You can try out Windows Hello biometric logins for the web, right now

windows-hello-login-100655886-orig.png

Windows Hello’s face- or fingerprint-login feature promises to make passwords a thing of the past. But if you’re still confused about how biometric logins can make your life easier, Microsoft has published a quick demonstration to show you.

Windows Hello is one of the standout features of Windows 10, allowing your PC to “recognize” you and free you from typing in a password each time you unlock your PC. Microsoft originally predicted that web sites would build in that same biometric technology, but that promise hasn’t materialized, yet. It will, though, as part of the the Windows 10 Anniversary Update, due to roll out this summer.

Why this matters: Anyone who’s used Hello knows it’s a convenience that’s become largely indispensable, like a television’s remote control. With the dozens of passwords that we’re forced to remember, most of us would welcome a simpler approach to the web. Consider, too, that this is specific to Microsoft Edge. Forget Edge extensions—Hello could be the “killer app” that sells Microsoft’s browser.

As easy as looking into a mirror

To show off what it can do, Microsoft has published a ”test drive” demo to the web, where you can try biometric logins for yourself. Naturally, you’ll need a Windows 10 machine with Windows Hello-capable hardware, such as a Microsoft Surface Pro 4 two-in-one. (Microsoft says the demo was designed to work with Insider builds, but the Windows 10 10586.218 that Surface Book upgraded to on Wednesday seems to run the demo just fine.) You can also use the Tobii eyeX peripheral that we recently reviewed. Make sure you have set up Windows Hello using Settings > Accounts > Sign-in options > Windows Hello.

Even if you’ve never used Windows Hello before, setting it up should take just a few seconds—literally, all you have to do is look at the screen. And the demo itself should take just the same amount of time. Again, look at the screen when prompted, and voila!—you’re logged in. (The premise is that Windows Hello confirms your identity locally, then sends a token to the web site that authenticates you. You can also use the site’s password, as you always have.)

Note that the demo is an example of what Microsoft has previously called an “early implementation” of the Web Authentication (formerly FIDO 2.0) specification. Microsoft says it is working closely with industry leaders in both the FIDO Alliance and W3C Web Authentication working group to standardize these APIs.

PINs become more important

There’s one thing I noticed, though, that you might think about. Windows Hello does a fine job, in my experience, of logging me in and blocking others from using my PC. But Windows 10 also allows you to use a four-digit PIN to unlock your PC, and allows that same PIN to authenticate you to the web.

The vast majority of us use two-factor authentication to log in to, say, an ATM—by combining a banking card with a four-digit PIN. Our privacy and security are much more at risk when a simple PIN, which Microsoft has implied is more of a convenience than anything else for accessing our PCs, becomes a means of also accessing your bank’s site. If and when Windows Hello logins become mainstream, consider removing that PIN and using either a password or biometric login as your primary methods of authentication.

You deserve a break, and Outlook’s updated Replies will see that you get one

outlook-vacation-100655916-orig.png

You’re a nice person: devoted, hardworking. And every year you find yourself taking an hour or two from your vacation to stress about some petty meeting someone else should be taking. An updated Automatic Replies feature from Outlook promises to put you back on the beach.

Microsoft’s old “Out of Office” feature simply sent automated emails to friends and business contacts, reminding them you’d be lounging on the sands of Cancun the second week of July. Now, Outlook wipes your calendar clean: cancelling meetings you’ve already booked, declining new invitations, and showing your calendar as blocked (or filled up) for the duration. It’s Outlook acting as the devoted gatekeeper we all wish we had.

outlook automatic replies
You’ll have the option to completely free yourself from meetings if you so choose.

Once you enable what Microsoft calls Automatic Replies, Outlook will show you a list of scheduled meetings that take place during your vacation and, via a checkbox, allow you to send a polite email opting out of the meeting. A similar email will be sent if a new meeting invitation arrives. Outlook will also block out your schedule, showing you as unavailable.

Naturally, don’t expect this feature to be available to just every Outlook user. You’ll have to subscribe to Office 365, Microsoft’s recurring business subscription, if you want to professionally tell your work colleagues that you’ll be enjoying a few well-deserved days off. (In other words, this feature isn’t available if you use just the standalone version of Office 2016.) It is available, though, via Outlook.com. The implication is that you should manage your respective work and personal calendars with two separate services.

There’s one hitch: Even if you subscribe to Office 365 and use the standalone Office apps, the only way to enable these additional features is to log in to your work or personal Outlook email via a browser. From either the Mail or Calendar view within Outlook, go up to the gear icon (Settings) in the upper right and click Automatic Replies. Microsoft said it may add these options within other applications, such as the Android or iOS versions of Outlook, in the future.

Why this matters: Part of the worry about going on vacation is that you “pay” for your time off, either with more work before or after your vacation. Microsoft may not be able to do anything about that, but as your holiday draws nearer, at least your colleagues will be reminded that someone else will need to pick up the slack.

Facebook’s Terragraph project aims to replace fiber with fast, low-cost Wi-Fi

terragraph-facebook-100655920-orig.png

Facebook’s plan to connect the world to the Internet is ambitious. It also has many arms. There’s Aquila, the solar-powered plane that will beam Internet to the ground. Then there’s Project ARIES, a plan to extend connectivity to rural areas cheaper and faster, so people who live close to cities will be able to access the Internet. But Facebook’s newest project is on the ground. It’s called Terragraph, a low-cost, high-speed wireless network that will replace fiber in big cities.

Facebook will pilot Terragraph in downtown San Jose later this year after a trial run at its Menlo Park campus. The company is placing cheap IPv6-only nodes with WiGig chips on lamp posts, utility poles, and small buildings that will broadcast Internet using unlicensed 60GHz spectrum. That spectrum doesn’t have very good range and is easily absorbed by water and oxygen, said Jay Parikh, Facebook’s vice president of engineering, during the company’s F8 developers conference Wednesday keynote. But that’s perfect for Facebook, because the company can keep street-level Wi-Fi capacity high for next to nothing.

project aries facebook

Project ARIES will add more antennas to extend connectivity out to the more more than 90 percent of people around the world who live within 40 kilometers of a city. ARIES puts base stations with 96 antennas supporting 24 streams at 71 bits per second in urban areas to extend Internet out to rural areas.

Facebook’s goal is to increase connectivity speed by 10 times or reduce its cost by 10 times—ideally both. Aquila, ARIES, and Terragraph are its grand plans to do just that over the next decade. Parikh said the company doesn’t want to own Internet access, as it’s been accused of in its attempt to bring its Free Basics program to developing countries. Free Basics offers users access to specific essential apps for free, including Facebook (of course), health care apps, job search services, and more. But some claim that Free Basics violates net neutrality tenets, and it was recently banned in India.

facebook f8 connectivity

“It’s not our aim to build and deploy these networks by ourselves,” Parikh said. “We just want to advance the state of the art. We want to help accelerate how people get connected to the Internet. We have a long journey ahead. I’m excited we’ve taken the first couple of steps.”

The Google exec who brought us Project Ara, Tango, and Jacquard leaves for Facebook

dugan_atap-100655929-orig.jpg

It’s always encouraging to hear about women kicking ass and taking names in the technology sector, but the loss of former DARPA director Regina Dugan is surely a huge blow to Google’s Advanced Technologies and Projects (ATAP) group.

Since 2012, Dugan’s led Google’s ATAP division through a particularly creative era. She helped propel technologies like Project Tango, which is launching its first smartphone this summer; Project Ara, which is Google’s attempt at launching a fully modular smartphone; and Project Jacquard, which involves weaving multitouch textile sensors into regular clothing. You might also remember Dugan showing off an electronic tattoo at the All Things D conference years back.

As Wired notes, part of Dugan’s philosophy at Google was that researchers were assigned to projects for no more than two years. “I believe that’s essential for innovation,” Dugan told Wired last year. “One week of their time is one percent of their entire duration in ATAP. That makes them impatient with bureaucracy and process. And with a small enough group, you can start to strip away those things and go really fast.”

Dugan offered her own statement on the “bittersweet” move to Facebook:

I am on the one hand, tremendously excited. Building 8 is an opportunity to do what I love most… tech infused with a sense of our humanity. Audacious science delivered at scale in products that feel almost magic. A little badass. And beautiful. There is much to build at Facebook… and the mission is human… compelling.

I am sad to leave the pirates of ATAP…Each of our efforts to create new, seemingly impossible products, has been faced with intense challenges along the way. Technical challenges. Organizational challenges. Challenges that might have broken lesser teams. This is the type of work we signed up for when we built ATAP. It is terrifying because it means we have to face our fear of failure, stare it down, more days than most. So be it.

At Facebook, Dugan will lead Building 8, which is literally a building on the social network’s Menlo Park campus that is devoted to hardware innovation. There are few details about Building 8 to begin with, but Facebook hinted that it will primarily focus on developing “new hardware products to advance our mission of connecting the world.” It’ll be interesting to see if Dugan has a hand in any of the weird hardware shown at F8, too, like this VR selfie stick.

Of her departure, Google told The Verge, “We thank Regina Dugan for all her leadership and contributions as part of the Advanced Technology and Projects group, and wish her the very best.” But the question remains of who will be able to fill such giant, innovative shoes.

New USB-C authentication spec protects against malware and shoddy chargers

monoprice-31-usbc-usbc-cable-130031-100577830-orig.jpg

The battle against “bad” USB Type-C cableshas a new ally: The USB 3.0 Promoters Group. The coalition—made up of tech company heavyweights including HP, Intel, and Microsoft—announced the USB Type-C Authentication specification on Tuesday. The new spec will allow devices to confirm the integrity of a USB-C charger, cable, or device before allowing data or significant power to run through it.

The new capability lets a device check a variety of items about a charger or cable’s credentials, including its descriptor, capabilities, and certification status. The process will use 128-bit cryptographic signatures for authentication.

Protecting against inappropriately designed USB chargers is only one focus of the new specification. It’s also meant to protect against malicious hardware or software attempting to deliver an exploit via USB.

It’s not clear when we can expect device and peripheral makers to start building the authentication into their products. Once it is running, the USB 3.0 Promoters Group imagines a number of scenarios where the new specification will come in handy.

If you’re concerned about charging your phone at a public terminal, for example, your handset can be set to only allow power from certified chargers. Or, an IT department could use the technology to allow only verified USB storage devices to interface with company PCs.

The story behind the story: The new authentication specification comes several months after Google engineer Benson Leung began fighting against shoddy USB-C cables. Since November, Leung has been reviewing Type-C USB cables—including Type-A to Type-C—and calling out those that aren’t up to “code” and have the potential to harm your device. In late March, Amazon also joined the fight by blacklisting non-compliant USB-C cables. Now with the new authentication specification, it should become even easier to avoid poorly developed cables that have the potential to harm your gear.

Amazon launches the Kindle Oasis, a premium $290 e-reader with a love handle

amazonoasis-100655857-orig.jpg

Amazon is turning the e-reader into a luxury item with the new Kindle Oasis.

Starting at $280, the Kindle Oasis is Amazon’s most expensive e-reader since theKindle DX from 2010. Amazon says its mission with Kindle is to “make the device disappear so you can lose yourself in an author’s story,” and in this case, that means making the device more book-like.

To wit: One side of the Kindle Oasis sports an extra-wide, extra-thick bezel, which seems like a nod to the spine of a paper book. Users can hold it in either hand, and the screen will flip around accordingly.

Amazon is also including a leather cover with the Oasis. Aside from just making the package look classier, the cover includes its own battery, which combines with the e-reader for up to eight weeks on a charge. Plugging in the Kindle Oasis with the cover attached will charge both devices, and the e-reader is smart enough to deplete the cover’s battery before tapping into its own reserves.

amazonoasiscovers
A choice of Kindle Oasis battery cover is included in the $280 price.

Those flourishes aside, the Kindle Oasis is similar to 2014’s Kindle Voyage, with a 6-inch 300 dpi display and 4GB of storage for holding thousands of ebooks. The Oasis should be brighter, however, with 10 LEDs compared to 6 LEDs in the Voyage. Its 0.29 lb. frame (without the cover) is also much lighter than any other Kindle. (Attaching the cover brings the weight up to 0.53 ounces, which is still lighter than most small tablets.)

Amazon hasn’t given a precise release date for the Kindle Oasis, but is taking pre-orders now for shipping in the “coming weeks.” As with other Kindles, Amazon charges an extra $20 to remove “Special Offers” ads from the device’s lock screen. A 3G model (for downloading books without Wi-Fi) is also available for $70 more.

Meanwhile, Amazon still sells a basic Kindle for $80, the higher-resolution Kindle Paperwhite for $120, and the $200 Voyage with adaptive lighting.

Why this matters: For years, Amazon had been racing to the bottom on e-reader pricing as it tried to edge out rivals like Nook, Kobo, and Sony. Although the company still sells readers for cheap, it’s also trying to appeal to ebook diehards at a premium. Amazon must have enjoyed some success on that front with the Kindle Voyage, given that the company is now charging even higher prices for the Kindle Oasis.

4 ways Chrome’s Safe Browsing protects you from devious Internet dangers

deceptivedownloads-100655860-orig.png

Despite working on self-driving cars, virtual reality, and other side projects, Google still makes most of its money from the web. That’s why the company pays so much attention to protecting users from malicious content online. In recent years, Google has beefed up its Safe Browsing initiative to protect Chrome users—as well as users of other browsers—from a wide array of devious online threats.

If you’ve ever used Chrome you’ve likely seen this protection before, which appears as a giant red warning screen where you expected to see a webpage. You can still visit the page by clicking through via the details link, but Google’s advice is to stay away until the site creators fix the problem.

Why this matters: Advanced users may look at some of Google’s safe browsing actions as overly zealous or reducing user control. But the fact is the Internet can quickly turn into a minefield of threats for the average user. Plus, there’s always the hope that Google’s blacklisting of sites using deceptive behaviors may encourage a good number of them to change their annoying ways.

Here’s a look at some of the bigger threats Google has added to its Safe Browsing protection in recent months.

Deceptive download buttons in ads

In February, Google decided to take a stand against tricky downloads in ads. If you’ve ever visited a mildly unsavory website you’ve seen these tactics many times (sometimes even in ads served by Google itself, ironically enough). Deceptive ads feature download buttons that attempt to appear part of a website’s design, or a pop-up window that looks like it comes from your operating system. Often these ads offer to download a “required” media player or an update for out-of-date software.

Unwanted software warnings

A year prior to battling ad downloads, Google took a stand against what it calls “unwanted software.” The umbrella term applies to a variety of different scenarios, including software that piggybacks on another installation or software that makes changes to your system such as swapping your default search engine or homepage.

Download blocks

chromedownloadwarning

One of the earliest defenses Chrome offered against potential problems online was download blocking. Six months before Google introduced warnings against sites containing unwanted software, Chrome “blocked” these programs after you started the download process.

When you download a file Google considers potentially malicious, you’ll see a warning in the downloads bar at the bottom of Chrome with a dismiss button and a “Do Not Enter” icon. The warning lacks an option to open the unwanted software, but these downloads aren’t truly blocked since you can still access them from the downloads tab in Chrome, or simply open the file directly.

Social engineering

Blocking potentially malicious ads and annoying software is great, but social engineering attacks are also a growing threat online. These are basically advanced phishing techniques that try to mimic a trusted brand, create fake warning pages, or fake logins. Google started blocking sites with this kind of deceptive content in November.

Sling TV adds a multi-stream “beta” bundle with Fox channels and regional sports

sling-tv-logo-100538814-orig.png

Sling TV has answered subscribers’ cries for multiple stream support and regional sports. But as is often the case in the world of TV bundles, there’s a catch.

The new multi-stream plan costs $20 per month, and allows up to three simultaneous streams per account. However, the lineup of channels in this package is not quite the same as Sling’s single-stream plan, which also costs $20 per month.

For example, the multi-stream plan includes Fox on-demand, along with regional Fox Sports (plus YES Network in New York), FX, and National Geographic, none of which have ever been part of the single-stream plan. TruTV, UniMas, and Univision are also included, whereas they cost extra for single-stream subscribers.

In some markets, a live feed of Fox’s local station will also be available. For now, this applies to Atlanta, Austin, Charlotte, Chicago, Dallas, Detroit, Gainesville, Houston, Los Angeles, Minneapolis, New York, Orlando, Philadelphia, Pa., Phoenix, San Francisco, Tampa, and Washington D.C.

Why would you stick with the single-stream plan, then? Because some its channels aren’t available if you’re on a multi-stream package, including ESPN, ESPN2, Disney Channel, and Freeform. Certain add-on packages are also unavailable to multi-stream subscribers, including Kids Extra and Sports Extra.

Technically, you could subscribe to both the single-stream and multi-stream packages, but then you’re paying $40 per month for a whole lot of overlap. At that point, you should probably consider Sony’s PlayStation Vue streaming service instead (if your hardware supports it), which starts at $30 per month for more than 55 channels (or $35 with both ESPN and Fox Sports), and supports up to five streams at a time.

For now, Sling is labeling the multi-stream plan as a “beta,” and is promising to add new channels, features, and functions over time. Sling has also posted a PDF file that compares the single- and multi-stream plans.

Why this matters: Sling TV’s new plan could cause some anguish among subscribers, especially sports fans who must now choose between ESPN and regional sports in their base package. But the plan also illustrates the minefield that streaming video rights can be, as some TV networks only want to play ball under certain conditions.

Netflix flips the switch on eye-popping HDR video streaming

netflix_new_logo_580x388-100435724-orig.jpg

Netflix has kicked off its support for HDR video, providing more vibrant visuals on supported TV sets.

HDR, short for high dynamic range, allows for much higher brightness levels and a greater range between dark and light. As a result, bright highlights and shadowy scenes have much more color detail compared to standard dynamic range.

For now, Netflix’s sole HDR offering is season 1 of Marco Polo, but the companytold FlatPanelsHD that Marvel’s Daredevilwill get HDR in the future. It’s unclear what other shows might get HDR support, as Netflix has yet to make an “all original shows” pledge as it previously did for its 4K Ultra HD programming.

That’s not exactly launching with a bang, but most people won’t be able to take advantage of HDR right now anyway. To play back HDR content, you need a capable TV, and they only started trickling onto the market last year. TV makers are pushing the new format hard this year, however, and if you buy a high-end set in 2016 from vendors such as LG, Samsung, Sharp, Sony, or Vizio, there’s a good chance it will support HDR.

Netflix's Marco Polo
Netflix picked its tepidly received original series Marco Polo to be the first programming it will stream in HDR.

Netflix also has its own requirements for HDR playback: Subscribers will need Netflix’s 4K Ultra HD plan, which costs $12 per month. And as with existing 4K streams, Netflix recommends Internet speeds of at least 25 Mbps per second. That’s five times faster than what the company recommends for 1080p playback.

As for particular HDR formats, Netflix is supporting both the open HDR-10 and the proprietary Dolby Vision, the latter of which works on HDR sets from Vizio, TCL, and LG. As we explained in January, HDR-10 is likely to be the baseline in any HDR stream, and Dolby Vision sets should support that format as well. So while there is a format war brewing, it’s fairly low stakes for consumers.

Why this matters: Although Netflix doesn’t have much HDR content to show, it’s still a big milestone for the service, and it brings subscribers up to par with Amazon Video, which started dabbling in HDR last year. With movie studios charging hefty prices for a la carte HDR streams and Blu-ray discs, subscription services like Netflix will be the cheapest path to enjoying your new expensive TV for the foreseeable future.

Tata Tiago prices could be hiked soon

Tata Tiago prices could be hiked soon

It had been a long time coming but when it finally did, the Tata Tiago swept everyone off the floor; especially with its aggressive pricing at Rs 3.2 lakh for the petrol and Rs 4.18 lakh (all prices ex-showroom Delhi) for the diesel. To the disappointment of future buyers though, recent developments suggest that the new hatchback could be in for a price hike soon.

“Holding to this price is difficult,” Tata Motors’ sales and network (passenger vehicles) vice-president SN Barman said at the Kolkata launch of Tiago on Monday. But he declined to comment on how long the introductory prices would continue.

Tata Motors had launched the Tiago earlier this month after a couple of hiccups, including an analogy with the name of a deadly virus. Nonetheless, the hatchback, with its fresh design language and larger appeal is set to spell the dawn of a new tomorrow for the Indian manufacturer.

“We have now launched ‘Tiago’; there will be three more launches in the next 12-18 months. We hope our market share will improve with the launches of four new cars,” Barman said.

The company also looks to expand its dealership footprint in the tier I and II cities of India that have emerged as budding markets for car sales. Barman informed that the number of dealerships could be ramped up to 1,200 within the next three years.

As for the Tiago, it is available in the petrol form with a 1.2-litre 3-cylinder engine that makes 85PS of peak power and 114Nm of peak torque, while the diesel avatar is propelled by a 1.0-litre turbocharged 3-cylinder engine that makes 70PS of peak power and 140Nm of peak torque. The new Tiago gets a five speed manual gearbox while the AMT option could be available soon as well.

The car will be offered in five trims and Tata claims ARAI fuel efficiency figure of 23.84kmpl for petrol variant and 27.28kmpl for the diesel version. The new Tiago will go up against cars like the Hyundai Grand i10 and the Maruti Suzuki Celerio in the segment.