Google

Who Has More of Your Personal Data Than Facebook? Try Google (wsj.com) 57

Facebook may be in the hot seat right now for its collection of personal data without our knowledge or explicit consent, but as The Wall Street Journal points out, "Google is a far bigger threat by many measures: the volume of information it gathers, the reach of its tracking and the time people spend on its sites and apps." From the report (alternative source): It's likely that Google has shadow profiles (data the company gathers on people without accounts) on as at least as many people as Facebook does, says Chandler Givens, CEO of TrackOff, which develops software to fight identity theft. Google allows everyone, whether they have a Google account or not, to opt out of its ad targeting, though, like Facebook, it continues to gather your data. Google Analytics is far and away the web's most dominant analytics platform. Used on the sites of about half of the biggest companies in the U.S., it has a total reach of 30 million to 50 million sites. Google Analytics tracks you whether or not you are logged in. Meanwhile, the billion-plus people who have Google accounts are tracked in even more ways. In 2016, Google changed its terms of service, allowing it to merge its massive trove of tracking and advertising data with the personally identifiable information from our Google accounts.

Google uses, among other things, our browsing and search history, apps we've installed, demographics like age and gender and, from its own analytics and other sources, where we've shopped in the real world. Google says it doesn't use information from "sensitive categories" such as race, religion, sexual orientation or health. Because it relies on cross-device tracking, it can spot logged-in users no matter which device they're on. Google fuels even more data harvesting through its dominant ad marketplaces. There are up to 4,000 data brokers in the U.S., and collectively they know everything about us we might otherwise prefer they didn't -- whether we're pregnant, divorced or trying to lose weight. Google works with some of these brokers directly but the company says it vets them to prevent targeting based on sensitive information. Google also is the biggest enabler of data harvesting, through the world's two billion active Android mobile devices.

Security

'Drupalgeddon2' Touches Off Arms Race To Mass-Exploit Powerful Web Servers (arstechnica.com) 38

Researchers with Netlab 360 warn that attackers are mass-exploiting "Drupalgeddon2," the name of an extremely critical vulnerability Drupal maintainers patched in late March. The exploit allows them to take control of powerful website servers. Ars Technica reports: Formally indexed as CVE- 2018-7600, Drupalgeddon2 makes it easy for anyone on the Internet to take complete control of vulnerable servers simply by accessing a URL and injecting publicly available exploit code. Exploits allow attackers to run code of their choice without having to have an account of any type on a vulnerable website. The remote-code vulnerability harkens back to a 2014 Drupal vulnerability that also made it easy to commandeer vulnerable servers.

Drupalgeddon2 "is under active attack, and every Drupal site behind our network is being probed constantly from multiple IP addresses," Daniel Cid, CTO and founder of security firm Sucuri, told Ars. "Anyone that has not patched is hacked already at this point. Since the first public exploit was released, we are seeing this arms race between the criminals as they all try to hack as many sites as they can." China-based Netlab 360, meanwhile, said at least three competing attack groups are exploiting the vulnerability. The most active group, Netlab 360 researchers said in a blog post published Friday, is using it to install multiple malicious payloads, including cryptocurrency miners and software for performing distributed denial-of-service attacks on other domains. The group, dubbed Muhstik after a keyword that pops up in its code, relies on 11 separate command-and-control domains and IP addresses, presumably for redundancy in the event one gets taken down.

Google

Google's AR Microscope Quickly Highlights Cancer Cells (uploadvr.com) 35

An anonymous reader quotes a report from UploadVR: Google Research this week revealed an AR microscope (ARM) capable of detecting cancerous cells in real-time with the help of machine learning. Locating cancer with a standard microscope is a difficult and time-consuming process, with a raft of information for doctors to study and investigate. With this new solution, though, the microscope is able to quickly locate cancerous cells and then highlight them as a doctor peers inside. The platform uses a modified light microscope integrated with image analysis and machine learning algorithms into its field of view. An AR display sits above a camera that communicates with the algorithm to display data as soon as it locates an issue. In order words, the microscope immediately begins looking for cancerous cells as soon as you place a sample beneath it. It's effectively doing the same job as a doctor just, according to Google, a lot faster. Google posted a video about the AR microscope on YouTube.
Software

Dutch Study Finds Some Video Game Loot Boxes Broke the Law (vice.com) 61

The Netherlands Gaming Authority has published a study it conducted of 10 video games that reward players with loot boxes, packages players can sometimes buy with real money that contain random-in game rewards, and found that 4 of the 10 games it studied violated the Dutch Gaming Act. "It determined that loot boxes are, in general, addictive and that four of the games allowed players to trade items they'd won outside of the game, which means they've got a market value," reports Motherboard. From the report: According to the study, the authorities picked games "based on their popularity on a leading Internet platform that streams videos of games and players." Motherboard has reached out to the Gaming Authority for clarification on both the games it picked (the study doesn't name them) and the method by which it picked them, but did not receive an immediate reply. However, Twitch is the most popular way gamers watch others play and it's a good bet that Twitch is how the Gaming Authority focused its attention. Six of the ten games the Gaming Authority studied aren't in violation of Dutch law. "With these games, there is no opportunity to sell the prizes won outside of the game," the press release said. "This means that the goods have no market value and these loot boxes do not satisfy the definition of a prize in Section 1 of the Betting and Gaming Act."

The four others though offer the opportunity for players to trade items outside of the game and therefore meet the the Netherlands definition of gambling. To come into compliance, those games need to make their loot boxes less interesting to open. The Gaming Authority wants the companies to "remove the addiction-sensitive elements ('almost winning' effects, visual effects, ability to keep opening loot boxes quickly one after the other and suchlike)...and to implement measures to exclude vulnerable groups or to demonstrate that the loot boxes on offer are harmless."

Open Source

Apple Open Sources FoundationDB (macrumors.com) 37

Apple's FoundationDB company announced on Thursday that the FoundationDB core has been open sourced with the goal of building an open community with all major development done in the open. The database company was purchased by Apple back in 2015. As described in the announcement, FoundationDB is a distributed datastore that's been designed from the ground up to be deployed on clusters of commodity hardware. Mac Rumors reports: By open sourcing the project to drive development, FoundationDB is aiming to become "the foundation of the next generation of distributed databases: "The vision of FoundationDB is to start with a simple, powerful core and extend it through the addition of "layers". The key-value store, which is open sourced today, is the core, focused on incorporating only features that aren't possible to write in layers. Layers extend that core by adding features to model specific types of data and handle their access patterns. The fundamental architecture of FoundationDB, including its use of layers, promotes the best practices of scalable and manageable systems. By running multiple layers on a single cluster (for example a document store layer and a graph layer), you can match your specific applications to the best data model. Running less infrastructure reduces your organization's operational and technical overhead." The source for FoundationDB is available on Github, and those who wish to join the project are encouraged to visit the FoundationDB community forums, submit bugs, and make contributions to the core software and documentation.
AI

Your Next Job Interview Could Be With a Racist Bot (thedailybeast.com) 252

An anonymous reader quotes a report from The Daily Beast: Companies across the nation are now using some rudimentary artificial intelligence, or AI, systems to screen out applicants before interviews commence and for the interviews themselves. As a Guardian article from March explained, many of these companies are having people interview in front of a camera that is connected to AI that analyzes their facial expressions, their voice and more. One of the top recruiting companies doing this, Hirevue, has large customers like Hilton and Unilever. Their AI scores people using thousands of data points and compares it to the scores of the best current employees. But that can be unintentionally problematic. As Recode pointed out, because most programmers are white men, these AI are actually often trained using white male faces and male voices. That can lead to misperceptions of black faces or female voices, which can lead to the AI making negative judgments about those people. The results could trend sexist or racist, but the employer who is using this AI would be able to shift the blame to a supposedly neutral technology. Companies are also having people do their first interview with an AI chatbot. "One popular AI that does this is called Mya, which promises a 70 percent decrease in hiring time," reports The Daily Beast. "Any number of questions these chatbots could ask could be proxies for race, gender or other factors."
Programming

GitHub Launches Bot-Powered Learning Lab for New Developers (venturebeat.com) 9

An anonymous reader quotes VentureBeat: GitHub is launching a new bot-powered learning lab to help budding developers get up to speed on all things GitHub... The GitHub Learning Lab, which officially launched Thursday, builds on GitHub's prior history of training people, except this time GitHub is using bots to expedite the learning process. There is no videoconferencing or webcasts here. "After training thousands of people to use Git and GitHub, the GitHub Training Team has established a tried-and-true method for helping new developers retain more information and ramp up quickly as they begin their software journeys," the company said in a blog post. "And now, we're making those experiences accessible to developers everywhere with GitHub Learning Lab."

The bot helps users work through issues in a repository environment, passing comment on any work that you do while checking over pull requests -- notifications of changes you've made -- in a similar fashion to how a human project lead might do. If the bot isn't able to help with a specific question you have, there are humans on hand too via the GitHub Learning Lab forum, which includes outside experts and members of GitHub's in-house training team.

AMD

AMD Wants To Hear From GPU Resellers and Partners Bullied By Nvidia (forbes.com) 116

An anonymous reader quotes a report from Forbes: Nvidia may not be talking about its GeForce Partner Program, but AMD has gone from silent to proactive in less than 24 hours. Hours ago Scott Herkelman, Corporate VP and General Manager of AMD Radeon Gaming, addressed AMD resellers via Twitter, not only acknowledging the anti-competitive tactics Nvidia has leveraged against them, but inviting others to share their stories. The series of tweets coincides with an AMD sales event held in London this week. This was preceded by an impassioned blog post from Herkelman yesterday where he comes out swinging against Nvidia's GeForce Partner Program, and references other closed, proprietary technologies like G-Sync and GameWorks.

AMD's new mantra is "Freedom of Choice," a tagline clearly chosen to combat Nvidia's new program which is slowly taking gaming GPU brands from companies like MSI and Gigabyte, and locking them exclusively under the GeForce banner. The GeForce Partner Program also seems to threaten the business of board partners who are are not aligned with the program. Here's what Herkelman -- who was a former GeForce marketing executive at Nvidia -- had to say on Twitter: "I wanted to personally thank all of our resellers who are attending our AMD sales event in London this week, it was a pleasure catching up with you and thank you for your support. Many of you told me how our competition tries to use funding and allocation to restrict or block [...] your ability to market and sell Radeon based products in the manner you and your customers desire. I want to let you know that your voices have been heard and that I welcome any others who have encountered similar experiences to reach out to me..."
The report adds that Kyle Bennett of HardOCP, the author who broke the original GPP story, "says that Nvidia is beginning a disinformation campaign against him, claiming that he was paid handsomely for publishing the story."
AI

AI Will Wipe Out Half the Banking Jobs In a Decade, Experts Say 109

Experts in the industry say that current advances in artificial intelligence and automation could replace as many as half the nation's financial services workers over the next decade, though it will take a big investment to make that happen. The Mercury News reports: "Unless banks deal with the performance issues that AI will cause for ultra-large databases, they will not be able to take the money gained by eliminating positions and spend it on the new services and products they will need in order to stay competitive," James D'Arezzo, CEO of Glendale-based Condusiv Technologies, said. Intensive hardware upgrades are often cited as an answer to the problem, but D'Arezzo said that's prohibitively expensive.

Speaking to an audience last year in Frankfurt, Germany, Deutsche Bank CEO John Cryan predicted a "bonfire" of industry jobs as automation moves forward. "In our bank we have people doing work like robots," he said. "Tomorrow we will have robots behaving like people. It doesn't matter if we as a bank will participate in these changes or not, it is going to happen." Increased processing power, cloud storage and other developments are making many tasks possible that once were considered too complex for automation, according to Cryan. D'Arezzo, whose company works to improve existing software performance, said the financial industry is being swamped by "a tsunami of data," including new compliance requirements for customer privacy and constantly changing bank regulations.
Bhagwan Chowdhry, a professor of finance and economics at the UCLA Anderson School of Management, offers a less bleak view of the future. "Technology will eliminate some jobs that are repetitive and require less human judgment," he said, "But I think they will get replaced by other jobs that humans are better at. Anything that requires judgment is something humans will continue to do. We are not good at multiplying 16-digit numbers, but we're good at judging people and detecting if someone is telling the truth."
Canada

Engineers Are Leaving America For Canada (bloomberg.com) 313

An anonymous reader shares an excerpt from a report via Bloomberg: The H-1B was created in 1990, part of an immigration overhaul signed into law by President George H.W. Bush that also created the EB-5 investor visa -- the subject of a fracas involving Kushner Cos. seeking Chinese investment -- and the diversity lottery, which Trump has attacked. Today, an estimated half a million H-1B holders live in the U.S. No one tracks exactly how many ditch their skilled visas for the permanent residency Canada offers, but during the first year of Trump's presidency, the number of tech professionals globally who got permanent residency in Canada ticked up almost 40 percent from 2016, to more than 11,000.

In 1967, Canada became the first country to adopt a points-based immigration system. The country regularly tweaks how it rates applicants based on national goals and research into what makes for successful integration: A job offer used to come with 600 points, but now it's worth just 200. Other factors like speaking fluent English or French -- or, even better, both -- have been given more weight over the years. Country of origin is irrelevant. In 2016, Canada increased national immigration levels to 300,000 new permanent residents annually. Last year, in consultation with trade groups, it created a program called the Global Skills Strategy to issue temporary work permits to people with job offers in certain categories, including senior software engineers, in as little as two weeks. Since the program started in June, more than 5,600 people have been granted permits, from the U.S., India, Pakistan, Brazil, and elsewhere.

Government

Palantir Knows Everything About You (bloomberg.com) 109

Palantir, a data-mining company created by Peter Thiel, is aiding government agencies by tracking American citizens using the War on Terror, Bloomberg reports. From the report: The company's engineers and products don't do any spying themselves; they're more like a spy's brain, collecting and analyzing information that's fed in from the hands, eyes, nose, and ears. The software combs through disparate data sources -- financial documents, airline reservations, cellphone records, social media postings -- and searches for connections that human analysts might miss. It then presents the linkages in colorful, easy-to-interpret graphics that look like spider webs.

[...] The U.S. Department of Health and Human Services uses Palantir to detect Medicare fraud. The FBI uses it in criminal probes. The Department of Homeland Security deploys it to screen air travelers and keep tabs on immigrants. Police and sheriff's departments in New York, New Orleans, Chicago, and Los Angeles have also used it, frequently ensnaring in the digital dragnet people who aren't suspected of committing any crime.

The Internet

The 'Terms and Conditions' Reckoning Is Coming (bloomberg.com) 128

Everyone from Uber to PayPal is facing a backlash against their impenetrable legalese. From a report: Personal finance forums online are brimming with complaints from hundreds of PayPal customers who say they've been suspended because they signed up before age 18. PayPal declined to comment on any specific cases, but says it's appropriate to close accounts created by underage people "to ensure our customers have full legal capacity to accept our user agreement." While that may seem "heavy-handed," says Sarah Kenshall, a technology attorney with law firm Burges Salmon, the company is within its rights because the users clicked to agree to the rules -- however difficult the language might be to understand.

Websites have long required users to plow through pages of dense legalese to use their services, knowing that few ever give the documents more than a cursory glance. In 2005 security-software provider PC Pitstop LLC promised a $1,000 prize to the first user to spot the offer deep in its terms and conditions; it took four months before the reward was claimed. The incomprehensibility of user agreements is poised to change as tech giants such as Uber Technologies and Facebook confront pushback for mishandling user information, and the European Union prepares to implement new privacy rules called the General Data Protection Regulation, or GDPR. The measure underscores "the requirement for clear and plain language when explaining consent," British Information Commissioner Elizabeth Denham wrote on her blog last year.

Social Networks

Kaspersky Lab Banned From Advertising on Twitter Because of Its Alleged Ties With Russian Intelligence Agencies (cyberscoop.com) 44

An anonymous reader shares a report: Russian cybersecurity company Kaspersky Lab has been banned from advertising on Twitter due to its allegedly close and active ties between the company and Russian intelligence agencies, according to the social network. The ban is the latest blow in an ongoing saga for Kaspersky, which includes two ongoing legal battles with the U.S. government. Eugene Kaspersky, CEO of Kaspersky Lab, took to Twitter on Friday to condemn the ban. A Twitter spokesperson reiterated that the "decision is based on our determination that Kaspersky Lab operates using a business model that inherently conflicts with acceptable Twitter Ads business practices."
AI

AI Can Scour Code To Find Accidentally Public Passwords (qz.com) 46

An anonymous reader shares a report: Researchers at software infrastructure firm Pivotal have taught AI to locate this accidentally public sensitive information in a surprising way: By looking at the code as if it were a picture. Since modern artificial intelligence is arguably better than humans at identifying minute differences in images, telling the difference between a password and normal code for a computer is just like recognizing a dog from a cat. The best way to check whether private passwords or sensitive information has been left public today is to use hand-coded rules called "regular expressions." These rules tell a computer to find any string of characters that meets specific criteria, like length and included characters.
Google

Google Is 'Pausing' Work On Allo In Favor 'Chat,' An RCS-Based Messaging Standard (theverge.com) 137

An anonymous reader shares an exclusive report from The Verge about Google's next big fix for Android's messaging mess: Instead of bringing a better app to the table, it's trying to change the rules of the texting game, on a global scale. Google has been quietly corralling every major cellphone carrier on the planet into adopting technology to replace SMS. It's going to be called "Chat," and it's based on a standard called the "Universal Profile for Rich Communication Services." SMS is the default that everybody has to fall back to, and so Google's goal is to make that default texting experience on an Android phone as good as other modern messaging apps. As part of that effort, Google says it's "pausing" work on its most recent entry into the messaging space, Allo. It's the sort of "pause" that involves transferring almost the entire team off the project and putting all its resources into another app, Android Messages. Google won't build the iMessage clone that Android fans have clamored for, but it seems to have cajoled the carriers into doing it for them. In order to have some kind of victory in messaging, Google first had to admit defeat. Some of the new features associated with Chat include read receipts, typing indicators, full-resolution images and video, and group texts. It's important to keep in mind that it's a carrier-based service, not a Google service. It won't be end-to-end encrypted, and it will follow the same legal intercept standards. The new Chat services will be switched on in the near future, but ultimately carriers will dictate exactly when Chat will go live. Also, you may be persuaded to upgrade your data plan since Chat messages will be sent with your data plan instead of your SMS plan.
Android

ZTE Exports Ban May Mean No Google Apps, a Death Sentence For Its Smartphones (arstechnica.com) 139

New submitter krazy1 shares a report from Ars Technica: The U.S. government is going after another Chinese Android device maker. After shutting down Huawei's carrier deals and retail partners, the government is now pursuing ZTE. The U.S. Department of Commerce has banned U.S. companies from selling parts and software to ZTE for seven years. ZTE was caught violating U.S. sanctions by illegally shipping telecommunications equipment to Iran and North Korea. The company then made things worse by "making false statements and obstructing justice, including through preventing disclosure to and affirmatively misleading the U.S. Government," according to the Department of Commerce.

The latest news from Reuters raises even bigger issues for ZTE, though. A source told Reuters that "The Commerce Department decision means ZTE Corp may not be able to use Google's Android operating system in its mobile devices." Android is free and open source and will probably remain free for ZTE to use without Google's involvement. Reuters' source is probably referring to the Google apps, which aren't sold to device makers but are carefully licensed to them in exchange for other concessions. The Google apps package includes popular services like Gmail and Google Maps, and it also unlocks the Play Store, Google Play Services, and the entire Android app ecosystem. For a market-viable Android device, the Play Store is pretty much mandatory in every country other than China. So while ZTE could conceivably source hardware components from non-U.S. sources, being locked out of the Play Store would devastate ZTE's smartphones worldwide.

Transportation

LA Councilman Asks City Attorney To 'Review Possible Legal Action' Against Waze (arstechnica.com) 211

An anonymous reader quotes a report from Ars Technica: Yet another Los Angeles city councilman has taken Waze to task for creating "dangerous conditions" in his district, and the politician is now "asking the City to review possible legal action." "Waze has upended our City's traffic plans, residential neighborhoods, and public safety for far too long," LA City Councilman David Ryu said in a statement released Wednesday. "Their responses have been inadequate and their solutions, non-existent. They say the crises of congestion they cause is the price for innovation -- I say that's a false choice." In a new letter sent to the City Attorney's Office, Ryu formally asked Los Angeles' top attorney to examine Waze's behavior. While Ryu said he supported "advances in technology," he decried Waze and its parent company, Google, for refusing "any responsibility for the traffic problems their app creates or the concerns of residents and City officials."
Programming

New Alexa Blueprints Let Users Make Custom Skills Without Knowing Any Code (arstechnica.com) 44

An anonymous reader quotes a report from Ars Technica: Amazon just released a new way for Alexa users to customize their experience with the virtual assistant. New Alexa Skill Blueprints allow you to create your own personalized Alexa skills, even if you don't know how to code. These "blueprints" act as templates for making questions, responses, trivia games, narrative stories, and other skills with customizable answers unique to each user. Amazon already has a number of resources for developers to make the new skills they want, but until now, users have had to work within the confines of pre-made Alexa skills. Currently, more than 20 templates are available on the new Alexa Skill Blueprints website, all ready for Alexa users to personalize with their own content. Any blueprint-made skills you make will show up on the "Skills You've Made" section of the blueprints website. While these skills will exist for your Amazon account until you delete them, they aren't posted to the general Alexa Skills score, so strangers will not have access to your couple's trivia game that's personalized for you, your spouse, and your best coupled friends.
Government

FDA Wants Medical Devices To Have Mandatory Built-In Update Mechanisms (bleepingcomputer.com) 94

Catalin Cimpanu, writing for BleepingComputer: The US Food & Drug Administration plans to ask Congress for more funding and regulatory powers to improve its approach towards medical device safety, including on the cybersecurity front. An FDA document released this week reveals several of the FDA's plans, including the desire to force device makers to include mandatory update systems inside products for the purpose of delivering critical security patches.

In addition, the FDA also plans to force device makers to create a document called "Software Bill of Materials" that will be provided for each medical device and will include software-related details for each product. Hospitals, healthcare units, contractors, or users will be able to consult the medical device's bill of materials and determine how it functions, what software is needed for what feature, and what technologies are used in each device.

The Internet

4.9% of Websites Use Flash, Down From 28.5% in 2011 (bleepingcomputer.com) 129

Web makers continue to ditch the infamous Flash for other safer, improved technologies. In 2011, more than 28.5 percent of websites used Flash in their code, a figure technology survey site W3Techs estimates to have dropped to 4.9 percent today. BleepingComputer: The number confirms Flash's decline, and a reason why Adobe has decided to retire the technology at the end of 2020. A decline from 28.5 percent to 4.9 percent doesn't look that bad, but we're talking about all Internet sites, not just a small portion of Top 10,000 or Top 1 Million sites. Taking into account the sheer number of abandoned sites on today's Internet, the decline is quite considerable, and W3Techs' findings confirm similar statistics put out by a Google security engineer in February.

Slashdot Top Deals