BLACK FRIDAY DEAL: Trust the World's Fastest VPN with Your Internet Security & Freedom--A Lifetime Subscription of PureVPN at $48 with coupon code "BFRIDAY20" ×
Privacy

There's Now a Dark Web Version of Wikipedia (vice.com) 16

An anonymous reader shares a report: In many parts of the world, like North America, using Wikipedia is taken for granted; hell, there are even Twitter accounts to track government employees editing the internet's free encyclopedia while on the clock. But in other places, like Turkey or Syria, using Wikipedia can be difficult, and even dangerous. To make using Wikipedia safer for at-risk users, former Facebook security engineer Alec Muffett has started an experimental dark net Wikipedia service that gives visitors some strong privacy protections. The project is unofficial; for now, Wikipedia isn't involved. So it's a bit janky. The service uses self-signed certificates that may trigger a security warning in Tor, so you have to manually white-list the addresses, which takes a couple minutes.
Businesses

Thank You, Phish Fans, For Caring About Net Neutrality (theoutline.com) 62

If you venture over to Battle For the Net, which encourages internet users to call Congress to advocate for the preservation of net neutrality rules, you'll find something peculiar: Several of the top sites that direct calls are Phish-related. (Phish is an American rock band.) From a report: As someone on Twitter pointed out, the traffic from phish.net -- which describes itself as "a non-commercial project run by Phish fans and for Phish fans" -- appears to be coming from a pop-up message that greets visitors to the site. The same pop-up, which directs to www.battleforthenet.com, appears when you visit the site's forums and setlist pages. So, it appears that Phish fans, while in the midst of discussing their favorite extended noodling sessions, are leading the charge to save us from our impending telecom-dominated hellscape. Thanks, guys!" Phish.net sees over 400,000 unique visitors each month, according to web analytics firm SimilarWeb. In July, the website served over one million unique visitors.
Privacy

How a Wi-Fi Pineapple Can Steal Your Data (And How To Protect Yourself From It) (vice.com) 45

An anonymous reader writes: The Wi-Fi Pineapple is a cheap modified wireless router enables anyone to execute sophisticated exploits on Wi-Fi networks with little to no networking expertise. A report in Motherboard explains how it can be used to run a Wall of Sheep and execute a man-in-the-middle attack, as well as how you can protect yourself from Pineapple exploits when you're connected to public Wi-Fi. "... it's important that whenever you are done connecting to a public Wi-Fi network that you configure your phone or computer to 'forget' that network. This way your device won't be constantly broadcasting the SSIDs of networks it has connected to in the past, which can be spoofed by an attacker with a Pineapple," reports Motherboard. "Unfortunately there is no easy way to do this on an Android or an iPhone, and each network must be forgotten manually in the 'Manage Network' tab of the phone's settings. Another simple solution is to turn off your Wi-Fi functionality when you're not using it -- though that isn't as easy to do on some devices anymore -- and don't allow your device to connect to automatically connect to open Wi-Fi networks."
Censorship

Hitler Quote Controversy In the BSD Community 475

New submitter Seven Spirals writes: Recently, the FreeBSD folks have removed Fortune with a fairly predictable far right 4chan condemnation. Then last weekend saw a lively debate on NetBSD's current-users mailing list about the inclusion of Hitler quotes in the Fortune database with dozens of posts falling on the left and right. The quotes themselves are fairly tame material probably intended as cautionary. However, the controversy and the reaction of BSD users has been real and very diverse. So far, the result has been to pull Fortune out of FreeBSD and to relocate the quotes into the "offensive" database in NetBSD's case.
Businesses

Trump Administration Tightens Scrutiny of Skilled Worker Visa Applicants (inc.com) 261

wyattstorch516 writes: The Trump administration is tightening the scrutiny on the H-1B visa program (Warning: paywalled; alternative source). Changes would undo actions by the Obama administration. There are two big regulatory changes looming that would undo actions by the Obama administration. "The first change allowed spouses of H-1B workers the right to work. That regulation is being challenged in court and the Trump administration is expected to eliminate the provision rather than defend it," reports WSJ. "The second change affects the Optional Practical Training program, which allows foreign graduates from U.S. colleges in science and technology an extra two years of work authorization, giving them time to win an H-1B visa. The Trump administration could kill that benefit or reduce the two-year window, according to people familiar with the discussions." The Journal highlights a "series of more modest changes that have added scrutiny to visa processing":

- "USCIS directed last month that adjudicators no longer pay 'deference' to past determinations for renewal applications. This means an applicant's past approval won't carry any weight if he or she applies for a renewal.

- The agency is conducting more applicant interviews, which critics say slows the system. The agency spokesman says this process will ramp up over several years and is needed to detect fraud and make accurate decisions.

- In the spring, the agency suspended premium processing, which allowed for fast-track consideration to those who paid an extra fee. This option wasn't resumed until October, meaning many workers who qualified for a coveted H-1B visa had to wait months for a decision.

- State Department officials have been told to consider that Mr. Trump's 'Buy American, Hire American' executive order directs visa programs must 'protect the interests of United States workers.' And the Foreign Affairs Manual now instructs officers to scrutinize applications of students to ensure they plan to return to their home countries. A State Department official said the official rules haven't changed but said a 'comprehensive' review is under way."
AI

Deep Learning Is Eating Software (petewarden.com) 147

Pete Warden, engineer and CTO of Jetpac, shares his view on how deep learning is already starting to change some of the programming is done. From a blog post, shared by a reader last week: The pattern is that there's an existing software project doing data processing using explicit programming logic, and the team charged with maintaining it find they can replace it with a deep-learning-based solution. I can only point to examples within Alphabet that we've made public, like upgrading search ranking, data center energy usage, language translation, and solving Go, but these aren't rare exceptions internally. What I see is that almost any data processing system with non-trivial logic can be improved significantly by applying modern machine learning. This might sound less than dramatic when put in those terms, but it's a radical change in how we build software. Instead of writing and maintaining intricate, layered tangles of logic, the developer has to become a teacher, a curator of training data and an analyst of results. This is very, very different than the programming I was taught in school, but what gets me most excited is that it should be far more accessible than traditional coding, once the tooling catches up. The essence of the process is providing a lot of examples of inputs, and what you expect for the outputs. This doesn't require the same technical skills as traditional programming, but it does need a deep knowledge of the problem domain. That means motivated users of the software will be able to play much more of a direct role in building it than has ever been possible. In essence, the users are writing their own user stories and feeding them into the machinery to build what they want.
Education

Microsoft Debuts Minecraft-Themed Coding Tutorial 24

theodp writes: In a few weeks, writes Microsoft Corporate VP Mary Snapp, "millions of kids and others will participate in an Hour of Code, a global call to action to spend an hour learning the basics of coding. Today, it's my privilege to announce that Microsoft has released a new Minecraft tutorial for Hour of Code, called Hero's Journey." The release of the new Code.org-touted flagship Hour of Code tutorial -- the third since Microsoft purchased Minecraft Maker Mojang for $2.5B in 2014 -- comes as Microsoft celebrates Minecraft: Education Edition reaching a milestone of 2 million users.

Microsoft boasts that nearly 70 million of its Minecraft Hour of Code sessions have been launched to-date, which is certainly impressive from an infomercial or brand awareness standpoint. But does [adding a Scratch block to] move a Minecraft character forward 7 times on an $800 Microsoft Surface offer all that much more educational value than, say, moving a peg forward 5 times on a $10.99 Pop-O-Matic Trouble board game?
Businesses

A Hacker 'Hero' Has Been Banned From Cyber Conferences After Decades Of Inappropriate Behavior (buzzfeed.com) 346

Several readers share a report: John Draper, a prankster hero to an early generation of hackers, used his status at cybersecurity conferences to arrange private meetings with teenage fans and a reporter where he touched them inappropriately, multiple men have told BuzzFeed News. The allegations are the latest in what has become in recent weeks an explosion of sexual misconduct reports that have roiled a seemingly endless list of industries, from Hollywood to the news media to the Alabama Senate race. As in many of those other cases, Draper's actions were well known to at least a core of people who had regular contact with him. Apple cofounder Steve Wozniak told BuzzFeed News that Steve Jobs once told him that Draper, an early associate, once asked Jobs to sit on Draper's back in the 1970s, an offer Wozniak said Jobs declined as being "out of the ordinary." But in the hacking world, where unusual behavior is accepted and often celebrated, there were few official steps taken to prevent Draper's overtures to unsuspecting fans. Volunteers who worked the annual DEF CON hacking conventions in Las Vegas recalled that one of their responsibilities was to separate Draper from his teenage followers. Draper's behavior drew attention at other conventions as well, where he was a frequent presence. Brandon Creighton, a long-standing volunteer at hacker conferences who was familiar with rumors about Draper, recalled escorting him from a private party after ToorCon in San Diego in 2007, though exactly why was not clear.
Government

Pentagon To Make a Big Push Toward Open-Source Software Next Year (theverge.com) 98

"Open-source software" is computer software with its source code made available with a license in which the copyright holder provides the rights to study, change, and distribute the software to anyone and for any purpose. According to The Verge, the Pentagon is going to make a big push for open-source software in 2018. "Thanks to an amendment introduced by Sen. Mike Rounds (R-SD) and co-sponsored by Sen. Elizabeth Warren (D-MA), the [National Defense Authorization Act for Fiscal Year 2018] could institute a big change: should the bill pass in its present form, the Pentagon will be going open source." From the report: We don't typically think of the Pentagon as a software-intensive workplace, but we absolutely should. The Department of Defense is the world's largest single employer, and while some of that work is people marching around with rifles and boots, a lot of the work is reports, briefings, data management, and just managing the massive enterprise. Loading slides in PowerPoint is as much a part of daily military life as loading rounds into a magazine. Besides cost, there are two other compelling explanations for why the military might want to go open source. One is that technology outside the Pentagon simply advances faster than technology within it, and by availing itself to open-source tools, the Pentagon can adopt those advances almost as soon as the new code hits the web, without going through the extra steps of a procurement process. Open-source software is also more secure than closed-source software, by its very nature: the code is perpetually scrutinized by countless users across the planet, and any weaknesses are shared immediately.
Security

The Computer Scientist Who Prefers Voting With Paper (theatlantic.com) 219

Geoffrey.landis writes: The Atlantic profiles a computer scientist: Barbara Simons, who has been on the forefront of the pushback against electronic voting as a technology susceptible to fraud and hacking. When she first started writing articles about the dangers of electronic voting with no paper trail, the idea that software could be manipulated to rig elections was considered a fringe preoccupation; but Russia's efforts to influence the 2016 presidential election have reversed Simons's fortunes. According to the Department of Homeland Security, those efforts included attempts to meddle with the electoral process in 21 states; while a series of highly publicized hacks -- at Sony, Equifax, the U.S. Office of Personnel Management -- has driven home the reality that very few computerized systems are truly secure. Simons is a former President of the Association for Computing Machinery (ACM); and the group she helps run, Verified Voting, has been active in educating the public about the dangers of unverified voting since 2003.
Bitcoin

The Bitcoin Bubble (economist.com) 284

A reader shares an Economist article: More people will trade in Bitcoin and that means more demand, and thus the price should go up. But what is the appeal of Bitcoin? There are really three strands; the limited nature of supply; fears about the long-term value of fiat currencies in an era of quantitative easing; and the appeal of anonymity. The last factor makes Bitcoin appealing to criminals creating this ingenious valuation method for the currency of around $570. These three factors explain why there is some demand for Bitcoin but not the recent surge. The supply details have if anything deteriorated (rival cryptocurrencies are emerging); the criminal community hasn't suddenly risen in size; and there is no sign of general inflation. A possible explanation is the belief that blockchain, the technology that underlines Bitcoin, will be used across the finance industry. But you can create blockchains without having anything to do with Bitcoin; the success of the two aren't inextricably linked. A much more plausible reason for the demand for Bitcoin is that the price is going up rapidly. People are not buying Bitcoin because they intend to use it in their daily lives (Editor's note: the link could be paywalled; alternative source). People are buying Bitcoin because they expect other people to buy it from them at a higher price; the definition of the greater fool theory.
United States

America's 'Retail Apocalypse' Is Really Just Beginning (bloomberg.com) 398

An anonymous reader quotes a report from Bloomberg: The so-called retail apocalypse has become so ingrained in the U.S. that it now has the distinction of its own Wikipedia entry. The industry's response to that kind of doomsday description has included blaming the media for hyping the troubles of a few well-known chains as proof of a systemic meltdown. There is some truth to that. In the U.S., retailers announced more than 3,000 store openings in the first three quarters of this year. But chains also said 6,800 would close. And this comes when there's sky-high consumer confidence, unemployment is historically low and the U.S. economy keeps growing. Those are normally all ingredients for a retail boom, yet more chains are filing for bankruptcy and rated distressed than during the financial crisis. That's caused an increase in the number of delinquent loan payments by malls and shopping centers. The reason isn't as simple as Amazon.com Inc. taking market share or twenty-somethings spending more on experiences than things. The root cause is that many of these long-standing chains are overloaded with debt -- often from leveraged buyouts led by private equity firms. There are billions in borrowings on the balance sheets of troubled retailers, and sustaining that load is only going to become harder -- even for healthy chains. The debt coming due, along with America's over-stored suburbs and the continued gains of online shopping, has all the makings of a disaster. The spillover will likely flow far and wide across the U.S. economy. There will be displaced low-income workers, shrinking local tax bases and investor losses on stocks, bonds and real estate. If today is considered a retail apocalypse, then what's coming next could truly be scary.
Wikipedia

Nearly All of Wikipedia Is Written By Just 1 Percent of Its Editors (vice.com) 224

From a report on Motherboard: According to the results of a recent study that looked at the 250 million edits made on Wikipedia during its first ten years, only about 1 percent of Wikipedia's editors have generated 77 percent of the site's content. "Wikipedia is both an organization and a social movement," Sorin Matei, the director of the Purdue University Data Storytelling Network and lead author of the study, told me on the phone. "The assumption is that it's a creation of the crowd, but this couldn't be further from the truth. Wikipedia wouldn't have been possible without a dedicated leadership." At the time of writing, there are roughly 132,000 registered editors who have been active on Wikipedia in the last month (there are also an unknown number of unregistered Wikipedians who contribute to the site). So statistically speaking, only about 1,300 people are creating over three-quarters of the 600 new articles posted to Wikipedia every day.
Encryption

Flaw Crippling Millions of Crypto Keys Is Worse Than First Disclosed (arstechnica.com) 76

An anonymous reader quotes a report from Ars Technica: A crippling flaw affecting millions -- and possibly hundreds of millions -- of encryption keys used in some of the highest-stakes security settings is considerably easier to exploit than originally reported, cryptographers declared over the weekend. The assessment came as Estonia abruptly suspended 760,000 national ID cards used for voting, filing taxes, and encrypting sensitive documents. The critical weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. When researchers first disclosed the flaw three weeks ago, they estimated it would cost an attacker renting time on a commercial cloud service an average of $38 and 25 minutes to break a vulnerable 1024-bit key and $20,000 and nine days for a 2048-bit key. Organizations known to use keys vulnerable to ROCA—named for the Return of the Coppersmith Attack the factorization method is based on—have largely downplayed the severity of the weakness.

On Sunday, researchers Daniel J. Bernstein and Tanja Lange reported they developed an attack that was 25 percent more efficient than the one created by original ROCA researchers. The new attack was solely the result of Bernstein and Lange based only on the public disclosure information from October 16, which at the time omitted specifics of the factorization attack in an attempt to increase the time hackers would need to carry out real-world attacks. After creating their more efficient attack, they submitted it to the original researchers. The release last week of the original attack may help to improve attacks further and to stoke additional improvements from other researchers as well.

Businesses

Tech Companies Have a History of Giving Low-Level Employees High-Level Access (theoutline.com) 102

A reader shares a report (condensed for space): In the summer of 2010, Google fired a 27-year-old site reliability engineer named David Barksdale after it discovered that Barksdale had been accessing the Google accounts of four teens he met through a local Seattle tech group. The spying went on for months before it was reported, Gawker's Adrian Chen wrote at the time. In one incident Chen described, a 15-year-old refused to tell Barksdale the name of his new girlfriend; Barksdale broke into the teen's Google Voice account, listened to messages to get the name, then taunted him with it and threatened to call her. Google was contrite, saying publicly that it "carefully control[s] the number of employees who have access to our systems" and monitors for abuses by rogue employees. [...] The rogue Twitter customer service employee who momentarily deactivated President Trump's account on Thursday night brought this issue to mind. Twitter has 3,898 employees, according to Wikipedia, for 330 million monthly users, a ratio of one employee for every 84,658 users. This means that a single employee may have a ton of power over loads of users, but the value of a single user is low. Their privacy may seem insignificant in light of the greater mob. [...] At Uber, employees regularly abused its "God View" mode to spy on the movements of celebrities, politicians, and even ex-spouses.
Botnet

Malware Developer Who Used Spam Botnet To Pay For College Gets No Prison Time (bleepingcomputer.com) 57

An anonymous reader writes: The operator of a 77,000-strong spam botnet was sentenced to two years probation and no prison time after admitting his crime and completely reforming his life. The former botnet operator is now working for a cybersecurity company, and admitted his actions as soon as the FBI knocked on his door back in 2013. The botnet operator, a 29-year-old from Santa Clara, California, says he was tricked by fellow co-schemers who told him they were not doing anything wrong by infecting computers with malware because they were not accessing private information such as banking or financial records. Furthermore, the botnet operator escaped prison time because he used all the money he earned in getting a college degree at Cal Poly instead of using it on a lavish lifestyle or drugs. This case is similar to the one that MalwareTech (aka Marcus Hutchins) now faces in the U.S. for his role in developing the Kronos trojan, but also after turning his life around and working as a cybersecurity researcher for years.
Wikipedia

Jimmy Wales' WikiTribune is Already Biased (theoutline.com) 164

Earlier this year, Jimmy Wales, the founder of Wikipedia, said he would be launching a neutral news service with "no other agenda than this: the ultimate arbiter of the truth is the facts of reality." On Monday, a pilot version of WikiTribune went live. Adrianne Jeffries of The Outline argues that WikiTribune is already doing things that it said it wouldn't: As of this writing, WikiTribune's homepage featured a hodgepodge of news aggregation. The "editor's choice" module points to a news roundup that includes Paul Manafort's indictment, the Catalonian independence movement. [...] These stories are all sourced to fairly mainstream news outlets, including some that are on Wikipedia's preferred sources list such as CNN and Reuters, and some that are not, such as Politifact and "Spanish media." I admire what Wales is trying to do here. [...] But WikiTribune is bullshit. It's not new -- it is the same kind of news aggregation that exists all over the web. It is not better -- comparable summarizing and linking can be found on many websites, while original reporting of those same stories, often supplemented by linking to other reporting, can be found at CNN, Reuters, The New York Times, and the BBC, which WikiTribune uses as its primary sources. And finally, and most importantly, it is not neutral. The existence of the "Editor's choice" module, which highlights some stories over others, is not neutral; neither is the "Good reads" section, which does the same thing. The Manafort story includes a section, "Highlights from the indictment," which is not neutral -- someone had to decide which parts of the indictment were more significant than others. There is no such thing as an objective highlight. It is true that the wording of the story does not include adjectives, except when it quotes from the indictment ("lavish lifestyle," "false and misleading statements"), but this is standard newswriting, as one would get from the AP or the New York Times.
Media

Is the Optical Cable Dying? (cnet.com) 299

Geoffrey Morrison from CNET explains how the optical cable is "dying a very slow death": The official term for optical audio cable is "Toslink," short for Toshiba Link. Developed in the early '80s to connect their CD players to their receivers, it was a red laser optical version of the Sony/Phillips "Digital Interconnect Format" aka S/PDIF standard. You've seen standard S/PDIF connections a bunch too; they're often called "coax digital." Optical had certain benefits over copper cables, but they were also more fragile, and for a long time, more expensive. Though glass cables were available, for even more money, most optical cables were made from cheap plastic. This limited their range to in-room use, primarily. Through the '90s and 2000's, the optical cable was near-ubiquitous: The easiest way to get Dolby Digital and DTS from your cable/satellite box, TiVo, or DVD player to your receiver. Even in the early days of HDMI, right next to it would be the lowly optical cable, ready in case someone's receiver didn't accept HDMI. But now more and more gear are dropping optical. It's gone completely on the latest Roku and Apple TV 4K, for example. It's also disappeared from many smaller TVs, though it lingers on in larger ones, a potentially redundant backup to HDMI with ARC. The reason for this? Soundbars...
Canada

Calgary Police Cellphone Surveillance Device Must Remain Top Secret, Judge Rules (www.cbc.ca) 89

Freshly Exhumed writes from a report via CBC.ca: To protect police investigative techniques that may or may not have been used in a Calgary Police Service investigation, their controversial cellphone surveillance device will remain so secretive not even the make and model can be released to the public, according to a court ruling released Monday. The MDI (Mobile Device Identifier) technology -- colloquially called a StingRay after Harris Corporation's IMSI device, which mimics cell towers and intercepts data from nearby phones -- is controversial in part because in at least one Canadian case, prosecutors have taken watered down plea deals rather than disclose information related to the device.
Google

The Meaning of AMP (adactio.com) 95

Last week, Ethan Marcotte, an independent web designer, shared how Google describes AMP (Accelerated Mobile Pages). People at Google says AMP "isn't a 'proprietary format'; it's an open standard that anyone can contribute to." But that definition, Marcotte argues, isn't necessarily an honest one. He writes: On the face of it, this statement's true. AMP's markup isn't proprietary as such: rather, all those odd-looking amp- tags are custom elements, part of the HTML standard. And the specification's published, edited, and distributed on GitHub, under one of the more permissive licenses available. So, yes. The HTML standard does allow for the creation of custom elements, it's true, and AMP's license is quite liberal. But spend a bit of time with the rules that outline AMP's governance. Significant features and changes require the approval of AMP's Technical Lead and one Core Committer -- and if you peruse the list of AMP's Core Committers, that list seems exclusively staffed and led by Google employees. Now, there's nothing wrong with this. After all, AMP is a Google-backed project, and they're free to establish any governance model they deem appropriate. But when I hear AMP described as an open, community-led project, it strikes me as incredibly problematic, and more than a little troubling. AMP is, I think, best described as nominally open-source. It's a corporate-led product initiative built with, and distributed on, open web technologies. Jeremy Keith, a web developer, further adds: If AMP were actually the product of working web developers, this justification would make sense. As it is, we've got one team at Google citing the preference of another team at Google but representing it as the will of the people. This is just one example of AMP's sneaky marketing where some finely-shaved semantics allows them to appear far more reasonable than they actually are. At AMP Conf, the Google Search team were at pains to repeat over and over that AMP pages wouldn't get any preferential treatment in search results ... but they appear in a carousel above the search results. Now, if you were to ask any right-thinking person whether they think having their page appear right at the top of a list of search results would be considered preferential treatment, I think they would say hell, yes! This is the only reason why The Guardian, for instance, even have AMP versions of their content -- it's not for the performance benefits (their non-AMP pages are faster); it's for that prime real estate in the carousel. The same semantic nit-picking can be found in their defence of caching. See, they've even got me calling it caching! It's hosting. If I click on a search result, and I am taken to page that has a URL beginning with https://www.google.com/amp/s/... then that page is being hosted on the domain google.com. That is literally what hosting means. Now, you might argue that the original version was hosted on a different domain, but the version that the user gets sent to is the Google copy. You can call it caching if you like, but you can't tell me that Google aren't hosting AMP pages. That's a particularly low blow, because it's such a bait'n'switch.

Slashdot Top Deals