By BeauHD from Slashdot's trying-to-encourage-subscriptions department
An anonymous reader quotes a report from Ars Technica: Disney is rapidly preparing to launch its own streaming service, dubbed Disney+, later this year. While the debut date is still unknown, we now know that the service will include the entire Disney movie library shortly after the service launches. According to a report in Polygon, Disney CEO Bob Iger explained the strategy to investors at a meeting in St. Louis, Missouri, pointing at the retirement of Disney's longstanding "vault." "The service... is going to combine what we call library product, movies, and television, with a lot of original product as well, movies and television," Iger said. "And at some point fairly soon after launch, it will house the entire Disney motion picture library, so the movies that you speak of that traditionally have been kept in a 'vault' and brought out basically every few years will be on the service. And then, of course, we're producing a number of original movies and original television shows as well that will be Disney-branded."
The Disney Vault has been a marketing and sales strategy for years. After a film's initial release run, Disney would sequester the title in its vault for a long period of time. That meant that customers who didn't buy a physical copy of the movie immediately would be out of luck until Disney brought it out of the vault as a new edition or a special release run. This strategy allowed Disney to control film sales and drum up anticipation for titles that were coming out of the vault once the company decided the time was right. But it also frustrated customers who ended up paying high prices for copies of movies that were widely unavailable during their vault stints. This exclusivity will be an important factor for Disney as it competes with other streaming giants like Netflix, Hulu, and Amazon Prime Video.Read Replies (0)
By msmash from Slashdot's how-about-that department
Researchers at Ohio State University, the security company FireEye, and research firm Leidos last week published a paper [PDF] describing a new system that reads millions of tweets for mentions of software security vulnerabilities, and then, using their machine-learning-trained algorithm, assessed how much of a threat they represent based on how they're described. From a report: They found that Twitter can not only predict the majority of security flaws that will show up days later on the National Vulnerability Database -- the official register of security vulnerabilities tracked by the National Institute of Standards and Technology -- but that they could also use natural language processing to roughly predict which of those vulnerabilities will be given a "high" or "critical" severity rating with better than 80 percent accuracy.
"We think of it almost like Twitter trending topics," says Alan Ritter, an Ohio State professor who worked on the research and will be presenting it at the North American Chapter of the Association for Computational Linguistics in June. "These are trending vulnerabilities." A work-in-progress prototype they've put online, for instance, surfaces tweets from the last week about a fresh vulnerability in MacOS known as "BuggyCow," as well as an attack known as SPOILER that could allow webpages to exploit deep-seated vulnerabilities in Intel chips. Neither of the attacks, which the researchers' Twitter scanner labeled "probably severe," has shown up yet in the National Vulnerability Database.Read Replies (0)
By msmash from Slashdot's taking-a-stand department
Democratic presidential candidate Elizabeth Warren is proposing to break up technology companies, including Amazon.com, Google and Facebook, calling them anti-competitive behemoths that are crowding out competition. From a report: "Twenty-five years ago, Facebook, Google, and Amazon didn't exist. Now they are among the most valuable and well-known companies in the world," Warren wrote in a post on the blogging platform Medium. "It's a great story -- but also one that highlights why the government must break up monopolies and promote competitive markets." Warren's call also comes as Democrats have begun to plan for increased oversight of tech companies after winning control of the House in the 2018 midterm elections. On Wednesday, House and Senate Democrats introduced legislation to establish strong net neutrality protections that would look to prevent major service providers from using their power to manipulate how users experience the internet. Update: In a statement, Warren's team said that the proposal would also apply to Apple. "They would have to structurally separate -- choosing between, for example, running the App Store or offering their own apps," a spokesperson said.Read Replies (0)
By BeauHD from Slashdot's out-in-the-open department
Security researchers Bob Diachenko and Vinny Troia discovered an unprotected MongoDB database containing 150GB of detailed, plaintext marketing data -- including hundreds of millions of unique email addresses. An anonymous Slashdot reader shares Diachenko's findings, which were made public today: On February 25th, 2019, I discovered a non-password protected 150GB-sized MongoDB instance. This is perhaps the biggest and most comprehensive email database I have ever reported. Upon verification I was shocked at the massive number of emails that were publicly accessible for anyone with an internet connection. Some of data was much more detailed than just the email address and included personally identifiable information (PII). This database contained four separate collections of data and combined was an astounding 808,539,939 records. As part of the verification process I cross-checked a random selection of records with Troy Hunt's HaveIBeenPwned database. Based on the results, I came to conclusion that this is not just another "Collection" of previously leaked sources but a completely unique set of data. Although, not all records contained the detailed profile information about the email owner, a large amount of records were very detailed. We are still talking about millions of records.
In addition to the email databases, this unprotected Mongo instance also uncovered details on the possible owner of the database -- a company named "Verifications.io" -- which offered the services of "Enterprise Email Validation." Unfortunately, it appears that once emails were uploaded for verification they were also stored in plain text. Once I reported my discovery to Verifications.io the site was taken offline and is currently down at the time of this publication.Read Replies (0)
By BeauHD from Slashdot's self-driving-strategy department
AmiMoJo writes: Tesla has been selling "full self-driving" capability since 2016, promising that "you will be able to summon your Tesla from pretty much anywhere," and that "once it picks you up, you will be able to sleep, read or do anything else en route [sic] to your destination." Last week Tesla shifted the goalposts, redefining "full self-driving" as a number of Level 2 driver assistance features that were already available, and a few new tricks to be delivered later. All will require a qualified driver behind the wheel, paying attention at all times and ready to take over if the car can't handle the situation. Worse, owners who bought the previous full self-driving feature paid $8,000 for it. Tesla is now offering owners who bought their cars prior to the change the same package for $5,000. Owners who paid the $3,000 higher price are unsure if the previously promised technology has been abandoned and Level 2 is now the most they can expect.Read Replies (0)
By BeauHD from Slashdot's new-and-improved department
Version 6.50 of the PlayStation 4's firmware now allows you to remotely play your PS4 games from an iPhone or iPad. "To access it, you'll need to download the Remote Play app for your iOS device, and then pair it with your console," reports The Verge. "Compatible games can then be played over Wi-Fi using the on-screen buttons." From the report: Announced back in 2013, Remote Play originally let you stream games from a PS4 console to the handheld PlayStation Vita, but later in 2016, Sony released Remote Play apps for both Windows and Mac. Although Sony has yet to announce a broader Android version of the service, the existence of an Android version of the app that's exclusive to Sony Xperia phones suggests there aren't any technical barriers. Bringing the functionality to iOS is a huge expansion for Remote Play, although it's a shame that you're not officially able to pair a DualShock 4 controller with the app via Bluetooth for a more authentic experience (although some users have reported being able to get the controller working via a sneaky workaround). If you're prepared to use a non-Sony controller, then you'll be happy to know that MacStories is reporting that other MFi gamepads (such as the SteelSeries Nimbus) work just fine with the iOS app. Other limitations with the functionality are that you'll need an iPhone 7 or 6th-generation iPad or later to use it, and it's also only available over Wi-Fi. You can't use Remote Play from another location over a mobile network. PS4 version 6.50 also adds the ability for you to remap the X and O buttons on the controller.Read Replies (0)
By BeauHD from Slashdot's cease-and-desist department
An anonymous reader quotes a report from The Guardian: Facebook has removed a network of more than 100 accounts and pages for "coordinated inauthentic behavior" on its social networks -- the first time it has done so for UK-based operations seeking to influence British citizens. The operation was spread over Facebook and Instagram and used a network of fake accounts to pose as both far-right activists and their opponents. It ran pages and groups whose names frequently changed in order to drum up more followers and operated fake accounts to engage in hate speech and spread divisive comments on both sides of UK political debate, Facebook says.
The pages, with names like "Anti Far Right Extremists", "Atheists Research Centre", and "Politicalized", attracted about 175,000 followers on Facebook, and a further 4,500 on Instagram, according to the company's head of cybersecurity policy, Nathaniel Gleicher. The pages shared content from mainstream news sources, such as the BBC and the New York Times, but also shared original content, even including administrators actively engaging in debate with users. "We are constantly working to detect and stop this type of activity because we don't want our services to be used to manipulate people," Gleicher said. "We're taking down these pages and accounts based on their behavior, not the content they posted. In each of these cases, the people behind this activity coordinated with one another and used fake accounts to misrepresent themselves, and that was the basis for our action.Read Replies (0)
By BeauHD from Slashdot's recycling-is-broken department
Longtime Slashdot reader Alok writes: High contamination in recycled garbage, such as plastic bags mixed in with the recyclable plastic waste, are causing major problems for sustainability efforts in U.S. This has been exposed as a big problem recently, due to recent stricter China import rules on importing waste materials that led to changes in the sourcing pipelines. Cities such as Philadelphia have ended up processing nearly half of the recycling garbage using waste-to-energy incinerators instead, where they're being burned alongside garbage. "Today, the average U.S. recyclable load is about 25 percent contaminated," reports Gizmodo. "To make their commodities saleable, material recovery facilities started hiring more 'pickers' and buying more equipment to remove items that shouldn't be in the recycling, in addition to slowing down their processing lines." [C]ommunities like Philadelphia are going have to generate cleaner material that is more marketable," Scott McGrath, Environmental Planning Director at the City of Philadelphia Streets Department, said, adding that the city will be focusing more of its efforts on educating residents about what can and cannot be recycled. McGrath said if Philly can convince residents to stop tossing plastic bags in the recycling bin, that alone would be a big deal.
< article continued at Slashdot's recycling-is-broken department
>Read Replies (0)
By BeauHD from Slashdot's change-of-heart department
Amazon is closing all 87 of its U.S. pop-up kiosks, which let customers try and buy gadgets such as smart speakers and tablets in malls, Kohl's department stores and Whole Foods groceries. It's the latest change in Amazon's brick-and-mortar retail strategy. NPR reports: "Across our Amazon network, we regularly evaluate our businesses to ensure we're making thoughtful decisions around how we can best serve our customers," an Amazon spokesperson said Thursday. Instead, the company is expanding Amazon Books and Amazon 4-star retail stores, the spokesperson said. Amazon 4-star stores, currently in New York City, Denver and Berkeley, Calif., sell various products, including consumer electronics, kitchen products and books that are rated 4 stars or above by customers on Amazon.com. The pop-up kiosks are expected to close by the end of April, The Wall Street Journal reported.
The news comes days after a Wall Street Journal report that Amazon plans to open dozens of grocery stores in several major U.S. cities. Those stores would be separate from the Whole Foods Market chain, which Amazon bought in 2017 in a $13.7 billion deal. The Amazon spokesperson declined to comment on the report. Amazon said it launched Amazon pop-up stores in six European countries during the 2018 holiday season. It was unclear if those stores would be affected by the closings.Read Replies (0)
By BeauHD from Slashdot's sneaky-bastards department
An anonymous reader quotes a report from ZDNet: Members of Amnesty International say that Egyptian authorities are behind a recent wave of spear-phishing attacks that have targeted prominent local human rights defenders, media, and civil society organizations' staff. The attacks used a relatively new spear-phishing technique called "OAuth phishing," Amnesty experts said. OAuth phishing is when attackers aim to steal a user account's OAuth token instead of the account password. When a user grants a third-party app the right to access their account, the app receives an OAuth token instead of the user's password. These tokens work as authorization until the user revokes their access. Amnesty investigators said that in the recent spear-phishing campaign that targeted Egyptian activists, authorities created Gmail third-party apps through which they gained access to victim's accounts. Victims would receive an email that looked like a legitimate Gmail security alert. But when they clicked the link, they'd be redirected to a page where a third-party app would request access to their account. Once the victim granted the app access to their Gmail account, the user would be redirected to the account's legitimate security settings page where they'd be left to change their password. Even if the victim changes their password, at this point, the phishers would still have access to the account via the newly acquired OAuth token. The Amnesty International report says the spear-phishing campaign also targeted Yahoo, Outlook and Hotmail users.Read Replies (0)
By BeauHD from Slashdot's be-afraid-be-very-afraid department
Google's bug-hunting researchers known as Project Zero have revealed a fresh zero-day vulnerability in macOS called "BuggyCow." "The attack takes advantage of an obscure oversight in Apple's protections on its machines' memory to enable so-called privilege escalation, allowing a piece of malware with limited privileges to, in some cases, pierce into deeper, far more trusted parts of a victim's Mac," reports Wired. "The trick's name is based on a loophole the hackers found in the so-called copy-on-write, or CoW, protection built into how MacOS manages a computer's memory." From the report: Some programs, when dealing with large quantities of data, use an efficiency trick that leaves data on a computer's hard drive rather than potentially clog up resources by pulling it into memory. That data, like any data in a computer's memory, can sometimes be used by multiple processes at once. The MacOS memory manager keeps a map of its physical location to help coordinate, but if one of those processes tries to change the data, the memory manager's copy-on-write safeguard requires it to make its own copy. Which is to say, a program can't simply change the data shared by all the other processes -- some of which could be more highly privileged, sensitive programs than the one requesting the change.
< article continued at Slashdot's be-afraid-be-very-afraid department
>Read Replies (0)
By BeauHD from Slashdot's new-and-improved department
Yesterday, Tesla launched the next generation Supercharger V3 with higher charging capacity, better efficiency, and more. The biggest new feature is the ability to deliver a new 250 kW of peak power thanks to an "all-new liquid cooled cable design." Electrek reports: According to the company, the cable is "significantly lighter, more flexible, and more efficient" than their current air-cooled cable found on the V2 Superchargers. Other than the cable, the Supercharger V3 should be undifferentiated from V2 at the station. The company didn't even release new pictures for V3. The new 250 kW peak at the station is also enabled by a new 1 MW power cabinet. Instead of using onboard chargers staked together, the new Supercharger is built using technology Tesla developed for its massive grid energy storage system. With the new technology, there will be no power share between stalls like in the current version.
On Tesla's most efficient vehicles, like the Long Range Model 3, the company says that the new Supercharger V3 can add up to 75 miles of range in 5 minutes and charge at a peak rage of 1,000 miles per hour of range. A new 'On-Route Battery Warmup' software feature was also announced. When entering a Supercharger station in your navigation system, the vehicle's software will "intelligently heat the battery to ensure you arrive at the optimal temperature to charge." That's assuming you have enough charge in the battery when you come in. The new feature alone should reduce "average charge times for owners by 25%," according to the automaker. Model S and X owners may be disappointed to hear that the new peak charging rates won't be available for their vehicles at launch. Instead, they will have to wait for a software update "in the coming months." Model 3 vehicles will be the first to receive the software update to support the new speeds.Read Replies (0)