Wer die UHD-Fernseher im Laden sieht, wird sich unweigerlich die Frage stellen, woher das Fernsehprogramm dafür kommen soll. Der Pay-TV Sender Sky gibt nun die Antwort und will ab Herbst mit zwei UHD-Sendern starten. Es gibt Sport. (Ultra-HD, 4K)
Quelle: Golem
E-Sport hat einen neuen Befürworter in der Politik: Der netzpolitische Arbeitskreis der CSU will sich für die Anerkennung des professionellen Videospielens als Sportart stark machen. In den vergangenen Wochen ist ein deutscher E-Sport-Verband gegründet worden. (Gamescom 2016, Gamescom)
Quelle: Golem
Flott und klein: Die neue Atom-Generation liefert viel Leistung, wenngleich sie nicht übermäßig sparsam ist. Das erklärt wohl, warum Intel die Broxton-Chips in der Maker-Szene verortet. (Atom, Prozessor)
Quelle: Golem
Bei der Verteidigung gegen außerirdische Invasoren sind alle Mittel erlaubt. In Prey von Bethesda gehört die Tarnung als Kaffeetasse, Stuhl oder Hightechgerät dazu. (Bethesda, Games)
Quelle: Golem
Lenovo hat auf der Gamescom neue Gaming-Hardware gezeigt. Die Höhepunkte: ein Mini-PC mit Tragegriff für die LAN-Party und ein All-in-One-PC mit 4K-Display und einer Nvidia GTX 1080. (Gamescom 2016, Lenovo)
Quelle: Golem
Die Jagd nach Pokémon auf dem Kölner Messegelände war nicht erfolgreich! Stattdessen konnte sich die Redaktion spannende Spiele anschauen – und einen Plüschfisch mitgrillen. (Gamescom 2016, Final Fantasy)
Quelle: Golem
What do John McAfee and Kim Dotcom have in common?
They're both notorious for being two of the biggest scoundrels in tech, and foreign nations (including the US, New Zealand, and Belize) have hunted both of them for crimes they deny. And now they&039;re feuding online over MGT Capital, a mysterious tech firm of which McAfee is the CEO. Today, Dotcom accused the firm of offering him half a million dollars as part of a pump and dump stock scheme.
Some background: MGT broke into the news in May, when its share price shot up from 39 cents to more than 4 dollars after McAfee — known best for founding the eponymous security company and fleeing police in Belize in 2012 for questioning related to a murder — was named CEO.
Though the stock briefly outstripped Bank of America as the most traded equity on the market, it quickly attracted accusations of inflation as part of a pump and dump scheme, in which McAfee&039;s splashy hire was intended to drive up the stock price. (A pump and dump scheme is fraud in which ownership encourages investors to buy shares in a company in order to drive up the price artificially, and then sells its shares while the price is high.)
Prior to the acquisition of the security startups Demonsaw and D-Vasive shortly after the McAfee hire, MGT had no investments in cybersecurity and was known primarily for its holdings in online betting. Both Demonsaw and D-Vasive were McAfee ventures prior to his involvement in MGT.
Then, today, Kim Dotcom — the flamboyant founder of the since-shuttered file sharing service Megaupload, who is wanted by the US government — tweeted that MGT had offered him $500,000 for a “no-substance partnership announcement,” which is exactly what skeptics had accused McAfee of doing.
So what caused Kim&039;s accusation?
Eijah is Eric Anderson, the founder of Demonsaw, who according to more tweets from Dotcom, felt “afraid” of McAfee. Shortly after, Dotcom posted tweets from McAfee threatening “war,” and later a video of him and Anderson together:
So what the hell is going on? It appears that Dotcom — who did not respond to a request for comment – poached one of McAfee&039;s employees to help him start his filesharing followup, and cast aspersions on his company at the same time. MGT Capital hasn&039;t responded to a request for comment, either.
McAfee is making his own accusations on Twitter now, too:
At least the two men are separated by an ocean.
Quelle: <a href="The Two Biggest Scoundrels In Tech Are Fighting Over A Mysterious Company“>BuzzFeed
Ariel Davis / BuzzFeed News
Over the past decade Twitter has not just tolerated abuse and hate speech, it’s virtually been optimized to accommodate it. As BuzzFeed News reported last week, harassment on Twitter is rampant thanks to what company insiders past and present describe as inaction and organizational disarray.
We're going to continue reporting on this issue and as part of that effort we&039;d like your help. We&039;ve created a survey intended to inform our understanding of how Twitter deals with abuse reports. It&039;s short and not all that different from the form you’d file to Twitter to report abuse. The information you provide will be kept confidential, unless you say otherwise.
Thanks for your help.
Quelle: <a href="Help Us Understand How Twitter Responds To Harassment“>BuzzFeed
Posted by Dan McGrath, Product Manager for Cloud Datastore
Cloud Datastore is a highly available and durable fully managed NoSQL database service for serving data to your applications. This schema-less document database is geo-replicated and ideal for fast, flexible development of mobile and web applications. It automatically scales as your data and traffic grows—so you’ll never again worry about provisioning enough resources to handle your peak load. It already handles over 15 trillion queries per month.
The Cloud Datastore v1 API is now generally available for all customers, and the Cloud Datastore Software License Agreement (SLA) now covers access both from App Engine and the v1 API and provides high confidence in the scalability and availability of the service for your toughest web and mobile workloads. Already, customers like Snapchat, Workiva, and Khan Academy have built amazing mobile and web applications with Cloud Datastore. Khan Academy, for instance, uses Datastore for user data — from user progress tracking to content management.
“It’s our primary database,” said Ben Kraft, Infrastructure Engineer at Khan Academy. “We depend on it being fast and reliable for everything we do.”
Now that the v1 API is generally available, we have deprecated the v1beta3 API with a twelve-month grace period before we decommission it fully on August 17th, 2017. Changes between v1beta 3 and v1 are minor, so transitioning to the new version is quick and straightforward.
Cross-platform access
The v1 API for Cloud Datastore allows you to access your database for Google Compute Engine, Google Container Engine, or any other server via our RESTful or gRPC endpoints. You can access your existing App Engine data now from different compute environments, enabling you to select the best mix for your needs.
You can use the v1 API via the idiomatic Google Cloud Client Libraries (in Node.js, Python, Java, Go, and Ruby), or alternatively via the low-level native client libraries for JSON and Protocol Buffers over gRPC. You can learn more about the various client libraries in our documentation.
Along with this cross-platform access, you can use Google Cloud Dataflow to execute a wide range of data processing patterns against Cloud Datastore, including batch and streaming computation. Take a look in the GitHub repository for examples of using the Dataflow SDK with Cloud Datastore.
New resources
We’ve also been busy making new resources available to enable you to make more effective use of Cloud Datastore.
Best Practices: The down-low on the best practices on topics ranging from transactions to strongly consistent queries.
Storage Size Calculations: A new transparent method of calculating the size of your database as announced as part of our simplified pricing.
Limits: Information about production limits for Datastore, for example the maximum size of a transaction.
Multitenancy: Guidance on how you can use namespaces for multitenancy in your application.
Cloud Console
Lastly, we’ve made numerous improvements to our Cloud Console interface. If you haven’t used it before, get to know it by reading a new article on editing entities in the console. Some highlights:
App Engine Python users will be delighted to know that URL-Safe Keys are supported in the Key Filter field on the Entities page.
The entity editor supports properties with complex types such as Array and Embedded entity.
To learn more about Cloud Datastore, check out our getting started guide.
Quelle: Google Cloud Platform
User:Colin / Wikimedia Commons / CC BY-SA 4.0 / Via commons.wikimedia.org
Like outgunned sheriffs in the Wild West, organizations from tech giants to government agencies have turned in recent years to bounty hunters to keep themselves safe. These mercenaries are hackers and security researchers, who companies pay to find and disclose flaws in their software and devices. The increasingly accepted practice is called the “bug bounty” system, and it gives hackers a legitimate way to reap rewards for making tech safer without going rogue. Still, the process can be daunting — how can companies strike the right balance between throwing their products open to hacking and keeping tight control over their security practices?
Traditional bug bounty programs, like those run by Microsoft, Twitter, and dozens of other organizations, are open to the public, meaning that anyone can warn about security flaws they think they've found. But these public bug bounties often incentivize too much, generating scores of redundant bugs that may or may not pertain to actually harmful vulnerabilities. These can overwhelm companies that aren&039;t set up to handle them. And when companies aren&039;t ready to handle an influx of bug reports, they can overlook or have a delayed response to serious security vulnerabilities.
To deal with the problem, some organizations have decided to make their bug bounty programs private, meaning only certain hackers and researchers can submit bugs. This helps organizations build up to a public program over time by controlling the quality and frequency of submissions. Apple signaled the perks of private bounties when it announced its first ever, private bug bounty program last week at the hacker conference DefCon. LinkedIn, Tor, and a host of other entities are also keeping their programs closed, at least for now. According to BugCrowd, a company that runs bug bounties for clients, 63% of all its programs have started private, a proportion that is growing. HackerOne, a competitor, recommends private programs to all its customers.
“Inviting the world to submit can be an overwhelming and scary process,” said Jonathan Cran, VP of operations at BugCrowd. “It makes sense for companies to start with trusted folks.”
And trust is a big issue. One of the reasons bug bounty programs took so long to catch on after Netscape ran the first one in 1995 was the perception that these programs attracted the attention of malicious hackers. So not surprisingly, most organizations start their private bug bounties with a group of security researchers whom they already have a relationship with. That&039;s how Apple&039;s program, which starts in September, will work. According to Cran, the starting pool in a private program is generally between 50 and 100 researchers, though he has seen programs launching with a few as two. In addition to ensuring a manageable stream of germane reports, starting small helps companies get an overall picture of where potential exploits are. It&039;s a way for corporations doing bounties for the first time to dip their toes in the water before going public.
“You&039;re going to find out you&039;re more secure in some areas than you thought and less secure in others” said Alex Rice, CTO and cofounder of Hackerone. “There may be things you’re completely unaware of, like vulnerabilities in unmaintained code.” Determining where and how prevalent these problems are, according to Rice, helps companies set competitive prices, and standardize how quickly they deal with bug reports (which is sometimes a source of tension in big bug bounty programs).
Some have argued, though, that such programs signal to hackers that they have a limited amount of time to find and sell exploits on the lucrative private market. In other words, that they encourage malicious hackers to find all the exploits they can before the program is opened up to the bug-hunting public.
“Every one you’re fixing, you’re erasing the value of one in the black market,” said Rice. Less than a week after Apple&039;s announcement, a private security firm offered $500,000 — twice the size of the biggest bounty in Apple&039;s program — for iOS Zero Day exploits. (Though, enormous sums for iOS Zero Days are nothing new.)
Another complication for private programs is that they have the potential to alienate researchers. One of the main benefits of bug bounty programs is incentivizing people with the skill to hack corporations and governments to use those talents for good. Though many companies, including Apple, would likely accept a valid vulnerability report from a hacker outside its private bug bounty, such a hacker may not think to submit it to a private program in the first place.
However, most private bounty programs plan to eventually expand to be more public, which Apple says it will eventually do. Rice said HackerOne programs have stayed private from three days to three years, though they typically last around three months. Cran says BugCrowd recommends six months for most clients. Indeed, in an ideal world, the announcement of a high-profile private program such as Apple&039;s signals to hackers that a company is, according to Cran, “eventually going to pay for things,” and a cue to “rip open an iOS device and test,” even if the program is at first closed.
“Everyone assumes private programs have hard restrictions,” said Katie Moussouris, a security consultant who created Microsoft&039;s first bug bounty and more recently advised the Department of Defense on its Hack the Pentagon program. “But it&039;s more of a perception problem than an access problem. One of the biggest issues is simply confusion over how to get invited to an initially private program.”
And getting in early matters. Sean “meals” Melia is the top-ranked hacker on HackerOne&039;s all-time leaderboard by its proprietary “reputation” metric. He makes more money on bounties than he does at his day job at a security firm — “And I make good money at my regular job,” he told BuzzFeed News. But even Melia, the very picture of a trusted hacker, wasn&039;t invited to a recent, major private bounty until nearly a year after it launched.
By the time Melia gained access, “people had already gone through and picked off a lot of the low hanging fruit,” he said. “I was pretty bummed. It&039;s disheartening to see people with low reputation or who are new to the platform were invited before me.” It&039;s easy to imagine a disheartened hacker, left out of a bounty program like Apple&039;s, turning to the private market.
Still, as private bug bounty advocates are quick to point out, companies have always had private bug testing that left out the vast majority of hackers. Even if they&039;re private, the growing number of bug bounties are a sign that even the most cautious organizations, from Apple to the American government, have realized that they — that everyone — needs the participation of the greater cybersecurity community to make their systems and products as secure as possible.
“Traditionally people didn’t talk about the fact they had a private program at all,” said Moussouris, who consulted with Apple prior to the announcement of its program. “This is a shift in thinking. It&039;s also saying to the world, we&039;re open to this concept, but we are also going to learn as we go through this process.”
Quelle: <a href="Why Silicon Valley Is Turning To An Exclusive Group Of Hackers To Fix Its Code“>BuzzFeed
