firehose

In two separate presentations at Def Con in Las Vegas last weekend, security experts demonstrated vulnerabilities in two consumer drones from Parrot. The simplest of the attacks could make Parrot drones, including the company's Bebop model, fall from the sky with a keystroke.

In a live demonstration at Def Con's Internet of Things Village on August 8, Ryan Satterfield of the security consulting firm Planet Zuda demonstrated a takedown of a Parrot A.R.Drone by exploiting the drone's built-in Wi-Fi and an open telnet port on the drone's implementation of the  BusyBox real-time operating system. Connecting to the drone gave him root access to the controller, and he was able to kill the processes controlling flight—causing the drone to drop to the ground.

In a session at DEF CON on August 9, researcher Michael Robinson, a security analyst and adjunct professor at Stevenson University in Maryland and George Mason University in Northern Virginia, dove further into the vulnerabilities of Parrot's drones, discussing his research on the Bebop drone in a session entitled, "Knocking My Neighbor's Kid's Cruddy Drone Offline." Robinson noted that because of the Parrot's open Wi-Fi connection, it would allow anyone with the free Parrot app on a mobile device to pair with the drone in-flight. Using a Wi-Fi "de-auth" attack, he was able to disconnect the control app on the operator's device and take control with the app from another while the operator of the original controlling device attempted to re-establish a Wi-Fi connection. The new pilot could then simply fly the drone wherever he desired. Robinson warned anyone who planned to take over someone else's Parrot drone that the mobile app left forensic artifacts on mobile devices—including the serial number of the drone.

I’m definitely missing Sparky on my wing when I load up Rogue System. My assisted flight time in the Hornet stacks up against the game’s fictional FireArc space strike fighter like kindergarten stacks up against college algebra. There are fuel cells to prime, a small nuclear reactor to watch, and space traffic control to talk to—and that’s all even before you undock. The game isn’t anywhere even close to complete yet, and there’s not a tremendous lot to do besides docking and undocking and practicing your rendezvous skills, but everything you can do today in Rogue System is wrapped in layer upon layer of complexity—much like flying an actual aircraft, without the trained Navy combat pilot to handle the hard stuff for you.

That’s not to say that the game isn’t fun—perversely enough, it is fun. For one thing, there’s something intrinsically satisfying about flipping the FireArc’s switches and watching the craft respond to your commands—when you navigate the 80-plus line checklist to take the craft from cold shutdown to ready to undock, you feel like you’ve actually accomplished something. It’s not just the memorization and application of a complex series of steps—that’s part of it, of course, but the game also manages to deliver a feeling of presence that you don’t get even when strapped into an Oculus Rift playing Elite Dangerous. It feels like you’re an integral part of the ship—you’re not just flying it, but controlling it.

Late last week, non-profit environmental watchdog group As You Sow issued a press release indicating its intention to file suit against the makers of Soylent, the meal replacement product engineered by Silicon Valley entrepreneur Rob Rhinehart. As You Sow states that two separately tested samples of Soylent’s latest 1.5 formula contained "12 to 25 times" the amount of lead allowed under the "safe harbor for reproductive health" provisions of the state of California’s Safe Drinking Water and Toxic Enforcement Act of 1986 (commonly called "Proposition 65"). As You Sow also says it found cadmium levels at least four times higher than the safe harbor for reproductive health levels.

Soylent already displays a Proposition 65 notice on its web site—according to the information there, consuming a full day’s worth of Soylent 1.5 would indeed exceed both the Maximum Allowable Dose Levels (MADLs) and No Significant Risk Levels (NSRLs) for lead and cadmium.

California’s Proposition 65 guidelines for heavy metals are more strict than those used internationally by the World Health Organization. The MADL and NSRL numbers for lead and cadmium aren’t indicators of immediate harm; rather, they are limits below which no harm has been observed.

This weekend, The New York Times published a long report examining the workplace culture of retailing giant Amazon. The story was unflattering to say the least, describing a treacherous environment in which employees are pushed to breaking point and personal trauma — such as a cancer diagnosis — could lead to individuals being "edged out" of the firm. The company has refuted the report, and, in an internal memo forwarded by an Amazon employee to The Verge, the company's founder and CEO Jeff Bezos tells his staff: "I don’t recognize this Amazon and I very much hope you don’t, either."

"The article doesn’t describe the Amazon I know."

"The NYT article prominently features anecdotes describing shockingly callous management practices, including people being treated without empathy while enduring family tragedies and serious health problem," writes Bezos. "The article doesn’t describe the Amazon I know or the caring Amazonians I work with every day."

In the memo, Bezos encourages employees to report any "stories like those" described by The New York Times to HR or Bezos himself, and says that "even if it's rare or isolated, our tolerance for any such lack of empathy needs to be zero." He goes on to say that he doesn't think "any company adopting the approach portrayed [in the Times story] could survive, much less thrive, in today’s highly competitive tech hiring market."

Bezos praises the quality of Amazon's employees and tells them "you can work anywhere you want" — implying that if Amazon's workplace practices were as "soulless" and "dystopian" as the Times suggests, then no one would be there in the first place. He adds: "I strongly believe that anyone working in a company that really is like the one described in the NYT would be crazy to stay. I know I would leave such a company."

You can read the full memo as sent to The Verge below:

Dear Amazonians,

If you haven't already, I encourage you to give this (very long) New York Times article a careful read:

http://www.nytimes.com/2015/08/16/technology/inside-amazon-wrestling-big-ideas-in-a-bruising-workplace.html

I also encourage you to read this very different take by a current Amazonian:

https://www.linkedin.com/pulse/amazonians-response-inside-amazon-wrestling-big-ideas-nick-ciubotariu

Here’s why I’m writing you. The NYT article prominently features anecdotes describing shockingly callous management practices, including people being treated without empathy while enduring family tragedies and serious health problems. The article doesn’t describe the Amazon I know or the caring Amazonians I work with every day. But if you know of any stories like those reported, I want you to escalate to HR. You can also email me directly at jeff@amazon.com. Even if it's rare or isolated, our tolerance for any such lack of empathy needs to be zero.

The article goes further than reporting isolated anecdotes. It claims that our intentional approach is to create a soulless, dystopian workplace where no fun is had and no laughter heard. Again, I don’t recognize this Amazon and I very much hope you don’t, either. More broadly, I don't think any company adopting the approach portrayed could survive, much less thrive, in today’s highly competitive tech hiring market. The people we hire here are the best of the best. You are recruited every day by other world-class companies, and you can work anywhere you want.

I strongly believe that anyone working in a company that really is like the one described in the NYT would be crazy to stay. I know I would leave such a company.

But hopefully, you don't recognize the company described. Hopefully, you’re having fun working with a bunch of brilliant teammates, helping invent the future, and laughing along the way.

Thank you,

Jeff

Facebook has been making big moves into the publishing world, and its next step appears to be rolling out something a bit like a blogging platform. As spotted by developer Dave Winer, Facebook seems to be revamping its old Notes feature into what looks like its own take on the blogging / publishing platform Medium. New posts made through Facebook Notes are wider, include a big cover image, and are presented with large clean text and a clear headline. The updated Notes isn't available to everyone just yet, and it isn't clear if the feature is rolling out widely or if this remains a test. Facebook did not immediately respond to a request for comment.

Remember Notes? Remember Walls? Remember blogging?

Facebook Notes has pretty much sat dormant for years. A while ago, Notes let Facebook users post blog-like entries on their Wall (back when Walls were a thing), but that hasn't really been necessary since Facebook started raising the character limit on statuses. Notes are still around, but you have to go a bit out of the way to make one; they also don't stand out very much from a normal status message.

This update to Notes should make them a lot more prominent. Facebook is likely hoping to get people writing longer blog posts, which would be native to the site and presumably faster to load through its mobile apps. Though Medium already seems to be the platform of choice for journalists and many professionals in media and technology, Facebook has a huge built-in audience who may be eager for a new way to share their thoughts — and see them spread — through the site.

One of the most underrated features of the latest generation of consoles is the abiltiy to "suspend" the console rather than turning it off completely. Both the Xbox One (since launch) and PS4 (since March) let users put the system into a low-power "rest" mode that provides for a much quicker startup when getting back into the suspended game, saving up to 30 seconds (or more) each time you start up.

It looks like Valve has given up trying to imitate this feature on its upcoming line of SteamOS-powered Steam Machine consoles, though. In a Github bug report thread, a Valve engineer wrote this weekend that Linux's "suspend" function is "no longer supported" in current SteamOS builds. Asked why, the engineer responded that "given the state of hardware and software support throughout the graphics stack on Linux we didn't think we could make this reliable."

The problem seems to be rooted in issues with the way that Linux handles rediscovering hardware devices (like USB controllers) when waking up from sleep. Though some Linux users report never having these problems, others say that coming back from suspension can lead peripherals to become completely unresponsive or lead to conflicts in discerning between multiple devices.

Welcome to the second annual Verge Hack Week. We're totally blowing up our site: we've given our reporters and editors the entire week to play with new tools and experiment with new storytelling ideas, while members of our amazing product team have gathered in New York to help build all sorts of interesting new things. Learn more.

In the weeks after its release, Windows 10 users have noticed something strange — it's always phoning home. Last week, an Ars Technica investigation found Windows computers sending data back to Microsoft servers even after services like Cortana and OneDrive had been disabled, in one case even sending back a message as soon as users hit the Start button.

It's a telling change for Microsoft — the last major tech company built on self-contained software — and it’s set off a string of related worries. If any Microsoft users had been scared off by data collection from Google and Apple, they now have nowhere to turn. Reached by Ars Technica, the company was quick to defend itself, saying, "No query or search usage data is sent to Microsoft, in accordance with the customer's chosen privacy settings." Most of the data is anonymized usage logging, not inherently a privacy concern, but the fact remains: using Windows 10 requires constant access to Microsoft's remote servers, and that access goes both ways.

This isn't an option anymore; it's the default

In 2015, this is simply how computing works. Consumers expect smart recommendations and continually improving services. We expect computers — all computers — to be able to answer any question at any time. In return, companies get constant access to your computer for data collection, automatic updates, and offboard processing. This isn't an option anymore; it's the default. And anyone who doesn't like the deal is going to have a very hard time using today's computers.

Mobile tech works this way out of necessity — there simply isn't the processing power to take on more complex tasks — and over the last five years, even more powerful computers have followed that model. It's essentially the premise of all Google's software efforts. Most Chromebooks are constantly feeding data back to Google servers, even though it happens more often through Drive or Search services than the OS itself. If the services are going to improve, engineers need to know what's working and what isn't — and since the services themselves are all free, some level of data-targeted advertising is inevitable. Companies go back and forth on how much to collect and how much to anonymize, but the overall choices have turned out very much the same. Apple ran into its own version of this problem when Yosemite launched last year: the revamped Spotlight Search function fed queries back to Apple Headquarters. But if Spotlight is going to handle web-facing queries like "restaurants near me," what else could it do?

For a long time, Microsoft was the exception to this rule. The company has rolled out lots of cloud services, but they've been discrete offerings, rarely baked into the OS itself, in part because the new approach cut against Microsoft's traditional strengths. That logic changed with Windows 10 because it had to. If Microsoft is going to steal users back from Apple and Google, it needs to match services like Siri and Google Voice, which means plugging into the cloud at the deepest possible level.

But while software has changed, the world has been changing around it. Corporate clouds aren't as secure as they once were, and we've seen them compromised by government spies and Redditors alike. Last year, Microsoft chased down an in-house leaker by peeking into a private blogger's Hotmail account, offering profuse apologies after the fact. But for anyone who wants to exercise stronger control over their own email, their own hardware, their own data, it's hard to know where to turn. Leaving your computer in a company's hands is quite literally the only option.

If you currently have a username with "@" in it, please email support@voxmedia.com.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot username?

We'll email it to you.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot username?

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Great!

Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.

More than three months after the Internal Revenue Service shut down its online tax transcript service because of a massive identity theft effort, the IRS is now acknowledging that the number of affected taxpayers is more than three times the agency’s initial estimate. And the number of affected taxpayers may continue to grow as the agency digs into logs of hundreds of thousands of connections to its Get Transcript application over the past year. Today, the agency announced that there were, in total, more than 600,000 suspicious attempts made to create user accounts on the transcript system using what appears to be stolen personal identifying information from recent credit card breaches and other corporate hacks; more than 300,000 of those attempts succeeded.

The Get Transcript Web application provided online access to all taxpayers’ tax transactions and enough information for the submission of fraudulent tax returns to obtain refunds or for more elaborate fraud—including applying for all manner of credit. Obtaining an account to view transcript data required only knowing the name, birth date, Social Security number, tax filing status (married, single, head of household), and address associated with a household’s tax returns. Brian Krebs had previously reported on the weakness of the security of the system after being alerted to a case of tax return fraud by a reader, and Krebs urged people to set up accounts on the system before a fraudster beat them to it.

Originally, the IRS believed that only about 200,000 attempts were made to create Get Transcript accounts, using a scripted attack from suspicious Internet addresses—of which the agency thought about 100,000 were successful. The service was taken offline, and it remains unavailable as the IRS investigates the breach. However, it’s still possible to obtain tax transcripts through mail by sending a letter with a Social Security number, date of birth, and address from the most recent tax return—so fraud remains possible using stolen data, albeit at snail-mail rates.

Welcome to the second annual Verge Hack Week. We're totally blowing up our site: we've given our reporters and editors the entire week to play with new tools and experiment with new storytelling ideas, while members of our amazing product team have gathered in New York to help build all sorts of interesting new things. Learn more.

Idris Elba is a Hollywood icon. Whether it's reinventing the Baltimore drug trade as Stringer Bell in The Wire or canceling the apocalypse in Pacific Rim, the man has a commanding presence onscreen that's hard to deny. And he's parlayed these performances into even bigger opportunities. Like that time he broke a land speed record.

We here at The Verge (read: me and maybe a handful of my colleagues) are big fans of Idris' and appreciate his work. But how much do you, dear reader, know about his accomplishments? Well, in the spirit of Hack Week 2015, I invite you to take this short quiz. Enjoy!

Something squirrely has been going on over at Kentucky Fried Chicken. Last spring, the company trotted out Colonel Sanders as part of a 75th anniversary brand refresh, by which we mean going back to its old branding. Seeing as how the original camera-friendly founder Colonel Sanders was dead, KFC tapped Darrell Hammond (a man with experience replacing deceased pop-culture touchstones) to impersonate the Southern gentlemen for a series of ads.

Now, in an apparent acknowledgement of their pitchman’s ersatz nature, KFC has replaced Hammond with fellow SNL alum Norm Macdonald. While Hammond was likely picked because of his impressionistic talents, Macdonald’s iteration is intentionally lacking in the Colonel’s je ne sais quoi. Things get very meta very quickly in a series of new spots, as the “real” Colonel grouses about imposters trying to steal his mojo:

The ads are a continuation of KFC’s increasingly self-aware campaign ...