Let’s Encrypt discovers CAA bug, must revoke customer certificates

Unfortunately, most if not all Let's Encrypt users will need to manually force-renew their certificates before Wednesday. It's at least an easy process.

Enlarge / Unfortunately, most if not all Let’s Encrypt users will need to manually force-renew their certificates before Wednesday. It’s at least an easy process. (credit: Adobe)

On Leap Day, Let’s Encrypt announced that it had discovered a bug in its CAA (Certification Authority Authorization) code.

The bug opens up a window of time in which a certificate might be issued even if a CAA record in that domain’s DNS should prohibit it. As a result, Let’s Encrypt is erring on the side of security and safety rather than convenience and revoking any currently issued certificates it can’t be certain are legitimate, saying:

Unfortunately, this means we need to revoke the certificates that were affected by this bug, which includes one or more of your certificates. To avoid disruption, you’ll need to renew and replace your affected certificate(s) by Wednesday, March 4, 2020. We sincerely apologize for the issue.

If you’re not able to renew your certificate by March 4, the date we are required to revoke these certificates, visitors to your site will see security warnings until you do renew the certificate.

Let’s Encrypt uses Certificate Authority software called Boulder. Typically, a Web server that services many separate domain names and uses Let’s Encrypt to secure them receives a single LE certificate that covers all domain names used by the server rather than a separate cert for each individual domain.

Read 6 remaining paragraphs | Comments

Source:

Biz & IT – Ars Technica

Facebook Has Built a Fleet of Robots To Patrol Its Data Centers

There are robots on the prowl at Facebook’s server farms. The social networking giant has quietly built a fleet of mobile robots to patrol its data centers, and now has a team dedicated to automating its vast network of facilities around the globe, Business Insider reported Tuesday. From the report: The high-tech initiative could boost the firm’s profits and help revolutionize the data center industry — and potentially prompt job losses around the country. As Facebook has grown, it has built out a sprawling network of data centers around the globe dedicated to hosting users’ content and supporting its apps and services. Its locations now stretch from Oregon to Sweden to Singapore — but maintaining the vast facilities requires human data center operators and engineers to manage the systems, replace malfunctioning drives, and so on.

Read more of this story at Slashdot.

Source: Slashdot

Twitter Advises 5,000 Global Employees To Work From Home

Twitter is “strongly encouraging” its almost 5,000 global employees to work from home due to concerns over the spread of the Covid-19 coronavirus, the company said Monday. From a report: The social media company made the suggestion as part of a blog update one day after it suspended all non-critical travel for workers, including pulling out of the South by Southwest conference scheduled for later this month in Austin, Texas. Twitter says it’s mandatory for employees in Hong Kong, Japan and South Korea to work from home, but that other offices will remain open for those who choose or need to come in. “We are working to make sure internal meetings, all hands, and other important tasks are optimized for remote participation,” the company wrote on its blog. Twitter’s policy on working from home is a step beyond what most companies in the U.S. are doing as the virus spreads.

Read more of this story at Slashdot.

Source: Slashdot

Trading App Robinhood Experiencing ‘Major Outage’ For a Second Day Amid Heavy Volume Market Action

Robinhood on Tuesday reported technical issues for a second day following an outage that kept clients from trading on a historic market rally. From a report: As U.S. stocks traded actively again in wake of a surprise Fed rate cut, Robinhood reported a “major outage” for trading across its platform. Earlier updates on the site said that all trading was “operational,” but Twitter users posted screenshots of error messages as U.S. markets opened Tuesday. “We are experiencing a system-wide outage,” a message on Robinhood’s website read. Technical issues began Monday morning and lasted throughout the trading day, leaving users with their hands tied as the Dow Jones Industrial Average’s biggest one-day point gain in history. In a volatile session Tuesday, stocks surged off their lows after the Federal Reserve cut interest rates in an effort to stem slower economic growth from the coronavirus outbreak.

Read more of this story at Slashdot.

Source: Slashdot

Fed Cuts Rates Half Point in Emergency Move Amid Spreading Virus

The U.S. Federal Reserve delivered an emergency half-percentage point interest rate cut Tuesday in a bid to protect the longest-ever economic expansion from the spreading coronavirus. From a report: “The coronavirus poses evolving risks to economic activity,” the Fed said in a statement. “In light of these risks and in support of achieving its maximum employment and price stability goals, the Federal Open Market Committee decided today to lower the target range for the federal funds rate by 1/2 percentage point.” U.S. stocks briefly reversed earlier declines before resuming their selloff, while the 10-year Treasury yield touched 1.09%. Fed funds futures are pricing more than a percentage point of central bank rate reductions for 2020, including another quarter-point cut in the first half of the year. The central bank also said it is “closely monitoring developments and their implications for the economic outlook and will use its tools and act as appropriate to support the economy.”

Read more of this story at Slashdot.

Source: Slashdot

Pixel Slate fire sale sees $300-$700 price drop, free pen, free keyboard

The Google Pixel Slate Chrome OS tablet, which is over a year old now, is getting a price drop. Google has new regular prices for the various models, with discounts ranging from $300-$700 off the MSRP at several retailers, including its own online store. Buy a Slate sometime soon, and Google is also throwing in a free Pixelbook Pen (originally $99) and a keyboard ($199) for free. It’s a fire sale.

The entry-level 8th Gen Intel Core m3 version, with 8GB of RAM and 64GB of storage, now starts at $499, down from the $799 price at launch. The Core i5 version with 8GB of RAM and 128GB of storage launched at $999, but now it’s reduced to $599. The highest-end Core i7 version with 16GB of RAM, 256GB of storage, and a 4K display is $899, down from a whopping $1,599 at launch. If you get the highest-end version with the free pen and keyboard, you’re saving $1,000 off the MSRP.

Like many Google hardware products, the Pixel Slate has had a rough life. The device was widely criticized for being too expensive—you could get the same specs in an HP Chromebook x2 for less money, and most Slate models with the keyboard easily blasted into Macbook pricing territory. The sales pitch with the Slate was Chrome OS’ new tablet features, but they weren’t fully baked at launch, resulting in buggy split-screen modes and strange UI decisions. The original entry-level $599 version used an Intel Celeron CPU, which was so thoroughly panned in reviews for being too slow that Google delayed the model and eventually canceled it. About six months after the release, Google quit the tablet business altogether and decided to focus on laptops going forward, eventually leading to the development of the Pixelbook Go.

Read 1 remaining paragraphs | Comments

Source: Tech – Ars Technica

If You Like RSS, You’ll Love Fraidycat

J. Fergus, writing for Input: Someone finally did it. We can now follow who we want on our own terms and get that information chronologically. Fraidycat is an app and browser extension that allows just that. Though it launched in November 2019, Fraidycat recently got a massive update, widening its compatibility and adding a dark mode. The open-source tool, brought to you by Kicks Condor, is available for Linux, Mac, and Windows in addition to Mozilla Firefox and Chrome as an extension. Fraidycat definitely pulls from RSS feeds more easily, but it also works on Twitter, Instagram, and SoundCloud. You drop the link to the account you’d like to follow — from Medium bloggers to Twitch streamers to vision board Pinterest-ers — and set how frequently you’d like to see their posts. Label it, hit save, and posts will appear as often as you’d like. The recent update notably folds Kickstarter into the mix and collapses Twitter threads for readability.

Read more of this story at Slashdot.

Source: Slashdot

As Coronavirus Numbers Rise, C.D.C. Testing Comes Under Fire

The coronavirus has found a crack in the nation’s public health armor, and it is not one that scientists foresaw: diagnostic testing. The Centers for Disease Control and Prevention botched its first attempt to mass produce a diagnostic test kit, a discovery made only after officials had shipped hundreds of kits to state laboratories. From a report: A promised replacement took several weeks, and still did not permit state and local laboratories to make final diagnoses. And the C.D.C. essentially ensured that Americans would be tested in very few numbers by imposing stringent and narrow criteria, critics say. On Monday, following mounting criticism of the federal response, Trump administration officials promised a rapid expansion of the country’s testing capacities. With the help of private companies and academic centers, as many as a million diagnostic tests could be administered by the end of this week, said Dr. Stephen Hahn, commissioner of the Food and Drug Administration. But many scientists wonder if the moves come too late. As of Monday evening, 103 Americans were infected with the coronavirus in the United States. Six deaths have been reported. Dozens of patients, in several states, may have caught the virus in their communities, suggesting that the pathogen already may be circulating locally.

The case numbers are rising not just because the virus is spreading, but because federal officials have taken steps toward expanded testing. The persistent drumbeat of positive test results has raised critical questions about the government’s initial management of the outbreak. Why weren’t more Americans tested sooner? How many may be carrying the virus now? Most disturbing of all: Did a failure to provide adequate testing give the coronavirus time to gain a toehold in the United States? “Clearly, there have been problems with rolling out the test,” said Dr. Thomas Frieden, former director of the C.D.C. “There are a lot of frustrated doctors and patients and health departments.” Still, Dr. Frieden said he thought the situation was improving. Other experts, although supportive of the agency, were mystified that federal officials could have committed so many missteps. “The incompetence has really exceeded what anyone would expect with the C.D.C.,” said Dr. Michael Mina, an epidemiologist at Harvard University. “This is not a difficult problem to solve in the world of viruses.”

Read more of this story at Slashdot.

Source: Slashdot

China’s Aggressive Measures Reversed the Course of Coronavirus Outbreak

hackingbear writes: According to a World Health Organization (WHO) report, Chinese hospitals overflowing with COVID-19 patients a few weeks ago now have empty beds. Trials of experimental drugs are having difficulty enrolling enough eligible patients. And the number of new cases reported each day has plummeted from thousands per day to 125 cases on March 2. The report is unequivocal. “China’s bold approach to contain the rapid spread of this new respiratory pathogen has changed the course of a rapidly escalating and deadly epidemic,” it says. “This decline in COVID-19 cases across China is real.”

The WHO team traveled to several cities including Wuhan, the hardest hit city. They visited hospitals, laboratories, companies, wet markets selling live animals, train stations, and local government offices. “Everywhere you went, anyone you spoke to, there was a sense of responsibility and collective action, and there’s war footing to get things done,” says WHO’s Bruce Aylward. The question now is whether the world can take lessons from China’s apparent success — and whether other countries can imitate the massive lockdowns and electronic surveillance measures imposed by an “authoritarian” government (an assertion which real Chinese may not necessarily agree with from their daily experiences).

Read more of this story at Slashdot.

Source: Slashdot

From Wi-Fi to Spy-Fi—we test Plume’s new motion detection feature

At CES 2020, Wi-Fi mesh kit manufacturer Plume announced the addition of motion-sensing capability to its newer Superpod devices. Before we go any further, let’s be clear about what we’re talking about—this is not detection of a device you’re holding, like a phone or tablet. Instead, Plume is doing real-time analysis of extremely low-level RF data pulled from the Superpods’ radios. This is real motion detection, with no gimmicks involved.

Plume Motion requires Superpods—at least for now. The Superpods can also use stationary devices—including any original generation pods, or computers or IoT devices connected to the Wi-Fi—to further refine their detection.

Plume co-founder Adam Hotchkiss explained to us that, although any Wi-Fi device could theoretically be used to sense the data necessary to analyze motion, not all Wi-Fi chipsets actually expose that data. The Qualcomm IPQ4019 chipset used in the Superpods exposes the necessary RF data, but the older QCA9557 chipset used in the first-generation pods does not.

Read 11 remaining paragraphs | Comments

Source: Tech – Ars Technica