The truth about Trump’s secret server and Russia

But if you’re like me, you probably had already seen that same exact tale told in early October, as it was run through the grist mill that is infosec Twitter. You must be wondering, then, why didn’t anyone cover the story before now?

Monday’s article hit just before the week ramped up. Newsrooms were deciding the week’s coverage and PR firms were barraging us with press releases in attempts to get their clients some media attention. Outlets were primed and ready for the election scandal du jour.

A “benevolent posse”

The truth about Trump's secret server and Russia

The piece pointed a finger at Trump and Russia sittin’ in a tree, while fawningly describing the security researchers like some kind of dreamy Hollywood team of elite super-good-guys coming together to solve a crime. It began by describing the heroes of its story, a secret group who acts as a “benevolent posse that chases off the rogues and rogue states.”

According to Slate, this plucky, rag-tag bunch “are entrusted with something close to a complete record of all the servers of the world connecting with one another.” Why the benevolent posse hasn’t told us who gave the Clinton emails to Wikileaks, or used their magical (mythical) god-like all-seeing eye superpower to end anonymous online harassment was not explained.

Slate’s piece felt like wishful thinking on a lot of levels, but plenty of major outlets took the provocative question mark and ran with it. By Tuesday night, CNN’s front page slapped Trump and Putin together like a far-right Grindr match.

According to Slate, the researchers found “a sustained relationship between a server registered to the Trump Organization and two servers registered to an entity called Alfa Bank.” Essentially, a bank in Moscow was irregularly pinging a Trump server with small bits of traffic.

The article even brought in a well-respected, bonafide expert, Dr. Paul Vixie, a pioneer of the internet’s domain name system (DNS). “The parties were communicating in a secretive fashion,” Vixie told Slate. “The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.”

There was no doubt in the minds at Slate that this was it, the coup de grâce tying together all the Trump-Russia connections.

But, there were many doubts to be had.

The article consulted some known names in infosec, few of whom actually saw the logs. The original accusations and research came from anonymous sources, and one primary source called “Tea Leaves.” Only one female member of the “benevolent posse” went on record with a name, Professor L. Jean Camp.

The writer assured us that these computer scientists were legit, yet we got no background or skill sets, or real reasons to trust them. In a world where practically anyone with an internet connection can call themselves a security expert, it raises more red flags than an article relying on anonymous sources already would.

In the world of journalism, anonymous sources aren’t something you trifle with, especially if you value your reputation and like not being in jail. Meaning that if you agree to publish the word of your anonymous source, you are saying that you’ve done the research to verify the source is credible, and you are vouching for the information as truth. Making everything worse, the credibility of Slate’s posse of sources was anchored by an endorsement from one of the group’s own members — the aforementioned L. Jean Camp.

It’s this exact cocktail of infosec ignorance and unvetted sources that give us pastebin posts treated as fact and turned into headlines.

Super-secret marketing emails

The sources were actually sketchy. Security researcher Krypt3ia pointed out that no one had any viable docs to look at. “There was a lot of speculation and theory but what Tea had put on the darknet and had been shopping around was not forensically proven and in fact all of the metadata that may have existed had been stamped out of all documents or never existed in the first place as they were using text files.”

Maybe that’s why the New York Times started investigating this story in early October but dropped the story.

It took the infosec community about ten minutes to debunk the Slate story. This entire Twitter thread explains the technical details if you’re curious. What Slate was seeing was actually a marketing email server sending spam. The low level pinging between Trump’s old 2009 mail server and a bank in Russia was just a respondse to marketing spam that had been set up and forgotten about. The so-called “Fifth Avenue server” referred to the WHOIS business address on a reg record, and the whole thing was outsourced to a marketing company.

This Slate story is complete garbage

— Naadir Jeewa (@randomvariable) November 1, 2016

Researcher Rob Graham wrote, “the domain was setup and controlled by Cendyn, a company that does marketing/promotions for hotels, including many of Trump’s hotels.” He added, “Cendyn outsources the email portions of its campaigns to a company called Listrak, which actually owns/operates the physical server in a data center in Philidelphia.”

After the blistering debunkings by infosec denizens, there was a second article by the same author arguing against the very thorough debunkings done by the researchers. There is so much effort throughout the follow-up article to confuse the reader into thinking there’s something conspiratorial and unanswerable going on, that one of the debunkers wrote a second debunking of the whole damn thing.

With a little experience in hacking and cybersecurity reporting, it’s easier to see these stories coming from a mile off. What’s troubling here, and especially now, is that Clinton’s camp didn’t. Clinton senior policy adviser Jake Sullivan took Slate’s bottom line and ran with it Monday night, saying it was “the most direct link yet between Donald Trump and Moscow.”

Being a sports and politics writer, experience in hacking and cybersec is exactly what the Slate writer didn’t bring to the table, and like with the Clinton camp, a little would’ve gone a long way.

Giving us the next problem, which I’m going to call “infosec telephone.” It starts when researchers say wild things to reporters who don’t know anything about infosec. Next, the story goes forward without proper research. Then the story turns into a truckload of stupid as it gets blasted from the biggest news outlets.

It’s painful and terrible for those of us in the trenches, in 2016 especially, that big box journalism outlets can’t find the thoughtfulness in reporting on issues about hacking and security to get it right. And how the rush to be the next famous hacking journalist has eclipsed any sense of obligation to do due diligence, tell an objective story, and present readers with complex issues.

Or just chill with the fact that, like with this week’s server story, sometimes a cigar is just a damn cigar. Even if it’s being smoked by Putin’s very own dangerous inbred lap dog.

All I’m saying is that the insanity of this election isn’t being helped by people pushing unresearched infosec hysteria into the headlines.

But hey, don’t let that stop you.

This article is automatically posted by WP-AutoPost Plugin

Source URL:

‘Hearthstone’ is going to Gadgetzan

In terms of what this will mean for gameplay, Chu said that there’s a card coming called “Piranha Launcher” which is exactly what it sounds like: a weapon that shoots vicious fish. Then there’s the Lotus Assassin which gains stealth points with every kill. The Kabal Talonpriest gives friendly cards three health.

These cards are from three different races, the Grimy Goons, the Kabal and the Lotus. Following that delta theme, there are tri-class cards as well, with the Kabal’s Courier able to play within mage, priest and warlock decks.

Like new Overwatch hero Sombra, these will be playable on the Blizzcon show floor.

This article is automatically posted by WP-AutoPost Plugin

Source URL:

One consultation was enough to sell me on online doctors

In the past, I’ve caught these infections as they were brewing and managed to stop the worst of the symptoms from ever materializing, but last week I was certain I was just getting headaches. By the time swelling started to appear late on Thursday night, it was too late.

In addition to the rapidly growing pile of leukocyte corpses buried in my cheek, I had another problem: I recently moved to a new apartment. Because I’m bad at life, I hadn’t registered with a new GP (a general practitioner, the Brit version of a primary care physician). That meant two things: either travel back to where I used to live to see my GP, or register at a new clinic and wait a couple hours to be seen.

I’m based in London, and work the “overnight shift” at Engadget, making sure the site doesn’t catch fire while my US-based colleagues are asleep. That means I work with a smaller team than a writer in New York, and last Friday we had a couple other people out of the office as well. If I were dying, I’m sure they could have done without me, but taking three hours off work just wasn’t practical.

And so I sat, stuffed full of ibuprofen, paracetamol and codeine, yet inexplicably still in pain. Then my colleague Matt Brian suggested I see an “app doctor.”

Apps and sites that let you virtually talk with a medical professional are pretty common. After a little Googling around for comparison, I settled on “Push Doctor,” a UK service which had a couple of good writeups and (more importantly, if I’m being honest) a large introductory discount for what is a premium service. After registering, I booked an appointment, which was as simple as you’d expect: I was presented with a list of available slots, with the earliest in my case being eight minutes away (appointments run from 7AM to 10PM, seven days a week).

The appointment felt no different from a regular check-up.

With my slot reserved, I then had two options for the appointment: download an app on my phone or use my browser. I chose the latter. The actual appointment felt no different from a regular check-up. Through video chat, I explained my complaint and was asked the usual array of follow-up questions. When I registered, I gave the doctor access to my National Health Service (NHS, the UK’s public health authority) records, so I assume they were able to verify that this was a repeat condition. The only thing that didn’t happen was a doctor poking at the swelling, asking me how it felt, and so on. Instead, I was asked to do that poking myself, and report back on the sensation.

The “examination” and questioning took around five minutes. After asking more questions about allergies and if I was taking any other medication or recreational drugs, the doctor prescribed a short course of Metronidazole (an antibiotic / antiprotozoal medication often marketed as Flagyl). Upon doing so, a prompt popped up in front of the video stream, asking me to accept a prescription charge of £6.50 (around $8). I did so, and shortly after that the call ended. To be honest, I’m not entirely sure the video chat was necessary in this case — it’s not like I had a rash to show, or anything like that — but the “face-to-face” aspect did help build trust.

Around a minute later, I received a phone call from Push Doctor asking where I wanted to pick up my medication, and I chose a pharmacy around 350 yards from my desk. Fifteen minutes later, they called again to say my order was ready. I wandered to the pharmacy, paid another £8.40 ($10.50 — the standard UK rate that’s waived if you’re elderly or young or qualify in other ways) for the meds, and went home. The entire process — from booking the appointment to getting home and popping the first of many pills — took about 45 minutes, of which only 20 required me to put my deadline on hold.

How much did it cost? I paid a total of £15.90 (just under $20), including my meds. It would’ve been more expensive if I needed more medicine (the £6.50 fee wouldn’t rise, but pharmacy costs would have), and if I needed a referral to a specialist or a sick note for work there would’ve been additional fees (£12.50 / $16 each). Also, about that discount I mentioned: A consultation is usually £20 per 10 minutes. I paid £1.

£15.90 is considerably more expensive than seeing my regular GP, who wouldn’t have charged me anything, leaving me with just an £8.40 pharmacy bill. Take off the discount, and next time I try the service it’s likely I’ll be paying around £26.50 ($33) for the convenience. But it was so convenient. I didn’t have to spend several hours away from work, sit among sick people and be prodded by a stranger. I didn’t need to wait while the pharmacy saw to my paper prescription — it was just there waiting for me.

I’m not sickly enough to need it, but Push Doctor also offers a subscription service: £20 a month covers unlimited appointments, prescriptions, referral letters and sick notes. If I had an ongoing medical concern, I would definitely consider it, but I typically visit the doctor once a year, and my employer offers a yearly physical as a perk.

So here’s the thing: The UK has a public healthcare system that’s mostly funded by taxes. Visiting the doctor, hospital or a specialist is typically free, with nominal charges for prescriptions only. Right now, these apps offer private healthcare, when every UK citizen has public healthcare rights.

To be clear, many of the doctors on this and other services are NHS GPs, who are working out-of-hours to make some extra money. Push Doctor is, however, approved as a way for NHS doctors to give (free) remote consultations to their patients. There obviously isn’t a huge uptake for this yet, but online check-ups through the public health service could be commonplace one day.

I honestly don’t think I’ll see a GP in the flesh ever again.

In the US and other countries, apps like DoctorOnDemand, HelloMD and LiveHealth perhaps make immediate sense for more than just the rich or the overworked. If your insurance company will cover the cost of seeing a virtual doctor, there’s much less of a barrier to entry.

After my experience with a virtual doctor, I’m totally sold on the idea. I won’t always be this young, and at some point in my life, I’m going to be hospitalized. I’m going to see specialists. I’m going to need physical examinations. But for the regular malaise that strikes us all from time to time, or any condition that just needs a few pills to solve, I can’t see myself visiting a clinic.

I’m definitely going to try a few other services to see how they compare, hopefully taking advantage of some more introductory discounts while I’m at it. Maybe I’ll find a better service than Push Doctor, but the basic premise is likely to be the same. It makes elegant and intelligent use of everyday technologies like video conferencing and digital medical records to give me 24/7 (okay, 15/7) access to a doctor with just a few minutes notice, no matter where in the country I am. I honestly don’t think I’ll see a GP in the flesh ever again.

Oh, and by the way, my face is fine now.

This article is automatically posted by WP-AutoPost Plugin

Source URL:

Tesla added an all-glass roof to the Model S

The glass roof option will cost new Tesla owners a cool $1,500 over the base model, and does away with the plain sunroof entirely. If you need a roof rack or satellite radio, however, you’ll still have to go with the $2,000 panoramic option. If you’re worried about how hot your car’s interior will get will all that glassy real estate, remember Tesla claims their tinted glass blocks 98 percent of UV rays and 81 percent of heat, and drivers can always use their smartphone to turn on the AC before you even get back to the car. As with most things Tesla, the company has recently created an in-house glass technology group to handle all the glass-related research and development for Tesla and SolarCity. When the Model 3 debuts next year, it will feature a similar glass roof over the cabin.

While Tesla was in there fiddling around with the available Model S options, they also did away with Ludicrous Mode for all versions of the Model S except the top-of-the-line P100D, where it still comes standard.

This article is automatically posted by WP-AutoPost Plugin

Source URL:

Samsung recalls 2.8 million top-loading washing machines

In a statement, the company said that it is working with the U.S. Consumer Product Safety Commission (CPSC) to recall 34 models produced between March 2011 and October 2016. The CPSC had previously warned customers that it had received reports of top-loading washing machines exploding, but Samsung has been forced to step in after owners noticed that the drums in their washers caused appliances to “lose balance, triggering excessive vibrations, resulting in the top separating from the washer.”

The US consumer watchdog says it has already collected 733 reports of Samsung machines experiencing excessive vibration or complete detachment, which resulted in nine injuries, including a broken jaw, injured shoulder and “other impact or fall-related injuries.” Samsung said in September that it believed the issues were caused by “bedding, water-resistant or bulky items” being placed on a high-speed spin cycle and recommended that owners simply use slower settings instead.

To remedy the situation, Samsung is offering two options. The first is a free in-home repair that will reinforce the washing machine’s top compartment. Owners will be given an additional one-year warranty if they choose that option, regardless of its age. The second is a rebate that will be applied to the purchase of a new Samsung or “other brand” washing machine. Anyone buying another Samsung unit will receive an extra $150 towards their purchase. If that sounds familiar, Galaxy Note 7 owners also get money off if they buy another Samsung phone.

Samsung has set up a new website to handle the recall, which lists the models affected and allows owners to check if their washer has been impacted.

This article is automatically posted by WP-AutoPost Plugin

Source URL:

Google DeepMind and Blizzard partner for ‘StarCraft II’ AI research

Rather than Google building an unstoppable Starcraft 2 machine, Blizzard wants to give anyone the change to build their own AI bot using the upcoming API. Essentially, this framework serves as a testing ground for building and training new AIs — it could lead to better AI in Starcraft 2 itself, or we could see better AI player coaches, or maybe just an unbeatable AI bot. “There’s still a long way to go, but maybe we’ll even see an agent take on the BlizzCon champion in a show match,” Vinyals said.

But this could have effects that go far beyond just Starcraft 2. “On a broader scope, these advancements we make in Starcraft might help us when we apply them to the real world challenges we face in science, energy, and other human endeavors,” Vinyals said. Indeed, in a blog post announcing the partnership, Google Deepmind notes that the complexity of Starcraft 2 makes it “useful bridge to the messiness of the real-world.”

Of course, what Google and Blizzard find from this partnership remains to be seen, but games have already proven to be great AI trainers, so we expect that we’ll see some big AI improvements from this partnership — it just might take a while. “We’re still a long way from being able to challenge a professional human player at the game of StarCraft 2,” the Deepmind team says in its blog.

Aaron Souppouris contributed to this report.

This article is automatically posted by WP-AutoPost Plugin

Source URL:

Sprint customers will get next-generation texting features soon

If you’re on Sprint now and using “select” LG and Nexus phones, you’ll get the capability sooner via a Messenger software update. And it sounds like other customers can just download the updated Messenger app to get in on the RCS fun — you’ll just need to be running a phone with Android KitKat or later.

Sprint customers will get next-generation texting features soon

It’s worth noting that while some other US carriers (including T-Mobile and AT&T) already support RCS, Sprint is the first to commit to an updated protocol for the service. The GSMA, which represents carriers around the world, announced that the latest spec for RCS is being released a little later this month — while it’s reasonable to assume that AT&T and T-Mobile will update to this new standard as well, Sprint is the first to pledge commitment for its customers.

While this is good news for Sprint customers, it’s going to take support of the other big carriers in the US for this update to really be useful. Messenger will fall back to standard SMS if one of the conversation’s participants isn’t using a phone capable of the RCS standard, and that’ll likely be what most users encounter, at least for starters. But any step towards a better default messaging standard is worth noting — here’s hoping that the other US carriers get on board post-haste.

This article is automatically posted by WP-AutoPost Plugin

Source URL:

WhatsApp is reportedly developing its own Snapchat clone

Long before Snapchat was a huge deal, it was the subject of a buyout deal from Facebook chief Mark Zuckerberg. Snapchat rebuffed the offer, and Facebook’s response has been to work relentlessly to undermine the object of its jilted affections. Instagram has been slowly drawing inspiration from its main rival, adding Instagram Stories to its core platform. In addition, Facebook tried to buy the “Asian Snapchat” this summer in the hope of curtailing its rival’s international growth. It’s a lesson to us all that if Mark Zuckerberg offers you $3 billion for something, maybe factor how much revenge he’ll exact if you say no.

This article is automatically posted by WP-AutoPost Plugin

Source URL:

The best 4K monitors

Who this is for

The best 4K monitors

Illustration: Elizabeth Brown

The most obvious reason to choose a 4K monitor is because it has a lot of pixels. With 3840×2160 pixels, a 4K monitor has four times as many as a 1920×1080 monitor (8.29 million versus 2.07 million), 3.6 times the pixels of a 1920×1200 monitor (such as our 24-inch monitor pick), and 2.25 times the pixels of a 2560×1440 monitor (likeour 27-inch monitor pick).

The best 4K monitors

A high-resolution display such as a 4K monitor can make text and images look much sharper than a standard monitor. Photo: David Murphy

That increased pixel density produces sharper, more detailed images, as you’ll see in our illustration above. A 4K monitor can give you a better-looking picture for games, the ability to edit high-res photos and videos at their native resolutions, and a lot more desktop space—useful if you’re a coder or you otherwise need a large amount of information on one screen.

Higher picture quality and more screen space can make 4K monitors look like an obvious upgrade, but they come with potential drawbacks that some people will find annoying and others will hate. To learn more, check out our full guide.

How we picked and tested

The best 4K monitors

Photo: David Murphy

We narrowed our list of the best-reviewed and highly ranked IPS monitors down to eight by eliminating those that weren’t manufacturer-calibrated, were way too expensive for their specifications, or were using DisplayPort’s multi-stream transport mode (MST) instead of single-stream transport (SST). MST was an older stopgap measure that treated a monitor as two separate displays in order to get a 4K picture working over older versions of DisplayPort. You should avoid any monitor that isn’t SST, though you might have to do some Internet detective work to confirm whether a monitor uses it.

The Wirecutter’s Chris Heinonen helped us design our monitor-testing process, which relies on two measuring devices: a $1,200 i1Pro 2 spectrophotometer from X-Rite and a $170 Spyder4Pro. (The Spyder4Pro is better at reading black levels than the i1Pro.) We built customized tests in the CalMAN 2016 software-calibration suite to measure each monitor’s maximum and minimum brightness levels, gamma, color temperature, and color accuracy.

Our pick

The best 4K monitors

The P2715Q has an old-school fat plastic bezel and traditional plastic buttons rather than the ultraslim bezel and capacitive buttons of Dell’s UltraSharp line. Photo: David Murphy

The Dell P2715Q is the best 4K monitor for most people because its display quality is exceptional, its price is reasonable, it has all the connections you’ll need for your PC (and USB devices); it comes with a highly adjustable ergonomic stand and VESA mounting holes; and it uses single-stream transport for its DisplayPort connection—much better than cheaper (or older) multi-stream transport monitors.

The P2715Q doesn’t carry Dell’s UltraSharp branding, but the company calibrates the monitor at the factory. Because the calibration applies to the monitor’s default mode, you’ll get great results when you first set up the monitor. (You should still optimize the monitor’s brightness and contrast for your room’s lighting.)

The monitor’s DeltaE values—representing how far away a displayed color is from what it should actually be—ranged from 1.114 on our saturations test to 1.224 on our ColorChecker test to 1.493 on our grayscale test. In real-world terms, the P2715Q’s colors are almost perfect. Though the calibration software found that some displayed reds appeared oversaturated and the monitor had some hue/tint inaccuracies, they’re not perceptible. For more on grayscales and color temperature, see our full guide.

There’s little we don’t like about Dell’s P2715Q. Previous purchasers have reported that the monitor doesn’t always work, or work well, with various MacBooks. Given how many different kinds of MacBooks exist, how many different ways people have tried to connect the monitor to their laptops, and how many different versions of MacOS people are using, we haven’t found a one-size-fits-all solution for some of the reported issues, so we recommend checking to confirm that your MacBook can even run 4K at 60 Hz.

Runner-up (with extra features for gamers)

The best 4K monitors

The XG2700-4K is an excellent alternative to the Dell P2715Q. Photo: David Murphy

The ViewSonic XG2700-4K isn’t just a runner-up; it’s an excellent alternative to the Dell P2715Q if you’re a gamer or a power user and you like digging into your monitor’s features. It offers accurate colors, excellent stand adjustability, an even better array of connections, and FreeSync (for AMD gamers). It also has far more configuration options than the Dell, though they’re not explained very well, which is our biggest complaint with this monitor. But the Dell P2715Q is a lot more user-friendly (and currently cheaper), which is why that model gets our recommendation.

In our CalMAN 2016 testing, the XG2700-4K had a slightly better grayscale DeltaE than the Dell P2715Q (0.9428 versus 1.493). The same held true for our saturations test (0.5073 versus 1.078) and our ColorChecker test (0.7491 versus 1.224). In reality, all of those values indicate excellent display quality for most people—you can’t tell whether one monitor is more accurate than the other without a calibration device.

We especially love the XG2700-4K’s robust multipicture mode, which lets you use one monitor to view multiple connected sources at once (either in a split screen, a quad-window display, or picture-in-picture).

Upgrade pick

The best 4K monitors

The BenQ BL3201PH is gigantic, but it lets you avoid dealing with unpredictable scaling issues if you rely on third-party apps. Photo: David Murphy

The BenQ BL3201PH is a beast. It’s the best 4K monitor you can buy if you have room on your desk for its 32-inch screen. The biggest benefit of a giant 4K monitor is that you might not need to scale your display when running the monitor at its native resolution. That way, you’ll avoid one of the main issues plaguing 4K—third-party apps that look ugly, blurry, or too tiny to use when Windows embiggens your on-screen items.

Of all the large 4K monitors we looked at, the BL3201PH offers the best combination of price and performance, plenty of connectivity, all the right ergonomic adjustments, and a good assortment of features in an easy-to-navigate configuration screen.

Care and maintenance

Dell’s factory calibration for the P2715Q’s Standard mode is very accurate, so you don’t need to buy a hardware colorimeter to calibrate your display unless you need absolute perfection (as professional photographers, graphic designers, or video editors do). You can (and should) adjust the monitor’s contrast: Go to’s white-saturation test and set your contrast at the highest it will go before you can’t see the difference between the higher-numbered values and the all-white background.

If your monitor’s screen gets dirty or smudgy, don’t use an ammonia- or alcohol-based cleaner on it (no Windex). Don’t use a paper towel, either. A microfiber cloth and some distilled water (not tap) will work just fine. And don’t spray the screen when cleaning it—spray the cloth, then wipe the screen.

This guide may have been updated by The Wirecutter. To see the current recommendation, please go here.

Note from The Wirecutter: When readers choose to buy our independently chosen editorial picks, we may earn affiliate commissions that support our work.

This article is automatically posted by WP-AutoPost Plugin

Source URL:

Sombra is officially Overwatch’s new hacker hero

If you didn’t see Sombra coming, maybe you haven’t been paying much attention to Overwatch lately. Onstage during the Blizzcon keynote, Blizzard president and CEO Mike Morhaime described her as a stealthy offensive infiltrator who can hack an enemy’s abilities. Blizzard has dropped a few other details as well. She has an EMP attack that can shut down numerous enemies at once, for instance. Additionally, she can camouflage herself, making her harder to see. If you’re lucky enough to be at Blizzcon this weekend she’ll be playable on the show floor. Everyone else? You’re going to have to wait.

This article is automatically posted by WP-AutoPost Plugin

Source URL: