Nov 17

“Mozilla is no longer fighting for market share of its browser: it is fighting for the future of the web,” writes the Guardian, citing Mozilla Project co-founder Mitchell Baker:

Baker’s pitch is that only Mozilla is motivated, first and foremost, to make using the web a pleasurable experience. Google’s main priority is to funnel user data into the enormous advertising engine that accounts for most of its revenue. Apple’s motivation is to ensure that customers continue to buy a new iPhone every couple of years and don’t switch to Android….”

Firefox now runs sites such as Facebook in “containers”, effectively hiving the social network off into its own little sandboxed world, where it can’t see what’s happening on other sites. Baker says: “It reduces Facebook’s ability to follow you around the web and track you when you’re not on Facebook and just living your life….” Mozilla has launched Monitor, a data-breach reporting service; Lockwise, a password manager; and Send, a privacy-focused alternative to services such as WeSendit. It’s also beta-testing a VPN (virtual private network) service, which it hopes to market to privacy-conscious users…

Apple’s iOS (mobile operating system) is an acknowledged disaster for Mozilla. Safari is the default and, while users can install other browsers, they come doubly hindered: they can never be set as the default, meaning any link clicked in other applications will open in Safari; and they must use Safari’s “rendering engine”, a technical limitation that means that even the browsers that Firefox does have on the platform are technically just fancy wrappers for Apple’s own browser, rather than full versions of the service that Mozilla has built over the decades… “Even if you do download a replacement, iOS drops you back into the default. I don’t know why that’s acceptable. Every link you open on a phone is the choice of the phone maker, even if you, as a user, want something else.”

Summarizing Baker’s concerns, the Guardian writes that “It is perfectly possible to build a browser that prevents advertising companies from aggregating user data. But it is unlikely that any browser made by an advertising company would offer such a feature…”

And an activist for the Small Technology Foundation tells them that Google “wants the web to go through Google. It already mostly does: with eyes on 70% to 80% of the web.”

Read more of this story at Slashdot.

full article

Nov 17

Gizmodo reports that Sony “will happily sell you make-believe virtual meals” for their robotic Aibo dog to unlock tricks, one of several new features added since its re-launch in 2017:

The new feature that will appeal to most owners, however, is Aibo Food, which allows the robot to be virtually fed using augmented reality through the Aibo smartphone app. Meals can be purchased using coins, which are awarded to users through random actions like repeatedly using the Aibo app, or during special events. But once users runs out of coins, which is bound to quickly happen as they try out the new Aibo Food feature, they can either wait for more Sony handouts or purchase additional coins for a fee.

Sony points out that Aibo’s performance and features aren’t dependent on whether the dog is regularly fed — it is, after all, just a robot. So hopefully the company won’t change its mind down the line, making your pup act sluggish and distracted when you’re not forking out for pretend food…. Of course, other complications arrive once you start feeding an animal, and the new software update also allows users to finally potty train their Aibos using a new mapping feature so the robot doesn’t pretend-shit all over your house.

This appears to be a free feature, until Sony realises it can sell owners virtual poop bags.

There’s also a new web-based API/developer program that lets you program the robot dog to perform custom actions — and Aibo dogs now come equipped with some new patrol/security functionality.

“Using its facial recognition and room-mapping capabilities, Aibo will be able to patrol homes and locate various family members, providing reports on where everyone is, and helping owners track down specific people, according to Sony.”

Read more of this story at Slashdot.

full article

Nov 14

Over a two-week period, the computer networks at more than half of the Fortune 500 left a remote access protocol dangerously exposed to the internet, something many experts warn should never happen, according to new research by the security firm Expanse and 451 research. From a report: According to Coveware, more than 60% of ransomware is installed via a Windows remote access feature called Remote Desktop Protocol (RDP). It’s a protocol that’s fine in secure environments but once exposed to the open internet can, at its best, allow attackers to disrupt access and, at its worst, be vulnerable to hacking itself. RDP is a way of offering virtual access to a single computer. It allows, for example, an IT staffer in one office to provide tech support for a baffled user in a different office. But RDP is best used over a secured network rather than over the open internet. “We compare exposed RDP to leaving a computer attached to your network out on your lawn,” Matt Kraning, co-founder and CTO of Expanse, told Axios.

Read more of this story at Slashdot.

full article

Nov 13

An anonymous reader writes: A team of academics has disclosed today two vulnerabilities known collectively as TPM-FAIL that could allow an attacker to retrieve cryptographic keys stored inside TPMs. The first vulnerability is CVE-2019-11090 and impacts Intel’s Platform Trust Technology (PTT). Intel PTT is Intel’s fTPM software-based TPM solution and is widely used on servers, desktops, and laptops, being supported on all Intel CPUs released since 2013, starting with the Haswell generation. The second is CVE-2019-16863 and impacts the ST33 TPM chip made by STMicroelectronics. This chip is incredibly popular and is used on a wide array of devices ranging from networking equipment to cloud servers, being one of the few chips that received a CommonCriteria (CC) EAL 4+ classification — which implies it comes with built-in protection against side-channel attacks like the ones discovered by the research team. Unlike most TPM attacks, these ones were deemed practical. A local adversary can recover the ECDSA key from Intel fTPM in 4-20 minutes depending on the access level. We even show that these attacks can be performed remotely on fast networks, by recovering the authentication key of a virtual private network (VPN) server in 5 hours.

Read more of this story at Slashdot.

full article

Nov 12

The IRS’s criminal division identified “dozens” of potential cryptocurrency tax evaders or cybercriminals after a meeting this week with tax authorities from four other countries. Bloomberg reports: Officials from the U.S., U.K., Australia, Canada and the Netherlands — known as the Joint Chiefs of Global Tax Enforcement — shared data, tools and tax enforcement strategies to find new leads in a quest to mitigate cross-border money-laundering, tax evasion and cybercrime. The IRS’s cybercrime unit has developed expertise in “who is moving the money and where it’s going,” Ryan Korner, a senior special agent in the IRS’s Criminal Investigations office in Los Angeles, said in a call with reporters Friday. “We have tools in place that we didn’t have six months or a year ago.”

The effort is part of the Internal Revenue Service’s renewed focus on fighting tax evasion tied to cryptocurrency as digital currency has become more popular and gained in value. The agency has struggled in recent years to enforce tax laws and keep up with criminals as technology has advanced. “Tax fraud is not a new crime, but the sophistication with which criminals commit tax fraud has significantly increased through cyber-related activities in recent years,” the joint chiefs said in a statement. “Data breaches, intrusions, takeovers and compromises are the new tools that criminals use to commit tax crimes.” The IRS is preparing for a new wave of cryptocurrency audits. The agency sent letters to more than 10,000 people earlier this year, warning that they might be subject to penalties for skirting taxes on their virtual investments. The IRS and its partners are using data from previous enforcement activities to find new criminals, Korner said. Using the data from the five countries gives them a broader view of how accounts, money and people are connected.

Read more of this story at Slashdot.

full article

Nov 11

According to a report by The Information, Apple is planning to launch an augmented reality (AR) headset in 2022, followed by a sleeker pair of AR glasses in 2023. From a report: While we’ve heard loads of similar reports over the years, this one — if accurate — is different. First, The Information claims that Apple CEO Tim Cook spoke about the project at an internal gathering of as many as 1,000 Apple employees, which is an uncommonly large number. Second, the report contains loads of details, not only about the AR headset/glasses hardware, but also about Apple’s plans and ideas about the concept of wearable augmented reality devices.

First, the headset. It’s code-named N301 and will be a virtual reality and augmented reality hybrid. On the outside, it will look like a “sleeker” Oculus Quest, with cameras mounted on the outside (important for AR, which must include a way to view reality in order to mix virtual elements into it). It will be lightweight and comfortable enough to be worn for extended periods of time, the report says. Inside, the headset will have a high-resolution display and 3D-mapping capabilities, as well as the ability to detect humans. Perhaps the more interesting gadget of the two are the AR glasses, which are code-named N421. These will be meant to worn all day, meaning they’ll have to be slimmer, lighter and more comfortable than the headset. Apple’s current prototypes are essentially sunglasses with “thick frames” with the electronics stuffed inside, the report says — perhaps (my guess) something similar to Snap’s Spectacles.

Read more of this story at Slashdot.

full article

Nov 09

An anonymous reader quotes a report from Bloomberg: Singapore’s welcome mat to virtual banks is going beyond its own shores. The island nation wants to become a regional hub for technology firms with advanced data expertise, said Ravi Menon, managing director of the Monetary Authority of Singapore. Doing so would improve banking services at home and in other parts of Southeast Asia, he said. “Singapore wants to be a base for these players as they grow in the region,” Menon, who has led the financial regulator since 2011, said in a recent interview. “And that means anchoring them here at the early stage of their development, and allowing them access to the domestic banking market.

Singapore’s traditional incumbents likeDBS Group Holdings Ltd., Oversea-Chinese Banking Corp. and United Overseas Bank Ltd. already provide digital services through mobile phones and other channels. Still, more can be done by technology firms, according to Menon. “Some of these other players use a range of other data to make very quick assessments and are able to disburse these loans in a very short space of time,” Menon said. “Those kinds of things are not met adequately or as easily, or it would require tremendous additional cost or effort on the part of traditional banks.” Menon said he expects non-financial firms to work with traditional banks through joint ventures and other combinations. “As with all competition, you will see some consolidation taking place, some creative destruction taking place,” Menon said. “What’s most important for us as policy makers is to make sure that the consumer benefits.” .

Read more of this story at Slashdot.

full article

Nov 08

The latest version of Chrome OS, version 78, adds separate browser and device settings, click-to-call, and picture-in-picture support for YouTube. It also introduces virtual desktop support for the operating system with a feature called Virtual Desks. 9to5Google reports: Chrome is getting another cross-device sharing feature after “Send this page” widely rolled in September. With “click-to-call,” you can right-click on phone number links — like tel:800-800-8000 — to have them sent to your Android device. It’s quicker than manually entering those digits or transferring via email. Chrome OS 78 will separate browser and device settings. The former is accessible directly at chrome://settings and what opens when clicking “Settings” at the bottom of the Overflow menu in the top-right corner of any browser window. It opens as a tab and provides web-related preferences. Meanwhile, chrome://os-settings opens as its own window, and can be accessed from the quick settings sheet. It provides device options like Wi-Fi, Bluetooth, and Assistant in a white Material Theme UI with an icon in the launcher/app shelf.

YouTube for Android now supports picture-in-picture with Chrome OS 78. After starting a video in the mobile client, switching to another window, covering, or minimizing the app will automatically open a PiP in the bottom-right corner. Available controls include switching to audio, play/pause, and skipping to the next track. In the top-left, you can expand the window and a settings gear on the other side allows you to open system settings. Tapping in the center expands and returns you to the YouTube Android app. Chrome OS 78 simplifies the printing experience by automatically listing compatible printers without any prior setup required. There are also a number of Linux on Chrome OS enhancements in this version:

- Backups of Linux apps and files can now be saved to local storage, external drive, or Google Drive. That copy can be then restored when setting up a new computer.
- Crostini GPU support will be enabled by default for a “crisp, lower-latency experience.”
- You’ll be warned when using a Linux app that does not support virtual keyboard in tablet mode.

Read more of this story at Slashdot.

full article

Nov 07

Earlier this year at Mobile World Congress in Barcelona, Microsoft announced the second generation of its HoloLens augmented reality visor. Today, the $3,500 HoloLens 2 is going on sale in the United States, Japan, China, Germany, Canada, United Kingdom, Ireland, France, Australia and New Zealand, the same countries where it was previously available for pre-order. From a report: Ahead of the launch, I got to spend some time with the latest model, after a brief demo in Barcelona earlier this year. Users will immediately notice the larger field of view, which still doesn’t cover your full field of view, but offers a far better experience compared to the first version (where you often felt like you were looking at the virtual objects through a stamp-sized window). The team also greatly enhanced the overall feel of wearing the device. It’s not light, at 1.3 pounds, but with the front visor that flips up and the new mounting system that is far more comfortable. In regular use, existing users will also immediately notice the new gestures for opening up the Start menu (this is Windows 10, after all). Instead of a ‘bloom’ gesture, which often resulted in false positives, you now simply tap on the palm of your hand, where a Microsoft logo now appears when you look at it.

Read more of this story at Slashdot.

full article

Nov 04

An anonymous reader writes: At Ignite 2019 today, Microsoft launched Visual Studio Online public preview. Visual Studio Online meshes Visual Studio, cloud-hosted developer environments, and a web-based editor. AI, big data, and cloud computing are shifting development beyond the “standard issue development laptop,” and Visual Studio Online is clearly a reflection of this trend. “Visual Studio Online philosophically (and technically) extends Visual Studio Code Remote Development to provide managed development environments that can be created on-demand and accessed from anywhere,” Microsoft explained today. “These environments can be used for long-term projects, to quickly prototype a new feature, or for short-term tasks, like reviewing pull requests.” The company also announced the public preview of its Power Virtual Agents tool, a new no-code tool for building chatbots that’s part of the company’s Power Platform, which also includes Microsoft Flow automation tool, which is being renamed to Power Automate today, and Power BI. From a report: Built on top of Azure’s existing AI smarts and tools for building bots, Power Virtual Agents promises to make building a chatbot almost as easy as writing a Word document. With this, anybody within an organization could build a bot that walks a new employee through the onboarding experience for example. “Power virtual agent is the newest addition to the Power Platform family,” said Microsoft’s Charles Lamanna. “Power Virtual Agent is very much focused on the same type of low code, accessible to anybody, no matter whether they’re a business user or business analyst or professional developer, to go build a conversational agent that’s AI-driven and can actually solve problems for your employees, for your customers, for your partners, in a very natural way.” Further reading: Microsoft rebrands Flow as Power Automate, adds RPA features and virtual agents; and Visual Studio IntelliCode gets whole-line code completions, dynamic refactoring detection.

Read more of this story at Slashdot.

full article

«     |     ?     |     »