Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Updated: 1 hour 8 min ago
Microsoft's Cortana and Amazon's Alexa digital assistants can now talk to each other. The collaboration between the two assistants was announced last year and was originally due to become available by the end of 2017.
Microsoft showed how the integration would work at its Build conference earlier this year, and what's rolling out today seems little changed from that demo. From a Cortana-native device (a Windows 10 PC, an Xbox, the Harman Kardon speaker), "Hey Cortana, open Alexa" will switch you to speaking to Alexa. From there, you have access to Alexa's full range of shopping (not that anyone seems to really care about that), music, weather, and so on.
From an Alexa-native device, the opposite incantation—"Alexa, open Cortana"—will open Microsoft's digital assistant for you to check your calendar, manage your to-do list, or listen to some emails.
In the time since I began reviewing cars for Ars Technica, my reviews have settled into a routine. A fresh vehicle pulls into the alley behind my house on Tuesday morning with a full tank of gas and a soft limit of 500 miles of driving. After familiarizing myself with the infotainment system, safety features, and the other peculiarities, I take each car for a 60+ mile drive. I include suburban neighborhoods, arterial streets, expressways, and winding country roads with actual hills and curves (a few of those actually exist around Chicagoland). Then for the rest of the week, I spend time doing the stuff I'd do with any other car: buying groceries, taking my son to rugby practice, driving to church... the usual stuff. It's generally enough to give me a good picture of what a car is and is not capable of.
That said, there is always one question left unanswered at the end of a trip: "How would this car be on a family road trip?"
I reviewed the Alfa Romeo Stelvio Ti last year. Although it was my second review to be published, it was the first car I actually drove. And I liked it. A lot. So when the 505hp, V6 Stelvio Quadrifoglio finally made it to dealers this spring, I had an idea for Alfa Romeo: instead of doing the usual one-week loan, how about letting me see how practical a high-performance, $84,000 SUV is for a family vacation? What it's like to spend day after day in the racing seats? How does this vehicle handle on the winding Pacific Coast Highway?
An app to prevent unwanted pregnancies by tracking a woman’s body temperature has scored a first-of-its-kind marketing approval from the Food and Drug Administration, the agency announced.
The US stamp of approval—which clears the way for similar apps to get the green light—lands as the app’s Swedish maker faces investigations by European authorities into its advertising claims, plus criticism from health experts and reports of dozens of unwanted pregnancies.
The sleek mobile app, called Natural Cycles, boasts 900,000 users worldwide as well as approval from the EU to act as a form of contraceptive. Yet it’s essentially a riff on an old-school “natural family planning” method dressed up for the digital age. An $80 annual subscription for the app comes with an oral thermometer and relies on a user’s basal body temperature (BBT) to estimate the time of ovulation (when an egg is released from an ovary and wanders down the fallopian tube for a potential sperm-rendezvous, which happens at approximately day 14 of a textbook, 28-day cycle).
Not all electricity is created equal. Utilities prioritize getting power from the cheapest sources available. That means that, as use rises to what's typically a mid-afternoon peak, utilities end up sourcing ever more expensive supplies of electricity. By the time we reach the use typical of a late afternoon during a heat wave, the utilities have to call in the most expensive forms of power around—typically, the oldest, least-efficient, and most-polluting plants.
So cutting down on energy use during these peak demand events is in a utility's interests. And, since it's an economic problem, a lot of the solutions have also been economic, like setting higher electricity rates during these times to encourage customers to cut back on use. But a new study suggests that something as simple as a gentle reminder to customers can have a noticeable effect, and stacking reminders can have as much of an impact as raising power prices by 70 percent.A gentle nudge
We've done studies of how people change their energy use in response to economic incentives before, but the effects have generally been pretty small. If you've ever been confronted by a confusion of possible calling/data plans and can't be bothered to figure out which one is the best deal, you probably understand why—the economic incentives often aren't large enough to drive much interest. That's especially true of things like heat-wave-driven electricity peaks, when any altered pricing is likely to last just a few days.
Another day, another speculative execution-based attack. Data protected by Intel's SGX—data that's meant to be protected even from a malicious or hacked kernel—can be read by an attacker thanks to leaks enabled by speculative execution.
Since publication of the Spectre and Meltdown attacks in January this year, security researchers have been taking a close look at speculative execution and the implications it has for security. All high-speed processors today perform speculative execution: they assume certain things (a register will contain a particular value, a branch will go a particular way) and perform calculations on the basis of those assumptions. It's an important design feature of these chips that's essential to their performance, and it has been for 20 years.
Democratic members of Congress want to know when Federal Communications Commission Chairman Ajit Pai knew that the FCC's claims about being hit by a DDoS attack were false.
An FCC Inspector General (IG) investigation found that the FCC lied to members of Congress multiple times in letters that answered questions about DDoS attacks that never happened. Pai's FCC claimed for more than a year that a May 2017 outage in the public comments system was caused by multiple DDoS attacks. In reality, the FCC system crashed because it was unable to handle an influx of comments triggered by comedian John Oliver asking viewers of his program Last Week Tonight to oppose Pai's net neutrality repeal.
Today, four Democrats on the House Energy and Commerce Committee sent a letter to Pai "demanding to know when he and his staff learned that the Commission had provided inaccurate information about why its comment system went down during the net neutrality repeal public comment period," the Democrats said in an announcement.
Greetings, Arsians! Courtesy of our friends at TechBargains, we have another round of deals to share. Today's list is headlined by a deal on Bose's QuietComfort 35 (Series II) wireless noise-cancelling headphones, which are currently down to $299 at Walmart, Amazon, and various other retailers. That's a $50 discount and the lowest non-promo-code price we've seen to date.
We've explained the deal with the QC35s before. While Bose's bass-boosting sound doesn't offer the accuracy or balance of other $300 cans (or even some below that), it's at least smooth. If noise cancellation is your top priority, though, the QC35s are simply stronger at silencing the outside world (particularly low-end frequencies) than their peers. They're also highly comfortable.
The Series II model here is actually a bit less effective at noise-cancellation than the older Series I model mentioned in the link above, but the difference isn't so huge as to be immediately noticeable. Since Bose has discontinued the Series I, you don't have much of a choice anyway. The Series II also adds a shortcut button for quickly accessing Alexa or the Google Assistant, if that's something you'd ever find handy. In any case, we rarely see the Series II on sale, so if you were interested in picking up a pair, today looks like a good opportunity to do so.
The Department of Justice's attempt to reverse the AT&T/Time Warner merger received some help yesterday from an unexpected source: the Federal Communications Commission.
The FCC previously allowed AT&T to buy Time Warner without having to undergo a lengthy public-interest review, despite pushback from Democrats in the Senate and FCC. The DOJ fought the merger alone, ultimately losing a court ruling that allowed AT&T to complete the acquisition.
But the DOJ appealed that court ruling last month, and yesterday the FCC gave the DOJ's case a small boost. The FCC isn't actually supporting the DOJ's case, but the commission's filing points out an error made by the US District Court for the District of Columbia. In US District Judge Richard Leon's ruling against the DOJ, he said that he was "hesitant to assign any significant evidentiary value" to previous statements that AT&T and the AT&T-owned DirecTV made to the FCC. AT&T's own statements to the FCC, made in the years prior to the AT&T/Time Warner merger, supported the DOJ's case that a merged entity could raise the price of programming. Those AT&T statements were made as part of the FCC's 2010 review of the Comcast/NBCUniversal merger and in other FCC proceedings.
Nearly 30,000 people came to Las Vegas last week for the 26th edition of DEF CON, the iconic security conference. And no small amount of the mental energy of that vast crowd was spent on one particular thing: the conference badge.
This year's badges, designed by Tymkrs, were elevated works of printed circuit board art with a collection of LED-lit features, including red and green human figures and a color-shifting DEF CON logo. But it quickly becomes apparent that there was a lot more going on here than just blinking lights.
DEF CON alternates year to year between electronic, hackable badges and non-electronic ones; last year's badges were a throwback design intended to celebrate the conference's 25th anniversary. But every year, the badges include some sort of clue to a cryptographic challenge—three years ago, the badge was an actual vinyl record that required attendees to find a turntable to hear the puzzle clue.
President Trump yesterday signed a defense funding bill that included a sweeping ban on the US government using technology supplied by Chinese telecommunications giants ZTE and Huawei. The bill also includes a narrower ban on using surveillance gear provided by Chinese companies Hytera Communications, Hangzhou Hikvision Digital Technology, or Dahua Technology for national security applications.
The legislation directs federal agencies to stop using the Chinese-made hardware within two years. If that proves impractical, an agency can apply for a waiver to permit a longer phase-out period.
Obviously, being banned from selling to the US government is a significant blow to these companies. But overall the bill actually represents something of a reprieve for ZTE. Back in June, the US Senate passed a version of the bill that would have re-imposed an export ban that would have been a de facto death sentence for ZTE because ZTE is heavily dependent on components like Qualcomm chips and Google's Android operating system.
Despite a lengthy beta period that lasted around fives months, it seems Android 9 Pie managed to ship with a few bugs. As first noticed by Android Police, Pixel XL owners are saying that updating to Google's latest mobile OS is causing problems with quick charging.
Pixels (and many other Android phones) use USB-PD for quick charging. Assuming you have a compatible phone, charger, and cable, users should see greatly increased charging speeds. Android doesn't show the exact power transfer, but it differentiates between normal charging and quick charging with a "charging rapidly" message on the home screen. Some Pixel XL owners on Android Pie say that the "rapidly charging" message never pops up anymore after updating to Pie, while others say that the phone has gotten pickier about what chargers can provide rapid charging. Users are reporting slower charging, too, so it's not just a messaging issue.
A thread on the XDA forums dating all the way back to June and an Android bug report from July show that the issue existed in the Android P betas but was never fixed. Google inexplicably closed the original report with "Status: Won't Fix (Infeasible)" during the beta. After the Android Pie final release, a second bug report was opened and a lot more people started chiming in. Now the bug has been marked as "Assigned."
HAWTHORNE, Calif.—Across the cavernous rocket factory, the buzz, whirr, and whine of various machinery never ebbed. Even when the president of SpaceX and four blue-suited astronauts strode confidently onto the factory floor Monday afternoon and took up microphones to address several dozen reporters, the incessant work inside the SpaceX Falcon 9 hatchery continued.
On one side of the factory, technicians produced rolls of carbon fiber and built myriad payload fairings, which cannot yet be reused during a launch. To meet its cadence of a launch every other week, SpaceX must build at least two of these each month. Another section of the factory fabricated the Merlin 1-D rocket engines that power the Falcon 9 rocket’s first stage. And in another large white room behind glass, several Dragon spacecraft were in various states of completion.
So when Gwynne Shotwell stopped in front of this Dragon clean room, held a microphone aloft, and welcomed her “extraordinary” astronaut guests to the factory, the noise did not abate. Rather, it seemed to crescendo as Shotwell raised her voice to introduce the crew of SpaceX’s first human mission, NASA astronauts Doug Hurley and Bob Behnken. Likewise, the din continued as she welcomed Mike Hopkins and Victor Glover, crew members for the second flight of the Dragon spacecraft.
At the heart of Einstein’s theory of gravity (general relativity) is the equivalence principle. The equivalence principle says that there is no difference between being stationary and subject to gravity tugging you and accelerating in a vehicle that's free of gravitational pull.
In practice, this means that there is no difference between inertial mass (the mass a rocket works on) and gravitational mass (the mass the Earth tugs on). This equivalence has been measured time and time again with no violation ever found. But these tests assumed that quantum mechanics didn’t change the equivalent principle: that assumption is partially wrong.Some quantum in your equivalence
In relativity, mass and energy are two sides of the same coin. For very small objects, we need to think about that in terms of quantum mechanics, where a particle can be in a superposition of energy states. A particle in a superposition of energy states has two energies at the same time until it is measured, whereupon it has a single fixed energy. An object in a superposition of energetic states can have a superposition of inertial masses. But does it have the same superposition of gravitational masses?
Apple works hard to make its software secure. Beyond primary protections that prevent malware infections in the first place, company engineers also build a variety of defense-in-depth measures that are designed to lessen the damage that can happen once a Mac is compromised. Now, Patrick Wardle, a former National Security Agency hacker and macOS security expert has exposed a major shortcoming that generically affects many of these secondary defenses.
In a presentation at the Def Con hacker convention in Las Vegas over the weekend, Wardle said it was trivial for a local attacker or malware to bypass many security mechanisms by targeting them at the user interface level. When these security measures detect a potentially malicious action, they will block that action and then display an alert or warning. By abusing various programming interfaces built into macOS, malicious code could generate a programmatic click to interact or even dismiss such alerts. This "synthetic click," as Wardle called it, works almost immediately and can be done in a way that is invisible to the user.
“The ability to synthetically interact with a myriad of security prompts allows you to perform a lot of malicious actions,” Wardle told Ars. “Many of Apple's privacy and security-in-depth protections can be trivially bypassed.”
LANCASTER, CALIF.—One single diesel transit bus consumes the equivalent of 10,440 gallons of gasoline a year, according to the Federal Highway Administration. Replacing that diesel-burning transit bus with an electric bus has some obvious benefits. Electric buses improve local air quality, because the particulates that come from burning diesel don't exist. And, according to the Union of Concerned Scientists, an electric bus runs cleaner than a diesel bus no matter where you plug it in on the US grid, even if you're plugging into a grid fed by fossil fuels.
In the desert north of Los Angeles, a Chinese company called BYD (short for "Build Your Dreams") is banking on transit managers realizing this. BYD offered Ars a tour of its Lancaster facility in July, and we found a bustling factory floor filled with 900 workers who were building, welding, shaping, and painting about 90 buses in various stages of completion. The company's workforce, recently unionized, is expected to grow to 1,200 in the near future.
So far, BYD has put more than 250 electric buses on US roads, and, as of mid-July, the company had more than 400 orders in the pipeline. That's a significant number of buses in this nascent industry: last December, Reuters estimated that only 300 public buses on US roads were electric. Of course, BYD's numbers include publicly and privately owned electric buses, while Reuters' statistic only tallies public buses. Still, the numbers show just how aggressively the electric bus industry is growing, considering the size of the market just six months ago.
Earlier this year, we launched Ars Pro, our new subscription program. It's pretty simple: for just $25 per year (or $3 per month), subscribers get to browse Ars Technica without ever seeing a single ad.
Ars Pro has been a big success, and one of the reasons why is because we're listening to feedback from our readers to make it even better. One of the biggest requests has been support for PayPal. So we've made it happen!
In addition to an ad-free experience, all Ars Pro subscribers get full-text RSS feeds and can read Ars Technica free of tracking scripts (with the exception of scripts that come with objects embedded in stories, like tweets and videos from YouTube). Pros also get access to our subscriber-only forums, PDFs of all our long-form content, and single-page view for multipage articles.
Last week, Epic and Samsung took the wraps off a huge Fortnite promotion—albeit after the surprise had been ruined by leakers. Fortnite's mobile version was indeed launching on Android, as Epic had already promised, but only Samsung phone users (and only certain models) would get exclusive access, for a limited time.
Any Android handset and tablet owner can hunt for and install the game's APK, but as of press time, Samsung's exclusivity deal means the game won't boot beyond a title screen on most devices. This is notable, in part, because of Epic's choice to forgo the Google Play app store, which is likely driving users to download and install the APK without a clear answer about device compatibility. (Google has since chosen to address the game's Play workaround.)
But testing the free-to-play shooter on my own Galaxy S8+, one of the Android version's first compatible phones, has revealed another notable tidbit: that Epic's self-imposed hardware limit hasn't made the game run smoothly in the slightest.
In the wake of the mass shooting in Las Vegas in October of 2017, hotels in the city started drafting more aggressive policies regarding security. Just as Caesars Entertainment was rolling out its new security policies, the company ran head on into DEF CON—an event with privacy tightly linked to its culture.
The resulting clash of worlds—especially at Caesars Palace, the hotel where much of DEF CON was held—left some attendees feeling violated, harassed, or abused, and that exploded onto Twitter this past weekend.
Caesars began rolling out a new security policy in February that mandated room searches when staff had not had access to rooms for over 24 hours. Caesars has been mostly tolerant of the idiosyncratic behavior of the DEF CON community, but it's not clear that the company prepared security staff for dealing with the sorts of things they would find in the rooms of DEF CON attendees. Soldering irons and other gear were seized, and some attendees reported being intimidated by security staff.
Ether, the currency of the Ethereum network, has plunged 9 percent over the last 24 hours. The virtual currency is now worth about $290—the first time it has been below $300 this year.
The declining price is part of a broader cryptocurrency sell-off that saw most major cryptocurrencies lose value over the last 24 hours. And it's part of a longer-term trend that has seen the gradual deflation of last year's cryptocurrency bubble.
Bitcoin, the world's most valuable currency, has lost only 1 percent of its value over the last 24 hours. But it has drifted steadily downward this year, falling from a high of almost $20,000 in mid-December to $6,250 today.
College is a time for meeting new people, opening up your worldview, taking in new experiences, reading (please, for the love of God, read), and generally experiencing the last years of a life untainted by taxes and a daily job.
It is not a time to care about things—if I could just write “books” and leave this buying guide at that, I would. But a modern student requires a few equally modern gadgets to get through the school year, and there are certainly a few pieces of technology that can make their life on campus feel a little less overwhelming and a little more enjoyable.
So, as we’ve done a few times already this year, we’ve dug through our recent reviews to put together a list of preferred gadgets, this time aimed at those heading back to school in the next few weeks. Because we’re dealing with students, we mainly focused on the affordable stuff. (We also tried to avoid anything that could too easily become a beer bong—books, everyone, books!)