DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Communications

Yes, You've Still Got Mail (recode.net) 66

Veteran technology columnist Walt Mossberg, writes: Like radio, email isn't dying, it's just changing. Over the past decade or so it's become much more like postal mail. It's not the place you expect to find a greeting from a friend or even a timely update from a professional colleague. Instead, it's a mix of junk mail you hate and discard, plus bills and missives from businesses you also hate but can't discard. [...] Still, despite all signs to the contrary -- and many predictions -- email is not dead. In fact, some analyses suggest that it's growing. Few people can afford to be without it. It hasn't expired; it has morphed. There are lots of reasons email persists, even as faster and simpler forms of communication proliferate and your personal communications likely have mostly migrated elsewhere. But one big one is that new types of media channels rarely totally kill off old ones, even though everyone predicts they will. The old ones just adapt and change. Back in the day, television was supposed to kill off radio, but radio gradually saved itself by dropping the programming TV did better (like dramas and variety shows) and starting to focus on playing hit songs and hosting political and sports talk shows. I think something similar is going on with email. Once the king of digital discourse, email has surely been dethroned by an army of alternatives: Vast and numerous messaging services; photo- and video-oriented sharing on social networks or the photo apps of Apple and Google; business tools like Slack. I get the latest pictures of my granddaughter through iCloud photo sharing. I get the latest discussions of how we plan to cover stories on The Verge or Recode through Slack. My editor and I collaboratively edit my stories inside Google Docs. Ten years ago, all those things would have been done via email. Back then, when a reader wanted to tell me I was an idiot (or worse) for something I wrote, I got an email. Now, they tell me on Twitter.
Google

Google Launches New Website To Showcase Its Open Source Projects and Processes (betanews.com) 34

BrianFagioli writes: Google is an essential member of the open source community. The search giant contributes some really great projects, offering code to be used many -- it claims more than 2,000 such contributions! Heck, the company even hosts the annual Summer of Code program, where it pairs students with open source projects teams. In other words, Google is helping to get young folks excited about open source. Today, Google announced that it is launching an all-new website to focus on open source. It is not a general open source site, but a destination to learn more about the search-giant's relationship with it. "Today, we're launching opensource.google.com, a new website for Google Open Source that ties together all of our initiatives with information on how we use, release, and support open source. This new site showcases the breadth and depth of our love for open source. It will contain the expected things: our programs, organizations we support, and a comprehensive list of open source projects we've released. But it also contains something unexpected: a look under the hood at how we 'do' open source," says Will Norris, Open Source Programs Office, Google.
Social Networks

Facebook Copied Snapchat a Fourth Time, and Now All Its Apps Look the Same (recode.net) 81

Facebook is copying Snapchat again. From a report on Recode: Today it launched Stories, the 24-hour photo and video montages that ultimately disappear, inside of its core Facebook app. This is the fourth time Facebook has cloned the key Snapchat feature in the past nine months; the social giant has already copied it into Instagram, Messenger and WhatsApp. On the surface, Facebook's move simply looks like an unabashed defense strategy against Snapchat, the company's most obvious threat since 2011, when Google tried to dive into social with a service that turned out to be much more like a bellyflop. This is getting serious. What many people don't realize is that even if Facebook manages to get half a percent of its users to use its copycat tools, Snapchat will lose a substantial number of potential customers that could have joined its service. With Facebook, which has over 1.8 billion users (+ the possibly tens of millions of people that use WhatsApp, Instagram, or Messenger app and don't have a Facebook account), increasingly offering all of Snapchat's features on its apps, the future of Evan Spiegel's company doesn't look all that good.
The Courts

US Top Court Considers Changing Where Patent Cases May Be Filed (reuters.com) 55

The U.S. Supreme Court on Monday grappled over whether to upend a quarter-century of practice and limit where patent-infringement lawsuits can be filed. From a report on Reuters: The U.S. Supreme Court struggled over whether to upend nearly 30 years of law governing patent lawsuits that critics say allows often-baseless litigants to sue in friendly courts, giving them the upper hand over high-technology companies such as Apple and Alphabet Google. The justices heard an hour of arguments in an appeal by beverage flavoring company TC Heartland LLC to have a patent infringement suit brought against it by food and beverage company Kraft Heinz moved from federal court in Delaware, where it was filed, to Heartland's home base in Indiana. TC Heartland is challenging a lower court ruling denying a transfer to Indiana. Even though the case did not involve a lawsuit filed in Texas, the arguments involved the peculiar fact that the bulk of patent litigation in the United States is occurring in a single, rural region of East Texas, far from the centers of technology and innovation in the United States. Critics have said the federal court there has rulings and procedures favoring entities that generate revenue by suing over patents instead of making products, sometimes called "patent trolls." The outcome of the TC Heartland case could be profoundly felt in the East Texas courts. The justices could curtail where patent lawsuits may be launched, limiting them to where a defendant company is incorporated and potentially making it harder to get to trial or score lucrative jury verdicts.
Microsoft

Microsoft Yanks Docs.com Search After Complaints of Exposed Sensitive Files (zdnet.com) 55

Microsoft has quietly removed a feature on its document sharing site Docs.com that allowed anyone to search through millions of files for sensitive and personal information. From a report on ZDNet: Users had complained over the weekend on Twitter that anyone could use the site's search box to trawl through publicly-accessible documents and files stored on the site, which were clearly meant to remain private. Among the files reviewed by ZDNet, and seen by others who tweeted about them, included password lists, job acceptance letters, investment portfolios, divorce settlement agreements, and credit card statements -- some of which contained Social Security and driving license numbers, dates of birth, phone numbers, and email and postal addresses. The company removed the site's search feature late on Saturday, but others observed that the files were still cached in Google's search results, as well as Microsoft's own search engine, Bing.
Google

Still More Advertisers Pull Google Ads Over YouTube Hate Videos (morningstar.com) 292

"A week after Google apologized for running customers' advertisements alongside objectionable videos, triggering a change in policy, its YouTube site is still rife with examples that are angering more big advertisers and causing some to cut spending with the tech giant," reports the Dow Jones Newswire. Reporters from the Wall Street Journal spotted ads from Microsoft, Amazon, and Procter & Gamble appearing on hate videos -- and thus indirectly funding them. An anonymous reader quotes their report: Asked about the Journal's finding that their ads were still appearing with such content on YouTube as of Thursday night, Coca-Cola, PepsiCo Inc., Wal-Mart Stores Inc. and Dish Network Corp. said Friday they were suspending spending on all Google advertising except targeted search ads. Starbucks Corp. and General Motors Co. said they were pulling their ads from YouTube. FX Networks, part of 21st Century Fox Inc., said it was suspending all advertising spending on Google, including search ads and YouTube. Wal-Mart said: "The content with which we are being associated is appalling and completely against our company values."
An executive at one of the affected companies complained that Google "had assured us over the past few days that our brands were safe from this type of content. Despite their assurances, it's clear they couldn't give assurance."
Privacy

'Why The US Senate's Vote To Throw Out ISP Privacy Laws Isn't All Bad' (technologyreview.com) 106

"Nobody wants their data spread far and wide," write two associate editors at MIT Technology Review, "but the FCC's rules were an inconsistent solution to a much larger problem." An anonymous reader writes: They point out the rules passed in October "weren't even yet in effect," but more importantly -- they only would've applied to ISPs. "[T]he reality is that the U.S. doesn't have a baseline law that governs online privacy," and the truth is, it never did. "The FCC's new privacy rules would have been dramatic, to be sure -- but they would only have addressed one piece of the problem, leaving companies like Facebook and Google free to continue doing much the same thing.
While the repeal still needs approval in the U.S. House of Representatives and the president's signature, their article argues that what's really needed is "a more consistent approach to privacy."
Software

FedEx Will Pay You $5 To Install Flash (theregister.co.uk) 90

FedEx's Office Print department is offering customers $5 to enable Adobe Flash in their browsers. Why would they do such a thing you may ask? It's because they want customers to design posters, signs, manuals, banners and promotional agents using their "web-based config-o-tronic widgets," which requires Adobe Flash. The Register reports: But the web-based config-o-tronic widgets that let you whip and order those masterpieces requires Adobe Flash, the enemy of anyone interested in security and browser stability. And by anyone we mean Google, which with Chrome 56 will only load Flash if users say they want to use it, and Microsoft which will stop supporting Flash in its Edge browser when the Windows 10 Creators Update debuts. Mozilla's Firefox will still run Flash, but not for long. The impact of all that Flash hate is clearly that people are showing up at FedEx Office Print without the putrid plug-in. But seeing as they can't use the service without it, FedEx has to make the offer depicted above or visible online here. That page offers a link to download Flash, which is both a good and a bad idea. The good is that the link goes to the latest version of Flash, which includes years' worth of bug fixes. The bad is that Flash has needed bug fixes for years and a steady drip of newly-detected problems means there's no guarantee the software's woes have ended. Scoring yourself a $5 discount could therefore cost you plenty in future.
Patents

Judge: eBay Can't Be Sued Over Seller Accused of Patent Infringement (arstechnica.com) 35

An anonymous reader quotes a report from Ars Technica: It's game over for an Alabama man who claims his patent on "Carpenter Bee Traps" is being infringed by competing products on eBay. Robert Blazer filed his lawsuit in 2015, saying that his U.S. Patent No. 8,375,624 was being infringed by a variety of products being sold on eBay. Blazer believed the online sales platform should have to pay him damages for infringing his patent. A patent can be infringed when someone sells or "offers to sell" a patented invention. At first, Blazer went through eBay's official channels for reporting infringement, filing a "Notice of Claimed Infringement," or NOCI. At that point, his patent hadn't even been issued yet and was still a pending application, so eBay told him to get back in touch if his patent was granted. On February 19, 2013, Blazer got his patent and ultimately sent multiple NOCI forms to eBay. However, eBay wouldn't take down any items, in keeping with its policy of responding to court orders of infringement and not mere allegations of infringement. In 2015, Blazer sued, saying that eBay had directly infringed his patent and also "induced" others to infringe. That lawsuit can't move forward, following an opinion (PDF) published this week by U.S. District Judge Karon Bowdre. The judge found that eBay lacked any knowledge of actual infringement and rejected Blazer's argument that eBay was "willfully blind" to infringement of Blazer's patent. The opinion was first reported yesterday by The Recorder (registration required).
Communications

T-Mobile Kicks Off Industry Robocall War With Network-Level Blocking and ID Tools (venturebeat.com) 76

T-Mobile is among the first U.S. telecom companies to announce plans to thwart pesky robocallers. From a report on VentureBeat: The move represents part of an industry-wide Robocall Strike Force set up by the Federal Communications Commission (FCC) last year to combat the 2 billion-plus automated calls U.S. consumers deal with each month. Other key members of the group include Apple, Google, Microsoft, and Verizon. T-Mobile's announcement comes 24 hours after the FCC voted to approve a new rule that would allow telecom companies to block robocallers who use fake caller ID numbers to conceal their true location and identity. From a report on WashingtonPost: The Federal Communications Commission on Thursday proposed new rules (PDF) that would allow phone companies to target and block robo-calls coming from what appear to be illegitimate or unassigned phone numbers. The rules could help cut down on the roughly 2.4 billion automated calls that go out each month -- many of them fraudulent, according to FCC Chairman Ajit Pai. "Robo-calls are the No. 1 consumer complaint to the FCC from members of the American public," he said, vowing to halt people who, in some cases, pretend to be tax officials demanding payments from consumers, or, in other cases, ask leading questions that prompt consumers to give up personal information as part of an identity theft scam.
Google

The Days of Google Talk Are Over (techcrunch.com) 68

The days of Google Talk are quickly coming to an end. An anonymous reader shares a TechCrunch report: As the company announced today, the messaging service that allowed Gmail users to talk to each other since it launched in 2005, will now be completely retired. Even while Google pushed Hangouts as its consumer messaging service (before Allo, Duo, Hangouts Chat and Hangouts Meet) over the last few years, it still allowed die-hard Gtalk users (and there are plenty of them) to stick to their preferred chat app. Over the next few days, these users will get an "invite" to move to Hangouts. After June 26, that switch will be mandatory.
Chrome

Google Reducing Trust In Symantec Certificates Following Numerous Slip-Ups (bleepingcomputer.com) 77

An anonymous Slashdot reader writes from a report via BleepingComputer: Google Chrome engineers announced plans to gradually remove trust in old Symantec SSL certificates and intent to reduce the accepted validity period of newly issued Symantec certificates, following repeated slip-ups on the part of Symantec. Google's decision comes after the conclusion of an investigation that started on January 19, which unearthed several problems with Symantec's certificate issuance process, such as 30,000 misused certificates. In September 2015, Google also discovered that Symantec issued SSL certificates for Google.com without authorization. Symantec blamed the incident on three rogue employees, whom it later fired. This move from Google will force all owners of older Symantec certificates to request a new one. Google hopes that by that point, Symantec would have revamped its infrastructure and will be following the rules agreed upon by all the other CAs and browser makers.
Advertising

YouTube Loses Major Advertisers Over Offensive Videos (rollingstone.com) 253

An anonymous reader quotes a report from Rolling Stone: Verizon, AT&T, Johnson & Johnson and other major companies have pulled advertisements from YouTube after learning they were paired with videos promoting extremism, terrorism and other offensive topics, The New York Times reports. Among the other companies involved are pharmaceutical giant GSK, HSBC, the Royal Bank of Scotland and L'Oreal, amounting to a potential loss of hundreds of millions of dollars to the Google-owned company. The boycott began last week after a Times of London investigation spurred many major European companies to pull their ads from YouTube. American companies swiftly followed, even after Google promised Tuesday to work harder to block ads on "hateful, offensive and derogatory" videos. Like AT&T, most companies are only pulling their ads from YouTube and will continue to place ads on Google's search platforms, which remain the biggest source of revenue for Google's parent company, Alphabet. Still, the tech giant offered up a slew of promises to assuage marketers and ensure them that they were fixing the problems on YouTube. Due to the massive number of videos on YouTube -- about 400 hours of video is posted each minute -- the site primarily uses an automated system to place ads. While there are some failsafes in place to keep advertisements from appearing alongside offensive content, Google's Chief Business Officer Philipp Schindler wrote in a blog post that the company would hire "significant numbers" of employees to review YouTube videos and mark them as inappropriate for ads. He also said Google's latest advancements in artificial intelligence and machine learning will help the company review and flag large swaths of videos.
United States

71 Percent of Android Phones On Major US Carriers Have Out of Date Security Patches (betanews.com) 103

Ian Barker, writing for BetaNews: Slow patching of security flaws is leaving many US mobile users at risk of falling victim to data breaches according to the findings of a new report. The study from mobile defense specialist Skycure analyzed patch updates among the five leading wireless carriers in the US and finds that 71 percent of mobile devices still run on security patches more than two months old. This is despite Google releasing Android patches every month, indeed six percent of devices are running patches that are six or more months old. Without the most updated patches, these devices are susceptible to attacks, including rapidly rising network attacks and new malware, also detailed in the report.
Australia

Australia Shelves Copyright Safe Harbor For Google, Facebook (torrentfreak.com) 25

In a surprise setback for companies such as Google and Facebook that leverage user-generated content, Australia has dropped plans to extend its copyright safe harbor provisions. From a report: In a blow to Google, Facebook and others, the government dropped the amendments before they were due to be introduced to parliament yesterday. That came as a big surprise, particularly as Prime Minister Malcolm Turnbull had given the proposals his seal of approval just last week. "Provisions relating to safe harbor were removed from the bill before its introduction to enable the government to further consider feedback received on this proposal whilst not delaying the passage of other important reforms," Communications Minister Mitch Fifield said in a statement. There can be little doubt that intense lobbying from entertainment industry groups played their part, with a series of articles published in News Corp-owned The Australian piling on the pressure in favor of rightsholders.
Bug

LastPass Bugs Allow Malicious Websites To Steal Passwords (bleepingcomputer.com) 126

Earlier this month, a Slashdot reader asked fellow Slashdotters what they recommended regarding the use of password managers. In their post, they voiced their uncertainty with password managers as they have been hacked in the past, citing an incident in early 2016 where LastPass was hacked due to a bug that allowed users to extract passwords stored in the autofill feature. Flash forward to present time and we now have news that three separate bugs "would have allowed a third-party to extract passwords from users visiting a malicious website." An anonymous Slashdot reader writes via BleepingComputer: LastPass patched three bugs that affected the Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. All bugs were reported by Google security researcher Tavis Ormandy, and all allowed the theft of user credentials, one bug affecting the LastPass Chrome extension, while two impacted the LastPass Firefox extension [1, 2]. The exploitation vector was malicious JavaScript code that could be very well hidden in any online website, owned by the attacker or via a compromised legitimate site.
DRM

W3C Erects DRM As Web Standard (theregister.co.uk) 255

The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.
Chrome

Google Contemplating Removing Chrome 'Close Other Tabs' and 'Close Tabs to the Right' Options (bleepingcomputer.com) 265

An anonymous reader shares a report: Chrome engineers are planning to remove two options from Chrome that allow users to quickly close a large number of tabs with just a few clicks. The options, named "Close other tabs" and "Close tabs to the right" reside in the menu that appears when a user right-clicks on a Chrome tab. According to an issue on the Chromium project spotted yesterday by a Reddit user, Google engineers planned to remove to menu options for many years even before opening the Chromium issue, dated itself to July 31, 2015. After several years of inactivity and no decision, things started to move again in September 2016, when usage statistics confirmed that Chrome users rarely used the two options they initially wanted to remove. Seeing no new discussions past this point, Chromium engineers assigned the issue in February, meaning engineers are getting ready to remove the two menu options it in future Chromium builds.
Firefox

Firefox for Linux is Now Netflix Compatible (betanews.com) 71

Brian Fagioli, writing for BetaNews: For a while, Netflix was not available for traditional Linux-based operating systems, meaning users were unable to enjoy the popular streaming service without booting into Windows. This was due to the company's reliance on Microsoft Silverlight. Since then, Netflix adopted HTML5, and it made Google Chrome and Chromium for Linux capable of playing the videos. Unfortunately, Firefox -- the open source browser choice for many Linux users -- was not compatible. Today this changes, however, as Mozilla's offering is now compatible with Netflix!
Microsoft

Microsoft's Edge Was Most Hacked Browser At Pwn2Own 2017, While Chrome Remained Unhackable (tomshardware.com) 147

At the Pwn2Own 2017 hacking event, Microsoft's Edge browser proved itself to be the least secure browser at the event, after it was hacked no less than five times. Google's Chrome browser, on the other hand, remained unhackable during the contest. Tom's Hardware reports: On the first day, Team Ether (Tencent Security) was the first to hack Edge through an arbitrary write in the Chakra JavaScript engine. The team also used a logic bug in the sandbox to escape that, as well. The team got an $80,000 prize for this exploit. On the second day, the Edge browser was attacked fast and furious by multiple teams. However, one was disqualified for using a vulnerability that was disclosed the previous day. (The teams at Pwn2Own are supposed to only use zero-day vulnerabilities that are unknown to the vendor. Two other teams withdrew their entries against Edge. However, Team Lance (Tencent Security) successfully exploited Microsoft's browser using a use-after-free (UAF) vulnerability in Chakra, and then another UAF bug in the Windows kernel to elevate system privileges. The exploit got the team $55,000. Team Sniper (Tencent Security) also exploited Edge and the Windows kernel using similar techniques, which gained this team the same amount of money, as well. The most impressive exploit by far, and also a first for Pwn2Own, was a virtual machine escape through an Edge flaw by a security team from "360 Security." The team leveraged a heap overflow bug in Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape. The team hacked its way in via the Edge browser, through the guest Windows OS, through the VM, all the way to the host operating system. This impressive chained-exploit gained the 360 Security team $105,000. The fifth exploit against Edge was done by Richard Zhu, who used two UAF bugs--one in Edge and one in a Windows kernel buffer overflow--to complete the hack. The attack gained Zhu $55,000. At last year's Pwn2Own 2016, Edge proved to be more secure than Internet Explorer and Safari, but it still ended up getting hacked twice. Chrome was only partially hacked once, notes Tom's Hardware.

Slashdot Top Deals