BUL2294 writes: The U.S. Library of Congress' Copyright Office has published their newest rules regarding DRM circumvention. Much to the chagrin of car makers and agricultural vehicle manufacturers, DRM circumvention, with the exception of telmatics ("black box") and entertainment systems, and anything that would run afoul of DOT or EPA regulations, is now allowed for "diagnosis, repair or lawful modification of a vehicle function." In addition, jailbreaking is now extended to tablets, wearables, and smart TVs, but not to single-purpose devices like e-readers. An exemption has been carved out for security researchers to hack cars, voting machines, and medical devices — as long as that device is not being used for its purpose and is in an isolated environment. Finally, owners of abandoned video games that require server authentication (where such authentication is no longer available) may also circumvent DRM. DRM circumvention is NOT allowed for jailbreaking gaming systems and e-readers, and does not allow for "format-shifting" (e.g. moving e-books from one platform to another).

The full text of the new rules is available online (PDF), and will be published in the Federal Register on October 28, 2015.

DeviceGuru writes: The immensely popular Raspberry Pi will soon be offered in customized versions, through an exclusive arrangement between Raspberry Pi Trading and Element14. According to the companies' announcement, Element14 will provide design and manufacturing services to OEM customers to create 'bespoke designs' based upon the Raspberry Pi technology platform. That's weird U.K. English for saying that contracts for creating customized Raspberry Pi SBCs will entail substantial NRE fees and 3,000 to 5,000 unit orders, depending on the nature of the customization. The tweaked Pi's are likely to have revised board layouts, additional or alternative functions, interfaces, connectors, and memory configurations, and more. A handful of unsanctioned Raspberry Pi knock-offs have already appeared over the past couple of years, including various Orange Pi and Banana Pi flavors, which certainly didn't involve any 'bespeaking.' More info is at Element14's CustomPi page.

An anonymous reader writes: Software engineer Ben Dickson starts off an opinion piece about Internet of Things security with this amusing comment: "Twenty years ago, if you told me my phone could be used to steal the password to my email account or to take a copy of my fingerprint data, I would've laughed at you and said you watch too much James Bond. But today, if you tell me that hackers with malicious intents can use my toaster to break into my Facebook account, I will panic and quickly pull the plug from the evil appliance." Dickson then lays out many of the issues with securing internet-connected devices, and explains the work being done to make them more secure. He highlights areas that manufacturers must focus on: "In contrast to human-controlled devices, they go through a one-time authentication process, which can make them perfect sources of infiltration into company networks. Therefore, more security needs to be implemented on these gateways to improve the overall security of the system. ... There also must be a sound plan for installing security updates on IoT devices. Each consumer will likely soon own scores — if not hundreds — of connected devices. The idea of manually installing updates on so many devices is definitely out of the question, but having them automatically pushed by manufacturers also can be a risky business."

An anonymous reader writes: In just a couple of months, the world's first consumer-ready modular smartphone will start shipping. It's called the Fairphone 2, and it will run Android 5.1. Ars Technica got hands-on time with the device, and they say it works surprisingly well. It's a bit thicker than most modern phones, but that's the trade-off for being able to swap out components. "The smartphone consists of seven major building blocks: the back cover, removable battery, display assembly, main chassis, receiver module, rear camera module, and speaker module. Positioned this way, the components that break most often, like the screen, are isolated for better repairability. In addition to swappable blocks, you can even change things inside the modules: for example, a mic or a speaker. They are press-fit, not glued, and can be extracted with simple tools."

Assembly and disassembly is pretty straightforward, as well: "The modules are held together by Phillips screws marked with blue circles. All screws are the same, so you won't have to remember which one goes where. It's quite hard to make a mistake in the assembling process, however Fairphone promises to release additional manuals and video instructions in collaboration with iFixit." The company also thinks it's important to get the phone's materials and components from ethical sources.

An anonymous reader sends a story from TeleRead which argues that Amazon doing harm to the e-reader category of devices it helped create. The company has been aggressively pushing adoption of its Kindle Fire brand of tablets, dropping the price for the cheapest model down to $50. Compare that to the basic version of the e-ink Kindle: $80 if you don't want it cluttered with "special offers." If you care enough about an e-ink screen, you might still buy it, but most of those people probably already have e-readers. The general populace, when looking at the tablet's color screen, app ecosystem, and access to forms of entertainment beyond books, will probably consider the tablet a no-brainer.

This is in Amazon's best interest; if you buy an e-reader, you're only going to be buying books for it. If you buy a tablet, they can sell you videos and software, too. Amazon has succeeded in pushing several competing e-readers out of the market. They also refuse to experiment or innovate on the design; there have been no significant changes since the Paperwhite's backlighting technology in 2012. Given that ebook sales are no longer growing explosively, this could be a sign that the e-reader category of devices is stagnating.

An anonymous reader writes with this report about just how easy it is to disrupt if not entirely kill modern consumer-grade networks -- not just Wi-Fi, but Bluetooth and Zigbee networks, too. Crucial to determining the likelihood of any given kind of attack, though, is how much it would cost the attacker to attempt. The bad news for network owners and users is that it doesn't cost much at all: "According to Mathy Vanhoef, a PhD student at KU Leuven (Belgium), it can easily be done by using a Wi-Fi $15 dongle bought off Amazon, a Raspberry Pi board, and an amplifier that will broaden the range of the attack to some 120 meters."

Robotech_Master writes: For all that the $50 Fire tablet has a 128 GB capable SDXC card slot that outclasses every other tablet in its price range, and it evolved out of Amazon's flagship e-book reader, it strangely lacks the ability to index e-books on that card. This seems like a strange oversight, given that every other media app on the tablet uses that card for downloading and storage, and its 5 GB usable internal memory isn't a lot for people who have a large library of picture-heavy e-books—especially if they want to install other apps, too.

dkatana writes: Amazon's drones have a long way to become reality, but the real magic of the Internet of Things (IoT) is already happening at Amazon's vast fulfillment warehouses in the US. Amazon runs a fleet of thousands of small robots moving storage pods around so orders can be fulfilled in record time. They are so efficient that they can move an entire warehouse and have ready to operate again during the weekend. All together the small robots have traveled over 93 million miles — almost the distance from Earth to the Sun.

ideonexus writes: Automakers have argued that the 1998 Digital Millennium Copyright Act makes it unlawful for researchers to review the code controlling their vehicles without the manufacturer's permission, making it extremely difficult to expose software cheats like the one Volkswagen used to fake emissions tests. Arguing that this obfuscation of code goes so far as to endanger lives at times, the Electronic Frontier Foundation (EFF) maintains that, "When you entrust your health, safety, or privacy to a device, the law shouldn't punish you for trying to understand how that device works and whether it is trustworthy."

dkatana writes: As part of the UK's Smart Meter Implementation Programme, Spain's Telefonica is deploying a M2M solution, using its own proprietary network, to collect and transmit data from 53 million gas and electricity smart meters. The most troubling issue is that the UK government awarded the contract to a private telecom that uses a proprietary network rather than to an independent organization that uses freely available spectrum and open source solutions. Those Smart Meters are supposed to be in operation for more than three decades, and rely on a network that can cease to exist. On top of that, the network, running proprietary protocols, can be hacked, and "will be hacked". Only Telefonica will be able to fix it.

MojoKid writes: When Microsoft first announced the Surface Pro back in 2012, many Apple fans snickered. Here was Microsoft, releasing a somewhat thick and heavy tablet that not only had a kickstand, but also an odd cover that doubled as a keyboard. And to top things off, the device made use of a stylus. Steve Jobs famously said in 2010, "If you see a stylus, they blew it." But Microsoft forged ahead with the Surface Pro 2, and later with the Surface Pro 3. Not only were customers becoming more aware of the Surface but competitors were also taking note. We've seen Lenovo introduce the ideapad MIIX 700, which incorporates its own kickstand and an Intel Skylake-based Core m7 processor. And most recently, we've seen Apple pull a literal 180 on this design and platform approach, announcing the iPad Pro — a device that features a fabric keyboard cover similar in concept to the Surface Pro and a stylus. Dell and ASUS have also brought compelling offerings to the table as well. However, the big head-to-head competition will no doubt be between the Surface Pro 4, which is set to be unveiled early next month and Apple's iPad Pro when it finally goes on sale.

New submitter bartvbl writes: As part of the GPL license, D-Link makes its firmware source code available for many of its devices. When looking through the files I accidentally stumbled upon 4 different private keys used for code signing. Only one — the one belonging to D-Link itself — was still valid at the time. I have successfully used this key to sign an executable as D-Link. A Dutch news site published the full story (translated to english with Google Translate).

An anonymous reader writes: Since the dawn of modern medicine, there have really only been two ways to know what a medical patient is doing: A) keep them around and monitor them, or B) ask them. The first is often impractical, and the second is fraught with misreporting. However, we're now in the age of data collection, and medical data is no exception. Pharmaceutical companies are gleefully passing out Fitbits and other wearables so they can more accurately test the drugs they make. Early trials have already found such devices to be better than human memory at reporting things like how much a patient walks. Other organizations are using movement data to algorithmically decide whether a patient needs a higher level of treatment. The article optimistically adds, "Down the line, wearables also could help pharmaceutical makers prove to insurance companies that their treatments are effective, thus reducing health costs."

An anonymous reader writes: A lengthy new article details the history of the Oculus Rift, from the VR headset's stereotypical beginnings in a hacker's parents' garage to its $2 billion acquisition by Facebook. "Luckey got into VR by way of computer games, which he was obsessed with for a time. After building what he recalls as a "beautiful six-monitor setup," for extreme visual saturation, he wondered, Why not just put a small screen directly on your face?" At just 19 years old, Luckey built a prototype good enough to impress John Carmack, which brought him all sorts of further attention. Investors came running, and eventually Mark Zuckerberg took an interest. "When Zuckerberg arrived, Luckey introduced himself and then quickly walked away. 'I'm a big fan,' he said, 'but I actually have to get back to work.' ... Zuckerberg seemed taken aback by Luckey's brusqueness but also charmed. 'They definitely have the hacker culture that we have,' he says." As the device approaches release, they're all wondering how much VR will change the world.

An anonymous reader writes: An editorial in the Wall Street Journal rings a bell we've been ringing for years: "Who owns the knowledge required to take apart and repair TVs, phones and other electronics? Manufacturers stop us by controlling repair plans and limiting access to parts. Some even employ digital software locks to keep us from making changes or repairs. This may not always be planned obsolescence, but it's certainly intentional obfuscation." The article shows that awareness of this consumer-hostile behavior (and frustration with it) is going mainstream. The author links to several DIY repair sites like iFixit, and concludes, "Repairing stuff isn't as complicated as they want you to think. Skilled gadget owners and independent repair pros deserve access to the information they need to do the best job they can."

An anonymous reader writes: Last June Amazon announced their Fire Phone, an Android device packed with interesting but questionably useful tech that left reviewers unimpressed. Now, just a few weeks after big layoffs in Amazon's Fire Phone division, the phone has gone out of stock globally and seems unlikely to return. GeekWire says it's "an indication that they've finally exhausted their supply and they don't have plans to manufacture anymore."

MojoKid writes: Samsung announced their latest smartwatches the other day, the Gear S2 and Gear S2 Classic. At a hands-on press event in New York this week, Samsung had the Gear S2 and Gear S2 Classic up and running. Both of these smartwatches feature 11.4mm-thick casings and 1.2-inch, 360x360 displays that are completely circular, unlike the "flat tire" displays used on the Moto360. At the heart of the Gear S2 is an undisclosed Samsung-sourced 1GHz dual-core processor paired with 512MB of RAM. NFC technology is incorporated into the watches as well, which will support Samsung Pay in the near future. The Gear S2 and Gear S2 Classic are IP68 certified for dust and water resistance and there will be versions with and without integrated 3G connectivity. Both watches feature a rotating ring around the display, in addition to two buttons at the side, intelligently located at 2 and 4 o'clock to minimize accidental actuation, for navigating the various menus and apps. Samsung allows user customization of some watch-faces to show personalized info, and offers dynamic watch-faces with notifications presented on-screen at all times, along with the time.

An anonymous reader writes: This Wednesday, Apple is hosting an event in San Francisco to announce updated versions of some of its products. One device getting a lot of the attention will be the Apple TV, which has languished for several years without significant changes. Apple is making a renewed push for the living room. The company has expanded its partnerships with TV studios over the past few years, launched its own streaming music service, and also made inroads on gaming. The new Apple TV will try to do all these things, including support for apps. It will also reportedly feature universal search: "Essentially, you'll be able to search for a show or movie once, and see results from all sorts of different sources." A side effect of this ambitious goal is that the device will more than double in cost, going from $70 to $150.

angry tapir writes: Researchers at the University of California, San Diego, have found a way for wearable devices to communicate through a person's body instead of the air around it. Their work could lead to devices that last longer on smaller batteries and don't give away secrets as easily as today's systems do. From the Computerworld story: "A team led by Professor Patrick Mercier of the university's Department of Electrical and Computer Engineering has discovered a way to use the body itself as the medium for data transmission. It uses magnetic fields and shows path loss that's 10 million times lower than what happens with Bluetooth. This could make the magnetic networks much more efficient, so devices don't have to work as hard to communicate and can have smaller batteries -- or get longer useful lives with the same size batteries. The team hasn't actually tested the system's energy use yet. They envision the technology being used for networks of health sensors that monitor many parts of the body."

itwbennett writes: Researchers from security firm Rapid7 have found serious vulnerabilities in nine video baby monitors from various manufacturers. Among them: Hidden and hard-coded credentials providing local and remote access over services like SSH or Telnet; unencrypted video streams sent to the user's mobile phone; unencrypted Web and mobile application functions and unprotected API keys and credentials; and other vulnerabilities that could allow attackers to abuse the devices, according to a white paper released Tuesday. Rapid7 reported the issues it found to the affected manufacturers and to US-CERT back in July, but many vulnerabilities remain unpatched.