An anonymous Slashdot reader writes from a report via BleepingComputer: Google Chrome engineers announced plans to gradually remove trust in old Symantec SSL certificates and intent to reduce the accepted validity period of newly issued Symantec certificates, following repeated slip-ups on the part of Symantec. Google's decision comes after the conclusion of an investigation that started on January 19, which unearthed several problems with Symantec's certificate issuance process, such as 30,000 misused certificates. In September 2015, Google also discovered that Symantec issued SSL certificates for Google.com without authorization. Symantec blamed the incident on three rogue employees, whom it later fired. This move from Google will force all owners of older Symantec certificates to request a new one. Google hopes that by that point, Symantec would have revamped its infrastructure and will be following the rules agreed upon by all the other CAs and browser makers.
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
An anonymous reader quotes a report from Rolling Stone: Verizon, AT&T, Johnson & Johnson and other major companies have pulled advertisements from YouTube after learning they were paired with videos promoting extremism, terrorism and other offensive topics, The New York Times reports. Among the other companies involved are pharmaceutical giant GSK, HSBC, the Royal Bank of Scotland and L'Oreal, amounting to a potential loss of hundreds of millions of dollars to the Google-owned company. The boycott began last week after a Times of London investigation spurred many major European companies to pull their ads from YouTube. American companies swiftly followed, even after Google promised Tuesday to work harder to block ads on "hateful, offensive and derogatory" videos. Like AT&T, most companies are only pulling their ads from YouTube and will continue to place ads on Google's search platforms, which remain the biggest source of revenue for Google's parent company, Alphabet. Still, the tech giant offered up a slew of promises to assuage marketers and ensure them that they were fixing the problems on YouTube. Due to the massive number of videos on YouTube -- about 400 hours of video is posted each minute -- the site primarily uses an automated system to place ads. While there are some failsafes in place to keep advertisements from appearing alongside offensive content, Google's Chief Business Officer Philipp Schindler wrote in a blog post that the company would hire "significant numbers" of employees to review YouTube videos and mark them as inappropriate for ads. He also said Google's latest advancements in artificial intelligence and machine learning will help the company review and flag large swaths of videos.
Iain Thomson, reporting for The Register: Plenty of Linux users are up in arms about the performance of the OneDrive web app. They say that when accessing Microsoft's cloudy storage system in a browser on a non-Windows system -- such as on Linux or ChromeOS -- the service grinds to a barely usable crawl. But when they use a Windows machine on the same internet connection, speedy access resumes. Crucially, when they change their browser's user-agent string -- a snippet of text the browser sends to websites describing itself -- to Internet Explorer or Edge, magically their OneDrive access speeds up to normal on their non-Windows PCs. In other words, Microsoft's OneDrive web app slows down seemingly deliberately when it appears you're using Linux or some other Windows rival. This has been going on for months, and complaints flared up again this week after netizens decided enough is enough. When gripes about this suspicious slowdown have cropped up previously, Microsoft has coldly reminded people that OneDrive for Business is not supported on Linux, thus the crap performance is to be expected. But when you change the user-agent string of your browser on Linux to match IE or Edge, suddenly OneDrive's web code runs fine. The original headline of the story is, "Microsoft loves Linux so much, its OneDrive web app runs like a dog on Windows OS rivals".
A four-year-old boy saved his mother's life by using her thumb to unlock her iPhone and then asking it to call 999. From a report: Roman, who lives in Kenley, Croydon, south London, used the phone's voice control -- Siri -- to call emergency services. Police and paramedics were sent to the home and were able to give live-saving first aid to his mother.
The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.
A start-up has unveiled ambitious plans to offer an electric-powered commercial flight between London and Paris in the next ten years. From a report: Wright Electric believes the proposed low-emission electric plane would offer a cheaper alternative to jet fuel for airlines and consumers. However, the start-up's bid to revolutionize short-haul flights relies on the continued advancement of battery technology. The company, who pitched to investors this week, would be forced to switch to a hybrid of aviation fuel and electricity if the advances in battery technology fail to materialise.
From a report on BBC: In the atmosphere, the seas and around the poles, climate change is reaching disturbing new levels across the Earth. That's according to a detailed global analysis from the World Meteorological Organization (WMO). It says that 2016 was not only the warmest year on record, but it saw atmospheric CO2 rise to a new high, while Arctic sea ice recorded a new winter low. The "extreme and unusual" conditions have continued in 2017, it says. Reports earlier this year from major scientific bodies - including the UK's Met Office, Nasa and NOAA -- indicated that 2016 was the warmest year on record. The WMO's State of the Global Climate 2016 report builds on this research with information from 80 national weather services to provide a deeper and more complete picture of the year's climate data.
Earlier this month, some Google Home users noticed what appeared to be audio ads for Disney's "Beauty and the Beast" movie. After some intense backlash, the company released a statement claiming that the ad was not an ad, but that it was simply "timely content" that Disney didn't pay for. Google's UK director of agencies, Matt Bush, has since spoken out about the company's plans with advertising via the voice-controlled Assistant. Business Insider reports: Bush explained Google isn't looking to offer brand integrations in voice for the time being, since it didn't have enough data to come up with an ad product that adds value for consumers. "We want businesses to have a phenomenal mobile experience and then building on that have a phenomenal voice experience," Bush told Business Insider at Advertising Week Europe. "That might not be, in the early instances, anything that has to do with commercials at all. It might just be something something that adds value to the consumer without needing to be commercialized." Bush explained that the consumer experience with voice is very different from that of text search because the use cases for voice navigation differ depending on the device the function is used on and the context the user finds themselves in. "We don't want to start putting in commercial opportunities that we think users don't want to interact with," Bush said "We don't want anything to come in-between the user and their access to the information they're actually looking for. If a brand can add value in that space, fantastic." Bush cited mobile search ads as successful executions of using context and personal user insights, but voice promotions are unlikely to take the same form. "It's unlikely to be what you see from search as it currently stands, where you might have three or four ads as the top results of a search," he said.
Orome1 quotes a report from Help Net Security: Google Nest's Dropcam, Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor security cameras can be easily disabled by an attacker that's in their Bluetooth range. The vulnerabilities are present in the latest firmware version running on the devices (v5.2.1). They were discovered by researcher Jason Doyle last fall, and their existence responsibly disclosed to Google, but have still not been patched. The first two flaws can be triggered and lead to a buffer overflow condition if the attacker sends to the camera a too-long Wi-Fi SSID parameter or a long encrypted password parameter, respectively. Triggering one of these flaws will make the devices crash and reboot. The third flaw is a bit more serious, as it allows the attacker to force the camera to temporarily disconnect from the wireless network to which it is connected by supplying it a new SSID to connect to. If that particular SSID does not exist, the camera drops its attempt to associate with it and return to the original Wi-Fi network, but the whole process can last from 60 to 90 seconds, during which the camera won't be recording. Nest has apparently already prepared a patch but hasn't pushed it out yet. (It should be rolling out "in the coming days.")
The UK is due to announce a cabin baggage ban on laptops, tablets and DVD players on certain passenger flights, after a similar US move. From a report on BBC: It is understood the UK restrictions may differ from the US Department of Homeland Security's ban, although details have not yet been released. Flights from 10 airports in eight Muslim-majority countries are subject to the US announcement. US officials said bombs could be hidden in a series of devices. BBC home affairs correspondent Daniel Sandford said the expected move was "obviously part of coordinated action with the US." The attempted downing of an airliner in Somalia last year was linked to a laptop device, and it appears the security precautions are an attempt to stop similar incidents, our correspondent added.
Google vowed on Tuesday to police its websites better by ramping up staff numbers and overhauling its policies after several companies deserted the internet giant for failing to keep their adverts off hate-filled videos. From a report on Reuters: Google has found itself at the center of a British storm in recent days after major companies from supermarkets to banks and consumer groups pulled their adverts from its YouTube site after they appeared alongside videos carrying homophobic and anti-Semitic messages. Alphabet's Google launched a review of the problem on Friday, apologized on Monday and said on Tuesday it had revamped its policies to give advertisers more control.
Thomas Claburn, reporting for The Register: The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court opted not to address a lower court's rejection of the defendant's argument that being forced to reveal his password violated his Fifth Amendment protection against self-incrimination. In the case under review, the US District Court for the Eastern District of Pennsylvania held the defendant (referred to in court documents as "John Doe" because his case is partially under seal) in contempt of court for willfully disobeying and resisting an order to decrypt external hard drives that had been attached to his Mac Pro computer. The defendant's computer, two external hard drives, an iPhone 5S, and an iPhone 6 Plus had been seized as part of a child pornography investigation.
From a report on The Guardian, shared by five anonymous readers: Happiness in the US is declining and is expected to continue on a downward path, with Donald Trump's policies forecast to deepen the country's social crisis. The US has slipped to 15th place in the World Happiness Report 2017, produced by the United Nations. The world's economic superpower is well behind top-ranked Norway, although it remains above Germany in 17th place, the UK in 19th, and France in 32nd. Norway knocked Denmark off the top spot as the world's happiest country, with Iceland and Switzerland rounding out the top four. The report's authors stress, however, that the top four are so close that changes are not statistically significant. The next tier of countries are regular leaders in international happiness surveys: Finland is in fifth place, followed by the Netherlands, Canada, New Zealand, Australia and Sweden. The world's "unhappiest" countries are all in the Middle East and Africa: war-stricken Yemen and Syria feature in the bottom 10, with Tanzania, Burundi and Central African Republic making up the final three.
An anonymous reader quotes the BBC: Scientists at Oxford say they've invented an artificial intelligence system that can lip-read better than humans. The system, which has been trained on thousands of hours of BBC News programs, has been developed in collaboration with Google's DeepMind AI division. "Watch, Attend and Spell", as the system has been called, can now watch silent speech and get about 50% of the words correct. That may not sound too impressive - but when the researchers supplied the same clips to professional lip-readers, they got only 12% of words right...
The system now recognizes 17,500 words, and one of the researchers says, "As it keeps watching TV, it will learn."
The system now recognizes 17,500 words, and one of the researchers says, "As it keeps watching TV, it will learn."
An anonymous reader shares a report: If you're a Linux user who upgraded to Firefox 52 only to find that the browser no longer plays sound, you're not alone. Firefox 52 saw release last week and it makes PulseAudio a hard dependency -- meaning ALSA only desktops are no longer supported. Ubuntu uses PulseAudio by default (as most modern Linux distributions do) so the switch won't affect most -- but some Linux users and distros do prefer, for various reasons, to use ALSA, which is part of the Linux kernel. Lubuntu 16.04 LTS is one of the distros that use ALSA by default. Lubuntu users who upgraded to Firefox 52 through the regular update channel were, without warning, left with a web browser that plays no sound. Lubuntu 16.10 users are not affected as the distro switched to PulseAudio.
An anonymous reader shares a BBC report: Recent increases in line rental charges have hit elderly people the hardest, according to an Ofcom report. Between December 2009 and December 2016, line rental prices had increased by as much as 49% for some customers, the regulator said. And of the people with standalone landlines in their homes, 71% were aged 65 or over. Ofcom recently revealed plans to make BT -- with nearly 80% of the UK market -- cut line rental costs by 5 British Pound ($6.1). A huge proportion (43%) of the 2.9 million households with a landline only are occupied by people aged 75 and over. "Older consumers are particularly affected, as they are more likely to be dependent on fixed voice services if they do not have a mobile phone or an internet connection," the report said.
German carmaker BMW is on track to deliver a self-driving car by 2021, the company's senior vice president for Autonomous Driving, Elmar Frickenstein, said on Thursday. From a report: "We are on the way to deliver a car in 2021 with level 3, 4 and 5," Frickenstein told a panel discussion in Berlin, explaining the vehicle will have different levels of autonomy, depending on how and where it is used. A level 5 vehicle is capable of navigating roads without any driver input, while a level 3 car still needs a steering wheel and a driver who can take over if the car encounters a problem.
An anonymous reader writes: Seems like a new digital Dungeons and Dragons will soon be offered. It's not a game in the Baldur's Gate style but rather seems to be about using apps to complement the experience. I wonder if it includes some kind of VOIP facility so the D&D session can be established without everyone being in the same room. From The Register: "The game's publisher, Wizards of the Coast, calls its new effort 'D&D Beyond,' describes it as 'a digital toolset for use with the Dungeons & Dragons fifth edition rules' and has given the service the tagline 'Play with advantage.' Wizards' canned statement says the service will 'take D&D players beyond pen and paper, providing a rules compendium, character builder, digital character sheets, and more -- all populated with official D&D content.' We're also told the service 'aims to make game management easier for both players and Dungeon Masters by providing high-quality tools available on any device.' That repetition of the 'any device' point point suggests this will be a web-based effort, rather than an app. The service will debut in 'summer,' presumably northern hemisphere summer so that folks who play D&D will spend up big on their breaks from school or university." You can watch the promo video here.
Gavin Clarke, writing for The Register: Canonical is extending the deadline for security updates for paying users of its five-year-old Ubuntu 12.04 LTS -- a first. Ubuntu 12.04 LTS will become the first Long Term Support release of Canonical's Linux to get Extended Security Maintenance (ESM). There are six LTS editions. All others have been end-of-lifed -- and given no security reprieve. LTS editions of Ubuntu Linux are released every two years. Desktop support runs for three years and the server edition receives security patches and updates for a period of five years. Security updates for 12.04 were scheduled to run out on April 28, 2017 but that now won't happen for those on Canonical's Ubuntu Advantage programme. They'll now receive important security fixes for the kernel and "most essential" userspace packages on their servers running 12.04. In what's shaping up to be Canonical's Windows XP moment over at Microsoft, the Linux spinner rolled out the lifeline because customers are clinging to 12.04.
Last Wednesday, for no apparent reason, the TeamViewer remote desktop application stopped working on the network of one of the UK's largest ISPs, TalkTalk. The apparent reason, as the investigation has found, are some scammers in India who have been abusing the application to make money. An anonymous reader shares a report: It's a popular application with remote support professionals and power users alike and so support forums soon filled with complaints from perplexed users who noticed that access was possible with 4G and some TalkTalk business connections but not home broadband. By Thursday, journalists dragged the truth out of the company that it had "blocked a number of applications including TeamViewer," which led to a joint statement confirming this on TeamViewer's website: TeamViewer and TalkTalk are in extensive talks to find a comprehensive joint solution to better address this scamming issue. We now know (as some suspected at the time) that the block was connected to abuse of TeamViewer by criminals based in India who had been using it as part of a tech support scam targeting TalkTalk customers. The BBC reported on this two days before the block, including the disturbing claim that the criminals had been able to quote stolen customer account data to make scam calls sound more convincing.