Day: November 19, 2019

Posted on

Microsoft says yes to future encrypted DNS requests in Windows

https://arstechnica.com/?p=1604097

Microsoft will (eventually) support secure DNS requests over the DoH protocol, and maybe over some others at some point.
Enlarge /

Microsoft will (eventually) support secure DNS requests over the DoH protocol, and maybe over some others at some point.

Yuichiro Chino via Getty Images

In a post yesterday to the Microsoft Tech Community blog, Microsoft Windows Core Networking team members Tommy Jensen, Ivan Pashov, and Gabriel Montenegro announced that Microsoft is planning to adopt support for encrypted Domain Name System queries in order to “close one of the last remaining plain-text domain name transmissions in common web traffic.”

That support will first take the form of integration with DNS over HTTPS (DoH), a standard proposed by the Internet Engineering Task Force and supported by Mozilla, Google, and Cloudflare, among others. “As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so we’re open to having other options such as DNS over TLS (DoT) in the future,” wrote Jensen, Pashov, and Montenegro. “For now, we’re prioritizing DoH support as the most likely to provide immediate value to everyone. For example, DoH allows us to reuse our existing HTTPS infrastructure.”

But Microsoft is being careful about how it deploys this compatibility given the current political fight over DoH being waged by Internet service providers concerned that they’ll lose a lucrative source of customer behavior data.

ISPs give a number of reasons for their opposition to DoH. Since it prevents them from viewing plain-text DNS requests, it prevents filtering and blocking of some content—including, in the United Kingdom, the enforcement of content-filtering requirements placed on them by UK law. Because of its adoption of DoH as part of the Firefox Web browser, the UK’s Internet Services Providers Association named Mozilla an “Internet Villain.”

In the US, ISP lobbyists have pressed Congress to prevent Google from deploying DoH on Chrome on antitrust grounds. Part of that lobbying is based on claims that Google would, as a letter from Comcast to members of Congress put it, “centraliz[e] a majority of worldwide DNS data with Google” and “give one provider control of Internet traffic routing and vast amounts of new data about consumers and competitors.”

Administrator’s choice

According to the authors of the Microsoft post, the Windows implementation of DoH support will not change the status quo for corporate users or many ISP customers. “We will not be making any changes to which DNS server Windows was configured to use by the user or network,” Jensen et al wrote:

…[W]e will look for opportunities to encrypt Windows DNS traffic without changing the configured DNS resolvers set by users and system administrators.

Today, users and admins decide what DNS server to use by picking the network they join or specifying the server directly; this milestone won’t change anything about that. Many people use ISP or public DNS content filtering to do things like block offensive websites. Silently changing the DNS servers trusted to do Windows resolutions could inadvertently bypass these controls and frustrate our users. We believe device administrators have the right to control where their DNS traffic goes.

However, Microsoft’s implementation will also not “get in the way” of applications that use DoH or other encrypted DNS requests themselves. And it will have to provide for fallbacks when DoH requests fail. “DoH use will be enforced so that a server confirmed by Windows to support DoH will not be consulted via classic DNS,” the Core Networking team members wrote. “If this preference for privacy over functionality causes any disruption in common Web scenarios, we’ll find out early.”

All of this is for the future, however. Microsoft is announcing its intent now before making early versions of the capability available to Windows Insiders, because, as the three wrote, “With encrypted DNS gaining more attention, we felt it was important to make our intentions clear as early as possible. We don’t want our customers wondering if their trusted platform will adopt modern privacy standards or not.”

It also seems that Microsoft is staking out a position friendly to ISPs—and to enterprises as well, where what might be hiding in encrypted DNS traffic from individual computers might be a security concern.

via Ars Technica https://arstechnica.com

November 19, 2019 at 11:24AM

Posted on

DuckDuckGo Will Automatically Encrypt More Sites You Visit

https://www.wired.com/story/duckduckgo-smarter-encryption

It’s increasingly common for the data that passes between your browser and a website’s server to be encrypted with HTTPS, which makes it impossible for outside snoops to read. But you don’t get that protection if the URL drops that crucial “S” after HTTP. And while some mechanisms do redirect you to an encrypted version of a site, they often do so only after exposing that initial request. The makers of the privacy-focused search engine DuckDuckGo think there’s a better way.

Today DuckDuckGo is releasing a feature called Smarter Encryption that combines its existing private search capabilities and tracker blocking service with a new tool to upgrade encryption for more of the sites you visit. It’s available on DuckDuckGo’s mobile browser for Android and iOS, and through the company’s desktop browser extension for Firefox and Chrome. DuckDuckGo is also open sourcing the code behind the feature so other sites and platforms can adopt it as well. First up? Pinterest.

“I think people tend to think it’s a less of a problem because a lot of sites automatically redirect you to an encrypted version now, though a lot of sites also still don’t,” says Gabriel Weinberg, DuckDuckGo’s founder and CEO. “We wanted to give people a more comprehensive privacy solution no matter where the internet takes you.”

DuckDuckGo isn’t the first organization to tackle the HTTP upgrading problem. The Electronic Frontier Foundation’s HTTPS Everywhere browser extension and Chromium’s HSTS Preload List provide similar functionality. The latter is enabled by default across Chrome, Firefox, Safari, Opera, Edge, and Internet Explorer. These offerings all function basically the same way, working off a list of sites that offer HTTPS versions to upgrade connections before they’re established. But DuckDuckGo’s tool has one major difference: Rather than populating a list of upgradable sites manually, Smarter Encryption fills it out automatically using the same web crawling smarts built into DuckDuckGo’s private search service. No one needs to add and remove entries from the list on their own; whenever the crawler sees that a site supports HTTPS, it records that as the default for all visitors using Smarter Encryption going forward, regardless of what URL they type or link they click.

This automatic element makes the list strikingly comprehensive. Compared to other tools, which have fewer than 150,000 sites on their preload lists, Smarter Encryption already works on 12 million sites, making it more likely that you’ll reach for the encrypted version of a given site from the start.

Weinberg says DuckDuckGo’s auto-populating strategy wasn’t as easy to build as he first expected, because of the patchwork of encryption implementations on the web. For example, some sites are only set up to encrypt some of their pages. This means that if Smarter Encryption tries to upgrade your connection to that domain, some functionality and pages may break. It took a number of workarounds—including developing visual tests to automatically assess whether a page looked different after adding encryption upgrading—to make it all work without any browsing disruptions. DuckDuckGo launched a beta of the tool in 2018 to test for any issues. And now it’s finally ready for prime time.

Search engines and social networks are prime platforms for adding encryption upgrades, because they both incorporate huge numbers of links that are crawler or user-generated and may not include “HTTPS.” Pinterest itself is fully encrypted, but implemented Smarter Encryption to protect its users as they click links posted on the platform that lead to outside sites. Pinterest says that after incorporating DuckDuckGo’s feature, about 80 percent of outbound traffic routes through HTTPS, up from 30 percent before.

“DuckDuckGo was the perfect fit for us because they maintain a comprehensive list of upgradable sites, generated by comparing the HTTP and HTTPS version of a site, and adding a site to the HTTPS upgrade list if the two versions are identical,” Pinterest explains in a blog post shared with WIRED. “We can then regularly pull and ingest their list.”

via Wired Top Stories https://ift.tt/2uc60ci

November 19, 2019 at 07:09AM

Posted on

The best way to strip paint off a fighter jet? Laser-wielding robots.

https://www.popsci.com/story/technology/air-force-laser-robots-depaint-f-16/

The two robots each work on their own side of the jet.

The two robots each work on their own side of the jet. (Alex Lloyd / US Air Force/)

Most of the Air Force’s F-16 fleet is painted a shade of grey. In addition to their camouflage effect, the top coats and primer below them prevent the pricy metal planes from corrosion due to moisture. Just like a house needs to be repainted from time to time, so do fighter jets.

Sometimes, a maintenance crew can throw new paint on top of a plane after smoothing out what’s on there already. But unlike houses and other objects that don’t fly, weight on a plane matters, and if those layers get too thick and heavy, they need to come off before the new paint goes on. Stripping that old stuff off has been a time-intensive process that produces around a ton of hazardous waste per jet—debris that includes hexavalent chromium, which causes cancer. The new way? Autonomous robots zap the aircraft with lasers to carefully combust the paint off the surface of the fighter.

To strip the paint off an F-16 the traditional way, the Air Force has been shooting plastic beads out of hoses. The system—called plastic media blast, or PMB—is like sandblasting. The pressure of those beads against the jet mechanically strips the paint right off the surface. Because they’re actually pummeling the aircraft, there’s a three-blast limit per F-16 so that its metal surface doesn’t become fatigued.

The process is dirty. “Inside a blast booth, you can imagine it’s very dusty, very nasty,” says Rik Crowther, a senior engineer at Hill Air Force Base in Utah. The people holding these heavy hoses wear white protective suits and resemble firefighters, he notes, although instead of blasting water at the aircraft, they’re spewing plastic. The Air Force can reuse some of those plastic beads after they’re captured, thanks to a reclamation system, while some of it gets pulverized during the blasting process, mixing with the paint and primer.

“Every time we blast an F-16, we generate 2,000 pounds of dust,” Crowther says. “That entire 2,000 pounds is all hazardous waste.” Most of that dust is from plastic debris, but it’s been mixed with the materials coming off the surface of the plane, which include hexavalent chrome as well as cadmium, also a carcinogen.

The new way is better: it’s not only faster, but instead of one ton of hazardous waste, it produces just 10 to 12 pounds of ash.

It works thanks to two robots that use 6-kilowatt continuous-wave lasers to strip the paint off. Crowther notes that they restrict access to the space so no humans walk in when they shouldn’t. “We can’t have anyone walking in the room when lasers and robots are running,” he says.

The laser-wielding robots start the process already having a crude, blocky sense of what the fighter jet looks like. Then, with one robot on each side of the fighter, each one uses onboard lidar sensors—the same kind of sensor that a self-driving car uses as part of its perception system to see the world around it—to carefully map the three-dimensional topography of the plane. That detailed information allows the robots to get in closer to the working surface. Each bot will work from about five to six different stations on its side of the plane. “In each location, they will stop, and then they will do a higher-fidelity scan of just the area that that robot can reach,” Crowther says. It then has the information it needs to figure out how to strip that paint.

The system, which analyzes each section in little squares, can determine whether or not to hit that part with the laser, and it can also dial up or down how much power it zaps the surface with. “This is so precise, we can go down and leave the primer alone,” Crowther says.

The laser hits the coating with energy, which then combusts. “You’ll see a bright flash of light,” he says—that’s the paint leaving the surface and burning. A powerful vacuum sucks it up. “We’re actually pulling the flame off the surface of the aircraft,” he notes. That’s where the 10 to 12 pounds of ash come from.

The other benefit is that, unlike the plastic bead blast, the lasers don’t fatigue the jet, so there’s no limit on how many times they can strip the paint off an aircraft this way. The Air Force has been using the new method since 2017, and has since zapped 20 production F-16s. They hope to scale it up to be able to hit about 40 or 50 per year. The next aircraft on their list, besides the vipers they’re already lasering, are A-10s, F-22s, and F-35s. (Meanwhile, the pressurized plastic system isn’t going anywhere.)

Not all Air Force planes are grey, and the lasers at Hill Air Force base actually struggle with aircraft that have glossy white paint on them: that means that this method wouldn’t be a good way to strip the paint off the sleek F-16s that comprise the Air Force’s air show demonstration team, the Thunderbirds— those are red, white, and blue. “We’re working on other lasers that don’t have a problem with white,” Crowther adds, “but these ones do.”

via Popular Science – New Technology, Science News, The Future Now https://www.popsci.com

November 19, 2019 at 08:36AM

Posted on

The Morning After: Valve’s new ‘Half-Life’ VR game

https://www.engadget.com/2019/11/19/half-life-alyx-vr/

Hey, good morning! You look fabulous.

This morning we’re ready to talk about Half-Life: Alyx as well as the reality of Google Stadia and cloud gaming. Samsung’s Kylo Ren-themed Galaxy Note 10+ is stylish but expensive, and you can save some cash on Google gear next week. We’ll explain.

There’s a but.Valve has finally confirmed a new ‘Half-Life’ game

On Thursday, we’ll meet the first new Half-Life title that Valve has released in a dozen years. The one thing we know so far about Half-Life: Alyx is it’s the company’s first ‘flagship VR game.’ Now Valve has its own Index virtual reality headset to offer, it makes sense that the company would use one of its most beloved titles to push the technology, but we’ll know more about what’s required when the game is revealed on November 21st.

It’s impressive, but the game selection is expensive and underwhelming. Google Stadia has landed

Google promised a lot with its streaming game service, and it delivered on most of it. With Stadia, you can stream and play AAA titles like Destiny 2, Red Dead Redemption 2 and, well, 20 other games. We’ve been playing the new service for a week, and while it all hinges on how fast your home internet works, these games work. Jessica Conditt explains all.

You can also score a Nest Hub for $79.Google details its Black Friday discounts, including Pixel 4s for $200 off

If you’ve been thinking about picking up some Google hardware, it might make sense to wait. The company has several discounts planned, including a Pixel 4/4 XL offer that cuts $200 so they start at $599, which will be available on November 24th. Deals starting on the 28th include $20 off the usual $49 price for a Nest Mini and a Pixel 3a/3a XL for $100 off.

The batteries are bigger, but you won’t be able to fix it on your own.iFixit’s 16-inch MacBook Pro teardown reveals only a few changes

We already got a closer look at the new, bigger MacBook Pro’s keyboard, but what about the rest? Well, there’s less to report beside a new thermal management system and bigger battery cells. If you were hoping for more repairability, like Microsoft’s latest machines, then we’ve got bad news. You’d probably still need some expertise to do any work inside the machine. But hey, at least the keyboard is less likely to jam up.

Why not a baby (redacted)?Samsung made a ‘Star Wars’ Galaxy Note 10+ for Kylo Ren fans

This Galaxy Note 10+ Star Wars Special Edition will mark the release of The Rise of Skywalker. The phone touts a black-and-red color scheme (plus custom graphics and sounds) to match Kylo Ren’s embrace of the dark side, and you’ll also get a matching Kylo Ren case, Galaxy Buds and a metal collector’s badge. In the US, it’ll be available on December 13th in unlocked form for $1,300 at Amazon, Samsung and some Best Buy and Microsoft stores.

We’re not the market for this.Sony’s baffling wearable speaker heads to the US

Want the convenience of portable tunes but hate headphones and earbuds? Sony has a solution for you in its Immersive Wearable Speaker (SRS-WS1), which is perhaps the company’s most aptly named piece of audio kit. The speaker launched in Japan back in 2017 (we caught a glimpse of an earlier version during SXSW 2016), and now it’s finally making its way to the US in December. It’ll be available for an introductory price of $250 if you pre-order by December 1st, and $300 afterwards. The only tricky part is finding someone who will wear this thing.

Looks like a DualShock 4.Sony’s new controller patent reaffirms a familiar-looking controller for the PS5

An early report from Wired said the prototype of Sony’s new PlayStation 5 controller looked "an awful lot like the PS4’s DualShock 4," and a filing at Japan’s patent office backs that up. It’s really not much different at all — although it appears the new accessory won’t include a light bar, and there are larger trigger buttons that will reportedly feature adaptive triggers to represent in-game forces and tension. For now, however, this is just a dotted-line diagram. Sony could still shake up the design.

But wait, there’s more…

The Morning After is a new daily newsletter from Engadget designed to help you fight off FOMO. Who knows what you’ll miss if you don’t Subscribe.

Craving even more? Like us on Facebook or Follow us on Twitter.

Have a suggestion on how we can improve The Morning After? Send us a note.

via Engadget http://www.engadget.com

November 19, 2019 at 06:21AM

Posted on

Pirelli’s 5G tire warns other vehicles about dangerous road conditions

https://www.engadget.com/2019/11/19/pirelli-intelligent-tires-5g/

The future of cars is connectivity, with vehicles able to communicate with infrastructure like traffic lights and to share information about traffic conditions with other drivers and local authorities. Tire manufacturer Pirelli is bringing its own approach to connected car technology, debuting what it’s describing as the worlds first intelligent tires that transmit data via 5G.

The Cyber Tire system works by collecting data from a vehicle as it drives, such as whether there is water on the road that could cause aquaplaning. This data is sent from the vehicle to a central hub via 5G, which enables low latency transmission. Then, data on current road conditions and aquaplanning risks can be sent to other cars in the nearby area, also via 5G.

The Pirelli tires come in to play as they are the only part of the car which is in direct contact with the road. That means the sensors in the Cyber Tire can collect information about road surfaces, and in the future they’ll also be able to detect factors like the distance traveled on the tires and the dynamic load.

Pirelli debuted the connected tire at the "5G Path of Vehicle-to-Everything Communication" event in Turin, Italy this week, along with partner manufacturers Ericsson, Audi, Tim, Italdesign and KTH. The company has not yet announced when the tires will be generally available, but it has said that the new technology should improve both road safety and car performance.

Source: Pirelli

via Engadget http://www.engadget.com

November 19, 2019 at 07:03AM

Posted on

Google’s redesigned ‘My Devices’ page now tracks computers

https://www.engadget.com/2019/11/19/google-my-devices-computers/

Google’s My Devices page has largely been replaced by the Find My Device feature, but it’s still widely used by G Suite users. Up until now, it’s only worked with phones and tablets, but Google has finally updated the app with a fresh look and the ability to manage desktop computers, as well.

Google manage my devices

That’ll let you do the same things with a laptop that you can do with your phone, like wipe, lock and locate it. The new interface (above) is more user-friendly than before, as well, letting you check info, management and location for each device. Find My Device works in much the same way, but is directed more at consumers rather than G Suite business users. You can also use the "your devices" panel to find and sign out of your desktop, Android and Wear OS devices.

The panel also has a new URL at mydevices.google.com (for G Suite users only) but it will redirect the old one to that address. The new page will take between one and three days to work for everyone, Google said.

Source: Google

via Engadget http://www.engadget.com

November 19, 2019 at 07:33AM