posted 13 days ago on ars technica
The Interview is not the only recent piece of media lampooning North Korea to run into trouble. Developers at Monkey Horse Games have announced that they are canceling a Kickstarter funding project for Glorious Leader—a 16-bit-styled run-and-gun game featuring North Korean leader Kim Jong Un as a protagonist—following an alleged hack over the holidays. Monkey Horse launched a Kickstarter on December 17 that sought $55,000 to fund the game, and the titled gained a bit of mainstream press due to the Sony Pictures hack. Monkey Horse's own website and work computers were then hacked just before Christmas, according to the company. At the time, the developers wrote that they were "sure that this is a hoax perpetrated by amateurs. We have NO reason to believe that this was done by the [Sony Pictures hackers Guardians of Peace] or anyone affiliated with North Korea. It appears to be an opportunistic copycat, as we have been the target of hacking attempts in the past." Regardless of responsibility, Monkey Horse now says that the attack was bad enough to derail the whole project. Read 2 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
US Rep. Bob Latta (R-Ohio) yesterday filed what his press release called "bipartisan legislation to keep [the] Internet open [and] accessible." What the bill actually would do is prevent the Federal Communications Commission from applying common carrier rules to Internet service providers, a step the FCC appears likely to take next month. FCC Chairman Tom Wheeler may propose reclassifying broadband providers as common carriers to be regulated by Title II of the Communications Act. The move would let the FCC impose net neutrality rules that restrict ISPs' ability to block, throttle, or prioritize Internet content in exchange for payment, but industry groups argue it will expose telecoms to stricter rules and impose new fees and taxes on consumers. “The FCC’s plans to reclassify broadband under Title II are misguided,” Latta said in his announcement. “Imposing monopoly-era telephone rules on a 21st Century industry that has thrived under the current light-touch regulatory framework will undoubtedly impede the economic growth and innovation that have resulted in the broadband marketplace absent government interference. These businesses thrive on dynamism and the ability to evolve quickly to shifting market and consumer forces. Subjecting them to bureaucratic red tape won’t promote innovation, consumer welfare, or the economy. My legislation provides the certainty needed for continued investment in broadband networks and services that have been fundamental for job creation, productivity, and consumer choice.” Read 3 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Just as Google is coming under fire for publicizing a Windows bug two days before Microsoft released a fix, the company is now in the crosshairs because of its approach towards updating its own software. Not for the first time, a bug has been found in the WebView component of Android 4.3 and below. This is the embeddable browser control powered by a version of the WebKit rendering engine used in Android apps. Android 4.4 and 5.0, which use Blink rather than WebKit for their WebView, are unaffected. But by Google's own numbers, some 60 percent of Android users are using 4.3 or below. As such, this is a widespread, high-impact bug. The normal procedure would be to report the bug to Google, and for Google to develop a fix and publish it as part of Android Open Source Project release. Read 10 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
It seems like just yesterday that we were posting weekly updates about the new playable songs available for download in the Rock Band store. In actuality, it's been about 21 months since Harmonix stopped its regular DLC updates in April 2013 and over four years since the last retail Rock Band game (though the brand has lived on in titles like the downloadable Rock Band Blitz). Everything old is new again this week, though, with the surprise announcement that three new Rock Band tracks will be available for download starting Tuesday. The new songs you'll be able to download for $2 each are: Avenged Sevenfold -- "Shepherd Of Fire" Arctic Monkeys -- "R U Mine?" Foo Fighters -- "Something From Nothing" Why add new songs to the 3,500 track Rock Band library so suddenly, after such a long break? "We had an exciting opportunity to add new content to the already-massive Rock Band library with a song from Arctic Monkeys—a band that’s never been in a Rock Band title before!—as well as new music from fan favorites Avenged Sevenfold and Foo Fighters," Harmonix spokesman Nick Chester told Ars in an e-mail. "We couldn’t pass it up. Also, we wanted to see if we could still do it. Turns out we can. It’s sort of like riding a bike." Read 3 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Last week, the imageboard site 8chan.co was brought offline for a sustained period of over five days due to a prolonged DDoS attack. On Monday, it returned only to go back offline for a much different reason: Its domain had been seized. Site founder Fredrick Brennan posted an e-mail on Monday that he says came from the site's Bahamas-based registar, Internet.bs. The note explained that the domain 8chan.co had been put "on hold" due to "child abuse" content appearing on the site. This followed a swell of complaint e-mails sent over the weekend to Cloudflare, the "pass-through" hosting company that had been operating 8chan's servers. Some Cloudfare users were upset over content posted on 8chan by its imageboard users. "Please take appropriate measures to stop your customer from abusing your services and enabling illegal content," one complainant wrote after posting links to 11 8chan boards that contained underage "girls and boys shown in sexual poses." Read 3 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Believe it or not, Sharp is one of the more interesting smartphone OEMs out there right now. The company doesn't do much business in America, but it is one of the top suppliers of LCDs to companies like Apple. And in Japan, the company has been using its display expertise to churn out unique-looking devices with ultra-thin bezels. Sharp recently released a phone in America for the first time in four years when it brought the Aquos Crystal to Sprint. We reviewed it and found the design to be a breath of fresh air, but we were a little bummed about the mid-range spec sheet—it only had a 720p screen and a 1.2 GHz Snapdragon 400 SoC. Late in December, Sharp said it heard the calls for a high-end version, and the company announced the Aquos Crystal X. The Aquos Crystal X takes the beautiful design of the Aquos Crystal and applies it to a high-end phone. The Crystal X is bigger—packing a 5.5-inch, 1080p LCD (The Crystal only had a 5-inch display)—and it's faster too. It has a 2.3GHz Snapdragon 801, 2GB of RAM, 16GB of storage, 2610mAh battery, and 13MP rear and 2.1MP front cameras. Read 7 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
A security researcher examining the website of North Korea's official news service, the Korean Central News Agency, has discovered that the site delivers more than just the latest photo spread of Democratic Peoples' Republic of Korea leader Kim Jong Un inspecting mushroom farms. There's a little extra surprise hidden in the site's code—malware. The news site appears to double as a way for North Korea to deliver a "watering hole" attack against individuals who want to keep tabs on the "activities" of the DPRK's dear leader. Ars has independently verified a reference within part of the site's JavaScript code called from the home page to a download named "FlashPlayer10.zip." The file, which is set as a JavaScript variable "FlashPlayer" on the site's main page and on other site pages, contains two files labeled as Windows executable installers containing updates for the long-since obsolete Flash Player 10—one for an alleged ActiveX control, and the other for a browser plug in. Both are identical files, and they contain a well-known Windows malware dropper, based on an analysis through the malware screening site Virustotal. Read 3 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
David Cameron, the British Prime minister, is one-upping his Western allies when it comes to anti-encryption propaganda. Ahead of national elections in May, Cameron said that if re-elected, he would seek to ban encrypted online messaging apps unless the UK government is given backdoors. "Are we going to allow a means of communications which it simply isn't possible to read?" Cameron said Monday while campaigning, in reference to apps such as WhatsApp, Snapchat, and other encrypted services. "My answer to that question is: 'No, we must not.'" He said the Paris attacks, including the one last week on satirical newspaper Charlie Hebdo, underscored the need for greater access. Read 11 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
The perennial problem of bug disclosure has provoked a new squabble between Microsoft and Google. On Sunday, Google disclosed the existence of a Windows elevation of privilege flaw that the company reported privately in October. That flaw hasn't been patched yet. It will be very soon—the update is due to land on Patch Tuesday, tomorrow—but Google's publication of the flaw means that, for a couple of days, Windows users are vulnerable to an unfixed flaw. In response, Chris Betz, senior director of the Microsoft Security Response Center, published a lengthy complaint calling for "better coordinated vulnerability disclosure." Microsoft has been promoting "coordinated vulnerability disclosure" since 2010, but the security community has long been split on how best to disclose security flaws. On one extreme is the full disclosure crowd; security flaws are documented and described in full, in public, typically onto a mailing list. In the early days, that disclosure was typically the first time the software developer responsible even heard of the flaw, though some researchers promised to disclose to vendors first. Read 12 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Thousands of articles have called the December attack against Sony Pictures a wake-up call to industry. Regardless of whether the attacker was the North Korean government, a disgruntled former employee, or a group of random hackers, the attack showed how vulnerable a large organization can be and how devastating the publication of its private correspondence, proprietary data, and intellectual property can be. But while companies are supposed to learn that they need to improve their security against attack, there's another equally important but much less discussed lesson here: companies should have an aggressive deletion policy. One of the social trends of the computerization of our business and social communications tools is the loss of the ephemeral. Things we used to say in person or on the phone we now say in e-mail, by text message, or on social networking platforms. Memos we used to read and then throw away now remain in our digital archives. Big data initiatives mean that we're saving everything we can about our customers on the remote chance that it might be useful later. Read 7 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Verizon has repeatedly claimed that utility rules would harm investment in broadband networks, urging the Federal Communications Commission to avoid imposing new regulations. Yet Verizon’s statements to the FCC have avoided mentioning that its own utility-style common carrier status helped the company charge landline phone customers higher prices to fund construction of the fiber network over which it provides FiOS Internet and TV. That’s the crux of a complaint by telecom analyst Bruce Kushnick of New Networks Institute and audit director Tom Allibone of telecom customer advocacy group Teletruth. They are petitioning the FCC to investigate Verizon for perjury; the petition is available online and will be filed with the FCC tomorrow, Kushnick says. “Bottom line—We caught the culprit red-handed,” Kushnick and Allibone wrote. “It is an open and shut case. Verizon either did or did not tell the FCC that their entire current investment in fiber optics is based entirely on using the Title II [common carrier] classification. Or that the Verizon companies have made phone customers ‘de facto’ investors by using Title II... We allege that Verizon did deceive the FCC. These material misrepresentations taint every FCC decision and policy affecting Verizon’s regulatory status, but most importantly now the Open Internet [net neutrality] Proceeding.” Read 27 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
The Twitter and YouTube accounts belonging to the US Central Command were compromised on Monday by people who claimed they hacked sensitive US military PCs and leaked confidential material in support of the Islamic State. The compromised CENTCOM Twitter account contained graphics and text supporting the Islamic State in Iraq and Syria (ISIS), and it warned the US to expect more hacks. It was carried out by a person or group dubbed the CyberCaliphate. Central Command is one of nine unified commands in the US military. With its area of responsibility covering Afghanistan, Iraq, Syria, and Iran, it leads the US campaign against Islamic State extremists. Monday's attacks appeared to be carried out by the same group that earlier this month commandeered the Twitter accounts of CBS affiliate WBOC-TV and the Albuquerque Journal. At the time this post was being prepared, there was conflicting evidence supporting the claim that anything more than CENTCOM's Twitter and YouTube accounts were compromised. Files linked in a post on Pastebin contained what appeared to be rosters of US military personnel, including contact information for Army commands and retired Army generals. A separate series of documents, contained in a folder titled war-scenarios, showed PowerPoint slides that appeared to be related to war games exercises involving China, North Korea, and regions in Africa, Indonesia, and the Caspian. One slide in a file titled SOCOM_Africa_Scenario.ppt was dated January 12, 2015. It proposed a CIA operation in Congo and Southern Africa dubbed "Operation Cakewalk" to seize yellowcake uranium. CENTCOM officials confirmed the compromise of the social networking accounts but told CNN none of the leaked documents appeared to be classified. Read 2 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Just before trial, the lawyer for accused drug kingpin Ross Ulbricht has made an unusual request to the judge: don't let prosecutors read any online messages out loud. Ulbricht is accused of being the "Dread Pirate Roberts" and making about $80 million running a Bitcoin-powered Tor-only website called the Silk Road. The site famously let users buy and sell all types of illegal narcotics. Prosecutors are going to be making their cases with digital documents: private and public messages from Silk Road's internal system, as well as logs that Ulbricht allegedly kept on his laptop. Ulbricht's lawyer Joshua Dratel has said the jury should read that evidence to themselves, not hear the "Internet communications," which include "chats, forum posts, and e-mails," read out loud by others. Read 2 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
If you read some of the projections about what could happen if carbon emissions are allowed to continue unabated, they sound pretty grim: a meter of sea level rise, average temperatures in some regions rising by 9 degrees Celsius, and changes continuing on into the next century. But if you look at most economic analyses of climate change, the costs don't seem to really reflect those sorts of changes. A new paper in Nature Climate Change explains why that's the case, and it tries to suggest alternative ways of looking at the challenges. The study shows that, if the right corrections are applied to these models, then the cost of carbon set by the US government may be off by as much as a factor of 10. The impacts of future climate change are usually estimated using what are called integrated assessment models. In these models, temperature changes have an immediate impact on economic activity, accounting for things like lost crops, increased demand for cooling, and the cost of infrastructure improvements. These models, however, assume there's no permanent damage to the GDP; worker productivity and capital available for investments remains just as it was before any climate upset, as does what economists term the total factor productivity. In fact, one of the leading integrated assessment models simply allows labor and total factor productivity to be specified separately from anything that happens within the economy, while capital availability is only influenced by investment decisions made within the model. Read 9 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Life is Strange is an episodic, story-driven video game set to launch on PlayStation 3 and PlayStation 4 later this month. And as a way to promote the title, developers at Dontnod Entertainment launched a video developer diary series on Friday. The game's time-rewind adventure mechanic certainly lends itself well to such a diary, and that idea appears to be quite similar to Dontnod's other game, 2013's underrated Remember Me (albeit this time with a greater focus on the time-bending stuff). While describing the new game's touchy content—including topics like domestic violence and bullying—the team revealed a surprise about Life is Strange's development: it met a lot of resistance from almost all of its potential publishers due to the game starring a female character in the lead role. The video caption says it all! "Square Enix was the only publisher that didn't want us to change a single thing about the game," studio co-founder Jean-Maxime Moris said in the video. "We had other publishers telling us, 'make it a male lead character.' And Square Enix didn't even question that once." Read 6 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
In the wake of the recent terrorist attacks on French satirical magazine Charlie Hebdo, a number of European Union ministers have called for a new online tool that would enable “swift reporting of material that aims to incite hatred and terror and the condition of its removing, where appropriate/possible.” How exactly would this reporting take place? European officials don’t explain in their three-page Sunday statement, but one of the signatories was Gilles de Kerchove, the EU's Counter-Terrorism Coordinator. The Belgian official endorsed a 2013 quixotic EU-funded plan called CleanIT, which spent €400,000 ($473,000) to hold a bunch of meetings and produce a final report without creating anything concrete. And while CleanIT is not mentioned by name in the new statement, the reporting description sounds very much like it. Read 4 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Recently, there has been a lot of discussion about the current state of Apple's software quality. Anyone with even a passing familiarity with development knows that bugs are par for the course, and most people aren't bothered by small, day-to-day bugs that are fixed within a reasonable timeframe. Obviously, like everyone else, Apple's software has its share of those. But there's another category of bug—glaring, perplexing bugs that couldn't possibly have escaped the attention of the software engineers in question, let alone the quality assurance department. Such issues exist, and sometimes they go unfixed for months. Or years. Or ever. Hopefully, the set of network issues with OS X 10.10 described below won't fall into this column, but they do raise an obvious question: why? For 12 years, the mDNSResponder service managed a surprisingly large part of our Mac's networking, and it managed this task well. But as of OS X 10.10, the mDNSResponder has been replaced with discoveryd, which does the same thing. Mostly. Here are some strange networking problems we've observed since installing 10.10: Read 18 remaining paragraphs | Comments

Read More...
posted 14 days ago on ars technica
Apple announced its HomeKit smart home framework back at WWDC in June of 2014, but since then Apple has been relatively quiet about it. The company finalized the licensing requirements for its partners back in October, and the first certified wireless chips reportedly began going out in November, but there has been little official news. Some companies with HomeKit-enabled products were at CES last week, though, and they were able to reveal a few functional details. One of the things that HomeKit will enable is centralized control for multiple smart home devices, something you'll be able to do through apps and using Siri voice commands. If you want to issue voice commands while you're away from home, however, The Verge reports that you'll also need an Apple TV on your home network to work as a hub that will pass along those commands. This is, apparently, the only HomeKit-related reason why you'd need an Apple TV—you can still operate your devices remotely if you use an app, and you can use Siri to operate things if you're still in your house, but using Siri remotely will need a set-top box. HomeKit support was quietly added to the Apple TV back in the iOS 8.1 update (software version 7.0.1, using the Apple TV's numbering), but the company didn't make a big deal about it and it wasn't clear what its role in Apple's smart home ecosystem would be. The answer is apparently "not much," but HomeKit is still in its infancy and the box could see its capabilities expand as more devices and features join the ecosystem. Read 1 remaining paragraphs | Comments

Read More...
posted 14 days ago on ars technica
A new version of Silk Road has appeared on the darkweb, but it doesn't rely on Tor or Bitcoin. Silk Road Reloaded uses the little-known I2P anonymity network and accepts a range of cryptocurrencies including the meme-inspired Dogecoin. The site, which has no relation to the two previous versions of Silk Road, is one of a series of copycat marketplaces trying to tap into the lucrative online trade in drugs and other illegal items. Silk Road Reloaded has been in development for a year and can only be accessed using the I2P anonymity software. I2P, which has been around since 2003, works in a similar way to the more widely-used Tor network and hides what people are looking at online. Unlike conventional websites, all I2P sites ends in .i2p. A "clearnet" version of Silk Road Reloaded can also be accessed from normal browsers. Read 4 remaining paragraphs | Comments

Read More...
posted 14 days ago on ars technica
President Barack Obama is set to announce new legislation that aims to protect consumer privacy, student privacy, and offer enhanced protection of home energy usage data, among others. (Some of the new suggested policies were first put forth in 2012.) According to a White House Fact Sheet published Monday, the president will re-introduce the Personal Data Notification and Protection Act, which would establish a federal standard. At present, nearly all US states and territories have some similar form of notification but the conditions under which that law is triggered and how long businesses have varies. Under the new proposed federal standard, companies would have 30 days to notify their customers after they discover a breach. The president is also putting forth a new “Student Privacy Act,” which would require that data collected on students “is used only for educational purposes.” This proposed federal legislation, the White House notes, is modeled on California’s legislation, which was enacted in September 2014. Read 5 remaining paragraphs | Comments

Read More...
posted 14 days ago on ars technica
The Supreme Court on Monday asked the Obama administration for its views on an appeals court's conclusion that Oracle's Java Application Programming Interfaces are protected by copyright. The move (PDF) by the justices indicates that the high court is interested in the hotly contested intellectual property dispute. But whether the Supreme Court will enter the legal thicket won't be announced until after the administration responds in the coming months. The legal fracas started when Google copied certain elements—names, declaration, and header lines—of the Java APIs in Android, and Oracle sued. A San Francisco federal judge largely sided with Google in 2012, saying that the code in question could not be copyrighted. Read 13 remaining paragraphs | Comments

Read More...
posted 14 days ago on ars technica
We like to think that education changes people for the better, helping them critically analyze information and providing a certain immunity from disinformation. But if that were really true, then you wouldn't have low vaccination rates clustering in areas where parents are, on average, highly educated. Vaccination isn't generally a political issue. (Or, it is, but it's rejected both by people who don't trust pharmaceutical companies and by those who don't trust government mandates; these tend to cluster on opposite ends of the political spectrum.) But some researchers decided to look at a number of issues that have become politicized, such as the Iraq War, evolution, and climate change. They find that, for these issues, education actually makes it harder for people to accept reality, an effect they ascribe to the fact that "highly educated partisans would be better equipped to challenge information inconsistent with predispositions." The researchers looked at two sets of questions about the Iraq War. The first involved the justifications for the war (weapons of mass destruction and links to Al Qaeda), as well as the perception of the war outside the US. The second focused on the role of the troop surge in reducing violence within Iraq. At the time the polls were taken, there was a clear reality: no evidence of an active weapons program or links to Al Qaeda; the war was frowned upon overseas; and the surge had successfully reduced violence in the country. Read 7 remaining paragraphs | Comments

Read More...
posted 14 days ago on ars technica
(video link) It's no secret that the Ars staff doesn't get out much. We love computers and we love writing. We all work from home. Most of the time, we see little reason to pair writing and computers with getting out of our pajamas and putting on day clothes. So sending six of us to the Consumer Electronics Show in Las Vegas resulted in some sideshow gawking at a fascinating world filled with bright lights and people everywhere. In case you missed it, you can check out our coverage of all the robots we saw, or check out a fresh look at USB 3.1 and its corresponding Type-C connector (which will be reversible!). If you're a policy wonk, make sure you check out our exclusive one-on-one conversation with FTC Chairwoman Edith Ramirez, or if you're a networking wonk you can read about MU-MIMO coming to the 802.11ac wireless specification. And of course, don't forget our light bulb chat with Philips Hue, and our second look at the Virtuix Omni VR Treadmill. But if the words and pictures don't do it for you, here's a video of us on the show floor and out and about in Las Vegas. You'll see a little pinball, a couple drones, Lee winning big at a slot machine, Rocketskates, a 3D-printed dress, a massage chair that claims it's not a massage chair, a ton of wearables, a fleet of smart cars, oh, so many smart cars, and a couple of slow motion shots of us walking. We're all really good at walking. Spoiler alert: at the very end we get into a limo. There's a quick clip there, but as they say: what happens in Vegas stays in Vegas. (Okay, a hint: it had to do with shouting out of a moon roof.) Read on Ars Technica | Comments

Read More...
posted 14 days ago on ars technica
Exploring a volcano's innards is definitely a task that man isn't up to. So researchers at NASA's Jet Propulsion Laboratory in Pasadena, California, have invented a robot that will be able to dive inside and explore its fissures. Dubbed "VolcanoBot 1," this geological trooper was inspired by JPL postdoctoral fellow Carolyn Parcheta's longtime fascination with volcanoes. Recalling a pivotal moment when she witnessed a researcher take a lava sample on a science TV program video in school, Parcheta vowed that she'd do something similar one day. Driven by this desire to glean more insights into these fascinating and dangerous geological features, Parcheta said that although there are simplified models around, no one knows exactly how volcanoes erupt. Read 6 remaining paragraphs | Comments

Read More...
posted 15 days ago on ars technica
The man accused of running the Silk Road, the Internet's biggest drug market, is about to get his day in court. Prosecutors and defense lawyers are already poring over juror questionnaires, and a panel of New York citizens will be selected on Tuesday. There still isn't much that's been made public about how the trial will proceed. Whatever happens, the trial, expected to last at least four weeks, is sure to reveal more about the dark corners of the so-called "Darknet" and the authorities' efforts to master it. Ross Ulbricht, the 30-year-old Texan who prosecutors say was the mastermind of the drug trafficking website, has remained steadfast in his innocence since his arrest more than a year ago. Barring a last-minute deal, his fate will soon be in the hands of a jury. If convicted, he faces decades in prison. Read 28 remaining paragraphs | Comments

Read More...