By msmash from Slashdot's internet-of-crap department
The fleets of electric scooters that have inundated cities are alarming enough as is. Now add cybersercurity concerns to the list: Researchers from the mobile security firm Zimperium are warning that Xiaomi's popular M365 scooter model has a worrying bug. From a report: The flaw could allow an attacker to remotely take over any of the scooters to control crucial things like, ahem, acceleration and braking. Rani Idan, Zimperium's director of software research, says he found and was able to exploit the flaw within hours of assessing the M365's security. His analysis found that the scooters contain three software components: battery management, firmware that coordinates between hardware and software, and a Bluetooth module that lets users communicate with their scooter via a smartphone app. The latter leaves the devices woefully exposed.
Idan quickly found that he could connect to the scooter via Bluetooth without being asked to enter a password or otherwise authenticate. From there, he could go a step further and install firmware on the scooter without the system checking that this new software was an official, trusted Xiaomi update. This means that an attacker could easily put malware on a scooter, giving herself full command over it. "I was able to control any of the scooter features without authentication and install malicious firmware," Idan says. "An attacker could brake suddenly, or accelerate a person into traffic, or whatever the worst case scenario you can imagine."Read Replies (0)
By msmash from Slashdot's how-about-that department
The subject under debate was whether the government should subsidize preschools. But the real question was whether a machine called IBM Debater could out-argue a top-ranked human debater. The answer, on Monday night, was no. CNET: Harish Natarajan, the grand finalist at the 2016 World Debating Championships, swayed more among an audience of hundreds toward his point of view than the AI-powered IBM Debater did toward its. Humans, at least those equipped with with degrees from Oxford and Cambridge universities, can still prevail when it comes to the subtleties of knowledge, persuasion and argument. It wasn't a momentous headline victory like we saw when IBM's Deep Blue computers beat the best human chess player in 1997 or Google's AlphaGo vanquish the world's best human players of the ancient game of Go in 2017. But IBM still showed that artificial intelligence can be useful in situations where there's ambiguity and debate, not just a simple score to judge who won a game. "What really struck me is the potential value of IBM Debater when [combined] with a human being," Natarajan said after the debate. IBM's AI was able to dig through mountains of information and offer useful context for that knowledge, he said.Read Replies (0)
By BeauHD from Slashdot's number-crunching department
Reddit's latest funding round values its users at a lower price than any other social network. "The company announced Monday it had raised $300 million in its Series D investment round at a valuation of $3 billion," reports CNBC. "CNBC previously reported the company's annual revenue topped $100 million, according to sources familiar with the matter, and at 330 million monthly active users (MAUs), this would make Reddit's average revenue per user (ARPU) about $0.30." From the report: That estimate would make Reddit's ARPU significantly lower than other social networks, even those with similar MAUs. Twitter, for example, reported 321 MAUs for its latest quarterly report, and with annual revenue of about $3.04 billion in 2018, that would make its ARPU about $9.48. Facebook reported 2.32 billion MAUs in its latest report and ARPU of $7.37. Snap does not report global MAUs, but reported $2.09 ARPU in its latest quarterly report.
Pinterest, which has yet to go public but is preparing for an IPO this year, says on its website it has 250 million monthly users. Pinterest declined to comment on their revenue, but a September article in The New York Times said the company was on track to top $700 million in revenue for 2018. That would bring its ARPU to about $2.80. While Reddit's value per user is much lower than its peers, it is betting its access to a valuable demographic will appeal to advertisers and potentially even draw their dollars from larger rivals like Facebook and Google. The company said half of its MAUs are between the ages of 18 and 24.Read Replies (0)
By BeauHD from Slashdot's good-news-for-people-who-like-bad-news department
For those hoping the next iPhone would ditch the Lightning port in favor of the more versatile USB-C port, you'll surely be disappointed by the latest rumor. "Japanese site Macotakara says that not only will the 2019 iPhone use Lightning, Apple will also continue to bundle the same 5W charger and USB-A to Lightning cable in the box," reports 9to5Mac. "This is seen as a cost saving measure. It seems that customers wanting faster iPhone charge times will still have to buy accessories, like the 12W iPad charger." From the report: The site explains that Lightning port is not going anywhere and Apple is resistant to changing the included accessories to maintain production costs. Apple can benefit from huge economies of scale by selling the same accessories for many generation. As such, Apple apparently will keep bundling Lightning EarPods, Lightning to USB-A cable, and the 5W USB power adaptor, with the 2019 iPhone lineup. This is disappointing as Apple began shipping an 18W USB-C charger with its iPad Pro line last fall, and many expected that accessory to become an iPhone standard too. Even if the iPhone keeps the Lightning port, Lightning can support fast-charging over the USB Type-C protocol. It's not clear if the cost savings of this decision would be passed on to consumers with lower cost 2019 iPhone pricing.Read Replies (0)
By BeauHD from Slashdot's unregulated-industries department
An anonymous reader quotes a report from The New York Times: The Food and Drug Administration on Monday warned 12 sellers of dietary supplements to stop claiming their products can cure diseases ranging from Alzheimer's to cancer to diabetes. At the same time, Dr. Scott Gottlieb, the agency's commissioner, suggested that Congress strengthen the F.D.A.'s authority over an estimated $40 billion industry, which sells as many as 80,000 kinds of powders and pills with little federal scrutiny. These products range from benign substances like vitamin C or fish oil to more risky mineral, herbal and botanical concoctions that can be fatal.
"People haven't wanted to touch this framework or address this space in, really, decades, and I think it's time we do it," Dr. Gottlieb said in an interview. He is particularly concerned about supplements that purport to cure diseases for which consumers should seek medical attention. "We know there are effective therapies that can help patients with Alzheimer's," he said. "But unproven supplements that claim to treat the disease but offer no benefits can prevent patients from seeking otherwise effective care." The companies included TEK Naturals, Pure Nootropics and Sovereign Laboratories. In a letter to TEK Naturals, the F.D.A. and the Federal Trade Commission chastised the company for marketing Mind Ignite as a product "clinically shown to help diseases of the brain such as Alzheimer's and even dementia."Read Replies (0)
By BeauHD from Slashdot's cease-and-desist department
Bobby Guerra, a Democratic member of the Republican-controlled Texas House of Representatives, filed a bill last week that would prohibit wireless carriers from throttling mobile internet service in disaster areas. "A mobile Internet service provider may not impair or degrade lawful mobile Internet service access in an area subject to a declared state of disaster," the bill says. If passed, it would take effect on September 1, 2019. Ars Technica reports: The bill, reported by NPR affiliate KUT, appears to be a response to Verizon's throttling of an "unlimited" data plan used by Santa Clara County firefighters during a wildfire response in California last year. But Guerra's bill would prohibit throttling in disaster areas of any customer, not just public safety officials. Wireless carriers often sell plans with a set amount of high-speed data and then throttle speeds after a customer has passed the high-speed data limit. Even with so-called "unlimited" plans, carriers reserve the right to throttle speeds once customers use a certain amount of data each month.
Despite the Verizon/Santa Clara incident, Federal Communications Commission Chairman Ajit Pai has taken no action to prevent further incidents of throttling during emergencies. Pai's repeal of Obama-era net neutrality rules allows throttling as long as the carrier discloses it, and the commission is trying to prevent states from imposing their own net neutrality rules.Read Replies (0)
By BeauHD from Slashdot's come-and-get-it department
An anonymous reader quotes a report from TechCrunch: Google today announced the general availability of a new API for Google Docs that will allow developers to automate many of the tasks that users typically do manually in the company's online office suite. The API has been in developer preview since last April's Google Cloud Next 2018 and is now available to all developers. As Google notes, the REST API was designed to help developers build workflow automation services for their users, build content management services and create documents in bulk. Using the API, developers can also set up processes that manipulate documents after the fact to update them, and the API also features the ability to insert, delete, move, merge and format text, insert inline images and work with lists, among other things.
The canonical use case here is invoicing, where you need to regularly create similar documents with ever-changing order numbers and line items based on information from third-party systems (or maybe even just a Google Sheet). Google also notes that the API's import/export abilities allow you to use Docs for internal content management systems.Read Replies (0)
By BeauHD from Slashdot's target-acquired department
Amazon has announced that it's acquiring Eero, the maker of mesh home routers. "Amazon says buying Eero will allow the company to 'help customers better connect smart home devices,'" reports The Verge. "It will certainly make Alexa-compatible gadgets easier to set up if Amazon also controls the router technology. Financial terms of the deal are not being disclosed." From the report: Eero kicked off a wave of "smart" mesh router setups designed to overcome the coverage issues and dead zones of traditional routers. Instead of a single router device, multiple access points are used to blanket an entire home or apartment with a strong Wi-Fi signal. The system works as advertised, and it's all controlled with an intuitive smartphone app. Google, Samsung, Linksys, Netgear, and other electronics companies have since followed Eero's lead and released their own mesh bundles.
It sounds as though the Eero brand will live on after the acquisition -- at least in the near term. "By joining the Amazon family, we're excited to learn from and work closely with a team that is defining the future of the home, accelerate our mission, and bring Eero systems to more customers around the globe," said Nick Weaver, Eero's co-founder and CEO. Amazon isn't saying much about its future plans for Eero; might we see an Alexa-enabled router? An Echo that doubles as a Wi-Fi access point sounds nice. The report notes that Amazon will now have "more valuable data on consumers and advance Amazon's growing dominance of the smart home." Last year, Amazon acquired smart doorbell and camera maker Ring and bought Blink in 2017.Read Replies (0)
By BeauHD from Slashdot's vocal-supporter department
Sen. Amy Klobuchar (D-Minn.) said she wanted to "guarantee" net neutrality for all Americans during her 2020 presidential campaign kickoff speech. "[T]he senator bringing it up in her announcement marked perhaps the most high-profile stage the issue has had in terms of recent presidential politics," reports The Daily Dot. From the report: The Minnesota senator brought up the issue among other technology platform goals, including privacy and cybersecurity. "Way too many politicians have their heads stuck in the sand when it comes to the digital revolution. 'Hey guys, it's not just coming. It's here.' If you don't know the difference between a hack and Slack, it's time to pull off the digital highway," she said. "What would I do as president? We need to put some digital rules of the road into law when it comes to people's privacy."
She added: "For too long the big tech companies have been telling you, don't worry, we've got your back," she said. "While your identities, in fact, are being stolen and your data is being mined. Our laws need to be as sophisticated as the people who are breaking them. We must revamp our nation's cybersecurity and guarantee net neutrality for all. And we need to end the digital divide by pledging to connect every household to the internet by 2022, and that means you, rural America." Other Democrats seeking the 2020 nomination have shown support for net neutrality in the past. Rep. Tulsi Gabbard (D-Hawaii) tweeted late last month about reports suggesting that telecom investments have not risen since the FCC's controversial repeal of net neutrality, calling the decision "another handout to big corporations & telecom giants."
Sen. Elizabeth Warren (D-Mass.) also told a crowd in Iowa last month that she believed "in net neutrality the same way I believe everybody should have access to electricity," according to the Washington Post.Read Replies (0)
By msmash from Slashdot's closer-look department
Around 70 percent of all the vulnerabilities in Microsoft products addressed through a security update each year are memory safety issues; a Microsoft engineer revealed last week at a security conference. From a report: Memory safety is a term used by software and security engineers to describe applications that access the operating system's memory in a way that doesn't cause errors. Memory safety bugs happen when software, accidentally or intentionally, accesses system memory in a way that exceeds its allocated size and memory addresses. Users who often read vulnerability reports come across terms over and over again. Terms like buffer overflow, race condition, page fault, null pointer, stack exhaustion, heap exhaustion/corruption, use after free, or double free -- all describe memory safety vulnerabilities. Speaking at the BlueHat security conference in Israel last week, Microsoft security engineer Matt Miller said that over the last 12 years, around 70 percent of all Microsoft patches were fixes for memory safety bugs.Read Replies (0)