Slashdot.org

reg (Slashdot user #5,428) writes: A Windows security patch in June broke the display of many Windows Metafile graphics across all supported versions of Windows, resulting in many old PowerPoint files and Word documents not displaying figures, and graphics from some popular applications not displaying, including at least some ESRI GIS products and files created using the devEMF driver in R. This likely also impacts EMF files created with Open Source Office suites. While the problem can be fixed by recreating the files using a newer set of options, or resorting to using bitmaps, it means that presentations or documents that used to display perfectly no longer do. Microsoft promised a fix in July, but there is still no news of when it will be available.

Read more of this story at Slashdot.

"This week's Windows updates fix critical 'wormable' [Bluekeep] flaws but may also break Visual Basic apps, macros, and scripts," warns ZDNet: "After installing this update, applications that were made using Visual Basic 6 (VB6), macros using Visual Basic for Applications (VBA), and scripts or apps using Visual Basic Scripting Edition (VBScript) may stop responding and you may receive an 'invalid procedure call error'," Microsoft says. The issue affects all supported versions of Windows 10, Windows 7, Windows 8.1, and their corresponding server versions. "Microsoft is presently investigating this issue and will provide an update when available," the company said. Microsoft didn't offer an explanation for the problem but it did flag earlier this month that it will move ahead with sunsetting VBScript, by disabling it in IE11 by default via an update in this week's patch. "The change to disable VBScript will take effect in the upcoming cumulative updates for Windows 7, 8, and 8.1 on August 13, 2019," Microsoft warned in a blog post. The change brought these versions of Windows in line with Windows 10. However, it's not clear that the issues under investigation are related to this measure. Regardless of the cause, the error could be a hassle for organizations that rely on Microsoft's various incarnations of Visual Basic... In a blog post shared by Slashdot reader CaptainDork, Microsoft warned that "any future malware that exploits these could propagate from vulnerable computer to vulnerable computer without user interaction." "The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions."

Read more of this story at Slashdot.

option8 ((Slashdot reader #16,509) writes: TL;DR: Mining Bitcoin on a 1MHz 8-bit processor will cost you more than the world's combined economies, and take roughly 256 trillion years. "But it could happen tomorrow. It's a lottery, after all," explains the blog post (describing this mad scientist as a hardware hacker and "self-taught maker", determined to mine bitcoin "in what must be the slowest possible way. I call it 8BITCOIN....") There's also a Twitch.TV stream, with some appropriate 8-bit music, and the blog post ends by including his own bitcoin address, "If you feel like you absolutely must throw some money at me and this project." "Upon doing some research, I found that, not only were other 8-bit platforms being put to the task, but other, even more obscure and outdated hardware. An IBM 1401 from the 1960s, a rebuilt Apollo Guidance Computer, and even one deranged individual who demonstrated the hashing algorithm by hand. It turns out, those examples all come from the same deranged individual, Ken Shirriff."

Read more of this story at Slashdot.

"Upcoming changes in Google Chrome and Mozilla Firefox may finally spark the end for Extended Validation certificates as the browsers plan to do away with showing a company's name in the address bar," reports Bleeping Computer. When connecting to a secure web site, an installed SSL/TLS certificate will encrypt the communication between the browser and web server. These certificates come in a few different flavors, with some claiming to offer a more thorough verification process or extra perks. One certificate, called EV Certificates, are known for having a browser display the owner of the certificate directly in the browser's address bar. This allegedly makes the site feel more trustworthy to a visitor. In reality, the different types of SSL/TLS certificates all serve a single purpose and that is to encrypt the communication between a browser and web site. Anything extra is seen by many as just a marketing gimmick to charge customers for a more expensive "trustworthy" certificate. In numerous blog posts, security researcher Troy Hunt has stated that EV Certificates will soon be dead as more and more sites switch away from them, because they are much harder to manage due to extra verification times, and because people have become to associate a padlock with a secure site rather than a company name. With Safari already removing EV Certificate company info from the address bar, most mobile browsers not showing it, and Chrome and Mozilla desktop browsers soon to remove it, Hunt's predictions are coming true. EV Certificates will soon be dead. AmiMoJo shared this post from Google's Chromium blog: Through our own research as well as a survey of prior academic work, the Chrome Security UX team has determined that the EV UI does not protect users as intended. Users do not appear to make secure choices (such as not entering password or credit card information) when the UI is altered or removed, as would be necessary for EV UI to provide meaningful protection. Further, the EV badge takes up valuable screen real estate, can present actively confusing company names in prominent UI, and interferes with Chrome's product direction towards neutral, rather than positive, display for secure connections. Because of these problems and its limited utility, we believe it belongs better in Page Info.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Reuters: The U.S. Commerce Department is expected to extend a reprieve given to Huawei Technologies that permits the Chinese firm to buy supplies from U.S. companies so that it can service existing customers, two sources familiar with the situation said. The "temporary general license" will be extended for Huawei for 90 days, the sources said. Commerce initially allowed Huawei to purchase some American-made goods in May shortly after blacklisting the company in a move aimed at minimizing disruption for its customers, many of which operate networks in rural America. An extension will renew an agreement set to lapse on August 19, continuing the Chinese company's ability to maintain existing telecommunications networks and provide software updates to Huawei handsets. The situation surrounding the license, which has become a key bargaining chip for the United States in its trade negotiations with China, remains fluid and the decision to continue the Huawei reprieve could change ahead of the Monday deadline, the sources said.

Read more of this story at Slashdot.

Last November, YouTube announced that it would be removing the paywall for its original programming starting in 2019. Now, we have more details on exactly how and when this will work. Android Central reports: Per a statement sent out by the YouTube team: "New YouTube Originals series, movies, and live events released after September 24, 2019 will be made available to non-members to watch for free, with ads. For series, members will get immediate access to every episode of a new season, while non-members will have to wait for each new episode to be released." It appears that YouTube Originals content released prior to that September 24 date will remain exclusive to Premium subscribers, but going forward, it'll be fair game for everyone. While that does slightly water-down the perks of being a YouTube Premium subscriber, it's also noted that paying customers will gain access to additional footage that won't be available for free users: "In most cases, where available, Director's cuts and bonus footage for YouTube Originals movies and live events will be exclusive to members like you, as well."

Read more of this story at Slashdot.

schwit1 shares a report from Smithsonian: In the summer of 2015, when Smithsonian research zoologist Anna Phillips and other scientists were standing in slow-moving swamp water, letting leeches latch onto their bare legs or gathering them up in nets from muddy pond bottoms, they didn't realize that some of the bloodsuckers they'd collected belonged to an entirely new species. But in a just-published paper in the Journal of Parasitology, Phillips and her colleagues from the Universidad Nacional Autonoma de Mexico and the Royal Ontario Museum report that a previously unknown leech species, Macrobdella mimicus, is the first to be discovered on the continent in more than 40 years. Parasitologists typically rely on the arrangement of pores on the bottom of leeches' bodies to help distinguish species. With a close inspection, the researchers noticed a subtle difference in the spacing of the leeches' accessory pores. (While leeches are hermaphrodites, they mate with other leeches, and accessory pores secrete mucus that allows the mating leeches to stick together.) M. decora had four accessory pores grouped in two rows of two, just like the outlier group, but the new species had a set of pores located several millimeters farther back on their body. The similar pore pattern, however, led Phillips and the other scientists to name the new species Macrobdella mimicus, after the Greek word for "imitator" or "actor." The new species is olive-green with orange spots, about as long as a cigarette and as wide as two. It has three jaws, each containing 56 to 59 teeth (fewer than M. decora), which it can use to bite and siphon blood from humans. Leeches like this species can suck two to five times their body weight in blood thanks to expandable pockets in their intestines, explains Phillips.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Phys.Org: Excess heat given off by smartphones, laptops and other electronic devices can be annoying, but beyond that it contributes to malfunctions and, in extreme cases, can even cause lithium batteries to explode. To guard against such ills, engineers often insert glass, plastic or even layers of air as insulation to prevent heat-generating components like microprocessors from causing damage or discomforting users. Now, Stanford researchers have shown that a few layers of atomically thin materials, stacked like sheets of paper atop hot spots, can provide the same insulation as a sheet of glass 100 times thicker. In the near term, thinner heat shields will enable engineers to make electronic devices even more compact than those we have today, said Eric Pop, professor of electrical engineering and senior author of a paper published Aug. 16 in Science Advances. "To make nanoscale heat shields practical, the researchers will have to find some mass production technique to spray or otherwise deposit atom-thin layers of materials onto electronic components during manufacturing," adds Phys.Org. "But behind the immediate goal of developing thinner insulators looms a larger ambition: Scientists hope to one day control the vibrational energy inside materials the way they now control electricity and light. As they come to understand the heat in solid objects as a form of sound, a new field of phononics is emerging, a name taken from the Greek root word behind telephone, phonograph and phonetics."

Read more of this story at Slashdot.

According to the state-owned China Daily, Huawei is working on a Google Maps alternative with Yandex and Booking.com. The service is expected to be unveiled in October. CNET reports: It's apparently designed to use a tool for software developers to create apps based around its mapping capabilities, rather than for consumer use. It'll connect to local mapping services, cover 150 countries and regions, and be available in 40 languages, the report said. Huawei didn't immediately respond to a request for comment, but the company's ability to access Google's services has been threatened since President Trump blacklisted it in May. That came as a result of U.S. lawmakers' concerns about Huawei's tight relationship with the Chinese government and fears that its equipment could be used for spying. Trump has since said the ban will be eased.

Read more of this story at Slashdot.

Runkeeper this week announced that it will discontinue its Wear OS app in the next few weeks. From a report: The update was emailed to users this week, where the company told users that it decided to end support because "the integration didn't work well / work consistently for most users." In a response to users, Runkeeper elaborated that only a small percentage of Runkeeper users were actually using the Wear OS app. "It was a very buggy experience and difficult for us to maintain and fix," a representative said in an email. "Because we're a small team with limited resources, and having done our research, we ultimately concluded that trying to maintain a partnership that wasn't working well would not be good practice for us."

Read more of this story at Slashdot.

The Japanese anime studio, Khara, is moving to Blender, the the open-source 3D creation software. "It'll begin partially using the software for its current development 'EVANGELION:3.0+1.0' but will make the full switch once that project is finished," reports Neowin. "The current project is expected to end in June next year, so after that point, its employees will start using Blender for the majority of their work." From the report: At the moment, Khara uses 3ds Max from Autodesk on a subscription basis; however, the company found that it had to reach out to small and medium-sized businesses for its projects. Due to the limitations of those companies, it's harder for them to afford 3ds Max. By switching to Blender, Khara says it can work better with external firms. While Blender will be used for the bulk of the work, Khara does have a backup plan if there's anything Blender struggles with; Hiroyasu Kobayashi, General Manager of Digital Dpt. and Director of Board of Khara, said: "There are currently some areas where Blender cannot take care of our needs, but we can solve it with the combination with Unity. Unity is usually enough to cover 3ds Max and Maya as well. Unity can be a bridge among environments."

Read more of this story at Slashdot.

An anonymous reader quotes a report from CNBC: Nvidia's CEO, Jensen Huang, has reason to be concerned about other chipmakers, like AMD. But he's not worried about Nvidia's own big customers turning into competitors. Amazon, Facebook, Google and Tesla are among the companies that buy Nvidia's graphics cards and have kicked off chip-development projects. "There's really one I know of that have silicon that's really in production," Huang told CNBC in an interview on Thursday. That company would be Google, he said. "But our conversation with large customers is intensifying," Huang said. "We're talking to more large customers." Google first announced its entrance into the data center AI chip-making world in 2016. As it came up with new versions, the web company pointed to performance advantages over graphics cards that were available at the time. Google hasn't started selling data center chips for training AI models to other companies, though. (Google has started offering various products that use its Edge tensor processing unit chips, but those chips aren't as powerful as the TPU chips for training AI models in Google's cloud.)

Read more of this story at Slashdot.

A survey of more than 6,000 firmware images spanning more than a decade finds no improvement in firmware security and lax security standards for the software running connected devices by Linksys, Netgear and other major vendors. The Security Ledger reports: "Nobody is trying," said Sarah Zatko, the Chief Scientist at the Cyber Independent Testing Lab (CITL), a non-profit organization that conducts independent tests of software security. "We found no consistency in a vendor or product line doing better or showing improvement. There was no evidence that anybody is making a concerted effort to address the safety hygiene of their products," she said. The CITL study surveyed firmware from 18 vendors including ASUS, D-link, Linksys, NETGEAR, Ubiquiti and others. In all, more than 6,000 firmware versions were analyzed, totaling close to 3 million binaries created from 2003 to 2018. It is the first longitudinal study of IoT software safety, according to Zatko. CITL researchers studied publicly available firmware images and evaluated them for the presence of standard security features such as the use of non-executable stacks, Address Space Layout Randomization (ASLR) and stack guards, which prevent buffer overflow attacks. The results were not encouraging. Time and again, firmware from commonly used manufacturers failed to implement basic security features even when researchers studied the most recent versions of the firmware. For example: firmware for the ASUS RT-AC55U wifi router did not employ ASLR or stack guards to protect against buffer overflow attacks. Nor did it employ a non-executable stack to protect against "stack smashing," another variety of overflow attack. CITL found the same was true of firmware for Ubiquiti's UAP AC PRO wireless access points, as well as DLink's DWL-6600 access point. Router firmware by vendors like Linksys and NETGEAR performed only slightly better on CITL's assessment. CITL researchers also "found no clear progress in any protection category over time," reports The Security Ledger. "Researchers documented 299 positive changes in firmware security scores over the 15 years covered by the study... but 370 negative changes over the same period. Looking across its entire data set, in fact, firmware security actually appeared to get worse over time, not better." On the bright side, the survey found that almost all recent router firmware by Linksys and NETGEAR boasted non-executable stacks. "However, those same firmware binaries did not employ other common security features like ASLR or stack guards, or did so only rarely," says the report.

Read more of this story at Slashdot.

Uber and Lyft tapped transportation consultancy Fehr & Peers to examine their combined vehicle miles traveled (VMT) in six cities in September 2018, and compare that number to the total VMT in each area for the same month. "The results show that while they are vastly out-stripped by personal and commercial vehicles, Uber and Lyft are still responsible for significant shares of VMT in those cities," reports The Verge. From the report: The analysis looks at Boston, Chicago, Los Angeles, San Francisco, Seattle, and Washington, DC. The results are presented on two levels: the regional area, including the surrounding towns and suburbs, and the "core" county of each region that contains the main part of the city with the densest concentration of jobs. The findings show that Uber and Lyft account for just 1-3 percent of VMT in the broader metropolitan areas of each city. But those numbers spike when zooming in on the core county of each city. In San Francisco County, for example, Uber and Lyft make up as much as 13.4 percent of all vehicle miles. In Boston, it's 8 percent; in Washington, DC, it's 7.2 percent. These figures suggest that Uber and Lyft are hitting some cities harder than previously thought. An independent study commissioned by the San Francisco County Transportation Authority looked at 2017 traffic patterns in the county and concluded that TNCs generated about 6.5 percent of the total VMT on weekdays, and 10 percent on weekends. (TNC, which stands for transportation network company, is an industry term used to describe ride-hailing apps like Uber and Lyft.) The findings from Fehr & Peers show totals "nearly twice that previous estimate," said Gregory Erhardt, a professor of civil engineering at the University of Kentucky who has researched Uber and Lyft's effects on public transit ridership. "This difference may be due to the continued increase in TNC use over the intervening two years."

Read more of this story at Slashdot.

An anonymous reader quotes a report from Ars Technica: Election security advocates scored a major victory on Thursday as a federal judge issued a 153-page ruling ordering Georgia officials to stop using its outdated electronic voting machines by the end of the year. The judge accepted the state's argument that it would be too disruptive to switch to paper ballots for municipal elections being held in November 2019. But she refused to extend that logic into 2020, concluding that the state had plenty of time to phase out its outdated touchscreen machines before then. The state of Georgia was already planning to phase out its ancient touchscreen electronic voting machines in favor of a new system based on ballot-marking machines. Georgia hopes to have the new machines in place in time for a presidential primary election in March 2020. In principle, that switch should address many of the critics' concerns. The danger, security advocates said, was that the schedule could slip and Georgia could then fall back on its old, insecure electronic machines in the March primary and possibly in the November 2020 general election as well. The new ruling by Judge Amy Totenberg slams the door shut on that possibility. If Georgia isn't able to switch to its new high-tech system, it will be required to fall back on a low-tech system of paper ballots rather than continue using the insecure and buggy machines it has used for well over a decade. Alex Halderman, a University of Michigan computer scientist who served as the plaintiffs' star witness in the case, hailed the judge's ruling. "The court's ruling recognizes that Georgia's voting machines are so insecure, they're unconstitutional," Halderman said in an email to Ars. "That's a huge win for election security that will reverberate across other states that have equally vulnerable systems."

Read more of this story at Slashdot.

A computer issue is preventing U.S. immigration officials from processing arriving passengers at several airports across the country. "It wasn't immediately clear what caused the problem at U.S. Customs and Border Protection, but the agency said it was investigating," reports CNBC. Agents will be processing people manually until the systems are resolved. One Twitter user posted a video of a long line of an estimated 5,000+ passengers at Dulles International Airport. Another traveler tweeted that passengers on her flight from London weren't allowed to deplane upon arrival in Boston because of the issue. UPDATE 21:28 UTC: NBC News has confirmed that the system shutdown is nationwide, and U.S. Customs and Border Patrol officials are working to determine the cause. You can view the thread here. Story is developing...

Read more of this story at Slashdot.

For years, Naval Research Laboratory meteorologist David Peterson has been obsessed with one of Earth's rarest atmospheric spectacles: thunderclouds formed by raging wildfires. Last week, he became one of the only people on Earth to fly straight through one. From a report: Peterson is the lead forecaster for Fire Influence on Regional to Global Environments and Air Quality (FIREX-AQ), a joint NASA and NOAA-led field campaign that's spending the summer intensively studying wildfire smoke from the ground, the air, and satellites. On August 8, he rode shotgun as NASA's DC-8 research aircraft passed directly through an anvil cloud as it was developing over the 45,000-acre Williams Flats fire currently burning in the Pacific Northwest. Over the next few hours, the plane would conduct the most detailed reconnaissance ever from within a pyrotechnic weather system, making observations and collecting samples that will help researchers to better understand the nature of these dramatic events and how they can impact Earth's climate. "Just being there was the most amazing experience I've ever had while working in science," Peterson said. Pyrocumulonimbus clouds (pyroCbs) only form when conditions are just right -- you need a special combination of atmospheric instability, moisture, and loads of wildfire heat to create an updraft.

Read more of this story at Slashdot.

Sam Biddle, reporting for The Intercept: Nearly 1,500 miles from the Menlo Park headquarters of Facebook, at a company outpost in Austin, Texas, moderators toil around the clock to screen and scrub some the most gruesome, hateful, and heinous posts that make their way onto the social network and its photo-sharing subsidiary, Instagram. They are required to view as many as 800 pieces of disturbing content in a single shift, and routinely turn to on-site counselors to help cope with the procession of stomach-turning images, videos, and text. But some members of this invisible army have complained, in a statement widely circulated within Facebook, that the outsourcing giant that officially employs them, Accenture, has repeatedly attempted to violate the confidentiality of these therapy sessions. The moderators work from within a special section for outsourced staffers at Facebook Austin. The Texas outpost is designed to mimic the look and feel of the company's famously opulent Silicon Valley digs, but Accenture workers say they're reminded daily of their secondary status and denied perks, prestige, and basic respect. This second-class tier at Facebook, a sort of international shadow workforce, has been well documented in the media, from Manila to Arizona, and it's not clear whether the company has done anything to address it beyond issuing defensive PR statements. Moderators in Austin say their job is a brutalizing slog and that Facebook remains largely indifferent to their struggles. Access to on-site counseling is one of the few bright points for this workforce. But now even this grim perk has been undermined by corporate prying, according to a letter drafted by a group of about a dozen Austin moderators who work across Facebook and Instagram. The letter alleges that, starting in early July, Accenture managers attempted to pressure multiple on-site counselors to share information relating to topics discussed in employee trauma sessions. This information was understood by both counselors and Accenture employees to be confidential, said several Accenture sources interviewed by The Intercept. It is not clear what specific information related to the sessions was sought by the managers.

Read more of this story at Slashdot.

An anonymous reader shares a report: Platforms like Facebook, YouTube, and Twitter are banking on developing artificial intelligence technology to help stop the spread of hateful speech on their networks. The idea is that complex algorithms that use natural language processing will flag racist or violent speech faster and better than human beings possibly can. Doing this effectively is more urgent than ever in light of recent mass shootings and violence linked to hate speech online. But two new studies show that AI trained to identify hate speech may actually end up amplifying racial bias. In one study [PDF], researchers found that leading AI models for processing hate speech were one-and-a-half times more likely to flag tweets as offensive or hateful when they were written by African Americans, and 2.2 times more likely to flag tweets written in African American English (which is commonly spoken by black people in the US). Another study [PDF] found similar widespread evidence of racial bias against black speech in five widely used academic data sets for studying hate speech that totaled around 155,800 Twitter posts. This is in large part because what is considered offensive depends on social context. Terms that are slurs when used in some settings -- like the "n-word" or "queer" -- may not be in others. But algorithms -- and content moderators who grade the test data that teaches these algorithms how to do their job -- don't usually know the context of the comments they're reviewing. Both papers, presented at a recent prestigious annual conference for computational linguistics, show how natural language processing AI -- which is often proposed as a tool to objectively identify offensive language -- can amplify the same biases that human beings have. They also prove how the test data that feeds these algorithms have baked-in bias from the start.

Read more of this story at Slashdot.

Police have urged everyone to download a smartphone app they say has already saved several lives. What is it and how does it work? From a report: Kicked. Converged. Soccer. These three randomly chosen words saved Jess Tinsley and her friends after they got lost in a forest on a dark, wet night. They had planned a five-mile circular stroll through the 4,900 acre (2,000 hectare) woodland Hamsterley Forest, in County Durham, on Sunday evening, but after three hours they were hopelessly lost. "We were in a field and had no idea where we were," the 24-year-old care worker from Newton Aycliffe said. "It was absolutely horrendous. I was joking about it and trying to laugh because I knew if I didn't laugh I would cry." At 22:30 BST they found a spot with phone signal and dialled 999. "One of the first things the call-handler told us to do was download the what3words app," Ms Tinsley said. "I had never heard of it." Within a minute of its download, the police said they knew where the group was and the soaked and freezing walkers were swiftly found by the Teesdale and Weardale Search and Mountain Rescue Team. "I have told everyone I know to download this app," Ms Tinsley said. "You never know when you are going to get lost and need it." What3words essentially points to a very specific location. Its developers divided the world into 57 trillion squares, each measuring 3m by 3m (10ft by 10ft) and each having a unique, randomly assigned three-word address. For example, the door of 10 Downing Street is slurs.this.shark, while the area across the road where the press congregate is stage.pushy.nuns.

Read more of this story at Slashdot.