Microsoft

Microsoft Plans Version of Windows 10 For Devices With Limited Storage (engadget.com) 133

An anonymous reader shares a report: A smaller, more pared down version of Windows 10 was spotted in the latest Redstone 5 preview build. Microsoft is calling it Windows 10 Lean and it's 2GB smaller in size than standard editions of Windows 10 once installed. Missing from this version are the Registry Editor, Internet Explorer, wallpaper, Microsoft Management Console and drivers for CD and DVD drives, and Windows Central notes that the lighter Windows 10 might be designed to ensure tablets and laptops with little internal storage can install Windows 10 feature updates. Additionally, the Redstone 5 preview also features phone-related APIs that support functions like dialing, blocking withheld numbers, video calling, Bluetooth headset support and speakerphone mode, stoking those persistent Andromeda rumors.
Security

Hackers Built a 'Master Key' For Millions of Hotel Rooms (zdnet.com) 119

An anonymous reader writes: Security researchers have built a master key that exploits a design flaw in a popular and widely used hotel electronic lock system, allowing unfettered access to every room in the building. The electronic lock system, known as Vision by VingCard and built by Swedish lock manufacturer Assa Abloy, is used in more than 42,000 properties in 166 countries, amounting to millions of hotel rooms -- as well as garages and storage units. These electronic lock systems are commonplace in hotels, used by staff to provide granular controls over where a person can go in a hotel -- such as their room -- and even restricting the floor that the elevator stops at. And these keys can be wiped and reused when guests check-out.

It turns out these key cards aren't as secure as first thought. F-Secure's Tomi Tuominen and Timo Hirvonen, who carried out the work, said they could create a master key 'basically out of thin air.' Any key card will do. Even old and expired, or discarded keys retain enough residual data to be used in the attack. Using a handheld device running custom software, the researchers can steal data off of a key card -- either using wireless radio-frequency identification (RFID) or the magnetic stripe. That device then manipulates the stolen key data, which identifies the hotel, to produce an access token with the highest level of privileges, effectively serving as a master key to every room in the building.

Windows

E-Waste Innovator Will Go To Jail For Making Windows Restore Disks That Only Worked With Valid Licenses (gizmodo.com) 390

An anonymous reader quotes a report from The Washington Post: California man Eric Lundgren, an electronic waste entrepreneur who produced tens of thousands of Windows restore disks intended to extend the lifespan of aging computers, lost a federal appeals court case in Miami after it ruled "he had infringed Microsoft's products to the tune of $700,000," the Washington Post reported on Tuesday. Per the Post, the appeals court ruled Lundgren's original sentence of 15 months in prison and a $50,000 fine would stay, despite the software being freely available online and only compatible with valid Windows licenses: "The appeals court upheld a federal district judge's ruling that the disks made by Eric Lundgren to restore Microsoft operating systems had a value of $25 apiece, even though they could be downloaded free and could be used only on computers with a valid Microsoft license. The U.S. Court of Appeals for the 11th Circuit initially granted Lundgren an emergency stay of his prison sentence, shortly before he was to surrender, but then affirmed his original 15-month sentence and $50,000 fine without hearing oral argument in a ruling issued April 11." All told, the court valued 28,000 restore disks he produced at $700,000, despite testimony from software expert Glenn Weadock that they were worth essentially zero.
Data Storage

Samsung Announces 970 PRO and 970 EVO NVMe SSDs (anandtech.com) 50

hyperclocker shares a report from AnandTech: Samsung has announced the third generation of their high-end consumer NVMe SSDs. The new 970 PRO and 970 EVO M.2 NVMe SSDs use a newer controller and Samsung's latest 64-layer 3D NAND flash memory. The outgoing 960 PRO and 960 EVO were first announced in September 2016 and shipped that fall, so they have had a fairly long run as Samsung's flagship consumer SSDs. Compared to its predecessor, the 970 EVO promises a small improvement in sequential read speed, and a more substantial boost to sequential write speed for all but the smallest 250GB model. Peak random access performance is also substantially improved, but again the 250GB model gets left out, and is actually rated as slower than the 960 EVO 250GB. The warranty on the EVO has been extended from three years to five years, and the write endurance ratings have been increased by 50% to retain almost the same drive writes per day rating.

The 970 PRO's performance specs aren't too different from the 970 EVO. Many of the ratings are the same, and the ones that differ are mostly better by just 3-11% for the PRO. There are just two major exceptions to this. First, the PRO doesn't rely on SLC write caching so it can maintain its write speed far longer than the EVO. Second, the rated write endurance of the 970 PRO is twice that of the EVO, going from just over 0.3 Drive Writes Per Day to 0.6 DWPD. Neither of these are an important factor for ordinary consumer use cases, but they help the 970 PRO retain some shine as a premium product.

Businesses

SmugMug Buys Flickr, Vows To Revitalize the Photo Service (usatoday.com) 61

On Friday, Silicon Valley photo-sharing and storage company SmugMug announced it had acquired Flickr, the photo-sharing site created in 2004 by Ludicorp and acquired in 2005 by Yahoo. SmugMug CEO Don MacAskill told USA TODAY he's committed to revitalizing the faded social networking site, which hosted photos and videos long before it became trendy. Flickr will reportedly continue to operate separately, and SmugMug and Flickr accounts will "remain separate and independent for the foreseeable future." From the report: He declined to disclose the terms of the deal, which closed this week. "Flickr is an amazing community, full of some of the world's most passionate photographers. It's a fantastic product and a beloved brand, supplying tens of billions of photos to hundreds of millions of people around the world," MacAskill said. "Flickr has survived through thick-and-thin and is core to the entire fabric of the Internet." The surprise deal ends months of uncertainty for Flickr, whose fate had been up in the air since last year when Yahoo was bought by Verizon for $4.5 billion and joined with AOL in Verizon's Oath subsidiary.
Power

Can Tesla's Batteries Power Puerto Rico? (electrek.co) 87

An anonymous reader quotes Electrek: Almost 1 million ratepayers of the Puerto Rican Electric Power Authority on the island of Puerto Rico were reportedly without power Wednesday during an island-wide blackout. But a few hundred locations with Tesla Energy storage systems were able to keep the lights on, according to CEO Elon Musk... Some of those locations include very critical services. For example, Tesla deployed a series of Powerpack systems on the Puerto Rican islands of Vieques and Culebra for a sanitary sewer treatment plant, the Arcadia water pumping station, the Ciudad Dorada elderly community, the Susan Centeno hospital, and the Boys and Girls Club of Vieques. Furthermore, the automaker's energy division also deployed a solar+battery system at a hospital in Puerto Rico...

It was also reported that the Puerto Rican government was considering Tesla's plan for a series of microgrids to help bring back power on a larger scale. The government has confirmed that they "presented several projects in remote areas that would allow entire communities to be more independent" and they also "presented a proposal to the Authority for Public-Private Partnerships for the deployment of a large-scale battery system designed to help stabilize the entire Puerto Rico electricity network."

The proposal, involving de-centralized local solar farms, "should prove more resilient to natural disaster," Electrek reported earlier, adding " and of course, it would be a lot cleaner than their currently mostly fossil fuel-based power generation." Already Tesla batteries are "live and delivering power" at 662 locations, Elon Musk tweeted Wednesday.

Meanwhile, CNN reports that one Puerto Rico resident spent three weeks building his own solar power system using $7,500 in parts -- which will ultimately prove cheaper than the $350 a month he was spending to run a gas generator (and waiting as long as six hours in the long gas lines).

They're not revealing his name "because he's concerned someone may try to steal his new system."
AI

AI Will Wipe Out Half the Banking Jobs In a Decade, Experts Say 111

Experts in the industry say that current advances in artificial intelligence and automation could replace as many as half the nation's financial services workers over the next decade, though it will take a big investment to make that happen. The Mercury News reports: "Unless banks deal with the performance issues that AI will cause for ultra-large databases, they will not be able to take the money gained by eliminating positions and spend it on the new services and products they will need in order to stay competitive," James D'Arezzo, CEO of Glendale-based Condusiv Technologies, said. Intensive hardware upgrades are often cited as an answer to the problem, but D'Arezzo said that's prohibitively expensive.

Speaking to an audience last year in Frankfurt, Germany, Deutsche Bank CEO John Cryan predicted a "bonfire" of industry jobs as automation moves forward. "In our bank we have people doing work like robots," he said. "Tomorrow we will have robots behaving like people. It doesn't matter if we as a bank will participate in these changes or not, it is going to happen." Increased processing power, cloud storage and other developments are making many tasks possible that once were considered too complex for automation, according to Cryan. D'Arezzo, whose company works to improve existing software performance, said the financial industry is being swamped by "a tsunami of data," including new compliance requirements for customer privacy and constantly changing bank regulations.
Bhagwan Chowdhry, a professor of finance and economics at the UCLA Anderson School of Management, offers a less bleak view of the future. "Technology will eliminate some jobs that are repetitive and require less human judgment," he said, "But I think they will get replaced by other jobs that humans are better at. Anything that requires judgment is something humans will continue to do. We are not good at multiplying 16-digit numbers, but we're good at judging people and detecting if someone is telling the truth."
Data Storage

Loud Sound From Fire Alarm System Shuts Down Nasdaq's Scandinavian Data Center (bleepingcomputer.com) 114

Catalin Cimpanu, writing for BleepingComputer: A loud sound emitted by a fire alarm system has destroyed the hard drives of a Swedish data center, downing Nasdaq operations across Northern Europe. The incident took place in the early hours of Wednesday, April 19, and was caused by a gas-based fire alarm system that are typically deployed in data centers because of their ability to put out fires without destroying non-burnt equipment. These systems work by releasing inert gas at high speeds, a mechanism usually accompanied by a loud whistle-like sound. With non-calibrated systems, this sound can get very loud, a big no-no in data centers, where loud sounds are known to affect performance, shut down, or even destroy hard drives.
Security

Data Firm Leaks 48 Million User Profiles it Scraped From Facebook, LinkedIn, Others (zdnet.com) 56

Zack Whittaker, reporting for ZDNet: A little-known data firm was able to build 48 million personal profiles, combining data from sites and social networks like Facebook, LinkedIn, Twitter, and Zillow, among others -- without the users' knowledge or consent. Localblox, a Bellevue, Wash.-based firm, says it "automatically crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange networks." Since its founding in 2010, the company has focused its collection on publicly accessible data sources, like social networks Facebook, Twitter, and LinkedIn, and real estate site Zillow to name a few, to produce profiles.

But earlier this year, the company left a massive store of profile data on a public but unlisted Amazon S3 storage bucket without a password, allowing anyone to download its contents. The bucket, labeled "lbdumps," contained a file that unpacked to a single file over 1.2 terabytes in size. The file listed 48 million individual records, scraped from public profiles, consolidated, then stitched together.

Canada

19-Year-Old Archivist Charged For Downloading Freedom-of-Information Releases (www.cbc.ca) 422

Ichijo writes: According to CBC News, a Canadian teen "has been charged with 'unauthorized use of a computer,' which carries a possible 10-year prison sentence, for downloading approximately 7,000 freedom-of-information releases. The provincial government says about 250 of those contain Nova Scotians' sensitive personal information."

"When he was around eight [...] his Grade 3 class adopted an animal at a shelter, receiving an electronic adoption certificate," reports CBC. "That lead to a discovery on the classroom computer. 'The website had a number at the end, and I was able to change the last digit of the number to a different number and was able to see a certificate for someone else's animal that they adopted,' he said. 'I thought that was interesting.' The teenager's current troubles arose because he used the same trick on Nova Scotia's freedom-of-information portal, downloading about 7,000 freedom-of-information requests."
The teen is estimated to have around 30 terabytes of online data on his hard drives, which equates to "millions" of webpages. "He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."
Red Hat Software

Red Hat Enterprise Linux Version 7.5 Released (redhat.com) 64

On Tuesday Red Hat announced the general availability of Red Hat Enterprise Linux version 7.5. An anonymous reader writes: Serving as a consistent foundation for hybrid cloud environments, Red Hat Enterprise Linux 7.5 provides enhanced security and compliance controls, tools to reduce storage costs, and improved usability, as well as further integration with Microsoft Windows infrastructure both on-premise and in Microsoft Azure.

New features include a large combination of Ansible Automation with OpenSCAP, and LUKS-encrypted removable storage devices can be now automatically unlocked using NBDE. The Gnome shell has been re-based to version 3.26, the Kernel version is 3.10.0-862, and the kernel-alt packages include kernel version 4.14 with support for 64-bit ARM, IBM POWER9 (little endian), and IBM z Systems, while KVM virtualization is now supported on IBM POWER8/POWER9 systems.

See the detailed release notes here.
Security

Uber's 2016 Breach Affected More Than 20 Million US Users (bloomberg.com) 6

An anonymous reader quotes a report from Bloomberg: A data breach in 2016 exposed the names, phone numbers and email addresses of more than 20 million people who use Uber's service in the U.S., authorities said on Thursday, as they chastised the ride-hailing company for not revealing the lapse earlier. The Federal Trade Commission said Uber failed to disclose the leak last year as the agency investigated and sanctioned the company for a similar data breach that happened in 2014. "After misleading consumers about its privacy and security practices, Uber compounded its misconduct," said Maureen Ohlhausen, the acting FTC chairman. She announced an expansion of last year's settlement with the company and said the new agreement was "designed to ensure that Uber does not engage in similar misconduct in the future."

In the 2016 breach, intruders in a data-storage service run by Amazon.com Inc. obtained unencrypted consumer personal information relating to U.S. riders and drivers, including 25.6 million names and email addresses, 22.1 million names and mobile phone numbers, and 607,000 names and driver's license numbers, the FTC said in a complaint. Under the revised settlement, Uber could be subject to civil penalties if it fails to notify the FTC of future incidents, and it must submit audits of its data security, the agency said.

Operating Systems

'Fuchsia Is Not Linux': Google Publishes Documentation Explaining Their New OS (xda-developers.com) 245

An anonymous reader quotes a report from XDA Developers: You've probably seen mentions of the Fuchsia operating system here and there since it has been in development for almost 2 years. It's Google's not-so-secretive operating system which many speculate will eventually replace Android. We've seen it grow from a barely functional mock-up UI in an app form to a version that actually boots on existing hardware. We've seen how much importance Google places on the project as veteran Android project managers are starting to work on it. But after all of this time, we've never once had either an official announcement from Google about the project or any documentation about it -- all of the information thus far has come as a result of people digging into the source code.

Now, that appears to be changing as Google has published a documentation page called "The Book." The page aims to explain what Fuchsia, the "modular, capability-based operating system" is and is not. The most prominent text on that page is a large section explaining that Fuchsia is NOT Linux, in case that wasn't clear already. Above that are several readme pages explaining Fuchsia's file systems, boot sequence, core libraries, sandboxing, and more. The rest of the page has sections explaining what the Zircon micro-kernel is and how the framework, storage, networking, graphics, media, user interface, and more are implemented.

Power

Your Future Home Might Be Powered By Car Batteries (bloomberg.com) 319

Increasingly utilities and automakers are wondering if they could use the batteries inside electric cars as storage for the entire public power grid. An anonymous reader shares a report: The idea, known as "vehicle-to-grid," is to someday have millions of drivers become mini electricity traders, charging up when rates are cheap and pumping energy back into the grid during peak hours or when the sun simply isn't shining. If it works -- and it's a big if -- renewable energy could get much cheaper and more widely used. "We really, really need storage in order to make better use of wind and solar power, and electric cars could provide it," said Daniel Brenden, an analyst who studies the electricity market at BMI Research in London. "The potential is so huge." Today, fewer than one percent of the world's vehicles are electric, but by 2040 more than half of all new cars will run on the same juice as televisions, computers and hair dryers, according to estimates by Bloomberg New Energy Finance. Once cars and everything else are fed from the same source, they can share the same plumbing.
Advertising

MailChimp Bans Emails Promoting Cryptocurrency (gizmodo.com) 48

"MailChimp to Cryptocurrency Promoters: Your Fake Money's No Good Here," jokes the headline at Gizmodo. The mass emailing service -- which sends over a billion emails a day -- just updated its Acceptable Use Policy to warn users that MailChimp "does not allow businesses involved in any aspect of the sale, transaction, exchange, storage, marketing, or production of cryptocurrencies, virtual currencies, and any digital assets related to an Initial Coin Offering, to use MailChimp to facilitate or support any of those activities."

An anonymous reader quotes Gizmodo: The ban on cryptocurrency promotion isn't out of the blue so much as a clarification of existing use policies... In a statement to Gizmodo, MailChimp further clarified: "We recognize that blockchain technology is in its infancy and has tremendous potential. Nonetheless, the promotion and exchange of cryptocurrencies is too frequently associated with scams, fraud, phishing, and potentially misleading business practices at this time..." MailChimp previously held policies prohibiting multi-level marketing, "make money online" businesses, and "industries hav[ing] higher-than-average abuse complaints," and earmarked "online trading, day trading tips, or stock market related content" for "additional scrutiny..."

This follows similar, though less restrictive bans by Facebook (and Instagram by extension), Google, Linkedin, Twitter, and Snapchat on ICO ads, and country-wide bans in China and South Korea.

Futurism reports that the first victims are "responding in kind by attempting to read the riot act to a Twitter account whose avatar is a monkey with a hat," strongly informing that monkey that "Centralized capricious power is exactly why we need blockchains."
Businesses

Amazon's Music Storage Service Will Remove MP3 Files on April 30 (theverge.com) 64

Amazon announced last year that it intends to shut down its dedicated cloud music locker. Now, the company has elaborated on its thinking. From a report: In an email to Amazon Music users, the company says uploaded songs will be removed from a user's library on April 30th, 2018. You can however keep any music in the cloud by proactively going to your Music Settings and clicking the "Keep my songs" button. Back in December, Amazon stopped letting users upload new tracks to Music Storage, which holds up to 250 songs for free. The company said at the time that by January 2019, users wouldn't be able to download or stream tracks they've uploaded to Music Storage, so it sounds like you'll still have many months between April and next January to get your music downloaded and onto a different storage platform or hard drive.
Security

macOS High Sierra Logs Encryption Passwords in Plaintext for APFS External Drives (bleepingcomputer.com) 62

Catalin Cimpanu, writing for BleepingComputer: macOS High Sierra users are once again impacted by a major APFS bug after two other major vulnerabilities affected Apple's new filesystem format in the last five months. This time around, according to a report from Mac forensics expert Sarah Edwards, recent versions of macOS High Sierra are logging encryption passwords for APFS-formatted external drives in plaintext, and storing this information in non-volatile (on-disk) log files.

The issue, if exploited, could allow an attacker easy access to the encryption password of encrypted APFS external volumes, such as USB thumb drives, portable hard drives, and other external storage mediums. This bug goes against all well-established Apple development and security rules, according to which apps and utilities should use the Keychain app to store valuable information, and should definitely avoid storing passwords in cleartext.
Video 1, and 2.
Data Storage

Wind and Solar Can Power Most of the United States, Says Study (theguardian.com) 417

An anonymous reader writes: The Guardian reports of a recent paper, published in the journal Energy and Environmental Science, that helps explain how wind and solar energy can power most of the United States: "The authors analyzed 36 years of hourly weather data (1980-2015) in the U.S. They calculated the available wind and solar power over this time period and also included the electrical demand in the U.S. and its variation throughout the year. With this information, the researchers considered two scenarios. In scenario 1, they imagined wind and solar installations that would be sufficient to supply 100% of the U.S. electrical needs. In the second scenario, the installations would be over-designed; capable of providing 150% of the total U.S. electrical need. But the authors recognize that just because a solar panel or a wind turbine can provide all our energy, it doesn't mean that will happen in reality. It goes back to the prior discussion that sometimes the wind just doesn't blow, and sometimes the sun isn't shining. With these two scenarios, the authors then considered different mixes of power, from all solar to all wind. They also included the effect of aggregation area, that is, what sized regions are used to generate power. Is your power coming from wind and solar in your neighborhood, your city, your state or your region?

The authors found that with 100% power capacity and no mechanism to store energy, a wind-heavy portfolio is best (about 75% wind, 25% solar) and using large aggregate regions is optimal. It is possible to supply about 75-80% of U.S. electrical needs. If the system were designed with excess capacity (the 150% case), the U.S. could meet about 90% of its needs with wind and solar power. The authors modified their study to allow up to 12 hours of US energy storage. They then found that the 100% capacity system fared even better (about 90% of the country's energy) and the optimal balance was now more solar (approximately 70% solar and 30% wind). For the over-capacity system, the authors found that virtually all the country's power needs could be met with wind, solar, and storage."

Google

Google Unveils Acer's Chromebook Tab 10 Ahead of Apple's Education-Focused Event Tomorrow (cnet.com) 41

An anonymous reader shares a report: Maybe Acer knows what Apple is up to tomorrow, maybe not. Regardless the information and communication tech company announced today the world's first Chrome OS tablet made for the education market, the Chromebook Tab 10. Designed for use in K-12 classrooms, the 9.7-inch tablet could potentially add to Google's Chromebook lead in the US education market and take some of the wind out of Apple's education-focused press conference on March 27. [...] Acer's new tablet, which will sell for $329 in April, is built around a 2048x1536-resolution IPS touchscreen with 264 pixels per inch. A durable Wacom EMR stylus comes standard and stores in the tablet's chassis that's only 0.39-inch thick (9.98 mm). Running on a Rockchip OP1 processor, 4GB of memory and 32GB of storage, the Tab 10 fully supports Google Play giving schools access to educational Android apps.
Data Storage

Sex Workers Say Porn On Google Drive Is Suddenly Disappearing (vice.com) 356

An anonymous reader quotes a report from Motherboard: Porn performer Avey Moon was trying to send the lucky winner of her Chaturbate contest his prize -- one of her videos, titled "POV Blowjob" -- through her Google Drive account. But it wouldn't send, and Google wasn't telling her why. "I thought there was something wrong with my file and I got rather worried," Moon told me in a Twitter message. "I had promised this guy his content and he was so good to me. I was panicked because I thought if I couldn't give him his prize, he would feel like he got ripped off and never come back again or worse, he could actually file a complaint with Chaturbate about me and they can take money from me." She's not alone. Six porn performers I talked to and more on social media said that they suddenly can't download adult content they keep on Google Drive. They also said they can't a share that content with other accounts or send to clients. In some cases, the adult content is disappearing from Drive without warning or explanation. The porn performers I talked to started sounding the alarm on Twitter last week. They said that Google Drive no longer seemed sex-trade friendly, detailing error messages and sharing cloud storage alternatives with each other.

When I asked about sexual content being blocked on Drive, a spokesperson for Google directed me to the Drive policy page -- specifically the section on sexually explicit material, which says, "Do not publish sexually explicit or pornographic images or videos.... Additionally, we do not allow content that drives traffic to commercial pornography." Writing about porn and sex is permitted, the policy states, as long as it's not accompanied by sexually explicit images or videos. According to Google, Drive uses a combination of automated systems and manual review to decide what's in violation.
One worker said they've been using Google Drive for most of the last five and a half years but just recently received an error message when sending a video, saying that the item may violate Google's Terms of Service, with a link to request a review. In this case, the video title was explicit, but other adult performers report similar messages when sending content with non-explicit titles. "Some sex workers are wondering if this has something to do with the impending vote on the SESTA-FOSTA bill," reports Motherboard. We now have learned that the Senate has passed the bill.

Slashdot Top Deals