Facebook Says 126 Million Americans May Have Seen Russia-Linked Political Posts (reuters.com) 42

Facebook said on Monday that Russia-based operatives published about 80,000 posts on the social network over a two-year period in an effort to sway U.S. politics and that about 126 million Americans may have seen the posts during that time. Reuters reports: Facebook's latest data on the Russia-linked posts - possibly reaching around half of the U.S. population of voting age - far exceeds the company's previous disclosures. It was included in written testimony provided to U.S. lawmakers, and seen by Reuters, ahead of key hearings with social media and technology companies about Russian meddling in elections on Capitol Hill this week. Twitter separately has found 2,752 accounts linked to Russian operatives, a source familiar with the company's written testimony said. That estimate is up from a tally of 201 accounts that Twitter reported in September. Google, owned by Alphabet, said in a statement on Monday it had found $4,700 in Russia-linked ad spending during the 2016 U.S. election cycle, and that it would build a database of election ads. Facebook's general counsel, Colin Stretch, said in the written testimony that the 80,000 posts from Russia's Internet Research Agency were a tiny fraction of content on Facebook, equal to one out of 23,000 posts.

Calgary Police Cellphone Surveillance Device Must Remain Top Secret, Judge Rules (www.cbc.ca) 14

Freshly Exhumed writes from a report via CBC.ca: To protect police investigative techniques that may or may not have been used in a Calgary Police Service investigation, their controversial cellphone surveillance device will remain so secretive not even the make and model can be released to the public, according to a court ruling released Monday. The MDI (Mobile Device Identifier) technology -- colloquially called a StingRay after Harris Corporation's IMSI device, which mimics cell towers and intercepts data from nearby phones -- is controversial in part because in at least one Canadian case, prosecutors have taken watered down plea deals rather than disclose information related to the device.

A Surge of Sites and Apps Are Exhausting Your CPU To Mine Cryptocurrency (arstechnica.com) 35

Dan Goodin, writing for ArsTechnica: The Internet is awash with covert crypto currency miners that bog down computers and even smartphones with computationally intensive math problems called by hacked or ethically questionable sites. The latest examples came on Monday with the revelation from antivirus provider Trend Micro that at least two Android apps with as many as 50,000 downloads from Google Play were recently caught putting crypto miners inside a hidden browser window. The miners caused phones running the apps to run JavaScript hosted on Coinhive.com, a site that harnesses the CPUs of millions of PCs to mine the Monero crypto currency. In turn, Coinhive gives participating sites a tiny cut of the relatively small proceeds. Google has since removed the apps, which were known as Recitiamo Santo Rosario Free and SafetyNet Wireless App. Last week, researchers from security firm Sucuri warned that at least 500 websites running the WordPress content management system alone had been hacked to run the Coinhive mining scripts. Sucuri said other Web platforms -- including Magento, Joomla, and Drupal -- are also being hacked in large numbers to run the Coinhive programming interface.

Seagate's New 'SkyHawk AI' Disk Drive Is Just a Slightly Higher Speced Version of Its Predecessor (theregister.co.uk) 28

ourlovecanlastforeve shares a report from The Register, where Chris Mellor takes a look at Seagate's recently launched "SkyHawk" and "SkyHawk AI" HDDs. After closer inspection, Mellor concludes that the "AI" variant has a more buzz-worthy name and "slightly higher numbers on the specs" than its "SkyHawk" brethren. From the report: Seagate has bolted "AI" to its SkyHawk disk drive brand, saying it's better suited for next-generation deep learning and video analytics. The marketing department breathlessly describes it as "the first drive created specifically for artificial intelligence (AI) enabled video surveillance solutions." Sai Varanasi, VP product line management, burbled in the same fashion: "We are excited to introduce smart, purpose-built SkyHawk AI solutions that expand the design space for our customers and partners, allowing them to implement next-generation deep learning and video analytics applications." How so? Seagate says the new drive's "high throughput and enhanced caching deliver low latency and excellent random read performance to quickly locate and deliver video images and footage analysis." Both SkyHawk and SkyHawk AI have a 256MB cache buffer and 4.16ms average latency. Where it does differ from SkyHawk is having a higher 550TB/year workload and 2 million hours mean-time-before-failure rating, compared to 180TB/year and a million hours. It's been given a five-year limited warranty and a two-year Seagate Rescue Services contract is included with the drive. In other words the SkyHawk AI is more robust than the standard SkyHawk and transfers data 1.9 per cent faster. Otherwise it seems identical.

BlackBerry CEO Promises To Try To Break Customers' Encryption If the US Government Asks Him To (techdirt.com) 55

An anonymous reader writes from a report via Techdirt that claims the company has "chosen to proclaim its willingness to hack into its own customers' devices if the government asks." From the report: From a Forbes article: "[CEO John] Chen, speaking at a press Q&A during the BlackBerry Security Summit in London on Tuesday, claimed that it wasn't so simple for BlackBerry to crack its own protections. 'Only when the government gives us a court order we will start tracking it. Then the question is: how good is the encryption? 'Today's encryption has got to the point where it's rather difficult, even for ourselves, to break it, to break our own encryption... it's not an easily breakable thing. We will only attempt to do that if we have the right court order. The fact that we will honor the court order doesn't imply we could actually get it done.'"

Oddly, this came coupled with Chen's assertions its user protections were better than Apple's and its version of the Android operating system more secure than the one offered by competitors. This proactive hacking offer may be pointed to in the future by DOJ and FBI officials as evidence Apple, et al aren't doing nearly enough to cooperate with U.S. law enforcement. Of course, Chen's willingness to try doesn't guarantee the company will be able to decrypt communications of certain users. Blackberry may be opening up to law enforcement but it won't be sharing anything more with its remaining users. From the Forbes article: "Chen also said there were no plans for a transparency report that would reveal more about the company's work with government. 'No one has really asked us for it. We don't really have a policy on whether we will do it or not. Just like every major technology company that deals with telecoms, we obviously have quite a number of requests around the world.'"


GameStop Is Launching An Unlimited Used Game Rental Subscription, Says Report (polygon.com) 21

According to a leaked advertisement, GameStop is rolling out a used game rental subscription service. Subscribers will be able to pick any used game, play it, return it and get another as often as they like. The service will reportedly cost $60 for six months, and players get to keep the last game they borrow. Polygon reports: The advertisement was first seen at ResetEra, the new gaming forum. It appears to be from the newest issue of Game Informer (which is published by GameStop). The "Power Pass" subscription lasts six months and costs $60, according to the advertisement. Sign ups will begin on Nov. 19. The fine print says the Power Pass must be activated by Jan. 31, 2018, possibly hinting at when this service will go live. The subscription requires that the user be a PowerUp Rewards member, and the offer will be available only to the used game catalog in a store (i.e. physical discs), not from GameStop's online library. The PowerUp Rewards requirement apparently is there to help GameStop track the game currently in a user's possession.

SpaceX Lands the 13th Falcon 9 Rocket of the Year In Flames (theverge.com) 67

SpaceX launched a Falcon 9 rocket from Florida this afternoon and, while the rocket successfully delivered the Koreasat-5A to its designated orbit, it managed to catch fire after landing on one of SpaceX's autonomous barges. The Verge reports: That rocket's mission [was] to send a satellite known as Koreasat-5A into space, where it will hang above Earth for 15 years while providing communications bandwidth for Korea and Southern Asia. SpaceX's Falcon 9 rocket successfully delivered Koreasat-5A to its designated orbit, marking the the company's 16th successful mission of the year -- twice the number of successful missions in 2016. Shortly after liftoff, the first stage of the rocket returned to Earth and landed (flamboyantly) in the Atlantic Ocean on one of SpaceX's autonomous barges. (The fires eventually went out.) It was the 13th successful landing of a Falcon 9 rocket this year, the 15th in a row, and the 19th overall.

Indiana Is Purging Voters Using Software That's 99 Percent Inaccurate, Lawsuit Alleges (thedailybeast.com) 284

An anonymous reader quotes a report from The Daily Beast: More than 99 percent of voter fraud identified by a GOP-backed program is false, a study by Harvard, Yale, and Microsoft researchers found. Now Indiana is using the faulty program to de-register voters without warning. In July, Indiana rolled out a new law allowing county officials to purge voter registrations on the spot, based on information from a dubious database aimed at preventing voter fraud. That database, the Interstate Voter Registration Crosscheck Program, identifies people in different states who share the same name and birthdate. Crosscheck has long been criticized as using vague criteria that disproportionately target people of color. Now Indiana voters who share a name and birthdate with another American can have their registrations removed without warning -- a system ripe for abuse, a new lawsuit claims. Crosscheck's premise is simple. The program aims to crack down on people "double voting" in multiple states, by listing people who share a first name, last name, and birthdate.

Indiana has used Crosscheck for years. But until July, the state had a series of checks on the program. If Crosscheck found that an Indiana resident's name and birthdate matched that of a person in another state, Indiana law used to require officials to ask that person to confirm their address, or wait until that person went two general election cycles without voting, before the person's name was purged from Indiana voter rolls. Under the state's new law, officials can scrub a voter from the rolls immediately. That's a problem for Indiana residents, particularly people of color, a Friday lawsuit from Common Cause and the American Civil Liberties Union argues.


How Kodi Took Over Piracy (wired.com) 98

A reader shares a report: For years, piracy persisted mainly in the realm of torrents, with sites like The Pirate Bay and Demonoid connecting internet denizens to premium content gratis. But a confluence of factors have sent torrent usage plummeting from 23 percent of all North American daily internet traffic in 2011 to under 5 percent last year. Legal crackdowns shuttered prominent torrent sites. Paid alternatives like Netflix and Hulu made it easier just to pay up. And then there were the "fully loaded" Kodi boxes -- otherwise vanilla streaming devices that come with, or make easily accessible, so-called addons that seek out unlicensed content -- that deliver pirated movies and TV shows with push-button ease. "Kodi and the plugin system and the people who made these plugins have just dumbed down the process," says Dan Deeth, spokesperson for network-equipment company Sandvine. "It's easy for anyone to use. It's kind of set it and forget it. Like the Ron Popeil turkey roaster." Kodi itself is just a media player; the majority of addons aren't piracy focused, and lots of Kodi devices without illicit software plug-ins are utterly uncontroversial. Still, that Kodi has swallowed piracy may not surprise some of you; a full six percent of North American households have a Kodi device configured to access unlicensed content, according to a recent Sandvine study. But the story of how a popular, open-source media player called XBMC became a pirate's paradise might. And with a legal crackdown looming, the Kodi ecosystem's present may matter less than its uncertain future.

Sprint Owner SoftBank Calls Off T-Mobile Merger Talks, Reports Say (tmonews.com) 48

Japan's conglomerate SoftBank, which owns Sprint, has pulled the plug on a proposed merger between the two carriers, several news outlets reported on Monday. From a report: SoftBank will reportedly propose ending merger talks with T-Mobile parent company Deutsche Telekom as soon as Tuesday, October 31st. That's according to Nikkei, which says that SoftBank wants to end merger talks due to "a failure to agree on ownership of the combined entity." It's said that Deutsche Telekom insisted on a controlling stake of the combined T-Mobile-Sprint, and that some people at SoftBank were okay with that as long as SoftBank had some sort of influence. However, SoftBank's board recently decided that it wouldn't give up control, and today it decided that it wants to call off the merger talks. Sprint and T-Mobile shares fell following the media reports.

2017: The Year That Horror Saved Hollywood (qz.com) 96

A reader shares a report: If there's a silver lining in any of that for America's film industry, it's that the horror genre is still plugging merrily along, seemingly immune to the financial troubles that have befallen most studios. As the rest of Hollywood flounders in 2017, horror is in the midst of its highest-grossing year ever. On the backs of huge hits like It and Get Out, the horror genre has combined for a record $733.5 million in the US this year, according to box office data compiled by the New York Times (paywall). The year has proven that horror films are more than just cheaply made movies for niche audiences and can still cross into the mainstream to become bona fide successes. Ticket sales during the 2017 summer movie season, billed by Variety as "The Summer of Hell," were down nearly 11% from last year due to a series of epic flops, namely King Arthur: Legend of the Sword and The Dark Tower. Arguably the only saving grace was It, the adaptation of the novel of the same name by Stephen King that became the highest-grossing horror film of all time in September (not adjusted for inflation). Today, it has made a very fitting $666.6 million (seriously) worldwide, according to Box Office Mojo. Following a solid first half of 2017 with Dunkirk and Wonder Woman, It helped Warner Bros. rebound from the disastrous King Arthur and the disappointing Blade Runner 2049 -- to say nothing of this month's box office catastrophe, Geostorm.

Microsoft is Killing Outlook.com Premium (thurrott.com) 38

Paul Thurrott, writing for Thurrott.com: A support document describing new premium Outlook.com features for Office 365 subscribers hides the real story today: Microsoft just killed Outlook.com Premium. I wrote earlier about how Microsoft was bringing some Outlook.com Premium features, like an ad-free inbox, to Office 365 Home and Personal subscribers. That's great news, of course. But a related support document buries the lede. "The Outlook.com Premium standalone offering is now closed to new subscribers," the support document notes. "Current subscribers can renew their subscriptions to continue receiving subscription benefits." Yikes. There's also a link to another support document that continues this conversation. But there really isn't much more to say. If you're already using Outlook.com Premium, you can continue to do so. And for now, at least, you can even renew the subscription and keep using its unique features, like custom domain support.

Bug in Google's Bug Tracker Lets Researcher Access List of Company's Vulnerabilities (vice.com) 32

Lorenzo Franceschi-Bicchierai, writing for Motherboard: Google's platform to deal with bugs and unpatched vulnerabilities had a bug that allowed a security researcher to see a full list of known, unpatched vulnerabilities within Google, creating a kind of bug inception that could have led to more damaging hacks. Alex Birsan, a security researcher, found three vulnerabilities inside the Google Issue Tracker, the company's internal platform where employees keep track of requested features or unpatched bugs in Google's products. The largest one of these was one that allowed him to access the internal platform at all. The company has quickly patched the bugs found by Birsan, and there's no evidence anyone else found the bugs and exploited them. Still, these were bad bugs, especially the one that gave him access to the bug-tracking platform, which could have provided hackers with a list of vulnerable targets at Google. "Exploiting this bug gives you access to every vulnerability report anyone sends to Google until they catch on to the fact that you're spying on them," Birsan told Motherboard in an online chat. "Turning those vulnerability reports into working attacks also takes some time/skill. But the bigger the impact, the quicker it gets fixed by Google. So even if you get lucky and catch a good one as soon as it's reported, you still have to have a plan for what you do with it."

Carbon Pollution Touched 800,000 Year Record in 2016, WMO Says (bloomberg.com) 262

Carbon dioxide levels surged to their highest level in at least 800,000 years because of pollution caused by humans and a strong El Nino event, according to the World Meteorological Organization. From a report: Concentrations of the greenhouse gas increased at a record speed in 2016 to reach an average of 403.3 parts per million, up from 400 parts per million a year earlier, the WMO said in a statement on Monday warning of "severe ecological and economic disruptions." The WMO said the last time the Earth had a comparable concentration of CO2s, the temperature of the planet was 2 degrees to 3 degrees Celsius warmer and sea levels were 10 meters to 20 meters higher than now.

The Meaning of AMP (adactio.com) 72

Last week, Ethan Marcotte, an independent web designer, shared how Google describes AMP (Accelerated Mobile Pages). People at Google says AMP "isn't a 'proprietary format'; it's an open standard that anyone can contribute to." But that definition, Marcotte argues, isn't necessarily an honest one. He writes: On the face of it, this statement's true. AMP's markup isn't proprietary as such: rather, all those odd-looking amp- tags are custom elements, part of the HTML standard. And the specification's published, edited, and distributed on GitHub, under one of the more permissive licenses available. So, yes. The HTML standard does allow for the creation of custom elements, it's true, and AMP's license is quite liberal. But spend a bit of time with the rules that outline AMP's governance. Significant features and changes require the approval of AMP's Technical Lead and one Core Committer -- and if you peruse the list of AMP's Core Committers, that list seems exclusively staffed and led by Google employees. Now, there's nothing wrong with this. After all, AMP is a Google-backed project, and they're free to establish any governance model they deem appropriate. But when I hear AMP described as an open, community-led project, it strikes me as incredibly problematic, and more than a little troubling. AMP is, I think, best described as nominally open-source. It's a corporate-led product initiative built with, and distributed on, open web technologies. Jeremy Keith, a web developer, further adds: If AMP were actually the product of working web developers, this justification would make sense. As it is, we've got one team at Google citing the preference of another team at Google but representing it as the will of the people. This is just one example of AMP's sneaky marketing where some finely-shaved semantics allows them to appear far more reasonable than they actually are. At AMP Conf, the Google Search team were at pains to repeat over and over that AMP pages wouldn't get any preferential treatment in search results ... but they appear in a carousel above the search results. Now, if you were to ask any right-thinking person whether they think having their page appear right at the top of a list of search results would be considered preferential treatment, I think they would say hell, yes! This is the only reason why The Guardian, for instance, even have AMP versions of their content -- it's not for the performance benefits (their non-AMP pages are faster); it's for that prime real estate in the carousel. The same semantic nit-picking can be found in their defence of caching. See, they've even got me calling it caching! It's hosting. If I click on a search result, and I am taken to page that has a URL beginning with https://www.google.com/amp/s/... then that page is being hosted on the domain google.com. That is literally what hosting means. Now, you might argue that the original version was hosted on a different domain, but the version that the user gets sent to is the Google copy. You can call it caching if you like, but you can't tell me that Google aren't hosting AMP pages. That's a particularly low blow, because it's such a bait'n'switch.

Slashdot Top Deals