posted 12 days ago on ars technica
This story originally ran on the TLDR blog from WNYC's On The Media. Alex Goldman is the co-host of the TLDR Podcast. You can read the TLDR blog here. Until earlier this week, it's likely that most Internet users had never heard of OpenSSL. But thanks to the Heartbleed bug, which put all manner of usernames and passwords at risk, the OpenSSL project is coming under some serious scrutiny. To understand how the Heartbleed bug happened, it's important to understand how the OpenSSL project works. The OpenSSL project has been around since 1998. Since the project is open source, it is an informal group comprised primarily of about a dozen members throughout the world, most of whom have day jobs, and some of whom work on a volunteer basis. Being open source, the OpenSSL project's code has always been public facing. Any person could download it and modify it or implement it in their own software. Read 6 remaining paragraphs | Comments

Read More...
posted 12 days ago on ars technica
The Windows 8.1 Update that introduces a bunch of interface changes to Windows 8.1 is designed to enhance the experience of mouse and keyboard users, but what about the growing number of happy touch users? About 40 percent (and increasing) of PCs available at retail have a touchscreen (compared to just 4 percent when Windows 8 launched), and for the most part, their buyers enjoy how they work. With touch interfaces a growing part of the Windows ecosystem, Microsoft didn't want to make the touch experience worse. While many desktop users may want their systems to boot straight to the desktop, this is unlikely to be a popular option for tablet users. Touch laptop users could easily go either way. Microsoft's goal, therefore, was to pick a sensible default based on the kind of system being used. The way the update does this is based on something called the power platform role, a setting found in the computer's firmware specified by the manufacturer. For Windows PCs, it will typically be "desktop," "mobile," or "slate," for desktops, laptops, and tablets, respectively. Read 9 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Lee Hutchinson Lines were forming outside the Boston convention center well before the doors opened, because...PAX. 52 more images in gallery .related-stories { display: none !important; } Read on Ars Technica | Comments

Read More...
posted 13 days ago on ars technica
Associated Press On Friday, the two American journalists primarily responsible for publishing the Edward Snowden documents arrived safely in the United States for the first time in nearly a year. Given their prominent role in making public the previously secret documents, many feared that Glenn Greenwald and Laura Poitras had indictments under seal and might be detained upon arrival on American soil. According to a tweet by Ted Shaffrey, a video journalist for the Associated Press, Greenwald and Poitras landed at New York’s JFK airport today. Greenwald has lived in Brazil with his partner, David Miranda, for years, and Poitras lives in Berlin. As a result of her filmmaking and journalism prior to Snowden, Poitras had been stopped about 40 times over the past six years. Read 8 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Screen shot from http://lmgtfy.com/ A government agency that sells information to the federal bureaucracy that is often available for free over the Internet or elsewhere is the subject of proposed federal legislation. The bill's authors believe the National Technical Information Service's practice of selling government documents to other federal agencies is wasteful and should be ended. Sen. Tom Coburn (R-OK) and Sen. Claire McCaskill (D-MO) named the “Let Me Google That For You Act" after the sarcastic website that teaches users how to use Google's search engine. According to the legislation, "No Federal agency should use taxpayer dollars to purchase a report from the National Technical Information Service that is available through the Internet for free." Read 2 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
From left to right—Tom Petersen, Chris Roberts, Matt Higby, and panel moderator Evan Lahti (US editor-in-chief of PC Gamer). Palmer Luckey isn't pictured because he's behind Lahti. Lee Hutchinson BOSTON, MA—A four-person panel consisting of industry figures Palmer Lucky, founder of Oculus VR; Matt Higby, creative director of PlanetSide 2; Chris Roberts, grandfather of space combat simulations and Star Citizen creator; and Tom Petersen, director of technical marketing for Nvidia, faced down a packed room this afternoon at Boston's PAX East conference to answer questions about the PC as a platform—where it's been, where it's going, and why it's still not just a big deal, but possibly the biggest deal of all. The panel delved into a number of specific points for the crowded room, but the key idea—and one that they kept reiterating throughout most of the questions asked—is that PC gaming has always been a huge market presence. Even as major computer OEMs produce numbers showing falling sales, the PC as a platform (and especially a gaming platform) actually shows strong aggregate growth. It's hard to directly measure this kind of thing, but Nvidia's Tom Petersen pointed out that the company's sales of OEM and aftermarket video cards are strong and are getting stronger—especially its enthusiast-targeted GTX cards. The panel moderator (PC Gamer US Editor-in-Chief Evan Lahti) asked if cloud gaming might have something to do with the bolstering PC gaming numbers. Petersen agreed that could be the case (as expected from Nvidia, which has its own burgeoning cloud gaming rendering service). However, Chris Roberts had a different take. Read 16 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Amazon You can't keep a good rumor down: according to "people briefed on the company's plans," Amazon is planning to announce a phone that will join its Kindle line of tablets and its new Fire TV set top box when it launches in September. The Wall Street Journal reports that Amazon has been showing prototypes of the phone to developers in San Francisco and Seattle. To differentiate its handset from Apple and the various Android handset makers, Amazon will reportedly incorporate a glasses-free 3D display into the phone. Rather than a stereoscopic display that requires the user to hold his or her head in a fixed position à la Nintendo's 3DS, Amazon's phone will reportedly use various retina-tracking "cameras, or sensors" to make the 3D effect more consistent and versatile. This is just the latest in a long string of rumors about an Amazon smartphone. Back in September of 2013, the company was said to be working on a phone that would be offered for free without a contract. Those rumors were later debunked, but only partially—an Amazon spokesman said the company had no plans to offer a phone in 2013, but he didn't talk about Amazon's long-term plans. In March of 2014, The Information published another story that said an Amazon phone codenamed "Project Aria" would launch later this year and that Amazon was in talks with hardware partners to make it happen. The new report doesn't mention the potential cost of the new glasses-free 3D phone, but it's possible that Amazon will undercut its competition to expand its reach, as it does with the current Kindle Fire tablets. Read on Ars Technica | Comments

Read More...
posted 13 days ago on ars technica
ocal There's an undeniable second boom underway in the tech sector, and the consequences, both positive and negative, are rippling throughout the San Francisco Bay Area with special force. Protests that focused on the negative effects of tech companies, most prominently those protests against the buses that bring employees to work, have been held repeatedly in recent months. But the demonstrations are becoming increasingly personal. This morning, protestors who say they're being evicted by a Google lawyer protested in front of the property he owns. Read 12 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Nine people connected to the "Zeus" malware have been indicted, federal officials announced Friday as they declared the code "one of the most damaging pieces of financial malware that has ever been used." An indictment (PDF) unsealed Friday charges nine people, most of them from the Ukraine. Two defendants—Yuriy Konovalenko, 31, and Yevhen Kulibaba, 36—were extradited to the United States and hauled Friday into Nebraska federal court, where the charges were unsealed. Most of the others remain at large. The authorities said the defendants used Zeus to hijack account numbers, passwords, personal identification numbers, RSA SecureID token codes, and other data needed to illegally log in to online banking accounts, netting the defendants "millions of dollars." Prosecutors said they were responsible for "infecting thousands of business computers with malicious software." Read 4 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Citing two anonymous sources “familiar with the matter,” Bloomberg News reports that the National Security Agency has known about Heartbleed, the security flaw in the OpenSSL encryption software used by a majority of websites and a multitude of other pieces of Internet infrastructure, for nearly the entire lifetime of the bug—“at least two years.” The sources told Bloomberg that the NSA regularly used the flaw to collect intelligence information, including obtaining usernames and passwords from targeted sites. As Ars reported on April 9, there have been suspicions that the Heartbleed bug had been exploited prior to the disclosure of the vulnerability on April 5. A packet capture provided to Ars by Terrence Koeman, a developer based in the Netherlands, shows malformed Transport Security Layer (TSL) Heartbeat requests that bear the hallmarks of a Heartbleed exploit. Koeman said the capture dates to November of last year. But if the NSA has been exploiting Heartbleed for “at least two years,” the agency would have needed to discover it not long after the code for the TLS Heartbeat Extension was added to OpenSSL 1.0.1, which was released on March 14, 2012. The first “beta” source code wasn’t available until January 3, 2012. Read 2 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Intel Free Press In a speech delivered Thursday before the United Nations General Assembly, the United States’ ambassador said that she's co-sponsoring a new resolution that would lead to more global restrictions on texting while driving. “Worldwide, six out of seven people have access to cell phones, and more than a billion cars are on the road,” Ambassador Samantha Power said. “In crowded conditions, with narrow roads and poor infrastructure, bicyclists and pedestrians are at particular risk. Too many drivers simply don’t understand the danger of taking their eyes, even briefly, from the road. And while drinking is episodic, the use of handheld devices is chronic. No one should die—or kill—because of a text message.” Read 4 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
The AGU Earth was still a violent place shortly after life began, with regular impactors arriving from space. For the first time, scientists have modeled the effects of one such violent event—the strike of a giant asteroid. The effects were so catastrophic that, along with the large earthquakes and tsunamis it created, this asteroid may have also set continents into motion. The asteroid to blame for this event would have been at least 37km in diameter, which is roughly four times the size of the asteroid that is alleged to have caused the death of dinosaurs. It would have hit the surface of the Earth at the speed of about 72,000kph and created a 500km-wide crater. At the time of the event, about 3.26 billion years ago, such an impact would have caused 10.8 magnitude earthquakes—roughly 100 times the size of the 2011 Japanese earthquake, which is among the biggest in recent history. The strike would have thrown vaporized rock into the atmosphere, which would have encircled the globe before condensing and falling back to the surface. During the debris re-entry, the temperature of the atmosphere would have increased and the heat wave would have caused the upper oceans to boil. Read 10 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
An Amazon warehouse under construction. bloodymonday Amazon has instituted a new program where it offers its own employees thousands of dollars to leave the company. But it doesn't want them to take the money. According to CEO Jeff Bezos, the offer is a tactic to ensure the company's employees want to work there, but his program differs significantly from the Zappos one it's compared to. In a letter to shareholders issued Thursday, Bezos said that the program is inspired by the Amazon-owned Zappos, which has long offered its employees money to quit in order to weed out the ones who don't value the Zappos mission above a few thousand dollars. Back in 2008, Zappos said 97 percent of its employees did not take the offer to quit. However, Zappos' program differs slightly in that it only offers the money to customer service employees, enticing them to quit with $3,000 after a four-week training program and one week of work. Read 7 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Another Promise via South China Morning Post Workers in Samsung semiconductor plants who have developed cancer are fighting their former employer—and their government—for compensation. Their fight has become a very public controversy in Korea, where two new movies tell the stories of young female workers who got cancer while working in Samsung chip factories. The workers' families have been trying to use Korean courts to obtain compensation for seven years without success. The story of those workers, and the unprecedented public debate about the dark side of Samsung, is detailed in a feature story published today by Bloomberg Businessweek. As the story notes, many Koreans "revere" Samsung Group, as its companies contribute a stunning 24 percent of their nation’s GDP. In 1961, South Korea was a war-torn country with a GDP less than Sudan or Sierra Leone. Today it’s the world’s 15th-largest economy. Read 10 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Self-portrait by Weev A federal appeals court Friday reversed and vacated the conviction and sentence of hacker and Internet troll Andrew "weev" Auernheimer. The case against Auernheimer, who has often been in solitary confinement for obtaining and disclosing personal data of about 140,000 iPad owners from a publicly available AT&T website, was seen as a test case on how far the authorities could go under the Computer Fraud and Abuse Act, the same law that federal prosecutors were invoking against Aaron Swartz. But, in the end, the Third U.S. Circuit Court of Appeals didn't squarely address the controversial fraud law and instead said Aeurnheimer was charged in the wrong federal court. Read 4 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Google Chrome 35, released to the beta channel yesterday, has a bunch of new developer features for creating "richer, more compelling web content and apps, especially for mobile devices," Google said yesterday. The new features provide more control over touch and zoom input. Google software engineer Rick Byers explains: The touch-action CSS property offers developers a declarative mechanism to selectively disable touch scrolling, pinch-zooming, or double-tap-zooming on parts of their web content. Use cases include precise control over the dreaded 300ms click delay on mobile, reliable side-swipe UIs, and high-fidelity polyfills of Pointer Events. It’s also a prerequisite for future optimizations to enable scrolling and zooming that never block on the main thread. Also new in this release, web content on desktop computers will now receive mouse scroll wheel events with the ctrlKey modifier set. There are many sites that want to do something more appropriate for the user than trigger browser zoom. For example, when a user holds control and scrolls over a map in Google Maps, they almost certainly want to zoom in on the map, not invoke browser zoom to zoom the page. This change will enable such a use case. Chrome 35 also brings Unprefixed Shadow DOM (document object models), which Google says improves upon the prefixed implementation first made available in Chrome 25. This move was initially controversial because Google announced its intent to ship the feature before all the parts even had a draft specification, much less a stable recommendation. "I'm left with the conclusion that these [features] are entirely undefined. I'm really surprised the Chrome team intends to ship these enabled by default in production," Apple Senior Web Technology Engineer Edward O'Connor wrote in February in a World Wide Web Consortium discussion. Read 3 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Samsung Samsung loves to pack its phones with tons of software features, but one that customers won't get to see almost anywhere in the US is the new "Download Booster," which combines a user's Wi-Fi and LTE connection to speed up downloads. US carriers aren't overly fond of anything that might increase customers' data usage unless they can charge extra for it, so three out of the four major carriers have removed Download Booster from their devices. Between reports from Android Police and FierceWirelessTech, we have confirmation that AT&T, Sprint, and Verizon have all shipped the S5 without the feature. AT&T was quoted by FierceWirelessTech as saying, "We are evaluating Samsung's download booster feature. We thoroughly test new software, features, and functionality to ensure that it meets our standards for a quality user experience." We've seen many carriers step in to disable features they don't like. The most common example is putting a paywall in between a user and the mobile hotspot feature built into most mobile OSes or disabling video chat over the cellular connection. Still, it's been a while since we've seen an ISP exert such a high amount of control over the devices they sell. Read 1 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
The VAIO Flip 13, a larger version of the laptop that's being recalled. Andrew Cunningham Back in February, Sony announced that it was getting out of the PC game: its spring 2014 VAIO PCs would be the last the company would design and sell. Sony's PC business will be sold to Japan Industrial Partners, which will scale back its global distribution network to focus on the Japanese market. Sony's laptops themselves have apparently decided to go out with a bang, not a whimper. The Wall Street Journal reports that batteries in Sony's Fit 11A convertible laptops "could overheat and catch fire." For now, Sony is telling affected users to "immediately discontinue use" of the laptops and that it will begin a repair-and-replacement program within the next two weeks. The batteries in question were manufactured by Panasonic, which insists that the flaw is unique to the batteries used in the Fit 11A. Panasonic says it creates custom batteries for each OEM that asks for them, and that it hasn't heard complaints from its other customers. What's really striking is just how few of these laptops are out there creating a fire hazard. The figures provided to the Journal indicate that just 25,905 VAIO Fit laptops have been sold to customers since they went on sale in February: "3,600 ... in Japan, 2,000 in China, 7,000 in Europe, 5,600 in Latin America, and 500 in the US." For reference, Gartner says that all PC OEMs combined sold about 76.6 million PCs worldwide in the first quarter of 2014. With sales like that, it's no wonder that Sony is getting out of the business. Read on Ars Technica | Comments

Read More...
posted 13 days ago on ars technica
Heartbleed.com The software developer who inserted a major security flaw into OpenSSL has said the error was "quite trivial" despite the severity of its impact, according to a new report. The Sydney Morning Herald published an interview today with Robin Seggelmann, who added the flawed code to OpenSSL, the world's most popular library for implementing HTTPS encryption in websites, e-mail servers, and applications. The flaw can expose user passwords and potentially the private key used in a website's cryptographic certificate (whether private keys are at risk is still being determined). The Herald reports: Read 4 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
Image by Florian Muijres Have you ever felt frustrated after repeated attempts to swat a buzzing insect have failed? You’ve slapped yourself and the table many times, yet the fly continues to taunt you? Flies’ impressive agility inspired a team of scientists from the University of Washington worked with some aerospace engineers at the Delft University of Technology to carefully study the biomechanics of how the insects execute their evasive maneuvers. They discovered that to avoid looming predators or human swatting, fruit flies can rapidly make banked turns, executing them far faster than their regular flight movements. To study fruit fly flying technique, they constructed a test environment with high-speed cameras capable of recording 7,500 frames per second. The testing area was lit with LED lights that could be triggered to create a dark, expanding circle that the flies would interpret as a looming predator. The scientists filmed almost 100 trials in this setup, which included 3,655 individual wing beats. A special vision-tracking system analyzed the images, studying the position of the flies' body and wings separately. It measured flight speed, acceleration, and three angular measurements of body and wing position. Read 7 remaining paragraphs | Comments

Read More...
posted 13 days ago on ars technica
On April 9, Juniper Networks issued a security advisory for users of version 7 of its Secure Access SSL VPN (IVEOS) because of its vulnerability to the OpenSSL Heartbleed exploit, an attack that could expose user data through malicious use of the Transport Layer Security "Heartbeat" extension. This morning, the company added a number of other VPN and switch products to its  security advisory, including the most recent release of the Junos OS and its Junos Pulse and IVEOS SSL virtual private networks. "We are working around the clock to provide fixed versions of code for our affected products," the company's security team said in the advisory. The affected products are: Read 2 remaining paragraphs | Comments

Read More...
posted 14 days ago on ars technica
John Taylor, Flickr An attack on Silicon Valley telephone lines and an electric grid that took out transformers and fiber-optic cables remains unsolved a year after the nighttime raid that a federal official has decried as an act of terrorism. The Federal Bureau of Investigation said Thursday it was still probing the April 16 attack, which happened a day after the Boston Marathon bombings. AT&T fiber-optic cables were snipped and sniper bullets destroyed 17 Pacific Gas & Electric transformers, disrupting service to the valley. At the time, the response from the Federal Energy Regulatory Commission was haphazard at best. Among other things, the agency released to federal and industry officials a document outlining exact areas where the nation's grid is susceptible to a terrorist attack. The commission's chairwoman Cheryl LaFleur told a congressional hearing on Thursday that it was taking steps so it would not make the same mistake it did following the Silicon Valley attack. Read 2 remaining paragraphs | Comments

Read More...
posted 14 days ago on ars technica
The Samsung Galaxy S5 is water and fish proof—we tested. Ron Amadeo Samsung's newest flagship is finally here. With the Galaxy S5, Samsung hopes to break out of the boring spec-bump-style upgrade that the company said hindered sales of the Galaxy S4. While the design is mostly the same (and we might say a little worse), Samsung's solution to consumer indifference is a boatload of extra features. With the S5, Samsung added things like a fingerprint scanner, a heart rate monitor, and water resistance. A spec bump also happened of course—just about every number on the spec sheet is bigger than it was last year. The S5 has a faster Snapdragon 801 processor, a better camera, better Wi-Fi, and a display that is both brighter in sunlight and dimmer in darkness. Design The Galaxy S5 (left) versus the Galaxy S4 (right). The S5 bezels need to go on a diet. Specs at a glance: Samsung Galaxy S5 Screen 1920×1080 5.1"(432 ppi) AMOLED OS Android KitKat 4.4.2 with Touchwiz CPU 2.5GHz quad-core Snapdragon 801 RAM 2GB GPU Adreno 330 Storage 16GB or 32GB, with MicroSD slot Networking Dual Band 802.11b/g/n/ac, Bluetooth 4.0, GPS Ports Micro USB 3.0, headphones Camera 16MP rear camera with Phase Detection AF, 2MP front camera, Size 142.0mm x 72.5mm x 8.1mm Weight 145g Battery 2800 mAh Starting price $200 on contract, $649 unlocked Other perks RBG notification LED, IrLED, NFC The Galaxy S5 is actually a little bigger than the S4. It's 5.4mm taller, 2.7mm wider, and 0.2mm thicker. Samsung used this extra space to bump the display up to a 5.1-inch, 1080p AMOLED, slightly larger than the 4.99-inch display in the S4. The screen size increase didn't keep pace with the bigger body though. In a world where bezels are constantly shrinking and OEMs like LG are touting the screen-to-bezel ratio on their devices, Samsung took a step backward. The company made the side bezels thicker and the top and bottom of the device taller. If the image above wasn't labeled, you would think the S4 (the one on the right) was the newer device. Read 39 remaining paragraphs | Comments

Read More...
posted 14 days ago on ars technica
Kim Dotcom living large in happier times. Photograph by Handout Just three days after the Motion Picture Association of America brought a civil lawsuit against Megaupload, the Recording Industry Association of America has jumped in with its own case. In addition to the existing criminal copyright infringement case being prosecuted by the Justice Department in the Eastern District of Virginia, the Thursday lawsuit now brings to three the number of lawsuits filed against Megaupload founder Kim Dotcom and his colleagues. Dotcom and the others were initially arrested in a botched January 2012 raid on his mansion estate in New Zealand. He has since been fighting local authorities to prevent his extradition to the United States—that trial could be held as early as July. Read 13 remaining paragraphs | Comments

Read More...
posted 14 days ago on ars technica
Cisco has issued a security bulletin for customers about the Heartbleed bug in the OpenSSL cryptography code, and it’s not about Web servers. So far, the company has unearthed 11 products and 2 services susceptible to attack through the vulnerability, which can be used to retrieve random bits of content from an attacked device’s memory. Cisco’s IOS XE operating system for network hardware is one of the higher-profile products on the company's list. Cisco has already patched the two services—Cisco’s Registered Envelope Service (CRES) and Webex Messenger Service—that were deemed vulnerable. Most of the remaining products on Cisco's list are connected to the company’s collaboration products, such as its UCS unified messaging platform. They also include IP telephones, communications servers, and messaging systems: Cisco AnyConnect Secure Mobility Client for iOS Cisco Desktop Collaboration Experience DX650 Cisco Unified 7800 series IP Phones Cisco Unified 8961 IP Phone Cisco Unified 9951 IP Phone Cisco Unified 9971 IP Phone Cisco TelePresence Video Communication Server (VCS) Cisco IOS XE Cisco UCS B-Series (Blade) Servers Cisco UCS C-Series (Stand alone Rack) Servers Cisco Unified Communication Manager (UCM) 10.0 Cisco Registered Envelope Service (CRES) Cisco Webex Messenger Service The list isn’t yet complete—the company is still investigating whether over 60 additional products, including other versions of the IOS operating system and other network hardware, are vulnerable. Read on Ars Technica | Comments

Read More...