presse reports that Hassan Firuzabadi, previously chief of staff of Iran's military, justified the recent arrest of environmentalists by claiming that the West had used scientists and environmental activists to spy on Iran's nuclear program by deploying lizards that could "attract atomic waves." There has been a recent wave of arrests of prominent Iranian environmentalists. Kavous Seyed Emami, a sociology professor and environmental activist who also held Canadian citizenship, was arrested last month and died in prison this past weekend—reportedly hanging himself while held in solitary confinement. Emami was the founder of the Persian Wildlife Heritage Foundation, a group dedicated to protection of Iran's endangered species. A number of other activists associated with the Foundation were also arrested in the sweep last month, including Iranian-American businessman Morad Tahabaz—a board member—and Hooman Jokar, a vice-chairman of the Foundation and head of the Asiatic Cheetah desk at Iran's Department of the Environment. Kaveh Madani was also arrested and briefly held over the weekend. Read 5 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Hawaii state Rep. Chris Lee has helped spearhead the legislative effort against loot boxes in his state and others. The Hawaii state legislature is now considering two sets of bills that would regulate games containing randomized in-game item purchases—commonly known as loot boxes—much like casino games, barring minors from purchase and requiring odds disclosures and public warnings. House Bill 2686 and its accompanying Senate version would prohibit retailers (including those that operate online) from selling games that include "a system of further purchasing a randomized reward or rewards" to anyone under 21 years of age. Many US retailers already prevent children under 17 from buying games rated "M for Mature" or "AO for Adults Only" by the Entertainment Software Rating Board (ESRB). Those voluntary restrictions don't have the force of law, though, and a landmark 2011 Supreme court decision overturned state laws that attempted such content-based age restrictions on First Amendment grounds. That decision would likely not apply to the commerce-based restrictions in these bills, though. Read 9 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Amazon wants to cut the lag time between your asking Alexa a question and the virtual assistant giving you an answer. According to a report by The Information, the online retailer is developing its own artificial intelligence chips to be used in Echo devices and other hardware. If successfully created and deployed, these AI chips would allow more voice-based requests to be processed on-device rather than going to the cloud. Currently, Alexa needs to contact the cloud to interpret commands. That's why there's a short delay after you ask the virtual assistant a question—it needs to analyze the command and gather an answer with help from the cloud. A dedicated AI chip in a device like an Echo would allow Alexa to process certain requests more quickly, decreasing the delay that lies in between your question and Alexa's answer. While complex inquiries will likely still be handled with help from the cloud, more simple commands could be processed all on the device itself. Amazon reportedly has 450 people with chip knowledge on staff now, many of which came via recent acquisitions. The company bought the Israeli chipmaker Annapurna Labs in 2015 for $350 million and the security camera company Blink for a reported $90 million at the end of 2017. It's believed that Amazon bought Blink specifically for its low-energy chip expertise; the company's smart home security cameras use these chips to extend the battery life of its camera modules to at least two years. Read 2 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Enlarge (credit: Squirrel Monkey) Alexa, Google Assistant, Cortana, Siri, and Bixby, we guess, are getting more and more prevalent, the narrative goes. A lot of people believe the personal assistant's moment is now. But why now? Could it have happened back in say, 1987? Probably not. But if you want a speculative glimpse at what that would have been like, you can watch this video from the YouTube channel Squirrel Monkey's popular Wonders of the World Wide Web series. As with previous entries about current products like Instagram and Tinder, it plays out like a VHS instructional video explaining to computer newbies how to get Siri working on their home computers. It's a good reminder of how far we've come; even if, hypothetically, someone had been able to get the intelligence and voice recognition right on a personal assistant in that time, all the other hardware and software limitations would surely have gotten in the way. Like abiogenesis in the primordial soup, sometimes the conditions all have to align for a technology to become usable by the general public. Read 5 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Video shot by Joshua Ballinger, edited and produced by Jing Niu and David Minick. Click here for transcript. (video link) Apollo: The Greatest Leap Teaser: Our Apollo series finale is coming tomorrow The Greatest Leap, part 5: Saving the crew of Apollo 13 Teaser: Next up on “The Greatest Leap,” Ars talks Apollo 13 The Greatest Leap, part 4: Catching Apollo fever as a new NASA employee Teaser: Our celebration of 50 years of Apollo resumes next week View more stories And then it was all over. After the drama of Apollo 13, the final four human missions to the Moon in 1971 and 1972 flew smoothly. With each successive, increasingly routine landing, astronauts made longer forays out onto the dusty lunar terrain and delved deeper into the scientific secrets hidden there. Read 62 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
Department of Energy in Washington, DC. (credit: Begemot) On Monday afternoon, the Trump Administration released a budget proposal (PDF), including new figures for the Department of Energy (DOE). This budget proposal is just an opening salvo—Congress must approve the budget before it takes effect, and without a doubt there will be negotiations over the details. This year's suggested changes to the DOE budget track the ones found in the president’s first budget proposal in 2017. Notably, the proposed budget yet again eliminates the popular Advanced Research Projects Agency—Energy (or ARPA-E) program, which has funded early-stage energy research through a federal grant program for years. The main text of budget proposal says the DOE ought to receive $29 billion, down from about $30.1 billion, but an addendum text adds another $1.533 billion to the DOE budget, which would reflect a budget increase of about $500 million over what the DOE received in 2017. However, despite a relatively stagnant budget for the DOE, renewable energy programs will be cut dramatically beyond the elimination of ARPA-E. Under the plan, the Office of Energy Efficiency and Renewable Energy sees its budget cut from around $2 billion to $696 million (PDF). Read 10 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Enlarge / You spent the money to build it and put it into orbit? Twice? Doesn't matter, shut it down. (credit: NASA) Today, the Trump administration released a proposed budget that called for massive cuts to science research across the federal government. But Trumps's budget was accompanied by a second document that rescinded some of the cuts, even while complaining that doing so was a bad idea. Meanwhile, drastic cuts to environmental and renewable energy programs remain in both budget versions. The confusion was caused by last week's bipartisan budget deal, which raised caps on both military and domestic spending. The Trump administration had been planning on working within the caps, to raise military spending while cutting back elsewhere, including on scientific research. The budget deal, however, raised military and domestic spending, suddenly infusing the latter with lots of extra cash. In response, the Trump administration released an addendum in which it reset a few of the priorities in light of the budget deal. So what we have is a view into the Trump administration's actual intentions for science, along with some indication of what it will do now that Congress has forced its hands. Read 17 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Enlarge (credit: Getty | Joe Amon) Activists in California can now move forward with an expansive ballot initiative that encompasses a world of non-evidence-based and fringe notions, according to California Secretary of State Alex Padilla. The initiative would eliminate vaccination requirements for schools and daycares, banish genetically modified organisms, and prohibit basic water treatments with fluoride and chlorine. It would ban more than 300 chemicals, including fire retardants, and order the removal of smart meters. These, the initiative claims, are “neither smart nor meters but intermittent samplers, not accurate, not accountable, [that] emit and receive unnecessary radiation.” The initiative, dubbed the “California Clean Environment” initiative, will create an elected, three-person board to oversee the sweeping regulations and approve new chemicals. Violations under the initiative would be considered up to felony crimes, punishable by fines and prison sentences. Read 6 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Enlarge (credit: Getty Images | Peter Dazeley) Verizon Wireless will soon begin locking the phones it sells to customers, a move that will prevent the phones from being activated on any other carrier's network. But Verizon says it is taking this measure to deter theft that occurs before customers purchase phones, and that Verizon will unlock the phones for customers after they're purchased. What isn't clear is how long customers will have to wait before the phones are unlocked, and exactly what steps customer will have to take to do the unlocking. Verizon says its stores have been victimized by increasingly frequent armed robberies. Verizon isn't allowed to lock phones to its network because of open access requirements that are specific to the "C Block" 700MHz wireless spectrum that Verizon purchased in 2008 and uses for its 4G LTE network. Since then, Verizon has generally had more customer-friendly unlocking policies than other carriers. Read 23 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Enlarge / I am really tired of being the only person on this ship with any sense whatsoever. (credit: CBS) This season of Star Trek: Discovery has been wobbling between awesomeness and toxic muck, and last night's finale didn't tip the balance. The show has been under a cloud of controversy since before its launch, when fans raged about having to buy CBS' All Access streaming service to watch the show. But then, despite the exit of acclaimed showrunner Bryan Fuller, ST:DISCO debuted to mostly positive critical responses. Now it's time to assess where last night's season finale left us. Over the season, we've had standout, brilliant episodes mixed in with 60-minute clunkers. Burnham's character arc has been consistently fascinating, but characters like Lorca and Voq/Tyler have slowly eroded from multi-dimensional people into mere plot devices. Most of the show's worst problems cropped up in the second half of the season, when we took a long detour into the Mirror Universe. Though finale "Will You Take My Hand" tied up any number of loose threads, often in ways that were rich and satisfying, the episode also doubled down on some of the series' biggest mistakes. Spoilers ahead. If you continue to read and then complain about spoilers, you will be forced to eat Saru's magical neuro-tentacles. Read 17 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Enlarge / The dark block on the left is the four core Zen CCX. On the right is the GPU. (credit: AMD) Last year's release of the Ryzen processors, built around AMD's new Zen core, was a major event for the chip company: after years in the doldrums, AMD finally had processors that were credible alternatives to Intel's chips. However, AMD still didn't offer Intel much competition, because its chips lacked an important feature: integrated GPUs. In both the laptop and the mainstream and corporate desktop markets, most processors sold combine a CPU with a GPU, while discrete GPUs are reserved for high performance, gaming, and other specialized systems. The first wave of Ryzen chips all needed to be paired with video cards. That made it appealing to enthusiasts and certain high-performance markets, but irrelevant to Intel's bread-and-butter market. We knew that situation was temporary. A few mobile processors that combined Zen with a GPU hit the market late last year, and desktop parts were promised for February at CES. The first two chips to use the "AMD Ryzen Desktop Processors with Radeon Vega Graphics" moniker were released today. (FYI: AMD is regrettably no longer using its much more concise "Accelerated Processing Unit" (APU) terminology for CPU-GPU combinations.) Read 15 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
The Atari 2600 (originally sold as the Atari Video Computer System, or VCS) was by far the most popular console of its era. It did much to popularize switchable cartridge-based games. Despite many efforts, Atari would never again replicate its success. (credit: Andrew Cunningham) Almost immediately after Atari co-founder Nolan Bushnell was un-nominated for a "Pioneer" award over accusations of sexism, questions arose from gaming fans and historians alike: was the reaction appropriate? They wanted to know: was a "#NotNolan" campaign too quick to pass judgement based on salacious rumors? Or was it a measured response to how the gaming and technology industries look so many years later? A report from Kotaku's Cecilia D'Anastasio came closest to answering that question on Monday. For the report, she interviewed a compelling spectrum of women who are perhaps best equipped to speak to the question: Bushnell's female peers within Atari, as well as female industry researchers and historians. The report doesn't come close to a definitive answer, and its hesitation to render any verdict on the matter is perhaps its greatest strength. Read 8 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Enlarge (credit: Jaap Arriens/NurPhoto via Getty Images) In a new update to its app announced Monday, Uber drivers will now be forced to take a six-hour break after a total of 12 hours of driving time. Drivers will not be able to accept new riders during that rest period. In a blog post, the company said it will “strengthen our approach to help keep riders and drivers safe on the road while preserving the flexibility drivers tell us they love.” The post added that 60 percent of its drivers are only on the road for 10 hours or less per week. By contrast, federal regulations stipulate that bus drivers may only drive 10 consecutive hours after having had eight hours off duty. Read 4 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Aw, damn. (credit: cibomahto) The scourge of drive-by currency mining—in which websites and apps covertly run resource-draining code on other people's devices—shows no sign of abating. Over the weekend, researchers added two more incidents: one involves more than 4,200 sites (some operated by government agencies), while the other targets millions of Android devices. The first incident affected sites that offer a free text-to-speech translation service called Browsealoud. On Sunday, someone changed the JavaScript code hosted here to include currency-mining code from Coinhive, a controversial site that uses the devices of site visitors, usually without their permission, to generate digital coin known as Monero. In the process, any site that included a link to the Browsealoud JavaScript suddenly saddled its visitors with code that used 60 percent of its CPU resources, with no attempt to warn end users or get their permission (by default, Coinhive code uses 100 percent). Search results show that the breach affected 4,275 sites, including those operated by the UK government's Information Commissioner's Office, US federal courts, and the state of Indiana. The CTO of Texthelp, the company that offers Browsealoud, issued a statement saying it suspended the service until Tuesday. The move put an end to the illicit mass mining, which lasted about four hours. At no time was customer data accessed or lost, the statement said. Read 8 remaining paragraphs | Comments

Read More...