Left: Google's prototype car. Right: the eventual final design. Google

Traditionally, Google's self-driving car prototypes have taken existing cars from manufacturers like Toyota and Lexus and bolted on the self-driving car components. This is less than ideal, since it limits the design possibilities of the car's "vision" system and includes (eventually) unnecessary components, like a steering wheel and pedals.

However, Google recently built a self-driving car of its own design, which had no human control system other than a "go" button. The California DMV has now thrown a speed bump in Google's car design, though, in the form of new testing regulations that require in-development self-driving cars to allow a driver to take “immediate physical control” if needed.

The new law means Google's self-designed car will need to have a steering wheel and gas and brake pedals while it is still under development. According to The Wall Street Journal, Google will comply with the law by building a "small, temporary steering wheel and pedal system that drivers can use during testing" into the prototype cars. The report says California officials are working on rules for cars without a steering wheel and pedals, but for now, a human control system is mandatory.

Read 5 remaining paragraphs | Comments

Beta users will also get a new build of iTunes 12. Andrew Cunningham

Apple has just released the first update to the OS X Yosemite Public Beta, about a month after the first beta shipped. If you skipped the first beta but would like to give this one a try, Apple's sign-up page still appears to be accepting new testers (the company said that it would close the program down after the first million sign-ups, a number that apparently hasn't been hit yet).

The build number of the new beta indicates that it's roughly the same as Yosemite Developer Beta 6, which was released earlier this week to registered iOS and OS X developers. The first public beta was more or less identical to Developer Beta 4.

In the space of those two developer betas, Apple has been working to squash out bugs and has further Yosemite-ized more traditional OS X components. The volume and brightness overlays have been changed to match the frosted translucent look used elsewhere in the OS, and Apple added a new batch of Yosemite-themed wallpapers. Additional application and System Preferences icons have also been redesigned to match Yosemite's simpler, "flatter" look.

Read 1 remaining paragraphs | Comments

Wikimedia Commons

United States copyright regulators are agreeing with Wikipedia's conclusion that a monkey's selfie cannot be copyrighted by a nature photographer whose camera was swiped by the ape in the jungle. The animal's selfie went viral.

The US Copyright Office, in a 1,222-page report discussing federal copyright law, said that a "photograph taken by a monkey" is unprotected intellectual property."The Office will not register works produced by nature, animals, or plants. Likewise, the Office cannot register a work purportedly created by divine or supernatural beings, although the Office may register a work where the application or the deposit copy state that the work was inspired by a divine spirit," said the draft report, "Compendium of US Copyright Office Practices, Third Edition." [PDF]

The report comes two weeks after Wikimedia, the US-based operation that runs Wikipedia, announced that the public, not British photojournalist David Slater, maintains the rights to the selfie and the other pictures the black macaca nigra monkey snapped. The monkey hijacked the camera from Slater during a 2011 shoot in Indonesia and took tons of pictures, including the selfie.

Read 3 remaining paragraphs | Comments

You can check out any time you'd like, but you can never... well, you know the song. Aurich Lawson

The hapless, rude Comcast employee who was recorded by a customer during what we can only hope was his worst moment couldn’t have imagined what was about to unfold over the next month. Since then, annoyed Comcast customers have been recording calls and publicly shaming the company into giving them what they were unable to get from long, cringe-worthy conversations with customer service representatives.

One of the latest examples came yesterday from Comcast customer Douglas Dixon of Sacramento County, who spoke with a half-dozen Comcast representatives over an hour and a half. Dixon posted a recording on the Internet and described the experience on reddit. After telling employee #6 that he was recording the call and would post it on the Internet if Comcast couldn’t fix his problem, she said, “That’s fine. There’s no need for you to threaten anybody.”

Dixon’s call was spurred by Comcast’s promise to him and other customers that their speeds would be increased. In Dixon’s case, an e-mail from Comcast on August 5 said his service would be boosted from 50Mbps to 105Mbps as soon as he restarted his modem.

Read 15 remaining paragraphs | Comments

Me, getting kind of sick.

Since the unveiling of the Oculus Rift two years ago, there have been plenty of people willing to embrace the second coming of virtual reality with open arms and open minds. For at least one development team, though, those open minds have been infected with motion sickness as they try to code virtual reality support into their game.

"We are all extremely excited about VR because we believe it brings unparalleled immersion and that is something we would love to be a part of," developer Aaron Foster wrote on a Steam Community update for outer space horror game Routine. "However, at the moment, we have had to slow down our VR integration as we all get extremely motion sick with the current kits. We will take another look at implementing VR closer to release but for now we can’t fully commit to a VR version of Routine."

It's not clear whether Foster and his team are using the original Oculus development kits, which were shipped widely last year, or the newer "DK2" units that have only just begun to be sent to a handful of early pre-orderers in recent weeks. Our early experiences with Rift prototypes left us with a significant queasy feeling during and just after use, but advancements in head-tracking, image persistence, and resolution have mitigated those problems immensely in more recent versions of the headset.

Read 1 remaining paragraphs | Comments

At left, a .380 ACP pistol is taped above the knee and is undetected by the Rapiscan scanner. At right, the same pistol is sewn to a pant leg. Security Analysis of a Full-Body Scanner

Researchers are delivering a paper at a security conference Thursday highlighting how easy it is to get weapons through the nude body scanners that have been removed from US airports but have been placed at other government installations across the globe.

The report, given at the Usenix Security Symposium in San Diego, highlights the insecurity of the Rapiscan Secure 1000 Single Pose "backscatter" scanner that once was used throughout the nation's airports but are now deployed at US prisons and courthouses, as well as airports in Africa. The paper, "Security Analysis of a Full-Body Scanner," from researchers at the University of California-San Diego, University of Michigan, and Johns Hopkins University, confirms what even laymen researchers had already discovered: hiding weapons on the side of one's body defeats the machine (PDF).

We performed several trials to test different placement and attachment strategies. In the end, we achieved excellent results with two approaches: carefully affixing the pistol to the outside of the leg just above the knee using tape, and sewing it inside the pant leg near the same location. Front and back scans for both methods are shown in Figure 4. In each case, the pistol is invisible against the dark background, and the attachment method leaves no other indication of the weapon’s presence.

In 2012, a Florida man said he filmed himself going through two different US airport security checkpoints using virtually the same method and got metal objects through the scanners undetected. The TSA responded that the "machines are safe."

Read 5 remaining paragraphs | Comments

The actual game has a lot more text than this screenshot implies.

I've been thinking about depression a lot in the past week or so. The catalyst, as you might expect, was Robin Williams' unexpected death by suicide and the subsequent reports that the famous comedian and actor suffered from severe bouts of depression. That someone who seemed so outwardly successful and happy could succumb to something so dark inside of him was a chilling wake-up call for me and many others to reexamine ourselves and the people close to us.

In the wake of that news, as so often happens with a high-profile suicide, there have been countless explainers, analyses, and ruminations written on the reality of depression and how to deal with it both as a sufferer and a supporter of those dealing with it. These pieces have been illuminating and informative in their own ways, but the coincidentally well-timed release of an unassuming text-based game called Depression Quest has become one of the most gripping and educational views on the subject, at least for me.

Depression Quest has been available as a download for a while now, but it launched on Steam as a free/pay-what-you-want download last week, on the same day as Robin Williams' death (a coincidence creator Zoe Quinn expressed a great deal of ambivalence about). The game plays out like a semi-randomized choose-your-own-adventure book; you read a page of text describing an everyday situation, you choose from a number of decisions for how to deal with it, then you read about the consequences. There are occasional tone-setting still images, some light background music, and ambient noise accents in the background, but for the most part, the game plays out in your imagination.

Read 10 remaining paragraphs | Comments

Yesterday, NASA announced that its scientists have studied the unexpected persistence of an ozone-destroying chemical and have come to the conclusion that there must be some unidentified source of the substance. The item in question, carbon tetrachloride (CCl4), was banned in 1989 as part of the Montreal Protocol, which was intended to reduce the levels of ozone-destroying chemicals in the atmosphere.

In general, the protocol has worked; atmospheric levels of the chemicals covered by the treaty have dropped, and there are indications that Antarctica's annual ozone hole has stabilized. Levels of carbon tetrachloride have also dropped. The hitch is that they're not dropping as fast as we think they should, based on what we know of atmospheric chemistry.

That situation implies that we have one of two things wrong: either there are sources of the chemical that are still leaking it into the atmosphere, or our understanding of what's going on in the atmosphere is wrong. But NASA scientists have now taken data about existing sources and plugged them into a chemistry-climate model and concluded that the data best fits an unknown source. By their own admission, the scientists are mystified about what that source could be. Qing Liang of NASA's Goddard Space Flight Center was quoted as saying, "It is now apparent there are either unidentified industrial leakages, large emissions from contaminated sites, or unknown CCl4 sources."

Read 1 remaining paragraphs | Comments

Chromebox is Chromebox. Acer

In the last year or two, we've seen the diversity of the Chromebook ecosystem expand as more PC companies have gotten on board. There are Intel Chromebooks, ARM Chromebooks, convertible Chromebooks, small Chromebooks, and big Chromebooks. These devices are all appreciably different from one another.

It's more difficult to do that with a Chromebox, as Acer's newly announced Chromebox CXI shows. Acer will sell you a system with a Haswell-based 1.4GHz Intel Celeron 2957U, 2GB of RAM, 16GB of storage, dual-band 802.11n Wi-Fi, and a decent port selection for $179.99, or $219.99 for a 4GB version. This is, incidentally, the same list of features you can already get from Asus' Chromebox, which also costs $179.99.

Both boxes are VESA-mountable and can support two displays via their HDMI and DisplayPort connectors—the only real difference is that Acer's box is designed to sit on its side, while Asus' is intended for horizontal use. The box measures 6.51 by 5.12 by 1.3 inches, slimmer than Asus' entry but taller and deeper. It's up to you to decide which one best suits your needs.

Read 1 remaining paragraphs | Comments

Mark Zuckerberg in front of his original "The Facebook" profile. Niall Kennedy

Prosecutors say it took decades for Bernard Madoff to pull off one of the largest financial scams in US history to the tune of $65 billion, an elaborate Ponzi scheme perpetrated against the upper crust of society.

But perhaps there's an even bigger scam afoot, and it involves the ownership of Facebook. The social networking site is valued at $190 billion and used by billions of people daily across the globe.

Unlike Madoff's intricate accounting scheme that netted him a life sentence in 2009, the criminal proceedings surrounding the ownership of Facebook, at its core, rely on a two-page document—a contract that is either forged or worth billions of dollars. Either Facebook Chief Mark Zuckerberg, as an 18-year-old Harvard University student, promised half of his company to a rural New York man named Paul Ceglia, or he didn't.

Read 43 remaining paragraphs | Comments

Tuberculosis, an often fatal bacterial infection of the lungs, was a scourge in the days before antibiotics. It's caused by a species of Mycobacteria, most of which live harmlessly in watery environments. Understanding how some of these have managed to make the leap to human lungs has turned out to be rather complicated. Further evidence of this comes from a study published Wednesday that suggests that infectious strains of the bacteria managed to cross the Atlantic before the first European strains did—carried in the lungs of seals.

Getting things wrong about the history of tuberculosis seems to be a regular pastime of the people who study infectious diseases. Originally, due to some genetic similarities, people had proposed that we had picked it up from farm animals. But a careful study of evolutionary trees recently showed that it's likely that cows actually picked up tuberculosis from us, rather than the other way around.

Similarly, the study of the strains found in the Americas had suggested that all of the bacteria present here had been derived from the European version. Which suggested that, along with other lovely gifts like smallpox, the disease was brought to the New World by the first European settlers.

Read 8 remaining paragraphs | Comments

Patrick Talbert

Dozens of UPS stores across 24 states, including California, Georgia, New York, and Nebraska, have been hit by malware designed to suck up credit card details. The UPS Store, Inc., is a subsidiary of UPS, but each store is independently owned and operated as a licensed franchisee.

In an announcement posted Wednesday to its website, UPS said that 51 locations, or around one percent of its 4,470 franchised stores across the country, were found to have been penetrated by a “broad-based malware intrusion.” The company recorded approximately 105,000 transactions at those locations, but does not know the precise number of cardholders affected.

UPS did not say precisely how such data was taken, but given the recent breaches at hundreds of supermarkets nationwide, point-of-sale hacks at Target, and other major retailers, such systems would be a likely attack vector. Earlier this month, a Wisconsin-based security firm also reported that 1.2 billion usernames and passwords had been captured by a Russian criminal group.

Read 7 remaining paragraphs | Comments

DonkeyHotey

Federal Communications Commission Chairman Tom Wheeler is going to have a fight on his hands if he tries to preempt state laws that limit the growth of municipal broadband networks.

Matthew Berry, chief of staff to Republican Commissioner Ajit Pai, argued today that the FCC has no authority to invalidate state laws governing local broadband networks. In a speech in front of the National Conference of State Legislatures, Berry endorsed states' rights when it comes to either banning municipal broadband networks or preventing their growth. He also argued that the current commission, with its Democratic majority, should not do something that future Republican-led commissions might disagree with.

"If the history of American politics teaches us anything, it is that one political party will not remain in power for perpetuity. At some point, to quote Sam Cooke, 'a change is gonna come,'" Berry said. "And that change could come a little more than two years from now. So those who are potential supporters of the current FCC interpreting Section 706 [of the Telecommunications Act] to give the Commission the authority to preempt state laws about municipal broadband should think long and hard about what a future FCC might do with that power."

Read 8 remaining paragraphs | Comments

401(k) 2012

On Wednesday, reddit banned a recently created subreddit posted by a brazen new US dollar counterfeiting operation touting high-quality “supernotes." Such advertisements moved within the past few weeks from sketchy online forums to reddit, according to well-known security journalist Brian Krebs.

Krebs wrote Wednesday that such sites “sell everything from stolen credit cards and identities to hot merchandise, but until very recently one illicit good I had never seen for sale on the forums was counterfeit US currency.” Similar links and ads have turned up in posts on various other websites in recent months.

When contacted by Ars, Erik Martin, reddit's general manager, said that this was the first he’d heard about this subreddit, but he seemed unconcerned. “We’re not a marketplace. It’s not like we’re handling the transactions for whatever this is,” Martin said. “If we get a request to remove it, we will remove it. It’s a subreddit no one goes to.”

Read 11 remaining paragraphs | Comments

In early July, a group of cyber criminals released a modified version of the Gameover ZeuS banking trojan, using a technique known as a domain generation algorithm (DGA) to make disrupting the botnet more difficult.

But the same technique has made it easier for researchers to track the botnet's activity, and they watched as it quickly grew from infecting hundreds of initial systems to 10,000 systems in two weeks. Then a funny thing happened: Gameover ZeuS stopped growing. Now, almost six weeks after researchers first detected signs of the program, the group behind the botnet keeps the infections between 3,000 and 5,000 systems, according to security services firm Seculert.

The group undoubtedly wants to grow the botnet again because cyber crime is typically a game of large numbers. When a coalition of law enforcement officials and industry players took down the botnet in late May, it comprised some 500,000 to 1 million machines. Now they're laying low, Seculert CTO Aviv Raff told Ars.

Read 7 remaining paragraphs | Comments

Spam be gone!

To work at Ars is to interact constantly with Twitter, both as a source for developing news and also as a way to goof off with coworkers and other tech journalists (folks who follow the Ars staff on Twitter should be more than familiar with our long-winded late night multi-Tweet antics). But as with any electronic medium, spam on Twitter is a nagging problem—Twitter’s real-time messaging means crafty spammers can blast their messages out to large numbers of people before getting hammered by spam reports.

However, several months back, Twitter went on the offensive against spammers, rolling out a set of anti-spam features collectively referred to as "BotMaker." In a blog post today, Twitter explained that the various components of BotMaker have been operational for about six months, and in that time Twitter has recorded a significant drop in tweetspam—up to 40 percent by its internal metrics.

Twitter’s real-time nature poses trouble for a traditional monolithic spam-checking system that might add many seconds onto the delivery of a tweet to followers. Rather than maintaining such a monolithic system (something akin to SpamAssassin, a widely deployed e-mail anti-spam application), Twitter’s BotMaker lets Twitter engineers quickly establish simple sets of conditional rule-based actions (which they call "bots"—hence "BotMaker") and apply them to tweets both during and after the posting process.

Read 9 remaining paragraphs | Comments

Don McCullough

This week, a Vancouver man called the police about a drone flying near his 36th-story window, marking the latest incident in a string of such reports in recent months, police say.

On Sunday evening, Conner Galway tweeted:

There was just a neon drone, only a couple of feet away from my patio, camera pointed right at me. The future is creepy.

—Conner Galway (@Conner_G) August 18, 2014

Read 8 remaining paragraphs | Comments

Police clash with protesters in Ferguson.

The City of Ferguson, Missouri, in turmoil following last week's shooting death of an unarmed African-American teen by a white police officer, is "exploring" whether to outfit its police force with pager-sized surveillance cams in patrol cars and on officers' vests that record everything the officer is seeing.

The city announced the idea Tuesday, days after rioting, looting, and mass protests commenced following the death of 18-year-old Michael Brown, who was killed on August 9. There are various accounts of what led to the teen's death. Surveillance cameras could have helped the authorities figure out what prompted a police officer to fire on Brown as many as six times.

"We are exploring a range of actions that are intended for the community to feel more connected to and demonstrate the transparency of our city departments," the city said the day before Attorney General Eric Holder arrived Wednesday to flesh out the situation for himself.

Read 10 remaining paragraphs | Comments

Intellectual Ventures founder Nathan Myhrvold was formerly CTO at Microsoft. Intellectual Ventures

Most "patent trolls" are small operations with just a few real employees. Intellectual Ventures (IV) isn't like that; it has 700 employees and tens of thousands of patents. For years, IV just amassed patents and issued threats, but in 2010 it started filing infringement lawsuits. Since then, it has filed 52 patent lawsuits, according to Reuters.

Apparently it isn't that easy to keep hundreds of employees on the payroll with large-scale litigation. Reuters and various other news outlets have reported that the king of all patent-holders is letting go of almost 20 percent of its employees, or about 140 workers. It's the second round of layoffs at IV this year, following a five percent cutback in February.

Critics who complain about patent trolls have pointed to IV as being the most alarming threat of all. For its part, IV says it's creating a "market for invention," allowing inventors to reap cash from their ideas.

Read 4 remaining paragraphs | Comments

A typical intersection configuration. Halderman et al., University of Michigan

Taking over a city’s intersections and making all the lights green to cause chaos is a pretty bog-standard Evil Techno Bad Guy tactic on TV and in movies, but according to a research team at the University of Michigan, doing it in real life is within the realm of anyone with a laptop and the right kind of radio. In a paper published this month, the researchers describe how they very simply and very quickly seized control of an entire system of almost 100 intersections in an unnamed Michigan city from a single ingress point.

Nodes in the traffic light network are connected in a tree-topology IP network, all on the same subnet. Halderman et al., University of Michigan

The exercise was conducted on actual stoplights deployed at live intersections, "with cooperation from a road agency located in Michigan." As is typical in large urban areas, the traffic lights in the subject city are networked in a tree-type topology, allowing them to pass information to and receive instruction from a central management point. The network is IP-based, with all the nodes (intersections and management computers) on a single subnet. In order to save on installation costs and increase flexibility, the traffic light system uses wireless radios rather than dedicated physical networking links for its communication infrastructure—and that’s the hole the research team exploited.

Wireless security? What's that?

The systems in question use a combination of 5.8GHz and 900MHz radios, depending on the conditions at each intersection (two intersections with a good line-of-sight to each other use 5.8GHz because of the higher data rate, for example, while two intersections separated by obstructions would use 900MHz). The 900MHz links use "a proprietary protocol with frequency hopping spread-spectrum (FHSS)," but the 5.8GHz version of the proprietary protocol isn’t terribly different from 802.11n.

Read 11 remaining paragraphs | Comments