The Internet

Tumblr Has a Massive Creepshots Problem ( 121

After Reddit famously banned the creepshots sub-reddit, which shared non-consensual, revealing photos of women, Tumblr now has a slew of users pushing out similar photos across at least dozens of dedicated blogs, a Motherboard investigation has found. From the report: Simply typing 'creepshot' or related terms into Tumblr's built-in search function returns a steady stream of tagged posts, and Google queries easily reveal links to relevant Tumblr blogs. Motherboard found just under 70 Tumblr blogs focused on sharing creepshots, most with a bevy of content. In some cases, the Tumblrs also host 'upskirt' photos or videos, where a camera is deliberately, and stealthily, positioned to look up an unsuspecting person's skirt. Some of the subjects of these images, as well as many of the clothed creepshots, appear to be young, possibly teenagers.

"This is only the tip of the iceberg, there are probably hundreds of these accounts filming in high schools, college campuses, in malls, and on the streets. And Tumblr seems to not care at all about the problem," an anonymous tipster, who first alerted Motherboard to the issue, wrote in an email. One of the most popular creepshot Tumblrs has some 11,000 followers, and one of its posts has over 53,000 interactions linked to it, including reblogs, where the video or picture then appears on the user's own Tumblr, spreading the content further.


Yet Again, Google Tricked Into Serving Scam Amazon Ads ( 49

Zack Whittaker, reporting for ZDNet: For hours on Thursday, the top Google search result for "Amazon" was pointed to a scam site. The bad ad appeared at the very top of the search result for anyone searching for the internet retail giant -- even above the legitimate search result for Anyone who clicked on the ad was sent to a page that tried to trick the user into calling a number for fear that their computer was infected with malware -- and not sent to as they would have hoped.

The page presents itself as an official Apple or Windows support page, depending on the type of computer you're visiting the page from. An analysis of the webpage's code showed that anyone trying to dismiss the popup box on the page would likely trigger the browser expanding to full-screen, giving the appearance of ransomware. A one-off event would be forgivable. But this isn't the first time this has happened. It's at least the second time in two years that Google has served up a malicious ad under Amazon's name.

Wireless Networking

Ask Slashdot: Are There Any USB-C Wireless Video Solutions? 123

jez9999 writes: Sometimes it feels like we're on the cusp of a technology but not quite there yet, and that's the way it feels for me after searching around for USB-C wireless video solutions. There are several wireless video solutions that use HDMI on the receiver end, of course, but these aren't ideal because HDMI can't provide power. This means you need a separate receiver box and power cable going into the box, but cables are what you're trying to get away from with wireless video!

So the answer to this would seem to be USB-C. It supports HDMI video as well as power, so in theory you could create a receiver dongle that just plugged into a TV (or monitor with speakers) and required no external power cable. Unfortunately, I haven't been able to find anything like this on the market.

There is Airtame, but that doesn't work with a 'dumb' TV -- it needs to plug in to a computer that you can install software on to stream the video. What I'd like is to be able to wall-mount a new TV and just plug in a wireless dongle to stream the video with no extra setup required on the receiver end.

Does anyone know of a solution like this that exists right now, or one that's being developed?

The 600+ Companies PayPal Shares Your Data With ( 48

AmiMoJo shares a report from Schneier on Security: One of the effects of GDPR -- the new EU General Data Protection Regulation -- is that we're all going to be learning a lot more about who collects our data and what they do with it. Consider PayPal, that just released a list of over 600 companies they share customer data with. Here's a good visualization of that data. Is 600 companies unusual? Is it more than average? Less? We'll soon know.
The Internet

Bali Plans To Switch Off Internet Services For 24 Hours For New Year 'Quiet Reflection' ( 149

Internet service providers in Bali will be switching off mobile services this weekend for 24 hours to mark the Indonesian island's annual day of silence. "Nyepi, or New Year according to the ancient Balinese calendar, is a sacred day of reflection on the Hindu-majority island," reports The Guardian. "Even the international airport shuts down." From the report: This year authorities have called on telecommunications companies to unplug -- a request Bali says firms have promised to honor. "It was agreed that internet on mobile phones will be cut. All operators have agreed," Nyoman Sujaya, from the Bali communications ministry, told The plan, based on an appeal put forward by Balinese civil and religious groups, was announced following a meeting at the ministry in Jakarta. This is the first time internet services will be shut down in Bali for Nyepi, after the same request was denied last year. However, wifi connection will still be available at hotels and for strategic services such as security, aviation, hospitals and disaster agencies. Phone and SMS services will be operational, but the Indonesian Internet Service Provider Association is reviewing whether wifi at private residences will be temporarily cut.

Verizon Will Fix Broadband Networks, Landlines To Resolve Investigation ( 73

Joel Hruska reports via ExtremeTech: Verizon has reached an agreement with the Communications Workers of America and the New York State Public Service Commission to begin repairing infrastructure and restoring service across New York State. The agreement requires Verizon to extend broadband service to tens of thousands of New York State households and to begin repairing facilities it has previously neglected. As in Pennsylvania, Verizon has been neglecting its fixed wired infrastructure in its bid to first sabotage copper service, then force customers to adopt alternative solutions. It's also been mired in an ongoing lawsuit with the state of New York over its breach of a 2008 contract requiring it to provide fiber service within New York City.

This new agreement appears to settle these issues, provided it's followed. Under its terms, Verizon will extend fiber to 10,000 to 12,000 households not currently served by it in Long Island and Verizon's "Upstate Reporting Region" (these are Verizon-specific regions, not geographical areas, so "Long Island" may mean more than just the island). It will begin immediately replacing copper lines in certain specific NYC buildings with high failure rates and transitioning them to fiber optic cable, repairing operations within 50 upstate wireless centers with high failure rates, allow plant technicians to report plant failures and maintenance needs more accurately, and begin inspecting and replacing the batteries that provide critical connectivity in the event of a power outage when said batteries are deployed for specific customers (hospitals, police stations, and other emergency facilities). It will also begin removing so-called "double poles." A double pole is when an old telephone pole is stapled (metaphorically speaking) to a newer one. Some examples of a double pole from PA are shown below; Verizon has been hauled into court to force it to do its job in more than one state.


Android Wear Needs More Than a New Name To Fight Apple Watch ( 87

Less than two months before Google I/O, Google has rebranded its Android Wear watch platform to "Wear OS." The recent name change is part of a move to have its watches stand apart from Android, but it could also indicate that Google's smartwatch strategy is about to shift. Google may release a completely new Wear OS focused on the Google Assistant or a Google-branded smartwatch. Scott Stein writes via CNET that Android Wear needs more than a new name to fight the Apple Watch: The Apple Watch took over the top spot in global wearable sales recently, according to IDC, despite the fact that it's only compatible with iPhones. Fitbit just announced the Versa, a promising casual smartwatch that will interface with any iPhone or Android and starts at just $200. The wearable market is growing. But where is Google in that picture? The Fossil Group, maker of many of the Android Wear watch products last year, reported some promising numbers: "In 2017, Fossil Group nearly doubled its wearables business to more than $300 million, including 20 percent of watch sales in Q4," said Greg McKelvey, Fossil's chief strategy and digital officer, as part of Google's Wear OS announcement. So it sounds like Android Wear -- sorry, Wear OS -- is still in the game. But the problem, for me, is that I've never found Android Wear watches to be particularly great. Google relaunched Android Wear over a year ago with new software and added fitness smarts, plus standalone phone functions. But Apple's watch strategy has advanced faster, with better hardware. The Apple Watch S3 can be a phone, now. So can Samsung's Gear S3, which runs on Tizen. Google, meanwhile, stopped adding cellular functions to watches after the lackluster LG Watch Sport last year.

EU Wants To Require Platforms To Filter Uploaded Content (Including Code) ( 106

A new copyright proposal in the EU would require code-sharing platforms like GitHub and SourceForge to monitor all content that users upload for potential copyright infringement. "The proposal is aimed at music and videos on streaming platforms, based on a theory of a 'value gap' between the profits those platforms make from uploaded works and what copyright holders of some uploaded works receive," reports The GitHub Blog. "However, the way it's written captures many other types of content, including code."

Upload filters, also known as "censorship machines," are some of the most controversial elements of the copyright proposal, raising a number of concerns including: -Privacy: Upload filters are a form of surveillance, effectively a "general monitoring obligation" prohibited by EU law
-Free speech: Requiring platforms to monitor content contradicts intermediary liability protections in EU law and creates incentives to remove content
-Ineffectiveness: Content detection tools are flawed (generate false positives, don't fit all kinds of content) and overly burdensome, especially for small and medium-sized businesses that might not be able to afford them or the resulting litigation
Upload filters are especially concerning for software developers given that: -Software developers create copyrightable works -- their code -- and those who choose an open source license want to allow that code to be shared
-False positives (and negatives) are especially likely for software code because code often has many contributors and layers, often with different licensing for different components
-Requiring code-hosting platforms to scan and automatically remove content could drastically impact software developers when their dependencies are removed due to false positives
The EU Parliament continues to introduce new proposals for Article 13 but these issues remain. MEP Julia Reda explains further in a recent proposal from Parliament.

Linus Torvalds Slams CTS Labs Over AMD Vulnerability Report ( 115

Earlier this week, CTS Labs, a Tel Aviv-based cybersecurity startup claimed it has discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices. Linus Torvalds, Linux's creator doesn't buy it. ZDNet reports: Torvalds, in a Google+ discussion, wrote: "When was the last time you saw a security advisory that was basically 'if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem?' Yeah." Or, as a commenter put it on the same thread, "I just found a flaw in all of the hardware space. No device is secure: if you have physical access to a device, you can just pick it up and walk away. Am I a security expert yet?" CTS Labs claimed in an interview they gave AMD less than a day because they didn't think AMD could fix the problem for "many, many months, or even a year" anyway. Why would they possibly do this? For Torvalds: "It looks more like stock manipulation than a security advisory to me."

These are real bugs though. Dan Guido, CEO of Trail of Bits, a security company with a proven track-record, tweeted: "Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works." But, Guido also admitted, "Yes, all the flaws require admin [privileges] but all are flaws, not expected functionality." It's that last part that ticks Torvalds off. The Linux creator agrees these are bugs, but all the hype annoys the heck out of him. Are there bugs? Yes. Do they matter in the real world? No. They require a system administrator to be almost criminally negligent to work. To Torvalds, inflammatory security reports are annoying distractions from getting real work done.


Walmart Whistleblower Claims Cheating In Race With Amazon ( 35

An anonymous reader quotes a report from Bloomberg: In its race to catch in online retailing, Walmart issued misleading e-commerce results and fired an executive who complained the company was breaking the law, according to a whistle-blower lawsuit. Tri Huynh, a former director of business development at Walmart, claims he was terminated "under false pretenses" after repeatedly raising concerns about the company's "overly aggressive push to show meteoric growth in its e-commerce business by any means possible -- even, illegitimate ones." Under Chief Executive Officer Doug McMillon, Walmart has invested billions to catch up with Amazon in e-commerce over the past few years, and last year enjoyed quarterly online sales growth rates surpassing 50 percent, well above peers that include Target and Best Buy Huynh claims Walmart mislabeled products so that some third-party vendors received lower commissions, failed to process customer returns, and allowed offensive items onto the site. Huynh's dismissal in January 2017 -- just a day after a retail-industry publication singled him out as one of the sector's rising stars -- was in retaliation for warning senior executives about the misdeeds, he said in the lawsuit, filed Thursday by employment litigation attorney David M. deRubertis in San Francisco federal court.

Largest US Radio Company iHeartMedia Files For Bankruptcy ( 157

The largest U.S. radio station owner, iHeartMedia, has filed for Chapter 11 bankruptcy as it "struggles with $20 billion in debt and falling revenue at its 858 radio stations," reports Reuters. The company has reportedly reached an agreement with holders of more than $10 billion of its outstanding debt for a balance sheet restructuring, which will reduce its debt by more than $10 billion. From the report: Cash on hand and cash generated from ongoing operations will be sufficient to fund the business during the bankruptcy process, said iHeartMedia, which owns Z100 in New York and Real 103.5 KISS FM in Chicago. The filing comes after John Malone's Liberty Media Corp proposed on Feb. 26 a deal to buy a 40 percent stake in a restructured iHeartMedia for $1.16 billion, uniting the company with Liberty's Sirius XM Holdings Inc satellite radio service. Clear Channel Outdoor Holdings Inc, a subsidiary of iHeartMedia, and its units did not commence Chapter 11 proceedings. The company had 14,300 employees at the end of 2016, according to its most recent annual report.

Digg Reader To Shut Down This Month -- Latest RSS Service To Bite the Dust ( 105

Digg announced this week that it's shutting down Digg Reader, an app which allows users to follow RSS feeds from sites. From a report: Following the closure of Google Reader, RSS fans flocked to the likes of Feedly, The Old Reader, Digg Reader and Inoreader. Now Digg Reader has announced that it is to close, and users are being advised to export their feeds so they can be imported into an alternative service. Users do not have a great deal of time to grab their data and take it elsewhere. The RSS reader is due to close on March 26, meaning there's less than two weeks to go. No reason has been given for the closure, but presumably the venture either didn't prove as popular as expected, or it was rather more costly to run than anticipated.

Scientists Create a Way For People With Amputations To Feel Their Prosthetics ( 42

An anonymous reader quotes a report from Gizmodo: Prosthetic hands have gotten increasingly sophisticated. Many can recreate the complex shape and detail of joints and fingers, while powered prostheses allow for independent, willful movement. But a new study published Wednesday in Science Translational Medicine offers a potential glimpse into the future of the technology: Artificial hands that actually feel like a living limb as they move. The researchers recruited people with amputations who had been given surgery that reconfigured certain muscle and sensory nerves surrounding the amputated limb, allowing them to control their prosthesis through intuitive brain signals (thoughts) sent to the repurposed nerves. Across a series of experiments involving three of these patients, the researchers attached devices that generated vibrations along specific muscles near the amputation site. When the device was turned on, these vibrations created an illusionary sense of kinesthesia -- an awareness of conscious self-movement -- in the prosthetic hand as the person performed tasks with it, both in a virtual stimulation and in the real world. The volunteers had amputations that extended just past their elbow as well as their whole arm. Not only did the experiment let them "feel" their hand as they opened and closed it, but the restored intuition allowed them to perform tasks without needing to constantly look at their hand. And coupled with vision, it gave them overall better motor control over their prosthesis.

Samsung Will Begin Offering Same-Day Repairs On Galaxy Phones This Week ( 19

hyperclocker shares a report from BGR: Samsung announced on Wednesday that it is partnering with uBreakiFix to bring same-day, in-person phone repairs to Galaxy device owners across the United States. Starting on March 15th, Samsung customers will be able to bring their phones to any of more than 300 uBreakiFix service locations and have their devices repaired on the spot and usually within two hours or less. Samsung plans to expand the program throughout 2018 as well. Galaxy owners will have the option to either schedule an appointment at a uBreakiFix location, or just drop the phone off without calling ahead. Samsung assures customers that all uBreakiFix repair centers will have genuine Samsung parts, proprietary Samsung tools for the repairs, and conduct repairs by Samsung certified pros.

Microsoft Removes Antivirus Registry Key Check for Windows 10 Users ( 37

Microsoft has backtracked on a decision it took back in January when it conditioned that computers without a special registry key would not receive any more security updates. From a report: That particular "requirement" was introduced as part of the Meltdown and Spectre patching process. At the time, Microsoft said that antivirus vendors would have to add a key to the Windows Registry to signal that they are compatible with Microsoft's original Meltdown and Spectre patches. This was a big issue at the time because Microsoft detected during testing that some antivirus vendors would inject code into parts of the kernel that the company was trying to patch against Meltdown and Spectre flaws.

Jewelry Site Leaks Personal Details, Plaintext Passwords of 1.3 Million Users ( 37

Chicago-based MBM Company's jewelry brand Limoges Jewelry has accidentally leaked the personal information for over 1.3 million people. This includes addresses, zip-codes, e-mail addresses, and IP addresses. The Germany security firm Kromtech Security, which found the leak via an unsecured Amazon S3 storage bucket, also claims the database contained plaintext passwords. The Next Web reports: In a press release, Kromtech Security's head of communicationis, Bob Diachenko, said: "Passwords were stored in the plain text, which is great negligence [sic], taking into account the problem with many users re-using passwords for multiple accounts, including email accounts." The [MSSQL database] backup file was named "MBMWEB_backup_2018_01_13_003008_2864410.bak," which suggests the file was created on January 13, 2018. It's believed to contain current information about the company's customers. Records held in the database have dates reaching as far back as 2000. The latest records are from the start of this year. Other records held in the database include internal mailing lists, promo-codes, and item orders, which leads Kromtech to believe that this could be the primary customer database for the company. Diachenko says there's no evidence a malicious third-party has accessed the dump, but that "that does not mean that nobody [has] accessed the data."

Tesla Employees Say Automaker Is Churning Out a High Volume of Flawed Parts ( 149

Several current and former employees of Tesla said that the automaker is manufacturing a surprisingly high ratio of flawed parts and vehicles, leading to more rework and repairs than can be contained at its factory in Fremont, California. CNBC reports: One current Tesla engineer estimated that 40 percent of the parts made or received at its Fremont factory require rework. The need for reviews of parts coming off the line, and rework, has contributed to Model 3 delays, the engineer said. Another current employee from Tesla's Fremont factory said the company's defect rate is so high that it's hard to hit production targets. Inability to hit the numbers is in turn hurting employee morale. To deal with a backlog of flawed parts and vehicles, said these current and former employees, Tesla has brought in teams of technicians and engineers from its service centers and remanufacturing lines to help with rework and repairs on site in Fremont. They also said that sometimes the luxury EV maker has taken the unusual measure of sending flawed or damaged parts from Fremont to its remanufacturing facility in Lathrop, California, about 50 miles away, instead of fixing those parts "in-line." Tesla flatly denies that its remanufacturing teams engage in rework. "Our remanufacturing team does not 'rework' cars," a spokesperson said. The company said the employees might be conflating rework and remanufacturing. It also said every vehicle is subjected to rigorous quality control involving more than 500 inspections and tests. The report from CNBC has caused Tesla's stock to tumble today. You can read Tesla's full statement about the CNBC report here.

Reddit Is Bringing Promoted Posts To Its Mobile Apps ( 43

Reddit is reportedly launching native promoted posts for its mobile apps. "The company said in an email to advertisers that its apps are the most popular way its 330 million monthly active users access Reddit content on mobile, and they now account for 41 percent of time spent on Reddit across all platforms," reports Marketing Land. "Logged-in app users also spend 30 percent more time per day than users who log in from desktop, and 80 percent of app users don't access Reddit on desktop, according to the company." From the report: In-app promoted posts will have all the elements of a standard Reddit post, including upvotes, downvotes and comment threads. The native mobile ads will also include comments, which was not possible before on the mobile ads. Native promoted posts will be available on iOS starting Monday, March 19, and will roll out to Android in the coming weeks.

Microsoft Announces Breakthrough In Chinese-To-English Machine Translation ( 72

A team of Microsoft researchers announced on Wednesday they've created the first machine translation system that's capable of translating news articles from Chinese to English with the same accuracy as a person. "The company says it's tested the system repeatedly on a sample of around 2,000 sentences from various online newspapers, comparing the result to a person's translation in the process -- and even hiring outside bilingual language consultants to further verify the machine's accuracy," reports TechCrunch. From the report: The sample set, called newstest2017, was released just last fall at the research conference WMT17. Deep neural networks, a method of training A.I. systems, allowed the researchers to create more fluent and natural-sounding translations that take into account broader context that the prior approaches, called statistical machine translation. Microsoft's researchers also added their own training methods to the system to improve its accuracy -- things they equate to how people go over their own work time and again to make sure it's right.

The researchers said they used methods including dual learning for fact-checking translations; deliberation networks, to repeat translations and refine them; and new techniques like joint training, to iteratively boost English-to-Chinese and Chinese-to-English translation systems; and agreement regularization, which can generate translations by reading sentences both left-to-right and right-to-left. Zhou said the techniques used to achieve the milestone won't be limited to machine translations. The researchers caution the system has not yet been tested on real-time news stories, and there are other challenges that still lie ahead before the technology could be commercialized into Microsoft's products.
You can play around with the new translation system here.

Wikipedia Had No Idea YouTube Was Going To Use It To Fact-Check Conspiracy Theories ( 136

Yesterday, YouTube CEO Susan Wojcicki announced that the company would drop a Wikipedia link beneath videos on highly contested topics. We have now learned that Wikipedia did not know about this move prior to the announcement. Gizmodo reports: In a Twitter thread asking the public to support Wikipedia as much as it relies on it, Wikimedia executive director Katherine Maher first suggested that the organization was unaware of YouTube's plans. When asked whether this new module would only apply to English Wikipedia pages, Maher responded, "I couldn't say; this was something they did independent of us." In a statement to Gizmodo, the Wikimedia Foundation confirmed that the organization first learned of the new YouTube feature on Tuesday. "We are always happy to see people, companies, and organizations recognize Wikipedia's value as a repository of free knowledge," a Wikimedia Foundation spokesperson said in a statement. "In this case, neither Wikipedia nor the Wikimedia Foundation are part of a formal partnership with YouTube. We were not given advance notice of this announcement."

Slashdot Top Deals