Long-time software guru Dave Winer is criticizing Google’s plans to deprecate HTTP (by, for example, penalizing sites that use HTTP instead of HTTPS in search results and flagging them as “insecure” in Chrome). Winer writes:
A lot of the web consists of archives. Files put in places that no one maintains. They just work. There’s no one there to do the work that Google wants all sites to do. And some people have large numbers of domains and sub-domains hosted on all kinds of software Google never thought about. Places where the work required to convert wouldn’t be justified by the possible benefit. The reason there’s so much diversity is that the web is an open thing, it was never owned….
If Google succeeds, it will make a lot of the web’s history inaccessible. People put stuff on the web precisely so it would be preserved over time. That’s why it’s important that no one has the power to change what the web is. It’s like a massive book burning, at a much bigger scale than ever done before.
“Many of these sites don’t collect user data or provide user interaction,” adds Slashdot reader saccade.com, “so the ‘risks’ of not using HTTPS are irrelevant.” And Winer summarizes his position in three points.

The web is an open platform, not a corporate platform.
It is defined by its stability. 25-plus years and it’s still going strong.
Google is a guest on the web, as we all are. Guests don’t make the rules.
“The web is a social agreement not to break things,” Winer writes. “It’s served us for 25 years. I don’t want to give it up because a bunch of nerds at Google think they know best.”

Read more of this story at Slashdot.

Source: Slashdot – Is Google’s Promotion of HTTPS Misguided?

An anonymous reader quotes ITWire:
Well-known British security researcher Kevin Beaumont says the breach of the British operations of American multinational ticket sales and distribution company Ticketmaster, that has led to the possible leak of tens of thousands of credit card details, was caused by the incorrect placement of a single line of code… Beaumont said Inbenta was providing a chat bot for website developers “by providing a single line of HTML which calls a JavaScript from Inbenta’s Web server….”
He pointed out that while Inbenta had provided Ticketmaster a customised JavaScript one-liner, the ticketing company had placed this chatbot code on its payment processing website without informing Inbenta it had done so. “This means that Inbenta’s webserver was placed in the middle of all Ticketmaster credit card transactions, with the ability to execute JavaScript code in customer browsers,” Beaumont said. This code had been altered by some malicious person back in February and the problems began at that point, he said.
Beaumont warns businesses to be cautious with third-party JavaScript code in sensitive processes. “Check your supply chain. Because attackers are.”
And he also highlights how anti-virus tools started flagging the the script months before Ticketmaster announced the breach. “I can see the Javascript file being uploaded to a variety of threat intelligence tools from April through just before the breach announcement, so clearly somebody was looking into it.”

Read more of this story at Slashdot.

Source: Slashdot – One Misplaced Line of JavaScript Caused the Ticketmaster Breach

CNET reports on what happened when a new Uber driver received a call from Uber telling him to cancel the trip and verify his account:

The caller asked for his email. He gave it. The caller asked for his Uber account password. He gave him that, too, after a brief hesitation. Then the caller said to tell him the confirmation code he’d be receiving shortly via text. The driver told him the code once he got the text. This was the two-factor authentication needed to get into the driver’s Uber account. “Nothing happened for the rest of the week,” the driver says. “I didn’t think anything of this again until Saturday.” But in those following three days, the scammer had changed the driver’s account settings and waited for the perfect time to withdraw money…. By Saturday night, his $653.88 in earnings from that week had been nabbed from his account…
Apparently the scam has hit thousands of ride-hail drivers, and millions of dollars have been diverted from their accounts, according to a lawsuit brought by the U.S. Attorney’s Office in New York’s federal court last November… [A] couple of key elements about Uber make it possible. When passengers hail a ride with Uber, they see the name of the driver and the car’s make, model and license number, and they get an anonymized phone number to call the driver. All of this ensures passengers safely connect with the right driver. But it also makes it possible for the wrong people to see lots of information about drivers.
When one of the scam victims complained to Uber, he “was told he had to wait until Monday when he could talk to a representative in person at one of its driver hubs,” although eventually Uber “agreed to credit the $653.88 back to his account as a ‘one-time repayment courtesy.'”
Other scammers have gone after Uber directly, CNET reports, using GPS-spoofing apps to simulate long rides as “a way to pocket money via stolen credit cards, essentially using Uber as a makeshift money laundering service.” Uber’s data science manager spotted the fake rides because “weird” altitude coordinates indicated that the drivers were flying through the sky.

Read more of this story at Slashdot.

Source: Slashdot – Thousands of Uber Drivers Scammed Out of Millions of Dollars

An anonymous reader quotes the New York Times:
We’ve hit what I call Peak Screen. For much of the last decade, a technology industry ruled by smartphones has pursued a singular goal of completely conquering our eyes. It has given us phones with ever-bigger screens and phones with unbelievable cameras, not to mention virtual reality goggles and several attempts at camera-glasses. Tech has now captured pretty much all visual capacity. Americans spend three to four hours a day looking at their phones and about 11 hours a day looking at screens of any kind.

So tech giants are building the beginning of something new: a less insistently visual tech world, a digital landscape that relies on voice assistants, headphones, watches and other wearables to take some pressure off our eyes. This could be a nightmare; we may simply add these new devices to our screen-addled lives. But depending on how these technologies develop, a digital ecosystem that demands less of our eyes could be better for everyone — less immersive, less addictive, more conducive to multitasking, less socially awkward, and perhaps even a salve for our politics and social relations. Who will bring us this future? Amazon and Google are clearly big players, but don’t discount the company that got us to Peak Screen in the first place. With advances to the Apple Watch and AirPods headphones, Apple is slowly and almost quietly creating an alternative to its phones… If it works, it could change everything again.

Warning that screens are insatiable vampires for your attention, the piece argues we should be using our phones more mindfully — and exploring “less immersive ways to interact with the digital world” like Google and Amazon voice assisants.
“The sooner we find something else, the better.”

Read more of this story at Slashdot.

Source: Slashdot – We’ve Reached ‘Peak Screen’. So What Comes Next?

The new tallest building on the San Francisco skyline — and the tallest building in America west of the Mississippi — includes a nine-story electronic sculpture that’s been called the tallest piece of public art on Earth. It uses 11,000 LED bulbs reflected off the tower-topping aluminum panels — each pixel created by a set of red, green, blue and white lights controlled by 8-bit PIC microcontrollers. “On a clear night, the show is visible for 30 miles,” reports IEEE Spectrum.

Slashdot reader Tekla Perry shares their article about “the technology involved in the light show at the top of Salesforce Tower. Electrical engineer and artist Jim Campbell explains it all — and how the window-washer problem stumped him for nearly a year.”
“[O]n the 62nd floor, a central PC-based computer runs Ubuntu Linux, sending instructions to a communications control system that splits the data and sends it at 11 Mbit to the 32 enclosures using a custom communications protocol… We will capture images throughout the day, sending them to Amazon’s cloud, and run some algorithms designed to identify visual interesting-ness. For example, at its simplest, when we look at the sky, if it’s all blue, it’s boring, if it’s all white, it’s boring, if it has white and blue it is likely to be interesting. We’ll chose the best half hour of the day at each camera, based on movement and color, to display….”

And finally, when the main display shuts down late at night, another system designed by Campbell will kick in. In this static display, a set of 36 white LEDs will create a three-dimensional constellation of lights that will look like stars. “It’s quieter, it has a random aspect to it,” he says.

“Since construction started, the tower has emerged as an icon of the new San Francisco — techie, ambitious, perhaps a little grandiose,” writes the New Yorker, capturing the moment when Campbell finally unveiled his four-year project — while fighting stomach flu and a chest cold, on a night which turned out to be prohibitively foggy. The executive vice-president of Boston Properties told him cheerily, “Jim! Look on the brighter side. We’ve got every night for the rest of our lives.”

“There was a long silence from the people on the terrace. The fog was thick. At last, someone exclaimed, ‘Woo-hoo!,’ and a volley of cheers followed.” Although the colors they were seeing came from the celebratory fireworks and not from Jim’s light sculpture.
Are there any San Francisco-area Slashdotters who want to weigh in on the Salesforce Tower?

Read more of this story at Slashdot.

Source: Slashdot – Massive New ‘Salesforce Tower’ Light Sculpture: AI, Ubuntu, Fog, and a MacBook