Snap Is Laying Off Around 100 Engineers 64

An anonymous reader quotes a report from CNBC: Snap is laying off about 100 engineers -- nearly 10 percent of the team -- CNBC has learned. The company has seen smaller rounds of layoffs in recent months in its marketing, recruiting and content divisions. These layoffs would be Snap's largest yet and the first to hit the company's engineers. The company last month rolled out the redesign of its pioneering photo messaging app. The redesign separated publisher content from content posted by friends and connections. Snap reported roughly 3,000 employees as of the December quarter and said in its first annual filing that it expected "headcount growth to continue for the foreseeable future."

Leaked Files Show How the NSA Tracks Other Countries' Hackers ( 66

An analysis of leaked tools believed to have been developed by the U.S. National Security Agency (NSA) gives us a glimpse into the methods used by the organization to detect the presence of other state-sponsored actors on hacked devices, and it could also help the cybersecurity community discover previously unknown threats. The Intercept: When the mysterious entity known as the "Shadow Brokers" released a tranche of stolen NSA hacking tools to the internet a year ago, most experts who studied the material honed in on the most potent tools, so-called zero-day exploits that could be used to install malware and take over machines. But a group of Hungarian security researchers spotted something else in the data, a collection of scripts and scanning tools the National Security Agency uses to detect other nation-state hackers on the machines it infects. It turns out those scripts and tools are just as interesting as the exploits. They show that in 2013 -- the year the NSA tools were believed to have been stolen by the Shadow Brokers -- the agency was tracking at least 45 different nation-state operations, known in the security community as Advanced Persistent Threats, or APTs. Some of these appear to be operations known by the broader security community -- but some may be threat actors and operations currently unknown to researchers.

The scripts and scanning tools dumped by Shadow Brokers and studied by the Hungarians were created by an NSA team known as Territorial Dispute, or TeDi. Intelligence sources told The Intercept the NSA established the team after hackers, believed to be from China, stole designs for the military's Joint Strike Fighter plane, along with other sensitive data, from U.S. defense contractors in 2007; the team was supposed to detect and counter sophisticated nation-state attackers more quickly, when they first began to emerge online. "As opposed to the U.S. only finding out in five years that everything was stolen, their goal was to try to figure out when it was being stolen in real time," one intelligence source told The Intercept. But their mission evolved to also provide situational awareness for NSA hackers to help them know when other nation-state actors are in machines they're trying to hack.


Chrome 65 Arrives With Material Design Extensions Page, New Developer Features ( 34

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 65 for Windows, Mac, Linux, and Android. Additions in this release include Material Design changes and new developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from Chrome 65 comes with a few visual changes. The most obvious is related to Google's Material Design mantra. The extensions page has been completely revamped to follow it. Next up, Chrome 65 replaces the Email Page Location link in Chrome for Mac's File menu with a Share submenu. As you might expect, Mac users can use this submenu to share the URL of a current tab via installed macOS Share Extensions. Speaking of Macs, Chrome 65 is also the last release for OS X 10.9 users. Chrome 66 will require OS X 10.10 or later. Moving on to developer features, Chrome 65 includes the CSS Paint API, which allows developers to programmatically generate an image, and the Server Timing API, which allows web servers to provide performance timing information via HTTP headers.

Sri Lanka Blocks Facebook, Instagram To Prevent Spread of Hate Speech ( 123

Sri Lanka has blocked social media websites Facebook, Instagram and WhatsApp to avoid the spread of hate speech in the country, local media reported on Wednesday. From the report: Even though there is no official confirmation from the authorities, the Cabinet Spokesman Minister Rajitha Senaratne on Wednesday said the government has decided to block access to certain social media. Telecom Regulatory Commission (TRC) has started to monitor all social media platforms to curb hate speech related to communal riots escalated in Kandy district. Telecommunication service providers (ISPs) have also restricted internet access in Kandy district on the instructions of the TRC.

Google Is Selling Off Zagat ( 33

An anonymous reader quotes a report from TechCrunch: Seven years after picking up Zagat for $151 million, Google is selling off the perennial restaurant recommendation service. The New York Times is reporting this morning that the technology giant is selling off the company to The Infatuation, a review site founded nine years back by former music execs. The company had been rumored to be courting a buyer since early this year. As Reuters noted at the time, Zagat has increasingly become less of a focus for Google, as the company began growing its database of restaurant recommendations organically. Zagat, meanwhile, has lost much of the shine it had when Google purchased it nearly a decade ago. The Infatuation, which uses an in-house team of reviewers to write up restaurants in major cities like New York, San Francisco, Los Angeles and London, is picking up the service for an undisclosed amount. The site clearly believes there's value left in the Zagat brand, even as the business of online reviews has changed significantly in the seven years sinceGoogle picked it up.

The Slow Death of the Internet Cookie ( 97

Sara Fischer, writing for Axios: Over 60% of marketers believe they will no longer need to rely on tracking cookies, a 20-year-old desktop-based technology, for the majority of their digital marketing within the next two years, according to data from Viant Technology, an advertising cloud. Why it matters: Advertising and web-based services that were cookie-dependent are slowly being phased out of our mobile-first world, where more personalized data targeting is done without using cookies. Marketers are moving away from using cookies to track user data on the web to target ads now that people are moving away from desktop. 90% of marketers say they see improved performance from people-based marketing, compared with cookie-based campaigns.
The Internet

WordPress Now Powers 30% of Websites ( 64

WordPress now powers 30 percent of the web, according to data from web technology survey firm W3Techs. From a report: This represents a 5 percentage point increase in nearly two and a half years, after WordPress hit the 25 percent mark in November 2015. It's worth noting here that this figure relates to the entire Web, regardless of whether a website uses a content management system (CMS) or not. If we're looking at market share, WordPress actually claims 60.2 percent, up from 58.7 percent in November 2015. By comparison, its nearest CMS rival, Joomla, has seen its usage jump from 2.8 percent to 3.1 percent, while Drupal is up from 2.1 percent to 2.2 percent.

Rhode Island Bill Would Impose Fee For Accessing Online Porn ( 503

If a recently introduced bill passes the General Assembly this session, Rhode Island residents will have to pay a $20 fee to access sexually explicit content online. The bill, introduced by Sen. Frank Ciccone (D-Providence) and Sen. Hanna Gallo (D-Cranston), would require internet providers to digitally block "sexual content and patently offensive material." Consumers could then deactivate that block for a fee of $20. The Providence Journal reports: Each quarter the internet providers would give the money made from the deactivation fees to the state's general treasurer, who would forward the money to the attorney general to fund the operations of the Council on Human Trafficking, according to the bill's language. If online distributors of sexual content do not comply with the filter, the attorney general or a consumer could file a civil suit of up to $500 for each piece of content reported, but not blocked, according to the bill.

Six Tech Companies Filing Net Neutrality Lawsuit ( 31

An anonymous reader quotes a report from The Hill: Six technology companies, including Kickstarter, Foursquare and Etsy, have launched a lawsuit against the Federal Communications Commission (FCC) in an effort to preserve net neutrality rules. The companies, which also include Shutterstock, Expa and Automattic, on Monday filed their petition with the U.S. Court of Appeals for the District of Columbia Circuit. The companies join Vimeo and Mozilla, as well as several state attorneys general who have also filed lawsuits against the FCC in support of the net neutrality rules. Like the other lawsuits, their new case hinges on the Administrative Procedure Act, which they argue prevents the FCC from "arbitrary and capricious" redactions to already existing policy. "Already, over 30,000 Etsy sellers participated in the FCC's public comment process, and tens of thousands more reached out to Congress in support of net neutrality. Now we're bringing their stories and experiences to the courts," said Althea Erickson, head of advocacy and impact at Etsy.

Do Neural Nets Dream of Electric Sheep? ( 201

An anonymous reader shares a post: If you've been on the internet today, you've probably interacted with a neural network. They're a type of machine learning algorithm that's used for everything from language translation to finance modeling. One of their specialties is image recognition. Several companies -- including Google, Microsoft, IBM, and Facebook -- have their own algorithms for labeling photos. But image recognition algorithms can make really bizarre mistakes. Microsoft Azure's computer vision API added the above caption and tags. But there are no sheep in the image. None. I zoomed all the way in and inspected every speck. It also tagged sheep in this image. I happen to know there were sheep nearby. But none actually present. Here's one more example. In fact, the neural network hallucinated sheep every time it saw a landscape of this type. What's going on here?

Are neural networks just hyper-vigilant, finding sheep everywhere? No, as it turns out. They only see sheep where they expect to see them. They can find sheep easily in fields and mountainsides, but as soon as sheep start showing up in weird places, it becomes obvious how much the algorithms rely on guessing and probabilities. Bring sheep indoors, and they're labeled as cats. Pick up a sheep (or a goat) in your arms, and they're labeled as dogs.

The Internet

Google Fiber Is a Faint Echo of the Disruption We Were Promised ( 173

An anonymous reader quotes a report from Motherboard: Some eight years on and Google Fiber's ambitions are just a pale echo of the disruptive potential originally proclaimed by the company. While Google Fiber did make some impressive early headway in cities like Austin, the company ran into numerous deployment headaches. Fearing competition, incumbent ISPs like AT&T and Comcast began a concerted effort to block the company's access to essential utility poles, even going so far as to file lawsuits against cities like Nashville that tried to expedite the process. Even in launched markets, customer uptake wasn't quite what executives were expecting. Estimates peg Google Fiber TV subscribers at fewer than 100,000, thanks in large part to the cord cutting mindset embraced by early adopters. Broadband subscriber tallies (estimated as at least 500,000) were notably better, but still off from early company projections. Even without anti-competitive roadblocks, progress was slow. Digging up city streets and burying fiber was already a time-consuming and expensive process. And while Google has tried to accelerate these deployments via something called "microtrenching" (machines that bury fiber an inch below roadways), broadband deployment remains a rough business. It's a business made all the rougher by state and local regulators and lawmakers who've been in the pockets of entrenched providers like Comcast for the better part of a generation.

Thieves Steal 600 Powerful Bitcoin-Mining Computers In Iceland ( 88

The Associated Press reports of a Bitcoin heist in Iceland where thieves stole some 600 computers used to "mine" bitcoin and other virtual currencies. "Some 11 people were arrested, including a security guard, in what Icelandic media have dubbed the 'Big Bitcoin Heist,'" reports the Associated Press. From the report: The powerful computers, which have not yet been found, are worth almost $2 million. But if the stolen equipment is used for its original purpose -- to create new bitcoins -- the thieves could turn a massive profit in an untraceable currency without ever selling the items. Three of four burglaries took place in December and a fourth took place in January, but authorities did not make the news public earlier in hopes of tracking down the thieves. Police tracking the stolen computers are monitoring electric consumption across the country in hopes the thieves will show their hand, according to an industry source who spoke on condition of anonymity because he is not allowed to speak to the media. Unusually high energy usage might reveal the whereabouts of the illegal bitcoin mine. Authorities this week called on local internet providers, electricians and storage space units to report any unusual requests for power.

GitHub Survived the Biggest DDoS Attack Ever Recorded ( 144

A 1.35 terabit-per-second DDoS attack hit GitHub all at once last Wednesday. "It was the most powerful distributed denial of service attack recorded to date -- and it used an increasingly popular DDoS method, no botnet required," reports Wired. From the report: GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off. "We modeled our capacity based on fives times the biggest attack that the internet has ever seen," Josh Shaul, vice president of web security at Akamai told WIRED hours after the GitHub attack ended. "So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It's one thing to have the confidence. It's another thing to see it actually play out how you'd hope."

Akamai defended against the attack in a number of ways. In addition to Prolexic's general DDoS defense infrastructure, the firm had also recently implemented specific mitigations for a type of DDoS attack stemming from so-called memcached servers. These database caching systems work to speed networks and websites, but they aren't meant to be exposed on the public internet; anyone can query them, and they'll likewise respond to anyone. About 100,000 memcached servers, mostly owned by businesses and other institutions, currently sit exposed online with no authentication protection, meaning an attacker can access them, and send them a special command packet that the server will respond to with a much larger reply.


Google's Slack Competitor 'Hangouts Chat' Comes Out of Beta ( 52

Frederic Lardinois reports via TechCrunch: Hangouts Chat, Google's take on modern workplace communication, is now generally available and is becoming a core part of G Suite. Hangouts Chat was first announced at Google Cloud Next 2017, together with Hangouts Meet. While Meet went right into public availability, though, Chat went into an invite-only preview. Now, Google is rolling Chat out to all G Suite users over the course of the next seven days (so if you don't see it yet, don't despair). For all intents and purposes, Hangouts Chat is Google's take on Slack, Microsoft Teams and similar projects. Since Google first announced this project, Atlassian also joined the fray with the launch of Stride. Like its competitors, Chat is available on iOS, Android and the web.

Chat currently supports 28 languages and each room can have up to 8,000 members. What's maybe just as important, though, is that Google has already built an ecosystem of partners that are integrating with Chat by offering their own bots. They include the likes of Xero, RingCentral, UberConference, Salesforce, Zenefits,, Jira, Trello, Wrike and Kayak. There's even a Giphy bot. Developers can also build their own bots and integrate their own services with Chat.


YouTube Hiring For Some Positions Excluded White and Asian Men, Lawsuit Says ( 448

Kirsten Grind and Douglas MacMillan report via The Wall Street Journal (Warning: source may be paywalled; alternative source): YouTube last year stopped hiring white and Asian males for technical positions because they didn't help the world's largest video site achieve its goals for improving diversity, according to a civil lawsuit filed by a former employee. The lawsuit, filed by Arne Wilberg, a white male who worked at Google for nine years, including four years as a recruiter at YouTube, alleges the division of Alphabet's Google set quotas for hiring minorities. Last spring, YouTube recruiters were allegedly instructed to cancel interviews with applicants who weren't female, black or Hispanic, and to "purge entirely" the applications of people who didn't fit those categories, the lawsuit claims.

A Google spokeswoman said the company will vigorously defend itself in the lawsuit. "We have a clear policy to hire candidates based on their merit, not their identity," she said in a statement. "At the same time, we unapologetically try to find a diverse pool of qualified candidates for open roles, as this helps us hire the best people, improve our culture, and build better products." People familiar with YouTube's and Google's hiring practices in interviews corroborated some of the lawsuit's allegations, including the hiring freeze of white and Asian technical employees, and YouTube's use of quotas.


Australia Considers Making It Illegal For ISPs To Advertise Inflated Speeds ( 70

The Australian government is currently considering a bill that would make it illegal for internet service providers to exaggerate speeds, or else face a fine of up to $1 million. "One constituent says he's being charged for a 25 megabit per second download speed and a five megabit per second upload and he's actually getting less than one tenth of that," said Andrew Wilkie, the Member of Parliament who introduced the bill. "In other words, people are getting worse than dial-up speed when they've been promised a whizz-bang, super-fast connection." Motherboard reports: Internet speeds can vary based on how many people are on the network and even the hardware you use, but while we can't expect ISPs to deliver maximum speed 100 percent of the time, previous probes into their performance have shown many ISPs in the U.S. aren't delivering even the minimum advertised speeds a majority of the time for the average user. Under the proposed Australian law, ISPs are simply required to be more transparent about what consumers can expect with a specific plan. Rather than advertising only the maximum speeds, they would have to include typical speeds for the average user, indicate busy periods, and clearly list any other factors that might impact service. The bill was only introduced this week, so it's yet to be seen if it will gain traction.

Amazon's Jeff Bezos Called Out On Counterfeit Products Problem ( 169

An anonymous reader quotes a report from CNET: Here's the scenario. A small company designs and creates a product and puts it up on Amazon. Things go well. People really like it. They post hundreds of positive reviews. Sales build -- and keep building. Everything is going great. And then, boom, things go south in a hurry. Another company has created a counterfeit version of the product and is selling it under the same name only it's selling it for less, stealing all the sales. That's exactly what happened to Portland-based Elevation Lab, its founder Casey Hopkins said, accusing Amazon of being "complicit with counterfeiting" in a blog post.

The Anchor, Elevation's popular under-desk headphone mount, has been getting flooded with counterfeits, Hopkins said, noting the situation certainly isn't unique to his company. "The current counterfeit seller, Suiningdonghanjiaju Co Ltd (yeah they sound legit), has been on there for the past 5 days and taken all the sales," Hopkins wrote. Adding further insult to injury, he said Elevation has paid Amazon a "boatload of money" to advertise the product that it has "built, invested in, and shipped." Amazon has now purged the Suiningdonghanjiaju listing, which is noted in our cart as "no longer available from the selected seller." It instead defaults to Elevation's own stock. Hopkins told CNET that counterfeiters have been purged at least five times in recent weeks only to return a week later under a different seller name "to hijack the listing." He said it takes Amazon 5 days to remove the seller.
"If you have a registered brand in the Brand Registry and don't sell the product wholesale, there could be one box to check for that," Hopkins wrote. "And anyone else would have to get approval or high vetting to sell the product, especially if they are sending large quantities to FBA [Fulfillment by Amazon]. I imagine there are some algorithmic solutions that could catch most of it too. And it wouldn't hurt to increase the size of the Brand Registry team so they can do their work faster." Hopkins took a final poke at Amazon CEO Jeff Bezos, saying: "If you're reading this, come on, this is Day 2 activity."

23,000 HTTPS Certs Axed After CEO Emails Private Keys ( 72

An anonymous reader quotes Ars Technica: A major dust-up on an Internet discussion forum is touching off troubling questions about the security of some browser-trusted HTTPS certificates when it revealed the CEO of a certificate reseller emailed a partner the sensitive private keys for 23,000 TLS certificates. The email was sent on Tuesday by the CEO of Trustico, a UK-based reseller of TLS certificates issued by the browser-trusted certificate authorities Comodo and, until recently, Symantec...

In communications earlier this month, Trustico notified DigiCert that 50,000 Symantec-issued certificates Trustico had resold should be mass revoked because of security concerns. When Jeremy Rowley, an executive vice president at DigiCert, asked for proof the certificates were compromised, the Trustico CEO emailed the private keys of 23,000 certificates, according to an account posted to a Mozilla security policy forum. The report produced a collective gasp among many security practitioners who said it demonstrated a shockingly cavalier treatment of the digital certificates that form one of the most basic foundations of website security... In a statement, Trustico officials said the keys were recovered from "cold storage," a term that typically refers to offline storage systems. "Trustico allows customers to generate a Certificate Signing Request and Private Key during the ordering process," the statement read. "These Private Keys are stored in cold storage, for the purpose of revocation."

"There's no indication the email was encrypted," reports Ars Technica, and the next day DigiCert sent emails to Trustico's 23,000+ customers warning that their certificates were being revoked, according to Bleeping Computer.

In a related development, Thursday Trustico's web site went offline, "shortly after a website security expert disclosed a critical vulnerability on Twitter that appeared to make it possible for outsiders to run malicious code on Trustico servers."

EU Warns Tech Giants To Remove Terror Content in 1 Hour -- or Else ( 153

The European Union issued internet giants an ultimatum to remove illegal online terrorist content within an hour, or risk facing new EU-wide laws. From a report: The European Commission on Thursday issued a set of recommendations for companies and EU nations that apply to all forms of illegal internet material, "from terrorist content, incitement to hatred and violence, child sexual abuse material, counterfeit products and copyright infringement. Considering that terrorist content is most harmful in the first hours of its appearance online, all companies should remove such content within one hour from its referral as a general rule.â The commission last year called upon social media companies, including Facebook, Twitter and Google owner Alphabet, to develop a common set of tools to detect, block and remove terrorist propaganda and hate speech. Thursday's recommendations aim to "further step up" the work already done by governments and push firms to "redouble their efforts to take illegal content off the web more quickly and efficiently."

Even With Double the Subscribers, Spotify Says Apple Will Always Have an Edge Owning the App Store ( 25

On Wednesday, Spotify filed for a direct listing in the U.S., sidestepping the traditional IPO process, and now we're starting to see some of the true financial guts of the company -- and some of the significant risks it faces from challenging services from Apple and Google. From a report: Apple, for example, charges apps a percentage of revenue for subscriptions processed through the App Store. Apple Music, meanwhile, will always deliver Apple 100 percent of the subscription revenue that it receives from subscribers (sans record fees and all that kind of stuff, of course). Apple, too, has a direct integration with its iOS devices and also a huge amount of brand recognition, even though Spotify is a massive service. Spotify says it has 159 million monthly active users and 71 million premium subscribers, while Apple has 36 million paying subscribers as of February 2018. Spotify said, "In addition, Apple and Google also own application store platforms and are charging in-application purchase fees, which are not being levied on their own applications, thus creating a competitive advantage for themselves against us. As the market for on-demand music on the internet and mobile and connected devices increases, new competitors, business models, and solutions are likely to emerge."

Slashdot Top Deals