Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Updated: 1 hour 16 min ago
Forensic evidence shows signs that a Georgia election server may have been hacked ahead of the 2016 and 2018 elections by someone who exploited Shellshock, a critical flaw that gives attackers full control over vulnerable systems, a computer security expert said in a court filing on Thursday.
Shellshock came to light in September 2014 and was immediately identified as one of the most severe vulnerabilities to be disclosed in years. The reasons: it (a) was easy to exploit, (b) gave attackers the ability to remotely run commands and code of their choice, and (c) opened most Linux and Unix systems to attack. As a result, the flaw received widespread news coverage for months.Patching on the sly
Despite the severity of the vulnerability, it remained unpatched for three months on a server operated by the Center for Election Systems at Kennesaw State University, the group that was responsible for programming Georgia election machines. The flaw wasn't fixed until December 2, 2014, when an account with the username shellshock patched the critical vulnerability, the expert’s analysis of a forensic image shows. The shellshock account had been created only 19 minutes earlier. Before patching the vulnerability, the shellshock user deleted a file titled shellsh0ck. A little more than a half hour after patching, the shellshock user was disabled.
Welcome to Ars Cardboard, our weekend look at tabletop games! Check out our complete board gaming coverage at cardboard.arstechnica.com.
You’re roused early from cold sleep. The ship’s hibernatorium—and likely the remainder of the ship—is running on half power. There’s a body nearby. More accurately, there’s a body all over. For a moment, your sleep-fogged brain assumes somebody has splashed BBQ pork all over the floor and walls. Nope; that’s the crew member who was supposed to be on watch while everyone else slumbered.
Welcome to Nemesis, a board game with strong (but decidedly unofficial!) echoes of Ridley Scott’s Alien. It raised millions on Kickstarter—but is it any good?
It seems like every week, I can do an article on some interesting science that ended up buried under hyperbolic headlines and overly credible coverage. This week's victim is "living concrete." It only sort of exists, in that the material can either be living or concrete, but not really both. It doesn't heal itself either. But none of that means the publication has no merit, as it does show that the concept more or less works, and it identifies a number of areas that need further study in order for "living concrete" to actually become useful.La vida concrete
The idea of mixing living things and concrete isn't quite as strange as it sounds. Part of concrete's strength comes from carbonates that are formed during the curing process. Lots of living things also produce structures made of carbonates; these include some very robust structures that are a mix of proteins and carbonates, like the shells of many aquatic animals.
As such, there's been a lot of research around the periphery of structural concrete that's involved biology. This has mostly involved lots of work on trying to figure out how the shells of living creatures get some of their impressive properties. But it's also included the idea that living things could form structural carbonates, including a few attempts to make concrete that self-heals thanks to the presence of carbonate-producing microbes embedded in it.
Hyundai and Kia announced Thursday that they are investing $111.5 million in Arrival, a startup British automaker building electric delivery vans. The three companies will jointly develop vehicles and share know-how as Arrival scales up its operations and moves to put a vehicle on the market in the next few years.
Arrival was founded in 2015 and has 800 employees, but until now the company has been in “stealth mode,” revealing little about its business model or plans. But this deal is a sign it has been doing something right, says Michael Harley, an industry analyst with Kelley Blue Book. Major automakers rarely make such large investments in newly established companies. Moreover, Harley says Arrival is smart to target the commercial van market. Buyers who need fleets of vehicles care about reliability and durability, not style and leather seats, lowering the bar for entry. And they buy in bulk. “It’s an excellent space to be in,” Harley says. “They’ve decided to tap into the largest segment.”
Saturday, 6am ET Update: SpaceX announced early Saturday that it will stand down from its Crew Dragon launch escape test attempt due to sustained winds and rough seas in the recovery area. The company will now target a six-hour launch window that opens on Sunday at 8am ET (13:00 UTC) for the test.
Original post: Officials from NASA and SpaceX said final preparations were underway for a critical flight test of Crew Dragon's launch escape system on Saturday morning from Kennedy Space Center in Florida. The four-hour launch window opens at 8am ET (13:00 UTC), and SpaceX indicated it may use much of that time to find an ideal slot due to weather conditions.
At the beginning of the launch window, weather at the pad should be ideal, but forecasters have concerns about offshore winds and waves. Later in the morning on Saturday, weather at the recovery site is expected to improve, which means the launch may well slip closer to noon than the top of the window. SpaceX may also seek to extend the window, if necessary. If the launch slips a day, conditions are reversed Sunday, with less favorable weather at the launch site but better conditions offshore.
Charter is killing its home-security service and telling customers that security devices they've purchased will stop working once the service is shut down on February 5.
The impending shutdown and customers' anger at Charter—a cable company also known by the brand name "Spectrum"—has been widely reported over the past month. Over the years, some customers have spent large sums on products that will no longer work.
One user posting on a DSLReports forum said they spent $1,200 on sensors and IP cameras, which will be essentially useless in a couple of weeks. The devices won't connect to other alarm-monitoring services, and Charter will no longer offer the ability to remotely manage the system and view security video. (We're guessing a Charter alarm would still be able to make loud noises when someone breaks into a house, but that doesn't mean it'll work with an alarm-monitoring service.)
Former Vice President Joe Biden is calling for one of the primary laws defining how Internet content is regulated to be "revoked," adding that the "little creeps" who run some of Silicon Valley's biggest businesses aren't the economic powerhouses they think they are.
"I've never been a fan of Facebook, as you probably know. I've never been a big [Facebook CEO Mark] Zuckerberg fan," Biden began in response to tech questions posed by The New York Times. "I think he's a real problem."
"He [Zuckerberg] knows better," Biden elaborated, telling the Times, "Not only should we be worrying about the concentration of power, we should be worried about the lack of privacy and them being exempt."
Over the past few years, New Zealand's Taika Waititi has become one of our favorite directors here at Ars. And with good reason—his back catalogue of feature films includes Eagle vs Shark, Boy, What We Do in the Shadows, Thor: Ragnarok, and last year's controversial-but-excellent, Oscar-nominated Jojo Rabbit. And soon, we'll be able to add a Star Wars movie to that list. Unnamed sources have told the Hollywood Reporter that Waititi has been approached by Lucasfilm to develop a film that takes place in that galaxy far, far away.
This news follows a surprise tweet earlier this week from Phil Tippett, the stop-motion innovator whose work could be found all over the original Star Wars trilogy. He used the social media platform to laud the first season of Disney+ exclusive The Mandalorian, then implored showrunner Jon Favreau to hire Tippett to work on future episodes. As massive fans of Tippett’s work and of The Mandalorian’s focus on practical effects, we hope Favreau takes the tweet seriously (embedded below).
Congrats @Jon_Favreau on the amazing success of @themandalorian. It’s really something. Reminds me of our adventures making the original trilogy back in the day, shootin’ from the hip. I tell you, I’d love to come back on board and get my hands dirty with you guys!
— Phil Tippett (@PhilTippett) January 16, 2020
Meanwhile, Waititi is no stranger to the Star Wars universe. He not only appears in The Mandalorian—as assassin droid IG-11—he also directed the final episode of the first series. The Hollywood Reporter also speculates that The Mandalorian is being used by Lucasfilm and Disney as a training ground for new talent; Director Deborah Chow directed episodes 3 and 7 of the space western/space ronin show and is now going to direct an Obi-Wan Kenobi series starring Ewan McGregor, which will also air on Disney+.
It's been almost two years now since the launch of Game Workers Unite (GWU), the most concerted effort yet to bring game developers to fight for better working conditions industry-wide. In the years since, we've seen a few stuttering steps toward collective action inside game studios, including an employee walkout at Blizzard to protest the company's controversial policy toward Hong Kong protesters and a walkout at Riot to protest proposed arbitration over sexual harassment allegations (that case was later settled without arbitration).
But while nearly half of developers supported the idea of unionizing in a GDC survey published last year, no major game studios have thus far announced formal plans to form a workers' union.
The industry's stalled labor effort got a potential shot in the arm last week, though, when GWU announced it is partnering with the Communication Workers of America (CWA) to form the Campaign to Organize Digital Employees (CODE). The move puts one of the country's biggest unions—with a reported 700,000 members represented across telecom, IT, news media, education, and more—squarely behind the effort to bring tech and gaming workers together for collective bargaining.
We have a wild report from Android Police this morning, as the site claims that Google is working to bring official Steam support to Chrome OS. Yes, Valve's Steam. The gaming platform. On Chromebooks.
The story apparently comes from a direct source: Kan Liu, the director of product management for Chrome OS. During an interview with Liu at CES, the site says Liu "implied, though would not directly confirm, that Google was working in direct cooperation with Valve on this project." The idea is that, according the Liu, "gaming is the single most popular category of downloads for Play Store content on Chromebooks," and Steam would mean even more games.
Anyone can put Steam on Chrome OS now. Chrome OS supports Linux apps. Steam has a Linux client and sells Linux games. You can install Steam and use it as a Chrome OS game store right now. You wouldn't get the entire Windows collection of Steam games, but there is a modest-and-growing collection of games that support Linux. No one does this because Chromebooks are not gaming hardware. They usually have just enough GPU power to run YouTube, scroll a webpage, and that's about it—3D graphics are not really going to happen. To make matters worse, Chrome OS' hardware acceleration for the Linux sandbox is actually pretty bad, and nearly identical hardware can run games at a higher FPS using Windows or a real distribution of Linux.
On Wednesday, police in the Netherlands and Northern Ireland arrested two 22-year-old men believed to be connected to WeLeakInfo, a site offering usernames and passwords from multiple data breaches for sale. At the same time, the Federal Bureau of Investigation, in coordination with the UK's National Crime Agency, the Netherlands National Police Corps, the German Bundeskriminalamt, and the Police Service of Northern Ireland, took down the domain for the site, redirecting it to a seizure notice (shown above).
At first, some thought the takedown was simply a breach of the site itself—mostly because the FBI took the time to add the site's logo to the takedown notice.
There's a mess happening over at We Leak Info since yesterday. It looks like they got hacked, and someone threw up an FBI seizure page. The seizure notice doesn't look legit.
— Cypher (@CryptoCypher) January 16, 2020
But on Thursday afternoon, the Justice Department announced the takedown and put out a call for further information on WeLeakInfo and its operators. WeLeakInfo claimed to have over 12 billion usernames and passwords from a collection of over 10,000 data breaches. Originally hosted at a Canadian hosting company's data center when set up in 2016, the domain was moved behind Cloudflare a day later. The site, originally advertised as "the most extensive private database search engine," purported to be a legitimate tool for companies to perform security research—even claiming to offer an application interface for performing bulk checks for breaches of company accounts.
I love a good concept car. And I'm pretty keen on space—Charlie Brown bears responsibility for getting me interested at a very early age. So obviously my interest was going to be piqued by an email from Lexus containing a bunch of design sketches from ED2, its European Advanced Design Studio thinking about what we might drive on the moon.
The designs—seven in total—were created by the design studio for an art and fashion publication called Document Journal, which invited a range of designers to imagine what life might be like on the moon. In Lexus' case, the inspiration was the company's recent LF-30 concept car; you may remember if from our coverage of last year's LA Auto Show.
"When Document Journal approached us about the Lunar Design Portfolio, our team was working on the LF-30 Concept, which represents the "Lexus Electrified" futuristic vision for Lexus. The design team was already looking beyond near-term production and ahead to how advanced technology will change the way we interact with vehicles," said Ian Cartabiano, President of ED2. "The lunar project came at the right time, half way through the LF-30 development. It gave the team a chance to dream further out, and then apply some of the design language from the LF- 30 interior to their lunar proposals."
The idol of Pachacamac was already 700 years old when Spanish conquistadors arrived in Peru, according to radiocarbon dating of the wood. People journeyed from all over the Andes to consult the statue, believed to be an important oracle of the Inca gods, leaving behind offerings of gold, silver, and valuable fabrics. In 1533, Spanish conquistador Francisco Pizarro ordered his followers to knock the oracle from its pedestal in front of horrified onlookers. Centuries later, microscopes and X-ray fluorescence shed light on the lost colors of Inca religious life.Long-lost colors
After roughly 1,300 years, the carvings on the surface of the oracle still survive in rich detail. Two people in elaborate clothing stand side by side in the top section; one wears a headdress of feathers, and the other wears a snake headdress. On the much taller middle segment, richly attired people mingle with jaguars, two-headed snakes, and an assortment of human-headed animals, interspersed with geometric designs. The base is blank and probably once fit into a hole in a pedestal. But as elaborate as the carvings are, they’re missing something important: color.
Much of the color of the ancient world has been lost to us for centuries, and modern technologies are only starting to show us how vivid the past really was. Greek and Roman statues weren't sterile white; medieval cathedrals were full of color; and the animals, spirits, and people carved into the wood of the Pachacamac Idol once stood out in vivid red, white, and yellow.
Update: Our Smartwatch Guidemaster was originally published in February 2018. But recently, we've been looking back at all of the smartwatches we've tested in the past two years in order to update our picks. Below is our guide to the best smartwatches you can buy in January 2020.
If you hate looking at your smartphone all day, you should consider getting a smartwatch. While it may seem counterintuitive to get a new gadget to lessen your dependency on another, it can be more effective than you think. Smartwatches take the most crucial parts of a smartphone—call and text alerts, app notifications, and quick controls—and put them on your wrist.
That means no more fumbling with your smartphone during a meeting to silence a call, no more checking Twitter or Facebook every two minutes for the newest post. Instead of absentmindedly staring at your smartphone's display, the most important information hits your wrist as it happens. As wearables, smartwatches can also track daily activity, and some even double as high-end fitness watches equipped with heart rate monitors, GPS trackers, music storage, and more.
Welcome to Edition 2.28 of the Rocket Report! As we get deeper into 2020, we could see as many as a half-dozen new orbital rockets debut this year, with a mixture from the United States, China, Europe, and India. It will be fun to track how many of them—big and small—actually make it to the launch pad. And how many of them are successful, of course!
As always, we welcome reader submissions, and if you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.
Serious vulnerabilities have recently come to light in three WordPress plugins that have been installed on a combined 400,000 websites, researchers said. InfiniteWP, WP Time Capsule, and WP Database Reset are all affected.
The highest-impact flaw is an authentication bypass vulnerability in the InfiniteWP Client, a plugin installed on more than 300,000 websites. It allows administrators to manage multiple websites from a single server. The flaw lets anyone log in to an administrative account with no credentials at all. From there, attackers can delete contents, add new accounts, and carry out a wide range of other malicious tasks.
People exploiting the vulnerability need only know the user name of a valid account and include a malicious payload in a POST request that's sent to a vulnerable site. According to Web application firewall provider Wordfence, the vulnerability stems from a feature that allows legitimate users to automatically log in as an administrator without providing a password.
Disclaimer: This review contains detailed information about the Netflix series the goop lab with Gwyneth Paltrow. If you plan to watch the show (please, don't) and do not wish to know details in advance, this is not the review for you. Normally, we would refer to such information as "spoilers," but in our editorial opinion, nothing in this series is spoil-able.
In the third episode of Goop's Netflix series, a female guest remarks that we women are seen as "very dangerous when we're knowledgeable." [Ep. 3, 33:35]
"Tell me about it," Gwyneth Paltrow knowingly replies amid "mm-hmms"—as if she has a first-hand understanding of this.
But after watching just a few minutes of any of the six episodes of the goop lab—or knowing pretty much anything about her pseudoscience-peddling "contextual commerce" company "Goop"—one might be skeptical that Paltrow has ever borne any such burden of knowledge in her life.
Mac users have discovered evidence of a new feature coming to a future release of macOS called "Pro Mode." This feature would temporarily remove restrictions imposed to keep Macs running coolly and quietly in order to boost short-term performance for demanding tasks common in professional workflows.
9to5Mac reports that users have found references to this "Pro Mode" in the macOS Catalina 10.15.3 beta. That included text describing the feature that says "fan speed limit may be overridden" and "apps may run faster, but battery life may decrease, and fan noise may increase."
The evidence found in the beta seems to indicate that Pro Mode would work something like Do Not Disturb: it would be an optional toggle that, by default, would automatically turn off again after a period of time.
The last few months have been a disaster for the people behind the GirlsDoPorn website. Last summer saw the start of trial in a lawsuit 22 women filed against site owner Michael Pratt and two other men. That case resulted in a $13 million verdict against the men earlier this month.
In October, the federal government charged Pratt and others with criminal sex trafficking. Pratt also faces child-pornography charges after he flew a 16-year-old to Southern California. Pratt fled the country—possibly back to his native New Zealand. He is now wanted by the FBI.
Yet throughout all that turmoil, the GirlsDoPorn site stayed up, offering visitors access to explicit videos of women who may have been coerced into shooting them. Indeed, as late as October, in the midst of the civil trial, the site was still shooting and posting new videos.
It's been three long years, but TNT's much-anticipated series Snowpiercer—an adaptation of the critically acclaimed 2013 film by Oscar-nominated director Bong Joon-ho (Parasite)—is finally emerging from development hell and coming to television. The network just dropped a teaser trailer, and despite all the production drama, it looks like a promising fleshing-out of the original dystopian vision.
Bong Joon-ho's film itself is an adaptation of a 1982 French graphic novel Le Transperceneige, about remnants of humanity trying to survive an ice age inside a 1,001-car train. The director has said he was especially captivated by the "unique cinematic space of a train" as a futuristic Noah's ark. "Hundreds of metal pieces moving like a snake carrying people squirming inside gripped by heart," he said. "And the people inside were fighting against each other." There's also a viral outbreak that starts wiping out the passengers.
While the basic premise remained the same, Bong Joon-ho created a new narrative arc and fresh characters for his 2013 film. The train is run by a reclusive transportation magnate named Mr. Wilford, who has separated the passengers according to class and has a nefarious plan to ensure life on the train remains sustainable. It starred Chris Evans as revolutionary leader Curtis, with Tilda Swinton as second-in-command Minister Mason. Bong shot much of it on a specially constructed set: a train mounted on a giant gyroscopic gimbal, the better to mimic the movements of an actual train. Snowpiercer earned critical raves and went on to gross $86 million worldwide, against a roughly $40 million production budget.