United States

Americans Plan Massive 'Net Neutrality' Protest Next Week (theguardian.com) 105

An anonymous reader quotes the Guardian: A coalition of activists, consumer groups and writers are calling on supporters to attend the next meeting of the Federal Communications Commission on September 26 in Washington DC. The next day, the protest will move to Capitol Hill, where people will meet legislators to express their concerns about an FCC proposal to rewrite the rules governing the internet... The activist groups are encouraging internet users to meet their lawmakers and tell them how a free and open internet is vital to their lives and their livelihoods...

"The FCC seems dead set on killing net neutrality, but they have to answer to Congress, and Congress has to answer to us, their constituents," said Evan Greer, campaign director for Fight for the Future, one of the protest's organisers. "With this day of advocacy, we're harnessing the power of the web to make it possible for ordinary internet users to meet directly with their senators and representatives to tell their stories, and make sure that lawmakers hear from the public, not just lobbyists for AT&T and Verizon," she said.

Monday Mozilla and the Internet Archive are also inviting the public to a free panel discussion featuring former FCC Chairman Tom Wheeler on ways the American public can act to preserve net neutrality.
Security

Security.txt Standard Proposed, Similar To Robots.txt (bleepingcomputer.com) 84

An anonymous reader writes: Ed Foudil, a web developer and security researcher, has submitted a draft to the IETF — Internet Engineering Task Force — seeking the standardization of security.txt, a file that webmasters can host on their domain root and describe the site's security policies. The file is akin to robots.txt, a standard used by websites to communicate and define policies for web and search engine crawlers...

For example, if a security researcher finds a security vulnerability on a website, he can access the site's security.txt file for information on how to contact the company and securely report the issue. According to the current security.txt IETF draft, website owners would be able to create security.txt files that look like this:

#This is a comment
Contact: security@example.com
Contact: +1-201-555-0123
Contact: https://example.com/security
Encryption: https://example.com/pgp-key.tx...
Acknowledgement: https://example.com/acknowledg...
Disclosure: Full

Youtube

PewDiePie Is Inexcusable But DMCA Takedowns Are Not the Way To Fight Him (vice.com) 496

An anonymous reader quotes a report from Motherboard: Felix Kjellberg, better known as PewDiePie, is the most popular YouTuber in the world. He's gotten himself into another controversy, this time for shouting the n-word while livestreaming a video game. The 27-year-old Swede has repeatedly been criticized for hate speech, and just last month said he would no longer make Nazi jokes after a white supremacist rally in Charlottesville, Virginia turned violent. But while playing PlayerUnknown's Battlegrounds on Sunday, Kjellberg, who has over 57 million subscribers on YouTube, called another player the n-word before erupting into laughter. "What a fucking n****r," he said. "Jeez, oh my god. What the fuck? Sorry, but what the fuck? What a fucking asshole. I don't mean that in a bad way." Kjellberg did not immediately respond to a request for comment, and has yet to publicly acknowledge the incident.

In response to Kjellberg's use of a racial slur, a number of video game players and developers have condemned the creator. Sean Vanaman, the co-founder of video game company Campo Santo, decided to use copyright law to push back against Kjellberg. On Twitter, he said he was filing a Digital Millennium Copyright Act (DMCA) takedown request against the famous YouTuber regarding a video in which Kjellberg plays Campo Santo's game Firewatch. There are compelling reasons to [remove hate speech from major internet platforms] by any means necessary, but DMCA overreach is among the least compelling options, considering that it unilaterally puts power into the hands of what are essentially uninvolved parties and allows for little arbitration or defense on the part of those who have their content removed.

Security

ISPs Claim a Privacy Law Would Weaken Online Security, Increase Pop-Ups (arstechnica.com) 86

An anonymous reader quotes a report from Ars Technica: The country's biggest Internet service providers and advertising industry lobby groups are fighting to stop a proposed California law that would protect the privacy of broadband customers. AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups urged California state senators to vote against the proposed law in a letter Tuesday. The bill would require Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. California lawmakers could vote on the bill Friday of this week, essentially replicating federal rules that were blocked by the Republican-controlled Congress and President Trump before they could be implemented. The text and status of the California bill, AB 375, are available here.

The letter claims that the bill would "lead to recurring pop-ops to consumers that would be desensitizing and give opportunities to hackers" and "prevent Internet providers from using information they have long relied upon to prevent cybersecurity attacks and improve their service." The Electronic Frontier Foundation picked apart these claims in a post yesterday. The proposed law won't prevent ISPs from taking security measures because the bill "explicitly says that Internet providers can use customer's personal information (including things like IP addresses and traffic records) 'to protect the rights or property of the BIAS [Broadband Internet Access Service] provider, or to protect users of the BIAS and other BIAS providers from fraudulent, abusive, or unlawful use of the service,'" EFF Senior Staff Technologist Jeremy Gillula wrote.

Safari

Every Major Advertising Group Is Blasting Apple for Blocking Cookies in the Safari Browser (adweek.com) 442

The biggest advertising organizations say Apple will "sabotage" the current economic model of the internet with plans to integrate cookie-blocking technology into the new version of Safari. Marty Swant, reporting for AdWeek: Six trade groups -- the Interactive Advertising Bureau, American Advertising Federation, the Association of National Advertisers, the 4A's and two others -- say they're "deeply concerned" with Apple's plans to release a version of the internet browser that overrides and replaces user cookie preferences with a set of Apple-controlled standards. The feature, which is called "Intelligent Tracking Prevention," limits how advertisers and websites can track users across the internet by putting in place a 24-hour limit on ad retargeting. In an open letter expected to be published this afternoon, the groups describe the new standards as "opaque and arbitrary," warning that the changes could affect the "infrastructure of the modern internet," which largely relies on consistent standards across websites. The groups say the feature also hurts user experience by making advertising more "generic and less timely and useful."
Businesses

Two Ex-Googlers Want To Make Bodegas And Mom-And-Pop Corner Stores Obsolete (fastcompany.com) 340

Elizabeth Segran, writing for FastCompany: While it sometimes feels like we do all of our shopping on the internet, government data shows that actually less than 10% of all retail transactions happen online. In a world where we get our groceries delivered in just two hours through Instacart or Amazon Fresh, the humble corner store -- or bodega, as they are known in New York and Los Angeles -- still performs a valuable function. No matter how organized you are, you're bound to run out of milk or diapers in the middle of the night and need to make a quick visit to your neighborhood retailer. Paul McDonald, who spent 13 years as a product manager at Google, wants to make this corner store a thing of the past. Today, he is launching a new concept called Bodega with his cofounder Ashwath Rajan, another Google veteran. Bodega sets up five-foot-wide pantry boxes filled with non-perishable items you might pick up at a convenience store. An app will allow you to unlock the box and cameras powered with computer vision will register what you've picked up, automatically charging your credit card. The entire process happens without a person actually manning the "store." Bodega's logo is a cat, a nod to the popular bodega cat meme on social media -- although if the duo gets their way, real felines won't have brick-and-mortar shops to saunter around and take naps in much longer. "The vision here is much bigger than the box itself," McDonald says. "Eventually, centralized shopping locations won't be necessary, because there will be 100,000 Bodegas spread out, with one always 100 feet away from you."
Security

Backdoor Found In WordPress Plugin With More Than 200,000 Installations (bleepingcomputer.com) 82

According to Bleeping Computer, a WordPress plug that goes by the name Display Widgets has been used to install a backdoor on WordPress sites across the internet for the past two and a half months. While the WordPress.org team removed the plugin from the official WordPress Plugins repository, the plugin managed to be installed on more than 200,000 sites at the time of its removal. The good news is that the backdoor code was only found between Display Widgets version 2.6.1 (released June 30) and version 2.6.3 (released September 2), so it's unlikely everyone who installed the plugin is affected. WordPress.org staff members reportedly removed the plugin three times before for similar violations. Bleeping Computer has compiled a history of events in its report, put together with data aggregated from three different investigations by David Law, White Fir Design, and Wordfence. The report adds: The original Display Widgets is a plugin that allowed WordPress site owners to control which, how, and when WordPress widgets appear on their sites. Stephanie Wells of Strategy11 developed the plugin, but after switching her focus to a premium version of the plugin, she decided to sell the open source version to a new developer who would have had the time to cater to its userbase. A month after buying the plugin in May, its new owner released a first new version -- v2.6.0 -- on June 21.
Iphone

iPhone 8 and iPhone X Will Support Fast Charging, But Only If You Buy a New USB-C Charger (9to5mac.com) 139

One little detail Apple didn't mention at its event in Cupertino, California yesterday was the fact that the new iPhones will support fast charging. According to the official tech specs page, the new iPhones can recharge up to 50 percent of their battery life in a 30-minute charge. The catch? You have to use a USB-C charger and Lightning cable (sold separately). 9to5Mac reports: iPhone 8 battery life is roughly equivalent to the iPhone 7 and iPhone 7 Plus. On a full charge, expect up to 12 hours of internet usage on iPhone 8 and iPhone X, with up to 13 hours on iPhone 8 Plus. With a 50% quick charge in 30 minutes, you are effectively gaining hours of additional battery life during the day, even if you only plug in for a short period. However, to take advantage of fast-charging, you cannot use the Lightning to USB-A cable that is bundled in the box. Fast charging requires a USB-C to Lightning cable and the USB-C wall charger. More specifically, one of three USB-C wall chargers. Apple sells 29W, 61W and 87W variants of its USB-C power adapters. Prices range from $49 to $79. Apple doesn't break out specific numbers on how each model affects charging times, it's not clear if the cheapest 29W model can achieve the advertised 50% recharge in 30 minutes.
Communications

Study Finds That Banning Trolls Works, To Some Degree (vice.com) 340

An anonymous reader quotes a report from Motherboard: On October 5, 2015, facing mounting criticism about the hate groups proliferating on Reddit, the site banned a slew of offensive subreddits, including r/Coontown and r/fatpeoplehate, which targeted Black people and those with weight issues. But did banning these online groups from Reddit diminish hateful behavior overall, or did the hate just spread to other places? A new study from the Georgia Institute of Technology, Emory University, and University of Michigan examines just that, and uses data collected from 100 million Reddit posts that were created before and after the aforementioned subreddits were dissolved. Published in the journal ACM Transactions on Computer-Human Interaction, the researchers conclude that the 2015 ban worked. More accounts than expected discontinued their use on the site, and accounts that stayed after the ban drastically reduced their hate speech. However, studies like this raise questions about the systemic issues facing the internet at large, and how our culture should deal with online hate speech. First, the researchers automatically extracted words from the banned subreddits to create a dataset that included hate speech and community-specific lingo. The researchers looked at the accounts of users who were active on those subreddits and compared their posting activity from before and after those offensive subreddits were banned. The team was able to monitor upticks or drops in the hate speech across Reddit and if that speech had "migrated" to other subreddits as a result.
EU

EU Set To Demand Internet Firms Act Faster To Remove Illegal Content (reuters.com) 60

Companies including Google, Facebook and Twitter could face European Union laws forcing them to be more proactive in removing illegal content if they do not do more to police what is available on the Internet. From a report: The European Union executive outlines in draft guidelines reviewed by Reuters how Internet firms should step up efforts with measures such as establishing trusted flaggers and taking voluntary measures to detect and remove illegal content. Proliferating illegal content, whether because it infringes copyright or incites terrorism, has sparked heated debate in Europe between those who want online platforms to do more to tackle it and those who fear it could impinge on free speech. The companies have significantly stepped up efforts to tackle the problem of late, agreeing to an EU code of conduct to remove hate speech within 24 hours and forming a global working group to combine their efforts remove terrorist content from their platforms.
Facebook

The Fake News Machine: Inside a Town Gearing Up for 2020 (cnn.com) 224

CNN has a story on Veles, riverside town in Macedonia, which back in the day was known to make porcelain for the whole of Yugoslavia. But now, as an investigation by the news outlet has found, it makes fake news. Veles has become home to dozens of website operators who churn out bogus stories designed to attract the attention of Americans. Each click adds cash to their bank accounts. From the report: The scale is industrial: Over 100 websites were tracked here during the final weeks of the 2016 U.S. election campaign, producing fake news that mostly favored Republican candidate for President Donald Trump. One of the shadowy industry's pioneers is a soft-spoken law school dropout. Worried that his online accounts could be shut down, the 24-year-old asked to be known only as Mikhail. He takes on a different persona at night, prowling the internet as "Jesica," an American who frequently posts pro-Trump memes on Facebook. The website and Facebook page that "Jesica" runs caters to conservative readers in the U.S. The stories are political -- and often wrong on the facts. But that doesn't concern Mikhail. "I don't care, because the people are reading," he said. "At 22, I was earning more than someone [in Macedonia] will ever learn in his entire life." He claims to have earned up to $2,500 a day from advertising on his website, while the average monthly income in Macedonia is just $426. The profits come primarily from ad services such as Google's AdSense, which place targeted advertisements around the web. Each click sends a little bit of cash back to the content creator. Mikhail says he has used his profits to buy a house and put his younger sister through school. [...] That site was blocked a few months ago after Facebook and Google started cracking down on fake news sites. Mikhail is now retooling his operation, with his sights set firmly on the 2020 presidential election.
AMD

French Company Plans To Heat Homes, Offices With AMD Ryzen Pro Processors 181

At its Ryzen Pro event in New York City last month, AMD invited a French company called Qarnot to discuss how they're using Ryzen Pro processors to heat homes and offices for free. The company uses the Q.rad -- a heater that embeds three CPUs as a heat source -- to accomplish this feat. "We reuse the heat they generate to heat homes and offices for free," the company says in a blog post. "Q.rad is connected to the internet and receives in real time workloads from our in-house computing platform."

The idea is that anyone in the world can send heavy workloads over the cloud to a Q.rad and have it render the task and heat a person's home in the process. The two industries that are targeted by Qarnot include movies studios for 3D rendering and VFX, and banks for risk analysis. Qarnot is opting in for Ryzen Pro processors over Intel i7 processors due to the performance gain and heat output. According to Qarnot, they "saw a performance gain of 30-45% compared to the Intel i7." They also report that the Ryzen Pro is "producing the same heat as the equivalent Intel CPUs" they were using -- all while providing twice as many cores.

While it's neat to see a company convert what would otherwise be wasted heat into a useful asset that heats a person's home, it does raise some questions about the security and profitability of their business model. By using Ryzen Pro's processors, OS independent memory encryption is enabled to provide additional security layers to Qarnot's heaters. However, Q.rads are naturally still going to be physically unsecured as they can be in anyone's house.

Further reading: The Mac Observer, TechRepublic
Government

Department of Energy Invests $50 Million To Improve Critical Energy Infrastructure Security (helpnetsecurity.com) 51

Orome1 shares a report from Help Net Security: Today, the Department of Energy (DOE) is announcing awards of up to $50 million to DOE's National Laboratories to support early stage research and development of next-generation tools and technologies to further improve the resilience of the Nation's critical energy infrastructure, including the electric grid and oil and natural gas infrastructure. The electricity system must continue to evolve to address a variety of challenges and opportunities such as severe weather and the cyber threat, a changing mix of types of electric generation, the ability for consumers to participate in electricity markets, the growth of the Internet of Things, and the aging of the electricity infrastructure. The seven Resilient Distribution Systems projects awarded through DOE's Grid Modernization Laboratory Consortium (GMLC) will develop and validate innovative approaches to enhance the resilience of distribution systems -- including microgrids -- with high penetration of clean distributed energy resources (DER) and emerging grid technologies at regional scale. The project results are expected to deliver credible information on technical and economic viability of the solutions. The projects will also demonstrate viability to key stakeholders who are ultimately responsible for approving and investing in grid modernization activities. In addition, the Department of Energy "is also announcing 20 cybersecurity projects that will enhance the reliability and resilience of the Nation's electric grid and oil and natural gas infrastructure through innovative, scalable, and cost-effective research and development of cybersecurity solutions."
AT&T

T-Mobile Named Fastest US Mobile Carrier by New Wirefly Report (phonedog.com) 34

T-Mobile offered the fastest internet speed to subscribers between Q1 and Q2 of 2017 (which ended in June), according to the Wirefly Speed Test, which combed through thousands of test results made using its service. T-Mobile scored highest in overall speed while Verizon ended up with a close second spot, Wirefly, which doesn't require Java or Flash for its tests, added. AT&T and Sprint rounded out the ranking at third and fourth, respectively, the report added, which was done in collaboration with SourceForge. T-Mobile also topped the chart for offering the fastest mobile download speed. An anonymous user writes: T-Mobile offered 22.18 Mbps download speed, while Verizon Wireless ended up with another close second with 21.45 Mbps download. AT&T came in with an average download speed of 17.00 Mbps, and Sprint was trailing all with 15.76 Mbps. Verizon finished with the fastest average upload speed at 16.06 Mbps. You can read the full report here.
Google

Google Challenges Record EU Antitrust Fine in Court (reuters.com) 52

Google appealed on Monday against a record 2.4-billion-euro ($2.9 billion) EU antitrust fine, with its chances of success boosted by Intel's partial victory last week against another EU sanction. From a report: The world's most popular Internet search engine, a unit of the U.S. firm Alphabet, launched its appeal two months after it was fined by the European Commission for abusing its dominance in Europe by giving prominent placement in searches to its comparison shopping service and demoting rival offerings.
Chrome

Google Chrome Will Soon Detect Man-in-the-Middle Attacks (bleepingcomputer.com) 86

An anonymous reader writes: Google Chrome 63 will include a new security feature that will detect when third-party software is performing a Man-in-the-Middle (MitM) attack that hijacks the user's Internet connection.... Most MitM toolkits fail to correctly rewrite the user's encrypted connections, causing SSL errors that Chrome will detect. The new Chrome 63 feature is in the form of a new warning screen. This new error will appear whenever Chrome detects a large number of SSL connection errors in a short timespan, a sign that someone is trying -- and failing -- to intercept the user's web traffic. This includes both malware and legitimate applications, such as antivirus and firewall applications. The new Chrome error won't show up for all antivirus and firewall software, but only for those that do not rewrite SSL connections in a proper way, resulting in SSL errors.
Chrome 63 is set for release on December 5, but users can already test it by enabling it in the Google Chrome dev branch.
Iphone

Leaks Reveal New Features In Apple's Next iPhone 224

Though Apple officially unveils their newest iPhone on Tuesday, information is already leaking on the internet.
  • Mashable: "Physically, it's expected to be about the same size as an iPhone 7, but with an edge-to-edge OLED display that's bigger than what is currently on the iPhone 7 Plus. It won't have a home button or Touch ID, and will likely use some kind of facial recognition tech to unlock."
  • MacRumors cites a report from KGI Securities analyst Ming-Chi Kuo suggesting facial recognition may just be one feature of a complex front camera with 3D sensing hardware, including a proximity sensor, ambient light sensor, and a structured light transmitter (using a surface-emitting laser) and receiver.
  • Fortune: "Apple's iPhone line is expected to catch up with Android phones in the area of wireless charging this year... just lay the phone down on a compatible charger mat or base or dock, and watch the battery fill up."
  • 9to5Mac: "We've found a brand new feature called 'Animoji', which uses the 3D face sensors to create custom 3D animated emoji based on the expressions you make into the camera. Users will be able to make Animoji of unicorns, robots, pigs, pile of poo and many more."
Cellphones

Ask Slashdot: What Can You Do With An Old Windows Phone? 169

Slashdot reader unixisc writes: While it's always been well known that Windows phones in the market have floundered, one saving grace has always been that one could at least use it for the barest minimum of apps, even if updates have stopped... Aside from a door stop or a hand me down to someone who'll use it like a dumb phone, what are your suggested uses for this phone? A music player (if the songs are on an SD card)? Games? As far as phones go, I have what I need, so for this, anything it's good for?
The original submission suggests problems connecting to wi-ifi -- something partially corroborated by complaints at Windows Central -- though Microsoft's site says they're still supporting wifi connections.

Slashdot reader thegreatbob suggested "shuffleboard puck" -- then added, "Snark aside, if you're into writing custom applications and such for them, there's probably a bootloader/root solution for you out there."

Leave your own best suggestions in the comments. What can you do with an old Windows Phone?
Books

SciFi Author (and Byte Columnist) Jerry Pournelle Has Died (jerrypournelle.com) 221

Long-time Slashdot reader BinBoy writes: Science fiction author and Byte magazine columnist Jerry Pournelle has died according to a statement by his son Alex posted to Jerry's web site. A well-wishing page has been set up for visitor's to post their thoughts and memories of Mr. Pournelle.
Pournelle's literary career included the 1985 science fiction novel Footfall with Larry Niven, which became a #1 New York Times best-seller -- one of several successful collaborations between the two authors. In a Slashdot interview in 2003, Larry Niven credited Jerry for the prominent role of religion in their 1974 book The Mote in God's Eye.

Wikipedia also remembers how Byte magazine announced Pournelle's legendary debut as a columnist in their June 1980 issue.
"The other day we were sitting around the BYTE offices listening to software and hardware explosions going off around us in the microcomputer world. We wondered, "Who could cover some of the latest developments for us in a funny, frank (and sometimes irascible) style?" The phone rang. It was Jerry Pournelle with an idea for a funny, frank (and sometimes irascible) series of articles to be presented in BYTE on a semi-regular (i.e.: every 2 to 3 months) basis, which would cover the wild microcomputer goings-on at the Pournelle House ("Chaos Manor") in Southern California. We said yes."
Slashdot reader tengu1sd fondly remembers Pournelle as "frequently loud, but well reasoned." He also shares a link to a new appreciation posted on the Science Fiction and Fantasy Writers of America site. And Slashdot reader Nova Express also remembers Pournelle's Chaos Manor website "later became one of the first blogs on the Internet."
Security

Best Buy Stops Selling Kaspersky Security Software (startribune.com) 132

swschrad writes: Call it a stampede, call it a business decision, but Best Buy has pulled Kaspersky internet security software from its shelves and website. Some in the U.S. government suspect Russian ties make it a suspicious product. Since all major security companies have links with each other and with government security agencies, sharing threat evidence to find counters, Kaspersky's defense seems valid. But if you want it, be prepared to buy it off their own website. Best Buy will give Kaspersky software purchasers 45 days to exchange it for free for another product if they want. Additionally, customers can also uninstall it themselves or have a Geek Squad agent do it for free within that time window.

Slashdot Top Deals