Future Tense
The Citizen's Guide to the Future

Feb. 23 2015 12:54 AM

ABC’s Live Stream of the Oscars Was Even Worse Than the Oscars

Sunday’s Oscar ceremony featured two historic moments. One was Poland’s first Oscar: Ida, the black-and-white movie about a nun traveling through ’60s Europe, won for Best Foreign Language Film. The second came when Pawel Pawlikowski, the movie’s dapper director, took the stage to accept the award.

Pawlikowski launched into a seemingly never-ending stream of thank-yous, prompting the inevitable swell of play-off music. The director sped up his speech but kept on going, and then … the music stopped. That’s right: Pawel Pawlikowski, hero of our times, went up against the music that dispensed hundreds of directors, actors, and producers before him, and won. The audience erupted in cheers, and several later awardees, inspired by his example, fought the music as well.

Welcome to 2015, when everyone’s afraid of superintelligent machines taking over the world and no one can run a half-decent live stream.

Last month, NBC streamed the Super Bowl for free to anyone who wanted to watch. The execution was pretty terrible. But at least it was a noble effort.  

On Sunday night, ABC streamed the Oscars—but only to people who were already paying for cable, and only if they happened to live in one of the eight U.S. cities in which ABC owns and operates a local station. Somehow, despite the tightly restricted audience, ABC’s execution was even worse.

Multiple times during the online broadcast, viewers were booted without warning from the Oscars to unrelated ABC programming. On the East Coast, I found myself suddenly watching the opening scenes of the 2010 David Fincher movie The Social Network. Friends on the West Coast reported that they were abruptly transported to Jeopardy. This happened both to people watching on the Web at abc.go.com and to those watching on mobile devices via the Watch ABC app.

In short, ABC accidentally changed the channel on its online audience at least twice. It took several minutes for the feed to revert to the Oscars telecast, although you could get there a little faster by refreshing the feed (and re-selecting your cable provider). Either way, there was a good chance you missed an award or performance while Alex Trebek or Jesse Eisenberg were talking.

When Sean Penn took the stage to present the award for Best Picture, I half-expected ABC to cut over to Heidi.

All of this, mind you, was on top of the slowness that typically mars network live feeds of big events. The lag on my Oscars feed wasn’t as bad as it was for the Super Bowl, but it was long enough to allow Twitter to tell me who won each award before the presenters did. On second thought, maybe I would have been better off just sticking with The Social Network.

Again, live-streaming events to a mass audience isn’t easy. But it can't be as impossible as the recent efforts of ABC, NBC, Microsoft, and Apple would lead us to believe. Just look at Major League Baseball, which routinely live-streams games on MLB.tv without a hitch. ABC’s own corporate sibling, ESPN, streams sporting events every night of the week on WatchESPN without ever (in my experience) randomly booting its audience over to First Take or Around the Horn. What gives, ABC?

Video Advertisement

Feb. 22 2015 9:30 AM

How to Watch the Oscars Online, and Why You Probably Can’t

Update, Feb. 23, 2015, 1:07 a.m.: ABC’s live stream of the Oscars didn’t go so well, abruptly cutting more than once to unrelated programming like The Social Network and Jeopardy. You can read more about the live-stream problems here.

Original story: Hollywood’s greatest annual festival of self-promotion will be televised nationally on ABC, with red-carpet coverage starting at 7 p.m. Eastern time on Sunday. The show itself starts at 8:30 p.m. Eastern.

Good news: The Oscars will also be broadcast online.

Bad news: You’ll only be able to watch the online broadcast if you already have a cable TV subscription—in which case, why would you need to watch it online? And even if you do have cable, you’ll only be able to watch it if you reside in one of the eight markets that have ABC-owned-and-operated stations.  

For those who meet the criteria, ABC will live-stream the show on the Web at the following URL: http://abc.go.com/watch-live.

You can also watch it on mobile devices by downloading the Watch ABC app, which is available for free on Apple’s App Store, the Google Play store, and the Amazon Appstore.

Again, in all of these cases, however, you’ll be asked to log in using credentials from your pay-TV provider before you can watch the show. No cable, no Oscars. And here are the eight markets in which the live stream will be available:

  • New York
  • Los Angeles
  • Chicago
  • Houston
  • Philadelphia
  • San Francisco
  • Raleigh-Durham, North Carolina
  • Fresno, California

Do you live in Atlanta, Seattle, Detroit, or any other U.S. city aside from the eight above? You’re out of luck if you were hoping to watch the Oscars online.

What you can watch without a verified cable subscription is an “Oscars backstage” live feed that will include red-carpet interviews and such, but not the actual telecast. That’s available on the Web, the Watch ABC app, or ABC’s Facebook page. It’s designed more as a “second-screen” option for people who are watching the actual show on their TV.

If you’re a cable cord-cutter, your best bet for watching the actual show is to watch it over the air, on a TV with a digital antenna.

If this all sounds rather cruel and arbitrary from the cord-cutter’s perspective, it is. But ABC has business reasons for limiting its live stream in this way. In short, networks don’t make as much money from the ads sold on live streams of their telecasts. And, in general, media companies have little interest in catering to cord-cutters, whom they view as undermining a bulwark of their business models. Yes, ABC networks are free to watch over the air, but ABC is owned by Disney, and the company also owns a slew of cable channels.

The Oscars are one case where even the much-hyped new “cable for cord-cutters” service, Sling TV, won’t help you. Sling TV so far is limited to a select group of cable channels, including CNN and ESPN, and does not include any of the major networks. Aereo, we miss you!

Previously in Slate:

Feb. 20 2015 6:36 PM

Here’s How to Remove the Ghastly Superfish Adware From Lenovo Laptops

Whether you have a Lenovo PC or not, you’ve probably heard about the the “virulent, evil adware” called Superfish that’s been shipping on the company’s consumer laptops since September. And if you do own a Lenovo, you probably know that you should check whether your machine is affected. But maybe you haven’t because there was a Long Island Medium marathon on TV and then you had to eat two bowls of cereal. Totally understandable. But now it’s time to deal with this. It won’t take long.

A few sites have cropped up that quickly tell you whether your laptop is running Superfish, like this test from Filippo Valsorda and this one from LastPass. Lenovo also provided a list of laptop models that could have shipped with the adware pre-installed. The company says, “Lenovo never installed this software on any ThinkPad notebooks, nor any desktops, tablets, smartphones or servers.” As PCWorld points out, you’ll also know that Superfish is lurking if you get ads when you’re browsing the Internet that are “Visual Search results powered by VisualDiscovery.”

The first thing to do if you find out you have Superfish installed is to navigate through Control Panel --> Programs --> Uninstall a Program, then find “VisualDiscovery,” and uninstall.

Then make sure that the root certificate Superfish put in your trusted certificate list gets deleted, because that’s the primary component that compromises your secure browsing. On Friday, Microsoft released an update for its Windows Defender that uninstalls both the Superfish program and the root certificate, so if you run that you should be in good shape. Tests of the Windows Defender update show that it is effective.

You can also manually go into your computer’s certificate manager and remove the certificate. In Windows search look up “certmgr.msc” to open the right window. From there, click “Trusted Root Certification Authorities” and then “Certificates.” Find the Superfish Inc. certificate and delete the crap out of that sucker.

If you use Firefox, the last step is specifcally removing the certificate from the browser’s own certifcate storage. Navigate to Preferences --> Advanced --> Certificates --> View Certificates, and then scout for your old friend Superfish. Then rock some “Delete or Distrust.”

If your laptop has been running this hideous adware, you probably should also change all of your passwords and watch for any strange activity on important accounts. Thanks a lot, Lenovo.

Feb. 20 2015 2:10 PM

Scottish Police Accidentally Deleted 20,000 Records, Blame Programming Error

Scottland’s police stop-and-search policy has been controversial for years, and a parliamentary justice subcommittee has been trying to get to the bottom of some fishy statistics about recent stop-and-search rates for groups like children. But it turns out that there’s something really basic at work: The police department accidentally deleted 20,000 relevant records.

In a meeting with the subcommittee, Assistant Chief Constable Wayne Mawson said that the stop-and-search records disappeared because a “computer programmer pressed a wrong button between May and July last year, and that lost the results data from those records.” Ah, the magic poof! button.

He went on to say, “They’d been properly put on the system by the officers as a result of stopping and searching people, but we lost the outcome of it as a computer programming error.” He also said that they are working to reconstruct the results from officer notes and other sources.

Alison McInnnes, a member of the justice subcommittee, said that the police response was “incoherent.” And Guardian data journalist and former programmer Marc Ellison points out that almost all databases have redundancies to avoid these exact types of situations. He also notes that it’s pretty standard practice in 2015 to create backups of important data. You don’t even have to be a former programmer to know that.

Feb. 20 2015 11:21 AM

Will Technology Put an End to Disability? A Future Tense Event.

Attention-grabbing advances in robotics and neurotechnology have caused many to rethink the concept of human disability. A paraplegic man in a robotic suit took the first kick at the 2014 World Cup, for instance, and the FDA has approved a bionic arm controlled with signals from the brain. It’s not hard to imagine that soon these advances may allow people to run, lift, and even think better than what is currently considered “normal”—challenging what it means to be human. But some in the disability community reject these technologies; for others, accessing them can be an overwhelmingly expensive and bureaucratic process. As these technological innovations look more and more like human engineering, will we need to reconsider what it means to be able and disabled?

We’ll discuss these questions and more at noon on Wednesday, March 4, at the New America office in Washington, D.C. The event is presented by Future Tense in collaboration with the award-winning documentary on disability and technology Fixed: The Science/Fiction of Human Enhancement. You can find the event agenda and the trailer for Fixed below; to RSVP, click here. The venue is wheelchair accessible, and an American Sign Language interpreter will be present.

The event will also be streamed live on the New America website.  

Agenda

Noon: Engineering Ability

​Jennifer French
Executive director, Neurotech Network

Larry Jasinksi
CEO, ReWalk Robotics

Will Oremus 
Senior technology writer, Slate

12:45 p.m.: T​he Promise and Peril of Human Enhancement

​Gregor Wolbring
Associate professor, University of Calgary

Julia Bascom
Director of programs, Autistic Self Advocacy Network

Teresa Blankmeyer Burke
Assistant professor of philosophy, Gallaudet University

Lawrence Carter-Long
Public affairs specialist, National Council on Disability

Feb. 19 2015 7:29 PM

U.S. Treasury Wakes Up in the 21st Century, Starts Accepting PayPal

The U.S. government's Fiscal Service does collections for money owed to federal agencies. And that's not chump change. Last year it collected $3.73 trillion in revenue from more than 400 million transactions. That's a lot to keep track of. So in an attempt to become hip to the haps, the service announced Wednesday that it is going to start accepting certain payments through PayPal and the online payment service Dwolla.

The first step will be rolling out PayPal and Dwolla on Pay.gov, one of the government's electronic suites that handles collections. Corvelli McDaniel, the assistant commissioner for revenue collections management for Fiscal Service, said in a statement, "Digital wallets provide convenience, simplicity, and a trusted customer experience, while achieving cost effectiveness for the Federal Government."

Dwolla said in a blog post about the collaboration, "Dwolla is now a live payment option for many U.S. agencies (and this will grow over time)–allowing any taxpayer with a U.S. bank or credit union account to ... pay for a whole host of federal fees, products, and permits."

Modernizing feels like a good thing, especially for an entity like the federal government that always seems so far behind. But when it comes to digital services, privacy and security is on everyone’s minds these days. This initiative will create one more way for the government to get hacked. They just can't win.

Feb. 19 2015 4:07 PM

Hacker Says He Was Hit With 44 Felonies After He Declined to Work With FBI

This post originally appeared in WIRED.

A year ago, the Department of Justice threatened to put Fidel Salinas in prison for the rest of his life for hacking crimes. But before the federal government brought those charges against him, Salinas now says, it tried a different tactic: recruiting him.

A Southern District of Texas judge sentenced Salinas earlier this month to six months in prison and a $10,600 fine after he pleaded guilty to a misdemeanor count of computer fraud and abuse. The charge stemmed from his repeatedly scanning the local Hidalgo County website for vulnerabilities in early 2012. But just months before he took that plea, the 28-year-old with ties to the hacktivist group Anonymous instead faced 44 felony hacking and cyberstalking charges, all of which were later dismissed. And now that his case is over, Salinas is willing to say why he believes he faced that overwhelming list of empty charges. As he tells it, two FBI agents asked him to hack targets on the bureau’s behalf, and he refused.

Over the course of a six-hour FBI interrogation in May 2013, months after his arrest, Salinas says two agents from the FBI’s Southern District of Texas office asked him to use his skills to gather information on Mexican drug cartels and local government figures accepting bribes from drug traffickers. “They asked me to gather information on elected officials, cartel members, anyone I could get data from that would help them out,” Salinas told Wired in a phone interview before his sentencing. “I told them no.”

“Fundamentally this represents the FBI trying to recruit by indictment,” says Salinas’ lawyer Tor Ekeland, who took the case pro bono last year. “The message was clear: If he had agreed to help them, they would have dropped the charges in a second.”

Salinas, to be clear, has no proof of his claims. He had no lawyer present at the time of the questioning, made no recordings, and his story couldn’t be independently confirmed. The FBI has flatly denied his account, writing in a statement to Wired that Salinas “was never asked to conduct any investigative activity on behalf of the government.” A Department of Justice spokeswoman pointed out in a statement that “at no point during the case did the defense ever present any testimony or evidence to show that any of the defendant’s hacking attempts had been made at the behest of the government or at the request of any alleged victim.”

But Ekeland says Salinas didn’t testify about his claims of the FBI’s hacking request because there wasn’t a trial. Ekeland advised Salinas not to tell the story until after his sentencing to avoid scuttling his plea deal. And Ekeland believes that story helps to explain the pile of unsupportable charges Salinas faced soon after. The 44 felony charges against Salinas, Ekeland says, were “an intimidation tactic designed to get him to fold, to get him to take a plea or cooperate.”

Salinas’ troubles with the law began when his house was raided in early 2012 as part of the investigation of his alleged hacking. He was arrested and all of his computer equipment seized, then released on bail. In May 2013, as he tells it, he was called by the FBI and told to come to the local field office to retrieve his confiscated computers. When he arrived at the office with his wife, however, he claims he was instead put in a room and questioned. His wife, who was pregnant at the time, was, he says, left to wait for six hours in the building’s lobby.

During those six hours, Salinas says FBI agents showed him evidence that he had logged into Anonymous IRC chatrooms. He says they brought up OpCartel, an aborted Anonymous plan in 2011 to hack Mexico’s Zeta drug cartel. And finally, he claims they asked him to help them gather information on both the cartels and local officials who had accepted money from them.

“We think you can help us,” Salinas says he was told. “You can help us stop some of this corruption and stop the cartels.”

“I’m not going to snitch,” Salinas says he replied. They insisted that they weren’t asking him to inform on his friends or Anonymous associates.

“Think of it like this, you have a superpower,” Salinas says the agents told him. “And you should use your superpower to help us help people.”

Salinas says he refused. Four months later, he was hit with a single computer fraud and abuse charge. Six months after that, prosecutors filed a superseding indictment, adding 13 more counts. The next month they added another 30, adding up to a total of 44 charges. Eighteen of those charges were for cyberstalking an unnamed victim, and each charge was based on a single instance of Salinas submitting junk text in a contact form on the victim’s website.

As those charges mounted, Salinas says he wasn’t asked again to hack for the FBI or otherwise contacted by agents. But he nonetheless believes the series of superseding indictments was meant to convince him to change his mind. “I think with the first charge they thought I would cop a plea and help them, but I didn’t,” Salinas says. “I do believe they were upping the charges to put pressure on me, out of spite for not helping them out.”

When Ekeland took Salinas’ case and began to push back, the charges quickly fell to 28 counts and then a single-misdemeanor plea deal. “As soon as they got caught, they folded,” Ekeland told Wired in November. “I feel sorry for all the people that don’t have the support that Fidel had … There are a ton of Fidel Salinases out there that aren’t as lucky.”

In her statement, Justice Department spokeswoman Angela Dodge emphasized that Salinas had in the end been convicted, and she defended the decision to bring the 44 charge indictment against him. “A federal grand jury found probable cause for each of the charges alleged in the indictment and … it is not uncommon for some charges to be dismissed as part of a plea,” she wrote. “We always consider what will serve as a deterrent to similar crimes and what is in the best interest of justice for all parties involved.”

But Ekeland says the overreaching charges fit into a pattern of the FBI and Justice Department’s threatening hackers with ruinous charges to turn them into informants, and in at least one other prominent case, cooperative hackers. While working as an FBI informant, Anonymous hacker Hector “Sabu” Monsegur led hacking operations against more than 2,000 internet domains, according to the leaked sentencing statement of Jeremy Hammond, another Anonymous hacker who took direction from Monsegur. Those targets included government websites in Iran, Pakistan, Nigeria, Turkey, and Brazil.

Securing a defendant’s cooperation by threatening him or her with a mountain of charges is nothing new, says Electronic Frontier Foundation attorney Hanni Fakhoury. But that’s usually accomplished by first charging the defendant and then allowing him or her to reduce punishment by working as an informant or offering information. “I’ve represented many defendants who were propositioned by the government to come into a room and cooperate,” says Fakhoury.

In this case, Salinas’ claims—if they’re at all true—could represent the opposite: a vindictive indictment after a refusal to cooperate. “To proposition him first and punish him after is much rarer and would be much more problematic,” says Fakhoury. “If this is true, it’s very troubling and very improper.”

More from WIRED:

Feb. 19 2015 1:36 PM

The Ultra-Sketchy Adware Pre-Installed on Lenovo Laptops

Vulnerabilities and hacks are increasingly a fact of life, and they’re especially scary when they show up in mainstream products that lots of people use, like Internet Explorer. (Are you still using IE? If so, we need to have a talk.) But it really hurts when there's a major vulnerability in something that came pre-installed on PCs for the benefit of manufacturers, not consumers. Like today, for example!

Researchers began realizing early Thursday morning that pre-installed adware on Lenovo’s consumer laptops was not only serving ads to users, but also compromising encrypted Web browsing and making users vulnerable to man-in-the-middle attacks. That’s when a third party is able to see and record data between users and the Web servers they are communicating with.

The program, called Superfish, has been on Lenovo users’ minds since around September (surfaced by Ars Technica), and proof of a potential security problem started trickling out in January. At the time, the company acknowledged that there was something weird with Superfish but referred to problems with “browser pop up behavior for example.”

More recently, researchers and other Lenovo users have been publishing evidence on Twitter and elsewhere showing fake certificates for supposedly secure browsing sessions issued by Superfish instead of a certificate authority like VeriSign. This means that behavior and data from the browsing session wasn’t actually encrypted and could be accessed by Superfish.

And even worse, Superfish seems to use the same private key for the root certificate it puts on every laptop it’s installed on. So if a hacker can obtain that key, he or she can listen in on secure sessions from users who have Superfish running. People noticed in January that Gogo inflight Wi-Fi was pulling some similar tomfoolery, but this situation is crazier because the bad actor is pre-installed on the computer and always lurking—it’s not just a Wi-Fi network people use occasionally.

Lenovo said in January:

Superfish technology ... does not profile nor monitor user behavior. It does not record user information. It does not know who the user is. Users are not tracked nor re-targeted. Every session is independent. When using Superfish for the first time, the user is presented the Terms of User and Privacy Policy, and has [the] option not to accept these terms, i.e., Superfish is then disabled.

In a statement Thursday the company reiterated these claims. Lenovo also said that the adware shipped on consumer laptops between September and December, but that the company stopped pre-installing it in January because “user feedback was not positive.” Which, yeah, compromised HTTPS browsing is a pretty not-positive situation. Superfish was not immediately available for comment. We’ll update if the company gets back to us.

Lenovo is providing instructions and resources for uninstalling Superfish, though some are skeptical of the company’s approach.

As Dave Fayram, the director of software engineering at Capital One, tweeted, “That sound you heard was every IT department in the world canceling their Lenovo contracts.”

Feb. 19 2015 12:10 PM

Google Says Proposed DoJ Warrant Tweaks Are “Monumental” Fourth Amendment Violation

The Department of Justice has been working to revise a federal criminal procedure rule to make it easier for judges to issue search warrants outside of their geographic districts of influence. The idea is to facilitate remote FBI searches of digital data. But Google and other groups have constitutional concerns.

The proposal to a judicial advisory committee has been in an open comment period that ended Tuesday. On Friday, Richard Salgado, Google’s director of law enforcement and information security, submitted a letter detailing Google’s concerns. He writes that the change could have much bigger “constitutional, legal, and geopolitical concerns” than the DoJ is acknowledging.

The proposed change is in Rule 41 of the federal rules of criminal procedure, which details geographic constraints on the areas where judges are allowed to approve search warrants. The DoJ wants judges to be able to issue warrants even if the source of a botnet or other anonymous action is unknown. In its response to public comments, the DoJ writes:

The existing rules already allow the government to obtain and execute such warrants when the district of the targeted computer is known. Thus, the issue before the Committee is not whether to allow warrants to be executed by remote search; it is whether such warrants should ... be precluded in cases involving anonymizing technology due to lack of a clearly authorized venue to consider warrant applications.

But Google says that the proposal is too broad and could have unintended, problematic impacts. It adds that if such a change is to be enacted, it should come through Congress, not a DoJ proposal to a judicial advisory committee. Salgado notes, “While the proposed ammendment ‘purports’ not to substantively expand the government’s search powers under Rule 41, it in effect does so anyway. ... The proposed amendment is a substantive change that imposes upon the constitutional rights of targets. ...”

Salgado also points out that the changes could easily lead to remote search of computers outside the United States or in places where U.S. law enforcement does not have jurisdiction. He adds that millions of Americans with computers impacted by cybercrime could have to endure digital searches as law enforcement attempts to track an anonymous actor.

The National Journal notes that Amie Stepanovich, the senior policy counsel for digital rights group Access, said at a proposal review meeting in November, “I empathize that it is very hard to get a legislative change, however; when you have us resorting to Congress to get increased privacy protections, we would also like to see the government turn to Congress to get increased surveillance authority.”

In addition to Google’s letter, there were more than 30 others submitted during the open-comment period by groups like the the ACLU, Electronic Frontier Foundation, and Reporters Committee for Freedom of the Press. The judicial advisory committee will make a decision about the proposal in the next few months, at which point it will be reviewed by other groups including the Supreme Court and Congress. Congress has seven months to address the proposal, but if it doesn’t, the revision will automatically go through.

Feb. 18 2015 6:19 PM

Good Old HTTP Is Getting a Makeover

Most addresses you put into your browser's address bar start with "http." We basically take that random string of letters for granted. But the grouping is actually an acronym for Hypertext Transfer Protocol, and it represents the series of operations that lets your browser connect to and communicate with Web servers. It's the protocol that underlies the Internet as we know it. And it was in desperate need of an update.

HTTP was pioneered by Tim Berners-Lee and other early Interneters in the late 1980s, and it was revised a few times throughout the 1990s, resulting in HTTP/1.1, which came out in 1999. And then after that ... nothing. Which is weird because the Internet has changed a lot since 1999. Webpages are a lot larger now and security is a bigger priority.

Finally, the Internet Engineering Task Force's Steering Group announced Wednesday that it is ready to release an update called HTTP/2. The new version is designed to deal with the hulking sites that are now standard on the Web. When a browser sends a request to a server, the server will respond with more content and the connection will last longer. All of this will also help pages to load faster.

The new protocol isn't a replacement for HTTPS, which requires an additional secure protocol like Transport Layer Security (TLS). The HTTP/2 working group writes in an FAQ that it considered baking encryption into the update. But, "after extensive discussion, the Working Group did not have consensus to require the use of encryption (e.g., TLS) for the new protocol." The new version may make it easier to implement encryption and will do more to check the integrity of TLS connections, though.

And it's not going to break everything, either. For obvious reasons, one of the most important priorities was to ensure compatibility between HTTP/1.1 and HTTP/2, and the updated version has already been in testing on Chrome and Firefox.

HTTP/2 should provide a better browsing experience (especially on mobile) without you having to do or know anything. A rare reward for laziness.

READ MORE STORIES