Winamp returns in 2019 to whip the llama’s ass harder than ever

For those who don’t remember: Winamp was the MP3 player of choice around the turn of the century, but went through a rocky period during Aol ownership (our former parent company) and failed to counter the likes of iTunes and the onslaught of streaming services, and more or less crumbled over the years. The original app, last updated in 2013, still works, but to say it’s long in the tooth would be something of an understatement (the community has worked hard to keep it updated, however). So it’s with pleasure that I can confirm rumors that substantial updates are on the way.

“There will be a completely new version next year, with the legacy of Winamp but a more complete listening experience,” said Alexandre Saboundjian, CEO of Radionomy, the company that bought Winamp (or what remained of it) in 2014. “You can listen to the MP3s you may have at home, but also to the cloud, to podcasts, to streaming radio stations, to a playlist you perhaps have built.”

“People want one single experience,” he concluded. “I think Winamp is the perfect player to bring that to everybody. And we want people to have it on every device.”

Laugh if you want but I laugh back

Now, I’m a Winamp user myself. And while I’ve been saddened by the drama through which the iconic MP3 player and the team that created it have gone (at the hands of TechCrunch’s former parent company, Aol), I can’t say I’ve been affected by it in any real way. Winamp 2 and 5 have taken me all the way from Windows 98 SE to 10 with nary a hiccup, and the player is docked just to the right of this browser window as I type this. (I use the nucleo_nlog skin.)

And although I bear the burden of my colleagues’ derisive comments for my choice of player, I’m far from alone. Winamp has as many as a hundred million monthly users, most of whom are outside the U.S. This real, engaged user base could be a powerful foot in the door for a new platform — mobile-first, but with plenty of love for the desktop too.

“Winamp users really are everywhere. It’s a huge number,” said Saboundjian. “We have a really strong and important community. But everybody ‘knows’ that Winamp is dead, that we don’t work on it any more. This is not the case.”

Source: Winamp returns in 2019 to whip the llama’s ass harder than ever | TechCrunch

As a Winamp user myself, I’m really happy, but hope they manage to keep it small and lightweight…

Alexa heard what you did last summer – and she knows what that was, too: AI recognizes activities from sound

Boffins have devised a way to make eavesdropping smartwatches, computers, mobile devices, and speakers with endearing names like Alexa better aware of what’s going on around them.

In a paper to be presented today at the ACM Symposium on User Interface Software and Technology (UIST) in Berlin, Germany, computer scientists Gierad Laput, Karan Ahuja, Mayank Goel, and Chris Harrison describe a real-time, activity recognition system capable of interpreting collected sound.

In other words, a software that uses devices’ always-on builtin microphones to sense what exactly’s going on in the background.

The researchers, based at Carnegie Mellon University in the US, refer to their project as “Ubicoustics” because of the ubiquity of microphones in modern computing devices.

As they observe in their paper, “Ubicoustics: Plug-and-Play Acoustic Activity Recognition,” real-time sound evaluation to classify activities and and context is an ongoing area of investigation. What CMU’s comp sci types have added is a sophisticated sound-labeling model trained on high-quality sound effects libraries, the sort used in Hollywood entertainment and electronic games.

As good as you and me

Sound-identifying machine-learning models built using these audio effects turn out to be more accurate than those trained on acoustic data mined from the internet, the boffins claim. “Results show that our system can achieve human-level performance, both in terms of recognition accuracy and false positive rejection,” the paper states.

The researchers report accuracy of 80.4 per cent in the wild. So their system misclassifies about one sound in five. While not quite good enough for deployment in people’s homes, it is, the CMU team claims, comparable to a person trying to identify a sound. And its accuracy rate is close to other sound recognition systems such as BodyScope (71.5 per cent) and SoundSense (84 per cent). Ubicoustics, however, recognizes a wider range of activities without site-specific training.

Alexa to the rescue

Alexa, informed by this model, could in theory hear if you left the water running in your kitchen and might, given the appropriate Alexa Skill, take some action in response, like turning off your smart faucet or ordering a boat from to navigate around your flooded home. That is, assuming it didn’t misinterpret the sound in the first place.

The researchers suggest their system could be used, for example, to send a notification when a laundry load finished. Or it might promote public health: By detecting frequent coughs or sneezes, the system “could enable smartwatches to track the onset of symptoms and potentially nudge users towards healthy behaviors, such as washing hands or scheduling a doctor’s appointment.”

Source: Alexa heard what you did last summer – and she knows what that was, too: AI recognizes activities from sound • The Register

Printer Makers Are Crippling Cheap Ink Cartridges Via Bogus ‘Security Updates’ – endangering networks because people stop updating

Printer maker Epson is under fire this month from activist groups after a software update prevented customers from using cheaper, third party ink cartridges. It’s just the latest salvo in a decades-long effort by printer manufacturers to block consumer choice, often by disguising printer downgrades as essential product improvements.

For several decades now printer manufacturers have lured consumers into an arguably-terrible deal: shell out a modest sum for a mediocre printer, then pay an arm and a leg for replacement printer cartridges that cost relatively-little to actually produce.

Unsurprisingly, this resulted in a booming market for discount cartridges and refillable alternatives. Just as unsurprisingly, major printer vendors quickly set about trying to kill this burgeoning market via all manner of lawsuits and dubious behavior.

Initially, companies like Lexmark filed all manner of unsuccessful copyright and patent lawsuits against third-party cartridge makers. When that didn’t work, hardware makers began cooking draconian restrictions into printers, ranging from unnecessary cartridge expiration dates to obnoxious DRM and firmware updates blocking the use of “unofficial” cartridges.

As consumer disgust at this behavior has grown, printer makers have been forced to get more creative in their efforts to block consumer choice.

HP, for example, was widely lambasted back in 2016 when it deployed a “security update” that did little more than block the use of cheaper third-party ink cartridges. HP owners that dutifully installed the update suddenly found their printers wouldn’t work if they’d installed third-party cartridges, forcing them back into the arms of pricier, official HP cartridges.

Massive public backlash forced HP to issue a flimsy mea culpa and reverse course, but the industry doesn’t appear to have learned its lesson quite yet.

The Electronic Frontier Foundation now says that Epson has been engaged in the same behavior. The group says it recently learned that in late 2016 or early 2017, Epson issued a “poison pill” software update that effectively downgraded user printers to block third party cartridges, but disguised the software update as a meaningful improvement.

The EFF has subsequently sent a letter to Texas Attorney General Ken Paxton, arguing that Epson’s lack of transparency can easily be seen as “misleading and deceptive” under Texas consumer protection laws.

“When restricted to Epson’s own cartridges, customers must pay Epson’s higher prices, while losing the added convenience of third party alternatives, such as refillable cartridges and continuous ink supply systems,” the complaint notes. “This artificial restriction of third party ink options also suppresses a competitive ink market and has reportedly caused some manufacturers of refillable cartridges and continuous ink supply systems to exit the market.”

Epson did not immediately return a request for comment.

Activist, author, and EFF member Cory Doctorow tells Motherboard that Epson customers in other states that were burned by the update should contact the organization. That feedback will then be used as the backbone for additional complaints to other state AGs.

“Inkjet printers are the trailblazers of terrible technology business-models, patient zero in an epidemic of insisting that we all arrange our affairs to benefit corporate shareholders, at our own expense,” Doctorow told me via email.

Doctorow notes that not only is this kind of behavior sleazy, it undermines security by eroding consumer faith in the software update process. Especially given that some printers can be easily compromised and used as an attack vector into the rest of the home network.

“By abusing the updating mechanism, Epson is poisoning the security well for all of us: when Epson teaches people not to update their devices, they put us all at risk from botnets,ransomware epidemics, denial of service, cyber-voyeurism and the million horrors of contemporary internet security,” Doctorow said.

“Infosec may be a dumpster-fire, but that doesn’t mean Epson should pour gasoline on it,” he added.

Source: Printer Makers Are Crippling Cheap Ink Cartridges Via Bogus ‘Security Updates’ – Motherboard

Detect and disconnect WiFi cameras in that AirBnB you’re staying in

There have been a few too many stories lately of AirBnB hosts caught spying on their guests with WiFi cameras, using DropCam cameras in particular. Here’s a quick script that will detect two popular brands of WiFi cameras during your stay and disconnect them in turn. It’s based on It should do away with the need to rummage around in other people’s stuff, racked with paranoia, looking for the things.

Thanks to Adam Harvey for giving me the push, not to mention for naming it.

For a plug-and-play solution in the form of a network appliance, see Cyborg Unplug.

See code comments for more info. You’re welcome.

# Detect and Disconnect the DropCam and Withings devices some people are using to
# spy on guests in their home, especially in AirBnB rentals. Based on
# This script was named by Adam Harvey (, who also
# encouraged me to write it. It requires a GNU/Linux host (laptop, Raspberry Pi,
# etc) and the aircrack-ng suite. I put 'beep' in there for a little audio
# notification. Comment it out if you don't need it.
# See also, for a plug-and-play device that does this
# based on OpenWrt. Code here:
# Save as, 'chmod +x' and exec as follows:

shopt -s nocasematch # Set shell to ignore case
shopt -s extglob # For non-interactive shell.

readonly NIC=$1 # Your wireless NIC
readonly BSSID=$2 # Network BSSID (AirBnB WiFi network)
readonly MAC=$(/sbin/ifconfig | grep $NIC | head -n 1 | awk '{ print $5 }')
# MAC=$(ip link show "$NIC" | awk '/ether/ {print $2}') # If 'ifconfig' not
# present.
readonly GGMAC='@(30:8C:FB*|00:24:E4*)' # Match against DropCam and Withings 
readonly POLL=30 # Check every 30 seconds
readonly LOG=/var/log/dropkick.log

airmon-ng stop mon0 # Pull down any lingering monitor devices
airmon-ng start $NIC # Start a monitor device

while true;
        for TARGET in $(arp-scan -I $NIC --localnet | grep -o -E \
               if [[ "$TARGET" == "$GGMAC" ]]
                       # Audio alert
                       beep -f 1000 -l 500 -n 200 -r 2
                       echo "WiFi camera discovered: "$TARGET >> $LOG
                       aireplay-ng -0 1 -a $BSSID -c $TARGET mon0 
                       echo "De-authed: "$TARGET " from network: " $BSSID >> $LOG
                       echo '
                             __              __    _     __          __                      
                         ___/ /______  ___  / /__ (_)___/ /_____ ___/ / 
                        / _  / __/ _ \/ _ \/   _// / __/   _/ -_) _  / 
                        \_,_/_/  \___/ .__/_/\_\/_/\__/_/\_\\__/\_,_/  

                        echo $TARGET": is not a DropCam or Withings device. Leaving alone.."
           echo "None found this round."
           sleep $POLL
airmon-ng stop mon0


For the record, I’m well aware DropCam and Withings are also sold as baby monitors and home security products. The very fact this code exists should challenge you to reconsider the non-sane choice to rely on anything wireless for home security. More so, WiFi jammers – while illegal – are cheap. If you care, use cable.

It may be illegal to use this script in the US. Due to changes in FCC regulation in 2015, it appears intentionally de-authing WiFi clients, even in your own home, is now classed as ‘jamming’. Up until recently, jamming was defined as the indiscriminate addition of noise to signal – still the global technical definition. It’s worth noting here that all wireless routers necessarily ship with the ability to de-auth, as part of the 802.11 specification.

All said, use of this script is at your own risk. Use with caution.

Source: Detect and disconnect WiFi cameras in that AirBnB you’re staying in

The Dirt on Clean Electric Cars

Every major carmaker has plans for electric vehicles to cut greenhouse gas emissions, yet their manufacturers are, by and large, making lithium-ion batteries in places with some of the most polluting grids in the world.

By 2021, capacity will exist to build batteries for more than 10 million cars running on 60 kilowatt-hour packs, according to data of Bloomberg NEF. Most supply will come from places like China, Thailand, Germany and Poland that rely on non-renewable sources like coal for electricity.

Not So Green?

Year 1 includes manufacturing-stage emissions. Predictions based on carbon tailpipe emissions and energy mix in 2017.

Source: Berylls Strategy Advisors

“We’re facing a bow wave of additional CO2 emissions,” said Andreas Radics, a managing partner at Munich-based automotive consultancy Berylls Strategy Advisors, which argues that for now, drivers in Germany or Poland may still be better off with an efficient diesel engine.

The findings, among the more bearish ones around, show that while electric cars are emission-free on the road, they still discharge a lot of the carbon-dioxide that conventional cars do.

Just to build each car battery—weighing upwards of 500 kilograms (1,100 pounds) in size for sport-utility vehicles—would emit up to 74 percent more C02 than producing an efficient conventional car if it’s made in a factory powered by fossil fuels in a place like Germany, according to Berylls’ findings.


Just switching to renewable energy for manufacturing would slash emissions by 65 percent, according to Transport & Environment. In Norway, where hydro-electric energy powers practically the entire grid, the Berylls study showed electric cars generate nearly 60 percent less CO2 over their lifetime, compared with even the most efficient fuel-powered vehicles.

As it is now, manufacturing an electric car pumps out “significantly” more climate-warming gases than a conventional car, which releases only 20 percent of its lifetime C02 at this stage, according to estimates of Mercedes-Benz’s electric-drive system integration department.

Source: The Dirt on Clean Electric Cars – Bloomberg

Researcher finds simple way of elevating user privileges on Windows PCs and nobody notices for ten months

A security researcher from Colombia has found a way of assigning admin rights and gaining boot persistence on Windows PCs that’s simple to execute and hard to stop –all the features that hackers and malware authors are looking for from an exploitation technique.

What’s more surprising, is that the technique was first detailed way back in December 2017, but despite its numerous benefits and ease of exploitation, it has not received either media coverage nor has it been seen employed in malware campaigns.

Discovered by Sebastián Castro, a security researcher for CSL, the technique targets one of the parameters of Windows user accounts known as the Relative Identifier (RID).

The RID is a code added at the end of account security identifiers (SIDs) that describes that user’s permissions group. There are several RIDs available, but the most common ones are 501 for the standard guest account, and 500 for admin accounts.

Image: Sebastian Castro

Castro, with help from CSL CEO Pedro García, discovered that by tinkering with registry keys that store information about each Windows account, he could modify the RID associated with a specific account and grant it a different RID, for another account group.

The technique does not allow a hacker to remotely infect a computer unless that computer has been foolishly left exposed on the Internet without a password.

But in cases where a hacker has a foothold on a system –via either malware or by brute-forcing an account with a weak password– the hacker can give admin permissions to a compromised low-level account, and gain a permanent backdoor with full SYSTEM access on a Windows PC.

Since registry keys are also boot persistent, any modifications made to an account’s RID remain permanent, or until fixed.

The attack is also very reliable, being tested and found to be working on Windows versions going from XP to 10 and from Server 2003 to Server 2016, although even older versions should be vulnerable, at least in theory.

“It is not so easy to detect when exploited, because this attack could be deployed by using OS resources without triggering any alert to the victim,” Castro told ZDNet in an interview last week.

“On the other hand, I think is easy to spot when doing forensics operations, but you need to know where to look at.

“It is possible to find out if a computer has been a victim of RID hijacking by looking inside the [Windows] registry and checking for inconsistencies on the SAM [Security Account Manager],” Castro added.

Source: Researcher finds simple way of backdooring Windows PCs and nobody notices for ten months | ZDNet

Pando, One of the world’s largest organisms is shrinking

The Pando aspen grove, located in central Utah, is the largest organism on the planet by weight. From the surface, it may look like a forest that spans more than 100 U.S. football fields, but each tree shares the exact same DNA and is connected to its clonal brethren through an elaborate underground root system. Although not quite as large in terms of area as the massive Armillaria gallica fungus in Michigan, Pando is much heavier, weighing in at more than 6 million kilograms. Now, researchers say, the grove is in danger, being slowly eaten away by mule deer and other herbivores—and putting the fate of its ecosystem in jeopardy.

“This is a really unusual habitat type,” says Luke Painter, an ecologist at Oregon State University in Corvallis who was not involved with the research. “A lot of animals depend on it.”

Aspen forests such as the Pando grove and many others reproduce in two ways. The first is the familiar system in which mature trees drop seeds that grow into new trees. But more commonly, aspen and some other tree species reproduce by sending out sprouts from their roots, which grow up through the soil into entire new trees. The exact amount of time it took the Pando grove to reach its modern extent is unknown, says Paul Rogers, an ecologist at Utah State University in Logan. “However, it’s very likely that it’s centuries old, and it’s just as likely that it’s millennia old.”

Scientists first noticed the Pando shrinking in the late ’90s. They suspected elk, cattle, and most prominently deer were eating the new shoots, so in the new study Rogers and colleagues divided the forest into three experimental groups. One section was completely unfenced, allowing animals to forage freely on the baby aspen. A second section was fenced and left alone. And a third section was fenced and then treated in some places with strategies to spur aspen growth, such as shrub removal and controlled burning; in other places it was left untreated.

Aerial photos of the Pando grove spanning 1939 to 2011, which show the grove thinning over time

USDA Aerial Photography Field Office, Salt Lake City, Utah

The results were surprising: Simply keeping the deer out was enough to allow the grove to successfully recover, the team reports today in PLOS ONE. Even in the fenced-off plots where there was no burning or shrub removal, young trees were thriving.

The good news, at least for Pando, is that it appears that keeping out the deer is enough to solve the problem. But fencing the entirety of the grove is neither practical nor palatable, says Rogers, who partners with the U.S. Forest Service’s Rocky Mountain Research Station in Fort Collins, Colorado, as part of the Western Aspen Alliance, a group committed to improving aspen management and restoring their ecosystems. “Everybody, including myself, doesn’t want fences around this iconic grove. We don’t want to go to nature to see a bunch of fences.”

The alternative, he says, is to do something about the mule deer population. The thinning of the forest has only started to occur in the past century or so. This time frame roughly coincides with when humans entered the area, building cabins, banning hunting, and removing carnivores like wolves that would ordinarily prey on the deer. These human activities, Rogers says, has turned Pando into a safe haven for the deer, artificially inflating their numbers in the area.

With the new data in hand, he’s planning to advocate for a culling of the deer population in the area. Although that may seem extreme, it may be the only chance to give Pando a chance a long-term survival. “The real problem,” Rogers says, “is that there are too many mouths to feed in this area.”

Source: One of the world’s largest organisms is shrinking | Science | AAAS

Twitter releases all foreign election campaign influencing tweets and media for you to study

n line with our principles of transparency and to improve public understanding of alleged foreign influence campaigns, Twitter is making publicly available archives of Tweets and media that we believe resulted from potentially state-backed information operations on our service.

Examples of the content include:


While this dataset is of a size that a degree of capability for large dataset analysis is required, we hope to support broad analysis by making a public version of these datasets (with some account-specific information hashed) available. You can download the datasets below. No content has been redacted. Specialist researchers can request access to an unhashed version of these datasets, which will be governed by a data use agreement that will include provisions to ensure the data is used within appropriate legal and ethical parameters.

What’s included?

Our initial disclosures cover two previously disclosed campaigns, and include information from 3,841 accounts believed to be connected to the Russian Internet Research Agency, and 770 accounts believed to originate in Iran. For additional information about this disclosure, see our announcement.

These datasets include all public, nondeleted Tweets and media (e.g., images and videos) from accounts we believe are connected to state-backed information operations. Tweets deleted by these users prior to their suspension (which are not included in these datasets) comprise less than 1% of their overall activity. Note that not all of the accounts we identified as connected to these campaigns actively Tweeted, so the number of accounts represented in the datasets may be less than the total number of accounts listed here.

You can download the datasets below. Note that by downloading these files, you are accepting the Twitter Developer Agreement and Policy.

Internet Research Agency


NASA and Google using AI to hunt down potentially habitable planets

Astrobiologists are mostly interested in rocky exoplanets that lie in the habitable zone around their parent stars, where liquid water may exist on its surface. NASA’s Kepler spacecraft has spotted a handful of these in the so-called Goldilocks Zone – where it’s not too cold or too hot for life.

As such, a second team from Google and NASA’s lab has built a machine-learning-based tool known as INARA that can identify the chemical compounds in a rocky exoplanet’s atmosphere by studying its high-resolution telescope images.

To develop this software, the brainiacs simulated more than three million planets’ spectral signatures – fingerprints of their atmospheres’ chemical makeups – and labelled them as such to train a convolutional neural network (CNN). The CNN can therefore be used to automatically estimate the chemical composition of a planet from images and light curves of its atmosphere taken from NASA’s Kepler spacecraft. Basically, a neural network was trained to link telescope images to chemical compositions, and thus, you should it a given set of images, and it will spit out the associated chemical components – which can be used to assess whether those would lead to life bursting on the scene.

INARA takes seconds to figure out the biological compounds potentially present in a world’s atmosphere. “Given the scale of the datasets produced by the Kepler telescopes, and the even greater volume of data that will return to Earth from the soon-to-be-launched Transiting Exoplanet Survey Satellite (TESS) satellite, minimizing analysis time per planet can accelerate this research and ensure we don’t miss any viable candidates,” Mascaro concluded. ®

Source: Finally, a use for AI and good old-fashioned simulations: Hunting down E.T. in outer space • The Register

Microplastics found in 90 percent of table salt

Microplastics were found in sea salt several years ago. But how extensively plastic bits are spread throughout the most commonly used seasoning remained unclear. Now, new research shows microplastics in 90 percent of the table salt brands sampled worldwide.

Of 39 salt brands tested, 36 had microplastics in them, according to a new analysis by researchers in South Korea and Greenpeace East Asia. Using prior salt studies, this new effort is the first of its scale to look at the geographical spread of microplastics in table salt and their correlation to where plastic pollution is found in the environment.

“The findings suggest that human ingestion of microplastics via marine products is strongly related to emissions in a given region,” said Seung-Kyu Kim, a marine science professor at Incheon National University in South Korea.

Source: Microplastics found in 90 percent of table salt: potential health impacts?

Wide-eyed glare scares raptors: From laboratory evidence to applied management

Raptors are one of the most important causes of fatalities due to their collisions with aircrafts as well as being the main victims of collisions with constructions. They are difficult to deter because they are not influenced by other airspace users or ground predators. Because vision is the primary sensory mode of many diurnal raptors, we evaluated the reactions of captive raptors to a “superstimulus” (a “paradoxical effect whereby animals show greater responsiveness to an exaggerated stimulus than to the natural stimulus”) that combined an “eye shape” stimulus (as many species have an aversion for this type of stimulus) and a looming movement (LE). This looming stimulus mimics an impending collision and induces avoidance in a wide range of species. In captivity, raptors showed a clear aversion for this LE stimulus. We then tested it in a real life setting: at an airport where raptors are abundant. This study is the first to show the efficiency of a visual non-invasive repellent system developed on the basis of both captive and field studies. This system deterred birds of prey and corvids through aversion, and did not induce habituation. These findings suggest applications for human security as well as bird conservation, and further research on avian visual perception and sensitivity to signals.

Source: Wide-eyed glare scares raptors: From laboratory evidence to applied management bug left ‘685 million’ netizens open to website hacks

Bug-hunters have told how they uncovered a significant security flaw that affected the likes of Tinder, Yelp, Shopify, and Western Union – and potentially hundreds of millions of folks using these sites and apps.

The software sniffers said they first came across the exploitable programming blunder while digging into webpage code on dating websites. After discovering a subdomain – specifically, – that had a cross-site scripting flaw, they got in touch with the hookup app’s makers to file a bug report.

As it turned out, the vulnerability they discovered went far beyond one subdomain on a site for lonely hearts. The team at VPNMentor said the since-patched security hole had left as many as 685 million netizens vulnerable to cross-site-scripting attacks, during which hackers attempt to steal data and hijack accounts. To pull off one of these scripting attacks, a victim would have to click on a malicious link or open a booby-trapped webpage while logged into a vulnerable service.

That staggering nine-figure number is because the security issue was actually within a toolkit, called, that tracks website and app users to figure out where they’ve come from, be it Facebook, email links, Twitter, etc. With the bug lurking in’s code and embedded in a ton of services and mobile applications, the number of people potentially at risk of being hacked via cross-site scripting soared past the half-a-billion mark, we’re told.

Source: Now this might be going out on a limb, but here’s how a bug left ‘685 million’ netizens open to website hacks • The Register

Star Wars: KOTOR Fan Remake Shutting Down After Cease And Desist From Lucasfilm

Back in 2016, an ambitious group of fans began work on an Unreal Engine 4 “reboot” of role-playing, light-sabering classic Star Wars: Knights of the Old Republic called Apeiron. The project has made impressive progress since then, but it emitted a tragic Wilhelm scream this week when Lucasfilm lawyers zapped it out of existence.

As is often the case with ambitious fan projects, Apeiron received a cease-and-desist letter from lawyers representing the series its team was trying to pay homage to. Apeiron’s developer, Poem Studios, took to Twitter to share the news. “After a few days, I’ve exhausted my options to keep it [Apeiron] afloat; we knew this day was a possibility. I’m sorry and may the force be with you,” Poem wrote alongside a screenshot of a letter purporting to be from Lucasfilm.

“Notwithstanding Poem Studios affection and enthusiasm for the Star Wars franchise and the original KOTOR game, we must object to any unlicensed use of Lucasfilm intellectual property,” reads Lucasfilm’s letter. It goes on to call Apeiron’s use of Star Wars characters, artwork, and images on its website and social media “infringing” and demands that 1) Star Wars materials are removed, 2) the Apeiron team ceases development and destroys its code, and 3) they don’t use any Lucasfilm properties in future games.

Source: Star Wars: KOTOR Fan Remake Shutting Down After Cease And Desist From Lucasfilm

What a bunch of dicks at Lucasfilm.

Senators to Google: Why didn’t you disclose massive Google+ vulnerability sooner? Oh, and Why can’t you Google the breach itself?

3 GOP senators want Google to give answers over data leak that affected 500,000 users.

Source: Senators to Google: Why didn’t you disclose Google+ vulnerability sooner?

It’s only three senators and chances are you haven’t heard of the massive, millions affected data breach suffered by Google, that they didn’t report. Interestingly, if you try to Google the breach you get loads of hits on Google’s bug reporting program, but almost nothing on the breach. Google has done an astoundly good job of keeping this under their hats.

The US military wants to teach AI some basic common sense

Wherever artificial intelligence is deployed, you will find it has failed in some amusing way. Take the strange errors made by translation algorithms that confuse having someone for dinner with, well, having someone for dinner.

But as AI is used in ever more critical situations, such as driving autonomous cars, making medical diagnoses, or drawing life-or-death conclusions from intelligence information, these failures will no longer be a laughing matter. That’s why DARPA, the research arm of the US military, is addressing AI’s most basic flaw: it has zero common sense.

“Common sense is the dark matter of artificial intelligence,” says Oren Etzioni, CEO of the Allen Institute for AI, a research nonprofit based in Seattle that is exploring the limits of the technology. “It’s a little bit ineffable, but you see its effects on everything.”

DARPA’s new Machine Common Sense (MCS) program will run a competition that asks AI algorithms to make sense of questions like this one:

A student puts two identical plants in the same type and amount of soil. She gives them the same amount of water. She puts one of these plants near a window and the other in a dark room. The plant near the window will produce more (A) oxygen (B) carbon dioxide (C) water.

A computer program needs some understanding of the way photosynthesis works in order to tackle the question. Simply feeding a machine lots of previous questions won’t solve the problem reliably.

These benchmarks will focus on language because it can so easily trip machines up, and because it makes testing relatively straightforward. Etzioni says the questions offer a way to measure progress toward common-sense understanding, which will be crucial.

Tech companies are busy commercializing machine-learning techniques that are powerful but fundamentally limited. Deep learning, for instance, makes it possible to recognize words in speech or objects in images, often with incredible accuracy. But the approach typically relies on feeding large quantities of labeled data—a raw audio signal or the pixels in an image—into a big neural network. The system can learn to pick out important patterns, but it can easily make mistakes because it has no concept of the broader world.

Source: The US military wants to teach AI some basic common sense – MIT Technology Review

Google’s AI Bots Invent New Legs to Scamper Through Obstacle Courses

Using a technique called reinforcement learning, a researcher at Google Brain has shown that virtual robots can redesign their body parts to help them navigate challenging obstacle courses—even if the solutions they come up with are completely bizarre.

Embodied cognition is the idea that an animal’s cognitive abilities are influenced and constrained by its body plan. This means a squirrel’s thought processes and problem-solving strategies will differ somewhat from the cogitations of octopuses, elephants, and seagulls. Each animal has to navigate its world in its own special way using the body it’s been given, which naturally leads to different ways of thinking and learning.

“Evolution plays a vital role in shaping an organism’s body to adapt to its environment,” David Ha, a computer scientist and AI expert at Google Brain, explained in his new study. “The brain and its ability to learn is only one of many body components that is co-evolved together.”


Using the OpenAI Gym framework, Ha was able to provide an environment for his walkers. This framework looks a lot like an old-school, 2D video game, but it uses sophisticated virtual physics to simulate natural conditions, and it’s capable of randomly generating terrain and other in-game elements.

As for the walker, it was endowed with a pair of legs, each consisting of an upper and lower section. The bipedal bot had to learn how to navigate through its virtual environment and improve its performance over time. Researchers at DeepMind conducted a similar experiment last year, in which virtual bots had to learn how to walk from scratch and navigate through complex parkour courses. The difference here is that Ha’s walkers had the added benefit of being able to redesign their body plan—or at least parts of it. The bots could alter the lengths and widths of their four leg sections to a maximum of 75 percent of the size of the default leg design. The walkers’ pentagon-shaped head could not be altered, serving as cargo. Each walker used a digital version of LIDAR to assess the terrain immediately in front of it, which is why (in the videos) they appear to shoot a thin laser beam at regular intervals.

Using reinforcement-learning algorithms, the bots were given around a day or two to devise their new body parts and come up with effective locomotion strategies, which together formed a walker’s “policy,” in the parlance of AI researchers. The learning process is similar to trial-and-error, except the bots, via reinforcement learning, are rewarded when they come up with good strategies, which then leads them toward even better solutions. This is why reinforcement learning is so powerful—it speeds up the learning process as the bots experiment with various solutions, many of which are unconventional and unpredictable by human standards.

Left: An unmodified walker joyfully skips through easy terrain. Right: With training, a self-modified walker chose to hop instead.
GIF: David Ha/Google Brain/Gizmodo

For the first test (above), Ha placed a walker in a basic environment with no obstacles and gently rolling terrain. Using its default body plan, the bot adopted a rather cheerful-looking skipping locomotion strategy. After the learning stage, however, it modified its legs such that they were thinner and longer. With these modified limbs, the walker used its legs as springs, quickly hopping across the terrain.

The walker chose a strange body plan and an unorthodox locomotion strategy for traversing challenging terrain.
GIF: David Ha/Google Brain/Gizmodo

The introduction of more challenging terrain (above), such as having to walk over obstacles, travel up and down hills, and jump over pits, introduced some radical new policies, namely the invention of an elongated rear “tail” with a dramatically thickened end. Armed with this configuration, the walkers hopped successfully around the obstacle course.

By this point in the experiment, Ha could see that reinforcement learning was clearly working. Allowing a walker “to learn a better version of its body obviously enables it to achieve better performance,” he wrote in the study.

Not content to stop there, Ha played around with the idea of motivating the walkers to adopt some design decisions that weren’t necessarily beneficial to its performance. The reason for this, he said, is that “we may want our agent to learn a design that utilizes the least amount of materials while still achieving satisfactory performance on the task.”

The tiny walker adopted a very familiar gait when faced with easy terrain.
GIF: David Ha/Google Brain/Gizmodo

So for the next test, Ha rewarded an agent for developing legs that were smaller in area (above). With the bot motivated to move efficiently across the terrain, and using the tiniest legs possible (it no longer had to adhere to the 75 percent rule), the walker adopted a rather conventional bipedal style while navigating the easy terrain (it needed just 8 percent of the leg area used in the original design).

The walker struggled to come up with an effective body plan and locomotion style when it was rewarded for inventing small leg sizes.
GIF: David Ha/Google Brain/Gizmodo

But the walker really struggled to come up with a sensible policy when having to navigate the challenging terrain. In the example shown above, which was the best strategy it could muster, the walker used 27 percent of the area of its original design. Reinforcement learning is good, but it’s no guarantee that a bot will come up with something brilliant. In some cases, a good solution simply doesn’t exist.

Source: Google’s AI Bots Invent Ridiculous New Legs to Scamper Through Obstacle Courses

EU hijacking: self-driving car data will be copyrighted…by the manufacturer – not to be released by drivers / engineers / researchers / mechanics

Today, the EU held a routine vote on regulations for self-driving cars, when something decidedly out of the ordinary happened…

The autonomous vehicle rules contained a clause that affirmed that “data generated by autonomous transport are automatically generated and are by nature not creative, thus making copyright protection or the right on databases inapplicable.”

This is pretty inoffensive stuff. Copyright protects creative work, not factual data, and the telemetry generated by your car — self-driving or not — is not copyrighted.

But just before the vote, members of the European Peoples’ Party (the same bloc that pushed through the catastrophic new Copyright Directive) stopped the proceedings with a rare “roll call” and voted down the clause.

In other words, they’ve snuck in a space for the telemetry generated by autonomous vehicles to become someone’s property. This is data that we will need to evaluate the safety of autonomous vehicles, to fine-tune their performance, to ensure that they are working as the manufacturer claims — data that will not be public domain (as copyright law dictates), but will instead be someone’s exclusive purview, to release or withhold as they see fit.

Who will own this data? It’s unlikely that it will be the owners of the vehicles. Just look at the data generated by farmers who own John Deere tractors. These tractors create a wealth of soil data, thanks to humidity sensors, location sensors and torque sensors — a centimeter-accurate grid of soil conditions in the farmer’s own field.

But all of that data is confiscated by John Deere, locked up behind the company’s notorious DRM and only made available in fragmentary form to the farmer who generated it (it comes bundled with the app that you get if you buy Monsanto seed) — meanwhile, the John Deere company aggregates the data for sale into the crop futures market.

It’s already the case that most auto manufacturers use license agreements and DRM to lock up your car so that you can’t fix it yourself or take it to an independent service center. The aggregated data from millions of self-driving cars across the EU aren’t just useful to public safety analysts, consumer rights advocates, security researchers and reviewers (who would benefit from this data living in the public domain) — it is also a potential gold-mine for car manufacturers who could sell it to insurers, market researchers and other deep-pocketed corporate interests who can profit by hiding that data from the public who generate it and who must share their cities and streets with high-speed killer robots.

Source: EU hijacking: self-driving car data will be copyrighted…by the manufacturer / Boing Boing

Ancestry Sites Could Soon Expose Nearly Anyone’s Identity, Researchers Say

Genetic testing has helped plenty of people gain insight into their ancestry, and some services even help users find their long-lost relatives. But a new study published this week in Science suggests that the information uploaded to these services can be used to figure out your identity, regardless of whether you volunteered your DNA in the first place.

The researchers behind the study were inspired by the recent case of the alleged Golden State Killer.

Earlier this year, Sacramento police arrested 72-year-old Joseph James DeAngelo for a wave of rapes and murders allegedly committed by DeAngelo in the 1970s and 1980s. And they claimed to have identified DeAngelo with the help of genealogy databases.

Traditional forensic investigation relies on matching certain snippets of DNA, called short tandem repeats, to a potential suspect. But these snippets only allow police to identify a person or their close relatives in a heavily regulated database. Thanks to new technology, the investigators in the Golden State Killer case isolated the genetic material that’s now collected by consumer genetic testing companies from the suspected killer’s DNA left behind at a crime scene. Then they searched for DNA matches within these public databases.

This information, coupled with other historical records, such as newspaper obituaries, helped investigators create a family tree of the suspect’s ancestors and other relatives. After zeroing on potential suspects, including DeAngelo, the investigators collected a fresh DNA sample from DeAngelo—one that matched the crime scene DNA perfectly.

But while the detective work used to uncover DeAngelo’s alleged crimes was certainly clever, some experts in genetic privacy have been worried about the grander implications of this method. That includes Yaniv Erlich, a computer engineer at Columbia University and chief science officer at MyHeritage, an Israel-based ancestry and consumer genetic testing service.

Erlich and his team wanted to see how easy it would be in general to use the method to find someone’s identity by relying on the DNA of distant and possibly unknown family members. So they looked at more than 1.2 million anonymous people who had gotten testing from MyHeritage, and specifically excluded anyone who had immediate family members also in the database. The idea was to figure out whether a stranger’s DNA could indeed be used to crack your identity.

They found that more than half of these people had distant relatives—meaning third cousins or further—who could be spotted in their searches. For people of European descent, who made up 75 percent of the sample, the hit rate was closer to 60 percent. And for about 15 percent of the total sample, the authors were also able to find a second cousin.

Much like the Golden State investigators, the team found they could trace back someone’s identity in the database with relative ease by using these distant relatives and other demographic but not overly specific information, such as the target’s age or possible state residence.


According to the researchers, it will take only about 2 percent of an adult population having their DNA profiled in a database before it becomes theoretically possible to trace any person’s distant relatives from a sample of unknown DNA—and therefore, to uncover their identity. And we’re getting ever closer to that tipping point.

“Once we reach 2 percent, nearly everyone will have a third cousin match, and a substantial amount will have a second cousin match,” Erlich explained. “My prediction is that for people of European descent, we’ll reach that threshold within two or three years.”


What this means for you: If you want to protect your genetic privacy, the best thing you can do is lobby for stronger legal protections and regulations. Because whether or not you’ve ever submitted your DNA for testing, someone, somewhere, is likely to be able to pick up your genetic trail.

Source: Ancestry Sites Could Soon Expose Nearly Anyone’s Identity, Researchers Say

Stanford AI bot to negotiate sales for you with Craigslist

Artificially intelligent bots are notoriously bad at communicating with, well, anything. Conversations with the code, whether it’s between themselves or with people, often go awry, and veer off topic. Grammar goes out the window, and sentences become nonsensical.


Well, a group of researchers at Stanford University in the US have figured out how to, in theory, prevent that chaos and confusion from happening. In an experiment, they trained neural networks to negotiate when buying stuff in hypothetical situations, mimicking the process of scoring and selling stuff on sites like Craigslist or Gumtree.

Here’s the plan: sellers post adverts trying to get rid off their old possessions. Buyers enquire about the condition of the items, and if a deal is reached, both parties arrange a time and place to exchange the item for cash.

Here’s an example of a conversation between a human, acting as a seller, and a Stanford-built bot, as the buyer:


Example of a bot (A) interacting with a human (B) to buy a Fitbit. Image credit: He et al.

The dialogue is a bit stiff, and the grammar is wrong in places, but it does the job even though no deal is reached. The team documented their work in this paper, here [PDF], which came to our attention this week.

The trick is to keep the machines on topic and stop them from generating gibberish. The researchers used supervised learning and reinforcement learning together with hardcoded rules to force the bots to stay on task.

The system is broadly split into three parts: a parser, a manager and a generator. The parser inspects keywords that signify a specific action that is being taken. Next, the manager stage chooses how the bot should respond. These actions, dubbed “course dialogue acts”, guide the bot through the negotiation task so it knows when to inquire, barter a price, agree or disagree. Finally, the generator produces the response to keep the dialogue flowing.


Diagram of how the system works. The interaction is split into a series of course dialogue acts, the manager chooses what action the bot should take, and a generator spits out words for the dialogue. Image credit: He et al.

In the reinforcement learning method, the bots are encouraged to reach a deal and penalized with a negative reward when it fails to reach an agreement. The researchers train the bot by collecting 6,682 dialogues between humans working on the Amazon Mechanical Turk platform.

They call it the Craigslist Negotiation Dataset since they modeled the scenarios by scraping postings for the items in the six most popular categories on Craigslist. These include items filed under housing, furniture, cars, bikes, phones and electronics.

The conversations are represented as a sequence of actions or course dialogue acts. A long short-term memory network (LSTM) encodes the course dialogue act and another LSTM decodes it.

The manager part chooses the appropriate response. For example, it can propose a price, argue to go lower or higher, and accepts or rejects a deal. The generator conveys all these actions in plain English.

During the testing phase, the bots were pitted against real humans. Participants were then asked to how humans the interaction seemed. The researchers found that their systems were more successful at bargaining for a deal and were more human-like than other bots.

It doesn’t always work out, however. Here’s an example of a conversation where the bot doesn’t make much sense.


A bot (A) trying to buy a Fitbit off a human seller (B). This time, however, it fails to communicate effectively. Image credit: He et al.

If you like the idea of crafting a bot to help you automatically negotiate for things online then you can have a go at making your own. The researchers have posted the data and code on CodaLab. ®

Source: Those Stanford whiz kids have done it again. Now a chatty AI bot to negotiate sales for you with Craigslist riffraff • The Register

Slow your roll: VMware urges admins to apply workarounds to DoS-inducing 3D render vuln

The vuln (CVE-2018-6977) allows an attacker with normal local user privileges to trigger an infinite loop in a 3D-rendering shader. According to VMware, a “specially crafted 3D shader may loop for an infinite amount of time and lock up a VM’s virtual graphics device”.

If that happens, VMware warned, the hypervisor may rely on the host box’s graphics driver to ensure other users of the physical machine are not impacted by the infinite graphical loop.

“However, many graphics drivers may themselves get into to a denial-of-service condition caused by such infinite shaders, and as a result other VMs or processes running on the host might also be affected,” said VMware in a statement.

Source: Slow your roll: VMware urges admins to apply workarounds to DoS-inducing 3D render vuln • The Register

MindBody-owned FitMetrix exposed millions of user records — thanks to servers without passwords – AWS strikes again

FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, has exposed millions of user records because it left several of its servers without a password.

The company builds fitness tracking software for gyms and group classes — like CrossFit and SoulCycle — that displays heart rate and other fitness metric information for interactive workouts. FitMetrix was acquired by gym and wellness scheduling service Mindbody earlier this year for $15.3 million, according to a government filing.

Last week, a security researcher found three FitMetrix unprotected servers leaking customer data.

It isn’t known how long the servers had been exposed, but the servers were indexed by Shodan, a search engine for open ports and databases, in September.

The servers included two of the same ElasticSearch instances and a storage server — all hosted on Amazon Web Service — yet none were protected by a password, allowing anyone who knew where to look to access the data on millions of users.

Bob Diachenko,’s director of cyber risk research, found the databases containing 113.5 million records — though it’s not known how many users were directly affected. Each record contained a user’s name, gender, email address, phone numbers, profile photos, their primary workout location, emergency contacts and more. Many of the records were not fully complete.

Source: MindBody-owned FitMetrix exposed millions of user records — thanks to servers without passwords | TechCrunch

The US Democracy is turning away so many people at polling stations, they need a What to Do If You’re Turned Away at the Polls guide

Several states have instituted stricter voter ID laws since the 2016 presidential election; more, still, are purging voter rolls in the lead up to the election, and the recent Supreme Court decision to uphold Ohio’s aggressive purging law means you can expect many more people to be removed. So, even if you’re registered to vote (and you should really double check) you might find yourself turned away at the polls come November 6.

Source: What to Do If You’re Turned Away at the Polls

One man, one vote? Not so much. Two parties and no voters.

Why are Xiaomi’s fitness tracker and Apple watches detecting a heartbeat from a roll of toilet paper and bananas?

Why is Xiaomi’s fitness tracker detecting a heartbeat from a roll of toilet paper?

Weibo users are confused, but the answer isn’t as wild as it seems

Does a roll of toilet paper have a heart? Obviously not. So why does Xiaomi’s fitness band display a heart rate when it’s wrapped around a roll of toilet paper?

Weibo users have been discussing the phenomenon, with plenty of pictures from mystified users who say the Xiaomi Mi Band 3 fitness tracker is “detecting” a heart rate on toilet paper.

So we decided to get a Mi Band 3 — and of course, a roll of toilet paper — to check it out.

Bizarrely, it’s true.

It didn’t work all the time — only around a quarter of attempts gave us a heartbeat. The numbers were pretty random (ranging from 59bpm to 88bpm), but they were real.

So what about other objects? We tried wrapping the Mi Band 3 around a mug, because we had a mug, and a banana, because the internet likes bananas. Both gave us a heart rate quickly and far more consistently than the toilet paper did.

59bpm? That roll of toilet paper is so chill right now. (Picture: Abacus)

But the Xiaomi band isn’t alone. We also tried the banana and mug with an Apple Watch Series 4 and a Ticwatch, an Android Wear smartwatch. Both also displayed a heartbeat for the two heartless objects, ranging from 33bpm on the banana (Apple Watch) to 130bpm for the mug (Ticwatch).

Source: Why is Xiaomi’s fitness tracker detecting a heartbeat from a roll of toilet paper? | Abacus

Pentagon’s weapons systems are laughably easy to hack

New computerized weapons systems currently under development by the US Department of Defense (DOD) can be easily hacked, according to a new report published today.

The report was put together by the US Government Accountability Office (GAO), an agency that provides auditing, evaluation, and investigative services for Congress.

Congress ordered the GAO report in preparation to approve DOD funding of over $1.66 trillion, so the Pentagon could expand its weapons portfolio with new toys in the coming years.

But according to the new report, GAO testers “playing the role of adversary” found a slew of vulnerabilities of all sort of types affecting these new weapons systems.

“Using relatively simple tools and techniques, testers were able to take control of systems and largely operate undetected, due in part to basic issues such as poor password management and unencrypted communications,” GAO officials said.

The report detailed some of the most eye-catching hacks GAO testers performed during their analysis.

In one case, it took a two-person test team just one hour to gain initial access to a weapon system and one day to gain full control of the system they were testing.

Some programs fared better than others. For example, one assessment found that the weapon system satisfactorily prevented unauthorized access by remote users, but not insiders and near-siders. Once they gained initial access, test teams were often able to move throughout a system, escalating their privileges until they had taken full or partial control of a system.

In one case, the test team took control of the operators’ terminals. They could see, in real-time, what the operators were seeing on their screens and could manipulate the system. They were able to disrupt the system and observe how the operators responded.

Another test team reported that they caused a pop-up message to appear on users’ terminals instructing them to insert two quarters to continue operating.

Multiple test teams reported that they were able to copy, change, or delete system data including one team that downloaded 100 gigabytes, approximately 142 compact discs, of data.

One test report indicated that the test t eam was able to guess an administrator password in nine seconds.

For example, in some cases, simply scanning a system caused parts of the system to shut down. One test had to be stopped due to safety concerns after the test team scanned the system.

Nearly all major acquisition programs that were operationally tested between 2012 and 2017 had mission-critical cyber vulnerabilities that adversaries could compromise.

Source: Pentagon’s new next-gen weapons systems are laughably easy to hack | ZDNet

Who would have thought it – after they decided to use  Windows (95) for Warships

AI lifeline to help devs craft smartmobe apps that suck a whole lot less… battery capacity

Artificial intelligence can help developers design mobile phone apps that drain less battery, according to new research.

The system, dubbed DiffProff, will be presented this week at the USENIX Symposium on Operating Systems Design and Implementation conference in California, was developed by Charlie Hu and Abhilash Jindal, who have a startup devoted to better battery testing via software.

DiffProf rests on the assumption that apps that carry out the same function perform similar tasks in slightly different ways. For example, messaging apps like Whatsapp, Google Hangouts, or Skype, keep old conversations and bring up a keyboard so replies can be typed and sent. Despite this, Whatsapp is about three times more energy efficient than Skype.

“What if a feature of an app needs to consume 70 percent of the phone’s battery? Is there room for improvement, or should that feature be left the way it is?” said Hu, who is also a professor of electrical and computer engineering at Purdue University.

The research paper describing DiffProf is pretty technical. Essentially, it describes a method that uses “differential energy profiling” to create energy profiles for different apps. First, the researchers carry out a series of automated tests on apps by performing identical tasks on each app to work out energy efficiency.

Next, the profile also considers the app’s “call tree” also known as a call graph. These describe the different computer programs that are executed in order to perform a broader given task.

Apps that have the same function, like playing music or sending emails, should have similar call trees. Slight variances in the code, however, lead to different energy profiles. DiffProf uses an algorithm to compare the call trees and highlights what programs are causing an app to drain more energy.

Developers running the tool receive a list of Java packages, that describe the different software features, which appear in the both apps being compared. They can then work out which programs in the less energy efficient app suck up more juice and if it can be altered or deleted altogether. The tool is only useful if the source code for similar apps have significant overlap.

Source: AI lifeline to help devs craft smartmobe apps that suck a whole lot less… battery capacity • The Register

Skip to toolbar