FriendlySolipsist writes: Blizzard Entertainment has been fighting World of Warcraft bots for years. TorrentFreak reports that Bossland, a German company that operates "buddy" bots, alleges Blizzard sued one of its freelancers and forced a settlement. As part of that settlement, the freelancer allegedly turned over Bossland's source code to Blizzard. In Bossland's view, their code was "stolen" by Blizzard because it was not the freelancer's to disclose. This is a dangerous precedent for freelance developers in the face of legal threats: damned if you do, damned if you don't.

theodp writes: Over at the Stanford Computational Journalism Lab, Dan Nguyen's Exploring the Wall Street Journal's Pulitzer-Winning Medicare Investigation with SQL is a pretty epic post on how one can use SQL to learn about Medicare data and controversial practices in Medicare billing, giving the reader a better appreciation for what was involved in the WSJ's Medicare Unmasked data investigation. So, how long until a journalist wins a Pulitzer for SQL reporting? And for all you amateur and professional Data Scientists, what data would you want to SELECT if you were a Pulitzer-seeking reporter?

ColdWetDog writes: Co.Design has an article by two early Apple designers on how the company has lost its way, and quite frankly, lost its marbles when it comes to user interface design. In the search for a minimalist, clean design, it has forgotten time honored UI principles and made it harder for people to use Apple products. As someone who has followed computer UI evolution since the command line and who has used various Apple products for a number of years, the designers' concerns really hit home for me.

Of course, Apple isn't the only company out there who makes UI mistakes. And it is notable that the article has totally annoying, unstoppable GIFs that do nothing to improve understanding. User Interfaces are hard, but it would be nice to have everybody take a few steps back from the precipice.

sciencehabit writes: Researchers have crafted flexible electronic circuits inside a rose. Eventually such circuitry may help farmers eavesdrop on their crops and even control when they ripen. The advance may even allow people to harness energy from trees and shrubs not by cutting them down and using them for fuel, but by plugging directly into their photosynthesis machinery. The researchers used "an organic electronic building block called PEDOT-S:H. Each of these building blocks consists of a short, repeating chain of a conductive organic molecule with short arms coming off each link of the chain. Each of the arms sports a sulfur-containing group linked to a hydrogen atom. Berggren's group found that when they placed them in the water, the rose stems readily pulled the short polymer chains up the xylem channels (abstract). ... The upshot was that the myriad short polymer chains quickly linked themselves together into continuous strings as long as 10 centimeters. The researchers then added electronic probes to opposite ends of these strings, and found that they were, in fact, wires, conducting electricity all down the line."

An anonymous reader writes: Back in September, members of Google's Project Zero team found a pair of flaws in the TrueCrypt disk encryption software that could lead to a system compromise. Their discovery raised concerns that TrueCrypt was unsuitable for use in securing sensitive data. However, the Fraunhofer Institute went ahead with a full audit of TrueCrypt's code, and they found it to be more secure than most people think. They correctly point out that for an attacker to exploit the earlier vulnerabilities (and a couple more vulnerabilities they found themselves), the attacker would already need to have "far-reaching access to the system," with which they could do far worse things than exploit an obscure vulnerability.

The auditors say, "It does not seem apparent to many people that TrueCrypt is inherently not suitable to protect encrypted data against attackers who can repeatedly access the running system. This is because when a TrueCrypt volume is mounted its data is generally accessible through the file system, and with repeated access one can install key loggers etc. to get hold of the key material in many situations. Only when unmounted, and no key is kept in memory, can a TrueCrypt volume really be secure." For other uses, the software "does what it's designed for," despite its code flaws. Their detailed, 77-page report (PDF) goes into further detail.

itwbennett writes: Despite assurances that only business listings and not customer names and home addresses would appear in the public search results when someone searches for an Xfinity Wi-Fi hotspot, that is exactly what's happened when the service was initiated 2 years ago — and is still happening now, writes CSO's Steve Ragan. And that isn't the only security issue with the service. Another level of exposure centers on accountability. Ken Smith, senior security architect with K Logix in Brookline, Ma., discovered that Comcast is relying on the device's MAC address as a key component of authentication.

An anonymous reader writes: The Federal Trade Commission has approved final amendments to its Telemarketing Sales Rule (TSR), including a change that will help protect consumers from fraud by prohibiting four discrete types of payment methods favored by scammers. The TSR changes will stop telemarketers from dipping directly into consumer bank accounts by using certain kinds of checks and "payment orders" that have been "remotely created" by the telemarketer or seller. In addition, the amendments will bar telemarketers from receiving payments through traditional "cash-to-cash" money transfers – provided by companies like MoneyGram, Western Union, and RIA.

SonicSpike writes with this excerpt from The HIll: A former CIA director says leaker Edward Snowden should be convicted of treason and given the death penalty in the wake of the terrorist attack on Paris. "It's still a capital crime, and I would give him the death sentence, and I would prefer to see him hanged by the neck until he's dead, rather than merely electrocuted," James Woolsey told CNN's Brooke Baldwin on Thursday. Woolsey said Snowden, who divulged classified information in 2013, is partly responsible for the terrorist attack in France last week that left at least 120 dead and hundreds injured. "I think the blood of a lot of these French young people is on his hands," he said.

An anonymous reader writes: A security researcher using Shodan to probe Arris cable modems for vulnerabilities has found that 600,000 of the company's modems not only have a backdoor, but that the backdoor itself has an extra backdoor. Brazilian vulnerability tester Bernardo Rodrigues posted that he found undocumented libraries in three models, initially leading to a backdoor that uses an admin password disclosed back in 2009. Brazilian researcher Bernardo Rodrigues notes that the secondary backdoor has a password derived in part from the final five digits from the modem's serial number. However, the default 'root' password for the affected models remains 'arris.'

HughPickens.com writes: Philip Bump reports at the Washington Post that Donald Trump confirmed to NBC on Thursday evening that he supports a database to track Muslims in the United States. The database of Muslims arose after an interview Yahoo News's Hunter Walker conducted with Trump earlier this week, during which he asked the Republican front-runner to weigh in on the current debate over refugees from Syria. "We're going to have to do things that we never did before," Trump told Walker. "Some people are going to be upset about it, but I think that now everybody is feeling that security is going to rule." When pressed on whether these measures might include tracking Muslim Americans in a database or noting their religious affiliations on identification cards, Trump would not go into detail — but did not reject the options. Trump's reply? "We're going to have to — we're going to have to look at a lot of things very closely," he said. "We're going to have to look at the mosques. We're going to have to look very, very carefully." After an event on in Newton, Iowa, on Thursday night, NBC's Vaughn Hillyard pressed the point. "Should there be a database system that tracks Muslims here in this country?," Hillyard asked. "There should be a lot of systems, beyond databases" Trump said. "We should have a lot of systems." Hillyard asked about implementation, including the process of adding people to the system. "Good management procedures," Trump said. Sign people up at mosques, Hillyard asked? "Different places," Trump replied. "You sign them up at different places. But it's all about management."

v3rgEz writes: And what a ride it's been. Today marks the 30th anniversary since the debut of Windows 1.01, the first commercial release of Windows. At the time, it was derided as being slow, buggy, and clunky, but since then ... Well, it looks a lot better. .The Verge has a pictorial history of Windows through the years. What's your fondest memory of Bill Gates Blue Screen-of-death that could?

An anonymous reader writes: NASA has placed its first mission order for SpaceX to launch astronauts to the International Space Station from U.S. soil. SpaceX is now in a race with Boeing, who received a similar order in May, to see which private space company can deliver astronauts to the ISS first. NASA said, "Commercial crew missions to the space station, on the Boeing CST-100 Starliner and SpaceX Crew Dragon spacecraft, will restore America's human spaceflight capabilities and increase the amount of time dedicated to scientific research aboard the orbiting laboratory." They anticipate dramatic reductions in cost for launching astronauts to orbit compared to similar missions aboard Russian rockets. "Each company also must successfully complete a certification process before NASA will give the final approval for flight. Each contract includes a minimum of two and a maximum potential of six missions. A standard commercial crew mission to the station will carry up to four NASA or NASA-sponsored crew members and about 220 pounds of pressurized cargo. The spacecraft will remain at the station for up to 210 days, available as an emergency lifeboat during that time."

Marten was the MySQL CEO who built the company from a small-time free software database developer into a worldwide software juggernaut he sold to Sun Microsystems. Next, he became CEO of Eucalyptus Systems, another open source operation, which Hewlett Packard bought in 2014. Now Mårten is CEO of hackerone, a company that hooks security-worried companies up with any one of thousands of ethical hackers worldwide.

Some of those hackers might be companies that grew out of university CS departments, and some of them may be individual high school students working from their kitchen tables. Would a large company Board of Directors trust a kid hacker who came to them with a bug he found in their software? Probably not. But if Mårten or one of his hackerone people contacts that company, it's likely to listen -- and set up a bug bounty program if they don't have one already.

Essentially, once again Mårten is working as an intermediary between technically proficient people -- who may or may not conform to sociey's idea of a successful person -- and corporate executives who need hackers' skills and services but may not know how to find non-mainstream individuals or even know the difference between "hackers" and "crackers." Editor's note: I have known and respected Mårten for many years. If this interview seems like a conversation between two old friends, it is.

szczys writes: Eric Evenchick was one of the first backers of the Voltera V-One PCB Printer and just received the 6th device shipped so far. He ran it through its paces and published a review that gives it a positive rating. The hardware uses conductive ink to print traces on FR4 substrate. The board is then flipped upside down and the traces baked on the machine to make them robust. Next the printer dispenses solder paste and the same heating method is used to reflow after components are placed by hand.

An anonymous reader writes: Earlier this month, a passenger in a Tesla Model S turned to talk to people in the back seat, and her seat belt somehow disconnected itself from the front seat. According to a Tesla spokesperson, "The seat belt is anchored to the outboard lap pretensioner through two anchor plates that are bolted together. The bolt that was supposed to tie the two anchors together wasn't properly assembled." Though the company hasn't been able to replicate the issue on any other cars, Tesla is issuing a recall for roughly 90,000 Model S vehicles so they can test that bolt.