Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Updated: 1 hour 12 min ago
Two versions of uTorrent, one of the Internet's most widely used BitTorrent apps, are vulnerable to a host of easy-to-exploit vulnerabilities that allow attackers to execute code, access downloaded files, and snoop on download histories, a Google Project Zero researcher said. uTorrent developers are in the process of rolling out fixes for both the uTorrent desktop app for Windows and the newer uTorrent Web product.
The vulnerabilities, according to Project Zero, make it possible for any website a user visits to control key functions in both the uTorrent desktop app for Windows and in uTorrent Web, an alternative to desktop BitTorrent apps that uses a web interface and is controlled by a browser. The biggest threat is posed by malicious sites that could exploit the flaw to download malicious code into the Windows startup folder, where it will be automatically run the next time the computer boots up. Any site a user visits can also access downloaded files and browse download histories.
In an e-mail sent late Tuesday afternoon, Dave Rees, VP of Engineering at BitTorrent, the developer of the uTorrent apps, said the flaw has been fixed in a beta release of the uTorrent Windows desktop app, but has not yet been delivered to users who already have the production version of the app installed. The fixed version, uTorrent/BitTorrent 126.96.36.199352, is available here for download and will be automatically pushed out to users in the coming days. In a separate e-mail sent Tuesday evening, Rees said uTorrent Web had also been patched. "We highly encourage all uTorrent Web customers to update to the latest available build 0.12.0.502 available on our website and also via the in-application update notification," he wrote.
After the launch of the Falcon Heavy rocket two weeks ago, going back to launching a single core of a Falcon 9 rocket may seem like something of a letdown. But the next SpaceX launch, presently scheduled for early Wednesday morning, is worth tuning into. The instantaneous launch window opens (and closes) at 9:17am ET Wednesday, and weather conditions forecast for the launchpad at Vandenberg Air Force Base, in California, are 90-percent favorable.
The primary mission on Wednesday is the launch of the PAZ satellite to low Earth orbit. This is a synthetic aperture radar satellite that can generate high-resolution images of the Earth's surface, regardless of whether there are clouds covering the ground. The customer is Hisdesat, a Spain-based commercial satellite company.
The Falcon 9 rocket will also carry a second payload of note: two experimental non-geostationary orbit satellites, Microsat-2a and -2b. Those are two satellites that SpaceX has previously said would be used in its first phase of broadband testing as part of an ambitious plan to eventually deliver global satellite Internet. Further satellites will be launched in phases, with SpaceX intending to reach full capacity with more than 4,000 satellites in 2024.
AT&T's court defense of its merger with Time Warner Inc. suffered a blow today, as a judge ruled against AT&T's attempt to find evidence that President Trump meddled in the government's merger review.
AT&T claims that its merger is being singled out by the Department of Justice because of Trump's hatred of CNN, which is owned by Time Warner. This "selective enforcement" defense would require AT&T to show that the DOJ hasn't tried to block similar mergers and is selectively enforcing antitrust laws.
AT&T thus asked the DOJ to produce logs related to conversations with the White House and logs related to internal communications about the White House's views on the merger.
The US Navy's Naval Sea Systems Command (NAVSEA) has announced the award of development contracts to five contenders for the FFG(X) program—a 20-ship class of "next-generation" guided-missile frigates intended to fill the gap in capabilities left by the retirement of the 1980s-era FFG-7 Oliver Hazard Perry class and not quite filled by the Navy's Littoral Combat Ship (LCS) program. Two of the contenders are modified, more heavily armed versions of the LCS designs, while the other three are based on ship designs being produced for other navies—or in one case, for the US Coast Guard.
Since each of the designs is based on an existing "parent" ship design and should use existing technologies (rather than radical new designs), the Navy is hoping to keep the cost of each frigate at $800 to $950 million—about double the cost of an LCS ship but half the cost of an Arleigh Burke-class guided-missile destroyer.
Years before diplomats in Cuba were assailed by grating noises and left with baffling brain injuries, the residents of a Canadian city began hearing maddening hums and rumbles. The deep noises mysteriously wash in and out of their neighborhoods and homes, hitting the ears of some but not all residents. And according to recent local news coverage, the eerie disturbances are now getting bad again.
Since 2011, some residents of Windsor, Ontario—directly across the border/river from Detroit, Michigan—reported intermittent bursts of noise established as the “Windsor Hum.” It’s described as a low-frequency throbbing sound, like a fleet of idling diesel engines, a distant rumble of thunder, or a roaring furnace. Some “hummers” report feeling vibrations, too, and having items in their homes rattle. They’ve linked the hum to depression, nausea, sleep problems, heart palpitations, ear aches, headaches—not to mention widespread annoyance.
Windsor residents are not imagining it; there is a real hum. A months-long investigation by National Resources Canada in the summer of 2011 identified a prominent, air-borne frequency of approximately 35Hz. There have been plenty of recordings and reports since then. And its existence was confirmed in a 2014 investigation carried out by the University of Western Ontario (UWO) and the University of Windsor, which was supported by the Canadian Department of Foreign Affairs and International Trade (DFAIT).
When it comes to data storage, efforts to get faster access grab most of the attention. But long-term archiving of data is equally important, and it generally requires a completely different set of properties. To get a sense of why getting this right is important, just take the recently revived NASA satellite as an example—extracting anything from the satellite's data will rely on the fact that a separate NASA mission had an antiquated tape drive that could read the satellite's communication software.
One of the more unexpected technologies to receive some attention as an archival storage medium is DNA. While it is incredibly slow to store and retrieve data from DNA, we know that information can be pulled out of DNA that's tens of thousands of years old. And there have been some impressive demonstrations of the approach, like an operating system being stored in DNA at a density of 215 Petabytes a gram.
But that method treated DNA as a glob of unorganized bits—you had to sequence all of it in order to get at any of the data. Now, a team of researchers has figured out how to add something like a filesystem to DNA storage, allowing random access to specific data within a large collection of DNA. While doing this, the team also tested a recently developed method for sequencing DNA that can be done using a compact USB device.
Job listings recently posted by Spotify suggest that the company is close to launching one or more connected hardware products. Currently open job listings relevant to the company's hardware ambitions include Operations Manager – Hardware Product, Project Manager – Hardware Production & Engineering, Product Analyst – Hardware Products, and Senior Project Manager Hardware Production.
The Operations Manager listing is explicit about Spotify's plans, saying:
Spotify is on its way to creating its first physical products and setting up an operational organization for manufacturing, supply chain, sales & marketing.
The responsibilities listed for this role also suggest Spotify is far enough along with one or more products that it will soon be talking with vendors and planning distribution, if it has not started that already:
Add Tesla to the legion of organizations that have been infected by cryptocurrency-mining malware.
In a report published Tuesday, researchers at security firm RedLock said hackers accessed one of Tesla's Amazon cloud accounts and used it to run currency-mining software. The researchers said the breach in many ways resembled compromises suffered by Gemalto, the world's biggest SIM card maker, and multinational insurance company Aviva. In October, RedLock said Amazon and Microsoft cloud accounts for both companies were breached to run currency-mining malware after hackers found access credentials that weren't properly secured.
The initial point of entry for the Tesla cloud breach, Tuesday's report said, was an unsecured administrative console for Kubernetes, an open source package used by companies to deploy and manage large numbers of cloud-based applications and resources.
Swype, the influential smartphone keyboard, is dead. XDA Developers is reporting that Swype's owner, Nuance Communications, is discontinuing development of the popular keyboard app. While it might still exist in the iOS and Android app stores for now, it will be left to rot.
In a statement on its website, Nuance said it was leaving the "direct-to-consumer keyboard business" to "concentrate on developing our AI solutions for sale directly to businesses." Nuance—which bought Swype in 2011 for $102 million—has long been a force in voice recognition and text-to-speech software, and it helps companies build consumer products (like this BMW 7 Series) with its voice technology. Lately the company has also set its sights on the healthcare market.
Swype is noteworthy as the third-party smartphone keyboard that originated gesture typing. Rather than holding a phone in both hands and tapping on each letter, Swype let you hold the phone in one hand, hold a finger down on the screen, swing it around the keyboard from letter to letter, and lift off to spell a word. Swyping, as it was called, wasn't as exact of an input as tapping on each key, but it was close enough that the software could usually figure out your intent. Most of all, it was fast, especially considering that it only took one hand to type.
If you need to pack more storage into your enterprise systems, then boy has Samsung got the SSD for you. The new PM1643 boasts a capacity of 30.72TB in a standard 2.5-inch drive.
On the inside, the drive has nine flash controllers driving 32 1TB packages of NAND flash, with each package containing 16 layers of 512Gb 3-bit-per-cell V-NAND. There's also 40GB of DDR4 RAM. The RAM is unusual, too; the 8Gb chips are built using Through Silicon Vias (TSVs), enabling them to be stacked vertically. They're assembled into 10 packages each of 4GB.
The drive uses a 12Gb/s Serial Attached SCSI interface. Samsung claims it can reach 400,000 read and 50,000 write random IOPS, with sequential read and write speeds of 2,100MB/s and 1,700MB/s, respectively.
Virgin Hyperloop One signed an agreement with the Indian state of Maharashtra to conduct a feasibility study and build a demonstration track that could lead to the construction of a hyperloop system between two of the state's major city centers: Mumbai and Pune.
Ryan Kelly, director of marketing for the startup formerly known simply as Hyperloop One, said that the pact between Virgin Hyperloop One and Maharashtra represents "the strongest language we’ve seen from a government to date." The company, which recently received a sizable investment from the Virgin Group and counts billionaire founder Richard Branson among its board members, intends to complete a feasibility study within the next six months and complete a demonstration track in two to three years.
Kelly told Ars in an email that "the plan is that this track will go from use as a demonstration to part of the live track." He added that the track from Mumbai to Pune could be completed in three to five years.
There are more than 90,000 vitamin and dietary supplement products sold in the US. They come in pills, powders, drinks, and bars. And they all anticipate some better versions of ourselves—selves with sturdier bones, slimmer waist lines, heftier muscles, happier intestines, better sex lives, and more potent noggins. They foretell of diseases dodged and aging outrun.
On the whole, we believe them. Supplements are a $30 billion industry in the US. Recent surveys suggest that 52 percent of Americans take at least one supplement—and 10 percent take four or more. But should we? Are we healthier, smarter, stronger, or in any way better off because of these daily doses?
The answer is likely no. Most supplements have little to no data to suggest that they’re effective, let alone safe. They’re often backed by tenuous studies in rodents and petri dishes or tiny batches of people. And the industry is rife with hype and wishful thinking—even the evidence for multivitamins isn’t solid. There are also outright deadly scams. What’s more, the industry operates with virtually no oversight.
Older PC gamers who were playing games in the late '90s and early 2000s likely have a soft spot in their hearts for Looking Glass Studios. The company's two best-known properties are Thief and System Shock, though Looking Glass was also responsible for the visually stunning Flight Unlimited and, of course, Ultima Underworld. Although financial troubles at publisher Eidos Interactive (caused in part by the development of the hilarious money pit that was Daikatana) led to the eventual dissolution and sale of Looking Glass, the studio left an outsized footprint on the history of PC gaming through its excellent games.
The Thief series in particular—or at least the first two games—resonated with audiences. The phrase "innovative gameplay" is a laughable cliché in 2018, but Thief really did have innovative gameplay when it was released—other FPS titles had explored stealth-focused gameplay before, but none had managed to so completely capture the experience of sneaking. More, Thief took the unusual (for FPSes at the time) approach of incentivizing the player to not murder everyone and everything in the level—brutality, in fact, was actively punished by the game's scoring system. Sneaking through an entire level without detection became a more important goal than wiping out guards.
But it turns out the tightly coupled gameplay mechanisms that enabled players to so easily understand how hidden they were from the CPU's prying eyes was nowhere near as intuitive to design as it was to use. We sat down with Looking Glass founder Paul Neurath, who was involved heavily in Thief's design and development, to get the scoop. And even though he didn't take any rips from a wolf bong, he did have some juicy info on how Thief and its signature sneaking came to be.
Facebook has agreed to give a hotshot Stanford economist unprecedented access to its internal data as a way to better understand income disparity in the United States.
According to Politico, which first broke the news on Tuesday morning, the investigation will be led by Raj Chetty, who won a 2012 MacArthur Genius grant and is well-known for his analysis of America’s social and economic problems. Facebook did not immediately respond to Ars’ request for comment, but the company "confirmed the broad contours of its partnership with Chetty" to Politico.
"We're using social networks, and measuring interactions there, to understand the role of social capital much better than we've been able to," Chetty told the political news site in January.
Amazon's latest grocery push focuses on enticing Prime members to shop at Whole Foods with cash back. Amazon announced that Prime members using the company's Rewards Visa card will now get 5 percent back on Whole Foods purchases. The new rewards are in addition to the card's existing rewards for eligible Prime members, which include 5 percent back on Amazon.com purchases; 2 percent back on restaurant, gas station, and drugstore purchases; and 1 percent back on everything else.
You don't have to be a Prime member to be approved for Amazon's Rewards Visa, but it pays if you are. Non-Prime members will get only 3 percent back on Whole Foods purchases under the new plan, which is the same as the 3 percent back those cardmembers get on Amazon.com purchases already.
This is the first time Amazon extended its 5 percent back perk to a retailer aside from Amazon. This could persuade Prime members who are also cardholders to shop at Whole Foods more. Since Amazon's purchase of the supermarket chain last year, it has been trying to encourage more people (especially Prime members) to shop at the grocer. Amazon slashed some Whole Foods' prices almost immediately after the acquisition, and recently the company expanded its Prime Now two-hour delivery to include Whole Foods items in a few markets.
On Tuesday and Wednesday Vice President Mike Pence will travel to Kennedy Space Center in Florida to tour facilities there and participate in the second meeting of the National Space Council. It is not clear how much of the launch facilities he will see during his visit to Florida, where NASA is spending billions of dollars to build ground systems for the launch of the Space Launch System rocket.
There is one component of the revamped facilities that NASA may be reluctant to show Pence, who in effect oversees all national spaceflight activities as the head of the space council. This is the "mobile launcher" structure, which supports the testing and servicing of the massive SLS rocket, as well as moving it to the launch pad and providing a platform from which it will launch.
According to a new report in NASASpaceflight.com, the expensive tower is "leaning" and "bending." For now, NASA says, the lean is not sufficient enough to require corrective action, but it is developing contingency plans in case the lean angle becomes steeper.
id Software and partner studio Panic Button rolled out a patch to the Nintendo Switch version of Doom on Monday, and players dug in, hopeful for fixes to a few glaring issues. Indeed, we saw updates to issues like frame-rate snags and audio bugs. But the patch's most interesting effect was a complete surprise: a new "motion control" toggle.
Wait, what? Is this some sort of Wii-like waggle thing?
Far from it, turns out. id Software has surprisingly borrowed a page from Nintendo's playbook—but in doing so has also delivered a first for a first-person shooter.
The median daily transaction fee on the bitcoin network fell to $0.79 on Sunday, a six-month low. That represents a dramatic 97-percent decline from the peak of $34 reached on December 23. The median daily bitcoin transaction fee was more than $10 from mid-December until mid-January but has been declining steadily since then.
The high fees of the last few months have been a crisis for the bitcoin network. Bitcoin fans once touted the network's near-zero fees as a selling point. But as fees soared in late 2017, businesses started backing away from the network.
Video game maker Valve stopped accepting bitcoin payments for its Steam platform in December, writing that "it has become untenable to support Bitcoin as a payment option." That same month Bitpay, a company that accepts bitcoin payments on behalf of merchants, announced that it was setting a minimum transaction size of $100—though the company quickly cut the minimum to $5 in response to customer outrage. Stripe, a major credit card processor, stopped accepting bitcoin payments for customers in January, arguing that thanks to high fees, there were "fewer and fewer use cases" for the payment network.
The usually staid world of professional-grade flight simulations was rocked by controversy over the weekend, with fans accusing mod developer FlightSimLabs (FSLabs) of distributing "malware" with an add-on package for Lockheed Martin's popular Prepar3d simulation. The developer insists the hidden package was intended as an anti-piracy tool but has removed what it now acknowledges was a "heavy-handed" response to the threat of people stealing its add-on.
The controversy started Sunday when Reddit user crankyrecursion noticed that FSLabs' Airbus A320-X add-on package was setting off his antivirus scanner. FSLabs had already recommended users turn off their antivirus protection when installing the add-on, so this wasn't an isolated issue.
The reason for the warning, as crankyrecursion found, was that the installer seemed to be extracting a "test.exe" file that matched a "Chrome Password Dump" tool that can be found online. As the name implies, that tool appears to extract passwords saved in the Chrome Web browser—not something you'd expect to find in a flight-sim add-on. The fact that the installer necessarily needs to run with enhanced permissions increased the security threat from the "Password Dump."
Researchers have uncovered what they said is one of the biggest malicious currency mining operations ever, with more than $3 million worth of digital coin. Now, the operators are gearing up to make more.
The unknown criminals generated the windfall over the past 18 months. The campaign has mainly exploited critical vulnerabilities on Windows computers and then, once gaining control over them, installing a modified version of XMRig, an open source application that mines the digital coin known as Monero. While the group has used a variety of mining services, it has continued to dump the proceeds into a single wallet. As of last week, the wallet had received payouts of almost 10,829 Monero, which, at current valuations, are worth more than $3.4 million.
"The perpetrator, allegedly of Chinese origin, has been running the XMRig miner on many versions of Windows and has already secured him over $3 million worth of Monero cryptocurrency," researchers at security firm Check Point wrote in a blog post. "As if that wasn't enough though, he has now upped his game by targeting the powerful Jenkins CI server, giving him the capacity to generate even more coins."