Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Updated: 35 min 7 sec ago
In July, US Senate Minority Leader Charles Schumer held a press conference to denounce a chocolate-flavored energy powder meant for snorting, called Coco Loko. He dubbed it “cocaine on training wheels” and called on the Food and Drug Administration to investigate.
The agency did, it turns out. And though regulators didn’t come up with a description quite as catchy as Schumer’s, their assessment of Coco Loko was even more damning.
Regulators determined that the powder was an unapproved new drug and that its maker, Legal Lean, was unlawfully marketing it, according to a Tuesday announcement. Moreover, the agency also looked into another product by the company, Legal Lean Syrup. The agency found that it, too, was an unapproved drug. The syrup contained an undisclosed sedative, doxylamine, which is found in the over-the-counter sleep-aid Unisom.
A surprisingly big number of top-name websites—Facebook and PayPal among them—recently tested positive for a critical, 19-year-old vulnerability that allowed attackers to decrypt encrypted data and sign communications using the sites' secret encryption key.
The vulnerability in the transport layer security protocol for Web encryption was disclosed in 1998 when researcher Daniel Bleichenbacher found it in the TLS predecessor known as secure sockets layer. A flaw in the algorithm that handles RSA encryption keys responded to certain types of errors in a way that divulged potentially sensitive information. With enough specially formed queries, attackers could exploit the weakness in a way that allowed them to decrypt ciphertext even when they didn't have the secret decryption key. SSL architects responded by designing workarounds that suppressed the error messages rather than removing or rewriting the faulty RSA algorithm.
Researchers call the class of crypto vulnerability an Oracle because it provides only "yes" or "no" answers that, over time, can reveal detailed information about the contents of encrypted data. The information allows hackers to carry out what's known as an "adaptive chosen-ciphertext attack."
SAN FRANCISCO—On the same day that the City by the Bay mourned the sudden passing of its tech-friendly mayor, Ed Lee, various tech leaders came together to discuss the current challenges that women and minorities face in Silicon Valley.
“I don’t need to see Travis back,” she said, referring to the former Uber CEO, Travis Kalanick, who resigned in June but remains on the board.
Net neutrality rules will be repealed by the Federal Communications Commission Thursday, barring any unlikely last-minute changes. But net neutrality advocates won't let the vote pass quietly. Today was "Break the Internet" day, in which many websites altered their appearance and urged visitors to contact members of Congress about the pending repeal (see the gallery above for examples from Reddit, Kickstarter, GitHub, Mozilla, and others).
There were also in-person protests last week, and there will be more on the way before the FCC vote. The pressure might be having some effect, as even a few Republican lawmakers are speaking out against the repeal. Democrats were already solidly behind net neutrality rules.
This month's cryptocurrency boom isn't limited to bitcoin. Over the last 24 hours, two of bitcoin's biggest rivals—Litecoin and Ethereum's ether—have enjoyed huge price gains.
Trading volume has been so intense that one of the leading cryptocurrency exchange services, Coinbase, has suffered downtime.
"Ethereum buys and sells are temporarily disabled," read a notice on the Coinbase status page around 2pm Eastern time. That issue was resolved around 45 minutes later, while trading in litecoins was disabled for about 90 minutes earlier in the day. The status page lists both ether and litecoin trading as having a "Major Outage."
I used to be a bitcoin bull. As bitcoin's price soared from $13 to more than $1,000 in 2013, lots of people argued it was an unsustainable bubble. I argued the opposite: that bitcoin's price still had a lot of room to rise. And obviously, I turned out to be right, as bitcoin is now worth $17,000—17 times the cryptocurrency's previous peak in late 2013.
Now we're in the midst of another big bitcoin bull market, and I'm much more worried that the market is getting into unsustainable territory. At the beginning of the year, bitcoins were worth $1,000 apiece, and all bitcoins in circulation were worth around $15 billion—still quite small as global financial assets go. Today, each bitcoin is worth $17,000, and all bitcoins in circulation are worth a much more substantial $280 billion. That seems like a lot for a payment network that only processes about four transactions per second.
Meanwhile, there are growing signs that ordinary, unsophisticated investors may be getting in over their heads. Anecdotal reports suggest that people with no real technical or financial expertise are getting interested in cryptocurrency, and some people are even borrowing money to invest in bitcoin. The market is starting to feel like the final month of the dotcom boom, when people started getting tech stock tips from their taxi drivers.
A verdant garden, softly draped with all manner of greenery, is a tranquil setting to most. But to scientists, it can be tranquilized further.
Just like humans, plants can succumb to the effects of general anesthetic drugs, researchers report this week in the Annals of Botany. The finding is striking for a variety of reasons—there’s the pesky fact that plants lack a central nervous system, for one thing. But, perhaps more noteworthy is that scientists still aren’t sure how general anesthetics work on humans—let alone plants. Despite that, doctors have been using the drugs daily for more than a century to knock people out and avert pain during surgeries and other medical procedures. Yet the drugs’ exact effects on our body’s cells and electrical signals remain elusive.
The authors of the new study, led by Italian and German plant biologists, suggest that plants could help us—once and for all—figure out the drugs’ mechanism of action. Moreover, the researchers are hopeful that after that’s sorted out, plants could be a useful tool to study and develop new anesthetic drugs. “As plants in general, and the model plant [Arabidopsis] thaliana in particular, are suitable to experimental manipulation (they do not run away) and allow easy electrical recordings, we propose them as ideal model objects to study anaesthesia and to serve as a suitable test system for human anaesthesia,” they conclude.
Destiny 2 isn’t the game its fans want it to be. That isn’t apparent from the game’s design, which seems to check every box a fan of the original would want. But a quick trip around the Internet shows just how much the sequel is failing to live up to many players’ expectations.
Take this 390-comment thread about the state of Destiny 2, for instance. It reads like the pre-apocalyptic screed you’d find scrawled on a wall in any number of other video games. It got to be so bad that Bungie had to interrupt its Curse of Osiris PR plans to address the complaints. And now that Curse of Osiris is out, the fan reaction isn’t exactly getting better.
That’s a shame, because Destiny 2 is a totally solid first-person shooter, taken in the vein of Bungie’s own previous games. In 40 or 50 hours you could get through every story mission, strike, raid, and a decent bit of the competitive multiplayer. That’s a good amount of content, especially compared to many other first-person shooters, and Destiny 2’s best-in-class action is enough to carry those hours forward enjoyably.
Reuters reported on Tuesday that PepsiCo had recently placed 100 reservations for Tesla Semis. The order is the largest public one to date and may have cost the food and beverage manufacturer as much as $2,000,000. (The Wall Street Journal reported in November that Tesla had bumped the price of reservations from $5,000 each to $20,000 each.) However, PepsiCo did not comment on how much it actually paid Tesla or whether its reservations were to buy the trucks outright or lease them.
PepsiCo told Reuters that it plans to use the trucks to distribute sodas and snack foods to retailers within a 500-mile radius of its manufacturing centers. The company said it is analyzing routes to find the optimal use case—either sending lighter snack loads longer distances or shipping heavy beverages shorter distances.
PepsiCo’s US fleet currently relies on 100,000 conventional semis, but the company has promised to reduce greenhouse gas emissions across its supply chain by 20 percent by 2030. That distant deadline may play into PepsiCo’s willingness to wait at least two years for Tesla’s electric trucks. Tesla CEO Elon Musk has promised that the semis will arrive in 2019. But the CEO has a history of being overly ambitious on estimated delivery time. (The company’s budget vehicle, the Tesla Model 3, suffered delays and poor production numbers even after the car was supposed to hit mass production this summer.)
Remember Android Wear? Google's struggling smartwatch OS is getting updated to Android 8.0 Oreo, just like the rest of the Android lineup. Google announced the update on the "Android Wear Developers" Google Plus group. It seems like the only supported watch right now is the flagship LG Watch Sport, which makes sense since that was the only watch to get an Android O beta in the beginning of October.
Wear's last big update was Android Wear 2.0, which was released with the LG Watch Sport the beginning of the year. Most users won't notice the move to Oreo. Like Android TV, Android Wear has its own interface and set of features that are developed separately from the base OS version. This update to Oreo changes the under-the-hood OS, but the user-facing features will mostly remain unchanged.
Android Wear has not been doing well in the market. In Q1 2017 the Apple Watch had 57 percent of the market, according to Strategy Analytics, with Samsung's Tizen OS in second place at 19 percent of the market, and Android Wear in third place at 18 percent. The group is probably undergoing a bit of a shakeup right now, as Android Wear VP of Engineering David Singleton recently left Google.
With days to go before his repeal of net neutrality rules, FCC Chairman Ajit Pai issued a press release about five small ISPs that he says were harmed by the rules. Pai "held a series of telephone calls with small Internet service providers across the country—from Oklahoma to Ohio, from Montana to Minnesota," his press release said.
On these calls, "one constant theme I heard was how Title II had slowed investment," Pai said.
But Pai's announcement offered no data to support this assertion. So advocacy group Free Press looked at the FCC's broadband deployment data for these companies and found that four of them had expanded into new territory. The fifth didn't expand into new areas but it did start offering gigabit Internet service.
If you've been following video game news at all this year, you're probably tired of hearing stories about how the Switch is the hottest selling console since the Sliced Bread 64. With Nintendo announcing this morning that its console has sold 10 million units in under nine months—before its first holiday season is even complete, to boot—we thought we'd skip the wordy analysis and just give you some relevant numbers that put the Switch's current sales in context. As far as recent consoles go, the Switch's sales so far put it in some pretty rarified company.
(Note that for most of these comparisons with other consoles, the time period includes an entire holiday season following a mid-November launch).
After my last click of the mouse, the screen went to black, with only the word "Gorogoa" flashing. Those seven all-caps letters exploded out of the emptiness I'd just exposed by solving the final puzzle.
I nearly doubled over in my chair, overwhelmed with the emotion I felt trying to make sense of what had transpired. The game gave me some breathing room to do so, with a solemn song playing while credits rolled. After those, a single panel appeared. The game had begun again. Flipped to page one.
I describe this "ending" moment because it answers a critical concern about the puzzle game Gorogoa, which has been in development for an astonishing six years and was made almost entirely by one man, Jason Roberts. Gorogoa is, quite frankly, short. At the end of six years of development, Roberts has produced a little over two hours of gameplay.
Apps are just as highly anticipated as other forms of entertainment now, and Apple's newest update to its app stores lets customers call dibs on their favorites before they're even released. An update to the iTunes Connect resources page states that developers can now open up their apps for preorder on all Apple platforms before the program is officially released. This allows developers to see the product page before anyone can download the app, and customers can tap a new "Pre-Order" button to secure their download before it becomes available on the designated release date.
Developers can choose never-before-published apps from their My Apps page to make available for preorder. They must choose an official release date before the preorder page goes live, and that date must be at least two days, but no more than 90 days, in the future. Once the release date is chosen and the app is approved by Apple, the app's page will go live, allowing customers to preorder the program.
Preorders are available for free and paid apps. After preordering an app, you'll be notified of the official release date that the app is available to download. If that preordered app happens to be a paid app, you won't be charged until you download the program.
By the summer of 1968, a sense of deep unease had engulfed the American republic. Early in the year, the Tet Offensive smashed any lingering illusions of a quick victory in the increasingly bloody Vietnam conflict. Race relations boiled over in April when a single rifle bullet took the life of Martin Luther King, Jr. Two months later, as Bobby Kennedy walked through a hotel kitchen, he was shot in the head. The red, white, and blue threads that had bound America for nearly two centuries were faded and fraying.
Amid this national turmoil, senior planners at the country’s space agency were also having a difficult year. Late that summer they quietly faced their most consequential decision to date. If NASA was going to meet the challenge laid out by President John F. Kennedy, its astronauts would soon have to take an unprecedented leap by leaving low-Earth orbit and entering the gravity well of another world—the Moon. Should they do it?
For a decade, some security professionals have held out extended validation certificates as an innovation in website authentication because they require the person applying for the credential to undergo legal vetting. That's a step up from less stringent domain validation that requires applicants to merely demonstrate control over the site's Internet name. Now, a researcher has shown how EV certificates can be used to trick people into trusting scam sites, particularly when targets are using Apple's Safari browser.
Researcher Ian Carroll filed the necessary paperwork to incorporate a business called Stripe Inc. He then used the legal entity to apply for an EV certificate to authenticate the Web page https://stripe.ian.sh/. When viewed in the address bar, the page looks eerily similar to https://stripe.com/, the online payments service that also authenticates itself using an EV certificate issued to Stripe Inc.
The demonstration is concerning because many security professionals counsel end users to look for EV certificates when trying to tell if a site such as https://www.paypal.com is an authentic Web property rather than a fly-by-night look-alike page that's out to steal passwords. But as Carroll's page shows, EV certs can also be used to trick end users into thinking a page has connections to a trusted service or business when in fact no such connection exists. The false impression can be especially convincing when end users use Apple's Safari browser because it often strips out the domain name in the address bar, leaving only the name of the legal entity that obtained the EV certificate.
Microsoft today launched a preview version of a new programming language for quantum computing called Q#. The industry giant also launched a quantum simulator that developers can use to test and debug their quantum algorithms.
The language and simulator were announced in September. The then-unnamed language was intended to bring traditional programming concepts—functions, variables, and branches, along with a syntax-highlighted development environment complete with quantum debugger—to quantum computing, a field that has hitherto built algorithms from wiring up logic gates. Microsoft's hope is that this selection of tools, along with the training material and documentation, will open up quantum computing to more than just physicists.
Given that quantum computers are still rare, Microsoft has built an as-yet-unnamed quantum simulator to run those quantum programs. The local version, released as part of the preview, can support programs using up to 32 quantum bits (qubits), using some 32GB of RAM. Microsoft is also offering an Azure version of the simulator, scaling up to 40 qubits.
Google's push to bring Augmented Reality to the masses hit a big milestone today with the launch of the "AR Stickers" app. Google has been doing Augmented Reality for some time now with the hardware-packed Project Tango devices, but AR Stickers is the first app in Google's new AR strategy, which revolves around ARCore. ARCore is a reworked augmented reality framework that can do many of the Tango AR tricks but without all the extra hardware.
AR Stickers is out now in the Play Store for the Pixel 1 and Pixel 2. The app is a new mode in the Google Camera that allows you to drop various 3D characters into the camera feed. ARCore will map out the nearest horizontal plane, like a floor or table, and ground the characters in real life. You can move the camera around, take pictures, and record video.
The Federal Communications Commission is still on track to eliminate net neutrality rules this Thursday, but the commission said today that it has a new plan to protect consumers after the repeal.
The FCC and Federal Trade Commission released a draft memorandum of understanding (MOU) describing how the agencies will work together to make sure ISPs keep their net neutrality promises.
After the repeal, there won't be any rules preventing ISPs from blocking or throttling Internet traffic. ISPs will also be allowed to charge websites and online services for faster and more reliable network access.
NASA has had a big problem since the agency triumphantly landed humans on the Moon nearly half a century ago. Namely, after the Apollo landings delivered a solid US victory in the Cold War, human exploration has no longer aligned with the strategic national interest. In other words, sending humans into space has represented a nice projection of soft power, but it has not been essential to America's domestic and foreign policy aims.
As a result, NASA's share of the federal budget has declined from just shy of five percent at the height of the Apollo program to less than 0.5 percent today. At the same time, NASA's mandate has grown to encompass a broad array of Earth science, planetary science, and other missions that consume more than half of the agency's budget.
With less buying power for human exploration, NASA has had to scale back its ambitions; and as a result, astronauts have not ventured more than a few hundred miles from Earth since 1972. Twice before, presidents have attempted to break free of low-Earth orbit by proposing a human return to the Moon, with eventual missions to Mars. President George H.W. Bush did so with the Space Exploration Initiative in 1989, on the 20th anniversary of the Apollo 11 Moon landing. And George W. Bush did so in 2004, with the Vision for Space Exploration. Neither of these were bad concepts—indeed, both offered bold, ambitious goals for the space agency—but they died due to a lack of commitment and funding.