Monthly Archives: September 2018

Resident evil: Inside a UEFI rootkit used to spy on govts, made by you-know-who (hi, Russia)

Posted on by

A rootkit is a piece of software that hides itself on computer systems, and uses its root or administrator-level privileges to steal and alter documents, spy on users, and cause other mischief and headaches. A UEFI rootkit lurks in the motherboard firmware, meaning it starts up before the operating system and antivirus suites run, allowing it to bury itself deep in an infected machine, undetected and with high-level access privileges.

According to infosec biz ESET, a firmware rootkit dubbed LoJax targeted Windows PCs used by government organizations in the Balkans as well as in central and eastern Europe. The chief suspects behind the software nasty are the infamous Fancy Bear (aka Sednit aka Sofacy aka APT28) hacking crew, elsewhere identified as a unit of Russian military intelligence.

That’s the same Fancy Bear that’s said to have hacked the US Democratic Party’s servers, French telly network TV5, and others.

The malware is based on an old version of a legit application by Absolute Software called LoJack for Laptops, which is typically installed on notebooks by manufacturers so that stolen devices can be found.

[…]

Once up and alive, LoJax contacts command-and-control servers that are disguised as normal websites and are known to be operated by Russian intelligence. It then downloads its orders to carry out.

[…]

This persistence method is particularly invasive as it will not only survive an OS reinstall, but also a hard disk replacement. Moreover, cleaning a system’s UEFI firmware means re-flashing it, an operation not commonly done and certainly not by the typical user.

[…]

There are firmware settings that can thwart the flash installation simply by blocking write operations. If BIOS write-enable is off, BIOS lock-enable is on, and SMM BIOS write-protection is enabled, then the malware can’t write itself to the motherboard’s flash storage.

Alternatively, wiping the disk and firmware storage will get rid of this particular rootkit strain.

Modern systems should be able to resist malicious firmware overwrites, we’re told, although ESET said it found at least one case of LoJax in the PC’s SPI flash.

“While it is hard to modify a system’s UEFI image, few solutions exists to scan system’s UEFI modules and detect malicious ones,” wrote Team ESET. “Moreover, cleaning a system’s UEFI firmware means re-flashing it, an operation not commonly done and certainly not by the average user. These advantages explain why determined and resourceful attackers will continue to target systems’ UEFI.”

Source: Resident evil: Inside a UEFI rootkit used to spy on govts, made by you-know-who (hi, Russia) • The Register

DEFCON hackers’ dossier on US voting machine security is just as grim as feared

Posted on by

Hackers probing America’s electronic voting systems have painted an astonishing picture of the state of US election security, less than six weeks before the November midterms.

The full 50-page report [PDF], released Thursday during a presentation in Washington DC, was put together by the organizers of the DEF CON hacking conference’s Voting Village. It recaps the findings of that village, during which attendees uncovered ways resourceful miscreants could compromise electoral computer systems and change vote tallies.

In short, the dossier outlines shortcomings in the electronic voting systems many US districts will use later this year for the midterm elections. The report focuses on vulnerabilities exploitable by scumbags with physical access to the hardware.

“The problems outlined in this report are not simply election administration flaws that need to be fixed for efficiency’s sake, but rather serious risks to our critical infrastructure and thus national security,” the report stated. “As our nation’s security is the responsibility of the federal government, Congress needs to codify basic security standards like those developed by local election officials.”

Criminally easy to hack

Researchers found that many of the systems tested were riddled with basic security blunders committed by their manufacturers, such as using default passwords and neglecting to install locks or tamper-proof seals on casings. These could be exploited by miscreants to do anything from add additional votes to create and stuff the ballot with entirely new candidates. It would require the crooks to get their hands on the machines long enough to meddle with the hardware.

Some electronic ballot boxes use smart cards loaded with Java-written software, which executes once inserted into the computer. Each citizen is given a card, which they slide in the machine when they go to vote. Unfortunately, it is possible to reprogram your card yourself so that when inserted, you can vote multiple times. If the card reader has wireless NFC support, you can hold your NFC smartphone up to the voting machine, and potentially cast a ballot many times over.

“Due to a lack of security mechanisms in the smart card implementation, researchers in the Voting Village demonstrated that it is possible to create a voter activation card, which after activating the election machine to cast a ballot can automatically reset itself and allow a malicious voter to cast a second (or more) unauthorized ballots,” the report read.

“Alternatively, an attacker can use his or her mobile phone to reprogram the smart card wirelessly.”

Source: DEF CON hackers’ dossier on US voting machine security is just as grim as feared

Facebook Is Giving Advertisers Access to Your Shadow Contact Information – and you can’t find out what that is

Posted on by

Last week, I ran an ad on Facebook that was targeted at a computer science professor named Alan Mislove. Mislove studies how privacy works on social networks and had a theory that Facebook is letting advertisers reach users with contact information collected in surprising ways. I was helping him test the theory by targeting him in a way Facebook had previously told me wouldn’t work. I directed the ad to display to a Facebook account connected to the landline number for Alan Mislove’s office, a number Mislove has never provided to Facebook. He saw the ad within hours.

What Facebook told Alan Mislove about the ad I targeted at his office landline number
Screenshot: Facebook (Alan Mislove)

One of the many ways that ads get in front of your eyeballs on Facebook and Instagram is that the social networking giant lets an advertiser upload a list of phone numbers or email addresses it has on file; it will then put an ad in front of accounts associated with that contact information. A clothing retailer can put an ad for a dress in the Instagram feeds of women who have purchased from them before, a politician can place Facebook ads in front of anyone on his mailing list, or a casino can offer deals to the email addresses of people suspected of having a gambling addiction. Facebook calls this a “custom audience.”

You might assume that you could go to your Facebook profile and look at your “contact and basic info” page to see what email addresses and phone numbers are associated with your account, and thus what advertisers can use to target you. But as is so often the case with this highly efficient data-miner posing as a way to keep in contact with your friends, it’s going about it in a less transparent and more invasive way.

Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all, but that was collected from other people’s contact books, a hidden layer of details Facebook has about you that I’ve come to call “shadow contact information.”

[…]

Giridhari Venkatadri, Piotr Sapiezynski, and Alan Mislove of Northeastern University, along with Elena Lucherini of Princeton University, did a series of tests that involved handing contact information over to Facebook for a group of test accounts in different ways and then seeing whether that information could be used by an advertiser.

[…]

They found that when a user gives Facebook a phone number for two-factor authentication or in order to receive alerts about new log-ins to a user’s account, that phone number became targetable by an advertiser within a couple of weeks. So users who want their accounts to be more secure are forced to make a privacy trade-off and allow advertisers to more easily find them on the social network.

[…]

The researchers also found that if User A, whom we’ll call Anna, shares her contacts with Facebook, including a previously unknown phone number for User B, whom we’ll call Ben, advertisers will be able to target Ben with an ad using that phone number, which I call “shadow contact information,” about a month later.

[…]

I think that many users don’t fully understand how ad targeting works today: that advertisers can literally specify exactly which users should see their ads by uploading the users’ email addresses, phone numbers, names+dates of birth, etc,” said Mislove. “In describing this work to colleagues, many computer scientists were surprised by this, and were even more surprised to learn that not only Facebook, but also Google, Pinterest, and Twitter all offer related services. Thus, we think there is a significant need to educate users about how exactly targeted advertising on such platforms works today.”

Source: Facebook Is Giving Advertisers Access to Your Shadow Contact Information

Building your own PC for AI is 10x cheaper than renting out GPUs on cloud, apparently

Posted on by

Jeff Chen, an AI techie and entrepreneur at Stanford University in the US, believes that a suitable machine can be built for about $3,000 (~£2,300) without including tax. At the heart of the beast is an Nvidia GeForce 1080Ti GPU, a 12-core AMD Threadripper processor, 64GB of RAM, and a 1TB SSD card for data. Bung in a fan to keep the computer cool, a motherboard, a power supply, wrap the whole thing in a case, and voila.

Here’s the full checklist…

GPU_computer_cost

Image credit: Jeff Chen

Unlike renting out compute and data storage on cloud, once your personal rig is built, the only recurring cost to pay for is power. It costs $3 (£2.28) an hour to rent a GPU-accelerated system on AWS, whereas it’s only 20 cents (15p) to run on your own computer. Chen has done the sums, and, apparently, after two months that will work out to being ten times cheaper. The gap decreases slightly over time as the computer hardware depreciates.

“There are some drawbacks, such as slower download speed to your machine because it’s not on the backbone, static IP is required to access it away from your house, you may want to refresh the GPUs in a couple of years, but the cost savings is so ridiculous it’s still worth it,” he said this week.

Source: Building your own PC for AI is 10x cheaper than renting out GPUs on cloud, apparently • The Register

Amazon Alexa outage: Voice-activated devices are down in UK and beyond – yay cloud services!

Posted on by

Amazon Alexa devices stopped working in the UK and reportedly in parts of continental Europe this morning, with some users still complaining of intermittent outages at the time of writing.

The digital blackout began at around 0800 UK time and though it appeared to be recovering by 09.30, some folk – including Reg staffers – were still experiencing service failures at the time of writing.

The creepy always-on audio surveillance device voice-activated home assistant relies on a constant connection to Amazon’s servers to function.

Source: Amazon Alexa outage: Voice-activated devices are down in UK and beyond • The Register

Google is using AI to predict floods in India and warn users

Posted on by

For years Google has warned users about natural disasters by incorporating alerts from government agencies like FEMA into apps like Maps and Search. Now, the company is making predictions of its own. As part of a partnership with the Central Water Commission of India, Google will now alert users in the country about impending floods. The service is only currently available in the Patna region, with the first alert going out earlier this month.

As Google’s engineering VP Yossi Matias outlines in a blog post, these predictions are being made using a combination of machine learning, rainfall records, and flood simulations.

“A variety of elements — from historical events, to river level readings, to the terrain and elevation of a specific area — feed into our models,” writes Matias. “With this information, we’ve created river flood forecasting models that can more accurately predict not only when and where a flood might occur, but the severity of the event as well.”

Source: Google is using AI to predict floods in India and warn users – The Verge

A $1, Linux-Capable, Hand-Solderable Processor

Posted on by

Over on the EEVblog, someone noticed an interesting chip that’s been apparently flying under our radar for a while. This is an ARM processor capable of running Linux. It’s hand-solderable in a TQFP package, has a built-in Mali GPU, support for a touch panel, and has support for 512MB of DDR3. If you do it right, this will get you into the territory of a BeagleBone or a Raspberry Pi Zero, on a board that’s whatever form factor you can imagine. Here’s the best part: you can get this part for $1 USD in large-ish quantities. A cursory glance at the usual online retailers tells me you can get this part in quantity one for under $3. This is interesting, to say the least.

The chip in question, the Allwinner A13, is a 1GHz ARM Cortex-A8 processor. While it’s not much, it is a chip that can run Linux in a hand-solderable package. There is no HDMI support, you’ll need to add some more chips (that are probably in a BGA package), but, hey, it’s only a dollar.

If you’d like to prototype with this chip, the best options right now are a few boards from Olimex, and a System on Module from the same company. That SoM is an interesting bit of kit, allowing anyone to connect a power supply, load an SD card, and get this chip doing something.

Currently, there aren’t really any good solutions for a cheap Linux system you can build at home, with hand-solderable chips. Yes, you could put Linux on an ATMega, but that’s the worst PC ever. A better option is the Octavo OSD335x SoC, better known as ‘the BeagleBone on a Chip’. This is a BGA chip, but the layout isn’t too bad, and it can be assembled using a $12 toaster oven. The problem with this chip is the price; at quantity 1000, it’s a $25 chip. At quantity one, it’s a $40 chip. NXP’s i.MX6 chips have great software support, but they’re $30 chips, and you’ll need some DDR to make it do something useful, and that doesn’t even touch the fiddlyness of a 600-ball package

While the Allwinner A13 beats all the other options on price and solderability, it should be noted that like all of these random Linux-capable SoCs, the software is a mess. There is a reason those ‘Raspberry Pi killers’ haven’t yet killed the Raspberry Pi, and it’s because the Allwinner chips don’t have documentation and let’s repeat that for emphasis: the software is a mess.

Source: A $1, Linux-Capable, Hand-Solderable Processor | Hackaday

Hadoop and NoSQL backups timed by AI

Posted on by

Machine learning data management company Imanis Data has introduced an autonomous backup product powered by machine learning.

The firm said users can specify a desired RPO (Recovery Point Objective) and its SmartPolicies tech then set up the backup schedules. The tech is delivered as an upgrade to the Imanis Data Management Platform (IDMP) product.

SmartPolicies uses metrics including criticality and volume of data to be protected, primary cluster workloads, and daily or seasonal resource utilisation, to determine the most efficient way to achieve the desired RPO.

If it can’t be met because, for example, production systems are too busy, or computing resources are insufficient, then SmartPolicies provides recommendations to make the RPO executable.

Other items in the upgrade include any-point-in-time recovery for multiple NoSQL databases, better ransomware prevention and general data management improvements, such as job tag listing and a browsable catalog for simpler recovery.

[…]

Having backup software set up its own schedules based on input RPO values isn’t a new idea, but having it done with machine learning is. The checking of available resources is a darn good idea too and, when you think about it, absolutely necessary.

Otherwise “backup run failed” messages would start popping up all over the place – not good. We expect other backup suppliers to follow in Imanis’s wake and start sporting “machine learning-driven policy” messages quite quickly.

Source: When should I run backup, robot overlord? Autonomous Hadoop and NoSQL backup is now a thing • The Register

Google Chrome Is Now Quietly Forcing You to Log In—Here’s What to Do About It 

Posted on by

Once again, Google has rankled privacy-focused people with a product change that appears to limit users’ options. It’s easy to miss the fact that you’re automatically being logged-in to Chrome if you’re not paying attention.

Chrome 69 released to users on September 5, and you likely noticed that it has a different look. But if you’re the type of person who doesn’t like to log in to the browser with your Google account, you may have missed the fact that it happens automatically when you sign-in to a Google service like Gmail. Previously, users were allowed to keep those logins separate. Members of the message board Hacker News noticed the change relatively quickly and over the weekend, several developers called attention to it.

[…]

If you want to disable the forced login, a user on Hacker News points out a workaround that could change at any time. Copy and paste this text into your browser’s address bar: chrome://flags/#account-consistency. Then disable the option labeled, “Identity consistency between browser and cookie jar,” and restart your browser. Go to this link to ensure that your Sync settings are configured the way you like them. For now, you have a choice, but it shouldn’t be so difficult or obscure.

Source: Google Chrome Is Now Quietly Forcing You to Log In—Here’s What to Do About It 

Hey, Microsoft, stop installing third-party apps on clean Windows 10 installs!

Posted on by

Before Windows 10, a clean install of Windows only included the bare essentials a user would need to get started using their PC. That included software built by Microsoft, such as Mail, Paint, and its web browser, and it never included “bloatware” or “trialware” that one might find on hardware purchased from a third-party OEM that preloaded all kinds of crapware.

The clean install process was simple. With Windows 7, you’d do the install, and once you hit the desktop, that was it. All the programs that were preinstalled were Microsoft-made and were often considered essentials. This changed with Windows 8, with the addition of auto-updating apps such as Travel, News and more. Still, these were acceptable, preinstalled Windows apps and were not really classed as bloatware.

With Windows 10, a clean install stays that way for about two minutes, because the second you hit the desktop, the Microsoft Store immediately starts trying to download third-party apps and games. And these apps keep trying to install themselves even after you cancel the downloads.

Six too many

There are six such apps, which is six too many. These apps are often random, but right now they include things like Candy Crush, Spotify, and Disney Magic Kingdoms. You should not see any of these apps on a fresh install of Windows 10, yet they are there every single time.

There are policies you can set that disable these apps from automatically installing, but that’s not the point. On a fresh, untouched, clean install of Windows 10, these apps will download themselves onto your PC. Even if you cancel the installation of these apps before they manage to complete the download, they will retry at a later date, without you even noticing.

The only way I’ve found that gets rid of them permanently is to let them install initially, without canceling the download, and then uninstall the apps from the Start menu. If you cancel the initial download of the bloatware apps before they complete their first install, the Microsoft Store will just attempt to redownload them later and will keep doing so until that initial install is complete.

Source: Hey, Microsoft, stop installing third-party apps on clean Windows 10 installs! | Windows Central

Open-source alt-droid wants to know if it’s still leaking data to Google

Posted on by

/e/, a Google-free fork of Android, reached a milestone this month with its initial ROM release. It’s available for download, so you can kick the tires, with nightly builds delivered via OTA (over the air) updates.

El Reg interviewed the project’s leader, Gael Duval, in the summer. Duval launched and led the Linux Mandrake project. Back then it was called “eelo”, but has morphed into just /e/ – which autocorrect features won’t try to turn into “eels”.

The project is significant in that the European Commission recently noted how few people switch platforms. If you’re on Apple or Android today, the chances are you will be on the same platform, plugged into the same “ecosystem” of peripherals and services, in 10 years. So it wants more variety and competition within the Android world.

/e/ derives from LineageOS, itself a fork of CynaogenMod, so it can run on around 30 phone models including the Samsung Galaxy S7, and several recent-ish OnePlus devices.

Source: Open-source alt-droid wants to know if it’s still leaking data to Google • The Register

Zoho – GSuite competitor – pulled offline after phishing complaints by DNS registrar, millions of people couldn’t work. Love the cloud!

Posted on by

Zoho .com was pulled offline on Monday after the company’s domain registrar received phishing complaints, the company’s chief executive said.

The web-based office suite company, which also provides customer relationship and invoicing services to small businesses, tweeted that the site was “blocked” earlier in the day by TierraNet, which administers its domain name.

In an email to TechCrunch, Zoho boss Sridhar Vembu said that TierraNet “took our domain down without any notice to us” after receiving complaints about phishing emails from Zoho-hosted email accounts.

In doing so, thousands of businesses that rely on Zoho for their operations couldn’t access their email, documents and files, and other business-critical software during the day. Zoho counts Columbia University, Netflix, Citrix, Air Canada and the Los Angeles Times as customers.

“They kept pointing us back to their legal, even when I tried to call their senior management,” said Vembu in the email.

Source: Zoho pulled offline after phishing complaints, CEO says | TechCrunch

Cisco Video Surveillance Manager Appliance Default Root Password Vulnerability (again)

Posted on by

A vulnerability in Cisco Video Surveillance Manager (VSM) Software running on certain Cisco Connected Safety and Security Unified Computing System (UCS) platforms could allow an unauthenticated, remote attacker to log in to an affected system by using the root account, which has default, static user credentials.

The vulnerability is due to the presence of undocumented, default, static user credentials for the root account of the affected software on certain systems. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Source: Cisco Video Surveillance Manager Appliance Default Password Vulnerability

Incredible that this is still a thing, especially at Cisco, where it’s happened before.

2D spray on transparent wireless antennae created

Posted on by

Metals are widely used for antennas; however, their bulkiness limits the fabrication of thin, lightweight, and flexible antennas. Recently, nanomaterials such as graphene, carbon nanotubes, and conductive polymers came into play. However, poor conductivity limits their use. We show RF devices for wireless communication based on metallic two-dimensional (2D) titanium carbide (MXene) prepared by a single-step spray coating. We fabricated a ~100-nm-thick translucent MXene antenna with a reflection coefficient of less than −10 dB. By increasing the antenna thickness to 8 μm, we achieved a reflection coefficient of −65 dB. We also fabricated a 1-μm-thick MXene RF identification device tag reaching a reading distance of 8 m at 860 MHz. Our finding shows that 2D titanium carbide MXene operates below the skin depth of copper or other metals as well as offers an opportunity to produce transparent antennas.

Source: 2D titanium carbide (MXene) for wireless communication | Science Advances

Windows handwriting recognition on? Then all your typing is stored in plain text on your PC.

Posted on by

If you’re one of the people who own a stylus or touchscreen-capable Windows PC, then there’s a high chance there’s a file on your computer that has slowly collected sensitive data for the past months or even years.

This file is named WaitList.dat, and according to Digital Forensics and Incident Response (DFIR) expert Barnaby Skeggs, this file is only found on touchscreen-capable Windows PCs where the user has enabled the handwriting recognition feature [1, 2] that automatically translates stylus/touchscreen scribbles into formatted text.

Source: This Windows file may be secretly hoarding your passwords and emails | ZDNet

Quantum chicken-or-egg experiment blurs the distinction between before and after

Posted on by

In the everyday world, events occur in a definite order—your alarm clock rings before you wake up, or vice versa. However, a new experiment shows that when fiddling with a photon, it can be impossible to say in which order two events occur, obliterating our common sense notion of before and after and, potentially, muddying the concept of causality. Known as a quantum switch, the setup could provide a useful new tool in budding quantum information technologies.

Quantum mechanics already torpedoes our notion that an object can be in only one place at a time. Thanks to the weirdness of quantum mechanics, a tiny particle like an electron can be in multiple places at once. The quantum switch achieves something similar for two events, A and B, showing that A can occur before B and B can occur before A.

“I’m very excited to see people realizing our idea with an actual experiment,” says Giulio Chiribella of the University of Oxford in the United Kingdom, one of the theorists who in 2009 first proposed the concept.

[…]

The quantum switch could have applications in budding technologies that, for example, manipulate and transmit information encoded in the quantum states of individual photons and other quantum particles. Such devices must pass particles through quantum channels, such as optical fibers, that invariably suffer from noise. But even if two such channels are too noisy to transmit quantum information, they could in principle be fashioned into a quantum switch to enable the information to flow, Jacquiline Romero, a quantum physicist and member of the Queensland team, says. “You introduce indefinite order and suddenly you can communicate,” she says. “That’s pretty cool!”

Source: Quantum chicken-or-egg experiment blurs the distinction between before and after | Science | AAAS

Quantum mechanics defies causal order, experiment confirms

An experiment has confirmed that quantum mechanics allows events to occur with no definite causal order. The work has been carried out by Jacqui Romero, Fabio Costa and colleagues at the University of Queensland in Australia, who say that gaining a better understanding of this indefinite causal order could offer a route towards a theory that combines Einstein’s general theory of relativity with quantum mechanics

In classical physics – and everyday life – there is a strict causal relationship between consecutive events. If a second event (B) happens after a first event (A), for example, then B cannot affect the outcome of A. This relationship, however, breaks down in quantum mechanics because the temporal spread of a particles’s wave function can be greater than the separation in time between A and B. This means that the causal order of A and B cannot be always be distinguished by a quantum particle such as a photon.

[…]

As well as making an experimental connection between relativity and quantum mechanics, the researchers point out that their quantum switch could find use in quantum technologies. “This is just a first proof of principle, but on a larger scale indefinite causal order can have real practical applications, like making computers more efficient or improving communication,” says Costa.

Quantum mechanics defies causal order, experiment confirms

AI’s ‘deep-fake’ vids surge ahead in realism

Posted on by

Researchers from Carnegie Mellon University and Facebook Reality Lab are presenting Recycle-GAN, a generative adversarial system for “unsupervised video retargeting” this week at the European Conference on Computer Vision (ECCV) in Germany.

Unlike most methods, Recycle-GAN doesn’t rely on learning an explicit mapping between the images in a source and target video to perform a face swap. Instead, it’s an unsupervised learning method that begins to line up the frames from both videos based on “spatial and temporal information”.

In other words, the content that is transferred from one video to another not only relies on mapping the space but also the order of the frames to make sure both are in sync. The researchers use the comedians Stephen Colbert and John Oliver as an example. Colbert is made to look like he is delivering the same speech as Oliver, as his face is use to mimic the small movements of Oliver’s head nodding or his mouth speaking.

Here’s one where John Oliver is turned into a cartoon character.

It’s not just faces, Recycle-Gan can be used for other scenarios too. Other examples include synching up different flowers so they appear to bloom and die at the same time.

The researchers also play around with wind conditions, turning what looks like a soft breeze blowing into the trees into a more windy day without changing the background.

“I think there are a lot of stories to be told,” said Aayush Bansal, co-author of the research and a PhD. student at CMU.”It’s a tool for the artist that gives them an initial model that they can then improve,” he added.

Recycle-GAN might prove useful in other areas. Simulating various effects for video footage taken from self-driving cars could help them drive under different conditions.

“Such effects might be useful in developing self-driving cars that can navigate at night or in bad weather, Bansal said. These videos might be difficult to obtain or tedious to label, but its something Recycle-GAN might be able to generate automatically.

Source: The eyes don’t have it! AI’s ‘deep-fake’ vids surge ahead in realism • The Register

Solid-state battery startup secures backing from several automakers as it claims 2- 3x higher energy capacity, better safety through solid-state

Posted on by

Solid Power is a Colorado-based startup that spun out of a battery research program at the University of Colorado Boulder.

The company claims to have achieved a breakthrough by incorporating a high-capacity lithium metal anode in lithium batteries – creating a solid-state cell with an energy capacity “2-3X higher” than conventional lithium-ion.

They have already attracted investments from important companies, like A123 Systems and more recently BMW, which planned to validate their battery technology for the automotive market.

Now they are announcing this week the addition Hyundai, Samsung and several others to the list as they close a $20 million series A round of financing.

They are now working with two automakers and two battery cell suppliers for the auto industry.

Co-founder and CEO Doug Campbell commented on the announcement:

“We are at the center of the ‘electrification of everything’ with ASSB technology emerging as the clear leader in ‘post lithium-ion’ technologies. Solid-state batteries are a game changer for EV, electronics, defense, and medical device markets, and Solid Power’s technology is poised to revolutionize the industry with a competitive product paying special attention to safety, performance, and cost.”

In a press release, the company listed a bunch of advantages that they claim their technology has over current batteries:

  • 2 – 3X higher energy vs. current lithium-ion
  • Substantially improved safety due to the elimination of the volatile, flammable, and corrosive liquid electrolyte as used in lithium-ion
  • Low-cost battery-pack designs through:
    • Minimization of safety features
    • Elimination of pack cooling
    • Greatly simplified cell, module, and pack designs through the elimination of the need for liquid containment
  • High manufacturability due to compatibility with automated, industry-standard, roll-to-roll production

Solid Power said that it plans to use the funds from its Series A investment to “scale-up production via a multi-MWh roll-to-roll facility, which will be fully constructed and installed by the end of 2018 and fully operational in 2019.”

Source: Solid-state battery startup secures backing from several automakers as it claims breakthrough for electric vehicles | Electrek

Article 11, Article 13: EU’s Dangerous Copyright Bill Advances: massive censorship and upload filters (which are impossible) and huge taxes for links.

Posted on by

Members of the European Parliament voted Wednesday to approve a sweeping overhaul of the EU’s copyright laws that includes two controversial articles that threaten to hand more power to the richest tech companies and generally break the internet.

Overall, MEPs voted in favor of the EU Copyright Directive with a strong majority of 438 to 226. But the process isn’t over. There are still more parliamentary procedures to go through, and individual countries will eventually have to decide how they intend to implement the rules. That’s part of the reason that it’s so difficult to raise public awareness on this issue.

Momentum to oppose the legislation built up earlier this summer, culminating with Parliament deciding to open it up for amendments in July. Many people may have thought the worst was over. It wasn’t—but make no mistake, today’s vote in favor of the directive was extremely consequential.

The biggest issue with this legislation has been Articles 11 and 13. These two provisions have come to be known as the “link tax” and “upload filter” requirements, respectively.

In brief, the link tax is intended to take power back from giant platforms like Google and Facebook by requiring them to pay news outlets for the privilege of linking or quoting articles. But critics say this will mostly harm smaller websites that can’t afford to pay the tax, and the tech giants will easily pay up or just decide not link to news. The latter outcome has already happened when this was tried in Spain. On top of inhibiting the spread of news, the link tax could also make it all but impossible for Wikipedia and other non-profit educational sources to do their work because of their reliance on links, quotes, and citation.

The upload filter section of the legislation demands that all platforms aside from “small/micro enterprises” use a content ID system of some sort to prevent any copyrighted works from being uploaded. Sites will face all copyright liabilities in the event that something makes it past the filter. Because even the best filtering systems, like YouTube’s, are still horrible, critics say that the inevitable outcome is that over-filtering will be the default mode of operation. Remixing, meme-making, sharing of works in the public domain, and other fair use practices would likely all fall victim to platforms that would rather play it safe, just say no to flagged content, and avoid legal battles. Copyright trolls will likely be able to fraudulently claim ownership of intellectual property with little recourse for their victims.

We’ve gone further in-depth on all of the implications of the copyright directive, but the fact is, it’s full of vagaries and blind spots that make it impossible to say just how it will shake out. Joe McNamee, executive director of digital rights association EDRi, recently told The Verge, “The system is so complicated that last Friday the [European Parliament] legal affairs committee tweeted an incorrect assessment of what’s happening. If they don’t understand the rules, what hope the rest of us?” As we come closer to living parallel lives online and IRL, such sweeping legislation is dangerous to play with.

Source: Article 11, Article 13: EU’s Dangerous Copyright Bill Advances

You know all those movies you bought from Apple? Um, well, think different: You didn’t. Didn’t you learn that from Amazon in 2009?

Posted on by

Remember when you decided to buy, rather than rent, that movie online? We have some bad news for you – you didn’t.

Biologist Anders Gonçalves da Silva was surprised this week to find three movies he had purchased through iTunes simply disappeared one day from his library. So he contacted Apple to find out what had happened.

And Apple told him it no longer had the license rights for those movies so they had been removed. To which he of course responded: Ah, but I didn’t rent them, I actually bought them through your “buy” option.

At which point da Silva learnt a valuable lesson about the realities of digital purchases and modern licensing rules: While he had bought the movies, what he had actually paid for was the ability to download the movie to his hard drive.

“Please be informed that the iTunes/App Store is a store front that give content providers a platform or a place to sell their items,” the company informed him. “We can only offer what has been made available to us. Since the content provider has removed these movies… I am unable to provide you the copy of the movies.”

Sure, he could stream it whenever he wanted since he had bought it, but once those licensing rights were up, if he hadn’t downloaded the movie, it was gone – forever.

[…]

And it’s not fair to single out just Apple either: pretty much every provider of digital content has the same rules. Amazon got in hot water a few years ago when its deal with Disney expired and customers discovered that their expensive movie purchases vanished over night. In 2009 thee was a similar ruckus when it pulled George Orwell’s classic 1984 from Kindles without notice.

Source: You know all those movies you bought from Apple? Um, well, think different: You didn’t • The Register

Wow, great invention: Now AI eggheads teach machines how to be sarcastic using Reddit

Posted on by

It’s tricky. Computers have to follow what is being said by whom, the context of the conversation and often some real world facts to understand cultural references. Feeding machines single sentences is often ineffective; it’s a difficult task for humans to detect if individual remarks are cheeky too.

The researchers, therefore, built a system designed to inspect individual sentences as well as the ones before and after it. The model is made up of several bidirectional long-short term memory networks (BiLSTMs) stitched together, and was accurate at spotting a sarcastic comment about 70 per cent of the time.

“Typical LSTMs read and encode the data – a sentence – from left to right. BiLSTMs will process the sentence in a left to right and right to left manner,” Reza Ghaeini, coauthor of the research on arXiv and a PhD student at Oregon State University, explained to The Register this week.

“The outcome of the BiLSTM for each position is the concatenation of forward and backward encodings of each position. Therefore, now each position contains information about the whole sentence (what is seen before and what will be seen after).”

So, where’s the best place to learn sarcasm? Reddit’s message boards, of course. The dataset known as SARC – geddit? – contains hundreds of thousands of sarcastic and non-sarcastic comments and responses.

“It is quite difficult for both machines and humans to distinguish sarcasm without context,” Mikhail Khodak, a graduate student at Princeton who helped compile SARC, previously told El Reg.

“One of the advantages of our corpus is that we provide the text preceding each statement as well as the author of the statement, so algorithms can see whether it is sarcastic in the context of the conversation or in the context of the author’s past statements.”

Source: Wow, great invention: Now AI eggheads teach machines how to be sarcastic using Reddit • The Register

Top European Court Rules UK Mass Surveillance Regime Violates Human Rights

Posted on by

The European Court of Human Rights (ECHR) ruled this week that the United Kingdom government’s surveillance regime violated human rights laws.

The matter first came to light in 2013 when NSA whistleblower Edward Snowden revealed British surveillance practices—namely that the government intercepts social media, messages, and phone calls regardless of criminal record or suspicions of criminal activity.

The ECHR decided the surveillance program violates Article 8 of the European Convention on Human Rights—the right to a private life and a family life—due to what the court regarded as “insufficient oversight” of the selection of collected communications.

The court also believes that journalistic sources were not adequately protected. ECHR judges wrote, “In view of the potential chilling effect that any perceived interference with the confidentiality of journalists’ communications and, in particular, their sources might have on the freedom of the press, the Court found that the bulk interception regime was also in violation of article 10.”

In 2016, the UK Investigatory Powers Tribunal also ruled that intelligence agencies violated human rights through bulk collection and unsatisfactory oversight.

A group of human rights organizations including Big Brother Watch and Amnesty International brought the case to the court. The advocacy groups focused on the power granted by the Regulation of Investigatory Powers Act 2000 (RIPA), which was replaced in 2016 by the Investigatory Powers Act in 2016, a bill that hasn’t yet gone into effect.

“This landmark judgment confirming that the UK’s mass spying breached fundamental rights vindicates Mr. Snowden’s courageous whistleblowing,” Silkie Carlo, director of the Big Brother Watch, said in a statement. “Under the guise of counter-terrorism, the UK has adopted the most authoritarian surveillance regime of any Western state, corroding democracy itself and the rights of the British public. This judgment is a vital step towards protecting millions of law-abiding citizens from unjustified intrusion.”

The ECHR did deviate from these watchdog groups with the court ruling that the practice of sharing collected information with foreign nations—as opposed to oversight of the collection itself—does not violate freedom of speech or the right to a private life.

Source: Top European Court Rules UK Mass Surveillance Regime Violates Human Rights

Facebook creates an AI-based tool to automate bug fixes

Posted on by

SapFix, which is still under development, is designed to generate fixes automatically for specific bugs before sending them to human engineers for approval.

Facebook, which announced the tool today ahead of its @Scale conference in San Jose, California, for developers building large-scale systems and applications, calls SapFix an “AI hybrid tool.” It uses artificial intelligence to automate the creation of fixes for bugs that have been identified by its software testing tool Sapienz, which is already being used in production.

SapFix will eventually be able to operate independently from Sapienz, but for now it’s still a proof-of-concept that relies on the latter tool to pinpoint bugs first of all.

SapFix can fix bugs in a number of ways, depending on how complex they are, Facebook engineers Yue Jia, Ke Mao and Mark Harman wrote in a blog post announcing the tools. For simpler bugs, SapFix creates patches that revert the code submission that introduced them. In the case of more complicated bugs, SapFix uses a collection of “templated fixes” that were created by human engineers based on previous bug fixes.

And in case those human-designed template fixes aren’t up to the job, SapFix will then attempt what’s called a “mutation-based fix,” which works by continually making small modifications to the code that caused the software to crash, until a solution is found.

SapFix goes further by generating multiple potential fixes for each bug, then submits these for human evaluation. It also performs tests on each of these fixes so engineers can see if they might cause other problems, such as compilation errors and other crashes somewhere else.

Source: Facebook creates an AI-based tool to automate bug fixes – SiliconANGLE