"Code generation AI — AI systems that can write in different programming languages given a prompt — promise to cut development costs while allowing coders to focus on creative, less repetitive tasks," writes VentureBeat.

"But while research labs like OpenAI and Alphabet-backed DeepMind have developed powerful code-generating AI, many of the most capable systems aren't available in open source." For example, the training data for OpenAI's Codex, which powers GitHub's Copilot feature, hasn't been made publicly available, preventing researchers from fine-tuning the AI model or studying aspects of it such as interpretability.

To remedy this, researchers at Carnegie Mellon University — Frank Xu, Uri Alon, Graham Neubig, and Vincent Hellendoorn — developed PolyCoder, a model based on OpenAI's GPT-2 language model that was trained on a database of 249 gigabytes of code across 12 programming languages. While PolyCoder doesn't match the performance of top code generators in every task, the researchers claim that PolyCoder is able to write in C with greater accuracy than all known models, including Codex....

"Large tech companies aren't publicly releasing their models, which is really holding back scientific research and democratization of such large language models of code," the researchers said. "To some extent, we hope that our open-sourcing efforts will convince others to do the same. But the bigger picture is that the community should be able to train these models themselves. Our model pushed the limit of what you can train on a single server — anything bigger requires a cluster of servers, which dramatically increases the cost."

BrendaEM shares a report from The Register: Ukrainian news website Ukrainska Pravda says the nation's Centre for Defense Strategies think tank has obtained the personal details of 120,000 Russian servicemen fighting in Ukraine. The publication has now shared this data freely on its website. The Register and others have been unable to fully verify the accuracy of the data from the leak. The records include what appears to be names, addresses, passport numbers, unit names, and phone numbers. Some open source intelligence researchers on Twitter said they found positive matches, as did sources who spoke confidentially to El Reg; others said they couldn't verify dip-sampled data. Rumors swirled on the internet that activists were behind the disclosure. The Ukrainian news agency said the personnel records were obtained from "reliable sources." Whether or not the database's contents is real, the impact on Russian military morale -- knowing that your country's enemies have your personal details and can contact your family if you're captured, killed, or even still alive -- won't be insignificant.

An anonymous reader quotes a report from ZDNet: A group of Brazilian researchers has created a web platform that is able to identify false information online in an automated manner. Developed by academics at the Center for Mathematical Sciences Applied to Industry (CeMEAI), the system uses a combination of statistical models and machine learning techniques to establish whether a specific content in Brazilian Portuguese is likely to be false. Initial tests suggest the platform is able to detect fake news with a 96% accuracy. The CeMEAI is a research center based in the mathematics and computer science department of the University of Sao Paulo, in the Sao Paulo state city of Sao Carlos. The center is supported by grants from the Sao Paulo Research Agency (FAPESP). In an interview with FAPESP's news agency, project coordinator and technology transfer director Francisco Louzada Neto said the goal of the project is "to offer society an additional tool to identify, not only subjectively, whether a news item is false or not."

The system uses statistical methods to analyze writing characteristics, such as words used or more frequently used grammatical classes. These are then fed into a machine learning-based classifier, which is able to distinguish patterns of language, vocabulary and semantics of fake and real news, and automatically infer whether the content submitted to the platform is false. The models were trained with a massive database of real and false news and were exposed to the vocabulary used in over 100,000 articles published over the last five years. The researchers will aim to use the false news related to the upcoming presidential elections, as well as content related to the Covid-19 pandemic to further calibrate the models. The researchers also commented on the potential risks of the system in the interview, including the potential that the system could be used by fake news creators to assess the potential for false content to pass for real before it is published. "That's a risk we're going to have to deal with," Louzada noted.

An anonymous reader quotes a report from Krebs on Security: Missouri Governor Mike Parson made headlines last year when he vowed to criminally prosecute a journalist for reporting a security flaw in a state website that exposed personal information of more than 100,000 teachers. But Missouri prosecutors now say they will not pursue charges following revelations that the data had been exposed since 2011 -- two years after responsibility for securing the state's IT systems was centralized within Parson's own Office of Administration. [...]

On Monday, Feb. 21, The Post-Dispatch published the 158-page report (PDF), which concluded after 175 hours of investigation that [St. Louis Post-Dispatch reporter Josh Renaud] did nothing wrong and only accessed information that was publicly available. Emails later obtained by the Post-Dispatch showed that the FBI told state cybersecurity officials that there was "not an actual network intrusion" and the state database was "misconfigured." The emails also revealed the proposed message when education department leaders initially prepared to respond in October: "We are grateful to the member of the media who brought this to the state's attention," was the proposed quote attributed to the state's education commissioner before Parson began shooting the messenger.

The Missouri Highway Patrol report includes an interview with Mallory McGowin, the chief communications officer for the state's Department of Elementary and Secondary Education (DESE). McGowin told police the website weakness actually exposed 576,000 teacher Social Security numbers, and the data would have been publicly exposed for a decade. McGowin also said the DESE's website was developed and maintained by the Office of Administration's Information Technology Services Division (ITSD) -- which the governor's office controls directly. "I asked Mrs. McGowin if I was correct in saying the website was for DESE but it was maintained by ITSD, and she indicated that was correct," the Highway Patrol investigator wrote. "I asked her if the ITSD was within the Office of Administration, or if DESE had their on-information technology section, and she indicated it was within the Office of Administration. She stated in 2009, policy was changed to move all information technology services to the Office of Administration." The report was a vindication for Renaud and for University of Missouri-St. Louis professor Shaji Khan, who helped the Post-Dispatch verify that the security flaw existed. Khan was also a target of Parson's vow to prosecute "the hackers." Khan's attorney Elad Gross told the publication his client was not being charged, and that "state officials committed all of the wrongdoing here."

"They failed to follow basic security procedures for years, failed to protect teachers' Social Security numbers, and failed to take responsibility, instead choosing to instigate a baseless investigation into two Missourians who did the right thing and reported the problem," Gross told The Post-Dispatch. "We thank the Missouri State Highway Patrol and the Cole County Prosecutor's Office for their diligent work on a case that never should have been sent to them."

tThe Washington Post reports: Clearview AI is telling investors it is on track to have 100 billion facial photos in its database within a year, enough to ensure "almost everyone in the world will be identifiable," according to a financial presentation from December obtained by The Washington Post.

Those images — equivalent to 14 photos for each of the 7 billion people on Earth — would help power a surveillance system that has been used for arrests and criminal investigations by thousands of law enforcement and government agencies around the world. And the company wants to expand beyond scanning faces for the police, saying in the presentation that it could monitor "gig economy" workers and is researching a number of new technologies that could identify someone based on how they walk, detect their location from a photo or scan their fingerprints from afar.

The 55-page "pitch deck," the contents of which have not been reported previously, reveals surprising details about how the company, whose work already is controversial, is positioning itself for a major expansion, funded in large part by government contracts and the taxpayers the system would be used to monitor. The document was made for fundraising purposes, and it is unclear how realistic its goals might be. The company said that its "index of faces" has grown from 3 billion images to more than 10 billion since early 2020 and that its data collection system now ingests 1.5 billion images a month.

With $50 million from investors, the company said, it could bulk up its data collection powers to 100 billion photos, build new products, expand its international sales team and pay more toward lobbying government policymakers to "develop favorable regulation."
The article notes that major tech companies like Amazon, Google, IBM and Microsoft have all limited or ended their own sales of facial recognition technology — adding that Clearview's presentation simple describes this as a major business opportunity for themselves.

In addition, the Post reports Clearview's presentation brags "that its product is even more comprehensive than systems in use in China, because its 'facial database' is connected to 'public source metadata' and 'social linkage' information."

An anonymous reader quotes a report from Ars Technica: The San Francisco Police Department's crime lab has been checking DNA collected from sexual assault victims to determine whether any of the victims committed a crime, according to District Attorney Chesa Boudin, who called for an immediate end to the alleged practice. "The crime lab attempts to identify crime suspects by searching a database of DNA evidence that contains DNA collected from rape and sexual assault victims," Boudin's office said in a press release yesterday. Boudin's release denounced the alleged "practice of using rape and sexual assault victims' DNA to attempt to subsequently incriminate them."

"Boudin said his office was made aware of the purported practice last week, after a woman's DNA collected years ago as part of a rape exam was used to link her to a recent property crime," the San Francisco Chronicle reported yesterday. The woman "was recently arrested on suspicion of a felony property crime, with police identifying her based on the rape-kit evidence she gave as a victim, Boudin said." That was the only example provided, and Boudin gave few details about the case to protect the woman's privacy. But the database may include "thousands of victims' DNA profiles, with entries over 'many, many years,' Boudin said," according to the Chronicle. "We should encourage survivors to come forward -- not collect evidence to use against them in the future. This practice treats victims like evidence, not human beings. This is legally and ethically wrong," Boudin said.

San Francisco Police Chief Bill Scott said the department will investigate and that he is "committed to ending the practice" if Boudin's allegation is accurate. But Scott also said the suspect cited by Boudin may have been identified from a different DNA database. "We will immediately begin reviewing our DNA collection practices and policies... Although I am informed of the possibility that the suspect in this case may have been identified through a DNA hit in a non-victim DNA database, I think the questions raised by our district attorney today are sufficiently concerning that I have asked my assistant chief for operations to work with our Investigations Bureau to thoroughly review the matter and report back to me and to our DA's office partners," Scott said in a statement published by KRON 4. Scott also said, "I am informed that our existing DNA collection policies have been legally vetted and conform with state and national forensic standards," but he noted that "there are many important principles for which the San Francisco Police Department stands that go beyond state and national standards." "We must never create disincentives for crime victims to cooperate with police, and if it's true that DNA collected from a rape or sexual assault victim has been used by SFPD to identify and apprehend that person as a suspect in another crime, I'm committed to ending the practice," Scott said. Even though the alleged practice may already be illegal under California's Victims' Bill of Rights, State Senator Scott Wiener (D-San Francisco) and District 9 Supervisor Hillary Ronen are planning legislation to stop the alleged misuse of DNA.

Wiener said that "if survivors believe their DNA may end up being used against them in the future, they'll have one more reason not to participate in the rape kit process. That's why I'm working with the DA's office to address this problem through state legislation, if needed."

An anonymous reader quotes a report from the New York Times: On March 4, a human-made piece of rocket detritus will slam into the moon. But it turns out that it is not, as was previously stated in a number of reports, including by The New York Times, Elon Musk's SpaceX that will be responsible for making a crater on the lunar surface. Instead, the cause is likely to be a piece of a rocket launched by China's space agency.

Last month, Bill Gray, developer of Project Pluto, a suite of astronomical software used to calculate the orbits of asteroids and comets, announced that the upper stage of a SpaceX Falcon 9 rocket was on a trajectory that would intersect with the path of the moon. [...] But an email on Saturday from Jon Giorgini, an engineer at NASA's Jet Propulsion Laboratory in California, changed the story. Mr. Giorgini runs Horizons, an online database that can generate locations and orbits for the almost 1.2 million objects in the solar system, including about 200 spacecraft. A user of Horizons asked Mr. Giorgini how certain it was that the object was part of the DSCOVR rocket. "That prompted me to look into the case," Mr. Giorgini said.

Part of a rocket is expected to crash into the far side of the moon on March 4. Initially thought to be a SpaceX rocket stage, the object may actually be part of a Long March 3C rocket [that launched China's Chang'e-5 T1 spacecraft on Oct. 23, 2014]. He found that the orbit was incompatible with the trajectory that DSCOVR took, and contacted Mr. Gray. [...] Mr. Gray now realizes that his mistake was thinking that DSCOVR was launched on a trajectory toward the moon and using its gravity to swing the spacecraft to its final destination about a million miles from Earth where the spacecraft provides warning of incoming solar storms. But, as Mr. Giorgini pointed out, DSCOVR was actually launched on a direct path that did not go past the moon. "I really wish that I had reviewed that" before putting out his January announcement, Mr. Gray said. "But yeah, once Jon Giorgini pointed it out, it became pretty clear that I had really gotten it wrong." There is still no chance of the rocket missing the moon, the report says.

"As for what happened to that Falcon 9 part, 'we're still trying to figure out where the DSCOVR second stage might be,' Mr. Gray said," according to the Times. "The best guess is that it ended up in orbit around the sun instead of the Earth, and it could still be out there. That would put it out of view for now."

Remember when more than 100,000 Social Security numbers of Missouri teachers were revealed in the HTML code of a state web site? The St. Louis Post-Dispatch's reporter informed the state government and delayed publishings his findings until they'd fixed the hole — but the state's governor then demanded the reporter's prosecution, labelling him "a hacker." In the months that followed, throughout a probe — which for some reason was run by the state's Highway Patrol — the governor had continued to suggest that prosecution of that reporter was imminent.

But it's not. The St. Louis Post-Dispatch reports: A St. Louis Post-Dispatch journalist will not be charged after pointing out a weakness in a state computer database, the prosecuting attorney for Cole County said Friday. Prosecutor Locke Thompson issued a statement to television station KRCG Friday, saying he appreciated Gov. Mike Parson for forwarding his concerns but would not be filing charges....

Parson, who had suggested prosecution was imminent throughout the probe, issued a statement saying Thompson's office believed the decision "was properly addressed...." Post-Dispatch Publisher Ian Caso said in a statement Friday: "We are pleased the prosecutor recognized there was no legitimate basis for any charges against the St. Louis Post-Dispatch or our reporter. While an investigation of how the state allowed this information to be accessible was appropriate, the accusations against our reporter were unfounded and made to deflect embarrassment for the state's failures and for political purposes...."

There is no authorization required to examine public websites, but some researchers say overly broad hacking laws in many jurisdictions let embarrassed institutions lob hacking allegations against good Samaritans who try to flag vulnerabilities before they're exploited....

A political action committee supporting Parson ran an ad attacking the newspaper over the computer incident, saying the governor was "standing up to the fake news media."
Thanks to long-time Slashdot reader UnknowingFool for submitting the story.

Major rightsholders and internet companies in Russia have signed a new memorandum of cooperation designed to make pirated movies, TV shows and other content harder to find. In addition to automatically removing reported infringing links within hours, search engines have agreed to completely deindex all domains that carry 100 or more links to infringing content. TorrentFreak reports: Signed in 2018, a memorandum of cooperation signed by major rightsholders and internet companies including Yandex changed the way infringing content is handled. Following the creation of a centralized database of pirated content, the Internet companies agreed to query it every few minutes in order to remove corresponding content from their platforms within six hours. Over a period of three years, more than 40 million infringing links have now been removed from search results. Since its introduction, the memorandum has been renewed several times alongside calls for the system to be opened up to a wider range of rightsholders, such as those operating in the publishing sector. While that is yet to happen, a new memorandum has just been signed by the original signatories containing an even more powerful anti-piracy tool.

Under the current agreement (which is set to expire early September 2022), rightsholders must submit specific URLs to infringing content to the centralized database controlled by the Media Communications Union (ISS). These specific URLs are then delisted by search engines but rightsholders complain that the same content can reappear under a new URL, meaning that the process must be repeated. To deal with this type of 'pirate' countermeasure, the new memorandum requires search companies to take more stringent action. Any domain that has 100 or more 'pirate' links reported to the database will be deindexed entirely by search engines, meaning that they essentially become invisible to anyone using a search engine. This must be carried out quickly too, within 24 hours according to ISS. Given the number of links to infringing content posted to non-pirate sites, safeguards will also be introduced to protect legitimate resources from deindexing. These include media sites, government projects, search engines themselves, social networks, and official content providers. "Alongside the development of the memorandum a new law is being drafted, with the aim of enshrining its voluntary terms into local law," adds TorrentFreak. "That should allow other rightsholders that aren't current signatories to obtain similar benefits. At the time of writing, however, progress on the legal front is taking its time and might still take a few more months."

An anonymous reader quotes a report from The Associated Press: The Washington State Department of Licensing said the personal information of potentially millions of licensed professionals may have been exposed after it detected suspicious activity on its online licensing system. The agency licenses about 40 categories of businesses and professionals, from auctioneers to real estate agents, and it shut down its online platform temporarily after learning of the activity in January, agency spokesperson Christine Anthony said Friday. Data stored on the system, which is called POLARIS, could include Social Security numbers, birth dates and driver's licenses. The agency doesn't yet know whether such data was actually accessed or how many individuals may have been affected, Anthony said.

Anthony said the agency has been working with the state Office of Cybersecurity, the state Attorney General's Office and a third-party cybersecurity firm to understand the scope of the incident, The Seattle Times reported Friday. In the meantime, the shutdown of the POLARIS system is causing problems for some professionals and firms that need to apply for, renew or modify their licensing. The size of the breach remains unclear. Data from 23 professions and business types licensed by the state is processed via POLARIS, Anthony said. Within those 23 categories, which also include bail bonds agents, funeral directors, home inspectors and notaries, the agency has around 257,000 active licenses in its system, Anthony said, adding that "there are likely more records that may be identified while conducting our investigation."

New submitter Beerismydad writes: The IRS said Monday it will suspend the use of facial recognition technology to authenticate people who create online accounts after the practice was criticized by privacy advocates and lawmakers. The agency said it would no longer use a third-party service, called ID.me, for facial recognition. Critics of the software said the database could become a target for cyberthreats. They also expressed concern about how the information could be used by other government agencies, among other concerns. Earlier Monday, Senate Finance Committee Chair Ron Wyden, D-Ore., called on the agency to end its use of the ID.me software. After the IRS announced the practice would be suspended, Wyden said "the Treasury Department has made the smart decision to direct the IRS to transition away from using the controversial ID.me verification service. No one should be forced to submit to facial recognition to access critical government services."

Long-time Slashdot reader olddoc and his wife have three frequently-used credit cards, stored at many online businesses for easy checkout.

"In the past 6 months we have received fraud notices from the card companies three times." Typically there is a $1 charge in a far away location. Once there was a charge for thousands of dollars at a bar. The card companies seem to pick up the fact that they are fraudulent even though once it was described as "chip present".

What can we do to cut down the number of times we have to update all our ongoing bills with a new card number?
The original submission acknowledges that "We have never lost money to fraud, just time." But is the problem storing the card numbers with online businesses? Long-time Slashdot reader Z00L00K argues "Never ever do this. Never ever have your card stored at an online business even if it's more inconvenient to enter it every time. You NEVER know how your number is stored, it can be stored in a database that's not secure enough or it can be stored in an encrypted cookie on your computer in which case that cookie might be read and decrypted by just about any web site out there if they have figured out how to access cookies for another site. There are a lot of ways that your card details can leak."

That comment also concedes it's possible someone's using a card-number generator to target the same range of credit card numbers. But is there a better solution?

Share your own thoughts in the comments. How can you keep your credit card numbers from being stolen?

A group of lawmakers have re-introduced the EARN IT Act, an incredibly unpopular bill from 2020 that "would pave the way for a massive new surveillance system, run by private companies, that would roll back some of the most important privacy and security features in technology used by people around the globe," writes Joe Mullin via the Electronic Frontier Foundation. "It's a framework for private actors to scan every message sent online and report violations to law enforcement. And it might not stop there. The EARN IT Act could ensure that anything hosted online -- backups, websites, cloud photos, and more -- is scanned." From the report: The bill empowers every U.S. state or territory to create sweeping new Internet regulations, by stripping away the critical legal protections for websites and apps that currently prevent such a free-for-all -- specifically, Section 230. The states will be allowed to pass whatever type of law they want to hold private companies liable, as long as they somehow relate their new rules to online child abuse. The goal is to get states to pass laws that will punish companies when they deploy end-to-end encryption, or offer other encrypted services. This includes messaging services like WhatsApp, Signal, and iMessage, as well as web hosts like Amazon Web Services. [...]

Separately, the bill creates a 19-person federal commission, dominated by law enforcement agencies, which will lay out voluntary "best practices" for attacking the problem of online child abuse. Regardless of whether state legislatures take their lead from that commission, or from the bill's sponsors themselves, we know where the road will end. Online service providers, even the smallest ones, will be compelled to scan user content, with government-approved software like PhotoDNA. If EARN IT supporters succeed in getting large platforms like Cloudflare and Amazon Web Services to scan, they might not even need to compel smaller websites -- the government will already have access to the user data, through the platform. [...] Senators supporting the EARN IT Act say they need new tools to prosecute cases over child sexual abuse material, or CSAM. But the methods proposed by EARN IT take aim at the security and privacy of everything hosted on the Internet.

The Senators supporting the bill have said that their mass surveillance plans are somehow magically compatible with end-to-end encryption. That's completely false, no matter whether it's called "client side scanning" or another misleading new phrase. The EARN IT Act doesn't target Big Tech. It targets every individual internet user, treating us all as potential criminals who deserve to have every single message, photograph, and document scanned and checked against a government database. Since direct government surveillance would be blatantly unconstitutional and provoke public outrage, EARN IT uses tech companies -- from the largest ones to the very smallest ones -- as its tools. The strategy is to get private companies to do the dirty work of mass surveillance.

sciencehabit writes: It took just one virus to cripple the world's economy and kill millions of people; yet virologists estimate that trillions of still-unknown viruses exist, many of which might be lethal or have the potential to spark the next pandemic. Now, they have a new -- and very long -- list of possible suspects to interrogate. By sifting through unprecedented amounts of existing genomic data, scientists have uncovered more than 100,000 novel viruses, including nine coronaviruses and more than 300 related to the hepatitis Delta virus, which can cause liver failure. "It's a foundational piece of work," says J. Rodney Brister, a bioinformatician at the National Center for Biotechnology Information's National Library of Medicine who was not involved in the new study. The work expands the number of known viruses that use RNA instead of DNA for their genes by an order of magnitude. It also "demonstrates our outrageous lack of knowledge about this group of organisms," says disease ecologist Peter Daszak, president of the EcoHealth Alliance, a nonprofit research group in New York City that is raising money to launch a global survey of viruses. The work will also help launch so-called petabyte genomics -- the analyses of previously unfathomable quantities of DNA and RNA data.

That wasn't exactly what computational biologist Artem Babaian had in mind when he was in between jobs in early 2020. Instead, he was simply curious about how many coronaviruses -- aside from the virus that had just launched the COVID-19 pandemic -- could be found in sequences in existing genomic databases. So, he and independent supercomputing expert Jeff Taylor scoured cloud-based genomic data that had been deposited to a global sequence database and uploaded by the U.S. National Institutes of Health. As of now, the database contains 16 petabytes of archived sequences, which come from genetic surveys of everything from fugu fish to farm soils to the insides of human guts. (A database with a digital photo of every person in the United States would take up about the same amount of space.) The genomes of viruses infecting different organisms in these samples are also captured by sequencing, but they usually go undetected.

An anonymous reader quotes a report from Ars Technica: Here's a fun new report from Bloomberg: Google is forming a blockchain division. The news comes hot on the heels of a Bloomberg report from yesterday that quoted Google's president of commerce as saying, "Crypto is something we pay a lot of attention to." Web3 is apparently becoming a thing at Google. Shivakumar Venkataraman, a longtime Googler from the advertising division, is running the blockchain group, which lives under the nascent "Google Labs" division that was started about three months ago.

Labs is home to "high-potential, long-term projects," basically making it the new Google X division (X was turned into a less-Google-focused Alphabet division in 2016). Bavor used to be vice president of virtual reality, and Labs contains all of those VR and augmented reality projects, like the "Project Starline" 3D video booth and Google's AR goggles. [...] Not much is known about the group, except that it is focused on "blockchain and other next-gen distributed computing and data storage technologies." Google's growth into a web giant has made it a pioneer in distributed computing and database development, so maybe it could make some noise in this area as well.

OpenSubtitles, one of the largest repositories of subtitle files on the internet, has been hacked. TorrentFreak reports: Founded in 2006, the site was reportedly hacked in August 2021 with the attacker obtaining the personal data of nearly seven million subscribers including email and IP addresses, usernames and passwords. The site alerted users yesterday after the hacker leaked the database online.

"In August 2021 we received message on Telegram from a hacker, who showed us proof that he could gain access to the user table of opensubtitles.org, and downloaded a SQL dump from it. He asked for a BTC ransom to not disclose this to public and promise to delete the data," the post reads. "We hardly agreed, because it was not low amount of money. He explained us how he could gain access, and helped us fix the error. On the technical side, he was able to hack the low security password of a SuperAdmin, and gained access to an unsecured script, which was available only for SuperAdmins. This script allowed him to perform SQL injections and extract the data."

Indeed, searches on data breach site Have I Been Pwned reveals that the database is now in the wild, containing all of the data mentioned by OpenSubtitles and more. [...] OpenSubtitles describes the hack as a "hard lesson" and admits failings in its security. The platform has spent time and money securing the site and is requiring members to reset their passwords. However, for those who have had their data breached, it may already be too late to prevent damage. The hacker has already had access to data for several months and now the breach is in the wild, problems could certainly escalate.

A serious Safari bug disclosed in this blog post from FingerprintJS can disclose information about your recent browsing history and even some info of the logged-in Google account. From a report: A bug in Safari's IndexedDB implementation on Mac and iOS means that a website can see the names of databases for any domain, not just its own. The database names can then be used to extract identifying information from a lookup table. For instance, Google services store an IndexedDB instance for each of your logged in accounts, with the name of the database corresponding to your Google User ID. Using the exploit described in the blog post, a nefarious site could scrape your Google User ID and then use that ID to find out other personal information about you, as the ID is used to make API requests to Google services. In the proof-of-concept demo, the user's profile picture is revealed. FingerprintJS says they reported the bug to Apple on November 28, but it has not yet been resolved.

"The San Diego County Sheriff's Department last week encrypted its radio communications, blocking the public from listening to information about public safety matters in real time," reports the San Diego Union Tribune: The department is the latest law enforcement agency in the county and state to cut off access to radio communications in response to a California Department of Justice mandate that required agencies to protect certain personal information that law enforcement personnel obtain from state databases. Such information — names, drivers license numbers, dates of birth and other information from the California Law Enforcement Telecommunications System, or CLETS — sometimes is broadcast over police radios.

The October 2020 mandate gave agencies two options: to limit the transmission of database-obtained personal information on public channels or to encrypt their radio traffic. Police reform advocates say the switch to encrypted channels is problematic. The radio silence, they say, will force members of the public, including the news media, to rely on law enforcement agencies' discretion in releasing information about public safety matters....

A sheriff's spokesperson has said the department is exploring ways to disseminate information about incidents as they unfold. One idea is an online page that would show information about calls to which deputies respond.

During the past 20 years, deep learning has come to dominate artificial intelligence research and applications through a series of useful commercial applications. But underneath the dazzle are some deep-rooted problems that threaten the technology's ascension. IEEE Spectrum: The inability of a typical deep learning program to perform well on more than one task, for example, severely limits application of the technology to specific tasks in rigidly controlled environments. More seriously, it has been claimed that deep learning is untrustworthy because it is not explainable -- and unsuitable for some applications because it can experience catastrophic forgetting. Said more plainly, if the algorithm does work, it may be impossible to fully understand why. And while the tool is slowly learning a new database, an arbitrary part of its learned memories can suddenly collapse. It might therefore be risky to use deep learning on any life-or-death application, such as a medical one.

Now, in a new book, IEEE Fellow Stephen Grossberg argues that an entirely different approach is needed. Conscious Mind, Resonant Brain: How Each Brain Makes a Mind describes an alternative model for both biological and artificial intelligence based on cognitive and neural research Grossberg has been conducting for decades. He calls his model Adaptive Resonance Theory (ART). Grossberg -- an endowed professor of cognitive and neural systems, and of mathematics and statistics, psychological and brain sciences, and biomedical engineering at Boston University -- based ART on his theories about how the brain processes information. "Our brains learn to recognize and predict objects and events in a changing world that is filled with unexpected events," he says. Based on that dynamic, ART uses supervised and unsupervised learning methods to solve such problems as pattern recognition and prediction. Algorithms using the theory have been included in large-scale applications such as classifying sonar and radar signals, detecting sleep apnea, recommending movies, and computer-vision-based driver-assistance software.

[...] One of the problems faced by classical AI, he says, is that it often built its models on how the brain might work, using concepts and operations that could be derived from introspection and common sense. "Such an approach assumes that you can introspect internal states of the brain with concepts and words people use to describe objects and actions in their daily lives," he writes. "It is an appealing approach, but its results were all too often insufficient to build a model of how the biological brain really works." The problem with today's AI, he says, is that it tries to imitate the results of brain processing instead of probing the mechanisms that give rise to the results. People's behaviors adapt to new situations and sensations "on the fly," Grossberg says, thanks to specialized circuits in the brain. People can learn from new situations, he adds, and unexpected events are integrated into their collected knowledge and expectations about the world.

Europol, the law enforcement agency of the European Union (EU), has been ordered to delete its massive database of information on EU citizens that it collected in recent years if the agency did not link subjects to any ongoing criminal activity. From a report: The decision was announced today by the European Data Protection Supervisor, an EU-independent supervisory authority whose primary objective is to monitor and ensure that European institutions and bodies respect the right to privacy and data protection. The EDPS said that Europol has one year to comply with its decision, during which time the law enforcement agency must filter its database and delete any information on EU citizens that are not part of criminal investigations. Europol will be allowed to process personal information as part of investigations, but the data on those not linked to crimes must be erased after six months. "This means that Europol will no longer be permitted to retain data about people who have not been linked to a crime or a criminal activity for long periods with no set deadline," the EDPS said in a press release on Monday.