Uber, Amazon, Tesla ramped up US lobbying in 2016
Google and Facebook both reduced spending
Many major tech companies spent less money lobbying in Washington in 2016, but a handful, including Uber and Amazon, invested significantly more in attempting to influence politicians and the regulatory process.
The money, which totals tens of millions of dollars, is spent on workers and companies that monitor bills and schmooze with politicians and their staffs in the hopes of shaping laws in favor of their clients.
Uber, which is regularly in conflict with regulators, spent $1.4 million on issues as varied as autonomous cars, access to military bases for its cars and transportation regulations. That's almost three times the $470,000 it spent in 2015, according to regulatory filings.
Both Tesla and Dropbox increased spending by more than seven times to $160,000 and $725,000, respectively, as they expanded lobbying efforts that began in 2015.
The biggest Internet spender was Google, which poured $15.4 million into the hands of lobbyists, down 7 percent from 2015. Google's lobbying efforts are so big partly because the company has interests in so many areas, and also because it's rich.
Facebook spent $8.7 million, down 12 percent; Microsoft also spent $8.7 million, up 3 percent; and Apple spent $4.7 million, up 4 percent.
Amazon increased its spend by 21 percent to $11 million, joining a handful of companies that pour eight-figure sums into Washington, D.C. Others in that club included AT&T at $16.4 million, Comcast at $14.3 million, the National Cable Television Association at $13.4 million, mobile industry group CTIA at $11 million and Verizon at $10 million.
The drops in spending in 2016 come after several years of increases. Congress tends to shy away from taking much action in election years, and 2016 marked the end of the Obama years and transition to the Trump administration. In recent weeks, several tech companies have launched new lobbying efforts as the legislative outlook for the next few years becomes clearer.
Some companies have been able to take their pressure directly to President Trump, who hosted a high-profile meeting with tech CEOs in January and promised to make them regular events.
Two prominent tech names, Elon Musk and Peter Thiel, have forged closer links to Trump. That could be handy for Musk, who spent $1.9 million at his other company, Space X, which has much to gain from lucrative government and military launch contracts.
New 'made in China' chip on the way as country boosts indigenous tech
Huaxintong Semiconductor Technology is developing a server chip based on ARM architecture
The number of powerful chips coming out of China keeps growing as a war of words on semiconductors with the U.S. escalates.
A joint venture between Qualcomm and China's Guizhou province, called Huaxintong Semiconductor Technology, has started the development of a new server chip based on ARM technology.
The joint venture is "now busy developing a customized server CPU product based on our technology and designs for the China market," said Derek Aberle, president at Qualcomm, according to a Seeking Alpha transcript of an earnings call last week.
Other companies are also developing custom chips for the Chinese server market.
Suzhou PowerCore is developing a CPU based on IBM's Power architecture, though the venture has raised security concerns. AMD has also created a joint venture to create Chinese x86 server chips.
Chipmakers are making a run at the Chinese market, which is considered a big opportunity for data center technologies. Like Facebook and Google in the U.S., Chinese companies like Alibaba and Tencent are establishing mega data centers for cloud and machine-learning services.
But the Chinese market has its quirks because companies there prefer to buy hardware from local vendors. It's partly because servers made by Chinese companies are cheaper and potentially come with fewer national security risks.
China's long-term goal is to be self reliant in the hardware market, with a majority of devices in the country running on homegrown components. The country already has the world's fastest supercomputer, TaihuLight.
A Chinese company called Tsinghua Unigroup, the majority of it state-owned, is building a US$30 billion chip factory and investing $4.3 billion in a city to serve the factory.
"The Chinese have been transparent about their desire to have a strong, indigenous semiconductor industry because they have spent so much importing this stuff," said Nathan Brookwood, principal analyst at Insight 64.
In 2014, the Chinese government said it would spend $150 billion over the next 10 years to grow its local semiconductor market. The U.S. has accused China of rigging the semiconductor market by giving an unfair advantage to Chinese chip companies.
Though Intel rules the China server chip market, Qualcomm is trying to push its chips, based on ARM architecture.
Qualcomm late last year announced its first 48-core server chip, the Centriq 2400. It is considered the best ARM server chip yet. But Intel has more than a 90 percent server chip market share, while ARM servers are virtually nonexistent and are still being tested. China represents a big opportunity to Qualcomm and ARM architecture to grow in the server market.
The Guizhou province is building up a reputation as a hub for big data, with many cloud server and telecom companies establishing data centers there. Making homegrown chips and servers will boost the region's economy and keep more workers employed.
Huaxintong Semiconductor Technology is a separate company from Qualcomm and developing its own CPU technology, a Qualcomm spokeswoman said in an email.
What the joint venture company is developing is unclear, but the technology could be based on the Falkor CPU core used in Centriq 2400.
Huaxintong Semiconductor Technology could take Qualcomm's technology and customize the CPU for local customers. It could strip out or add I/O and throughput technologies to directly address customer needs, Brookwood said.
The chips could drive cloud installations and target Intel's Xeon E3 and E5 chips.
Alternately, Huaxintong Semiconductor could create an ARM chip for high-performance computing by cramming many ARM CPU cores together, Brookwood said. That could allow the joint venture to create a chip to compete with Intel's Xeon Phi.
The server chip design will also depend on the software a customer uses. For now, the only proven software stack for ARM architecture is LAMP (Linux, Apache, MySQL, PHP) for web serving, but new usage models in areas like deep learning and high-performance computing are emerging every day.
30% off WeMo Wi-Fi Smart Plug, Works with Amazon Alexa - Deal Alert
Did you forget to turn off the window A.C.? How about that curling iron? Want the living room lamp to turn on when the sun goes down—automatically? The Wemo Switch gives you control of your lamps and small appliances whenever you want, wherever you choose, with tons of options for scheduling and automation. Paired with Amazon Alexa, you can control your lamps and appliances with just the power of your voice. When Wemo works with Nest Thermostat, you can set your lights to turn off automatically when you leave the house, and on when you get home again. No central hub or subscription is required. Wemo also has an on/off switch on the unit, in case the Wi-Fi goes down. This smart plug is currently discounted 30% down to just $34.99. For more information and buying options, see the discounted WiFi Smart Plug on Amazon.
This story, "30% off WeMo Wi-Fi Smart Plug, Works with Amazon Alexa - Deal Alert" was originally published by TechConnect.
F5 Networks taps versatile Ciena higher-up to take over as CEO
New F5 President and CEO Francois Locoh-Donou lauded for engineering and business background, multinational experience at Ciena
F5 Networks CEO and President John McAdam, thrust back into that role in late 2015 under unusual circumstances, has announced that Ciena SVP and COO Francois Locoh-Donou will succeed him on April 3.
McAdam joined F5 in 2000 and served as CEO and President until July 2015, when he handed the reins to Manuel Rivelo. But Rivelo stepped down in December of that year for unspecified personal conduct issues, and McAdam jumped back into the fray at the Seattle company, which he has helped to build into an application delivery powerhouse generating about $2B in annual revenue.
In a letter to employees posted on the F5 website, McAdam writes: "This announcement has been a long time coming, but I believe that as you get to know François you will understand why he has been worth the wait."
McAdam goes on to laud the versatile Locoh-Donou for his engineering and business background, and for having "spent nearly two decades building a wide range of products, teams and operations around the world." McAdam also praises Locoh-Donou's social entrepreneurship support in his home country of Togo and his work on maternal health issues in developing countries.
Locoh-Donou will take leadershop of F5 at a time when the company is pushing hard into the cloud and security markets, including via a slew of new products and services announced earlier this month.
This story, "F5 Networks taps versatile Ciena higher-up to take over as CEO" was originally published by Network World.
Why Microsoft forced Windows 10 upgrades last Friday
A plain-English guide to the complex rhythms of Win10 version upgrades and control settings
Over the weekend, I heard many complaints from people who were unceremoniously upgraded from Windows 10 Fall Update (version 1511) to the Anniversary Update (version 1607). The upgrade took place even though they had explicitly instructed Windows 10 to defer upgrades.
Win10's proclivity for unexpected updates and restarts has long been a source of frustration, and the settings that surround upgrades and updates confuse many – including me. But there's a reason why so many were upgraded over the weekend while trying hard to stem the tide.
To make some sense of this, let's start with the basics.
So far Windows 10 has appeared in three versions:
- The original, RTM version (called 10240 and 1507), now at build 10240.17236
- Fall Update version 1511 (later renamed November Update), now at build 10586.753
- Anniversary Update version 1607, now at build 14393.693
There's a fourth version, called Creators Update, expected in March or April. You can call it 1704.
Microsoft has invented a conceptual superstructure of the versions that consists of the CB (Current Branch), the CBB (Current Branch for Business) and the LTSB (Long-Term Servicing Branch). See screenshot.
Woody Leonhard You can read the formal description on Microsoft's website, but the basic idea is that Win10 users bang around on the CB until Microsoft feels comfortable elevating the branch to CBB. Once a version is CBB-worthy, it's been thoroughly tested. Before that, well, you can draw your own conclusions.
The "for Business" bit is a red herring as any Windows user who's sufficiently wily can hold off on installing upgrades until a CB version has been awarded CBB status. (LTSB is a different animal entirely, suitable for "Specialized systems – such as PCs that control medical equipment, point-of-sale systems, and ATMs.")
When you read jokes about unpaid beta testers, jokesters are referring to people who use a CB version of Win10 before it's granted CBB status. They are, in fact, running released versions of Win10 that haven't yet been certified as viable for Microsoft's most important customers. It's important to realize that "CBB" doesn't refer to a different version of Windows. It's simply a designation that this particular version of Win10 is ready for prime time.
How long between CB and CBB? Good question. For 1511 it was five months (from Nov. 10, 2015 to Apr 8, 2016). For 1607 it took almost four months (from Aug. 2, 2016 to Nov. 29, 2016).
There's a next step, after a version is deemed worthy of the CBB title. This is the one that tripped up people over the weekend.
At some point after being declared CBB, Microsoft publishes the anointed version of Win10 to the Volume Licensing Service Center and republishes the version upgrade on the Windows Update server. The version itself doesn't change one iota. But the fact that it's published on those servers releases a cascade of actions that may not be obvious.
Version 1607 was published last Friday, Jan. 19, or 62 days after it hit CBB. Microsoft's intentionally vague about how long they'll take to go from CBB to fully published.
When Microsoft publishes the official CBB version:
- Windows Update unhides the upgrade, if it was hidden with wushowhide. This is the way "hide" has functioned in Windows Update for many years: If there's a new version of a patch released (in this case, "Feature update to Windows 10, version 1607"), previous attempts to hide the patch get overridden.
For many years, Microsoft documented new versions of old patches on the WU changelog. This time, we weren't so lucky.
- Those who have "Defer Upgrades" checked in Windows Update (Start > Settings > Update & security > Windows Update) get upgraded to the next version, unless there's an update server such as WSUS or SCCM in the middle, or a Group Policy has been set to slow it down even more. By using GPEdit on Win10 Pro v 1511 machines, you can tell Windows to avoid 1607 for eight more months – until Sept. 19, 2017, presumably – using the technique described by Gregg Keizer in Computerworld.
The upshot is that most folks who were holding off 1607 by either using wushowhide or by checking the "Defer Upgrades" box in version 1511 had their choice overridden over the weekend. That came as quite a shock, with many people complaining about how their machines went down for the count.
There's no way to predict how long a version will take to go from CB to CBB. There's no way to predict how long a version will take to go from CBB to fully published. We had no advance warning when 1511 was published on the VLSC servers. We had no advance warning when 1607 was published on the VLSC servers.
For those of you who were upgraded and didn't want to be – sorry about the hour or two takeover of your machine – your best bet is to roll back the upgrade, then use either GPEdit (for those of you with Win10 Pro) or wushowhide to hide "Feature update to Windows 10, version 1607."
There's another wrinkle you should know about.
Microsoft has another complex formula for determining when a release of Windows 10 will reach "end of life" – the point at which no more cumulative updates are offered. EOL occurs the later of either of the following:
- Eighteen months after the version is released (which is to say, when it becomes Current Branch)
- Sixty days after the next version is published to the VLSC server
In this case, that means version 1507 – the original, RTM version of Win10 – will no longer be supported after March 20, 2017, the "60 days after next version is published" limit.
The definitions, descriptions, settings, and durations are all evolving, and it looks like we'll have yet another bunch of changes for version 1704. If you got fooled this time, don't feel too bad about it, but watch out for next time.
The discussion continues on Askwoody.com.
Google begins live testing of Instant Apps that load without installation
The feature will let users interact with parts of an app even if they don't have it installed on their phones
At last year’s I/O conference, Google demonstrated a sneak peak of a new initiative that lets users interact with pieces of an app without needing to go through the whole download process. Called Android Instant Apps, it was designed to streamline the process of installing apps, and now Google is finally ready to let users try it out.
While only available in a “limited test” with just four developers—BuzzFeed, Wish, Periscope, and Viki—Instant Apps could dramatically change the way users interact with apps on their phones. For example, under the current system, if someone sends you a link to an item for sale in the Wish app and you don’t have it installed on your phone, you would be first redirected to the Play Store, where you would need to download and install the app, find it on your phone, open it, type in the item, and hit search. With Instant Apps, tapping the link would automatically bring up that page in the app, whether it’s installed on your phone or not. From there you could buy it or save the link to your home screen, all without needing to go through the whole tedious download process.
Google With the Wish Instant App, you can view and pay for an item without downloading the full version.
Furthermore, Google demonstrated a situation where a user could feed a parking meter without needing to waste time or data downloading the app first. Of course, if you wanted to download the full app, you could, but the process is designed to remove friction from what should be quick interactions. It’s kind of like opening web apps or Chrome Custom Tabs, but with much more power behind it. As Google explains, the experience isn’t watered down or minimalized in any way. Rather, the user will be using the full app, just targeted to the specific bit they requested:
“To develop an instant app, you’ll need to update your existing Android app to take advantage of Instant Apps functionality and then modularize your app so part of it can be downloaded and run on-the-fly. You’ll use the same Android APIs and Android Studio project.”
Google promises that full Instant Apps SDK will be available “in the coming months.”
Instant Apps will work on Android versions going all the way back to Jelly Bean, but It’s unclear how widespread the rollout for testing is or how Google will be soliciting feedback from users. When we tried to open a Wish link, it still sent us to the Play Store to download the full app.
The impact on you: Android Instant Apps have the potential to truly revolutionize the way we use and discover apps on our phones, especially those with limited space or running older versions of Android. Developers are constantly looking for ways to reach more users with their apps, and Instant Apps is the perfect way to do it, offering a lightweight, universal experience that doesn’t require the download of an app you might not have space for.
This story, "Google begins live testing of Instant Apps that load without installation " was originally published by Greenbot.
Yahoo pushes back timing of Verizon deal after breaches
The $4.8 billion acquisition, previously set for the first quarter, is now due to close in the second
Verizon’s planned acquisition of Yahoo will take longer than expected and won’t close until this year’s second quarter, the internet company said on Monday.
The $4.8 billion deal was originally slated to close in the first quarter, but that was before Yahoo reported two massive data breaches that analysts say may scrap the entire deal.
Although Yahoo continues to work to close the acquisition, there’s still work required to meet closing the deal's closing conditions, the company said in an earnings statement, without elaborating.
Verizon has suggested that the data breaches, and the resulting blow to Yahoo’s reputation, might cause it to halt or renegotiate the deal.
In September, Yahoo said a "state-sponsored actor" had stolen details from at least 500 million user accounts in late 2014. As if that wasn’t enough, the company reported another breach in December, this one dating back to August 2013 and involving 1 billion user accounts.
Both breaches were detected months after Verizon announced last July that it would buy the ailing internet company. Reportedly, Yahoo is facing an investigation from the U.S. Securities and Exchange Commission over whether the breaches should have been reported to investors earlier.
The breaches may have shaken confidence in Yahoo’s internet business. But the company has since taken measures, such as password resets, to secure user accounts.
Nevertheless, some user accounts are still vulnerable. On Monday, Yahoo said 90 percent of its daily active users were protected from the breach. That leaves another 10 percent potentially exposed.
Among the information stolen in the breaches were names, email addresses, telephone numbers, hashed passwords and security questions and answers meant to protect the accounts.
Inside Intel's bold plan to personalize live 3D sports broadcasts
Intel is working on technology so viewers can carve out their own interactive live sports broadcasts on PCs, VR headsets, and even TVs
Viewers may soon see a big change coming in the way they experience the chills and thrills of live sports broadcasts. It'll be customizable, interactive, and it will put them at the center of the experience.
If it goes as envisioned, Intel's multi-year plan will allow viewers to tailor their own live sports broadcasts, and watch events as if they were on the field.
The live sports broadcasts will be available for VR headsets, PCs, and even TVs. The experience will be unlike live sports today, in which the views and angles are selected by the broadcasters.
Instead, viewers in real-time will be able to create their own 3D broadcast of a sports event. Viewers will be able to select any type of view or camera angle they want for the live broadcast.
For example, users will be able to get a bird's eye view of a touchdown in a football game or a goal in soccer. Alternately, users will be able to view the same experience from a player's perspective. It depends on what a viewer selects, and many angles will be covered.
Intel's goal is to roll out this 360-degree live broadcast technology starting in 2019, and the company is working with broadcasters to deliver the real-time interactive experience.
Watching live content is now a linear experience, but live broadcasts tailor-made to viewers will revolutionize the way people watch sports, said James Carwana, general manager at Intel's sports group.
Intel is already working with a number of broadcasters to deliver these unique 3D experiences in real time to viewers, said Jeff Hopper, general manager of immersive experiences at Intel.
Broadcasters are eager to bring more interactive experience to live sports, Hopper said.
Some sports, such as football and soccer, are ideal for this interactive 3D live sports experience. It may be difficult to bring the same experience to sports like skiing, with the action happening over long distances. But Carwana said Intel is eager to bring this experience to a variety of sports and broadcasts worldwide.
Watching live sports from any angle will especially be fun on VR headsets, which allows users to view 3D content. In the future, viewers will be able to switch angles in real time and roam through a field as a play is taking place.
Interactive live sports is a killer application for VR, a market that is still emerging. Games are being received with a lot of enthusiasm on VR headsets, and live sports will bring a similar experience, except a viewer isn't playing.
But broadcasting live interactive content is easier said than done. It involves implementing an army of cameras in stadiums, creating a full 3D video experience so any particular scene can be viewed from any angle, and a new media format to support the interactive experience. It also requires a powerful back-end of servers to process all the data required to create an experience customized to each viewer.
Intel's starting off modestly with interactive replays instead of live broadcasts, allowing it to test the technology before it goes big time. At Super Bowl LI on Feb. 5, Fox Sports will show interactive replays based on Intel's 360-degree replay technology. Intel has already used similar replay technology in sports like baseball and basketball.
Further down the road, as technology is closely integrated into sports, users will be able to view live statistics as part of the experience. Intel has already done that, with live statistics on display during a live broadcast of the Winter X Games last year. In real-time, users were able to view key athlete performance data like how high a snowboarder jumped and how far they rotated. The data was captured from sensors on the snowboards.
Intel is working on technology that will make all of this happen. It is using a media format called FreeD, which will be central to live interactive sports broadcasts. Instead of pixels, which are used in regular images and video file formats, FreeD will have voxels, which composes image content in a three-dimensional format.
In each stadium offering live interactive video, 38 cameras will be installed, which is enough to generate a full view of all angles needed to generate a custom broadcast for each viewer. The cameras will generate terabytes of image data every few seconds.
During a live broadcast, a viewer will be able to select the angle they want to see a sport from, and that request will be delivered to a server. The server will compile the custom broadcast by processing and cutting images from all 38 cameras to generate the desired angle.
Servers will need a lot of horsepower to do that. Intel will use FreeD rendering technologies from its acquisition of Replay Technologies, which specializes in video formatting. It will also rely on algorithms to help generate those interactive for live sports broadcasts.
Intel has targeted the TV market several times previously, including a plan to launch its own TV service, but failed. This is the most ambitious experience so far, and it'll require many years of commitment. Intel has also acquired companies like Voke -- which provides technology to deliver live 3D broadcasts to VR headsets -- that are playing a central role in the chipmaker's efforts.
The amount of data generated for an interactive live sports broadcast leads to bandwidth challenges, the Intel executives acknowledged. But with technologies like 5G -- which could transmit mobile data at speeds of up to 20Gbps -- coming, some of those issues could be resolved, Hopper said. The live sports technology touches upon the key markets Intel is pursuing, including 5G, servers, and the internet of things.
The technology is still not here, and Intel's plan to make it possible by 2019 seems ambitious considering the numerous challenges. But Intel has a clear vision of how live sports broadcasts will look, and it's exciting.
XCOM 2's eagerly anticipated Long War 2 total conversion mod released in Steam Workshop
Good luck, Commander.
The Long War mod for the original XCOM: Enemy Unknown is legendary, and for damned good reason. The vanilla XCOM reboot was a long, complex, and outstanding tactical game, and Long War made it longer, more complex, and even more outstanding with new classes, equipment, items, and features. It was so delectably great that Firaxis worked closely with the team behind Long War to prep official mods for the launch of the even-better XCOM 2—which wound up being one of the 10 best PC games of 2016.
But those day-one mods didn’t include a new Long War. Today, nearly a year after XCOM 2’s launch, Pavonis Interactive released Long War 2. Hallelujah.
It’s easy to see that the time it took was well spent. Long War 2 expands the already widened scope of XCOM 2 dramatically. Expect to deploy on more than 100 missions during the campaign now, including eight new mission types ranging from jailbreaks to defending your resistance Havens. You’ll need to oversee those Havens more directly now, too, sending resources to sniff out supplies, intel, or recruits, and even directing your precious engineers and scientists to augment local efforts.
Pavonis Interactive A Haven management screen in Long War 2.
The entire Geoscape map layer has been overworked for this deeper complexity, with an Advent AI trying to counter you every step of the way.
You’ll have extra firepower on your side for this grueling slog. Long War 2 starts you off with a much larger pool of recruits and the ability to field up to 10 soldiers in some battles. You’ll have the ability to “infiltrate” locations with squads before formally deploying, potentially lightening the load you’ll face once your boots hit the ground. Your team also receives a level-up at the tactical level with new laser and coilgun weapon types and a total of nine—nine!—specialized solider classes. The original game only had five.
But the Advent forces have been bolstered as well. You’ll face new unit variants that pack enhanced firepower and capabilities, and the Advent forces will have the ability to call in endless reinforcements in some missions. Making things even more tense, if you have to call in the Skyranger for a hot extraction when things go pear-shaped, you’ll now need to wait for your aerial rescue to actually fly into the battleground.
While the first Long War required XCOM’s premium Enemy Within expansion, you don’t need any of XCOM 2’s DLC to run this—just the base game. Pavonis says all of its previous XCOM 2 mods are already integrated directly into Long War 2, though it can’t guarantee that other mods work with this total conversion.
All in all, Long War 2 looks to bring a healthy dose of 4X-like strategy and even more battlefield complexity to XCOM 2’s tactical brilliance. Modding is a major factor in PC gaming’s greatness and this mod goes much, much deeper than most. Long War 2 looks like just the excuse I’ve been waiting for to fire up XCOM 2 yet again. I guess I know what I’m doing tonight. And tomorrow night. And the night after....
This story, "XCOM 2's eagerly anticipated Long War 2 total conversion mod released in Steam Workshop" was originally published by PCWorld.
New Senate bill seeks sweeping H-1B changes
H-1B visas should be distributed to U.S. grads first, not outsourcing firms, say Senators Chuck Grassley and Dick Durbin
A new bill in Congress would give foreign students who graduate from U.S. schools priority in getting an H-1B visa.
The legislation also "explicitly prohibits" the replacement of American workers by visa holders.
This bill, the H-1B and L-1 Visa Reform Act, was announced Thursday by its co-sponsors, U.S. Senators Chuck Grassley (R-Iowa) and Sen. Dick Durbin (D-Ill.), longtime allies on H-1B reform. Grassley is chairman of the Senate Judiciary Committee, which gives this bill an immediate big leg up in the legislative process.
This legislation would end the annual random distribution, via a lottery, of H-1B visas, and replace it with a system to give priority to certain types of students.
"Congress created these programs to complement America's high-skilled workforce, not replace it," said Grassley, in a statement. "Unfortunately, some companies are trying to exploit the programs by cutting American workers for cheaper labor."
Foreign nationals in the best position to get one of the 85,000 H-1B visas issued annually will have earned an advanced degree from a U.S. school, have a well-paying job offer, and have preferred skills. The specific skills weren't identified, but will likely be STEM-related.
It will be up to the U.S. Citizenship and Immigration Service to develop this priority system.
The bill requires "all employers who seek to hire H-1B visa holders to first make a good-faith effort to recruit American workers." This is something Grassley and Durbin have long sought in prior bills, but faced opposition from industry.
IT services firms that use H-1B workers to offshore work will face new restrictions. The bill prohibits a firm with "more than 50 employees, of which at least half are H-1B or L-1 holders, from hiring additional H-1B employees."
President-elect Donald Trump's administration -- which takes office Friday at noon -- is also considering changes to the visa lottery system, and it's entirely possible that he could order reforms in advance of legislation.
Among the ideas that are circulating is a distribution system that gives priority to salary and/or favors non-dependent H-1B-using firms over H-1B-dependent firms. A dependent firm is a classification given to an employer that has 15% or more workers on a visa.
There are a lot of other provisions in the Grassley-Durbin bill. It would "enhance" the ability of the U.S. Department of Labor to conduct investigations. It would require new data reporting, including the gender of H-1B workers, something the government has not made available.
The bill appears to raise the wages of L-1 workers, and includes new enforcement and audits. The L-1 is used for intra-company transfers.
"For years, foreign outsourcing companies have used loopholes in the laws to displace qualified American workers and facilitate the outsourcing of American jobs," said Durbin. "The H-1B and L-1 Visa Reform Act would end these abuses and protect American and foreign workers from exploitation."
This story, "New Senate bill seeks sweeping H-1B changes" was originally published by Computerworld.
January security update starts hitting Samsung Galaxy Note 4
January security update starts hitting Samsung Galaxy Note 4
Samsung has started rolling out a new update to its Galaxy Note 4 smartphone. Currently hitting units in Germany, the update brings Android security fixes for the month of January.
Although it's not set in stone, the Netherlands, Poland, and the UK should be next in line to receive the update.
As is usually the case with OTA roll-outs, it may take some time for the update to hit your device. Meanwhile, if you feel impatient, you can manually check for the update by heading to your handset's Settings menu.
LeEco’s phones and TVs are now at Amazon
LeEco’s phones and TVs are now at Amazon
LeEco makes another massive step towards stating its presence at the US market. The Chinese company is selling two of its smartphones and three 4K Ultra HD TVs at Amazon with free shipping across the United States.
Le Pro 3 was one of the first smartphones with the updated Snapdragon 821 when it was released. It was followed by LeEco S3, a mid-ranger with more affordable specifications.
Since today they are both available at Amazon. The Le Pro 3 is priced at $399.99 and comes with 4GB RAM and 64GB internal storage, like we told you earlier. Sadly, the only color option of the device is gold.
The Le S3 has 3GB RAM, 32 GB internal storage and luckily, two color options - gold or silver. The device is priced at $249.99 with free delivery across US, as is Le Pro 3.
LeEco is innovative company that manufactures everything from smartphones through bikes to hybrid cars (or at least it plans to manufacture one some day).
That’s why we aren’t surprised to see some TVs in its portfolio at Amazon, especially after they acquired Vizio last summer. Three flat screen TVs from the Super4 X series are for sale - the 43” is $449.99, the 55” is $699.99 and the 65” is $1,099.99. All three devices are $100 off which makes it quite the bargain.
LG Aristo announced for T-Mobile and MetroPCS, only $59 on prepaid
LG Aristo announced for T-Mobile and MetroPCS, only $59 on prepaid
LG has unveiled a new smartphone today, and this one is headed to T-Mobile and MetroPCS. It's called LG Aristo and can't boast high-end specs, but it does at least run Android 7.0 Nougat and it's going to be very cheap.
The LG Aristo has a 5-inch 720p touchscreen, the Snapdragon 425 chipset at the helm, 1.5GB of RAM, 16GB of expandable storage, a 13 MP main camera, a 5 MP selfie shooter, 4G LTE with VoLTE support, Wi-Fi calling, and a 2,410 mAh battery. A fingerprint scanner is on the back.
It will land at MetroPCS first, on January 23. You'll be able to grab it from the prepaid carrier for just $59 after an instant rebate. On January 25 it will become available at T-Mobile too, where you can purchase one for $144 full price or $0 down and then 24 monthly installments of $6. For a limited time, the magenta carrier will offer 25% off a case and screen protector for the phone when you buy all three together.
Android 7.1.1-powered Xiaomi Mi 4c spotted on Geekbench
Android 7.1.1-powered Xiaomi Mi 4c spotted on Geekbench
The the Xiaomi Mi 4c, which was launched way back in September 2015 with Lollipop onboard, will soon get the Nougat update. The company has already started testing the promised update as a device running the latest Nougat version (Android 7.1.1) has been spotted on the Geekbench benchmarking website.
Sadly, there's currently no information on when exactly the update will be rolled out. Here's hoping that testing goes smoothly and it comes sooner rather than later.
Sony G3221 passes through AnTuTu, will have 23MP + 16MP cameras
Sony G3221 passes through AnTuTu, will have 23MP + 16MP cameras
User agent profiles showed that Sony’s upcoming G3221 will sport a Helio P20 chipset and now an AnTuTu screenshot offers some additional details.
The chipset will be paired with a hearty 4GB of RAM and 64GB storage and will run Android 7.0 Nougat at launch. The Sony G3221 also sports a 23MP main camera and a 16MP selfie cam, plus a 1080p screen.
AnTuTu screenshot of Sony G3221
The Xperia M5, which launched in mid-2015 had similar specs (except it was powered by a Helio X10), perhaps we’re looking at a successor.
Samsung expects big profit despite Note 7 crisis
The company's profit is expected to have soared nearly 50 percent in the fourth quarter
The financial impact of the Note 7 recall seems to be largely behind Samsung Electronics, which on Friday forecast that its profit has grown year-on-year by close to 50 percent in the fourth quarter.
A major proportion of the profit of the largest smartphone company is expected to come from components such as memory chips and display panels, rather than from smartphones, according to analysts, a shift that was noticed in the third quarter as well.
“They were fortunate that their memory and displays businesses could offset the doom and gloom resulting from the Note 7 debacle last quarter,” said Bryan Ma, vice president for devices research at IDC.
Samsung said in its earnings guidance released Friday that its profit in the fourth quarter is expected to be 9.2 trillion Korean won ($7.6 billion), up from 6.14 trillion won in the same quarter last year. Revenue for the quarter is expected to be around 53 trillion won, which is about the same as in the fourth quarter of the previous year.
The South Korean company suffered a major hit to its reputation and finances following its announcement of a recall and later the stopping of production in October of the Galaxy Note 7 smartphones after its lithium-ion batteries were found to overheat and even explode. Samsung has not provided yet a detailed explanation of what really went wrong with the phones.
“Moving forward, they still need to publicly explain the reason for the battery problems; it’s a critical step toward reassuring consumers that their products can be trusted,” Ma said.
Following the Note 7 debacle, the company revised its revenue and profit forecast for the third quarter. It said in October that revenue for the quarter was likely to be about 47 trillion won, down from the 49 trillion won that it had expected earlier in that month in a preliminary forecast. Operating profit was expected to drop by about 2.6 trillion won to 5.2 trillion won.
While the profit of the company’s mobile business not unexpectedly fell to 0.10 trillion won in the third quarter, its semiconductor profit was 3.37 trillion won, driven by demand for memory chips, particularly high density and high-performance mobile and server products. Its display panel business earned 1.02 trillion won in operating profit for the quarter because of increased earnings on OLED panels and increased shipments of large-sized LCD TV panels.
Rival Apple appears to be far more profitable than Samsung in the smartphone business as it does not play in the low-end segment where fierce competition from Chinese vendors has cut into margins. In the third quarter, Apple cornered 91 percent of total worldwide operating profits of $9.4 billion earned by smartphone companies, according to research firm Strategy Analytics. The other companies figuring in the list were Chinese vendors like Huawei, Vivo and Oppo.
More than 10,000 exposed MongoDB databases deleted by ransomware groups
Five groups of attackers are competing to delete as many publicly accessible MongoDB databases as possible
Groups of attackers have adopted a new tactic that involves deleting publicly exposed MongoDB databases and asking for money to restore them. In a matter of days, the number of affected databases has risen from hundreds to more than 10,000.
The issue of misconfigured MongoDB installations, allowing anyone on the internet to access sensitive data, is not new. Researchers have been finding such open databases for years, and the latest estimate puts their number at more than 99,000.
On Monday, security researcher Victor Gevers from the GDI Foundation reported that he found almost 200 instances of publicly exposed MongoDB databases that had been wiped and held to ransom by an attacker or a group of attackers named Harak1r1.
The attackers left a message behind for the database administrators asking for 0.2 bitcoins (around $180) to return the data.
A day later, the number of databases wiped by Harak1r1 had reached 2,500 and by Friday, more than 8,600 had been affected and contained the ransom message.
In addition, other attackers have joined the scheme, researchers counting at least five groups with different ransom messages so far. Together, the groups deleted 10,500 databases, and in some cases, they’ve replaced each other’s ransom messages.
The bad news is that most of them don’t even bother copying the data before deleting it, so even if the victims decide to pay, there’s a high chance they won’t get their information back.
Gevers said he has helped some victims and there was no evidence in the logs that the data had been exfiltrated. He advises affected database owners not to pay and to get help from security professionals.
MongoDB administrators are advised to follow the steps on the security checklist from the MongoDB documentation in order to lock down their deployments and prevent unauthorized access.
Intel's Optane: What users can expect in PCs and when it will ship
Here's a lowdown on what users can expect from Intel's superfast Optane storage
Intel is known for cranking up PC speeds to new highs, and it's doing the same for storage with the super fast Optane.
Optane, which Intel claims will replace today's SSDs and DRAM, is exciting for many reasons. Game play, PC booting, and productivity applications will be much faster with the new class of storage and memory.
Intel has said Optane could be up to 10 times faster than conventional SSDs, but real-world tests on the storage have yet to be done. The first Optane storage was announced at CES, but it's only in the form of low-capacity 16GB and 32GB units to be used as cache and not as primary storage.
The initial Optanes will not have a meaty capacity, but it will be a good start to test and play with the storage, said Pat Kannar, marketing director for Precision desktops at Dell.
"You are going to see it roll in higher densities and capacities over the next few years, and different form factors too," Kannar said.
Optane still remains a bit of a mystery, but here's what we know based on data gathered from Intel and PC makers.
What is Optane?
Optane is based on a technology called 3D Xpoint, in which memory cells sit in a three-dimensional mesh. Intel and Micron -- which share many memory manufacturing resources -- cooperated on the development of the technology.
The first 16GB and 32GB storage will work only on PCs with Kaby Lake chips. It won't work on PCs with older Intel chips like Skylake or Broadwell or on PCs with AMD chips. While the new Optanes are exclusive to Kaby Lake, that could change in the future.
Ultimately, Intel will ship large-capacity Optane SSDs, which will replace conventional SSDs. Intel will also ship the versatile Optane as a DRAM replacement that could plug into DIMM slots. The Optane memory will be denser and retain data, unlike DRAM, which deletes data once a PC is turned off.
When will Optane ship?
Intel says the low-capacity Optane storage will ship in the second quarter of this year, and PC makers indicated it could be a while before large-capacity Optane SSDs are available. The large-capacity Optane SSDs will likely be installed in servers before coming to PCs. Facebook and IBM are already testing large-capacity SSDs in servers.
Like any new storage technology, Optane won't be cheap. Optane technology is still being produced in limited quantities in a factory in Dalian, China. The production will ramp up over time, reducing the cost of making Optane. Intel is projecting a quick switch to mass production, when prices will start dropping.
What systems will Optane be used in?
Many PCs that will get the 16GB or 32GB Optane storage installed were announced at CES this week. The storage initially will go into sockets on motherboards. Ultimately, you'll be able to plug in large-capacity Optane storage into m.2 or 2.5-inch slots.
The first laptop announced was Lenovo's ThinkPad T570, with a price starting at US $909. It'll have an optional 16GB Optane PCIe M.2 2242-S3, but the laptop's price will shoot up if you select that storage option. The laptop will ship in March, though the Optane option may be available later.
HP's revamped Envy Curved All-in-One 34 with Kaby Lake will get Optane during the spring update to the product, said Mike Nash, vice president of product management for consumer PC and solutions at the company. Nash declined to provide a specific timeline, but it is in line with Intel's planned second-quarter release of Optane.
Dell plans to install Optane in some of its Precision laptops and OptiPlex desktops around June. Intel's new "tall" NUC systems -- the NUC7i3BNH with 7th Generation Core i3, NUC7i5BNH with Core i5, and the NUC7i7BNH with Core i7 — will support Optane.
Supermicro also announced new SuperO motherboards for gaming and business PCs with support for Optane.
Optane could make hard drives relevant again
For Dell's Kannar, Optane will make it feasible to put traditional hard drives into laptops or desktops, especially if you are on a budget.
A PC with a hard drive as primary storage and an Optane cache could load the OS and applications faster than an all-SSD system, Kannar said. The trick is that Optane -- which is closer to the CPU -- would need to hold images of the OS and key applications.
"It's cheaper to do that in some cases than having an all-SSD system," Kannar said.
But, of course, having Optane alongside SSD as primary storage will be much faster, but more expensive.
Optane is plug and play for Windows
There are also questions of how Optane will work with various OSes. Intel has said software will need to be adjusted to effectively work with Optane.
PC makers said its likely Windows 10 will be aware of Optane, thanks to Intel drivers and technologies like the chipmaker's RST (Rapid Storage Technology), which will harness the speed of Optane. Questions still remain on whether Linux and MacOS will have similar plug-and-play capabilities. Linux is notorious for being late on adding support for new technologies.
Open source server simplifies HTTPS, security certificates
Forget expired TLS certificates; the lightweight Caddy web server handles Let's Encrypt certificates and redirects HTTP traffic by default
For administrators seeking an easier method to turn on HTTPS for their websites, there is Caddy, an open source web server that automatically sets up security certificates and serves sites over HTTPS by default.
Built on Go 1.7.4, Caddy is a lightweight web server that supports HTTP/2 out of the box and automatically integrates with any ACME-enabled certificate authority such as Let’s Encrypt. HTTP/2 is enabled by default when the site is served over HTTPS, and administrators using Caddy will never have to deal with expired TLS certificates for their websites, as Caddy handles the process of obtaining and deploying certificates.
“Caddy exists to make the whole experience better for the people who create the Web,” Matt Holt, the project’s maintainer, wrote shortly after its launch.
Securing all web content over HTTPS is now a necessary step to keep all online communications and transactions secure and private from malware, targeted attacks, and surveillance. Obtaining security certificates and setting up the certificates have been traditionally difficult, but that is beginning to change due to several new tools and services designed to improve certificate management.
For example, cloud security company CloudFlare issues security certificates to all websites using its service. Free certificate authority Let’s Encrypt provides security certificates and deployment tools so that anyone can set up their websites to use HTTPS. The hard part left is setting up the web server and configuring it correctly to work with the certificate—Let’s Encrypt has taken care of that, too. Caddy further simplifies the task as it automatically configures HTTPS via free Let’s Encrypt certificates.
Caddy redirects non-HTTPS traffic to HTTPS by default. The administrator doesn't have to use Let’s Encrypt certificates to get the same benefits. The web server also takes care of periodically rotating TLS session keys, which helps preserve perfect forward secrecy; even if keys are inadvertently exposed, they cannot be used to decrypt older encrypted sessions.
While intended to be a static file web server, Caddy can serve up dynamic PHP through FastCGI. It can also be used inside a Docker container. It can also be extended with new features, with add-ons for Prometheus metrics, IP filtering, search, Cross Origin Resource Sharing, and JSONP, to name a few.
Because Caddy is written in Go, it's cross-platform and works the same across operating systems, including Windows, Mac, Linux, BSD, and Solaris. Caddy’s developers avoided using certain libraries that aren’t always available on Windows systems, ensuring that critical Caddy features don’t get locked into specific operating systems.
Don’t make the mistake of thinking Caddy will dislodge Nginx or Apache from enterprise networks anytime soon—the project is suitable for quick prototyping, test environments, and internal applications.
Caddy has been around for more than a year, and its latest version, 0.9.4, added new features such as support for statically compressed .gz or .br files and the ability to specify multiple back ends to a single FastCGI proxy for basic load balancing. The new version also picked up the option to customize TLS curve preferences and support Must-Staple on managed certificates.
When it comes to security, enterprises often shy away from open source projects because of the trust factor. There is always the question of support, whether the project will continue to be actively maintained and supported, but the more pressing question is whether the security components can be trusted. Security projects, in particular, benefit from an independent security audit since it identifies potential issues and confirms that the underlying security foundation is sound. Caddy could benefit from having an audit—but those assessments can get expensive.
Caddy is still in its infancy compared to enterprise favorites such as Apache, IIS, and Nginx, but the project is already getting big-name support from Mozilla. Caddy was one of the nine open source projects supported by Mozilla Open Source Support (MOSS), which provides funding for “open source projects that contribute to our work and the health of the Web.” Of the $545,000 Mozilla set aside for MOSS, Caddy received $50,000. The award was earmarked for adding a REST API, improving the Web UI, and developing new documentation to make it easier to deploy more services with TLS.
MongoDB ransomware attacks sign criminals are going after servers, applications
Ransomware is lucrative, and attackers looking for new ways to extort enterprises are going after data stored on web and app servers, even SaaS apps
The tremendous success of ransomware infections over the past year showed cybercriminals that holding data for ransom is the key to making money from online attacks. Ransom-based attacks are evolving, and if enterprise defenders aren’t careful, they are going to soon see more ransom notes popping up on their servers, databases, and back-end applications.
Consider last week's events: After Victor Gevers, a security researcher and founder of GDI Foundation, reported several hundred instances of publicly exposed MongoDB installations had been wiped and held for ransom over the previous two weeks, several other attackers joined in, bumping the number of compromised databases from several hundred to more than 10,000.
The attackers didn’t need to bother with malware to gain access to the database or the information saved within—the door was wide open since these MongoDB installations used the default configuration, which allowed unauthenticated connections via port 27017. These databases were fully accessible from the internet, and anyone connecting via that port had full administrator rights to read, create, update, and delete records.
While compromising a few systems and encrypting the data in large enterprises will continue to be lucrative—health care facilities paid out thousands of dollars in 2016 to regain control of their data and systems—attackers are going to change tactics to keep their income stream flowing. Databases, web servers, application servers, enterprise resource planning (ERP) systems, and other enterprise applications all contain valuable information that can disrupt business operations if stolen.
“Attackers are always looking to increase the value of what they steal,” said Jeff Schilling, chief of operations and security at cloud security provider Armor.
It’s a safe bet that even if the enterprise doesn’t use MongoDB, which is widely used in big data and heavy analytics environments, it may be running other servers or applications that are accessible from the internet and vulnerable to attack. Criminals can easily shift their attacks to those servers and applications. Already, last spring, researchers from Cisco’s Talos Security Intelligence and Research Group found that attackers were exploiting vulnerabilities in JBoss application servers to spread SamSam ransomware.
New targets, new victims
The data contained on those systems don’t have to be something the attacker can sell on the black market—it simply needs to be valuable to the owner. It doesn’t matter if the database or back-end system doesn’t have financial data or transactional information. Application source code, personnel files, organization data, and entire application servers are all valuable.
“As long as it’s valuable to someone, attackers can target it for ransomware in order to make a profit,” said Jordan Wright, an R&D engineer at authentication company Duo Security.
Ransoms are most effective when there are no backups to restore the data. While most enterprises typically have some kind of backup strategy in place for databases and critical enterprise applications, they may still be forced to pay because of the perception that it will take too long to restore from backups.
In the case of those enterprises with compromised MongoDB installations, at least 20 victims sent the 0.2 BTC ransom (about $220 at current prices) to the bitcoin address used by the initial attacker between Dec. 21, 2016 and Jan. 6, 2017, according to information available on Blockchain.info.
Imagine being an Oracle or SAP administrator and one day finding that an attacker had copied all the data and then wiped the systems.
In case the idea of data stolen from code repositories and databases wasn’t scary enough, SaaS apps could become the next ransom target, Schilling said. An attacker could demand the ransom from the SaaS provider by successfully breaking into the network and disrupting operations, or from the SaaS customer by preventing the customer from accessing the data. A network breach on the provider side seems unlikely, but not impossible, since SaaS companies tend to invest heavily in securing their infrastructure.
Then the massive DDoS attack against DNS provider Dyn affected SaaS providers adversely, without even touching their networks. That ransom demand could have gone sky-high, had the attackers gone that route.
Customer-side ransoms sound even more likely. There are already ransomware strains capable of encrypting data on cloud storage sites by infecting a computer that had a synced folder. Attackers can use stolen or compromised credentials to gain access to the customer’s SaaS instance and all the associated data. Whether the customer would pay would depend on how quickly—and completely—the provider would be able to restore the data.
All kinds of attacks, not malware alone
It will be a mistake to keep focusing on the malware. Yes, there are reports of ransomware on Smart TVs, and malware will continue to encrypt data stored in enterprise networks. However, ransomware isn’t the only way cybercriminals have extorted enterprises in the past, and it isn’t going to be the only approach going forward.
Remember that the attackers behind Sony Pictures demanded “monetary compensation.” And ProtonMail and Feedly both were slammed with DDoS attacks when they refused to pay.
Cybercriminals are going to make money however they can, and if it is easier to compromise the database by exploiting unpatched remote code execution vulnerabilities and escalation of privilege flaws, or through spear phishing, they aren’t going to bother to try to infect the server with malware. Or they may use a combination of scripting languages such as PowerShell and JavaScript to compromise systems, which doesn’t leave behind any malware samples for defenders to detect.
Defender checklist
Attackers are trying to figure out which types of data companies consider valuable and which organizations are more likely to pay. The initial MongoDB attacks were originally nondiscriminating and compromised any open MongoDB installations, but security researchers believe the latest attacks are more selective, targeting health care providers, telecommunications companies, data brokers, and electric utility firms.
IT teams need to expand their focus and look at all the various ways their data could be stolen. Don’t get bogged down looking for malware samples or signs of infections, because the attacker demanding the ransom may use other methods to hold the data.
Attackers connected to vulnerable MongoDB installations via port 27017. Organizations using the default installation of MongoDB should update their software, set up authentication, and lock down port 27017.
That advice applies to other databases, servers, and applications as well. ERP systems such as SAP need to be configured to consider security. Database ports should be locked down. Software updates should be applied as soon as possible. Restrict remote access and require strong authentication for any user accounts that require remote access rights.
Administrators need to control and limit access to their organization’s data stored in their servers as well as in cloud applications. “Without mitigating controls like two-factor authentication, attackers can take over the data a user has access to by simply sending a phishing email,” Wright said.
IT teams need to stop thinking of ransomware as a malware infection and start thinking of a broad range of attacks that have an extortion component. This means beefing up data breach detection capabilities, securing systems so that data can’t be easily obtained, protecting the data even when defenses fail, and improving incident analysis, so they can investigate thoroughly when something goes wrong. The attacks against MongoDB installations are only the beginning.
IBM scores most patents in 2016, Apple doesn’t crack Top 10
Top 5 patent recipients unchanged in 2016 patent race
The five companies that earned the most U.S. patents last year are the same five companies that dominated the 2015 ranking of top patent recipients: IBM, Samsung, Canon, Qualcomm and Google.
IBM earned the No. 1 slot for the 24th consecutive year with 8,088 patents granted to its inventors in 2016. Samsung, again ranked second, earned 5,518 patents, and Canon came away with 3,665. Rounding out the Top 5 just as they did in 2015 are Qualcomm with 2,897 patents and Google with 2,835 patents.
Overall, 2016 saw 304,126 utility patent grants, which is the most on record in a single year, according to data compiled by IFI CLAIMS Patent Services. IFI, which specializes in patent analysis, tracks utility patents from the U.S. Patent and Trademark Office (USPTO), and each year it releases its annual ranking of the top 50 recipients.
Apple held its No. 11 ranking and saw an 8 percent increase in grants, which brought it to 2,102 patents. Cisco climbed two spots on the ranking to No. 34, earning 978 patents last year compared to 960 in 2015.
BE SURE NOT TO MISS:
- 8 big data predictions for 2017
- Tech jobs due for biggest raises
- 7 hiring trends for 2017
Big patent gainers in 2016 include Nokia, which earned 695 patents, a gain of 74 percent compared to a year ago; Huawei Technologies, which grew its patent numbers by 50 percent to 1,202; and Amazon, which earned 1,662 patents for a gain of 46 percent.
The largest gain, percentage-wise, went to GlobalFountries, which earned 1,407 patents in 2016 compared to 609 patents in 2015 – a spike of 131 percent. GlobalFoundries gained patent momentum from recent IBM semiconductor acquisitions, according to IFI CLAIMS.
Here are the Top 50 patent assignees in 2016, as calculated by IFI CLAIMS.
IFI CLAIMS makes available its full list of the top 1,000 patent recipients; free registration is required.
This story, "IBM scores most patents in 2016, Apple doesn’t crack Top 10" was originally published by Network World.
This tool can help weed out hard-coded keys from software projects
Truffle Hog can find access tokens and keys that are 20 characters or longer inside source code repositories
A security researcher has developed a tool that can automatically detect sensitive access keys that have been hard-coded inside software projects.
The Truffle Hog tool was created by U.S.-based researcher Dylan Ayrey and is written in Python. It searches for hard-coded access keys by scanning deep inside git code repositories for strings that are 20 or more characters and which have a high entropy. A high Shannon entropy, named after American mathematician Claude E. Shannon, would suggest a level of randomness that makes it a candidate for a cryptographic secret, like an access token.
Hard-coding access tokens for various services in software projects is considered a security risk because those tokens can be extracted without much effort by hackers. Unfortunately this practice is very common.
In 2014 a researcher found almost 10,000 access keys for Amazon Web Services and Elastic Compute Cloud left by developers inside publicly accessible code on GitHub. Amazon has since started scanning GitHub for such keys itself and revoking them.
Last year researchers from Detectify found 1,500 Slack tokens hard-coded by developers into GitHub projects, many of them providing access to chats, files, private messages, and other sensitive data shared inside Slack teams.
In 2015, a study by researchers from Technical University and the Fraunhofer Institute for Secure Information Technology in Darmstadt, Germany, uncovered over 1,000 access credentials for Backend-as-a-Service (BaaS) frameworks stored inside Android and iOS applications. Those credentials unlocked access to more than 18.5 million records containing 56 million data items stored on BaaS providers like Facebook-owned Parse, CloudMine or Amazon Web Services.
Truffle Hog digs deep into a project’s commit history and branches. It will evaluate the Shannon entropy for both the base64 and hexadecimal character set for every blob of text greater than 20 characters, Ayrey said in the project’s description.
The tool is available on GitHub and requires the GitPython library to run. Companies and independent developers can use it to scan their own software projects before hackers do so.
CyberPowerPC's Oculus-ready system costs $499 -- if you buy a Rift
Prices of VR desktops are falling
CyberPowerPC's $499.99 Gamer Ultra VR is the first desktop ready for the Oculus Rift headset that is priced under $500, but there's a caveat.
You'll need to buy it with the Oculus Rift headset, which costs more than the PC at $599.99.
The bundle will put you back $1,099.98, but that's still a good deal for an Oculus Rift plus desktop, which could otherwise get pretty expensive.
The Gamer Ultra VR desktop is available on Best Buy and will also be sold by Amazon. The standalone price for the desktop without the headset is $649.99 on both Best Buy and Amazon.
By way of comparison, the company's VR-ready desktops with more powerful GPUs, like Nvidia's GeForce GTX 1060 and AMD's RX 480, start at about $800, also not including the headset.
The red and black Gamer Ultra VR includes AMD's quad-core FX-4350 CPU and Radeon RX 470 GPU. It'll also have 8GB of memory, a 1TB hard drive, three USB 3.0 ports, seven USB 2.0 ports and an HDMI slot.
An important detail: CyberPowerPC has not identified the desktop as being ready for the HTC Vive VR headset, which has its own set of minimum hardware specifications. Vive-certified PCs have more demanding minimum hardware requirements that include AMD's FX-8350 CPU and Radeon RX 480 GPU.
Until now, VR-ready PCs were mainly for buyers who could afford high-priced desktops with top GPUs. But key technologies developed by Oculus have helped bring down the GPU requirements and the prices of PCs that are certified to run its VR headset.
Oculus's Asynchronous SpaceWarp helps the RX 470 GPU in the Gamer Ultra VR deliver a high-end VR experience at a fraction of the cost.
ASW smooths out the VR experience by creating "synthetic frames" that pump up the frame rate for a better VR experience. It does so by analyzing previous frames, head movement and motion. For example, if a GPU were delivering 45 frames per second, ASW's calculations could virtually pump that up to 90 frames per second to improve VR.
ASW "almost halves the CPU/GPU time required to produce nearly the same output from the same content," according to Oculus.
Gartner is expecting shipments of VR-capable PCs to go up as interest in head-mounted displays grows. Prices of the desktops should continue to fall as lower-end GPUs add support for VR headsets.
MIT creates 3D printed graphene that’s lighter than air, 10X stronger than steel
The research also disproved that 3D graphene could replace helium in balloons
MIT researchers have been able to use graphene to print 3D objects with a geometry that has 10 times the strength of steel but only a fraction of the wieght.
The discovery using the strongest material there is has the potential to enable lightweight products for airplanes, cars, buildings and even filtration devices because of the printed objects' porous designs.
In its typical two-dimensional, flat state graphene is only one atom thick, so like a sheet of paper it is flimsy and easily torn. But, graphene also conducts electricity efficiently and is nearly transparent.
Until now, researchers struggled to use graphene's two-dimensional strength in three-dimensional materials.
Zhao Qin This illustration shows the simulation results of tensile and compression tests on 3D graphene.
Because of the extraordinary thinness, "they are not very useful for making 3D materials that could be used in vehicles, buildings, or devices," Markus Buehler, the head of MIT's Department of Civil and Environmental Engineering (CEE), said in a statement. "What we've done is to realize the wish of translating these 2D materials into three-dimensional structures."
The researchers created the new graphene structures using a proprietary, multi-material 3D printer; the structures have a "sponge-like" configuration with a density of just 5%.
Combining heat and pressure, the MIT researchers were able to compress small flakes of graphene to produce a strong, stable structure "whose form resembles that of some corals and microscopic creatures called diatoms." The new shapes contained an enormous surface area in proportion to their volume, and proved to be remarkably strong.
The researchers' results were published last week in the journal Science Advances.
The research provided data about the critical densities below which the 3D graphene assembly starts to lose its mechanical advantage over most polymeric cellular materials, the researchers said.
"Once we created these 3D structures, we wanted to see what's the limit — what's the strongest possible material we can produce," McAfee Professor of Engineering Zhao Qin said.
To test the 3D printed graphene's strength, the researchers created a variety of three dimensional models and then subjected them to various tests.
"In computational simulations, which mimic the loading conditions in the tensile and compression tests performed in a tensile loading machine, one of our samples has 5% the density of steel, but 10 times the strength," Qin said.
Just as rolling a piece of paper increases its strength, creating 3D printed geometries with graphene increased its ability to support substantial weight.
The new configurations were made in the lab using a high-resolution, multi-material 3-D printer. They were mechanically tested for their tensile and compressive properties and simulated using the team's theoretical models. The results from the printed models and the simulations matched.
Because graphene materials used by previous researchers can be lighter than air, some considered whether when used in a vacuum, the graphene structures could serve as a substitute for helium in unpowered flight.
Because of the MIT researchers' more accurate computational modeling, the use of graphene as a replacement for helium in balloons was ruled out because the material would not have sufficient strength and would collapse from the surrounding air pressure.
The MIT researchers, however, found that there were many other applications for the graphene 3D structures where a combination of extreme strength and light weight could be a benefit.
"You could either use the real graphene material or use the geometry we discovered with other materials, like polymers or metals," Buehler stated. "You can replace the material itself with anything. The geometry is the dominant factor. It's something that has the potential to transfer to many things."
This story, "MIT creates 3D printed graphene that’s lighter than air, 10X stronger than steel" was originally published by Computerworld.
Huawei forecasts slower revenue growth this year, greater uncertainties for 2017
Huawei forecasts slower revenue growth this year, greater uncertainties for 2017
For 2015, Chinese smartphone manufacturer Huawei had reported a revenue growth of 35%. However, for the ongoing year, the company expects the rate to be somewhere around 32%. This was revealed by Eric Xu, Huawei's chief executive, in a New Year's message to company employees.
"The year 2016 has seen a flock of black swans – both political and economic – sweep across the globe," the CEO said. "Nevertheless, we have remained focused on our strategy and have patiently applied ourselves to making breakthroughs and creating real value for our customers."
The company doesn't seem too optimistic for the coming year as well. "In 2017, we will face even greater global political and economic uncertainties," Xu said.
The company recently announced that global shipments of its P9 and P9 Plus smartphones have crossed the 10 million mark, making them Huawei's first flagship series to hit the milestone.
Official Samsung Galaxy S7 and S7 edge Nougat manuals are now available
Official Samsung Galaxy S7 and S7 edge Nougat manuals are now available
Earlier today, we learned that the beta program for Nougat on Samsung's latest flagship pair is officially over. This was shared along with a suggested release time frame of January 2017 for the consumer version.
But, if that wasn't enough to prove Samsung is really working hard on the OTA, it appears the support documentation for both models has now been updated to reflect the OS change and is already spreading across Samsung regional servers and websites.
The originals in English can be found at the source links, if you want to dig through them, but from what we managed to gather, the lengthy PDFs hold little extra info on the upcoming software experience, lined up for the S7 pair. A few screenshots scattered here and there do showcase some aspects of the UI refresh. For instance, we can clearly see how the new top row of quick toggles on the shade is going to look and behave.
Also, a few screen grabs from the camera UI show a more polished appearance and control scheme. The camera can now lock focus on one spot of the viewfinder and then get the expose settings from a different one.
Other notable additions include the adoption of the actionable style lockscreen notifications that made a debut on the now canceled Galaxy Note7. Also, the Smart Manager might be called Device Maintenance from now on, but with no obvious change in functionality.
It is also interesting to note that Secure Folder isn't mentioned in the manual. This fits nicely with an earlier rumor that Samsung will start offering the privacy platform as a download on supported devices. This might actually debut with the OTA as well.
Dual selfie-camera sporting vivo V5 Plus to launch this month
Dual selfie-camera sporting vivo V5 Plus to launch this month
After launching the V5 back in November last year, Chinese smartphone manufacturer vivo is all set to launch a Plus variant of the phone this month. The company has started sending out press invites for a January 23 event in India.
As the invite clearly indicates, the selling point of the V5 Plus would be its dual selfie-camera setup. As for other specifications, nothing is officially confirmed at the moment, but we expect to hear more on it through official teasers in weeks to come.
For those who aren't in the know, the Lenovo Vibe S1 was the first phone to come with two front cameras. It was launched back in November 2015.
Nougat-powered Samsung Galaxy S7 active spotted
Nougat-powered Samsung Galaxy S7 active spotted
The Samsung Galaxy S7 active running Android Nougat has been spotted in a benchmark listing. Specifically, the device with Android version 7.0 has appeared on GFXBench, effectively indicating that the update is in the final testing stages.
Sadly, there's currently no official information on when the update will be rolled out. And chances of it being imminent are very less given that even the Galaxy S7 and S7 edge are yet to receive the final Nougat update, although the beta program for these flagships has ended.
HTC Ocean Note is getting rid of the headphone jack
HTC Ocean Note is getting rid of the headphone jack
We told you about a leaked HTC device named Ocean several weeks ago and now thanks to a Taiwanese source we have more info about it.
Being named HTC Ocean Note, the device will have between 5.5 and 5.7-inch display and as far as we see in the renders, there is no physical keys on the front. But something else is also missing and this is big - the 3.5 mm audio jack is gone. This will be the second device for HTC without the feature after they ditched the headphone jack in the HTC 10 evo or as Sprint customers know it HTC Bolt.
But the leaks tell us even more - HTC Ocean Note will have two more cool features. The first is a curved screen like Samsung Galaxy S7 Edge. The other key selling point is going to be its camera, but we are yet to learn the specifics there.
According to sources the company claims the title “highest ranking from DxOMark” which is currently a title held by Google Pixel with 89. The HTC 10 scores 88 points on the same scale, so improving by 2 points may not be too hard to imagine.
The source tells us Ocean Note will come in three color options and will probably be powered by a MediaTek chipset. Sales will start in time for the Chinese New Year which this year is on 28 January 2017.
Subscribe to:
Posts (Atom)