New York City Council passed regulations on ride-hail companies on Wednesday, capping the number of vehicles on the road for one year and requiring that drivers to be paid a minimum wage. From a report: Council Speaker Corey Johnson said earlier that the regulations are intended to protect drivers, fairly regulate the industry and reduce congestion. The year-long cap on new licenses for ride-hailing vehicles will take place while the Taxi and Limousine Commission (TLC) studies the effects of ride-hail service in the city. The cap would not apply to new wheelchair-accessible vehicles or new vehicles serving an area demonstrating need in a way that does not increase congestion. App-based ride services account for 80,000 vehicles in New York City, and provide 17 million rides per month, according to a study by The New School for the TLC. The surge in ridership coincided with increased resident frustration with the local subway system. With the move on Wednesday, New York City, the largest American market for Uber, has become the first major American city to restrict the number of ride-hail vehicles and to establish pay rules for drivers. In a statement issued moments ago, New York Mayor Bill de Blasio said," Our city is directly confronting a crisis that is driving working New Yorkers into poverty and our streets into gridlock. The unchecked growth of app-based for-hire vehicle companies has demanded action -- and now we have it."

Read more of this story at Slashdot.

xkcd's story for today is right on. I’m a software developer and I concur. We throw out our base technology every few years and start over, leaving the stuff that’s already deployed hard to evolve or fix, and the latest stuff full of bugs, and long before it’s mature and reliable we do it all over again.

From a report: In recent years Hollywood and other entertainment sources have focused their enforcement efforts on pirate streaming sites and services. According to several reports, streaming sites get more traffic than their P2P counterparts, with the latter being almost exclusively BitTorrent related. While the rise of online streaming sites can't be denied, a new research report from anti-piracy outfit Irdeto shows that P2P remains very relevant. In fact, it's still the dominant piracy tool in many countries. Irdeto researched site traffic data provided by an unnamed web analytics partner. The sample covers web traffic to 962 piracy sites in 19 countries where P2P was most used. This makes it possible to see how P2P site visits compare to those of pirate streaming sites.

Read more of this story at Slashdot.

Caroline O'Donovan, reporting for BuzzFeed News: To convince workers to join the unstable and unreliable world of freelance work, startups and platforms often promise freedom and flexibility. But on the digital freelance platform Upwork, company software tracks hundreds of freelancers while they work by saving screenshots, measuring the frequency of their clicks and keystrokes, and even sometimes taking webcam photos of the workers. Upwork, which hosts "millions" of coding and design gigs, guarantees payment for freelancers, even if the clients who hired them refuse to pay. But in order to get the money, freelancers have to agree in advance to use Upwork's digital Work Diary, which counts keystrokes to measure how "productive" they are and takes screenshots of their computer screens to determine whether they're actually doing the work they say they're doing. Upwork's tracker isn't automatically turned on for all gigs on the platform. Some freelancers like it because it guarantees payment, but others find it unnerving. [...] Upwork maintains that freelancers don't have to use the time tracker if it makes them uncomfortable. [...] But while Work Diary may be opt-in on its surface, Microsoft Research's Mary Gray said freelancers may not feel like they really have a choice.

Read more of this story at Slashdot.

Larger cable providers once again take a beating for perceived value -- even when it comes to bundled plans. ConsumerReports: Unhappy with your pay-TV company? You're not alone. Dissatisfaction with the perceived value of pay-TV service was once again high among the 176,000 members who participated in Consumer Reports' latest telecommunications survey. When we asked for feedback on their experiences with pay TV, home internet, home telephone service, and bundled plans, they shared their displeasure. In fact, most of the larger cable companies -- Optimum (Cablevision), Comcast, and Spectrum (Charter, Time Warner Cable, Bright House Networks) -- earned low scores in multiple categories, settling into the bottom half of the 25 providers in CR's new telecom service ratings. Only 38 percent of pay-TV subscribers were highly satisfied with their service, meaning they were "very" or "completely" happy with the offerings. Armstrong, a smaller cable company that operates in Kentucky, Maryland, New York, Ohio, Pennsylvania, and West Virginia, earned the second-place slot behind Google Fiber, in part due to favorable scores for technical support, reliability, and customer service. Verizon and the two satellite-TV companies -- AT&T's DirecTV and Dish Network -- also rated better than Cox Communications, Comcast, Spectrum, and Optimum. Top-rated EPB, a municipal broadband service run as a public utility in Chattanooga, Tenn., was one of the few bright spots for internet service. It was the only company to receive a top mark for value. It also got top marks for speed and reliability. Google Fiber was a close second in the ratings, the only other company to get a favorable mark for value. Nearly three-quarters of the survey respondents who have a bundled plan -- TV, internet, and phone -- said they got a special promotional price when they signed up. And 45 percent were still enjoying that rate when they answered our survey.

Read more of this story at Slashdot.

Researchers at Trustwave on Wednesday released a new open-source tool called Social Mapper, which uses facial recognition to track subjects across social media networks. Designed for security researchers performing social engineering attacks, the system automatically locates profiles on Facebook, Instagram, Twitter, LinkedIn, and other networks based on a name and picture. Unlike tools such as Geofeedia that require access to certain APIs, Social Mapper performs automated manual searches in an instrumented browser window. The Verge: Those searches can already be performed manually, but the automated process means it can be performed far faster and for many people at once. "Performing intelligence gathering online is a time-consuming process," Trustwave explained in a post this morning. "What if it could be automated and done on a mass scale with hundreds or thousands of individuals?"

Read more of this story at Slashdot.

Researchers say that contacting people "out of your league", can be a successful online dating strategy

Virtual reality is a modern-day beacon of escapism -- a way to fully immerse yourself in other worlds -- and it's seeing unprecedented applications. The market, no surprise, is exploding, with some industry groups estimating a $60 billion global market by 2022. As business booms, however, people who are using the tech are reporting a growing number of physical side effects -- like VR arm, but worse: eye strain, dizziness, headaches, nausea, and even dissociative experiences. From a report: VR companies recommend that people take frequent breaks and moderate their VR time when they're first starting out. "As you become accustomed to the virtual reality experience, you can begin increasing the amount of time you use Daydream View," reads one line of the health and safety information included with Google's VR platform. But what happens when it's your job to build these escapist technologies? The potential health risks for everyday consumers are compounded for those who make VR products for a living. When VR bigwig Jeremy Bailenson founded Stanford University's Virtual Human Interaction Lab, in 2003, two items were even more important than the VR equipment he was using: "We had to keep a bucket in the lab and a mop nearby," Bailenson says. Today, he institutes a strict 20-minute limit on headset time for people in his lab. These health effects produce unique challenges for VR developers. "We have to understand not just the good but also the downsides of this technology. There a lot of questions we need to answer," Bailenson says. "The whole point of VR is it takes you out of your space, but you can't be doing that for many hours a day." [...] Suddenly rotating around a virtual environment using handled controllers or quickly looking left and right in the VR space without any concomitant physical movement in the real world tend to physically affect Jonathan Yomayuza, VR technical director at the Emblematic Group, a creative firm based in Southern California. [...] The feeling Yomayuza describes is common among people who work with or use VR.

Read more of this story at Slashdot.

New submitter Woodmeister shares a report: While looking for ways to attack the new WPA3 security standard, Hashcat developer Jens "Atom" Steube found a simpler way to capture and crack access credentials protecting WPA and WPA2 wireless networks. The attacker needs to capture a single EAPOL frame after requesting it from the access point, extract the PMKID from it by dumping the recieved frame to a file, convert the captured data to a hash format accepted by Hashcat, and run Hashcat to crack it. Once that's done, the attacker has the Pre-Shared Key (PSK), i.e. the password, of the wireless network. Depending on the length and complexity of the password and the power of the cracking rig, that last step could take hours or days. "The main difference from existing attacks is that in this attack, capture of a full EAPOL 4-way handshake is not required. The new attack is performed on the RSN IE (Robust Security Network Information Element) of a single EAPOL frame," Steube explained. This makes the attack much easier to pull off, as the attacker doesn't depend on another user and on being in range of both the user and the access point at the exact moment when the user connects to the wireless network and the handshake takes place.

Read more of this story at Slashdot.

How can so many elections come down to a fraction of a percent of the vote? Doesn't probability say that this outcome is extremely unlikely? Why does it happen so often?

Rakhim Davletkaliyev, a software developer, writer and podcaster, recently launched two new podcasts. One of the things he was asked by people following the launches was "but how do I subscribe, it's not on iTunes/Google Podcasts?" He writes: Podcasts are simply RSS feeds with links to media files (usually mp3s). A podcast is basically a URL. And podcast clients are special browsers. They check that URL regularly and download new episodes if the content of the URL changes (new link added). That's it, no magic, no special membership or anything else required. The technology is pretty "stupid" in a good way. Ever since tech companies started waging war against RSS, podcast distribution became visually RSS-free. What do you do to subscribe? Easy, just search in the app! For the majority of iOS users that app is Apple Podcasts, and recently Google made their own "default client" for Android -- Google Podcasts. It looks like podcast clients are similar to web browsers and just provide a way to consume content, but the underlying listings make them very different. Corresponding services are actually isolated catalogs. When you perform a search on Apple Podcasts, you aren't searching for podcasts. You are searching for Apple-approved podcasts. And if the thing you're looking for is not there, then... well, you get nothing. Most Podcast clients still accept RSS. Apple Podcasts, iTunes, PocketCasts, OverCast, PodcastAddict. Google Play Music doesn't say anything explicitly, but you can just put RSS URL into the search field and it works. For now. I won't be surprised if these apps gradually and silently remove this feature.

Read more of this story at Slashdot.

This week's Black Hat event will highlight job-related stress and mental health issues in the cyber workforce. From a report: The thousands of cybersecurity professionals gathering at Black Hat, a massive conference held in the blistering heat of Las Vegas every summer, are encountering a different type of session this year. A new "community" track is offering talks on a range of workplace issues facing defenders battling to protect the world from a hacking onslaught. With titles like "Mental Health Hacks: Fighting Burnout, Depression and Suicide in the Hacker Community" and "Holding on for Tonight: Addiction in Infosec," several of the sessions will address pressures on security teams and the negative impact these can have on workers' wellbeing. "A lot of people in this space feel strongly about wanting to protect their users," says Jamie Tomasello of Duo Security, who is one of the speakers. "Where this becomes challenging is when people are under sustained high stress. That increases the risk of depression and mental illness." The impact on cyber defenders' lives is deeply concerning, as are the broader implications for security. In spite of a push for greater automation, many tasks in cyber defense are still labor intensive. Workers experiencing mental health issues are more likely to make mistakes and to have performance issues that require colleagues to pick up the slack, increasing the likelihood they will make errors too.

Read more of this story at Slashdot.

The other day I spilled a bottle of water on my keyboard, and have been limping along waiting for a new keyboard to arrive. I am now using it. This time I decided not to opt for the expensive Apple keyboard, instead I got a Macally keyboard which cost a fraction of what the Apple one did. So far it seems quite nice. My fingers need to set up in a different place, and the keyboard doesn't have lifters at the top to put it at an angle, but I'm already getting used to it. Unfortunately the modifier keys control panel isn't working, not sure why. Might have to reboot the system? I usually don't like doing that. And then as if by magic it started working! I like to map Control to Command and vice versa. My brain was trained by many years of using Windows, a long time ago.

I commented in a thread on Twitter on the controversy re the recent hire by the NYT editorial board and sweeping comments she made previously about white men. I am responding to a piece by Ezra Klein in Vox. I waited a few days for the furor to die down, and to try to say thoughtfuly and carefully how I as a man feel about such statements. Klein had said, for the first time I can recall for a reporter, how he feels about these things. I'll let the comments speak for themselves now.

Newly discovered trick used by viruses makes them more dangerous.