Month: June 2018

Facebook disclosed a new privacy blunder on Thursday in a statement that said the site accidentally made the posts of 14 million users public even when they designated the posts to be shared with only a limited number of contacts.

The mixup was the result of a bug that automatically suggested posts be set to public, meaning the posts could be viewed by anyone, including people not logged on to Facebook. As a result, from May 18 to May 27, as many as 14 million users who intended posts to be available only to select individuals were, in fact, accessible to anyone on the Internet.

“We have fixed this issue, and, starting today, we are letting everyone affected know and asking them to review any posts they made during that time,” Facebook Chief Privacy Officer Erin Egan said in the statement. “To be clear, this bug did not impact anything people had posted before–and they could still choose their audience just as they always have. We’d like to apologize for this mistake.”

Enlarge / We'll test Shaq Fu: A Legend Reborn during this week's episode of Ars Frontlog, along with two other 2D video games. (credit: Saber Interactive)

Ars Technica's experimental foray into Twitch live-streaming continues today with our second episode of Ars Frontlog. The short version: tune into our official Twitch channel today (Thursday, June 7) at 8:30pm ET/5:30pm PT to watch me play games and join me in the chat room.

If you missed last week's premiere, the show concept sees us picking out modern games, anywhere between a week and a couple of years old, that we might otherwise have skipped for the sake of an article (or have substantially changed since launching). While we strive to dedicate time to playing, reviewing, and writing about games that our readers care about, some games in the modern software deluge fall through the cracks, including ones we love and ones we don't.

Thus, we're testing Twitch as a compromise: you can see us play and talk about "spillover" games during a live feed, and ask questions while one of us is live on a mic, or you can come back later for an archived video and a brief text summary of what we thought.

Enlarge / From left to right: current GitHub CEO Chris Wanstrath, Microsoft CEO Satya Nadella, and former Xamarin CEO, soon-to-be GitHub CEO Nat Friedman (credit: Microsoft)

As part of Microsoft's $7.5 billion purchase of cloud source code repository GitHub, the company is installing a new CEO. Once the deal closes (which is expected to happen later this year), out will go GitHub co-founder Chris Wanstrath and in will come Nat Friedman. Friedman is the former CEO of Xamarin, the cross-platform .NET implementation that Microsoft bought in 2016.

Friedman brings solid open-source bona fides: core parts of the Xamarin stack were open source, and Friedman's previous company, Ximian, was created to develop the open-source GNOME project. His appointment should quell many of the fears that open-source developers have about the takeover. To engage with the community further, Friedman today did a Reddit AMA to answer questions about the acquisition.

The main thrust of his replies? Microsoft doesn't really intend to change much at GitHub. When asked if GitHub users should expect any big alterations, Friedman answered that Microsoft is "buying GitHub because [it] likes GitHub" and intends to "make GitHub better at being GitHub." Although there will be "full integration" between GitHub and Visual Studio Team Services, there won't be any radical changes in trajectory or service offerings.

Enlarge / A high-level concept diagram of how cloud gaming works. (credit: Venngage)

Better start saving up for that PlayStation 5, Xbox Two, or Nintendo Swatch (that last follow-up name idea is a freebie, by the way). That generation of consoles might be the last one ever, according to Ubisoft CEO Yves Guillemot. After that, he predicts cheap local boxes could provide easier access to ever-evolving high-end gaming streamed to the masses from cloud-based servers.

"I think we will see another generation, but there is a good chance that step-by-step we will see less and less hardware," Guillemot said in a recent interview with Variety. "With time, I think streaming will become more accessible to many players and make it not necessary to have big hardware at home. There will be one more console generation and then after that, we will be streaming, all of us."

That relatively quick shift to a streaming-centric gaming marketplace might seem hard to believe from the vantage point of 2018, where even streaming a high-end game from a console inside your own house comes with plenty of headaches. And while workable streaming services like PlayStation Now and GeForce Now have their niches, they don't seem in imminent danger of replacing high-end local gaming hardware altogether any time soon

Greetings, Arsians! Courtesy of our friends at TechBargains, we have another round of deals to share. Today's list is led by a deal on a pair of affordable wireless exercise headphones from Anker, the company best known for its line of popular portable batteries. The Soundcore Spirit X, as the earbuds are called, are going for $30 on Amazon. That's a $10 drop from their usual price.

The Spirit X launched last month, so there aren't many reviews for them just yet, but the Dealmaster himself has been using them in recent weeks and feels comfortable recommending them. They're still cheap headphones, so you can't expect the world. But the Spirit X headphones are lightweight, their hook design has helped them fit snugly in my ears, and they're IPX7-rated water-resistant, which should help them withstand workouts. They also use Bluetooth 5, which should make them a bit more efficient with newer phones that also support the spec.

Anker says the earphones get 12 hours of battery life, which is about right. And while you can definitely get better sound from pricier earbuds, they should satisfy people who are looking to pay $30 for a pair of earbuds. They give a massive boost to the bass, which some may not prefer, but they're largely clean and inoffensive otherwise. They also come with an 18-month warranty if things go bad.

Enlarge (credit: Qihoo 360)

As browser makers make it increasingly hard to exploit vulnerabilities in Adobe Flash and other plugins, hackers targeting diplomats in the Middle East tried a new approach this month: using Microsoft Office to remotely load Flash content that used a potent zero-day flaw to take control of computers.

On Thursday, Adobe published a patch for the critical vulnerability, indexed as CVE-2018-5002. The stack-based buffer overflow was being triggered in an Office document that embedded a link to a Flash file stored on people.dohabayt.com. Once executed, the malicious file then downloaded a malicious payload from the same domain. That’s according to researchers from security firms Icebrg and Qihoo 360, which independently discovered the attacks and privately reported them to Adobe and wrote about it here and here.

Over the past few years, browser makers have begun to block Flash content by default, a change that has gone a long way to preventing drive-by attacks that exploit critical vulnerabilities in Adobe’s widely used media player. By contrast, at least some versions of Microsoft Office still download Flash with little or no user interaction, Icebrg CEO William Peteroy told Ars. To prevent downloads, users should ensure their installations prevent Flash from loading at all or at least don’t load Flash without explicit permission.