Security

Windows 8 and Later Fail To Properly Apply ASLR (bleepingcomputer.com)

An anonymous reader writes: Windows 8, Windows 8.1, and subsequent Windows 10 variations fail to properly apply ASLR, rendering this crucial Windows security feature useless. The bug appeared when Microsoft changed a registry value in Windows 8 and occurs only in certain ASLR configuration modes. Basically, if users have enabled system-wide ASLR protection turned on, a bug in ASLR's implementation on Windows 8 and later will not generate enough entropy (random data) to start application binaries in random memory locations. For ASLR to work properly, users must configure it to work in a system-wide bottom-up mode. An official patch from Microsoft is not available yet, but a registry hack can be applied to make sure ASLR starts in the correct mode.

The bug was discovered by CERT vulnerability analyst Will Dormann while investigating a 17-years-old bug in the Microsoft Office equation editor, to which Microsoft appears to have lost the source code and needed to patch it manually.

Businesses

Y Combinator Cuts Ties With Peter Thiel After Ending Part-Time Partner Program (buzzfeed.com) 17

An anonymous reader shares a report: Billionaire venture capitalist and Facebook board member Peter Thiel is no longer affiliated with startup accelerator Y Combinator, according to an edited company blog post. Thiel was formerly a part-time partner with the accelerator. BuzzFeed News confirmed his departure with a source familiar with Y Combinator's management structure. Thiel's departure from Y Combinator was not previously announced. It comes long after Y Combinator president Sam Altman defended Thiel's role at the accelerator, following criticism of Thiel's support of then-presidential candidate Donald Trump. A source close to Y Combinator said that the company ended its part-time partners program, which Thiel was a part of, some time last year. While some other part-time partners moved over to a program called "experts," which provides advice to Y Combinator entrepreneurs, Thiel did not join.
Businesses

Tim Berners-Lee on the Future of the Web: 'The System is Failing' (theguardian.com) 58

Olivia Solon, writing for The Guardian: The inventor of the world wide web always maintained his creation was a reflection of humanity -- the good, the bad and the ugly. But Berners-Lee's vision for an "open platform that allows anyone to share information, access opportunities and collaborate across geographical boundaries" has been challenged by increasingly powerful digital gatekeepers whose algorithms can be weaponised by master manipulators. "I'm still an optimist, but an optimist standing at the top of the hill with a nasty storm blowing in my face, hanging on to a fence," said the British computer scientist. "We have to grit our teeth and hang on to the fence and not take it for granted that the web will lead us to wonderful things," he said. The spread of misinformation and propaganda online has exploded partly because of the way the advertising systems of large digital platforms such as Google or Facebook have been designed to hold people's attention. "People are being distorted by very finely trained AIs that figure out how to distract them," said Berners-Lee. In some cases, these platforms offer users who create content a cut of advertising revenue. The financial incentive drove Macedonian teenagers with "no political skin in the game" to generate political clickbait fake news that was distributed on Facebook and funded by revenue from Google's automated advertising engine AdSense. "The system is failing. The way ad revenue works with clickbait is not fulfilling the goal of helping humanity promote truth and democracy. So I am concerned," said Berners-Lee, who in March called for the regulation of online political advertising to prevent it from being used in "unethical ways."
Businesses

A Hacker 'Hero' Has Been Banned From Cyber Conferences After Decades Of Inappropriate Behavior (buzzfeed.com) 130

Several readers share a report: John Draper, a prankster hero to an early generation of hackers, used his status at cybersecurity conferences to arrange private meetings with teenage fans and a reporter where he touched them inappropriately, multiple men have told BuzzFeed News. The allegations are the latest in what has become in recent weeks an explosion of sexual misconduct reports that have roiled a seemingly endless list of industries, from Hollywood to the news media to the Alabama Senate race. As in many of those other cases, Draper's actions were well known to at least a core of people who had regular contact with him. Apple cofounder Steve Wozniak told BuzzFeed News that Steve Jobs once told him that Draper, an early associate, once asked Jobs to sit on Draper's back in the 1970s, an offer Wozniak said Jobs declined as being "out of the ordinary." But in the hacking world, where unusual behavior is accepted and often celebrated, there were few official steps taken to prevent Draper's overtures to unsuspecting fans. Volunteers who worked the annual DEF CON hacking conventions in Las Vegas recalled that one of their responsibilities was to separate Draper from his teenage followers. Draper's behavior drew attention at other conventions as well, where he was a frequent presence. Brandon Creighton, a long-standing volunteer at hacker conferences who was familiar with rumors about Draper, recalled escorting him from a private party after ToorCon in San Diego in 2007, though exactly why was not clear.
Open Source

Proprietary Software is the Driver of Unprecedented Surveillance: Richard Stallman (factor-tech.com) 111

From a wide-ranging interview of Richard Stallman, president of the Free Software Foundation, programming legend and recipient of at least 15 honorary doctorates and professorships: "The reason that we are subject now to more surveillance than there was in the Soviet Union is that digital technology made it possible," he says. "And the first disaster of digital technology was proprietary software that people would install and run on their own computers, and they wouldn't know what it was doing. They can't tell what it's doing. And that is the first injustice that I began fighting in 1983: proprietary software, software that is not free, that the users don't control." Here, Stallman is keen to stress, he doesn't mean free in the sense of not costing money -- plenty of free software is paid for -- but free in the sense of freedom to control. Software, after all, instructs your computer to perform actions, and when another company has written and locked down that software, you can't know exactly what it is doing. "You might think your computer is obeying you, when really its obeying the real master first, and it only obeys you when the real master says it's ok. With every program there are two possibilities: either the user controls the program or the program controls the users," he says. "It's free software if users control it. And that's why it respects their freedom. Otherwise it's a non-free, proprietary, user subjugating program."
Movies

MoviePass Reveals Annual Subscription For $6.95 a Month (slashfilm.com) 75

An anonymous reader shares a report: MoviePass seemed like the deal of the century: $10 a month to see one movie a day at the theaters? No contest. But in the three months since the start-up company seeking to disrupt the theater market with a Netflix-like service launched its new business model, MoviePass has been plagued by technical hiccups, backed-up deliveries, and potential lawsuits. As the company expanded its operations, it finally began to settle into its new subscription base of more than 600,000 users. And now MoviePass is already offering up a new deal: an up-front annual subscription of $89.95, which amounts to about $6.95 a month. But how much of a discount is it really? The MoviePass annual subscription is a limited-time promotion that will last 12 months, according to the website. Users pay $89.95 up front, plus a $6.55 processing fee. "Once your year is up, your plan will convert back into your $9.95 a month. Offer valid until it's not. Limit two per household," the MoviePass website says.
Businesses

Volkswagen To Spend Over $40 Billion on Electric and Self-Driving Cars (reuters.com) 61

Volkswagen plans to spend more than 34 billion euros ($40 billion) over the next five years on developing electric cars, autonomous driving and other new technologies, it said on Friday. "With the planning round now approved, we are laying the foundation for making Volkswagen the world's number one player in electric mobility by 2025," Chief Executive Matthias Mueller said in a statement.
Privacy

Germany Bans Children's Smartwatches (bbc.com) 38

A German regulator has banned the sale of smartwatches aimed at children, describing them as spying devices. From a report: It had previously banned an internet-connected doll called, My Friend Cayla, for similar reasons. Telecoms regulator the Federal Network Agency urged parents who had such watches to destroy them. One expert said the decision could be a "game-changer" for internet-connected devices. "Poorly secured smart devices often allow for privacy invasion. That is really concerning when it comes to kids' GPS tracking watches - the very watches that are supposed to help keep them safe," said Ken Munro, a security expert at Pen Test Partners.
IOS

iOS 11 'Is Still Just Buggy as Hell' (gizmodo.com) 158

It is becoming increasingly apparent that iOS 11, the current generation of Apple's mobile operating system, is riddled with more issues than any previous iOS version in the recent years. Two months ago, in a review, titled, "iOS 11 Sucks", a reporter at the publication wrote: I'm using iOS 11 right now, and it makes me want to stab my eyes with a steel wire brush until I get face jam. Gizmodo today reviews iOS 11 after living with the current software version for two months: It's been two full months since Apple released iOS 11 to millions and millions of devices worldwide, and the software is still just buggy as hell. Some of the glitches are ugly or just unexpected from a company that has built a reputation for flawless software. Shame on me for always expecting perfection from an imperfect company, I guess. But there are some really bad bugs, so bad that I can't use the most basic features on my phone. They popped up, when I upgraded on release day. They're still around after two months and multiple updates to iOS. Shame on Apple for ignoring this shit. Now, let me show you my bugs. The worst one also happens to be one I encounter most frequently. Sometimes, when I get a text, I'll go to reply in the Messages app but won't be able to see the latest message because the keyboard is covering it up. I also can't scroll up to see it, because the thread is anchored to the bottom of the page. The wackiest thing is that sometimes I get the little reply box, and sometimes I don't. The only way I'm able to text like normal is to tap the back arrow to take me to all my messages and then go back into the message through the front door. [...] Other native iOS 11 apps have bugs, too. Until a recent update, my iPhone screen would become unresponsive which is a problem because touching the screen is almost the only way to use the device.
Privacy

Why is this Company Tracking Where You Are on Thanksgiving? (theoutline.com) 88

Earlier this week, several publications published a holiday-themed data study about how families that voted for opposite parties spent less time together on Thanksgiving, especially in areas that saw heavy political advertising. The data came from a company called SafeGraph that supplied publications with 17 trillion location markets for 10 million smartphones. A report looks at the bigger picture: The data wasn't just staggering in sheer quantity. It also appears to be extremely granular. Researchers "used this data to identify individuals' home locations, which they defined as the places people were most often located between the hours of 1 and 4 a.m.," wrote The Washington Post. The researchers also looked at where people were between 1 p.m. and 5 p.m. on Thanksgiving Day in order to see if they spent that time at home or traveled, presumably to be with friends or family. "Even better, the cellphone data shows you exactly when those travelers arrived at a Thanksgiving location and when they left," the Post story says. To be clear: This means SafeGraph is looking at an individual device and tracking where its owner is going throughout their day. A common defense from companies that creepily collect massive amounts of data is that the data is only analyzed in aggregate; for example, Google's database BigQuery, which allows organizations to upload big data sets and then query them quickly, promises that all its public data sets are "fully anonymized" and "contain no personally-identifying information." In multiple press releases from SafeGraph's partners, the company's location data is referred to as "anonymized," but in this case they seem to be interpreting the concept of anonymity quite liberally given the specificity of the data.
Businesses

Silicon Valley Thinks It Invented Roommates. They Call It 'Co-living' (theguardian.com) 269

An anonymous reader shares a report: Have you heard of this cool new trend called co-living? It's a bit like co-working, except instead of sharing an office with a bunch of randoms you share a home with a bunch of randoms. Oh, you might be thinking, is it like ye olde concept of "roommates"? Why, yes. Yes it is. As a viral tweet pointed out earlier this week, "co-living", which has inspired a spate of trend-pieces in recent months, is actually "called *roommates* ... you invented ***roommates***." Now, to be fair, co-living isn't just living with a bunch of roommates. No, it's rich millennials living with a bunch of roommates in a fancy building in a recently gentrified part of town. The co-living space is also full of cool amenities like yoga classes and micro-brew coffee bars, meaning you can minimise unnecessary interactions with the outside world. In startup speak, this is what is called "community." The Collective, for example, a co-working space in London, describes co-living as "a way of living focused on a genuine sense of community, using shared spaces and facilities to create a more convenient and fulfilling lifestyle."
Power

Tesla Is Rethinking the Rest Stop For California Road Trips (bloomberg.com) 96

An anonymous reader quotes a report from Bloomberg: In-N-Out Burgers has some new competition for attracting drivers on two heavily traveled stretches of California freeways that help link Los Angeles to Las Vegas and San Francisco: Tesla's biggest Supercharger stations yet. The charging stations in Kettleman City, off Interstate 5, and Baker, near Interstate 15, each have 40 stalls, making them the largest among more than 1,000 in North America, according to an emailed statement Wednesday. If filling up your Tesla takes half an hour, you might as well get comfortable. The Kettleman City station north of Bakersfield has a play wall for kids, a pet relief area and outdoor space for families. It's open round-the-clock, there's wi-fi and there will be food as well. But if you want to stretch your legs, the nearest In-N-Out is just across the street. And there are inevitable Tesla touches at both: solar-covered parking and Tesla Powerpacks.
AI

Stanford Trains AI To Diagnose Pneumonia Better Than a Radiologist In Just Two Months (qz.com) 66

A new paper from Stanford University reveals how artificial intelligence algorithms can be quickly trained to diagnose pneumonia better than a radiologist. "Using 100,000 x-ray images released by the National Institutes of Health on Sept. 27, the research published Nov. 14 (without peer review) on the website ArXiv claims its AI can detect pneumonia from x-rays with similar accuracy to four trained radiologists," reports Quartz. From the report: That's not all -- the AI was trained to analyze x-rays for 14 diseases NIH included in the dataset, including fibrosis, hernias, and cell masses. The AI's results for each of the 14 diseases had fewer false positives and false negatives than the benchmark research from the NIH team that was released with the data. The paper includes Google Brain founder Andrew Ng as a co-author, who also served as chief scientist at Baidu and recently founded Deeplearning.ai. He's often been publicly bullish on AI's use in healthcare. These algorithms will undoubtedly get better -- accuracy on the ImageNet challenge rose from 75% to 95% in just five years -- but this research shows the speed at which these systems are built is increasing as well.
Transportation

Tesla Unveils 500-Mile Range Semi Truck, 620-Mile Range Roadster 2.0 288

Rei writes: During a live reveal on Thursday, Tesla unveiled its new electric Class 8 Heavy Duty vehicle. As most people familiar with Tesla products would expect, the day cab truck features staggeringly fast acceleration for a vehicle of its size. It can accelerate 0-60 in 5 seconds without a trailer and 20 seconds with a 40-ton gross weight while being able to pull its maximum payload up a 5-degree grade at 65mph (versus a typical maximum of 45mph). The 500-mile range is for the vehicle at full load and highway speeds (80% of U.S. freight routes are 250 miles or less). Tesla also boasts a million mile no-breakdown guarantee; even losing two of its four motors it can out-accelerate a typical diesel truck. The total cost per mile is pegged at 83% of operating a diesel, but when convoying is utilized -- where multiple trucks mirror the action of a lead truck -- the costs drop to 57%, a price cheaper than rail. Tesla went a step further and stole the show from their own event by having the first prototype of the new Tesla Roadster drive out of the back of the truck. With the base model alone boasting a 620 mile range on a 200kWh battery pack with 10kN torque, providing a 1.9 second 0-60, 4.2 second 0-100, and 8.9 second quarter mile, the 2+2-seating convertible will easily be the fastest-accelerating production car in the world. Top speed is not disclosed, but said to be "at least 250mph." The vehicle's release date, however, is not scheduled until 2020.
Google

Google Will Stop Letting Sites Use AMP Format To Bait and Switch Readers (theverge.com) 47

"Google today announced a forthcoming update to its Accelerated Mobile Pages, or AMP, web format that aims to discourage website owners from misusing the service," reports The Verge. "The company says that, starting in February 2018, AMP pages must contain content nearly identical to that of the standard page they're replicating." From the report: Currently, because AMP pages load faster and more clutter-free versions of a website, they naturally contain both fewer ads and less links to other portions of a site. That's led some site owners to publish two versions of a webpage: a standard page and an AMP-specific one that acts a teaser of sorts that directs users to the original. That original page, or canonical page in Google parlance, is by nature a slower loading page containing more ads and with a potentially lower bounce rate, which is the percentage of viewers who only view one page before leaving. Now, Google is cracking down on that behavior. "AMP was introduced to dramatically improve the performance of the web and deliver a fast, consistent content consumption experience," writes Ashish Mehta, an AMP product manager. "In keeping with this goal, we'll be enforcing the requirement of close parity between AMP and canonical page, for pages that wish to be shown in Google Search as AMPs."

Slashdot Top Deals