Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

January 30 2018

Spying fears and political pressure cost Huawei another carrier deal

Enlarge / Huawei Mate 10 Pro, one of the phones that won't be sold by US carriers. (credit: Valentina Palladino)

Huawei is the world's third biggest smartphone company—behind Samsung and Apple—and sells phones across the globe. But the Chinese company is virtually unknown in the US. Allegations of stolen intellectual property and spying have dogged Huawei, impeding its efforts to expand its US reach.

Earlier this month, "political pressure" was reported to have derailed an agreement between Huawei and AT&T that would have seen the carrier selling the smartphone company's hardware. Bloomberg is now reporting that Verizon, too, has dropped its plans to sell Huawei phones, including the new Mate 10 Pro. Huawei will still sell phones directly to consumers, and they'll work on US networks. But without the promotion and subsidy that carrier partnerships offer, significant sales volumes are unlikely.

Huawei's difficulties in the US started in 2003, when Cisco accused it of stealing code for router software. More trouble followed in 2008, when Huawei's bid to buy 3Com was blocked. In 2011, the US Department of Defense reported to Congress that it was concerned about the company's close ties to the Chinese military, and a 2012 House Intelligence report echoed these concerns.

Read 5 remaining paragraphs | Comments

High-severity vulnerability in Lenovo laptops let hackers access passwords

Enlarge (credit: lenovo.com)

Lenovo has fixed a high-severity vulnerability in a wide range of laptop models that allowed hackers with physical access to log in and then obtain users' Windows login credentials and other sensitive data.

The vulnerability resides in the Lenovo Fingerprint Manager Pro, which is typically installed on ThinkPad, ThinkCentre, and ThinkStation models. A weak encryption algorithm makes it possible for someone with local non-administrative access to read Windows logon credentials and fingerprint data. From there, the person can log into the computer or use the extracted credentials for other purposes. The vulnerability affects only Fingerprint Manager Pro for Windows 7, Windows 8, or Windows 8.1. Fingerprint-enabled Laptops running Windows 10 aren't affected because they use Microsoft's native support.

"A vulnerability has been identified in Lenovo Fingerprint Manager Pro," Lenovo officials wrote in an advisory published late last week. "Sensitive data stored by Lenovo Fingerprint Manager Pro, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in."

Read 3 remaining paragraphs | Comments

Dealmaster: Buy an Xbox One X and get a $100 Dell gift card

Greetings, Arsians! Courtesy of our friends at TechBargains, we have another round of deals to share. Today's list brings us a decent deal on Microsoft's relatively new Xbox One X, as Dell is offering the 4K- and HDR-compatible console straight up with a $100 gift card to its online store.

Now, there's a few caveats here: Dell says the gift card will arrive over email "within 20 days," the credit expires within 90 days, and you have to really want to play certain Xbox One games in 4K for the One X to be worth it. If you do, though, and you want to use that extra $100 toward, let's say, a monitor or various PC accessories, give it a look. For those who don't need the absolute strongest Xbox console, Dell is running a similar deal on the $280 Xbox One S as well.

And if you don't care about any of this, the rest of the rundown includes nice price cuts on the Essential Phone, Amazon's latest 4K-capable Fire TV, a variety of Logitech mice and keyboards, a few TVs for those overhauling their living rooms for the Super Bowl, and plenty other goodies. Have a look for yourself below.

Read 10 remaining paragraphs | Comments

Pocket-sized DNA reader used to scan entire human genome sequence

Enlarge / Sequence on a stick. (credit: Oxford Nanopore)

A few years back, a company called Oxford Nanopore announced it was developing a radically different way of sequencing DNA. Its approach involved taking single strands of the double helix and stuffing them through a protein pore. With a small bit of current flowing across the pore, the four bases of DNA each created a distinct (if tiny) change in the voltage as it passed through. These could be used to read the DNA one base at a time as it wiggled through the pore.

After several years of slow progress, Oxford Nanopore announced that its sequencing hardware would be as distinctive as its wetware: a USB device that could fit comfortably in a person's hand. As the first devices went out to users, it became clear that the device had some pros and cons. On the plus side, the device was quick and could be used without requiring a large facility to support it. It could also read very long stretches of DNA at once. But the downside was significant: it made lots of mistakes.

With a few years of experience, people are now starting to learn to make the most of the devices, as demonstrated by a new paper in which researchers use it to help sequence a human genome. By using the machine's long reads—in one case, nearly 900,000 bases from one DNA molecule—the authors were able to get data out of areas of the human genome that resisted characterization before. And they were able to distinguish between the two sets of chromosomes (one from mom, one from dad) and locate areas of epigenetic control in many areas of the genome.

Read 12 remaining paragraphs | Comments

id Software co-founders confirm that its biggest games’ heroes are all related

Enlarge / The id Software family tree finally comes together. (credit: id Software)

Of all the innovations id Software delivered to the video game industry in the '90s, plot certainly wasn't one of them. Still, the company managed to create a few iconic heroes in its PC-action heyday, and decades after their creation, the company's former bigwigs let loose a fun bit of trivia on Tuesday: many of id's biggest heroes are all related.

As spotted by ResetERA, a Twitter conversation unfolded on Tuesday that had been set into motion weeks earlier. A seeming throwaway December post from former id Software designer John Romero included an interesting note: that the long-running Wolfenstein series' hero, BJ Blazkowicz, was "based on" the company's early side-scrolling action series Commander Keen. A fan picked up on this and sent a question to id co-founder Tom Hall: are these two characters related, and is Doom's "Doomguy" hero also part of a genetic lineage?

Hall minced no words in his Tuesday reply: "The lineage isn't a theory. Fact." Longtime id fans might have already suspected this, based on information in a long-ago Wolfenstein hint manual, but this is the first time someone from id has gone to the trouble of confirming that idea. What's more, Romero piped up to clarify the exact makeup of the Blazkowicz clan: the Wolfenstein hero is Commander Keen's grandfather, while Keen is Doomguy's dad. The duo had a bit of a back-and-forth joke chain from there, asking why there was a missing generational badass between Wolfenstein and Keen. Hall claimed that Keen's father was "an awesome, heroic... newscaster" with the stage name of "Blaze," which is where Keen's legal name of "Billy Blaze" came from.

Read 3 remaining paragraphs | Comments

FCC says Hawaii officer who sent false missile alert thought it was not a drill

A preliminary report released on Tuesday from the Federal Communications Commission details the events leading up to a false missile alert sent to mobile phones and television and radio broadcast stations in the state of Hawaii earlier this month. The report (PDF) suggests that the employee who sent the alert did not hear a recording notifying staff that an announcement regarding an incoming missile was simply a test. Instead, the employee apparently thought it was the real thing, according to the FCC.

The missile alert was not corrected for 38 minutes, sending residents of Hawaii into a panic. After the situation was rectified, Hawaii officials, including Governor David Ige and Hawaii Emergency Management Agency (HI-EMA) Administrator Vern Miyagi, attributed the mistake to "human error," saying that the employee knew the missile alert was supposed to be a test but had designated that the alert was supposed to be an "event" rather than a "test" by accident.

The employee did not agree to be interviewed by the FCC but instead issued a written statement to the federal commission. The letter said that, contrary to explanations made by Hawaii officials, the employee didn't issue an alert warning by fumbling through a software menu by accident. Instead, the employee meant to send the warning, believing the internal announcement about an inbound threat was real.

Read 8 remaining paragraphs | Comments

Before trial, judge won’t let Waymo include its own financial projections

(credit: Flickr)

SAN FRANCISCO—Less than a week before a contentious trade secrets trial is set to begin, lawyers from Waymo and Uber squared off one final time in court on Tuesday morning.

US District Judge William Alsup told Waymo that its lawyers could not present projected financial figures for the self-driving car market, lest they influence the jury improperly. Rather, he wants the case to remain focused on the eight specific trade secrets at issue.

"So if we put big numbers out there, there’s a risk that the jury will fall for the big numbers," he said, comparing it to patent cases. Such a ruling is potentially a large win for Uber if the company is ultimately found liable in the case.

Read 21 remaining paragraphs | Comments

You’ll finally be able to approve family purchases with Face ID in iOS update

Enlarge (credit: Apple)

In the iOS 11.3 beta, parents and other "family organizers" are now able to approve purchases through iOS' "Ask to Buy" feature using Face ID on the iPhone X. This addresses a prior complaint from users who upgraded from Touch ID iPhones to the iPhone X with Face ID.

Previously, iPhone X users had to manually enter their passwords via the iPhone X's keyboard to approve any request from a child to download an app or make an in-app purchase, whereas other iPhone owners could use Touch ID. It might not seem like a major inconvenience to some, but some parents with several children, all of whom have iOS devices and are playing games that involve frequent, small in-app purchases, went to Apple's forums to complain about the constant hassle.

Apple promoted Face ID as a complete replacement for Touch ID when the iPhone X launched. In fact, third-party apps that used Touch ID could authenticate with Face ID automatically, with no action required on the part of the developer in most cases. We found when reviewing the phone that Face ID could be used to make other kinds of purchases, so it was perplexing to users when this one feature—Ask to Buy—was not supported.

Read 3 remaining paragraphs | Comments

Cisco drops a mega-vulnerability alert for VPN devices

Enlarge (credit: US Air Force)

On January 29, Cisco released a high-urgency security alert for customers using network security devices and software that support virtual private network connections to corporate networks. Firewalls, security appliances, and other devices configured with WebVPN clientless VPN software are vulnerable to a Web-based network attack that could bypass the devices’ security, allowing an attacker to run commands on the devices and gain full control of them. This would give attackers unfettered access to protected networks or cause the hardware to reset. The vulnerability has been given a Common Vulnerability Scoring System rating of Critical, with a score of 10—the highest possible on the CVSS scale.

WebVPN allows someone outside of a corporate network to connect to the corporate intranet and other network resources from within a secure browser session. Since it requires no client software or pre-existing certificate to access from the Internet, the WebVPN gateway can be generally reached from anywhere on the Internet—and as a result, it can be programmatically attacked. A spokesperson for the Cisco security team said in the alert that Cisco is not aware of any active exploits of the vulnerability right now. But the nature of the vulnerability is already publicly known, so exploits are nearly certain to emerge quickly.

The vulnerability, discovered by Cedric Halbronn of the NCC Group, makes it possible for an attacker to use multiple, specially formatted XML messages submitted to the WebVPN interface of a targeted device in an attempt to “double-free” memory on the system. Executing a command to free a specific memory address more than once can cause memory leakage that allows an attacker to write commands or other data into blocks of the system’s memory. By doing so, the attacker could potentially cause the system to execute commands or could corrupt the memory of the system and cause a crash.

Read 2 remaining paragraphs | Comments

Formula E’s new electric car looks like nothing else in racing

Formula E

On Tuesday in London, the all-electric racing series Formula E took the wraps off its new car. It's certainly striking, looking way more futuristic than the series' current machines, which to the uninitiated eye could easily be mistaken for any other open-wheel race car. What's more, its introduction will solve one of the biggest problems Formula E has right now; those mid-race car swaps will be a thing of the past thanks to a doubling in battery capacity.

When Formula E got started at the tail end of 2014, every team used identical Spark-Renault SRT_01E race cars. Since then, the series opened up the technical regulations a bit, allowing teams to develop their own control electronics, inverters, electric motors, and gearboxes. But, keeping costs sensible, everyone still has to use the same carbon-fiber chassis, which contains the integral lithium-ion battery pack.

Read 7 remaining paragraphs | Comments

California Senate defies FCC, approves net neutrality law

Enlarge / California State Capitol building in Sacramento. (credit: Getty Images | joe chan photography)

The California State Senate yesterday approved a bill to impose net neutrality restrictions on Internet service providers, challenging the Federal Communications Commission attempt to preempt such rules.

The FCC's repeal of its own net neutrality rules included a provision to preempt state and municipal governments from enforcing similar rules at the local level. But the governors of Montana and New York have signed executive orders to enforce net neutrality and several states are considering net neutrality legislation.

The FCC is already being sued by t21 states and the District of Columbia, which are trying to reverse the net neutrality repeal and the preemption of state laws. Attempts to enforce net neutrality rules at the state or local level could end up being challenged in separate lawsuits.

Read 7 remaining paragraphs | Comments

Google closes $1.1 billion deal for half of HTC’s smartphone R&D team


Just a few months ago Google and HTC announced a deal that would see HTC sell a big chunk of its phone division to Google for $1.1 billion. Today, Google announced the deal has closed, and the HTC employees are officially joining Google.

For HTC, the deal is a big cash infusion at a time when the company is struggling financially. WIth HTC burning through about $75 million each quarter, Google's money gives it over three years of money to burn at the current rate. The move should also cut costs for HTC: the 2,000 employees leaving for Google represent half of HTC's R&D group and 20 percent of its 10,000 employees. HTC claims it will continue to compete in the smartphone market, even with this huge of a staff cut.

For Google, the deal will bolster the hardware group, which was formed in 2016 under former Motorola CEO Rick Osterloh. The Google Pixel, Pixel XL, and Pixel 2 smartphone were a collaboration between Google and HTC, and these 2,000 HTC employees are the ones that made up the Pixel team inside HTC. Bringing the team in-house should give Google more control over the smartphone design process, presumably bringing more unity to the Pixel line and deeper integration of hardware and software.

Read 2 remaining paragraphs | Comments

Report: Apple making fewer iPhone Xs due to weak demand

Enlarge / The iPhone X's front-facing camera and TrueDepth sensor, used for Face ID. (credit: Samuel Axon)

Apple's $1,000 iPhone X has apparently proven to be a hard sell for many. According to a report by The Wall Street Journal, Apple will cut its planned production of its flagship iPhone through March by half, from the 40 million handsets originally planned to 20 million, due to "weaker-than-expected" demand.

In addition to cutting the number of handsets made, Apple also reportedly cut orders for components needed to make the iPhone X by 60 percent. Ars has reached out to Apple for further comment and will update if we hear back.

While Apple did not provide an official statement to The Wall Street Journal, a person familiar with the matter claims these types of cuts come when "things aren't selling well." We're only a few days away from Apple releasing its Q4 2017 earnings report on Thursday, which will likely reveal more information about iPhone sales through the end of last year. However, those sales will include numbers for iPhone 6, 7, and 8 models in addition to iPhone X sales numbers.

Read 2 remaining paragraphs | Comments

After Zuma, SpaceX goes for its second flight of 2018

Enlarge / The booster on the launch pad in Florida for a launch attempt Tuesday first flew in May, 2017. (credit: SpaceX)

SpaceX began its launch campaign this year on January 7, with liftoff of the highly classified Zuma payload for the US government. Although it is not official, multiple sources have said the mission failed to reach orbit. SpaceX has said its rocket performed nominally despite any failure, and the Air Force has backed the company up on that assertion.

Perhaps the biggest vote of confidence in the company is that, less than four weeks later, it is prepared to launch again. On Tuesday in Florida, during a launch window from 4:25pm ET to 6:46pm ET, a Falcon 9 rocket will attempt to launch a satellite to geostationary transfer orbit for public-private partnership between the Luxembourg Government and SES. The GovSat-1/SES-16 satellite will be used for NATO communications as well as commercial purposes.

This is the sixth time SpaceX has launched a used rocket. The core for this mission has previously flown once, in May 2017, to launch the  NROL-76 mission. Although the rocket will have enough propellant to try a landing after pushing the four-ton satellite into its orbit, SpaceX will not attempt to recover the booster. This is partly because the "Of Course I Still Love You" drone ship will be needed for the Falcon Heavy launch next week.

Read 3 remaining paragraphs | Comments

Waymo orders way mo‘ self-driving minivans from Chrysler

Enlarge / You'll know it's a Waymo Pacifica Hybrid by the roof bar covered in sensors. (credit: FCA)

Waymo, the self-driving Google spin-off, is getting ready to seriously expand its operations. On Tuesday morning, Fiat Chrysler Automobiles announced it has signed an agreement to supply Waymo with "thousands" of Chrysler Pacifica Hybrid minivans. Originally, Waymo was testing in California with bespoke R&D vehicles, but made the switch to using Pacifica Hybrids in early 2017. Currently, Waymo operates a fleet of around 600 of these autonomous minivans; these are mostly in the Phoenix area, although it tests in a number of other locations including snowy Michigan and Atlanta.

"With the world’s first fleet of fully self-driving vehicles on the road, we’ve moved from research and development, to operations and deployment," said John Krafcik, CEO of Waymo. "The Pacifica Hybrid minivans offer a versatile interior and a comfortable ride experience, and these additional vehicles will help us scale."

This news confirms that the race to field—as opposed to just test—"level 4" autonomous vehicles (which will be geofenced) is now between Waymo and General Motors.

Read 3 remaining paragraphs | Comments

Microsoft might finally have a forward-thinking game with Sea of Thieves

Enlarge / Those weather, reflection, and wave effects all come from the real-time version of Sea of Thieves. It looks that good in motion, too. (credit: Rare)

After years of teases and press-only demos, Microsoft and Rare's pirate-battling game Sea of Thieves has finally arrived in a form that looks like the online game we've been promised for so long. And, shiver our timbers, this week's closed beta test has honestly been promising—and sometimes danged good.

Moreover, it lets us get closer to describing this as a living, breathing online game, as opposed to the 15-minute pirate-on-pirate battle bursts we've seen at early preview events. Waddle on over with that peg-leg of yours, sit ye down, and let us tell you tales about Rare's new virtual seas—along with our hopes and concerns for the game going forward.

A pirate's life for ye?

Read 19 remaining paragraphs | Comments

Subscribe to Ars Technica and get an ad-free experience

Enlarge (credit: Getty Images / Aurich Lawson)

On Friday, we launched Ars Pro, our new and improved subscription offering. The response from you, our readers, has been amazing.

If this is the first time you're hearing about Ars Pro and Ars Pro++, here's what you get for your money:

Ars Pro ($25 per year or $3 per month)

  • No ads. That means no banners, no video pre-roll, no nothing. You get to enjoy Ars ad-free while supporting our work in a tangible way.
  • Full-text RSS feeds. If you use RSS, you can get Ars stories in their entirety without ever leaving your RSS reader.
  • Subscriber forum access. The Ars Lounge will be your walled garden for talking with your fellow Arsians
  • PDF downloads. It's a convenient way to archive stories for later or read them offline.
  • Single-page view for multipage articles.

You get all of this for just $25 per year, or $3 per month if you want to go that route.

Read 8 remaining paragraphs | Comments

The Greatest Leap, part 4: Catching Apollo fever as a new NASA employee

Our Apollo documentary is back, but you can catch up with parts 1, 2, and 3 quickly. Video shot by Joshua Ballinger, edited and produced by Jing Niu and David Minick. Click here for transcript. (video link)

As inevitably happens in August, a sweltering heat with the tactility of dog's breath had come over Houston when Raja Chari reported to the Johnson Space Center. Just shy of his 40th birthday, the decorated combat veteran and test pilot had been born too late to see humans walking on the Moon. No matter, he was in awe of the new office.

The son of an immigrant from India, Chari grew up in the heartland of America and grasped onto the American dream. He worked hard in school, and then in the Air Force, to become an astronaut. So when Chari finally got to Johnson Space Center in 2017 as a member of its newest astronaut class, his sense of achievement mingled with reverence. He found himself in the cradle of human spaceflight, where the Mercury 7 and Apollo astronauts had trained. Chari felt a wide-eyed wonderment for the people around him, too. The engineers. The flight controllers. His fellow astronauts.

Read 46 remaining paragraphs | Comments

More than 2,000 WordPress websites are infected with a keylogger

Enlarge / A screenshot showing a keylogger extracting user names and passwords. It's currently infecting more than 2,000 WordPress websites. (credit: Sucuri)

More than 2,000 websites running the open-source WordPress content management system are infected with malware, researchers warned late last week. The malware in question logs passwords and just about anything else an administrator or visitor types.

The keylogger is part of a malicious package that also installs an in-browser cryptocurrency miner that's surreptitiously run on the computers of people visiting the infected sites. Data provided here, here, and here by website search service PublicWWW showed that, as of Monday afternoon, the package was running on 2,092 sites.

Website security firm Sucuri said this is the same malicious code it found running on almost 5,500 WordPress sites in December. Those infections were cleaned up after cloudflare[.]solutions—the site used to host the malicious scripts—was taken down. The new infections are hosted on three new sites, msdns[.]online, cdns[.]ws, and cdjs[.]online. None of the sites hosting the code has any relation to Cloudflare or any other legitimate company.

Read 6 remaining paragraphs | Comments

January 29 2018

“Heatmap” for social athlete’s app reveals secret bases, secret places

Enlarge / A heatmap of Strava "workout" data revealed sensitive locations around the world, including some mysterious places in Syria. (credit: Strava)

On January 27, Nathan Ruser, a founder of the Institute for United Conflict Analysts, started looking at a rich source of geospatial data for locating military operations in Afghanistan, Iraq, Syria, and other conflict zones: a newly published “activity hotmap” for the fitness tracking application Strava. Others, including Tobias Schneider, started plumbing the depths of the Strava data store, based on data pulled from app users’ mobile devices. The heatmap was meant as a demonstration of the mass of activity over 2017 by Strava users.

But it, along with the other data available through Strava's website and APIs, also may be exposing sensitive “patterns of life” of military and contractor personnel in conflict zones and even information about individuals in some of those places.

There’s nothing in the heatmap that specifically identifies who is connected with the data for a very confined path of movement in a compound northeast of Raqqa, for example, or the long tracks of what is most likely a vehicle route from Iraq to northern Syria. But those traces on the heatmap, along with others in areas around the world linked to military operations, have highlighted sometimes covert locations from Niger to Ukraine to Taiwan. And with a little work, it is in some cases possible to connect those activities to individuals—and track them back to their homes.

Read 9 remaining paragraphs | Comments

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!