an interactive guide to the game theory of why & how we trust each other
Source: The Evolution of Trust
Very clear and well illustrated
Monthly Archives: January 2018
When a North Korean Missile Accidentally Hit a North Korean City
What happens when a North Korean ballistic missile test fails in flight and explodes in a populated area? On April 28, 2017, North Korea launched a single Hwasong-12/KN17 intermediate-range ballistic missile (IRBM) from Pukchang Airfield in South Pyongan Province (the Korean People’s Army’s Air and Anti-Air Force Unit 447 in Ryongak-dong, Sunchon City, to be more precise). That missile failed shortly after launch and crashed in the Chongsin-dong, in North Korean city of Tokchon, causing considerable damage to a complex of industrial or agricultural buildings.
[…]
As seen in image 1, had the launch succeeded, Rodong Sinmun would likely have printed an image of Kim Jong-un standing in front of the transporter-erector-mounted IRBM in a hardened tunnel.That would have (and now does) send a dire message to U.S. and allied military planners: North Korea’s missiles won’t be sitting ducks at known “launch pads,” contrary to much mainstream analysis. What’s more, the proliferation of newly constructed hangers, tunnels, and storage sites cannot be assumed to stop at the Pukchang Airfield. Similar facilities likely exist across the country. In 2017, not only has North Korea tested a massive variety of strategic weaponry, but it has done so from a more diverse list of launch sites — what the U.S. intelligence community calls “ballistic missile operating areas” — than ever before. Gone are the days of Kim Jong-un supervising and observing launches at a limited list of sites that’d include Sinpo, Sohae, Wonsan, and Kittaeryong.
[…]
As North Korea’s production of now-proven IRBMs and ICBMs continues, it will have a large and diversified nuclear force spread across multiple hardened sites, leaving the preventive warfighter’s task close to impossible if the objective is a comprehensive, disarming first strike leaving Pyongyang without retaliatory options. The time is long gone to turn the clock back on North Korea’s ballistic missile program and its pre-launch basing options.
Source: When a North Korean Missile Accidentally Hit a North Korean City | The Diplomat
Rare Malware Targeting Uber’s Android App Uncovered
Malware discovered by Symantec researchers sneakily spoofs Uber’s Android app and harvests users’ passwords, allowing attackers to take over the effected users’ accounts. The malware isn’t widespread, though, and most Uber users are not effected.
[…]
In order to steal a user’s login information, the malware pops up on-screen regularly and prompts the user to enter their Uber username and password. Once a user falls for the attack and enters their information, it gets swept up by the attacker.To cover up the credential theft, this malware uses deep links to Uber’s legitimate app to display the user’s current location—making it appear as though the user is accessing the Uber app instead of a malicious fake.
Source: Rare Malware Targeting Uber’s Android App Uncovered
Asus is turning its old routers into mesh Wi-Fi networks
Mesh routers like Eero, Netgear’s Orbi, and Google Wifi are getting all the hype these days, but replacing your whole network with a bunch of new devices can be kind of expensive. Asus has a good solution with its new AiMesh system, which lets you repurpose your existing Asus routers as part of a mesh network.For now, the mesh support is coming to a few routers today in beta, including the ASUS RT-AC68U, RT-AC1900P, RT-AC86U, RT-AC5300, and the ROG Rapture GT-AC5300. with additional support planned for the RT-AC88U and RT-AC3100 later this year.
Source: Asus is turning its old routers into mesh Wi-Fi networks – The Verge
Google’s voice-generating AI is now indistinguishable from humans
A research paper published by Google this month—which has not been peer reviewed—details a text-to-speech system called Tacotron 2, which claims near-human accuracy at imitating audio of a person speaking from text.
The system is Google’s second official generation of the technology, which consists of two deep neural networks. The first network translates the text into a spectrogram (pdf), a visual way to represent audio frequencies over time. That spectrogram is then fed into WaveNet, a system from Alphabet’s AI research lab DeepMind, which reads the chart and generates the corresponding audio elements accordingly.
Source: Google’s voice-generating AI is now indistinguishable from humans — Quartz
Project Maven brings AI to the fight against ISIS
For years, the Defense Department’s most senior leadership has lamented the fact that US military and spy agencies, where artificial intelligence (AI) technology is concerned, lag far behind state-of-the-art commercial technology. Though US companies and universities lead the world in advanced AI research and commercialization, the US military still performs many activities in a style that would be familiar to the military of World War II.
As of this month, however, that has begun to change. Project Maven is a crash Defense Department program that was designed to deliver AI technologies—specifically, technologies that involve deep learning neural networks—to an active combat theater within six months from when the project received funding. Most defense acquisition programs take years or even decades to reach the battlefield, but technologies developed through Project Maven have already been successfully deployed in the fight against ISIS. Despite their rapid development and deployment, these technologies are getting strong praise from their military intelligence users. For the US national security community, Project Maven’s frankly incredible success foreshadows enormous opportunities ahead—as well as enormous organizational, ethical, and strategic challenges.
[…]
As its AI beachhead, the department chose Project Maven, which focuses on analysis of full-motion video data from tactical aerial drone platforms such as the ScanEagle and medium-altitude platforms such as the MQ-1C Gray Eagle and the MQ-9 Reaper. These drone platforms and their full-motion video sensors play a major role in the conflict against ISIS across the globe. The tactical and medium-altitude video sensors of the Scan Eagle, MQ-1C, and MQ-9 produce imagery that more or less resembles what you see on Google Earth. A single drone with these sensors produces many terabytes of data every day. Before AI was incorporated into analysis of this data, it took a team of analysts working 24 hours a day to exploit only a fraction of one drone’s sensor data.
[…]
Now that Project Maven has met the sky-high expectations of the department’s former second-ranking official, its success will likely spawn a hundred copycats throughout the military and intelligence community. The department must ensure that these copycats actually replicate Project Maven’s secret sauce—which is not merely its focus on AI technology. The project’s success was enabled by its organizational structure: a small, operationally focused, cross-functional team that was empowered to develop external partnerships, leverage existing infrastructure and platforms, and engage with user communities iteratively during development. AI needs to be woven throughout the fabric of the Defense Department, and many existing department institutions will have to adopt project management structures similar to Maven’s if they are to run effective AI acquisition programs.
[…]
To its credit, the department selected drone video footage as an AI beachhead because it wanted to avoid some of the more thorny ethical and strategic challenges associated with automation in warfare. As US military and intelligence agencies implement modern AI technology across a much more diverse set of missions, they will face wrenching strategic, ethical, and legal challenges—which Project Maven’s narrow focus helped it avoid.
Source: Project Maven brings AI to the fight against ISIS | Bulletin of the Atomic Scientists
Gamers Want DMCA Exemption for ‘Abandoned’ Online Games
Several organizations and gaming fans are asking the Copyright Office to make a DMCA circumvention exemption for abandoned online games, to preserve them for future generations. The exemption would allow museums and libraries to offer copies of abandoned online servers, so these games won’t turn to dust.
The U.S. Copyright Office is considering whether or not to update the DMCA’s anti-circumvention provisions, which prevent the public from tinkering with DRM-protected content and devices.
These provisions are renewed every three years. To allow individuals and organizations to chime in, the Office traditionally launches a public consultation, before it makes any decisions.
This week a series of new responses were received and many of these focused on abandoned games. As is true for most software, games have a limited lifespan, so after a few years they are no longer supported by manufacturers.
To preserve these games for future generations and nostalgic gamers, the Copyright Office previously included game preservation exemptions. This means that libraries, archives and museums can use emulators and other circumvention tools to make old classics playable.
However, these exemptions are limited and do not apply to games that require a connection to an online server, which includes most recent games. When the online servers are taken down, the game simply disappears forever.
Source: Gamers Want DMCA Exemption for ‘Abandoned’ Online Games – TorrentFreak
Edward Snowden’s New App Uses Your Smartphone to Physically Guard Your Laptop
My disk is encrypted, but all it takes to bypass this protection is for an attacker — a malicious hotel housekeeper, or “evil maid,” for example — to spend a few minutes physically tampering with it without my knowledge. If I come back and continue to use my compromised computer, the attacker could gain access to everything.Edward Snowden and his friends have a solution. The NSA whistleblower and a team of collaborators have been working on a new open source Android app called Haven that you install on a spare smartphone, turning the device into a sort of sentry to watch over your laptop. Haven uses the smartphone’s many sensors — microphone, motion detector, light detector, and cameras — to monitor the room for changes, and it logs everything it notices. The first public beta version of Haven has officially been released; it’s available in the Play Store and on F-Droid, an open source app store for Android.
Source: Edward Snowden’s New App Uses Your Smartphone to Physically Guard Your Laptop
Another view: bitcoin isn’t likely to consume all the world’s electricity in 2020 (anyone reminded of climate change discussions?)
The computer process that generates each coin is said to be on pace to require more electricity than the United States consumes in a year. This bitcoin “mining” allegedly consumes more power than most countries use each year, and its electricity usage is roughly equivalent to Bulgaria’s consumption.
But here’s another thing you might want to know: All of that analysis is based on a single estimate of bitcoin’s power consumption that is highly questionable, according to some long-time energy and IT researchers. Despite their skepticism, this power-consumption estimate from the website Digiconomist has quickly been accepted as gospel by many journalists, research analysts and even billionaire investors.
[…]
Several energy experts caution that there is currently no reliable, verifiable way to measure just how much electric power is consumed in the process of minting the cryptocurrency. They say the first step is gathering hard data from the data centers, and no one has done that work yet.“Many of those calculations that you see today I think are based on very weak assumptions,” said Christian Catalini, an assistant professor at the MIT Sloan School of Management who studies blockchain technology and cryptocurrencies.
Source: No, bitcoin isn’t likely to consume all the world’s electricity in 2020
Acoustic Attacks on HDDs cause them to shut down
The basic principle behind this attack is that sound waves introduce mechanical vibrations into an HDD’s data-storage platters. If the sound is played at a specific frequency, it creates a resonance effect that amplifies the vibration effect.Because hard drives store vasts amounts of information inside small areas of each platter, they are programmed to stop all read/write operations during the time a platter vibrates so to avoid scratching storage disks and permanently damaging an HDD.
Source: Acoustic Attacks on HDDs Can Sabotage PCs, CCTV Systems, ATMs, More
These experts figured out why so many bogus US patents get approved
If you’ve read our coverage of the Electronic Frontier Foundation’s “Stupid Patent of the Month” series, you know America has a patent quality problem. People apply for patents on ideas that are obvious, vague, or were invented years earlier. Too often, applications get approved and low-quality patents fall into the hands of patent trolls, creating headaches for real innovators.
Why don’t more low-quality patents get rejected? A recent paper published by the Brookings Institution offers fascinating insights into this question. Written by legal scholars Michael Frakes and Melissa Wasserman, the paper identifies three ways the patent process encourages approval of low-quality patents:
The United States Patent and Trademark Office (USPTO) is funded by fees—and the agency gets more fees if it approves an application.
Unlimited opportunities to refile rejected applications means sometimes granting a patent is the only way to get rid of a persistent applicant.
Patent examiners are given less time to review patent applications as they gain seniority, leading to less thorough reviews.
None of these observations is entirely new. For example, we have covered the problems created by unlimited re-applications in the past. But what sets Frakes and Wasserman’s work apart is that they have convincing empirical evidence for all three theories.
They have data showing that these features of the patent system systematically bias it in the direction of granting more patents. Which means that if we reformed the patent process in the ways they advocate, we’d likely wind up with fewer bogus patents floating around.
Source: These experts figured out why so many bogus patents get approved | Ars Technica
Chrome Extension with 100,000 Users Caught Pushing Cryptocurrency Miner
A Chrome extension with over 105,000 users has been deploying an in-browser cryptocurrency miner to unsuspecting users for the past few weeks.The extension does not ask for user permission before hijacking their CPUs to mine Monero all the time the Chrome browser is open.Named “Archive Poster,” the extension is advertised as a mod for Tumblr that allows users an easier way to “reblog, queue, draft, and like posts right from another blog’s archive.”According to users reviews, around the start of December the extension has incorporated the infamous Coinhive in-browser miner in its source code.
Source: Chrome Extension with 100,000 Users Caught Pushing Cryptocurrency Miner
How to Stop Apps From Listening in on Your TV Habits (it turns out thousands are)
That innocent-looking mobile game you just downloaded might just have an ulterior motive. Behind the scenes, hundreds of different apps could be using your smartphone’s microphone to figure out what you watch on TV, a new report from The New York Times reveals.
[…]
All of these apps need to get your permission before they can record in the background. So the easiest way is just to deny that permission. However, it’s possible that you might approved the request without realizing it, or your kid might do it while playing with your phone. In that case, switching it off is pretty easy.Just head into Settings on your device and check the permissions for the app in question. If the app has microphone access when it doesn’t need to (why would a bowling game need to use your microphone?), just toggle that permission off.
Source: How to Stop Apps From Listening in on Your TV Habits
To drive faster we all need to keep the same distance to the car behind us as the car in front
a new study in IEEE Transactions on Intelligent Transportation Systems mathematically models the implications of the larger problem: You’re not keeping the right distance from the car behind you.
That may seem counterintuitive, since you don’t have much control over how far you are from the car behind you—especially when that person is a tailgater. But the math says that if everyone kept an equal distance between the cars ahead and behind, all spaced out in a more orderly fashion, traffic would move almost twice as quickly. Now sure, you’re probably not going to convince everyone on the road to do that. Still, the finding could be a simple yet powerful way to optimize semi-autonomous cars long before the fully self-driving car of tomorrow arrives.
[…]
Problem is, we’re talking about an emergent property here. “To get the full benefits of this, a significant fraction of the cars would have to have this,” says Horn. “In terms of societal implementation that’s a big factor, because even if it’s relatively cheap, people who implement it will question whether the first car that gets it is worth that investment, because until other cars get it, it doesn’t do a whole lot of good.”
[…]
“It sounds pretty drastic, but the benefits are huge,” says Horn. “We’re talking about a potential doubling of throughput, huge decreases in CO2 emissions, a lot of aggravation reduced and fuel used.”
Source: Math Says You’re Driving Wrong and It’s Slowing Us All Down | WIRED
Forever 21: Yes, hackers breached our payment system for half of 2017
A breach at Forever 21 left customer payment card information exposed to hackers, the retailer confirmed Thursday. The company didn’t specify how many customers had information stolen, but said various point of sales terminals were affected between April 3 and November 18, 2017. Hackers collected credit card numbers, expiration dates, verification codes and sometimes cardholder names.
Source: Forever 21: Yes, hackers breached our payment system – CNET
Hackers Can Rickroll Thousands of Sonos and Bose Speakers Over the Internet
Perhaps you’ve been hearing strange sounds in your home—ghostly creaks and moans, random Rick Astley tunes, Alexa commands issued in someone else’s voice. If so, you haven’t necessarily lost your mind. Instead, if you own one of a few models of internet-connected speaker and you’ve been careless with your network settings, you might be one of thousands of people whose Sonos or Bose devices have been left wide open to audio hijacking by hackers around the world.Researchers at Trend Micro have found that some models of Sonos and Bose speakers—including the Sonos Play:1, the newer Sonos One, and Bose SoundTouch systems—can be pinpointed online with simple internet scans, accessed remotely, and then commandeered with straightforward tricks to play any audio file that a hacker chooses. Only a small fraction of the total number of Bose and Sonos speakers were found to be accessible in their scans. But the researchers warn that anyone with a compromised device on their home network, or who has opened up their network to provide direct access to a server they’re running to the external internet—say, to host a game server or share files—has potentially left their fancy speakers vulnerable to an epic aural prank.
Source: Hackers Can Rickroll Thousands of Sonos and Bose Speakers Over the Internet | WIRED
The evidence-based medicine problem: US doctors cling to procedures that don’t work. Just under half of expensive operations.
The recent news that stents inserted in patients with heart disease to keep arteries open work no better than a placebo ought to be shocking. Each year, hundreds of thousands of American patients receive stents for the relief of chest pain, and the cost of the procedure ranges from $11,000 to $41,000 in US hospitals.
But in fact, American doctors routinely prescribe medical treatments that are not based on sound science.The stent controversy serves as a reminder that the United States struggles when it comes to winnowing evidence-based treatments from the ineffective chaff. As surgeon and health care researcher Atul Gawande observes, “Millions of people are receiving drugs that aren’t helping them, operations that aren’t going to make them better, and scans and tests that do nothing beneficial for them, and often cause harm.
”Of course, many Americans receive too little medicine, not too much. But the delivery of useless or low-value services should concern anyone who cares about improving the quality, safety and cost-effectiveness of medical care. Estimates vary about what fraction of the treatments provided to patients is supported by adequate evidence, but some reviews place the figure at under half.
Naturally that carries a heavy cost: One study found that overtreatment — one type of wasteful spending — added between $158 billion and $226 billion to US health care spending in 2011.
Source: The evidence-based medicine problem: US doctors cling to procedures that don’t work – Vox
Web trackers exploit browser login managers
First, a user fills out a login form on the page and asks the browser to save the login. The tracking script is not present on the login page [1]. Then, the user visits another page on the same website which includes the third-party tracking script. The tracking script inserts an invisible login form, which is automatically filled in by the browser’s login manager. The third-party script retrieves the user’s email address by reading the populated form and sends the email hashes to third-party servers.
We found two scripts using this technique to extract email addresses from login managers on the websites which embed them. These addresses are then hashed and sent to one or more third-party servers. These scripts were present on 1110 of the Alexa top 1 million sites. The process of detecting these scripts is described in our measurement methodology in the Appendix 1. We provide a brief analysis of each script in the sections below.
Source: No boundaries for user identities: Web trackers exploit browser login managers
Canada to use AI to Study ‘Suicide-Related Behavior’ on Social Media
his month the Canadian government is launching a pilot program to research and predict suicide rates in the country using artificial intelligence. The pilot will mine Canadians’ social media posts “in order to identify patterns associated with users who discuss suicide-related behavior,” according to a recently published contract document.
Source: Canada Is Using AI to Study ‘Suicide-Related Behavior’ on Social Media
‘Kernel memory leaking’ Intel / ARM processor design flaw forces Linux, Windows, OSX redesign, massive slowdowns to be expected
t is understood the bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas.The fix is to separate the kernel’s memory completely from user processes using what’s called Kernel Page Table Isolation, or KPTI. At one point, Forcefully Unmap Complete Kernel With Interrupt Trampolines, aka FUCKWIT, was mulled by the Linux kernel team, giving you an idea of how annoying this has been for the developers.
[…]
At best, the vulnerability could be leveraged by malware and hackers to more easily exploit other security bugs.At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel’s memory. Suffice to say, this is not great. The kernel’s memory space is hidden from user processes and programs because it may contain all sorts of secrets, such as passwords, login keys, files cached from disk, and so on. Imagine a piece of JavaScript running in a browser, or malicious software running on a shared public cloud server, able to sniff sensitive kernel-protected data.
Specifically, in terms of the best-case scenario, it is possible the bug could be abused to defeat KASLR: kernel address space layout randomization. This is a defense mechanism used by various operating systems to place components of the kernel in randomized locations in virtual memory. This mechanism can thwart attempts to abuse other bugs within the kernel: typically, exploit code – particularly return-oriented programming exploits – relies on reusing computer instructions in known locations in memory.
Source: ‘Kernel memory leaking’ Intel processor design flaw forces Linux, Windows redesign • The Register
This very specifically could mean that you can’t seperate Virtual Machines properly any more.
AMD is quite chuffed to not be affected.
Using stickers in the field of view to fool image recognition AIs
In a research paper presented in December through a workshop at the 31st Conference on Neural Information Processing Systems (NIPS 2017) and made available last week through ArXiv, a team of researchers from Google discuss a technique for creating an adversarial patch.
This patch, sticker, or cutout consists of a psychedelic graphic which, when placed next to an object like a banana, makes image recognition software see something entirely different, such as a toaster.
[…]
“We construct an attack that does not attempt to subtly transform an existing item into another,” the researchers explain. “Instead, this attack generates an image-independent patch that is extremely salient to a neural network. This patch can then be placed anywhere within the field of view of the classifier, and causes the classifier to output a targeted class.”The boffins observe that because the patch is separate from the scene, it allows attacks on image recognition systems without concern for lighting conditions, camera angles, the type of classifier being attacked, or other objects present in the scene.
While the ruse recalls schemes to trick face scanning systems with geometric makeup patterns, it doesn’t involve altering the salient object in the scene. The addition of the adversarial patch to the scene is enough to confuse the image classification code.
Source: Now that’s sticker shock: Sticky labels make image-recog AI go bananas for toasters • The Register
Nvidia: bans using cheap GeForce, Titan GPUs in servers through EULA. Is that legal?!
The chip-design giant updated its GeForce and Titan software licensing in the past few days, adding a new clause that reads: “No Datacenter Deployment. The SOFTWARE is not licensed for datacenter deployment, except that blockchain processing in a datacenter is permitted.”
In other words, if you wanted to bung a bunch of GeForce GPUs into a server box and use them to accelerate math-heavy software – such as machine learning, simulations and analytics – then, well, you can’t without breaking your licensing agreement with Nvidia. Unless you’re doing trendy blockchain stuff.
A copy of the license in the Google cache, dated December 31, 2017, shows no mention of the data center ban. Open the page today, and, oh look, data center use is verboten.
Source: Nvidia: Using cheap GeForce, Titan GPUs in servers? Haha, nope! • The Register
I don’t really understand how a company hopes to defend being able to tell you where and for what purpose you are allowed to used hardware you bought from them. You bought it, you paid for it, it’s your hardware to do with whatever you want. Unless the government says you can’t. Such as for eg. weaponry. Which I am pretty sure they don’t specify for Nvidia graphics cards.