Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Open Source

Free Software Foundation Shakes Up Its List of Priority Projects (networkworld.com) 41

alphadogg quotes Network World: The Free Software Foundation Tuesday announced a major rethinking of the software projects that it supports, putting top priority on a free mobile operating system, accessibility, and driver development, among other areas. The foundation has maintained the High Priority Projects list since 2005, when it contained just four free software projects. [That rose to 12 projects by 2008, though the changelog shows at least seven projects have since been removed.] Today's version mostly identifies priority areas, along with a few specific projects in key areas.
The new list shows the FSF will continue financially supporting Replicant, their free version of Android, and they're also still supporting projects to create a free software replacement for Skype with real-time voice and video capabilities. But they're now also prioritizing various projects to replace Siri, Google Now, Alexa, and Cortana with a free-software personal assistant, which they view as "crucial to preserving users' control over their technology and data while still giving them the benefits such software has for many."

And other priorities now include internationalization, accessibility, decentralization and self-hosting, and encouraging governments to adopt free software.
Firefox

The SHA-1 End Times Have Arrived (threatpost.com) 30

"Deadlines imposed by browser makers deprecating support for the weakened SHA-1 hashing algorithm have arrived," writes Slashdot reader msm1267. "And while many websites and organizations have progressed in their migrations toward SHA-2 and other safer hashing algorithms, pain points and potential headaches still remain." Threatpost reports: Starting on Jan. 24, Mozilla's Firefox browser will be the first major browser to display a warning to its users who run into a site that doesn't support TLS certificates signed by the SHA-2 hashing algorithm... "SHA-1 deprecation in the context of the browser has been an unmitigated success. But it's just the tip of the SHA-2 migration iceberg. Most people are not seeing the whole problem," said Kevin Bocek, VP of security strategy and threat intelligence for Venafi. "SHA-1 isn't just a problem to solve by February, there are thousands more private certificates that will also need migrating"...

Experts warn the move to SHA-2 comes with a wide range of side effects; from unsupported applications, new hardware headaches tied to misconfigured equipment and cases of crippled credit card processing gear unable to communicate with backend servers. They say the entire process has been confusing and unwieldy to businesses dependent on a growing number of digital certificates used for not only their websites, but data centers, cloud services, and mobile apps... According to Venafi's research team, 35 percent of the IPv4 websites it analyzed in November are still using insecure SHA-1 certificates. However, when researchers scanned Alexa's top 1 million most popular websites for SHA-2 compliance it found only 536 sites were not compliant.
The article describes how major tech companies are handling the move to SHA-2 compliance -- including Apple, Google, Microsoft, Facebook, Salesforce and Cloudflare
Security

Pwn2Own 2017 Offers Big Bounties For Linux, Browser, and Apache Exploits (eweek.com) 34

Now that TrendMicro owns TippingPoint, there'll be "more targets and more prize money" according to eWeek, and something special for Pwn2Own's 10th anniversary in March. Slashdot reader darthcamaro writes: For the first time in its ten-year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu.
"We are nine weeks away," TrendMicro posted Wednesday, pointing out that they're giving out over $1 million in bounties, including the following:
  • $100,000 for escaping a virtualization hypervisor
  • $80,000 for a Microsoft Edge or Google Chrome exploit
  • $50,000 for an exploit of Adobe Reader, Microsoft Word, Excel or PowerPoint
  • $50,000 for an Apple Safari exploit
  • $30,000 for a Firefox exploit
  • $30,000, $20,000 and $15,000 for privilege-escalating kernel vulnerabilities on Windows, macOS and Linux (respectively)
  • $200,000 for an Apache Web Server exploit

Google

Google Pressured 90,000 Android Developers Over Insecure Apps (pcworld.com) 46

An anonymous reader quotes PCWorld: Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future updates to the insecure apps...

In the early days of the App Security Improvement program, developers only received notifications, but were under no pressure to do anything. That changed in 2015 when Google expanded the types of issues it scanned for and also started enforcing deadlines for fixing many of them... Google added checks for six new vulnerabilities in 2015, all of them with a patching deadline, and 17 in 2016, 12 of which had a time limit for fixes. These issues ranged from security flaws in third-party libraries, development frameworks and advertising SDKs to insecure implementations of Android Java classes and interfaces.

100,000 applications had been patched by April of 2016, but that number tripled over the next nine months, with 90,000 developers fixing flaws in over 275,000 apps.
Businesses

Uber Hires Former Google Search Chief Amit Singhal As SVP of Engineering (techcrunch.com) 26

The former Senior Vice President of Search and employee number 176 at Google has joined the ride-hailing company Uber as SVP of Engineering. TechCrunch is reporting that "Singhal will be heading up the Maps and Marketplace departments at Uber, while also advising CEO Travis Kalanick and Uber VP of Engineering and Otto co-founder Anthony Levandowski on their efforts to build out the company's self-driving technology." From the report: The last time we in tech news circles heard from Singhal, he was saying goodbye after a 15-year career at Google, in a farewell letter that felt a lot like a retirement announcement. Singhal wrote that he was leaving to "see what kind of impact [he could] make philanthropically" and to"spend more time with [his] family," in an effort to "define [his] next fifteen years." Now, a little under a year later, Singhal is back in an executive role -- this time at a much younger company, but still at one of the most influential technology firms in the world. So how did Singhal get from there to here? Well, for starters, Singhal did throw himself into philanthropic pursuits, focusing on the Singhal Foundation established by him and his wife Shipa, which aims to deliver access to high quality education for kids who normally wouldn't be able to attend top schools, and which began with a focus on the city of Jodhpur, in India. Singhal met Travis Kalanick through a mutual friend, which sparked a series of conversations between the search expert and the famous founder about Uber, its goals and its technical challenges. The combination of the scope of both Uber's potential impact, and the extent of the engineering hurdles it faces in achieving its aims were what drew Singhal in; he is, after all, a true engineer at heart, and mountainous technical challenges attract skilled engineers like nothing else. "This company is not only doing things that are amazing, this company also has some of the toughest computer science challenges that I have seen in my career of 25 years," Singhal told me. "Those computer science challenges for a computer science geek are just intriguing -- you give a geek a puzzle, they can't drop it; they need to solve the puzzle. That's how it felt to me."
Android

Galaxy S7 Display Defaults To Full HD After Nougat Update, But You Can Switch Back (androidcentral.com) 20

An anonymous reader writes: Samsung's new display scaling options change the default resolution of the Galaxy S7 and S7 edge. The Nougat update to the Galaxy S7 and S7 edge introduces a new display scaling option that lets you reduce the screen resolution as a way to conserve battery life. With the update, you can now choose between three modes -- WQHD (2560x1440), FHD (1920x1080), and HD (1280x720). While it's a nifty feature to have, the display on the Galaxy S7 and S7 edge is automatically defaulting to Full HD for those that have installed the update. Fortunately, you can easily switch back to the native Quad HD resolution by navigating to Settings -> Display.
Windows

Microsoft Targets Chrome Users With Windows 10 Pop-up Ad (pcmag.com) 160

Google Chrome users on Windows 10 are apparently being treated to a new experience: a pop-up ad. From a PCMag report: If you have Chrome installed and the icon present on the Windows Taskbar, chances are you're going to start seeing a pop-up advert appear suggesting you install Microsoft's Personal Shopping Assistant Chrome extension. Microsoft touts it as "Your smart shopping cart across the web." Opting to install the extension results in Microsoft monitoring which products you've searched for and viewed while using Chrome, and then offering to compare those products to find the best price. There's also alerts when prices change, and the ability to track products across all your devices. Of course, Microsoft will make money if you opt to purchase any products using the Assistant.
Security

Top Security Researchers Ask The Guardian To Retract Its WhatsApp Backdoor Report (technosociology.org) 69

Earlier this month The Guardian reported what it called a "backdoor" in WhatsApp, a Facebook-owned instant messaging app. Some security researchers were quick to call out The Guardian for what they concluded was irresponsible journalism and misleading story. Now, a group of over three dozen security researchers including Matthew Green and Bruce Schneier (as well as some from companies such as Google, Mozilla, Cloudflare, and EFF) have signed a long editorial post, pointing out where The Guardian's report fell short, and also asking the publication to retract the story. From the story: The WhatsApp behavior described is not a backdoor, but a defensible user-interface trade-off. A debate on this trade-off is fine, but calling this a "loophole" or a "backdoor" is not productive or accurate. The threat is remote, quite limited in scope, applicability (requiring a server or phone number compromise) and stealthiness (users who have the setting enabled still see a warning; "even if after the fact). The fact that warnings exist means that such attacks would almost certainly be quickly detected by security-aware users. This limits this method. Telling people to switch away from WhatsApp is very concretely endangering people. Signal is not an option for many people. These concerns are concrete, and my alarm is from observing what's actually been happening since the publication of this story and years of experience in these areas. You never should have reported on such a crucial issue without interviewing a wide range of experts. The vaccine metaphor is apt: you effectively ran a "vaccines can kill you" story without interviewing doctors, and your defense seems to be, "but vaccines do kill people [through extremely rare side effects]."
United States

Google Uses Search To Push Its Products: WSJ (usatoday.com) 62

Ads for Google and related companies were found in the top spot in 91% of 25,000 searches related to items, according to a report on WSJ. For example, a search for "phones" would produce ads for Google Pixel, which the company launched last year. From a report: Similar results were found for searches on "Watches" or "smoke detector," which produced ads for Android smartwatches and Nest devices, respectively. In a statement, Google says their marketing programs are "carefully designed" to not impact outside advertisers. "All our bids are excluded from the auction when determining the price paid by other advertisers, and we have strict rules and processes -- set to tougher levels than our customers -- to govern the use of our own ads products." The auction is a process deciding which ads will appear for users when they type in certain search queries. Strategies such as using relevant keywords give advertisers a better shot at their ad appearing on a search results page.
Microsoft

Microsoft is Bringing Cortana To Android Lock Screen (mspoweruser.com) 94

Microsoft is testing out a new way to access Cortana, its digital assistant, from the Android lock screen, with just a swipe. It's a new feature that's clearly designed to replace Google's own quick access, and to convince Android users to switch to Cortana. According to MSPowerUser, Cortana on the lock screen doesn't replace existing lock screens, so you can still use a custom one or the default experience that ships with your Android device. Cortana is activated simply by swiping left or right on the floating logo. Microsoft is currently testing this new feature, and any Android users can opt-in to trial the new beta features over at the Google Play Store.
Education

College Fires IT Admin, Loses Access To Google Email, Successfully Sues IT Admin For $250K (theregister.co.uk) 271

An anonymous reader quotes a report from The Register: Shortly after the American College of Education (ACE) in Indiana fired IT administrator Triano Williams in April, 2016, it found that it no longer had any employees with admin access to the Google email service used by the school. In a lawsuit [PDF] filed against Williams in July, 2016, the school alleges that it asked Williams to return his work laptop, which was supposed to have the password saved. But when Williams did so in May that year, the complaint says, the computer was returned wiped, with a new operating system, and damaged to the point it could no longer be used. ACE claimed that its students could not access their Google-hosted ACE email accounts or their online coursework. The school appealed to Google, but Google at the time refused to help because the ACE administrator account had been linked to William's personal email address. "By setting up the administrator account under a non-ACE work email address, Mr Williams violated ACE's standard protocol with respect to administrator accounts," the school's complaint states. "ACE was unaware that Mr Williams' administrator account was not linked to his work address until after his employment ended." According to the school's court filing, Williams, through his attorney, said he would help the school reinstate its Google administrator account, provided the school paid $200,000 to settle his dispute over the termination of his employment. That amount is less than half the estimated $500,000 in harm the school says it has suffered due to its inability to access its Google account, according to a letter from William's attorney in Illinois, Calvita J Frederick. Frederick's letter claims that another employee set up the Google account and made Williams an administrator, but not the controlling administrator. It says the school locked itself out of the admin account through too many failed password attempts. Williams, in a counter-suit [PDF] filed last month, claims his termination followed from a pattern of unlawful discrimination by the school in the wake of a change in management. Pointing to the complaint she filed with the court in Illinois, Frederick said Williams wrote a letter [PDF] to a supervisor complaining about the poor race relations at the school and, as a result of that letter, he was told he had to relocate to Indianapolis.
Businesses

Twitter Just Sold Its Developer Platform To Google (engadget.com) 27

Google has acquired a part of Twitter -- the part that isn't about tweets. Twitter's mobile developer platform Fabric will become part of Google, both companies announced Wednesday. From a report: Acquired by Twitter in 2014, Fabric is "a modular mobile platform" designed to help app developers improve the "stability, distribution, revenue and identity" of their products, according to Twitter's blog post. Everything from the ability to natively embed tweets in other apps to signing in with your Twitter credentials were made possible by Fabric. Now that it's been reacquired, Fabric will merge with Google's Firebase development platform. "We quickly realized that our missions are the same -- helping mobile teams build better apps, understand their users, and grow their businesses," the Fabric team wrote in its announcement. "Fabric and Firebase operate mobile platforms with unique strengths in the market today." And if you're an existing Fabric customer, don't worry, the platform will continue to function. You'll just need to agree to the new terms of service, which will be available once the deal is completed.
Google

The Problem With Google AMP (80x24.net) 56

Kyle Schreiber has raised some issues about Google's AMP (Accelerated Mobile Pages), an open source project unveiled by the company in 2015 with which it aims to accelerate content on mobile devices. He writes on his blog: The largest complaint by far is that the URLs for AMP links differ from the canonical URLs for the same content, making sharing difficult. The current URLs are a mess. They all begin with some form of https://wwww.google.com/amp/ before showing a URL to the AMP version of the site. There is currently no way to find the canonical link to the page without guessing what the original URL is. This usually involves removing either a .amp or ?amp=1 from the URL to get to the actual page. Make no mistake. AMP is about lock-in for Google. AMP is meant to keep publishers tied to Google. Clicking on an AMP link feels like you never even leave the search page, and links to AMP content are displayed prominently in Google's news carousel. This is their response to similar formats from both Facebook and Apple, both of which are designed to keep users within their respective ecosystems. However, Google's implementation of AMP is more broad and far reaching than the Apple and Facebook equivalents. Google's implementation of AMP is on the open web and isn't limited to just an app like Facebook or Apple.
Android

Android Will Now Store Google Searches Offline and Deliver Them When You Get Signal (theverge.com) 35

Google is rolling out an update for its Android app that makes it easier to search on the web with an inconsistent internet connection. Users can make searches when offline and the Google app will store them, delivering the results later (with an optional notification) when the devices get signal again. From a report: As Google product manager Shekhar Sharad writes in a blog post: "So the next time you lose service, feel free to queue up your searches, put your phone away and carry on with your day. The Google app will work behind-the-scenes to detect when a connection is available again and deliver your search results once completed."
Android

Low-Cost Android One Phones Coming To The US, Says Report (theverge.com) 91

The Android One platform is a program designed by Google to provide budget-friendly Android smartphones to developing markets. The phones are attractive because they contain no bloatware, competing services, and a lack of software and security updates -- the stuff that most low-end smartphones contain. According to a report from The Information, the program is about to make its way to the U.S. market. The Verge reports: Android One phones have historically been produced by companies you probably haven't heard of, like Micromax, Cherry, and QMobile. Originally Google had a direct hand in detailing what components would go into the phone, but apparently became more flexible over time and eventually expanded the program beyond India to parts of Africa, Spain, and Portugal. Android One may not have been the rousing worldwide success Google was hoping for, but it's still an important initiative for the company. Especially at the low end, there's a lot of incentive for manufacturers to pile on extra software in a bid to make those devices more profitable -- but that could cut against Google's efforts to make its own services more pervasive and popular. If Google really does put some real effort behind Android One, it could make its plans for Android a little clearer. Google itself has taken a stand that it wants to make its own hardware at the high-end of the smartphone market with the Pixel, and if The Information's report is accurate, it wants to ensure that its services are not cut out from the low end.
Google

Google Maps Starts Showing Parking Availability For Some Users (arstechnica.com) 53

An anonymous reader quotes a report from Ars Technica: Back in August, Cody found strings in his teardown of Google Maps v9.34 beta that hinted at an upcoming display of parking difficulty. The option may have crept up for some users since then, but now we have our first glance into how the feature will work since it has started showing up for more users on Maps v9.44 beta. Parking availability will be shown as a small rounded P icon next to your route duration estimate when you search for driving directions, followed by more descriptive text. As Cody's teardown showed, there are three levels to look for: Limited, Medium, and Easy. Limited parking will get the P icon to turn red. Once you start driving toward your destination, you can expand the directions to get a more descriptive explanation of the parking situation. Our tipster tells us that according to his tests, parking availability shows up for public destinations like malls and airports and various attractions. The option doesn't seem to be live for everyone on Maps v9.44 beta (APK Mirror link), so you may need to be patient to see it on your phone.
Google

Porn Pirates Exploit Well-Known Loophole To Upload Raunchy Videos On YouTube (thenextweb.com) 91

Adult video websites appear to be exploiting a YouTube loophole to host explicit material on the platform. An anonymous reader shares a report on The Next Web: A number of adult streaming websites have begun using a known backdoor that ultimately makes it possible to store infringing material on Google's servers -- entirely free of charge. To pull this off, the pirates essentially take advantage of YouTube's option to upload content without sharing it publicly, which effectively allows them to embed the videos on their websites and bypass Google's Content-ID takedown system. This means the content remains unlisted on YouTube and is served directly from the GoogleVideo.com domain instead. While the move hasn't gone unnoticed by the porn industry, California-based adult content-maker Dreamroom Productions claims it has made it much harder for producers to hunt down and flag infringing material, since the videos are not shared publicly.
Youtube

Safari Users Unable to Play Newer 4K Video On YouTube in Native Resolution (macrumors.com) 124

It appears Google recently turned on VP9 codec on YouTube for delivering 4K video. However, because of this, Safari users are unable to watch videos uploaded to the service since early December in full 4K resolution. From a report: Specifically, YouTube appears to be storing video on its servers using either the more efficient VP9 codec or the older H.264 codec. Safari only supports the latter, which explains why recently uploaded 4K videos are only able to be viewed in up to 1440p. Funnily enough, the same videos can be streamed by Safari in native 4K as long as they're embedded in another website, suggesting that the VP9 codec support requirement only applies to videos viewed directly on YouTube's website. Until Apple updates Safari to support the VP9 codec, Mac users who want to access newer 4K video on YouTube in native 2160p resolution are advised to use a different browser.John Gruber of DaringFireball writes, "I'm curious what Google's thinking is here. My guess: a subtle nudge to get more Mac users to switch from Safari to Chrome. 4K playback is going to require H.264 support if they want it to work on iOS, though."
Businesses

Worldwide App Downloads Grew 15% and Revenue Soared 40% in 2016 (venturebeat.com) 19

Downloads, revenue, and time spent in apps all grew by double digits during 2016, according to a report by market researcher App Annie. From a report on VentureBeat: Time spent in apps grew more than 20 percent to nearly 900 billion hours in 2016, according to the year-end report. That's just one sign that the global app economy saw healthy growth during the past year. In its year-end retrospective, App Annie said U.S. time spent in apps grew more than 25 percent. Worldwide, downloads increased 15 percent by more than 13 billion across both iOS and Google Play. The platform owners paid out nearly $89 billion in revenues to publishers from in-app ads and app store revenue, up 40 percent from the year before. That means apps generated $127 billion in revenues overall, as platform owners take about 30 percent of the revenue.
Communications

Amazon Seeks FCC Permission To Run Wireless Tests In Washington State (csmonitor.com) 24

Amazon has filed an application with the U.S. federal government that details plans to experiment with wireless communications technology. The application asks the FCC for permission "to test undisclosed prototypes and their related software for five months in and around its Seattle headquarters," reports Christian Science Monitor. "The experiments will involve mobile devices and anchored stations alike, according to an FCC application made public last week and first reported by Business Insider's Eugene Kim, who noted the project could be part of Amazon's drone-delivery initiatives or something even more novel." From the report: In recent years, Google and Facebook have begun conducting wireless experiments of their own with FCC approval, pursuing a number of innovative projects, such as self-driving cars, as Mr. Kim reported. Amazon, meanwhile, has focused on its aspirations of drone delivery service for its online retail business -- a service the firm has pursued in Britain and several other countries as well. Given the company's wide-ranging interests, it is difficult to anticipate precisely what the tests entail. Last year alone, Amazon unveiled projects to change the way people grocery shop, offer drivers a voice-activated driving assistant, and ship cargo with its own branded planes, as the Monitor reported. Amazon's application to the FCC notes that the tests would begin indoors at the Seattle headquarters then later move outdoors to a customer service site more than 220 miles away, in Kennewick, Wash. The tests would last five months, beginning as early as Feb. 11, 2017, the documents state.

Slashdot Top Deals