DevNull127 writes: A video report from NBC News profiles "Springboard to Opportunities," an advocacy group for affordable housing residents that's now also testing $1,000-a-month payments (privately-funded) for 20 women in Mississsippi chosen at random. One senior-living aid making $10.31 an hour says the grants represent "a little freedom". She's using the money to pay down debt — and to visit the father in Pennsylvania who she hasn't seen in 20 years.

Meanwhile, CBS MoneyWatch checked in on one of the 14 people picked to receive $1,000 a month for an entire year in the "Freedom Dividend Pilot Program" of U.S. presidential candidate Andrew Yang. "Sure, there's going to be outliers that take advantage of any situation," says Chad Dzizek. "But most people are just trying to get by. Having extra money in hand would only help move that process along. And I don't see myself slacking off anymore. If anything, I'm going to be more aggressive in tackling my goals because it's that much more available."

That article adds that Yang, a former tech entrepreneur, "sees this as a way to reduce poverty and income inequality, especially as computers increasingly replace people in the workplace." Although the program has already run into at least one hitch.

Following the program's announcement in September, the former chairman of the Federal Elections Commission told CBS News that the program appears to violate "personal use" campaign finance laws since the funds come from Yang's campaign and not his own pocket. Others, however, have argued that the program could be classified as an advertisement for the campaign. The Yang campaign declined to comment.
Business Insider also has an update on the Basic Income plan of Michael Tubbs, the 28-year-old mayor of Stockton, California, where 125 people making less than $46,000 a year are now being given $500 a month. "In October, Stockton released the first set of data about how the program was faring. Most participants, initial results showed, were using their stipends to buy groceries and pay their bills.

"Tubbs told Business Insider that these preliminary findings gave him even more confidence that basic income would benefit his city -- and could even serve as a national solution to income inequality... Stockton's basic-income experiment is designed to last for 18 months, so there are still about eight to go. If the pilot is successful, Tubbs said, the city will consider expanding the program."

Verizon is laying off 150 U.S. staffers this week across multiple teams in the organization. CNN reports: Verizon Media employs around 10,500 people [across media brands that include Yahoo, AOL, TechCrunch and HuffPost], so these cuts will amount to 1.4% of its work force. It's unclear which brands will be affected. In January, Verizon Media laid off roughly 800 employees, or about 7% of its staff at the time, as the division's revenues failed to meet expectations.

A spokesperson for Verizon Media confirmed the layoffs to CNN Business. "Our goal is to create the best experiences for our consumers and the best platforms for our customers. Today we are investing in premium content, connections and commerce experiences that connect people to their passions and continue to align our resources to opportunities where we feel we can differentiate ourselves and scale faster," the spokesperson said in a statement.

An anonymous reader shares a report: Verizon, which bought Yahoo in 2017, has suspended email addresses of archivists who are trying to preserve 20 years of content that will be deleted permanently in a few weeks. As Verizon announced in October, the company intends to wipe all content from Yahoo Groups. As of December 14, all previously posted content on the site will be permanently removed. The mass deletion includes files, polls, links, photos, folders, database, calendar, attachments, conversations, email updates, message digests, and message histories that was uploaded to Yahoo servers since pre-Google 1990s. Verizon planned to allow users to download their own data from the site's privacy dashboard, but apparently it has a problem with the work of The Archive Team who wants to save content to upload it to the non-profit Internet Archive, which runs the popular Wayback Machine site.

"Yahoo banned all the email addresses that the Archive Team volunteers had been using to join Yahoo Groups in order to download data," reported the Yahoo Groups Archive Team. "Verizon has also made it impossible for the Archive Team to continue using semi-automated scripts to join Yahoo Groups -- which means each group must be rejoined one by one, an impossible task (redo the work of the past four weeks over the next 10 days)."

Mark Wilson quotes BetaNews: Apple has failed in an attempt to block a class action lawsuit being brought against it by a customer who claimed the company concealed the problematic nature of the butterfly keyboard design used in MacBooks.

The proposed lawsuit not only alleges that Apple concealed the fact that MacBook, MacBook Pro and MacBook Air keyboards were prone to failure, but also that design defects left customers out of pocket because of Apple's failure to provide an effective fix.
Engadget argues that Apple "might face an uphill battle in court.

"While the company has never said the butterfly keyboard design was inherently flawed, it instituted repair programs for that keyboard design and even added the latest 13-inch MacBook Pro to the program the moment it became available. Also, the 16-inch MacBook Pro conspicuously reverted to scissor switches in what many see as a tacit acknowledgment that the earlier technology was too fragile."

Luke Skywalker wasn't going to be the only Jedi in the final Star Wars movie, reports Yahoo Entertainment: In the original version of the ninth and final installment, The Rise of Skywalker, his sister, Leia (played by Carrie Fisher), was going to emerge as a full-fledged Jedi warrior, complete with her very own lightsaber. That's according to no less an authority than Fisher's real-life brother, Todd Fisher, who filled us in on what the plan was for his sister's iconic character prior to her sudden death in December 2016. "She was going to be the big payoff in the final film," Fisher reveals exclusively to Yahoo Entertainment. "She was going to be the last Jedi, so to speak. That's cool right....? People used to say to me, 'Why is it that Carrie never gets a lightsaber and chops up some bad guys,'" Fisher says, noting that Alec Guinness was roughly the same age when Obi-Wan Kenobi battled Darth Vader in A New Hope. "Obi-Wan was in his prime when he was Carrie's age...!"

Unfortunately, a version of The Rise of Skywalker where Leia picks up her father and brother's chosen weapon can only exist in our imaginations. After Fisher's death, her alter ego's arc had to be re-conceived by returning director J.J. Abrams, who previously directed the actress in 2015's The Force Awakens. "The truth is that J.J. Abrams was great friends with Carrie... he had an extraordinary sense of love for her," her brother says. It was that love that led the filmmaker to make a bold, and creatively risky decision: take unused footage of Leia left over from The Force Awakens and make it part of The Rise of Skywalker. "They had eight minutes of footage," Fisher tells us. "They grabbed every frame and analyzed it... and then reverse-engineered it and [got] it into the story the right way. It's kind of magical."

"Microsoft's Bing search engine reportedly still served up child porn, nearly a year after the tech giant said it was addressing the issue," reports CNET: The news comes as part of a Saturday report in The New York Times that looks at what the newspaper says is a failure by tech companies to adequately address child pornography on their platforms.... [A] former Microsoft executive told the Times that it now looks as if the company is failing to use its own tools. The Times' Saturday report notes that 10 years ago, Microsoft helped create software called PhotoDNA that "can use computers to recognize photos, even altered ones, and compare them against databases of known illegal images." But, the Times said, Bing and other search engines that use Bing's results are serving up imagery that doesn't pass muster with PhotoDNA....

The Bing news is part of a larger story from the Times about how various tech companies are dealing with child porn on their platforms.
The Times criticizes a tech industry which they say is looking the other way: Amazon, whose cloud storage services handle millions of uploads and downloads every second, does not even look for the imagery. Apple does not scan its cloud storage, according to federal authorities, and encrypts its messaging app, making detection virtually impossible. Dropbox, Google and Microsoft's consumer products scan for illegal images, but only when someone shares them, not when they are uploaded. And other companies, including Snapchat and Yahoo, look for photos but not videos, even though illicit video content has been exploding for years. (When asked about its video scanning, a Dropbox spokeswoman in July said it was not a "top priority." On Thursday, the company said it had begun scanning some videos last month.)

The largest social network in the world, Facebook, thoroughly scans its platforms, accounting for over 90 percent of the imagery flagged by tech companies last year, but the company is not using all available databases to detect the material. And Facebook has announced that the main source of the imagery, Facebook Messenger, will eventually be encrypted, vastly limiting detection.

An anonymous reader quotes a Yahoo News 360 report on Americans who hate Daylight Saving Time: A push to end the semiannual clock shift, which has been shown to correlate with negative health and productivity outcomes, is gaining steam throughout the country. Most of the momentum is behind a movement to make daylight saving time permanent so the "spring forward" lasts all year long. A number of states including California, Florida, Washington and Oregon have taken legislative steps to do just that, but an act of Congress would be needed for any of those changes to go into effect.
Meanwhile, CBS News reports: Most people across the country will see their clocks roll back an hour this weekend as nearly eight months of daylight saving time come to an end. It is part of a twice-a-year ritual that most want to stop. Seven in 10 Americans prefer not to switch back and forth to mark daylight saving time, a new poll shows.
The poll also shows that 33% of Americans younger than 45 prefer the current system of switching clocks twice a year -- compared to just 24% of Americans 45 or older.

Google owner Alphabet has made an offer to acquire U.S. wearable device maker Fitbit, as it eyes a slice of the crowded market for fitness trackers and smartwatches, Reuters reported Monday, citing familiar with the matter. From the report: While Google has joined other major technology companies such as Apple and Samsung in developing smart phones, it has yet to develop any wearable offerings. There is no certainty that the negotiations between Google and Fitbit will lead to any deal, the sources said, asking not to be identified because the matter is confidential.

A user writes: When it comes to using strong username and passwords for administrative purposes let alone customer facing portals, Equifax appears to have dropped the ball. Equifax used the word "admin" as both password and username for a portal that contained sensitive information, according to a class action lawsuit filed in federal court in the Northern District of Georgia. The ongoing lawsuit, filed after the breach, went viral on Twitter Friday after Buzzfeed reporter Jane Lytvynenko came across the detail. "Equifax employed the username 'admin' and the password 'admin' to protect a portal used to manage credit disputes, a password that 'is a surefire way to get hacked,'" the lawsuit reads. The lawsuit also notes that Equifax admitted using unencrypted servers to store the sensitive personal information and had it as a public-facing website. When Equifax, one of the three largest consumer credit reporting agencies, did encrypt data, the lawsuit alleges, "it left the keys to unlocking the encryption on the same public-facing servers, making it easy to remove the encryption from the data." The class-action suit consolidated 373 previous lawsuits into one. Unlike other lawsuits against Equifax, these don't come from wronged consumers, but rather shareholders that allege the company didn't adequately disclose risks or its security practices.

Yahoo announced on Wednesday that it is winding down its long-running Yahoo Groups site. From a report: As of October 21, users will no longer be able to post new content to the site, and on December 14 Yahoo will permanently delete all previously posted content. "You'll have until that date to save anything you've uploaded," an announcement post reads. Yahoo Groups, launched in 2001, is a cross between a platform for mailing lists and internet forums. Groups can be interacted with on the Yahoo Groups site itself, or via email. In the 18 years that it existed, numerous niche communities made a home on the platform. Now, with the site's planned obsolescence, users are looking for ways to save their Groups history.

A former Yahoo software engineer pleaded guilty yesterday to hacking into the personal accounts of over 6,000 Yahoo users, in search of sexual images and videos. From a report: Reyes Daniel Ruiz, 34, of Tracy, California, worked for more than ten years for Yahoo!, where he served as a reliability engineer for the company's Yahoo! Mail service, among other roles. According to court documents, Ruiz used the access to Yahoo!'s internal network that his job provided to crack users' passwords and gain access to their email accounts. In total, he accessed about 6,000 accounts, most belonging to younger women, including personal friends and work colleagues. Once in, he searched and downloaded images and videos, which he stored at home on a hard drive. Ruiz also used access to the hacked Yahoo! email inboxes to compromise accounts at services like Apple iCloud, Facebook, Gmail, DropBox, and others, where the victims used the Yahoo! email address to register accounts. He did this by requesting password resets on the third-party sites, which he received inside the victim's Yahoo! inboxes. Ruiz then continued his search of personal images and videos on these new accounts.

Matthew Green, a cryptographer and professor at Johns Hopkins University, writes: So what did Snowden's leaks really tell us? The brilliant thing about the Snowden leaks was that he didn't tell us much of anything. He showed us. Most of the revelations came in the form of a Powerpoint slide deck, the misery of which somehow made it all more real. And despite all the revelation fatigue, the things he showed us were remarkable. I'm going to hit a few of the highlights from my perspective. Many are cryptography-related, just because that's what this blog is about. Others tell a more basic story about how vulnerable our networks are.

"Collect it all"

Prior to Snowden, even surveillance-skeptics would probably concede that, yes, the NSA collects data on specific targets. But even the most paranoid observers were shocked by the sheer scale of what the NSA was actually doing out there. The Snowden revelations detailed several programs that were so astonishing in the breadth and scale of the data being collected, the only real limits on them were caused by technical limitations in the NSA's hardware. Most of us are familiar with the famous examples, like nationwide phone metadata collection. But it's the bizarre, obscure leaks that really drive this home. "Optic Nerve": From 2008-2010 the NSA and GCHQ collected millions of still images from every Yahoo! Messenger webchat stream, and used them to build a massive database for facial recognition. The collection of data had no particular rhyme or reason -- i.e., it didn't target specific users who might be a national security threat. It was just... everything.

A Spanish private security firm spied on Wikileaks founder Julian Assange on behalf of the CIA while he was inside Ecuador's embassy in London, according to the Spanish newspaper El Pais. An anonymous reader quotes AFP: Citing unspecified documents and statements, the paper said Undercover Global Ltd, which was responsible for security at the embassy while Assange was staying there, sent the US intelligence service audio and video files of meetings he had with his lawyers. The reports were allegedly handed over by David Morales, who owns the company and is currently being investigated by Spain's National Court, the paper said....

According to El Pais, Undercover Global installed microphones in the embassy's fire extinguishers as well as in the women's toilets where Assange's lawyers used to meet for fear of being spied on. It said the company also installed a streaming system so the recordings could be directly accessed by US officials, enabling them to spy on a meeting Assange had with Ecuador's secret service chief Rommy Vallejo in December 2017.
El Pais reports that the company's team was also ordered to install stickers that prevented the windows from vibrating in one of the rooms Assange used, "allegedly to make it easier for the CIA to record conversations with their laser microphones."

People who had Yahoo accounts between 2012 and 2016 can now apply for a cash payment of $100, but the final amount you receive could be more or less than $100 depending on how many people file claims. From a report: It's also possible to file claims for up to $25,000 if you can document actual out-of-pocket losses and lost time due to the breach. However, actual payouts for all claims could be much lower if the total amount claimed exceeds what's available from the $117.5 million settlement. The settlement class potentially includes up to 194 million people, so these amounts would be paid in full only if the vast majority of eligible people don't ask for money. The settlement website lets all class members choose from at least two years of free credit monitoring services or the $100 cash payment. While that amount isn't guaranteed, just like in the Equifax settlement, at least the Yahoo settlement website makes that clear up front.

"The US military has been forced to apologise for tweeting that it would use stealth-bombers on 'millenials' who try to storm Area 51," reports Yahoo News UK: More than two million people signed up to a Facebook event recently which encouraged atendees to visit the top secret base in Nevada. But only a few thousand UFO enthusiasts turned up on Friday to the facility, which is rumoured to contain secrets about aliens. As hordes of enthusiasts turned up the PR arm of the US military, called the Defence Visual Information Distribution Service (DVIDS), tweeted: "The last thing #Millennials will see if they attempt the #area51raid today" with a picture of military officers in front of a stealth bomber.

Shortly afterwards the tweet was deleted and the unit apologised saying it "in no way" reflects their stance... "It was inappropriate and we apologize for this mistake."

Around 1,000 people visited the facility's gates on Friday and at least six were arrested by police.

The Storm Area 51 invitation spawned festivals in the tiny nearby towns of Rachel and Hiko, more than two hours' drive from Las Vegas. Lincoln County Sheriff Kerry Lee estimated late on Thursday that about 1,500 people had gathered at the festival sites, and more than 150 made the trip several additional miles on bone-rattling dirt roads to get within selfie distance of the gates.... "It's public land," the sheriff said. "They're allowed to go to the gate as long as they don't cross the boundary."
Most of the arrests were for "misdemeanor trespassing on base property," which carries a $1,000 fine, according to the article. "In the end, no one actually 'stormed' Area 51, although deputies in rural Nye County resorted to 'heated warnings' to disperse as many as 200 people," reports the Associated Press.

In another article the news service also quotes Lincoln County emergency services chief Eric Holt as saying resources had been mustered to handle up to 30,000 people and calling the low turnout a "best-case" scenario... Although there were two car crashes involving cows. "The cows died, but motorists weren't hurt."

The main festival apparently drew 3,000 attendees, while the rival "Area 51 Basecamp" festival sold just 500 tickets for their Friday concert, prompting them to cancel their Saturday concert altogether. Its promoter told the Associated Press, "It was a gamble financially. We lost."

Facebook revealed Friday that it had suspended "tens of thousands" of apps that may have mishandled users' personal data, [Editor's note: the link may be paywalled; alternative source] part of an investigation sparked by the social giant's entanglement with Cambridge Analytica. From a report: The suspensions -- far more than the hundreds against which Facebook has taken action against in the past -- occurred for a "variety of reasons," the company said in a blog post, without elaborating. They were associated with about 400 developers. Facebook said it had investigated millions of apps and targeted those that Facebook said had access to "large amounts of information" or had the "potential to abuse" its policies. Facebook said some of the apps were banned for inappropriately sharing users' data, the same violation of company policy that led to the Cambridge Analytica scandal. It added that its investigation, now 18 months long, isn't yet complete.

A Navy official has confirmed that recently released videos of unidentified flying objects are real, but that the footage was not authorized to be released to the public in the first place. From a report: Joseph Gradisher, the spokesman for the Deputy Chief of Naval Operations for Information Warfare, confirmed to TIME that three widely-shared videos captured "Unidentified Aerial Phenomena." Gradisher initially confirmed this in a statement to "The Black Vault" a website dedicated to declassified government documents. "The Navy designates the objects contained in these videos as unidentified aerial phenomena," Gradisher told the site.

He tells TIME that he was "surprised" by the press coverage surrounding his statement to the site, particularly around his classification of the incursions as "unidentifiable," but says that he hopes that leads to UAP's being "de-stigmatized." "The reason why I'm talking about it is to drive home the seriousness of this issue," Gradisher says. "The more I talk, the more our aviators and all services are more willing to come forward." Gradisher would not speculate as to what the unidentified objects seen in the videos were, but did say they are usually proved to be mundane objects like drones -- not alien spacecraft. "The frequency of incursions have increased since the advents of drones and quadcopters," he says. The three videos of UFOs were published by the New York Times and "To the Stars Academy of Arts and Science," a self-described "public benefit corporation" co-founded by Tom DeLonge, best known as the vocalist and guitarist for the rock band, Blink-182.

Zach Dorfman, Jenna McLaughlin, and Sean D. Naylor, reporting for Yahoo News: On Dec. 29, 2016, the Obama administration announced that it was giving nearly three dozen Russian diplomats just 72 hours to leave the United States and was seizing two rural East Coast estates owned by the Russian government. As the Russians burned papers and scrambled to pack their bags, the Kremlin protested the treatment of its diplomats, and denied that those compounds -- sometimes known as the "dachas" -- were anything more than vacation spots for their personnel. The Obama administration's public rationale for the expulsions and closures -- the harshest U.S. diplomatic reprisals taken against Russia in several decades -- was to retaliate for Russian meddling in the 2016 presidential election. But there was another critical, and secret, reason why those locations and diplomats were targeted.

Both compounds, and at least some of the expelled diplomats, played key roles in a brazen Russian counterintelligence operation that stretched from the Bay Area to the heart of the nation's capital , according to former U.S. officials. The operation, which targeted FBI communications, hampered the bureau's ability to track Russian spies on U.S. soil at a time of increasing tension with Moscow, forced the FBI and CIA to cease contact with some of their Russian assets, and prompted tighter security procedures at key U.S. national security facilities in the Washington area and elsewhere, according to former U.S. officials. It even raised concerns among some U.S. officials about a Russian mole within the U.S. intelligence community. "It was a very broad effort to try and penetrate our most sensitive operations," said a former senior CIA official.

American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams. Officials also feared that the Russians may have devised other ways to monitor U.S. intelligence communications, including hacking into computers not connected to the internet. Senior FBI and CIA officials briefed congressional leaders on these issues as part of a wide-ranging examination on Capitol Hill of U.S. counterintelligence vulnerabilities.

An anonymous reader quotes ZDNet: Kyle Milliken, a 29-year-old Arkansas man, was released last week from a federal work camp. He served 17 months for hacking into the servers of several companies and stealing their user databases. Some of the victims included Disqus, from where he stole 17.5 million user records, Kickstarter, from where he took 5.2 million records, and Imgur, with 1.7 million records. For years, Milliken and his partners operated by using the credentials stolen from other companies to break into more lucrative accounts on other services.

If users had reused their passwords, Milliken would access their email inboxes, Facebook, Twitter, or Myspace accounts, and post spam promoting various products and services. From 2010 to 2014, Milliken and his colleagues operated a successful spam campaign using this simple scheme, making more than $1.4 million in profits, and living the high life. Authorities eventually caught up with the hacker. He was arrested in 2014, and collaborated with authorities for the next years, until last year, when it leaked that he was collaborating with authorities and was blackballed on the cybercrime underground....

In an interview with ZDNet last week, Milliken said he's planning to go back to school and then start a career in cyber-security... [H]e publicly apologized to the Kickstarter CEO on Twitter. "I've had a lot of time to reflect and see things from a different perspective," Milliken told ZDNet. "When you're hacking or have an objective to dump a database, you don't think about who's on the other end. There's a lot of talented people, a ton of work, and even more money that goes into creating a company... there's a bit of remorse for putting these people through cyber hell."
He also has a message for internet uesrs: stop reusing your passwords. And he also suggests enabling two-factor authentication.

"I honestly think that the big three email providers (Microsoft, Yahoo, Google) added this feature because of me."

An anonymous reader quotes ZDNet: While Sun open-sourced some of Java as long ago as November 2006, actually using Java in an open-source way was... troublesome. Just ask Google about Android and Java. But for Java in the enterprise things have changed. On September 10, The Eclipse Foundation announced the full open-source release of the Jakarta EE 8 Full Platform and Web Profile specifications and related Technology Compatibility Kits (TCKs).

This comes after Oracle let go of most of Java Enterprise Edition's (JEE) intellectual property. Oracle retains Java's trademarks though -- thus Java EE's naming convention has been changed to Jakarta EE. But for practical programming and production purposes Jakarta EE 8 is the next generation of enterprise Java.... Jakarta EE 8 also includes the same APIs and Javadoc using the same programming model Java developers have always used. The Jakarta EE 8 TCKs are based on and fully compatible with Java EE 8 TCKs. All of this means enterprise customers will be able to migrate to Jakarta EE 8 without any changes to Java EE 8 applications.

Eclipse hasn't been doing this in a vacuum. Fujitsu, IBM, Oracle, Payara, Red Hat, Tomitribe, and other members of what was once the Java community have been working on Jakarta EE... All of the Jakarta EE Working Group vendors intend to certify their Java EE 8 compatible implementations as Jakarta EE 8 compatible. In other words, Jakarta is the future for Java EE.
Oracle is now working on delivering a Java EE 8 and Jakarta EE 8 compatible implementation of their WebLogic Server.

The Eclipse Foundation says Jakarta EE 8's release "provides a new baseline for the evolution and innovation of enterprise Java technologies under an open, vendor-neutral, community-driven process."