Programming

Is Modern Software Development Too Complex? (infoworld.com) 273

Posted by EditorDavid from the killing-complexity dept.
"It has never been more difficult to be a software developer than it is today," says Nigel Simpson, a former director of enterprise technology strategy at Walt Disney.

And they're not the only one who thinks so, writes the U.K. Group editor of InfoWorld: "Complexity kills," Lotus Notes creator and Microsoft veteran Ray Ozzie famously wrote in a 2005 internal memo. "It sucks the life out of developers; it makes products difficult to plan, build, and test; it introduces security challenges; and it causes user and administrator frustration."

If Ozzie thought things were complicated back then, you can't help but wonder what he would make of the complexity software developers face in the cloud-native era. The shift from building applications in a monolithic architecture hosted on a server you could go and touch, to breaking them down into multiple microservices, packaged up into containers, orchestrated with Kubernetes, and hosted in a distributed cloud environment, marks a clear jump in the level of complexity of our software. Add to that expectations of feature-rich, consumer-grade experiences, which are secure and resilient by design, and never has more been asked of developers. "There is a clear increase in complexity when you move to such a pervasive microservices environment," said Amazon CTO Werner Vogels during the AWS Summit in 2019. "Was it easier in the days when everything was in a monolith? Yes, for some parts definitely."

Or, as his colleague, head of devops product marketing at AWS, Emily Freeman, said in 2021, modern software development is "a study in entropy, and it is not getting any more simple."

On the other hand, complex technologies have never been easier to consume off the shelf, often through a single API — from basic libraries and frameworks, to image recognition capabilities or even whole payments stacks. Simply assemble and build your business logic on top. But is it really that simple?
The article also cites a critical 2020 blog post by RedMonk analyst Stephen O'Grady. "The process of application development is simply too fragmented at this point," O'Grady wrote. "The days of every enterprise architecture being three-tier, every database being relational, and every business application being written in Java and deployed to an application server are over.

"The single most defining characteristic of today's infrastructure is that there is no single defining characteristic. It's diverse to a fault."
Privacy

All Those 23andMe Spit Tests Were Part of a Bigger Plan (bloomberg.com) 75

Posted by msmash from the closer-look dept.
23andMe CEO Anne Wojcicki wants to make drugs using insights from millions of customer DNA samples, and doesn't think that should bother anyone. From a report: A few months ago, on the morning 23andMe Holding Co. was about to go public, Chief Executive Officer Anne Wojcicki received a framed sheet of paper she hadn't seen in 15 years. As she was preparing to ring in the Nasdaq bell remotely from the courtyard of her company's Silicon Valley headquarters, Patrick Chung, one of its earliest investors, presented her with the pitch document she'd shown him when she was first asking for money, reproduced on two pieces of paper so she could see both sides. The one-sheet outlined a radical transformation in the field of DNA testing. Wojcicki's plan back then was to turn genetics from the rarefied work of high-end labs into mainstream health and quasi entertainment products.

First she'd sell tastemakers on her mail-in spit kits as a way to learn sort-of-interesting things about their DNA makeup, such as its likely ancestral origins and the chance it would lead to certain health conditions. Eventually she'd be able to lower prices enough to make the kits broadly accessible, allowing 23andMe to build a database big enough to identify new links between diseases and particular genes. Later, this research would fuel the creation of drugs the company could tailor to different genetic profiles. 23andMe would become a new kind of health-care business, sitting somewhere between a Big Pharma lab, a Big Tech company, and a trusted neighborhood doctor.

Some of this still sounds as far off now as it did during the Bush years. Improbably, though, 23andMe has rounded second base and is heading for third. Wojcicki did sell millions of people on DNA test kits -- 11 million and counting -- and bring such tests to the mainstream, with some help from Oprah's holiday gift guide. An estimated 1 in 5 Americans have turned over their genetic material to 23andMe or one of its competitors. Now that she's got the data, Wojcicki is working on the drugs. Her company is collaborating on clinical trials for one compound (and nearing trials for another) that could be used for what's known as immuno-oncology, treatments that attempt to harness the body's complex immune system to beat cancer. 23andMe says it's also exploring drugs with potential use in treatments for neurological, cardiovascular, and other conditions, though it declined to specify them. Last month the company bought Lemonaid Health, a telehealth and drug delivery startup that offers treatment and prescriptions for a select group of conditions, including depression, anxiety, and STDs.
Crime

Aggressive US Marketers are Bringing Police Surveillance Tools to the Masses (msn.com) 112

Posted by EditorDavid from the taking-licenses dept.
"License plate readers are rapidly reshaping private security in American neighborhoods," reports the Washington Post, as aggressively-marketed $2,500-a-year "safety-as-a-service" packages "spread to cover practically everywhere anyone chooses to live in the United States" and "bringing police surveillance tools to the masses with an automated watchdog that records 24 hours a day." Flock Safety, the industry leader, says its systems have been installed in 1,400 cities across 40 states and now capture data from more than a billion cars and trucks every month. "This is not just for million-dollar homes," Flock's founder, Garrett Langley, said. "This is America at its core..."

Its solar-powered, motion-sensing camera can snap a dozen photos of a single plate in less than a second — even in the dark, in the rain, of a car driving 100 mph up to 75 feet away, as Flock's marketing materials say. Piped into a neighborhood's private Flock database, the photos are made available for the homeowners to search, filter or peruse. Machine-learning software categorizes each vehicle based on two dozen attributes, including its color, make and model; what state its plates came from; and whether it had bumper stickers or a roof rack. Each "vehicle fingerprint" is pinpointed on a map and tracked by how often it had been spotted in the past month. The plates are also run against law enforcement watch lists for abducted children, stolen cars, missing people and wanted fugitives; if there's a match, the system alerts the nearest police force with details on how to track it down...

Flock's customer base has roughly quadrupled since 2019, with police agencies and homeowners associations in more than 1,400 cities today, and the company has hired sales representatives in 30 states to court customers with promises of a safer, more-monitored life. Company officials have also attended town hall meetings and papered homeowners associations with glossy marketing materials declaring its system "the most user-friendly, least invasive way for communities to stop crime": a network of cameras "that see like a detective," "protect home values" and "automate [the] neighborhood watch ... while you sleep." Along the way, the Atlanta-based company has become an unlikely darling of American tech. The company said in July it had raised $150 million from prominent venture capital firms such as Andreessen Horowitz, which said Flock was pursuing "a massive opportunity in shaping the future...."

Flock deletes the footage every 30 days by default and encourages customers to search only when investigating crime. But the company otherwise lets customers set their own rules: In some neighborhoods, all the homeowners can access the images for themselves...

Camera opponents didn't want the neighborhood's leaders to anoint themselves gatekeepers, choosing who does and doesn't belong. And they worried that if someone's car was broken into, but no one knew exactly when, the system could lead to hundreds of drivers, virtually all of them innocent, coming under suspicion for the crime. They also worried about the consequences of the cameras getting it wrong. In San Francisco, police had handcuffed a woman at gunpoint in 2009 after a camera garbled her plate number; another family was similarly detained last year because a thief had swiped their tag before committing a crime. And last year in Aurora, 30 miles from Paradise Hills, police handcuffed a mother and her children at gunpoint after a license plate reader flagged their SUV as stolen. The actual stolen vehicle, a motorcycle, had the same plate number from another state. Police officials have said racial profiling did not play a role, though the drivers in all three cases were Black. (The license plate readers in these cases were not Flock devices, and the company said its systems would have shown more accurate results...)

The Paradise Hills opponents were right to be skeptical about a local crime wave. According to Jefferson County sheriff's records shared with The Post, the only crime reports written up since September 2020 included two damaged mailboxes, a fraudulent unemployment claim and some stuff stolen out of three parked cars, two of which had been left unlocked. "I wouldn't exactly say it's a hot spot," patrol commander Dan Aten told The Post...

The cameras clicked on in August, a board member said. In the weeks since, the neighborhood hasn't seen any reports of crime. The local sheriff's office said it hasn't used the Flock data to crack any cases, nor has it found the need to ask.
Flock's founder, Garrett Langley, nonetheless tells the Washington Post, "There are 17,000 cities in America.

"Until we have them all, we're not done."
Google

Google Stadia's Salvaged Future as a Back-end Cloud Service is Here (arstechnica.com) 11

Posted by msmash from the how-about-that dept.
Quick Google Stadia recap: Things have not been great. From a report: Google's AAA cloud gaming service launched in 2019 to middling reviews and since then has severely undershot Google's sales and usage estimates by hundreds of thousands of users. The company shut down its first-party studio, "Stadia Games & Entertainment (SG&E)," before it could ever develop a game, and it did so one week after lead executive Phil Harrison gave the division a positive progress report. Several key executives have left the struggling division, like Assassin's Creed co-creator and SG&E leader Jade Raymond, Stadia's VP and head of product, John Justice, and Engineering Lead Justin Uberti.

When Google killed the game division at the beginning of the year, an accompanying blog post hinted that big changes were coming to Google's strategy: "In 2021, we're expanding our efforts to help game developers and publishers take advantage of our platform technology and deliver games directly to their players." Rather than continuing to push Stadia as a consumer-facing, branded service, Google seems to want to pivot the service to what would essentially be "Google Cloud Gaming Platform." This would be a back-end, white-label service that could power other companies' products, just like a million other Google Cloud products, like database hosting and push messaging. Google said it believes a back-end service "is the best path to building Stadia into a long-term, sustainable business." This all brings us to this Batman game presented by AT&T Wireless.
Security

Hacker Steals Government ID Database for Argentina's Entire Population (therecord.media) 41

Posted by msmash from the security-woes dept.
A hacker has breached the Argentinian government's IT network and stolen ID card details for the country's entire population, data that is now being sold in private circles. The hack, which took place last month, targeted RENAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons. From a report: The agency is a crucial cog inside the Argentinian Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen's personal information.
Microsoft

Security Threat Analyst Accuses Microsoft of Hosting Malware on Office365's OneDrive (itwire.com) 52

Posted by EditorDavid from the dark-clouds dept.
Slashdot reader juul_advocate quotes ITWire: A British tech researcher, who quit working as a security threat analyst with Microsoft a few months back, has called on his former employer to act speedily to remove links to ransomware on its Office365 platform. In a tweet sent on Friday, Beaumont said: "Microsoft cannot advertise themselves as the security leader with 8,000 security employees and trillions of signals if they cannot prevent their own Office365 platform being directly used to launch Conti ransomware. OneDrive abuse has been going on for years. Fix it...."

An overwhelming majority of ransomware attacks only Windows, with an analysis by staff of the Google-owned VirusTotal database last Thursday showing that 95% of 80 million samples analysed — all the way back to January 2020 — were aimed at Windows... Beaumont, who has a well-earned reputation as a researcher who is quick to admit faults in his own industry, acknowledged that other technology companies also played a big role in hosting malware. Quoting a tweet from a Swiss researcher [given below], he said: "And yes, it's not just Microsoft. Tech companies have got to do better."
IT

A Newspaper Informed Missouri About a Website Flaw. The Governor Accused it of 'Hacking' (washingtonpost.com) 120

Posted by msmash from the stranger-things dept.
On Thursday, Gov. Michael Parson (R) called a news conference to warn his state's citizens about a nefarious plot against a teachers' database by a reporter from the St. Louis Post-Dispatch. From a report: "Through a multistep process," Parson said with great solemnity, "an individual took the records of at least three educators, decoded the HTML source code and viewed the Social Security number of those specific educators."

[...] The Post-Dispatch report explains what their reporter, Josh Renaud, did to view the Social Security numbers of Missouri teachers on a website run by the state education department. (The website has been taken down; you can view an old version of it at the Internet Archive.) "Though no private information was clearly visible nor searchable on any of the web pages," the Post-Dispatch's report stated, "the newspaper found that teachers' Social Security numbers were contained in the HTML source code of the pages involved." In other words, it seems, a search tool for teacher credentials responded to searches by including a bunch of information, some of which was embedded in the source code of the page but not visible when just reading the page.
The Internet

All Linux and Mac Computers Get Their Time Zones From the Same Database (medium.com) 128

Posted by EditorDavid from the it's-about-time dept.
"All Linux and Mac-based computers pull their time zones from a massively important database — the time zone database," explains Medium's tech site OneZero. And this vastly crucial project is ultimately overseen by one man who Medium calls "The Time Zone King." The process of defining time zones is centralized. This is actually quite a big deal in its own right because people tend to grossly underestimate how pivotal Linux is to ... the entire internet and technology as we know it...

The time zone database — which is sometimes called the Olson data or zoneinfo database — has a fascinating history... Not only are time zones apparently a longstanding menace for computer developers, but the time zone maintenance community is currently, it seems, mired among some procedural dispute regarding how this essential database should best be maintained. Of course that's an interesting fact in its own right: there is a world time zone data community. In fact, The Register recently described them as being no less than " up in arms " about the direction the project was proceeding down... A difference of vision among time zone enthusiasts might be the neatest summary anybody can advance....

Not only can't the time zone titans currently agree on the best way to carry the timezone database forward, it seems. But the entire process of codifying and standardizing time zones is also decidedly contentious political business with a long and tumultuous history to go with it. Those who enter the fray need to be therefore not only technical heavyweights but also prepared to have the occasional audacity to stand up to countries like the Hashemite Republic of Jordan and tell them that their attempt to prematurely end DST is unacceptable and will not be promulgated in the database... Weary time zone mavericks are bursting to the seams with horror stories of African states who made rash time zone decisions on only four days' notice... Time zone data insiders say that every single one of these high stakes deliberations represents a near Y2K disaster that must be averted...

At the helm of this project is one individual. One guy. Paul Eggert, a computer scientist who teaches at the Department of Computer Science at the University of California's LA Campus... This is a man, after all, whose codebase helps hundreds of millions of users know what time zone they're in and who — for the past ten years — has gone to bed knowing that hundreds of millions of computers are using his code to know what time zone they're in. He's lived under that pressure for over a decade. And by all accounts thrived... Untold millions have been made by startups announcing dubious advents upon existing technologies heralded with the breathless fanaticism of companies announcing that they have found a way to turn air water into oil. Many of these will vanish into oblivion within a few short years. The time zone database won't. Because it can't. And those at the very bottom of the tech stack — those tirelessly and thanklessly maintaining open source projects upon which so much of the world's computing derives — languish in comparable obscurity...

In recent years, the project has fallen under the purview of ICANN [through its Internet Assigned Numbers Authority]. Its code reads like a cross between a JSON file and a historical novel. And while I'm sure the project has many noteworthy contributors, there's ultimately one guy who's responsible for maintaining it.

The Time Zone King. His name is Paul Eggert. And he's a computer scientist based out of UCLA. We probably all owe him a 'thank you'.
Cellphones

FCC Plans To Rein In 'Gateway' Carriers That Bring Foreign Robocalls To US (arstechnica.com) 63

Posted by BeauHD from the close-the-loopholes dept.
An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission hopes to reduce the number of illegal robocalls from overseas with an expansion of rules that require phone companies to implement Caller ID authentication technology and block illegal calls. [T]he FCC is proposing new requirements on domestic gateway providers that accept calls from outside the US. A Notice of Proposed Rulemaking (NPRM) adopted (PDF) Thursday and released on Friday proposes requiring those gateway phone companies to implement STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols, which verify the accuracy of Caller ID by using digital certificates based on public-key cryptography. "This proposal would subject foreign-originated calls, once they enter the United States, to requirements similar to those of domestic-originated calls, by placing additional obligations on gateway providers in light of the large number of illegal robocalls that originate abroad and the risk such calls present to Americans," the NPRM said. Gateway providers would be required to "apply STIR/SHAKEN caller ID authentication to, and perform robocall mitigation on, all foreign-originated calls with US numbers," the FCC said (PDF).

STIR/SHAKEN is already widely deployed in the US on IP networks due to separate requirements that apply to large phone providers. Another newly implemented rule prohibits phone companies from accepting calls from providers that haven't met requirements to deploy STIR/SHAKEN or other robocall-mitigation methods. But the STIR/SHAKEN requirements don't apply to all carriers yet. "We don't want international calling to become a loophole for our policies," FCC Acting Chairwoman Jessica Rosenworcel said on Thursday at a commission meeting. "So today we are proposing that gateway providers in the United States -- the companies that bring in calls from overseas -- take action to stop this stuff from coming in from abroad. That means they need to use STIR/SHAKEN technology, register in our Robocall Mitigation Database, and comply with traceback requests to figure out where these junk calls are originating from overseas."

The FCC said those traceback requests "are used to help block illegal robocalls and inform FCC enforcement investigations." The NPRM also proposes a new call-blocking requirement. When the FCC notifies a gateway provider about an ongoing robocall campaign, the provider would have to conduct "a prompt investigation to determine whether the traffic identified in the Enforcement Bureau's notice is illegal" and "promptly block all traffic associated with the traffic pattern identified in that notice." The NPRM seeks public comment on these proposed rules. Deadlines for initial comments will be 30 days after the NPRM is published in the Federal Register and 60 days after publication for reply comments. The docket is located here.
Android

Google Releases Android 12 To AOSP, But No Pixel Launch Today (9to5google.com) 14

Posted by BeauHD from the slight-change-of-plans dept.
In a significant departure from previous years, Google today rolled out Android 12 to AOSP but did not launch any devices, including Pixel phones. "Today we're pushing the source to the Android Open Source Project (AOSP) and officially releasing the latest version of Android," [said Dave Burke, VP of Engineering, in a blog post. "Keep an eye out for Android 12 coming to a device near you starting with Pixel in the next few weeks and Samsung Galaxy, OnePlus, Oppo, Realme, Tecno, Vivo, and Xiaomi devices later this year." 9to5Google reports: Traditionally, the AOSP launch of the next version of Android coincides with day one availability for Google phones. That is not the case this year, with Google only revealing that Pixel phones can expect an update in the "next few weeks." Google says over 225,000 people tested Android 12 over the course of the developer previews and betas. [...] Google officially highlights four Android 12 tentpoles for developers as part of today's AOSP availability. This starts with a "new UI for Android" that incorporates Material You (referred to today as "Material Design 3"), redesigned widgets, Notification UI updates, and App launch splash screens.

In terms of "Performance," Google says it has "reduced the CPU time used by core system services by 22% and the use of big cores by 15%." We've also improved app startup times and optimized I/O for faster app loading, and for database queries we've improved CursorWindow by as much as 49x for large windows. "More responsive notifications" are achieved by restricting notification trampolines, with Google Photos launching 34% faster after this change. Other changes include Optimized foreground services, Performance classes for devices, and Faster machine learning. "Privacy" is led by the new Settings Dashboard, the ability to only grant apps Approximate location, and a new Nearby devices permission for setting up wearables and other smart home accessories without granting location access. There are also the microphone and camera indicators/toggles. Developers can take advantage of "Better user experience tools" like new APIs to better support rounded screen corners, rich content insertion, AVIF images, enhanced haptics, and new camera/sensor effects. There's also Compatible media transcoding, better debugging, and an Android 12 for Games push.
AI

Clearview AI Has New Tools To Identify People in Photos (wired.com) 24

Posted by msmash from the closer-look dept.
Clearview AI has stoked controversy by scraping the web for photos and applying facial recognition to give police and others an unprecedented ability to peer into our lives. Now the company's CEO wants to use artificial intelligence to make Clearview's surveillance tool even more powerful. From a report: It may make it more dangerous and error-prone as well. Clearview has collected billions of photos from across websites that include Facebook, Instagram, and Twitter and uses AI to identify a particular person in images. Police and government agents have used the company's face database to help identify suspects in photos by tying them to online profiles. The company's cofounder and CEO, Hoan Ton-That, tells WIRED that Clearview has now collected more than 10 billion images from across the web -- more than three times as many as has been previously reported. Ton-That says the larger pool of photos means users, most often law enforcement, are more likely to find a match when searching for someone. He also claims the larger data set makes the company's tool more accurate.

Clearview combined web-crawling techniques, advances in machine learning that have improved facial recognition, and a disregard for personal privacy to create a surprisingly powerful tool. Ton-That demonstrated the technology through a smartphone app by taking a photo of the reporter. The app produced dozens of images from numerous US and international websites, each showing the correct person in images captured over more than a decade. The allure of such a tool is obvious, but so is the potential for it to be misused. Clearview's actions sparked public outrage and a broader debate over expectations of privacy in an era of smartphones, social media, and AI. [...] The pushback has not deterred Ton-That. He says he believes most people accept or support the idea of using facial recognition to solve crimes. "The people who are worried about it, they are very vocal, and that's a good thing, because I think over time we can address more and more of their concerns," he says.

Some of Clearview's new technologies may spark further debate. Ton-That says it is developing new ways for police to find a person, including "deblur" and "mask removal" tools. The first takes a blurred image and sharpens it using machine learning to envision what a clearer picture would look like; the second tries to envision the covered part of a person's face using machine learning models that fill in missing details of an image using a best guess based on statistical patterns found in other images. These capabilities could make Clearview's technology more attractive but also more problematic. It remains unclear how accurately the new techniques work, but experts say they could increase the risk that a person is wrongly identified and could exacerbate biases inherent to the system.
Security

Anonymous: We've Leaked Disk Images Stolen From Web Host Epik (theregister.com) 107

Posted by msmash from the tussle-continues dept.
slack_justyb writes: As previously reported the web host Epik was hacked by a group identifying themselves with the group Anonymous. However, in the most recent leaks from this group the scale of data that was stolen is becoming apparent, and signs point to a wholesale theft of data with no stone left unturned.

We're told the dump is a 70GB archive of files and "several bootable disk images of assorted systems" that represent Epik's server infrastructure. Journalist Steve Monacelli, who broke the news of the first data release, said the latest leak expands to 300GB. "This leak appears to be fully bootable disk images of Epik servers, including a wide range of passwords and API tokens," he added.

WhiskeyNeon, a Texas-based hacker and cybersecurity expert who reviewed the file structure of the leak, told the Daily Dot how the disk images represented Epik's entire server infrastructure. "Files are one thing, but a virtual machine disk image allows you to boot up the company's entire server on your own," he said. "We usually see breaches with database dumps, documents, configuration files, etc. In this case, we are talking about the entire server image, with all the programs and files required to host the application it is serving."

Daily Dot brings some word on Epik CEO Rob Monster response to the latest news:

Epik CEO Rob Monster, who did not respond to requests for comment from the Daily Dot, would go on to hold a more than four hour long live video conference online to address the initial hack. The meeting would see Monster break out into prayer numerous times, make attempts to vanquish demons, and warn viewers that their hard drives could burst into flames due to "curses" placed on the hacked data.
Communications

Phone Companies Must Now Block Carriers That Didn't Meet FCC Robocall Deadline (arstechnica.com) 49

Posted by msmash from the moving-forward dept.
In a new milestone for the US government's anti-robocall efforts, phone companies are now prohibited from accepting calls from providers that did not comply with a Federal Communications Commission deadline that passed this week. From a report: "Beginning today, if a voice service provider's certification and other required information does not appear in the FCC's Robocall Mitigation Database, intermediate providers and voice service providers will be prohibited from directly accepting that provider's traffic," the FCC said yesterday. Specifically, phone companies must block traffic from other "voice service providers that have neither certified to implementation of STIR/SHAKEN caller ID authentication standards nor filed a detailed robocall mitigation plan with the FCC." As we've written, the STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols verify the accuracy of Caller ID by using digital certificates based on public-key cryptography.

STIR/SHAKEN is now widely deployed on IP networks because large phone companies were required to implement it by June 30 this year, but it isn't a cure-all. Because of technology limitations, there was no requirement to implement STIR/SHAKEN on older TDM-based networks used with copper landlines, for instance. The FCC has said that "providers using older forms of network technology [must] either upgrade their networks to IP or actively work to develop a caller ID authentication solution that is operational on non-IP networks." The FCC also gave carriers with 100,000 or fewer customers until June 30, 2023, to comply with the STIR/SHAKEN requirement, though the commission is seeking comment on a plan to make that deadline June 30, 2022, instead because "evidence demonstrates that a subset of small voice service providers appear to be originating a high number of calls relative to their subscriber base and are also generating a high and increasing share of illegal robocalls compared to larger providers."
Earth

Meat Accounts For Nearly 60% of All Greenhouse Gases From Food Production, Study Finds (theguardian.com) 252

Posted by BeauHD from the time-to-go-vegetarian dept.
An anonymous reader quotes a report from The Guardian: The global production of food is responsible for a third of all planet-heating gases emitted by human activity, with the use of animals for meat causing twice the pollution of producing plant-based foods, a major new study has found. The entire system of food production, such as the use of farming machinery, spraying of fertilizer and transportation of products, causes 17.3 billion metric tons of greenhouse gases a year, according to the research. This enormous release of gases that fuel the climate crisis is more than double the entire emissions of the US and represents 35% of all global emissions, researchers said.

The use of cows, pigs and other animals for food, as well as livestock feed, is responsible for 57% of all food production emissions, the research found, with 29% coming from the cultivation of plant-based foods. The rest comes from other uses of land, such as for cotton or rubber. Beef alone accounts for a quarter of emissions produced by raising and growing food. Grazing animals require a lot of land, which is often cleared through the felling of forests, as well as vast tracts of additional land to grow their feed. The paper calculates that the majority of all the world's cropland is used to feed livestock, rather than people. Livestock also produce large quantities of methane, a powerful greenhouse gas. [...] The difference in emissions between meat and plant production is stark – to produce 1kg of wheat, 2.5kg of greenhouse gases are emitted. A single kilo of beef, meanwhile, creates 70kg of emissions. The researchers said that societies should be aware of this significant discrepancy when addressing the climate crisis.

The researchers built a database that provided a consistent emissions profile of 171 crops and 16 animal products, drawing data from more than 200 countries. They found that South America is the region with the largest share of animal-based food emissions, followed by south and south-east Asia and then China. Food-related emissions have grown rapidly in China and India as increasing wealth and cultural changes have led more younger people in these countries to adopt meat-based diets. The paper's calculations of the climate impact of meat is higher than previous estimates -- the UN's Food and Agricultural Organization has said about 14% of all emissions come from meat and diary production. The study has been published in Nature Food.
Businesses

The IT Talent Gap is Still Growing (venturebeat.com) 109

Posted by msmash from the closer-look dept.
IT executives see the talent shortage as the most significant adoption barrier to 64% of emerging technologies, according to a new Gartner survey. From a report: Across compute infrastructure and platform services, network, security, digital workplace, IT automation, and storage and database, respondents cited a lack of qualified candidates as a leading factor impeding tech deployment at their companies. "The ongoing push toward remote work and the acceleration of hiring plans in 2021 has exacerbated IT talent scarcity, especially for sourcing skills that enable cloud and edge, automation, and continuous delivery," Gartner research VP Yinuo Geng said in a press release.

"As one example, of all the IT automation technologies profiled in the survey, only 20% of them have moved ahead in the adoption cycle since 2020. The issue of talent is to blame here." The talent gaps are particularly acute for IT automation and digital workplace solutions, according to the executives surveyed -- a reflection of the demand for these technologies. According to McKinsey, nearly half of executives say their embrace of automation has accelerated, while digital and technology adoption is taking place about 25 times faster than before the pandemic. For example, Brain Corp reported that the use of robots to clean retail stores in the U.S. rose 24% in Q2 2020 year-over-year, and IBM has seen a surge in new users of its AI-driven customer service platform Watson Assistant.
United States

LAPD Officers Told To Collect Social Media Data on Every Civilian They Stop (theguardian.com) 195

Posted by msmash from the closer-look dept.
The Los Angeles police department (LAPD) has directed its officers to collect the social media information of every civilian they interview, including individuals who are not arrested or accused of a crime, according to records shared with the Guardian. From a report: Copies of the "field interview cards" that police complete when they question civilians reveal that LAPD officers are instructed to record a civilian's Facebook, Instagram, Twitter and other social media accounts, alongside basic biographical information. An internal memo further shows that the police chief, Michel Moore, told employees that it was critical to collect the data for use in "investigations, arrests, and prosecutions," and warned that supervisors would review cards to ensure they were complete.

The documents, which were obtained by the not-for-profit organization the Brennan Center for Justice, have raised concerns about civil liberties and the potential for mass surveillance of civilians without justification. "There are real dangers about police having all of this social media identifying information at their fingertips," said Rachel Levinson-Waldman, a deputy director at the Brennan Center, noting that the information was probably stored in a database that could be used for a wide range of purposes. The Brennan Center conducted a review of 40 other police agencies in the US and was unable to find another department that required social media collection on interview cards (though many have not publicly disclosed copies of the cards). The organization also obtained records about the LAPD's social media surveillance technologies, which have raised questions about the monitoring of activist groups including Black Lives Matter.
Security

McDonald's Leaks Password For Monopoly VIP Database To Winners (bleepingcomputer.com) 33

Posted by BeauHD from the I'm-lovin-it dept.
A bug in the McDonald's Monopoly VIP game in the United Kingdom caused the login names and passwords for the game's database to be sent to all winners. BleepingComputer reports: After skipping a year due to COVID-19, McDonald's UK launched their popular Monopoly VIP game on August 25th, where customers can enter codes found on purchase food items for a chance to win a prize. These prizes include 100,000 pounds in cash, an Ibiza villa or UK getaway holiday, Lay-Z Spa hot tubs, and more. Unfortunately, the game hit a snag over the weekend after a bug caused the user name and passwords for both the production and staging database servers to be in prize redemption emails sent to prize winners.

An unredacted screenshot of the email sent to prize winners was shared with BleepingComputer by Troy Hunt that shows an exception error, including sensitive information for the web application. This information included hostnames for Azure SQL databases and the databases' login names and passwords, as displayed in the redacted email below sent to a Monopoly VIP winner. The prize winner who shared the email with Troy Hunt said that the production server was firewalled off but that they could access the staging server using the included credentials. As these databases may have contained winning prize codes, it could have allowed an unscrupulous person to download unused game codes to claim the prizes. Luckily for McDonald's, the person responsibly disclosed the issue with McDonald's, and while they did not receive a response, they later found that the staging server's password was soon changed.
Microsoft

Microsoft Warns Thousands of Cloud Customers of Exposed Databases (reuters.com) 43

Posted by msmash from the security-woes dept.
Microsoft has warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. From a report: The vulnerability is in Microsoft Azure's flagship Cosmos database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies. Wiz Chief Technology Officer Ami Luttwak is a former chief technology officer at Microsoft's Cloud Security Group. Because Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. Microsoft agreed to pay Wiz $40,000 for finding the flaw and reporting it, according to an email it sent to Wiz. Microsoft's email to customers said it has fixed the vulnerability and that there was no evidence the flaw had been exploited. "We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key," according to a copy of the email seen by Reuters.
AI

Clearview AI Offered Free Facial Recognition Trials To Police Around the World (buzzfeednews.com) 14

Posted by BeauHD from the global-reach dept.
An anonymous reader quotes a report from BuzzFeed News: Law enforcement agencies and government organizations from 24 countries outside the United States used a controversial facial recognition technology called Clearview AI, according to internal company data reviewed by BuzzFeed News. That data, which runs up until February 2020, shows that police departments, prosecutors' offices, universities, and interior ministries from around the world ran nearly 14,000 searches with Clearview AI's software. At many law enforcement agencies from Canada to Finland, officers used the software without their higher-ups' knowledge or permission. After receiving questions from BuzzFeed News, some organizations admitted that the technology had been used without leadership oversight.

In March, a BuzzFeed News investigation based on Clearview AI's own internal data showed how the New York -- based startup distributed its facial recognition tool, by marketing free trials for its mobile app or desktop software, to thousands of officers and employees at more than 1,800 US taxpayer-funded entities. Clearview claims its software is more accurate than other facial recognition technologies because it is trained on a database of more than 3 billion images scraped from websites and social media platforms, including Facebook, Instagram, LinkedIn, and Twitter. Law enforcement officers using Clearview can take a photo of a suspect or person of interest, run it through the software, and receive possible matches for that individual within seconds. Clearview has claimed that its app is 100% accurate in documents provided to law enforcement officials, but BuzzFeed News has seen the software misidentify people, highlighting a larger concern with facial recognition technologies.

Based on new reporting and data reviewed by BuzzFeed News, Clearview AI took its controversial US marketing playbook around the world, offering free trials to employees at law enforcement agencies in countries including Australia, Brazil, and the United Kingdom. To accompany this story, BuzzFeed News has created a searchable table of 88 international government-affiliated and taxpayer-funded agencies and organizations listed in Clearview's data as having employees who used or tested the company's facial recognition service before February 2020, according to Clearview's data. Some of those entities were in countries where the use of Clearview has since been deemed "unlawful." Clearview CEO Hoan Ton-That insists the company's key market is the U.S., saying: "While there has been tremendous demand for our service from around the world, Clearview AI is primarily focused on providing our service to law enforcement and government agencies in the United States. Other countries have expressed a dire need for our technology because they know it can help investigate crimes, such as, money laundering, financial fraud, romance scams, human trafficking, and crimes against children, which know no borders."

Ton-That alleged there are "inaccuracies contained in BuzzFeed's assertions," but declined to explain what those might be and didn't answer any follow-up questions.
Software

Little-Known Federal Software Can Trigger Revocation of Citizenship (theintercept.com) 141

Posted by msmash from the closer-look dept.
An anonymous reader writes: Software used by the Department of Homeland Security to scan the records of millions of immigrants can automatically flag naturalized Americans to potentially have their citizenship revoked based on secret criteria, according to documents reviewed by The Intercept. The software, known as ATLAS, takes information from immigrants' case files and runs it though various federal databases. ATLAS looks for indicators that someone is dangerous or dishonest and is ostensibly designed to detect fraud among people who come into contact with the U.S. immigration system. But advocates for immigrants believe that the real purpose of the computer program is to create a pretext to strip people of citizenship. Whatever the motivation, ATLAS's intended outcome is ultimately deportation, judging from the documents, which originate within DHS and were obtained by the Open Society Justice Initiative and Muslim Advocates through Freedom of Information Act lawsuits.

ATLAS helps DHS investigate immigrants' personal relationships and backgrounds, examining biometric information like fingerprints and, in certain circumstances, considering an immigrant's race, ethnicity, and national origin. It draws information from a variety of unknown sources, plus two that have been criticized as being poorly managed: the FBI's Terrorist Screening Database, also known as the terrorist watchlist, and the National Crime Information Center. Powered by servers at tech giant Amazon, the system in 2019 alone conducted 16.5 million screenings and flagged more than 120,000 cases of potential fraud or threats to national security and public safety. Ultimately, humans at DHS are involved in determining how to handle immigrants flagged by ATLAS. But the software threatens to amplify the harm caused by bureaucratic mistakes within the immigration system, mistakes that already drive many denaturalization and deportation cases. "ATLAS should be considered as suspect until it is shown not to generate unfair, arbitrary, and discriminatory results," said Laura Bingham, a lawyer with the Open Society Justice Initiative. "From what we are able to scrutinize in terms of the end results -- like the disparate impact of denaturalization based on national origin -- there is ample reason to consider ATLAS a threat to naturalized citizens."

Slashdot Top Deals