Here’s how to make sure Hawaii’s missile warning fiasco isn’t repeated

This is a guest post from Steve Bellovin, a professor in the Computer Science department and affiliate faculty at the law school at Columbia University. His research focuses on networks, security, and public policy. His opinions don’t necessarily reflect the views of Ars Technica.

By now, most people have heard about the erroneous incoming ICBM alert in Hawaii. There’s been scrutiny of the how the emergency alert system works and of how international tensions and the flight times of missiles can lead to accidental nuclear war. I’d like to focus instead on how the systems design in Hawaii led to this problem—a design that I suspect is replicated in many other states.

One possible factor, of course, is hurried design:

Read 11 remaining paragraphs | Comments



Source: Ars Technica – Here’s how to make sure Hawaii’s missile warning fiasco isn’t repeated

For new form of male birth control, scientists turn to poison arrows

Enlarge / Aim carefully. (credit: Getty | Brian Seed )

According to scientists, a poison arrow in the quiver may let loose a very sticky nether-region massacre.

The poison in question has spattered from the tips of African weapons for centuries, rubbing out wild beasts and halting the hearts of warriors. But, according to a study in the Journal of Medicinal Chemistry, a crotch shot of an ancient toxin called “ouabain” can also take out sperm. By tweaking the poison’s chemical backbone (or scaffold), it can selectively paralyze trouser troops and prevent them from storming eggs, the authors report.

The study’s authors, led by Shameem Sultana Syeda of the University of Minnesota, are optimistic that, with further aiming, the poison’s progeny could one day strike as a safe, reversible male contraceptive.

Read 8 remaining paragraphs | Comments



Source: Ars Technica – For new form of male birth control, scientists turn to poison arrows

Tesla’s Model X: A lovely roadtripper with stiff daily driving competition

Read 61 remaining paragraphs | Comments



Source: Ars Technica – Tesla’s Model X: A lovely roadtripper with stiff daily driving competition

Realizing you can’t have enough JK Simmons, new sci-fi spy series doubles him

Enlarge / Counterpart is ready to give you all the JK Simmons you can handle. (credit: Starz)

Warning: The following preview outlines general details for the premise of Counterpart, a new Starz sci-fi series debuting this weekend.

The “actor as multiple roles” genre has been done in a seemingly infinite amount of ways as of late: clones, siblings, whatever Cloud Atlas was. With Starz’ new series Counterpart debuting this Sunday (8pm ET), the premise gets a slight twist. Beloved institution JK Simmons (everything from those insurance ads to Justice League and Whiplash) portrays mild-mannered office man Howard and alternate-universe spy bad-ass Howard Prime.

Confused? Luckily, audiences get the gist of this situation early in the series premiere: 30 years ago during the Cold War, scientists were experimenting when something went wrong, opening a passage between two seemingly distinct worlds. “Go through this door,” bossman Peter tells Howard. “And you’re in a world identical to ours.”

Read 7 remaining paragraphs | Comments



Source: Ars Technica – Realizing you can’t have enough JK Simmons, new sci-fi spy series doubles him

An MMO goes full circle, promises to bring subscriptions back this year

Enlarge / Starting sometime this year, you’ll be able to pay up front to fake as any of Rift Prime‘s heroes. (credit: Trion)

The online game-subscription model has generally waned in recent years, overtaken by the popularity (and apparent profitability) of “free-to-play” (F2P) fare. One of the earliest MMORPGs to switch to a F2P model, the Trion-published Rift, announced a curious change coming to its payment model: a branch-off of one Rift server, and its entire gameplay and payment structure, to return to the flat subscription model later this year.

As reported by Kotaku, the game’s developers announced plans for this new version, dubbed Rift Prime, in a Friday blog post. The plan actually began life months earlier when Trion asked fans about the idea of a “challenge server” product—meaning, a version of the game that was harder and segregated interested players into their own, higher-difficulty pool of players. Fan response to the pitch went a different direction.

The players’ “strongest cues,” the devs write, revolved around “how to make the business model more appealing.”

Read 5 remaining paragraphs | Comments



Source: Ars Technica – An MMO goes full circle, promises to bring subscriptions back this year

A randomly generated, totally novel enzyme rescues mutant bacteria

Read 9 remaining paragraphs | Comments



Source: Ars Technica – A randomly generated, totally novel enzyme rescues mutant bacteria

A flaming superhero car and dieting trucks at the 2018 Detroit Auto Show

Read 11 remaining paragraphs | Comments



Source: Ars Technica – A flaming superhero car and dieting trucks at the 2018 Detroit Auto Show

First Martians board game makes a powerful case for staying on Earth

Read 17 remaining paragraphs | Comments



Source: Ars Technica – First Martians board game makes a powerful case for staying on Earth

Twitter begins emailing the 677,775 Americans who took Russian election bait

Enlarge / Maybe Twitter should try this approach for the 677,775 emails it says it will soon send to affected users. (credit: Warner Bros. / Sam Machkovech)

On Friday, Twitter took an end-of-the-week opportunity to dump some better-late-than-never news onto its userbase. For anybody who followed or engaged with a Twitter account that faked like an American during the 2016 election season but was actually linked to a major Russian propaganda campaign, you’re about to get an email.

Twitter announced that it would contact a massive number of users with that news: 677,775 users to be exact. This count includes those who interacted with the 3,814 accounts that Twitter has directly linked to the Internet Research Agency (IRA), the Russian troll farm whose election-related meddling was exposed in 2017.

That number of accounts, Twitter noted, is a jump from Twitter’s prior count of 2,812 IRA-linked trolls, which it had disclosed as part of an October 2017 hearing in Congress. Twitter says that this specific pool of troll accounts generated 175,993 posts during the 2016 period of activity that Twitter has been analyzing, and the service noted that 8.4 percent of those posts were “election-related.” In its Friday disclosure, Twitter did not take the opportunity to acknowledge how the remaining percentage of these posts, which included anything from “I’m a real person” idle banter to indirect and divisive messaging, may have ultimately contributed to the troll farm’s impact. (For example: Twitter CEO Jack Dorsey bit, and bit hard, on a known IRA account by retweeting two of its 2016 posts.)

Read 5 remaining paragraphs | Comments



Source: Ars Technica – Twitter begins emailing the 677,775 Americans who took Russian election bait

OnePlus got pwned, exposed up to 40,000 users to credit card fraud

Enlarge / If you bought directly from OnePlus in the last two months or so, double-check your credit statements.

Earlier this week, numerous reports of credit card fraud started pouring in from OnePlus users. On the company’s forums, customers said that credit cards used to purchase a OnePlus smartphone recently were also seeing bogus charges, so OnePlus launched an investigation into the reports. It’s now a few days later, and the company has admitted that its servers were compromised—”up to 40k users” may have had their credit card data stolen.

OnePlus has posted an FAQ on the incident. “One of our systems was attacked,” the post reads. “A malicious script was injected into the payment page code to sniff out credit card info while it was being entered.” OnePlus believes the script was functional from “mid-November 2017” to January 11, 2018, and it captured credit card numbers, expiration dates, and security codes that were typed into the site during that time. Users that paid via PayPal or a previously-entered credit card information are not believed to be affected.

OnePlus says it “cannot apologize enough for letting something like this happen.” The company is contacting accounts it believes to have been affect via email, and OnePlus says it is “working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit.”

Read on Ars Technica | Comments



Source: Ars Technica – OnePlus got pwned, exposed up to 40,000 users to credit card fraud

Can we zero-in on Earth’s sensitivity to CO₂?

Read 12 remaining paragraphs | Comments



Source: Ars Technica – Can we zero-in on Earth’s sensitivity to CO₂?

Amazon has made it more expensive to subscribe to Prime month-to-month

Amazon founder and CEO Jeff Bezos. (credit: Steve Jurvetson)

Amazon on Friday announced that it has raised the price of its Prime membership program for those who subscribe on a month-to-month basis.

The plan previously cost $10.99 a month, but it will now cost $12.99 a month. That means the price of subscribing to the monthly Prime plan for a full year has jumped 18 percent, from $131.88 to $155.88. Those who currently subscribe to the monthly plan will see the price hike take effect on their first payment after February 18.

The e-commerce giant said it has also raised the rate of its cheaper Prime plan for students from $5.49 a month to $6.49 a month. The Prime Student plan launched this past October.

Read 6 remaining paragraphs | Comments



Source: Ars Technica – Amazon has made it more expensive to subscribe to Prime month-to-month

Malicious Chrome extension is next to impossible to manually remove

(credit: Malwarebytes)

Proving once again that Google Chrome extensions are the Achilles heel of what’s arguably the Internet’s most secure browser, a researcher has documented a malicious add-on that tricks users into installing it and then is nearly impossible for most to manually uninstall. It was available for download on Google servers until Wednesday, 19 days after it was privately reported to Google security officials, a researcher said.

Once installed, an app called “Tiempo en colombia en vivo” prevents users from accessing the list of installed Chrome extensions by redirecting requests to chrome://apps/?r=extensions instead of chrome://extensions/, the page that lists all installed extensions and provides an interface for temporarily disabling or uninstalling them. Malwarebytes researcher Pieter Arntz said he experimented with a variety of hacks—including disabling JavaScript in the browser, starting Chrome with all extensions disabled, and renaming the folder where extensions are stored—none of them worked. Removing the extension proved so difficult that he ultimately advised users to run the free version of Malwarebytes and let it automatically remove the add-on.

When Arntz installed the extension on a test machine, Chrome spontaneously clicked on dozens of YouTube videos, an indication that inflating the number of views was among the things it did. The researcher hasn’t ruled out the possibility that the add-on did more malicious things because the amount of obfuscated JavaScript it contained made a comprehensive analysis too time consuming. The researcher provided additional details in a blog post published Thursday.

Read 9 remaining paragraphs | Comments



Source: Ars Technica – Malicious Chrome extension is next to impossible to manually remove

The global state of science

Read 15 remaining paragraphs | Comments



Source: Ars Technica – The global state of science

Years after predicted “death,” game consoles are doing better than ever

Enlarge / We will admit, new sales for the consoles shown here did not do very well in 2017

It’s a bit hard to remember now, but we’re only four or five years out from widespread and confident predictions that the game console market was effectively dead or dying. In 2012, Wired cited mobile disruption and “the whole box-model mentality” in declaring the death of the console. Around the same time, CNN cited a “four-year tailspin” in sales for dedicated consoles (which, coincidentally, started right around the same time as the global financial crisis) to explain “why console gaming was dying.”

And IGN, in its own 2012 look at the fate of the console market, offered a bold prediction for the fate of the PS4 months before it was even officially announced: “A better-graphics box at $400? Not going to work.”

Today, those and many other relatively recent predictions of doom for the console market look downright silly. The industry analysts at NPD announced last night that the US video game market grew 11 percent in 2017 to $3.3 billion. The reason? “Video game hardware [meaning consoles] was the primary driver of overall growth,” as hardware was up 27 percent for the year, to $1.27 billion.

Read 5 remaining paragraphs | Comments



Source: Ars Technica – Years after predicted “death,” game consoles are doing better than ever

The net neutrality testing app that Apple rejected is available now

Enlarge (credit: Getty Images | alexsl)

An iPhone application that attempts to detect whether ISPs are throttling online services is now available on Apple’s App Store, despite Apple originally refusing to allow it onto iPhones and iPads.

The Wehe app has been available for iOS at this link since last night. It had already been available for Android on the Google Play store for at least a month.

Wehe tests the speeds of YouTube, Amazon, NBCSports, Netflix, Skype, Spotify, and Vimeo in different ways and uses variances in measured results to judge whether or not traffic is being throttled to your device.. But Apple initially refused to let the app into the App Store, telling its creator that “your app has no direct benefits to the user.”

Read 11 remaining paragraphs | Comments



Source: Ars Technica – The net neutrality testing app that Apple rejected is available now

The Zuma failure has emboldened critics of SpaceX

Enlarge / The Zuma mission launched on Jan. 7 from Florida. (credit: SpaceX)

The space community has not learned much about the apparent loss of the Zuma payload launched by SpaceX on January 7, but the mystery has had one clear after effect: critics of SpaceX, including several far-right publications, have weaponized the failure of a national security satellite in their continued stream of attacks on the company.

For example The Federalist, a publication that defended the dating habits of Alabama Judge Roy Moore in his Senate campaign, opined about the accident, “It is concerning, to say the least, that American taxpayers have become the guinea pigs who will bear the risks and the costs before a final determination can be made.” The conservative Washington Times also published a critical piece, noting that, “Taxpayers are tired of getting ripped off.”

These articles were written by individuals with little apparent knowledge about the aerospace industry. The Federalist author lists, among his qualifications, that he “helped the 2014 freshmen Republican class to set up offices.” The Times author notes on his LinkedIn profile that he is a “professional coalition builder.”

Read 10 remaining paragraphs | Comments



Source: Ars Technica – The Zuma failure has emboldened critics of SpaceX

Wind with batteries? Build it quickly and it could cost $21/MWh in Colorado

Enlarge / A couple of wind turbines, part of the Cedar Point Wind Energy Project in Limon, Colorado. (credit: Getty Images)

Proposals for renewable electricity generation in Colorado are coming in cheap, like, $21/MWh-cheap for wind and battery storage. Though there are a few caveats to those numbers, federal incentives and quickly falling costs are combining to make once-quirky renewable projects into major contenders in an industry where fossil fuels have comfortably dominated since the 19th century.

Early last year, Colorado energy provider Xcel Energy requested proposals for new electricity generation. Specifically, the company needed 450 megawatts of additional generation to meet future demand. In a separate request called the Colorado Energy Plan, Xcel said (PDF) it would consider replacing two coal plants providing 660MW of capacity with “hundreds of megawatts of new wind and solar as well as some natural gas-fired resources” if new resources could be found cheaper than what those coal plants cost to operate (including costs to shut down the plants early).

By late November, energy companies had submitted their best offers. Although exact details of the offers aren’t available yet, Xcel Colorado was required to make public a summary of the proposals (PDF) in the month after the bids were submitted.

Read 13 remaining paragraphs | Comments



Source: Ars Technica – Wind with batteries? Build it quickly and it could cost /MWh in Colorado

Office for Mac finally has real-time collaboration in 16.9.0 update

Enlarge (credit: Microsoft)

Microsoft has released a major update for Office for Mac. Update 16.9.0 finally brings long-anticipated real-time collaboration features and automatic cloud saving. Notably, the Mac version of this software is now built from the same codebase as the Windows version, which means that Office shares a codebase across all platforms for the first time in 20 years.

The Mac version of Office has often lagged behind Windows in features (some periods have been better than others) but this change could lay the groundwork for better parity moving forward. A shared codebase doesn’t necessarily mean everything will be the same, but it does mean that it will be simpler to support all platforms (Windows, Mac, iOS, and Android) on Microsoft’s end.

Real-time collaboration is long overdue in Office for Mac. Users have been calling for it for quite some time. A major selling point of Google Docs and several other Office alternatives, it’s been a slow rollout for this feature in Office regardless of platform. Limited live collaboration was was part of the Office 2016 update, but Excel for Windows, for example, didn’t get true real-time collaboration until a beta last year. Now, users on Mac and Windows can see each other’s changes in real-time. As in Google docs, thumbnails show which users are collaborating with you on a document. Flag icons indicate where they’re working, and their changes appear to collaborators in real-time as they work.

Read 3 remaining paragraphs | Comments



Source: Ars Technica – Office for Mac finally has real-time collaboration in 16.9.0 update

NASA has pulled Jeanette Epps just months before her first flight

Read 2 remaining paragraphs | Comments



Source: Ars Technica – NASA has pulled Jeanette Epps just months before her first flight