Bitcoin's Highly Anticipated 'Lightning Network' Goes Live ( 132

Lightning Labs on Thursday announced the beta release of its highly-anticipated Lightning Network Daemon (LND), a developer-friendly software client used to access Bitcoin's Lightning Network, anonymous readers wrote, citing media reports. From a report: Bitcoin supporters believe that the network has the potential to help the cryptocurrency achieve mass adoption. Bitcoin has struggled in recent months with slow and high-fee transactions, which make it harder for bitcoin to achieve mainstream popularity. Lightning Labs, the company behind the network, also announced on Thursday that it has received investments from major financial technology players, including Square chief executive and Twitter co-founder Jack Dorsey and PayPal chief operating officer David Sacks.

Intel Says 'Partitions' in New Chips Will Correct the Design Flaw that Created Spectre and Meltdown ( 68

Intel said on Thursday it is introducing hardware protections against the Spectre CPU flaw that was discovered last year. From a report: Starting with the Cascade Lake version of its Xeon server processors later this year, Intel will incorporate "protective walls" in its hardware that prevent malicious hackers from using speculative execution techniques to steal private information from the secure part of the processor. These fixes will also ship with the PC version of the Cascade Lake chips, but the tech industry has been much more concerned about the effect of these design flaws on server processors running in data centers and cloud vendors.

The new fixes allow Intel to still benefit from the performance advantages of speculative execution -- in which a processor guesses which upcoming instructions it will need to execute in order to speed things up -- without the security risks. The hardware changes address Variants 2 and 3 of the Spectre and Meltdown issues first disclosed in early January, and software fixes should continue to address Variant 1, Intel said.


Digg Reader To Shut Down This Month -- Latest RSS Service To Bite the Dust ( 105

Digg announced this week that it's shutting down Digg Reader, an app which allows users to follow RSS feeds from sites. From a report: Following the closure of Google Reader, RSS fans flocked to the likes of Feedly, The Old Reader, Digg Reader and Inoreader. Now Digg Reader has announced that it is to close, and users are being advised to export their feeds so they can be imported into an alternative service. Users do not have a great deal of time to grab their data and take it elsewhere. The RSS reader is due to close on March 26, meaning there's less than two weeks to go. No reason has been given for the closure, but presumably the venture either didn't prove as popular as expected, or it was rather more costly to run than anticipated.

Reddit Is Bringing Promoted Posts To Its Mobile Apps ( 43

Reddit is reportedly launching native promoted posts for its mobile apps. "The company said in an email to advertisers that its apps are the most popular way its 330 million monthly active users access Reddit content on mobile, and they now account for 41 percent of time spent on Reddit across all platforms," reports Marketing Land. "Logged-in app users also spend 30 percent more time per day than users who log in from desktop, and 80 percent of app users don't access Reddit on desktop, according to the company." From the report: In-app promoted posts will have all the elements of a standard Reddit post, including upvotes, downvotes and comment threads. The native mobile ads will also include comments, which was not possible before on the mobile ads. Native promoted posts will be available on iOS starting Monday, March 19, and will roll out to Android in the coming weeks.

Microsoft Announces Breakthrough In Chinese-To-English Machine Translation ( 72

A team of Microsoft researchers announced on Wednesday they've created the first machine translation system that's capable of translating news articles from Chinese to English with the same accuracy as a person. "The company says it's tested the system repeatedly on a sample of around 2,000 sentences from various online newspapers, comparing the result to a person's translation in the process -- and even hiring outside bilingual language consultants to further verify the machine's accuracy," reports TechCrunch. From the report: The sample set, called newstest2017, was released just last fall at the research conference WMT17. Deep neural networks, a method of training A.I. systems, allowed the researchers to create more fluent and natural-sounding translations that take into account broader context that the prior approaches, called statistical machine translation. Microsoft's researchers also added their own training methods to the system to improve its accuracy -- things they equate to how people go over their own work time and again to make sure it's right.

The researchers said they used methods including dual learning for fact-checking translations; deliberation networks, to repeat translations and refine them; and new techniques like joint training, to iteratively boost English-to-Chinese and Chinese-to-English translation systems; and agreement regularization, which can generate translations by reading sentences both left-to-right and right-to-left. Zhou said the techniques used to achieve the milestone won't be limited to machine translations. The researchers caution the system has not yet been tested on real-time news stories, and there are other challenges that still lie ahead before the technology could be commercialized into Microsoft's products.
You can play around with the new translation system here.

Google Opens Maps To Bring the Real World Into Games ( 49

Video games may soon look a lot more like the real world. If you've enjoyed the thrill of driving through GTA V and spying out Los Angeles landmarks, then that's a sentiment you're probably going to start feeling a lot more often while you play video games. From a report: The search firm is both opening its Maps platform's real-time data and offering new software toolkits that will help developers build games based on that data. The software includes both a kit to translate map info to the Unity game engine as well as another to help make games using that location data. The combination turns buildings and other landmarks into customizable 3D objects, and lets you manipulate those objects to fit your game world. It can replace every real hotel into an adventurer's inn, for instance, or add arbitrary points of interest for the sake of checkpoints.

Demand For Programmers Hits Full Boil as US Job Market Simmers ( 271

When the American job market heats up, demand for technology talent boils, an anonymous reader writes citing a Bloomberg report. From the story: Nationally, the unemployment rate was 4.1 percent in January, and analysts project that it declined to 4 percent, the lowest since 2000, in Labor Department figures due Friday. For software developers, the unemployment rate was 1.9 percent in 2017, down from 4 percent in 2011. While companies are writing bigger checks, they are also adopting new strategies to find engineers for an economy where software is penetrating even mundane processes. Companies are focusing more on training, sourcing new talent through apprenticeships, and looking at atypical pools of candidates who have transferable skills.

"It is probably the most competitive market in the last 20 years that I have been doing this," said Desikan Madhavanur, chief development officer at Scottsdale, Arizona-based JDA Software, whose products help companies manage supply chains. "We have to compete better to get our fair share." What's happening in the market for software engineers may help illustrate why one of the tightest American labor markets in decades isn't leading to broader wage gains. While technology firms are looking at compensation, they are also finding ways to create the supply of workers themselves, which helps hold costs down.


A Chatbot Can Now Offer You Protection Against Volatile Airline Prices ( 24

The same bot, DoNotPay, that helped users overturn parking tickets and sue Equifax for small sums of money is now offering you protection against volatile airline prices. The Verge reports: Joshua Browder, a junior at Stanford University, designed the new service on the bot in a few months, after experiencing rapidly fluctuating airline prices when flying to California during the wildfires last year. "It annoyed me that every single flight, I could be paying sometimes double or even triple the person next to me in the same type of seat," he told The Verge. Browder first used the service himself and then tested it among his friends in a closed beta. He claims that the average amount saved among the beta testers is $450 a year, though it's not clear how many flights were booked and how much they cost. The service is available to the public starting today. To use it, log in with a Google account, input your phone number, birthday, and credit card information through Stripe. (Browder swears the credit card information won't be stored.) Then the chatbot tells you you're all set. Now, every time you buy airline tickets, whether from an airline's site or a third party, the chatbot will help make sure you pay the lowest price for your class and seat.

US Navy Under Fire In Mass Software Piracy Lawsuit ( 121

An anonymous reader quotes a report from TorrentFreak: In 2011 and 2012, the U.S. Navy began using BS Contact Geo, a 3D virtual reality application developed by German company Bitmanagement. The Navy reportedly agreed to purchase licenses for use on 38 computers, but things began to escalate. While Bitmanagement was hopeful that it could sell additional licenses to the Navy, the software vendor soon discovered the U.S. Government had already installed it on 100,000 computers without extra compensation. In a Federal Claims Court complaint filed by Bitmanagement two years ago, that figure later increased to hundreds of thousands of computers. Because of the alleged infringement, Bitmanagement demanded damages totaling hundreds of millions of dollars. In the months that followed both parties conducted discovery and a few days ago the software company filed a motion for partial summary judgment, asking the court to rule that the U.S. Government is liable for copyright infringement. According to the software company, it's clear that the U.S. Government crossed a line. In its defense, the U.S. Government had argued that it bought concurrent-use licenses, which permitted the software to be installed across the Navy network. However, Bitmanagement argues that it is impossible as the reseller that sold the software was only authorized to sell PC licenses. In addition, the software company points out that the word "concurrent" doesn't appear in the contracts, nor was there any mention of mass installations. The full motion brings up a wide range of other arguments as well which, according to Bitmanagement, make it clear that the U.S. Government is liable for copyright infringement.

Lyft Says Its Revenue Is Growing Nearly 3x Faster Than Uber's ( 53

U.S. ride-sharing company Lyft says it passed $1 billion in revenue last year and that its revenue grew 168 percent year over year in the fourth quarter of 2017, almost three times faster than Uber's reported 61 percent growth. "Uber, of course, is still much larger than Lyft -- it generated a reported $7.5 billion in revenue last year and operates in many more cities and countries," notes Recode. "While its fourth-quarter growth may have been smaller than Lyft's percentage-wise, it was still almost certainly many times larger dollar-wise. Both companies are still unprofitable." From the report: But the big-picture reality is that despite Uber's head start, its early dominance, ability to raise massive amounts of financing, aggressive (often allegedly illegal) growth tactics, faster move into self-driving cars and everything else in its favor, it has not been able to destroy Lyft. Instead, Lyft capitalized somewhat on Uber's missteps and unsavory reputation, raised another $2 billion last year, gained market share, launched its first international market last year (Toronto) and seems poised to exist for the foreseeable future.

'Slingshot' Malware That Hid For Six Years Spread Through Routers 72

An anonymous reader quotes a report from Engadget: Security researchers at Kaspersky Lab have discovered what's likely to be another state-sponsored malware strain, and this one is more advanced than most. Nicknamed Slingshot, the code spies on PCs through a multi-layer attack that targets MikroTik routers. It first replaces a library file with a malicious version that downloads other malicious components, and then launches a clever two-pronged attack on the computers themselves. One, Canhadr, runs low-level kernel code that effectively gives the intruder free rein, including deep access to storage and memory; the other, GollumApp, focuses on the user level and includes code to coordinate efforts, manage the file system and keep the malware alive. Kaspersky describes these two elements as "masterpieces," and for good reason. For one, it's no mean feat to run hostile kernel code without crashes. Slingshot also stores its malware files in an encrypted virtual file system, encrypts every text string in its modules, calls services directly (to avoid tripping security software checks) and even shuts components down when forensic tools are active. If there's a common method of detecting malware or identifying its behavior, Slingshot likely has a defense against it. It's no wonder that the code has been active since at least 2012 -- no one knew it was there. Recent MikroTik router firmware updates should fix the issue. However, there's concern that other router makers might be affected.

Apple Seems OK With Currency Miners In the Mac App Store 38

Apple has yet to block a popular title in the Mac App Store that has openly embraced coin mining, prompting one to ask the question: does Apple allow apps in the Mac App Store if they clearly disclose that they will be mining cryptocurrency? Ars Technica reports: The app is Calendar 2, a scheduling app that aims to include more features than the Calendar app that Apple bundles with macOS. In recent days, Calendar 2 developer Qbix endowed it with code that mines the digital coin known as Monero. The xmr-stack miner isn't supposed to run unless users specifically approve it in a dialog that says the mining will be in exchange for turning on a set of premium features. If users approve the arrangement, the miner will then run. Users can bypass this default action by selecting an option to keep the premium features turned off or to pay a fee to turn on the premium features. If Calendar 2 isn't the first known app offered in Apple's official and highly exclusive App Store to do currency mining, it's one of the very few.

Apple Must Explain Why It Doesn't Want You To Fix Your Own iPhone, California Lawmaker Says ( 195

A California state lawmaker says she hopes to make Apple explain specifically why it has opposed and lobbied against legislation that would make it easier for you to repair your iPhone and other electronics. Motherboard reports: Last week, California assemblymember Susan Talamantes-Eggman announced that she plans to introduce right to repair legislation in the state, which would require companies like Apple, Microsoft, John Deere, and Samsung to sell replacement parts and repair tools, make repair guides available to the public, and would require companies to make diagnostic software available to independent shops. Public records show that Apple has lobbied against right to repair legislation in New York, and my previous reporting has shown that Apple has privately asked lawmakers to kill legislation in places like Nebraska. To this point, the company has largely used its membership in trade organizations such as CompTIA and the Consumer Technology Association to publicly oppose the bill. But with the right to repair debate coming to Apple's home state, Talamantes-Eggman says she expects the company to show up to hearings about the bill.

"Apple is a very important company in the state of California, and one I have a huge amount of respect for. But the onus is on them to explain why we can't repair our own things and what damage or danger it causes them," Talamantes-Eggman told me in a phone interview. Talamantes-Eggman told me that the bill she plans to introduce will apply to both consumer electronics as well as agricultural equipment such as tractors. Broadly speaking, the electronics industry has decided to go with an "authorized repair" model in which companies pay the original device manufacturer to become authorized to fix devices.


Firefox Gets Privacy Boost By Disabling Proximity and Ambient Light Sensor APIs ( 79

Stating with Firefox 60 -- expected to be released in May 2018 -- websites won't be able to use Firefox to access data from sensors that provide proximity distances and ambient light information. From a report: Firefox was allowing websites to access this data via the W3C Proximity and Ambient Light APIs. But at the start of the month, Mozilla engineers decided to disable access to these two APIs by default. The APIs won't be removed, but their status is now controlled by two Firefox flags that will ship disabled by default. This means users will have to manually enable the two flags before any website can use Firefox to extract proximity and ambient light data from the device's underlying sensors. The two flags will be available in Firefox's about:config settings page. The screenshot below shows the latest Firefox Nightly version, where the two flags are now disabled, while other sensor APIs are enabled.

What Image Should Represent All of Humanity On Wikipedia? ( 349

An anonymous reader writes: If aliens ever do come across the Pioneer spacecraft and make assumptions about the entire human species based on the man and woman etched onto the plaque it carries, this is what they will think of us: We all look like white people; we all look about 30ish years old; we do not wear clothes. It's a problem you encounter anytime you have to choose a few individuals to represent an entire group, and it's one that the editors of Wikipedia have debated for years: What image should grace the top of the "human" entry in the online dictionary?

The photo that's there now, after years of feverish debate, is of an Akha couple from a region of Thailand along the Mekong river. "The photo of the Akha couple remain humanity's type specimens on Wikipedia," writes author Ellen Airhart. "Just as a shriveled northeastern leopard frog at the University of Michigan Museum of Zoology represents its whole species, so this couple stands for all of us."

Such musing about the taxonomic representation of the human species could actually have a big impact on our digital future. "Future scientists will have to teach computers, not aliens, to recognize the human image. Right now, software engineers program artificial intelligence to recognize people by feeding them millions of pictures of faces," she writes. "But whose faces? Computer scientists run into the same questions about gender, race, and culture that the Wikipedia editors encountered. Being able to use more than one photo expands the conversation but does not necessarily make it easier."


Ubuntu Linux 18.04 'Bionic Beaver' Beta 1 Now Available For Download ( 101

From a report: This week, Ubuntu Linux 18.04 'Bionic Beaver' Beta 1 became available for download. Ubuntu 18.04 is significant, as it will be an LTS (Long Term Support) version. As was the case when Unity was the primary DE, GNOME is not available in this beta stage. Instead, there are other flavors from which to choose, such as Kubuntu with KDE Plasma and Xubuntu, which uses Xfce.

"Pre-releases of the Bionic Beaver are not encouraged for anyone needing a stable system or anyone who is not comfortable running into occasional, even frequent breakage. They are, however, recommended for Ubuntu flavor developers and those who want to help in testing, reporting, and fixing bugs as we work towards getting this release ready. Beta 1 includes some software updates that are ready for broader testing. However, it is quite an early set of images, so you should expect some bugs," says Dustin Krysak, Ubuntu Budgie team member.

Hardware Hacking

ESR's Newest Project: An Open Hardware/Open Source UPS ( 232

An anonymous reader writes: Last month Eric S. Raymond complained about his choices for a UPS (Uninterruptible Power Supply), adding that "This whole category begs to be disrupted by an open-hardware [and open-source] design that could be assembled cheaply in a makerspace from off-the-shelf components, an Arduino-class microcontroller, and a PROM...because it's possible, and otherwise the incentives on the vendors won't change." It could be designed to work with longer-lasting and more environmentally friendly batteries, using "EV-style intelligent battery-current sensors to enable accurate projection of battery performance" (along with a text-based alert system and a USB monitoring port).

Calling the response "astonishing," Raymond noted the emergence within a week of "the outlines of a coherent design," and in an update on GitLab reported that "The response on my blog and G+ was intense, almost overwhelming. It seems many UPS users are unhappy with what the vendors are pushing" -- and thus, the UPSide project was launched. "We welcome contributors: people with interest in UPSes who have expertise in battery technology, power-switching electronics, writing device-control firmware, relevant standards such as USB and the DMTF battery-management profile. We also welcome participation from established UPS and electronics vendors. We know that consumer electronics is a cutthroat low-margin business in which it's tough to support a real R&D team or make possibly-risky product bets. Help us, and then let us help you!"

There's already a Wiki with design documents -- plus a process document -- and Raymond says the project now even has a hardware lead with 30 years experience as a power and signals engineer, plus "a really sharp dev group. Half a dozen experts have shown up to help spec this thing, critique the design docs, and explain EE things to ignorant me." And he's already touting "industry participation! We have a friendly observer who's the lead software architect for one of the major UPS vendors." Earlier Raymond identified his role as "basically, product manager -- keeper of the requirements list and recruiter of talent" -- though he admits on his blog that he's already used a "cute hack" to create a state/action diagram for the system, "by writing a DSL to generate code in another DSL and provably correct equivalent C application logic."

He adds to readers of the blog that if that seems weird to you, "you must be new here."

Open Source

Linux Developer McHardy Drops GPLv2 'Shake Down' Case ( 53

Former Linux developer Patrick McHardy dropped his Gnu General Public License version 2 (GPLv2) violation case against Geniatech in a German court this week. ZDNet explains why some consider this a big "win": People who find violations typically turn to organizations such as the Free Software Foundation, Software Freedom Conservancy (SFC), and the Software Freedom Law Center to approach violators. These organizations then try to convince violating companies to mend their ways and honor their GPLv2 legal requirements. Only as a last resort do they take companies to court to force them into compliance with the GPLv2. Patrick McHardy, however, after talking with SFC, dropped out from this diplomatic approach and has gone on his own way. Specifically, McHardy has been accused of seeking his own financial gain by approaching numerous companies in German courts. Geniatech claimed McHardy has sued companies for Linux GPLv2 violations in over 38 cases. In one, he'd requested a contractual penalty of €1.8 million. The company also claimed McHardy had already received over €2 million from his actions...

In July 2016, the Netfilter developers suspended him from the core team. They received numerous allegations that he had been shaking down companies. McHardy refused to discuss these issues with them, and he refused to sign off on the Principles of Community-Oriented GPL Enforcement. In October 2017, Greg Kroah-Hartman, Linux kernel maintainer for the stable branch, summed up the Linux kernel developers' position. Kroah-Hartman wrote: "McHardy has sought to enforce his copyright claims in secret and for large sums of money by threatening or engaging in litigation...."

Had McHardy continued on his way, companies would have been more reluctant to use Linux code in their products for fear that a single, unprincipled developer could sue them and demand payment for his copyrighted contributions... McHardy now has to bear all legal costs for both sides of the case. In other words, when McHardy was faced with serious and costly opposition for the first time, he waved a white flag rather than face near certain defeat in the courts.


SgxSpectre Attack Can Extract Data From Intel SGX Enclaves ( 28

An anonymous reader quotes BleepingComputer: A new variation of the Spectre attack has been revealed this week by six scientists from the Ohio State University. Named SgxSpectre, researchers say this attack can extract information from Intel SGX enclaves. Intel Software Guard eXtensions (SGX) is a feature of modern Intel processors that allow an application to create so-called enclaves. This enclave is a hardware-isolated section of the CPU's processing memory where applications can run operations that deal with extremely sensitive details, such as encryption keys, passwords, user data, and more... Neither Meltdown and Spectre were able to extract data from SGX enclaves. This is where SgxSpectre comes in.

According to researchers, SgxSpectre works because of specific code patterns in software libraries that allow developers to implement SGX support into their apps. Vulnerable SGX development kits include the Intel SGX SDK, Rust-SGX, and Graphene-SGX. Academics say an attacker can leverage the repetitive code execution patterns that these SDKs introduce in SGX enclaves and watch for small variations of cache size. This allows for side-channel attacks that allow a threat actor to infer and slowly recover data from secure enclaves.

Intel's recent Spectre patches don't necessarily help, as an attacker can work around these fixes. Intel says an update for the Intel SGX SDK that adds SgxSpectre mitigations will be released on March 16. Apps that implement Google's Retpoline anti-Spectre coding techniques are safe, researchers say.


Android Beats iOS In Smartphone Loyalty, Study Finds 145

Android users don't appear to be switching to the iPhone like they used to. According to a new study from Consumer Intelligence Research Partners (CIRP), Android users have higher loyalty than iOS users do. "The research firm found that Android brand loyalty has been remaining steadily high since early 2016, and remains at the highest levels ever seen," reports TechCrunch. From the report: Today, Android has a 91 percent loyalty rate, compared with 86 percent for iOS, measured as the percentage of U.S. customers who stayed with their operating system when they upgraded their phone in 2017. From January 2016 through December 2017, Android loyalty ranged from 89 to 91 percent (ending at 91 percent), while iOS loyalty was several percentage points lower, ranging from 85 to 88 percent. Explains Mike Levin, partner and co-founder of CIRP, users have pretty much settled on their brand of choice at this point. "With only two mobile operating systems at this point, it appears users now pick one, learn it, invest in apps and storage, and stick with it. Now, Apple and Google need to figure out how to sell products and services to these loyal customer bases," he said. It's worth noting that Android hasn't always led in user loyalty as it does now. CIRP has been tracking these metrics for years, and things used to be the other way around.

Slashdot Top Deals