Month: September 2016

Enlarge (credit: Aurich Lawson)

The speed of light is a magnificent thing. Using light, data can, and often does, travel at the fastest pace allowed by physics. But sending data is not the only job involved in communication. The data also has to be processed and routed. For these jobs, the speed of light is a curse. If it takes you one nanosecond to decide where a bit needs to go, then that bit has already traveled 20-30cm.

In terms of silicon chips and processing, this is a bit like telling a taxi driver to turn left thirty thousand blocks too late. In effect, this means that to make a routing decision, you may have to store the data in a memory register, make the decision, and then extract it again. At the moment, this necessitates storing the information electronically, a painfully slow process. Of course, engineers know this and use clever strategies to minimize the number of times any sort of decision needs to be made.

Ultimately, what you would really like to do is slow the light down for a few nanoseconds while you perform whatever processing and routing is necessary, then let it fly away like a souped up pigeon. A group of Australian researchers have a new take on an old idea about how to get this to work.

Enlarge / Free, unfiltered Web browsing—without a data plan. (credit: Jacob Ajit)

Jacob Ajit, a 17-year-old student at the Thomas Jefferson High School for Science and Technology in Fairfax, Virginia, was bored and screwing around with a smartphone that had service and a SIM for T-Mobile's prepaid phone service. He soon discovered it was possible to still gain access to the Internet without paying for an account; all he had to do was route everything through a proxy application running on a server with "/speedtest" in its Web address.

The T-Mobile prepaid SIM makes it possible to pay for new service from the phone itself. This requires the phone to be able to connect to T-Mobile's network to do so, essentially blocking access to the rest of the Internet through a capture portal until the account is activated. But Ajit found that the Speedtest mobile app worked even when the phone's data plan hadn't been activated—likely as a marketing tool to demonstrate the speed of T-Mobile's 4G network.

By capturing some of the data sent to Speedtest when connected to a shared network connection through his Mac (he used mitmproxy to do so), Ajit discovered the graphics used in the Speedtest app to measure download speed were hosted on a number of different sites. The only similarity in them was their Web addresses all included "/speedtest" in the URL. He manually entered the URLs into a browser on the phone and was able to reach them despite the T-Mobile block.

Enlarge

Signal, the mobile messaging app recommended by NSA leaker Edward Snowden and a large number of security professionals, just fixed a bug that allowed attackers to tamper with the contents of encrypted messages sent by Android users.

The authentication-bypass vulnerability was one of two weaknesses found by researchers Jean-Philippe Aumasson and Markus Vervier in an informal review of the Java code used by the Android version of Signal. The bug made it possible for attackers who compromised a Signal server or were otherwise able to monitor data passing between Signal users to replace a valid attachment with a fraudulent one. A second bug possibly would have allowed attackers to remotely execute malicious code, but a third bug made limited exploits to a simple remote crash.

"The results are not catastrophic, but show that, like any piece of software, Signal is not perfect," Aumasson wrote in an e-mail. "Signal drew the attention of many security researchers, and it's impressive that no vulnerability was ever published until today. This pleads in favor of Signal, and we'll keep trusting it."

This Facebook-connectivity update appears to be rolling out to Oculus Rift users in waves as part of the headset PC software's 1.8 update. (credit: Reddit)

This week saw the latest Oculus Rift software runtime begin to roll out to PC users, and the 1.8 version includes one new feature in particular: official Facebook integration. The software update is rolling out in waves, so Oculus owners may not yet have this live on their PCs, but once it rolls out, users are told that "Oculus is better with Facebook friends" and are given the option of logging in to a Facebook account.

To confirm, this is wholly optional, and the service will still operate normally should users not opt in. And in some ways, this change brings Facebook up to speed with other major online gaming platforms such as Steam, Xbox Live, and PlayStation Network, which all support Facebook-specific features like searching for friends and posting updates.

However, Oculus' tie-in to Facebook is different from the others in more aggressively tying FB to a gaming service, according to the Facebook-in-Oculus terms posted to the headset's official Reddit forum. For starters, should you log in to Facebook via the Oculus Rift's PC app, your username will change to your real name. If for any reason you'd rather your Oculus username continue to be your favorite gaming handle, whether for privacy's sake or just because you like the sound of it, you'll have to avoid the login.

A T-shirt design from Newegg while they were involved in litigation with a notorious patent troll. (credit: Newegg.com)

If you're in the Bay Area, join us for the filming of our sixth episode of Ars Technica Live, a monthly interview series with fascinating people who work at the intersection of tech, science, and culture. It's coming up tomorrow, Wednesday September 21, in Oakland, California, from 7 to 9pm. Ars editors Annalee Newitz and Joe Mullin will be talking to Lee Cheng, the chief legal officer of Newegg.com, about his lifelong war against patent trolls.

Cheng has been the top lawyer at online retailer Newegg since 2005. More than any other corporate lawyer, Cheng has been outspoken about the need to fight “patent trolls”—shadowy entities that exist only to file patent lawsuits. Under his leadership, Newegg adopted a strategy and philosophy of “never settle,” seeing patent troll lawsuits through multi-million dollar trials in tough jurisdictions, even as his competitors paid the trolls to make them go away. Cheng and Newegg have had so much success, the company doesn’t get sued anymore. (Some potential patent trolls have even dropped litigation within a day.)

At the event, we’ll be talking about how the American legal system has allowed patent trolls to thrive and what to do if a small company gets hit with a demand letter or lawsuit. Doors are at 7pm, and the live taping is from 7:30 to 8:00pm (be sure to get there early if you want a seat). After, you can stick around for informal discussion at the bar, along with delicious tiki drinks and snacks. Can't make it out to Oakland? Never fear! Episodes will be posted to Ars Technica the week after the live events. We also have a Facebook invite page.

(credit: Photo Phiend)

Paul Hansmeier, one of the masterminds behind the "porn trolling" scheme known as Prenda Law, has had his license to practice law suspended indefinitely. He can't ask for his license to be reinstated for at least four years.

Hansmeier and his colleague John Steele acquired copyrights to porn films and then sued thousands of "John Doe" defendants for allegedly illegal downloads of those films. Prenda Law made several million dollars before unraveling under a barrage of judicial sanctions beginning in 2013.

Minnesota's Office of Lawyers Professional Responsibility asked for Hansmeier to be disbarred or suspended last year. An order (PDF) published earlier this week shows that Hansmeier has admitted to the charges and agreed to be disciplined by the Minnesota Supreme Court.

Greetings, Arsians! Courtesy of our partners at TechBargains, the Dealmaster is back with a big batch of deals. The top item today is an Inspiron 3650 with a Intel Core i7-6700 processor, 16GB of memory, a 2TB 7200RPM hard drive, and an AMD Radeon HD R9 360 for $949. The one oddity is that it ships with Windows 7 Professional, but you also get a Windows 10 license should you want to upgrade. We've got that and many more deals below.

• Dell Inspiron 3650 Intel Core i7-6700 SKYLAKE Quad-Core Win7 Pro Desktop (16GB/2TB) + AMD R9 360 GPU for $579 (use code: DELLDT579 - list price $1102.99).
• Amazon Fire HD6 6" 8GB Tablet (Amazon Certified Refurb w/ 1yr Warranty) for $50.39 (use code: TECHBAR10 - list price $69.99).
• 60" Vizio 1080p 120Hz LED Smart HDTV + $250 Dell Gift Card for $649.99 (list price $729.99).
• Pre-order discount! New 2nd Gen Amazon Dot Echo Bluetooth Speaker w/ Alexa Voice & Home Automation Support for $49.99 (Buy 5 Get 1 Free use code: DOT6PACK).
• 50% off NordVPN VPN 1-Year Service for $48 (Use code: GEEK50 - list price $96). PCMag Editor's choice for VPN. Panama based VPN server with 500 servers worldwide. No logs policy, double-encryption and ultra-fast servers for video streaming.

Apple iPhone 7 Pre-orders - Ships starting 9/16: Trade-in an iPhone 6/Plus 6s/Plus and get a iPhone 7 32GB for $0.

• T-Mobile: Pre-order here: Discount on iPhone 7 Plus with Trade-in.
• Verizon: Pre-order here
• AT&T Wireless: Pre-Order here
• Sprint: Pre-order here: Waived Activation Fee

For more Smartphone Computer deals, visit the TechBargains site.