Twitter is back online for some people after being down for an hour or so Thursday afternoon. Tweets weren’t loading in the app or on desktop for several Engadget editors, while Down Detector had a massive spike in outage reports.
Twitter said the outage was due to “an internal system change” and it’s fixing the issue. It said everything should be up and running again soon.
Users began to report outages a little over an hour ago. For this writer, the problem first presented as weirdness with Reddit’s login server and front page timeline, but it quickly worsened. Now navigating to reddit.com is rewarding many with 503 errors.
The outage seems to have hit users visiting Reddit on desktop the hardest. Navigating to Reddit through its app on Android and iOS worked just fine for several Gizmodo staffers, and even the Reddit’s status page claims all systems are operational, though it is showing a sharp uptick in error rates for reddit.com.
If you feel like the internet has been breaking more than usual, you’re not alone. There have been a number of significant outages over the last month.
Under Microsoft’s rules, what it calls “Security-only updates” are supposed to include, well, only security updates, not quality fixes or diagnostic tools. Nearly three years ago, Microsoft split its monthly update packages for Windows 7 and Windows 8.1 into two distinct offerings: a monthly rollup of updates and fixes and, for those who are want only those patches that are absolutely essential, a Security-only update package.
Among the fierce corps of Windows Update skeptics, the Compatibility Appraiser tool is to be shunned aggressively. The concern is that these components are being used to prepare for another round of forced updates or to spy on individual PCs. The word telemetry appears in at least one file, and for some observers it’s a short step from seemingly innocuous data collection to outright spyware.
With the July 2019-07 Security Only Quality Update KB4507456, Microsoft has slipped this functionality into a security-only patch without any warning, thus adding the “Compatibility Appraiser” and its scheduled tasks (telemetry) to the update. The package details for KB4507456 say it replaces KB2952664 (among other updates).
Come on Microsoft. This is not a security-only update. How do you justify this sneaky behavior? Where is the transparency now.
I had the same question, so I spent the afternoon poking through update files and security bulletins and trying to get an on-the-record response from Microsoft. I got a terse “no comment” from Redmond.
Starting today, Windows 10 users are finding that the /sfc scannow feature is no longer working and that it states it found, but could not fix, corrupted Windows Defender PowerShell files.
The Windows System File Checker tool, commonly known as SFC, has a /scannow argument that will check the integrity of all protected Winodws system files and repair any issues that are found.
As of this morning, users in a wildersecurity.com thread have started reporting that when they run sfc /scannow, the program is stating that “Windows Resource Protection found corrupt files but was unable to fix some of them.” I too was able to reproduce this issue on a virtual machine with Windows Defender configured as the main antivirus program.
Apple has pushed a silent update to Macs, disabling the hidden web server installed by the popular Zoom web-conferencing software.
A security researcher this week went public with his finding that the mechanism used to bypass a Safari prompt before entering a Zoom conference was a hidden local web server.
Jonathan Leitschuh focused largely on the fact that a user’s webcam would likely be ON automatically, meaning that a crafty bit of web coding would give an attacker a peek into your room if you simply visit their site.
But the presence of the web server was a more serious issue, especially since uninstalling Zoom did not remove it and the web server would reinstall the Zoom client – which is malware-like behaviour.
[…]
On 9 July the company updated its Mac app to remove the local web server “via a prompted update”.
The next day Apple itself took action, by instructing macOS’s built-in antivirus engine to remove the web server on sight from Macs. Zoom CEO Eric Yuan added on Wednesday:
Apple issued an update to ensure the Zoom web server is removed from all Macs, even if the user did not update their Zoom app or deleted it before we issued our July 9 patch. Zoom worked with Apple to test this update, which requires no user interaction.
Apple has disabled the Apple Watch Walkie Talkie app due to an unspecified vulnerability that could allow a person to listen to another customer’s iPhone without consent, the company told TechCrunch this evening.
Apple has apologized for the bug and for the inconvenience of being unable to use the feature while a fix is made.
[…]
Earlier this year a bug was discovered in the group calling feature of FaceTime that allowed people to listen in before a call was accepted. It turned out that the teen who discovered the bug, Grant Thompson, had attempted to contact Apple about the issue but was unable to get a response. Apple fixed the bug and eventually rewarded Thompson a bug bounty. This time around, Apple appears to be listening more closely to the reports that come in via its vulnerability tips line and has disabled the feature.
Earlier today, Apple quietly pushed a Mac update to remove a feature of the Zoom conference app that allowed it to work around Mac restrictions to provide a smoother call initiation experience — but that also allowed emails and websites to add a user to an active video call without their permission.
Computer scientists have developed a card-playing bot, called Pluribus, capable of defeating some of the world’s best players at six-person no-limit Texas hold’em poker, in what’s considered an important breakthrough in artificial intelligence.
Two years ago, a research team from Carnegie Mellon University developed a similar poker-playing system, called Libratus, which consistently defeated the world’s best players at one-on-one Heads-Up, No-Limit Texas Hold’em poker. The creators of Libratus, Tuomas Sandholm and Noam Brown, have now upped the stakes, unveiling a new system capable of playing six-player no-limit Texas hold’em poker, a wildly popular version of the game.
In a series of contests, Pluribus handedly defeated its professional human opponents, at a level the researchers described as “superhuman.” When pitted against professional human opponents with real money involved, Pluribus managed to collect winnings at an astounding rate of $1,000 per hour. Details of this achievement were published today in Science.
[…]
For the new study, Brown and Sandholm subjected Pluribus to two challenging tests. The first pitted Pluribus against 13 different professional players—all of whom have earned more than $1 million in poker winnings—in the six-player version of the game. The second test involved matches featuring two poker legends, Darren Elia and Chris “Jesus” Ferguson, each of whom was pitted against five identical copies of Pluribus.
The matches with five humans and Pluribus involved 10,000 hands played over 12 days. To incentivize the human players, a total of $50,000 was distributed among the participants, Pluribus included. The games were blind in that none of the human players were told who they were playing, though each player had a consistent alias used throughout the competition. For the tests involving a lone human and five Pluribuses, each player was given $2,000 for participating and a bonus $2,000 for playing better than their human cohort. Elia and Ferguson both played 5,000 separate hands against their machine opponents.
In all scenarios, Pluribus registered wins with “statistical significance,” and to a degree the researchers referred to as “superhuman.”
“We mean superhuman in the sense that it performs better than the best humans,” said Brown, who is completing his Ph.D. as a research scientist at Facebook AI. “The bot won by about five big blinds per hundred hands of poker (bb/100) when playing against five elite human professionals, which professionals consider to be a very high win rate. To beat elite professionals by that margin is considered a decisive win.
[…]
Before the competition started, Pluribus developed its own “blueprint” strategy, which it did by playing poker with itself for eight straight days.
“Pluribus does not use any human gameplay data to form its strategy,” explained Brown. “Instead, Pluribus first uses self-play, in which it plays against itself over trillions of hands to formulate a basic strategy. It starts by playing completely randomly. As it plays more and more hands against itself, its strategy gradually improves as it learns which actions lead to winning more money. This is all done offline before ever playing against humans.”
Armed with its blueprint strategy, the competitions could begin. After the first bets were placed, Pluribus calculated several possible next moves for each opponent, in a manner similar to how machines play chess and Go. The difference here, however, is that Pluribus was not tasked to calculate the entire game, as that would be “computationally prohibitive,” as noted by the researchers.
“In Pluribus, we used a new way of doing search that doesn’t have to search all the way to the end of the game,” said Brown. “Instead, it can stop after a few moves. This makes the search algorithm much more scalable. In particular, it allows us to reach superhuman performance while only training for the equivalent of less than $150 on a cloud computing service, and playing in real time on just two CPUs.”
[…]
Importantly, Pluribus was also programmed to be unpredictable—a fundamental aspect of good poker gamesmanship. If Pluribus consistently bet tons of money when it figured it had the best hand, for example, its opponents would eventually catch on. To remedy this, the system was programmed to play in a “balanced” manner, employing a set of strategies, like bluffing, that prevented Pluribus’ opponents from picking up on its tendencies and habits.
Google admitted on Thursday that more than 1,000 sound recordings of customer conversations with the Google Assistant were leaked by some of its partners to a Belgian news site.
[…]
“We just learned that one of these language reviewers has violated our data security policies by leaking confidential Dutch audio data,” Google product manager of search David Monsees said in a blog post. “Our Security and Privacy Response teams have been activated on this issue, are investigating, and we will take action. We are conducting a full review of our safeguards in this space to prevent misconduct like this from happening again”
Monsees said its partners only listen to “around 0.2 percent of all audio snippets” and said they are “not associated with user accounts,” even though VRT was able to figure out who was speaking in some of the clips.
NB the CNBC article states that you can delete old conversations, but we know that’s not the case for transcribed Alexa conversations and we know that if you delete your shopping emails from Gmail, Google keeps your shopping history.
