Monthly Archives: February 2020

Printing tiny, high-precision objects in a matter of seconds

Posted on by

Researchers at EPFL have developed a new, high-precision method for 3D-printing small, soft objects. The process, which takes less than 30 seconds from start to finish, has potential applications in a wide range of fields, including 3D bioprinting.

It all starts with a translucent liquid. Then, as if by magic, darker spots begin to form in the small, spinning container until, barely half a minute later, the finished product takes shape. This groundbreaking 3D-printing method, developed by researchers at EPFL’s Laboratory of Applied Photonics Devices (LAPD), can be used to make tiny objects with unprecedented precision and resolution – all in record time. The team has published its findings in the journal Nature Communications, and a spin-off, Readily3D, has been set up to develop and market the system.

The technology could have innovative applications in a wide range of fields, but its advantages over existing methods – the ability to print solid parts of different textures – make it ideally suited for medicine and biology. The process could be used, for instance, to make soft objects such as tissue, organs, hearing aids and mouthguards.

“Conventional 3D printing techniques, known as additive manufacturing, build parts layer by layer,” explains Damien Loterie, the CEO of Readily3D. “The problem is that soft objects made that way quickly fall apart.” What’s more, the process can be used to make delicate cell-laden scaffolds in which cells can develop in a pressure-free 3D environment. The researchers teamed up with a surgeon to test 3D-printed arteries made using the technique. “The trial results were extremely encouraging,” says Loterie.

Hardened by light

The new technique draws on the principles of tomography, a method used mainly in medical imaging to build a model of an object based on surface scans.

The printer works by sending a laser through the translucent gel – either a biological gel or liquid plastic, as required. “It’s all about the light,” explains Paul Delrot, Readily3D’s CTO. “The laser hardens the liquid through a process of polymerization. Depending on what we’re building, we use algorithms to calculate exactly where we need to aim the beams, from what angles, and at what dose.”

The system is currently capable of making two-centimeter structures with a precision of 80 micrometers, about the same as the diameter of a strand of hair. But as the team develops new devices, they should be able to build much bigger objects, potentially up to 15 centimeters. “The process could also be used to quickly build small silicone or acrylic parts that don’t need finishing after printing,” says Christophe Moser, who heads the LAPD. Interior design could be a potentially lucrative market for the new printer.

References“High-resolution tomographic volumetric additive manufacturing”, Damien Loterie, Paul Delrot, Christophe Moser, published in Nature Communication on February 12, 2020.

Source: Printing tiny, high-precision objects in a matter of seconds – EPFL

Apple’s Mac computers now outpace Windows in malware and virus

Posted on by

Think your Apple product is safe from malware? That only people using Windows machines have to take precautions? According to cybersecurity software company Malwarebytes’ latest State of Malware report, it’s time to think again. The amount of malware on Macs is outpacing PCs for the first time ever, and your complacency could be your worst enemy.

“People need to understand that they’re not safe just because they’re using a Mac,” Thomas Reed, Malwarebytes’ director of Mac and mobile and contributor to the report, told Recode.

Windows machines still dominate the market share and tend to have more security vulnerabilities, which has for years made them the bigger and easier target for hackers. But as Apple’s computers have grown in popularity, hackers appear to be focusing more of their attention on the versions of macOS that power them. Malwarebytes said there was a 400 percent increase in threats on Mac devices from 2018 to 2019, and found an average of 11 threats per Mac devices, which about twice the 5.8 average on Windows.

“There is a rising tide of Mac threats hitting a population that still believes that ‘Macs don’t get viruses,’” Reed said. “I still frequently encounter people who firmly believe this, and who believe that using any kind of security software is not necessary, or even harmful. This makes macOS a fertile ground for the influx of new threats, whereas it’s common knowledge that Windows PCs need security software.”

Now, this isn’t quite as bad as it may appear. First of all, as Malwarebytes notes, the increase in threats could be attributable to an increase in Mac devices running its software. That makes the per-device statistic a better barometer. In 2018, there were 4.8 threats per Mac device, which means the per-device number has more than doubled. That’s not great, but it’s not as bad as that 400 percent increase.

Source: Apple’s Mac computers now outpace Windows in malware and virus – Vox

From models of galaxies to atoms, simple AI shortcuts speed up simulations by billions of times

Posted on by

Modeling immensely complex natural phenomena such as how subatomic particles interact or how atmospheric haze affects climate can take many hours on even the fastest supercomputers. Emulators, algorithms that quickly approximate these detailed simulations, offer a shortcut. Now, work posted online shows how artificial intelligence (AI) can easily produce accurate emulators that can accelerate simulations across all of science by billions of times.

“This is a big deal,” says Donald Lucas, who runs climate simulations at Lawrence Livermore National Laboratory and was not involved in the work. He says the new system automatically creates emulators that work better and faster than those his team designs and trains, usually by hand. The new emulators could be used to improve the models they mimic and help scientists make the best of their time at experimental facilities. If the work stands up to peer review, Lucas says, “It would change things in a big way.”

[…]

creating training data for them requires running the full simulation many times—the very thing the emulator is meant to avoid.

[…]

with a technique called neural architecture search, the most data-efficient wiring pattern for a given task can be identified.

The technique, called Deep Emulator Network Search (DENSE), relies on a general neural architecture search co-developed by Melody Guan, a computer scientist at Stanford University. It randomly inserts layers of computation between the networks’ input and output, and tests and trains the resulting wiring with the limited data. If an added layer enhances performance, it’s more likely to be included in future variations. Repeating the process improves the emulator.

[…]

The researchers used DENSE to develop emulators for 10 simulations—in physics, astronomy, geology, and climate science. One simulation, for example, models the way soot and other atmospheric aerosols reflect and absorb sunlight, affecting the global climate. It can take a thousand of computer-hours to run, so Duncan Watson-Parris, an atmospheric physicist at Oxford and study co-author, sometimes uses a machine learning emulator. But, he says, it’s tricky to set up, and it can’t produce high-resolution outputs, no matter how many data you give it.

The emulators that DENSE created, in contrast, excelled despite the lack of data. When they were turbocharged with specialized graphical processing chips, they were between about 100,000 and 2 billion times faster than their simulations. That speedup isn’t unusual for an emulator, but these were highly accurate: In one comparison, an astronomy emulator’s results were more than 99.9% identical to the results of the full simulation, and across the 10 simulations the neural network emulators were far better than conventional ones. Kasim says he thought DENSE would need tens of thousands of training examples per simulation to achieve these levels of accuracy. In most cases, it used a few thousand, and in the aerosol case only a few dozen.

Source: From models of galaxies to atoms, simple AI shortcuts speed up simulations by billions of times | Science | AAAS

Data Protection Authority Investigates Avast for Selling Users’ Browsing and Maps History

Posted on by

On Tuesday, the Czech data protection authority announced an investigation into antivirus company Avast, which was harvesting the browsing history of over 100 million users and then selling products based on that data to a slew of different companies including Google, Microsoft, and Home Depot. The move comes after a joint Motherboard and PCMag investigation uncovered details of the data collection through a series of leaked documents.

“On the basis of the information revealed describing the practices of Avast Software s.r.o., which was supposed to sell data on the activities of anti-virus users through its ‘Jumpshot division’ the Office initiated a preliminary investigation of the case,” a statement from the Czech national data protection authority on its website reads. Under the European General Protection Regulation (GDPR) and national laws, the Czech Republic, like other EU states, has a data protection authority to enforce things like mishandling of personal data. With GDPR, companies can be fined for data abuses.

“At the moment we are collecting information on the whole case. There is a suspicion of a serious and extensive breach of the protection of users’ personal data. Based on the findings, further steps will be taken and general public will be informed in due time,“ added Ms Ivana Janů, President of the Czech Office for Personal Data Protection, in the statement. Avast is a Czech company.

Motherboard and PCMag’s investigation found that the data sold included Avast users’ Google searches and Google Maps lookups, particular YouTube videos, and people visiting specific porn videos. The data was anonymized, but multiple experts said it could be possible to unmask the identity of users, especially when that data, sold by Avast’s subsidiary Jumpshot, was combined with other data that its clients may possess.

Days after the investigation, Avast bought back a 35 percent stake in Jumpshot worth $61 million, and shuttered Jumpshot. Avast’s valuation fell by a quarter, will incur costs between $15 and $25 million, and the closure Jumpshot will cut annual revenues by around $36 million and underlying profits by $7 million, The Times reported.

Source: Data Protection Authority Investigates Avast for Selling Users’ Browsing History – VICE

A Map of Every Object in Our Solar System

Posted on by

View the high resolution version of this incredible map by clicking here

In this stunning visualization, biologist Eleanor Lutz painstakingly mapped out every known object in Earth’s solar system (>10km in diameter), hopefully helping you on your next journey through space.

Data-Driven Solar System

This particular visualization combines five different data sets from NASA:

Objects in solar system

Source: Tabletop Whale

From this data, Lutz mapped all the orbits of over 18,000 asteroids in the solar system, including 10,000 that were at least 10km in diameter, and about 8,000 objects of unknown size.

This map shows each asteroid’s position on New Year’s Eve 1999.

The Pull of Gravity

When plotting the objects, Lutz observed that the solar system is not arranged in linear distances. Rather, it is logarithmic, with exponentially more objects situated close to the sun. Lutz made use of this observation to space out their various orbits of the 18,000 objects in her map.

What she is visualizing is the pull of the sun, as the majority of objects tend to gravitate towards the inner part of the solar system. This is the same observation Sir Isaac Newton used to develop the concept of gravity, positing that heavier objects produce a bigger gravitational pull than lighter ones. Since the sun is the largest object in our solar system, it has the strongest gravitational pull.

If the sun is continually pulling at the planets, why don’t they all fall into the sun? It’s because the planets are moving sideways at the same time.

orbiting around the sun

Without that sideways motion, the objects would fall to the center – and without the pull toward the center, it would go flying off in a straight line.

This explains the clustering of patterns in solar systems, and why the farther you travel through the solar system, the bigger the distance and the fewer the objects.

The Top Ten Non-Planets in the Solar System

We all know that the sun and the planets are the largest objects in our corner of the universe, but there are many noteworthy objects as well.

Rank Name Diameter Notes
1 Ganymede 3,273 mi (5,268 km) Jupiter’s largest moon
2 Titan 3,200 mi (5,151 km) Saturn’s largest moon
3 Callisto 2,996 mi (4,821 km) Jupiter’s second largest moon
4 Io 2,264 mi (3,643 km) Moon orbiting Jupiter
5 Moon 2,159 mi (3,474 km) Earth’s only moon
6 Europa 1,940 mi (3,122 km) Moon orbiting Jupiter
7 Triton 1,680 mi (2,710 km) Neptune’s largest moon
8 Pluto 1,476 mi (2,376 km) Dwarf planet
9 Eris 1,473 mi (2,372 km) Dwarf planet
10 Titania 981 mi (1,578 km) Uranus’ largest moon

Source: Ourplnt.com

While the map only shows objects greater than 10 kilometers in diameter, there are plenty of smaller objects to watch out for as well.

An Atlas of Space

This map is one among many of Lutz’s space related visualizations. She is also in the process of creating an Atlas of Space to showcase her work.

As we reach further and further beyond the boundaries of earth, her work may come in handy the next time you make a wrong turn at Mars and find yourself lost in an asteroid belt.

Source: A Map of Every Object in Our Solar System – Visual Capitalist

FTC finally wakes up: American watchdog to probe decade of Big Tech takeovers

Posted on by

An American biz watchdog has stepped up its probe into possible market abuse by Big Tech – Amazon, Apple, Facebook, Google and Microsoft – by demanding information on all acquisitions not reported to antitrust authorities in the past decade.

The FTC issued “special orders” to the big five on Tuesday requesting “the terms, scope, structure, and purpose of transactions that each company consummated between January 1, 2010 and December 31, 2019.” That will amount to information on hundreds of deals, the FTC said during a press conference.

If the federal regulator finds a pattern of wrongdoing or abuse of market dominance, it will use its full range of enforcement actions, from a warning all the way up to a “full divestiture of assets” i.e. breaking a company up, FTC chair Joe Simons warned.

The watchdog is adopting a “very broad definition” of the term acquisition including minority investments in companies, licensing transactions, rights to appoint someone to a board. Notably it will also treat data “as an asset that could have competitive effects.”

The goal behind the request is to help the FTC “deepen its understanding of large technology firms’ acquisition activity,” the regulator explained. But Simons was at pains to note that the information is not related to law enforcement actions and will not be shared with other agencies.

That’s relevant because the Department of Justice and a large number of state attorneys general are currently suing the same tech giants over anti-competitive behavior; the FTC data will not be shareable with them under the “unique” authority that the FTC is invoking, it stated.

However, Simons noted, if the FTC does find activity it feels is anti-competitive it will use it as a start point for further investigation; something that could result in the “unwinding” of deals made in the past decade.

Snuffing out competition

There have been numerous reports in the past 10 years of big tech giants buying out competitors that threaten their market and then shuttering them in order to maintain effective monopolies in specific markets.

Simons said the impetus behind today’s order was a series of hearings the FTC held at the tail-end of 2018 where a number of panelists warned large tech platforms were buying up “nascent” companies in order to shut them down.

He painted the special orders as a “follow-up” to those hearings. “We heard at the hearings that there were a lot of transactions by major tech platforms that are not reportable,” Simons said. “What we want to know is why they were not reportable and whether there is anything we should do about it.”

Under the Hart-Scott-Rodino Antitrust Improvements Act (HSR Act), companies are required to report acquisitions of other companies if the size of that acquisition is greater than $94m (the exact figure has changed over time; in 2010 it was $60m). There are, however, exemptions that tech giants may have used to make larger acquisitions without reporting them.

As a result, dozens and possibly hundreds of market-altering purchases have never been made public – and that’s how the tech giants like it. They will often refuse to even acknowledge if they have bought a company. Many of the deals come with a non-compete clause, Simons noted, pointing to possible market interference.

[…]

The investigation could result in a change to the current rules on reporting acquisitions, the regulator noted – something that would not require Congressional authority. It also dismissed concerns that the tech giants could question the FTC’s authority to even issue such orders – something that AT&T successfully did during a five-year legal battle over misleading consumers – saying that it “does not expect any meaningful challenge” to the orders.

The regulator even suggested that if it finds anti-competitive behavior as a result of its information requests it could issue an order in future that would require tech giants to provide full details of any and all future acquisitions.

Judging by the impact of the announcement on the companies’ stock prices, the FTC investigation is only expected to impact Facebook – no doubt because the agency made it clear that it now views user data as a competitive asset.

Source: Oh good, the FTC has discovered acqui-hires… American watchdog to probe decade of Big Tech takeovers • The Register

Aftermarket $998,- Self-Driving Tech vs. Tesla Auto­pilot, Cadillac Super Cruise

Posted on by

Thanks to recent software updates, the most sophisticated systems—Cadillac‘s Super Cruise and Tesla‘s Autopilot—are more capable today than they were initially. This report on those systems includes a lesser known third player. For $998, upstart Comma.ai sells an aftermarket dash cam and wiring harness that taps into and overrides the factory-installed assistance systems in many Honda and Toyo­ta models as well as some Chrysler, Kia, and Lexus vehicles, among others. When activated, Comma.ai’s Openpilot software assumes control over the steering, brakes, and throttle, and it reduces the frequent reminders to keep your hands on the wheel. As you might imagine, automakers do not endorse this hack.

[…this bit is where they discuss the Chrysler and Tesla systems in the article…]

Comma.ai’s control is based almost exclusively on a single windshield-mounted camera. A model-specific wiring harness plugs into the vehicle’s stock front camera behind the rearview mirror. That’s where it taps into the car’s communication network, which is used for everything from the power windows to the wheel-speed sensors. There it inserts new messages to actuate the steering, throttle, and brakes on its command while blocking the factory communication. However, certain safety systems, such as forward-collision alert, remain functional. There are no warning lights to indicate that the vehicle senses anything is amiss. And if you start the car with the Comma.ai unit unplugged, everything reverts back to stock. There is no sophisticated calibration procedure. Just stick the supplied GoPro mount somewhere roughly in the middle of the windshield and pop in the Eon camera display. After doing nothing more than driving for a few minutes, the system announces it’s ready.

Given its lack of sensors, we were shocked at the sophisticated control of the system and its ability to center the car in its lane, both on and off the highway. Importantly, Comma.ai collects the data from the 2500 units currently in use in order to learn from errors and make the system smarter. Compared with the others, Openpilot wasn’t quite as locked on its lane, and its control on two-lane roads wasn’t as solid as Autopilot’s, but its performance didn’t degrade perceptibly at night as Super Cruise’s did. However, the following distance, which isn’t adjustable, is roughly double that of Autopilot and Super Cruise in their closest settings, making us feel as though we were endlessly holding up traffic.

Like Super Cruise, the Comma.ai system employs a driver-facing camera to monitor engagement and doesn’t require regular steering inputs. Unlike Super Cruise, it lacks infrared lighting to enable nighttime vision. That will be part of the next hardware update, Hotz says.

Obviously, the system is reliant on the donor vehicle’s hardware, including the car’s steering-torque limitations. So our Honda Passport couldn’t keep up with the sharpest corners and would regularly flash warning messages to the driver, even when the system handled the maneuver appropriately. Hotz promises the next release will dial back the too-frequent warning messages.

Hotz says he has had conversations with car companies about selling his tech, but he doesn’t see the top-down approach as the way to win. Instead, he envisions Comma.ai as a dealer-installed add-on. But that will be difficult, as both Honda and Toyota are against the installation of the system in their vehicles. Toyota has gone so far as to say it will void the factory warranty. This seems shortsighted, though, as the carmakers could learn a lot from what Comma.ai has accomplished.

Source: Aftermarket Self-Driving Tech vs. Tesla Auto­pilot, Cadillac Super Cruise

Hotz is indeed a very big name and it’s very very cool to see that he’s managed to get this working for under only $1000,-

Pretty amazing to see that he can go toe to toe with the giants and sit on an even keel technically, for way way less money.

Deterrence in the Age of Thinking Machines – they escalate a whole lot quicker than people

Posted on by

The greater use of artificial intelligence (AI) and autonomous systems by the militaries of the world has the potential to affect deterrence strategies and escalation dynamics in crises and conflicts. Up until now, deterrence has involved humans trying to dissuade other humans from taking particular courses of action. What happens when the thinking and decision processes involved are no longer purely human? How might dynamics change when decisions and actions can be taken at machine speeds? How might AI and autonomy affect the ways that countries have developed to signal one another about the potential use of force? What are potential areas for miscalculation and unintended consequences, and unwanted escalation in particular?

This exploratory report provides an initial examination of how AI and autonomous systems could affect deterrence and escalation in conventional crises and conflicts. Findings suggest that the machine decisionmaking can result in inadvertent escalation or altered deterrence dynamics, due to the speed of machine decisionmaking, the ways in which it differs from human understanding, the willingness of many countries to use autonomous systems, our relative inexperience with them, and continued developments of these capabilities. Current planning and development efforts have not kept pace with how to handle the potentially destabilizing or escalatory issues associated with these new technologies, and it is essential that planners and decisionmakers begin to think about these issues before fielded systems are engaged in conflict.

Key Findings

Insights from a wargame involving AI and autonomous systems

  • Manned systems may be better for deterrence than unmanned ones.
  • Replacing manned systems with unmanned ones may not be seen as a reduced security commitment.
  • Players put their systems on different autonomous settings to signal resolve and commitment during the conflict.
  • The speed of autonomous systems did lead to inadvertent escalation in the wargame.

Implications for deterrence

  • Autonomous and unmanned systems could affect extended deterrence and our ability to assure our allies of U.S. commitment.
  • Widespread AI and autonomous systems could lead to inadvertent escalation and crisis instability.
  • Different mixes of human and artificial agents could affect the escalatory dynamics between two sides.
  • Machines will likely be worse at understanding the human signaling involved deterrence, especially deescalation.
  • Whereas traditional deterrence has largely been about humans attempting to understand other humans, deterrence in this new age involves understanding along a number of additional pathways.
  • Past cases of inadvertent engagement of friendly or civilian targets by autonomous systems may offer insights about the technical accidents or failures involving more-advanced systems.

Source: Deterrence in the Age of Thinking Machines | RAND

Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool

Posted on by

Dell has copped to a flaw in SupportAssist – a Windows-based troubleshooting program preinstalled on nearly every one of its newer devices running the OS – that allows local hackers to load malicious files with admin privileges.

The company has issued an advisory about the flaw, warning that a locally authenticated low-privilege user could exploit the vuln to load arbitrary DLLs by the SupportAssist binaries, resulting in the privileged execution of malware.

SupportAssist scans the system’s hardware and software, and when an issue is detected, it sends the necessary system state information to Dell for troubleshooting to begin.

This type of vulnerability is fairly common, but typically requires admin privileges to exploit, so isn’t generally considered a serious security threat. But Cyberark’s Eran Shimony, who discovered the bug, said that in this case, SupportAssist attempts to load a DLL from a directory that a regular (non-admin) user can write into.

“Therefore, a malicious non-privileged user can write a DLL that would be loaded by DellSupportAssist, effectively gaining code execution inside software that runs with NT AUTHORITY\System privileges,” Shimony told The Reg.

“This is because you can write a code entry inside a function called DLLMain (in the malicious DLL) that would be called immediately upon loading. This code piece would run in the privilege level of the host process.”

The flaw (CVE-2020-5316), which has a severity rating of “high”, affects Dell SupportAssist for business PCs version 2.1.3 or earlier and for home PCs version 3.4 or earlier.

Business users need to update to version 2.1.4 for and home desk jockeys should roll over to version 3.4.1 to get the fixes.

Source: Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool • The Register

Super-leaker Snowden punts free PDF* of tell-all NSA book with censored parts about China restored, underlined

Posted on by

Snowden’s bestseller Permanent Record is now available as a free download in Chinese after Communist Party censors cut out all the parts of the former IT admin’s memoir referring to China’s Great Firewall censorship system. The Great Firewall is one of the main means, in the digital era, by which the party maintains its iron grip on the world’s most populous nation’s internet viewing.

Thumbing his nose at the communists, Snowden has today released a 400-page PDF of the entire book – complete with the deleted sections restored and underlined so ordinary Chinese can see precisely what their ruling class doesn’t want them to read about.

In case Snowden’s embedded tweet above disappears at some point in the future, the PDF is hosted at a.temporaryrecord.com. Readers not fluent in Simplified Chinese will be disappointed to learn that they’ll have to pay for the book – even though doing so will end up enriching the US government and the NSA rather than Snowden himself. Although he’s banked his advance, royalties will go to Uncle Sam.

Source: Super-leaker Snowden punts free PDF* of tell-all NSA book with censored parts about China restored, underlined • The Register

Antarctica Just Set a New Temperature Record

Posted on by

It’s positively balmy in Antarctica. The National Meteorological Service of Argentina announced on Twitter that its Esperanza weather station recorded a new high for the continent: 18.3 degrees Celsius (64.9 degrees Fahrenheit).

The previous temperature record for Antarctica was set on March 24, 2015, when this same weather station recorded 17.5 degrees Celsius (63.5 degrees Fahrenheit) near the northern tip of the Antarctic Peninsula closest to South America. Antarctica may be one of the coldest zones on Earth, but it’s also one of the fastest-warming places: The World Meteorological Organization reports that the peninsula has warmed almost 3 degrees Celsius (5.4 degrees Fahrenheit) over the last half-century.

Source: Antarctica Just Set a New Temperature Record

Uncle Sam tells F-35B allies they probably won’t make minimum viable product unless they fly them a whole lot more

Posted on by

The US Department of Defense’s Director of Operational Test and Evaluation (DOTE) warned that the multinational F-35B fighter jet fleet is lagging behind a key flight-hours metric needed to show maintenance maturity.

On top of that, the supersonic stealth jet project’s move towards Agile methodology for “minimum viable product” (MVP)-phased development of critical flight and weapons software every six months is a “high risk” strategy, according to DOTE.

The F-35B fleet worldwide needs to rack up 75,000 flight hours before DOTE thinks it has gathered enough data to meet the contract spec. Currently the B model has just 45,000 hours across the board – and with HMS Queen Elizabeth due to deploy to the Pacific next year with two squadrons of F-35Bs aboard, this could mean the aircraft carrier will set sail with jets that haven’t met their required reliability standard. So far the B fleet is unable to meet its target of flying for 12 hours or more between critical failures.

Software development processes used to build F-35 software also fall under DOTE’s remit, and the auditor is not impressed by what it saw.

In its report (PDF, 14 pages), DOTE said it “assesses the MVP and ‘agile’ process as high risk due to limited time to evaluate representative IDT/OT data before fielding the software,” adding:

Testing will not be able to fully assess fielding configuration of the integrated aircraft, software, weapons, mission data, and ALIS capabilities prior to fielding. The aggressive 6-month development and fielding cycle limits time for adequate regression testing and has resulted in significant problems being discovered in the field.

ALIS is the F-35’s notorious maintenance software. Last seen on El Reg having been given Internet Explorer 11 compatibility two years ago, we now learn from DOTE that version 3.6, which was intended to be the Windows 10-compatible version with “cybersecurity improvements” will now no longer be developed. Instead the F-35 Joint Project Office, the US military unit in charge of F-35 development, “announced it plans to release capabilities via smaller, more frequent service pack updates.”

This, wailed DOTE, “increases timeline uncertainty and schedule risk for corrections to ALIS deficiencies, particularly those associated with cybersecurity and deploying Windows 10.”

Comically, the F-35 JPO has also drunk the DevOps Kool-Aid for these ALIS service packs – giving it the genuine codename “Mad Hatter”. DOTE appeared unsure whether Mad Hatter was DevOps-based or agile, however, commenting: “It is unclear that new approaches, such as ALIS NEXT and ‘Mad Hatter’ will sufficiently improve ALIS, or if more resources are needed.”

Source: Uncle Sam tells F-35B allies they’ll have to fly the things a lot more if they want to help out around South China Sea • The Register

More sadness in the article

Instagram-Scraping Clearview AI Wants To Sell Its Facial Recognition Software To Authoritarian Regimes

Posted on by

As legal pressures and US lawmaker scrutiny mounts, Clearview AI, the facial recognition company that claims to have a database of more than 3 billion photos scraped from websites and social media, is looking to grow around the world.

A document obtained via a public records request reveals that Clearview has been touting a “rapid international expansion” to prospective clients using a map that highlights how it either has expanded, or plans to expand, to at least 22 more countries, some of which have committed human rights abuses.

The document, part of a presentation given to the North Miami Police Department in November 2019, includes the United Arab Emirates, a country historically hostile to political dissidents, and Qatar and Singapore, the penal codes of which criminalize homosexuality.

Clearview CEO Hoan Ton-That declined to explain whether Clearview is currently working in these countries or hopes to work in them. He did confirm that the company, which had previously claimed that it was working with 600 law enforcement agencies, has relationships with two countries on the map.

Source: Instagram-Scraping Clearview AI Wants To Sell Its Facial Recognition Software To Authoritarian Regimes

Almost Every Website You Visit Records Exactly How Your Mouse Moves

Posted on by

When you visit any website, its owner will know where you click, what you type, and how you move your mouse. That’s how websites work: In order to perform actions based on user input, they have to know what that input is.

On its own, that information isn’t all that useful, but many websites today use a service that pulls all of this data together to create session replays of a user’s every move. The result is a video that feels like standing over a user’s shoulder and watching them use the site directly — and what sites can glean from these sorts of tracking tools may surprise you.

Session replay services have been around for over a decade and are widely used. One service, called FullStory, lists popular sites like Zillow, TeeSpring, and Jane as clients on its website. Another, called LogRocket, boasts Airbnb, Reddit, and CarFax, and a third called Inspectlet lists Shopify, ABC, and eBay among its users. They bill themselves as tools for designing sites that are easy to use and increase desired user behavior, such as buying an item. If many users add items to their cart, but then abandon the purchase at a certain rough part of the checkout process, for instance, the service helps site owners figure out how to change the site’s design to nudge users over the checkout line.

Source: Almost Every Website You Visit Records Exactly How Your Mouse Moves

Block these kinds of sites using things like ublock origin, privacy badger, ghostery, facebook container, chameleon, noscript

US gov buys all US cell phone location data, wants to use it for deportations

Posted on by

The American Civil Liberties Union plans to fight newly revealed practices by the Department of Homeland Security which used commercially available cell phone location data to track suspected illegal immigrants.

“DHS should not be accessing our location information without a warrant, regardless whether they obtain it by paying or for free. The failure to get a warrant undermines Supreme Court precedent establishing that the government must demonstrate probable cause to a judge before getting some of our most sensitive information, especially our cell phone location history,” said Nathan Freed Wessler, a staff attorney with the ACLU’s Speech, Privacy, and Technology Project.

Earlier today, The Wall Street Journal reported that Homeland Security, through its Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP) agencies, was buying geolocation data from commercial entities to investigate suspects of alleged immigration violations.

The location data, which aggregators acquire from cellphone apps, including games, weather, shopping and search services, is being used by Homeland Security to detect undocumented immigrants and others entering the U.S. unlawfully, the Journal reported.

According to privacy experts interviewed by the Journal, because the data is publicly available for purchase, the government practices don’t appear to violate the law — despite being what may be the largest dragnet ever conducted by the U.S. government using the aggregated data of its citizens.

It’s also an example of how the commercial surveillance apparatus put in place by private corporations in Democratic societies can be legally accessed by state agencies to create the same kind of surveillance networks used in more authoritarian countries like China, India and Russia.

“This is a classic situation where creeping commercial surveillance in the private sector is now bleeding directly over into government,” Alan Butler, general counsel of the Electronic Privacy Information Center, a think tank that pushes for stronger privacy laws, told the newspaper.

Source: ACLU says it’ll fight DHS efforts to use app locations for deportations | TechCrunch

Software error exposes the ID numbers, birthdays and genders for 1.26 million Danish citizens, 1/5th of the population

Posted on by

A software error in Denmark’s government tax portal has accidentally exposed the personal identification (CPR) numbers for 1.26 million Danish citizens, a fifth of the country’s total population.

The error lasted for five years (between February 2, 2015, and January 24, 2020) before it was discovered, Danish media reported last week.

The software error and the subsequent leak was discovered following an audit by the Danish Agency for Development and Simplification (Udviklings-og Forenklingsstyrelsen, or UFST).

According to the UFST, the error occurred on TastSelv Borger, the Danish tax administration’s official self-service portal where Danish citizens go to file and pay taxes online.

Government officials said the portal contained a software bug that every time a user updated account details in the portal’s settings section, their CPR number would be added to the URL.

The URL would then be collected by analytics services running on the site — in this case, Adobe and Google.

According to the UFST, details for more than 1.2 million Danish tax-payers were exposed by this bug and were inadvertently collected by the analytics providers.

CPR numbers are important in Denmark. They are mandatory for opening bank accounts, getting phone numbers, and many other basic operations.

CPR numbers also leak details about a user. They consist of ten digits, where the first six are a citizen’s birth date. They also leak details about an owner’s gender (if the last digit is odd, the owner is male, if the last digit is even, then the owner is a female).

[…]

Denmark is the third Scandinavian government to suffer a security incident in the last few years. In 2015, the Swedish Transport Agency (STA) allowed several sensitive databases to be uploaded to the cloud and accessed by unvetted Serbian IT professionals. In 2018, a hacker group stole healthcare data for more than half of Norway’s population.

Source: Software error exposes the ID numbers for 1.26 million Danish citizens | ZDNet

How to Remove Windows 10’s Annoying Ads Masquerading as ‘Suggestions’

Posted on by

In a perfect world, every new computer with Windows 10 on it—or every new installation of Windows 10—would arrive free of annoying applications and other bloatware that few people need. (Sorry, Candy Crush Saga.) It would also be free of annoying advertising. While that’s not to say that Microsoft is dropping big banners for Coke or something in your OS, it is frustrating to see it shilling for its Edge browser in your Start Menu.

[…]

To disable these silly suggestions, pull up your Windows 10 Settings menu. From there, click on Personalization, and then click on the Start option in the left-hand sidebar. Look for the following option and disable it: “Show suggestions occasionally in Start”

And while you’re in the Settings app, click on Lock screen. If you aren’t already using a picture or a slideshow as the background, select that, and then deselect the option to “Get fun facts, tips, and more from Windows and Cortana on your lock screen.” In other words, you don’t want to get spammed with suggestions or ads.

Finally, head back to the main Settings screen and click on System. From there, click on “Notifications & actions” in the left-hand sidebar. Because Windows can sometimes get a little spammy and/or advertise you Microsoft products via notifications, you’ll want to uncheck “Get tips, tricks, and suggestions as you use Windows” to cut that out of your digital life.

Source: How to Remove Windows 10’s Annoying Ads Masquerading as ‘Suggestions’

Israeli Voters: Data of All 6.5 Million Voters Leaked

Posted on by

A software flaw exposed the personal data of every eligible voter in Israel — including full names, addresses and identity card numbers for 6.5 million people — raising concerns about identity theft and electoral manipulation, three weeks before the country’s national election.

The security lapse was tied to a mobile app used by Prime Minister Benjamin Netanyahu and his Likud party to communicate with voters, offering news and information about the March 2 election. Until it was fixed, the flaw made it possible, without advanced technical skills, to view and download the government’s entire voter registry, though it was unclear how many people did so.

[…]

It came less than a week after another app helped make a fiasco of the Democratic presidential caucuses in Iowa, casting serious doubts on the figures that were belatedly reported. That app had been privately developed for the party, had not been tested by independent experts, and had been kept secret by the party until weeks before the caucuses.

The personal information of almost every adult in Bulgaria was stolen last year from a government database by hackers suspected of being Russian, and there were cyberattacks in 2017 on Britain’s health care system and the government of Bangladesh that the United States and others have blamed on North Korea. Cyberattacks on companies like the credit agency Equifax, the Marriott International hotel company and Yahoo have exposed the personal data of vast numbers of people.

[…]

Explaining the ease with which the voter information could be accessed, Ran Bar-Zik, the programmer who revealed the breach, explained that visitors to the Elector app’s website could right-click to “view source,” an action that reveals the code behind a web page.

That page of code included the user names and passwords of site administrators with access to the voter registry, and using those credentials would allow anyone to view and download the information. Mr. Bar-Zik, a software developer for Verizon Media who wrote the Sunday article in Haaretz, said he chose the name and password of the Likud party administrator and logged in.

“Jackpot!” he said in an interview on Monday. “Everything was in front of me!”

Source: Israeli Voters: Data of All 6.5 Million Voters Leaked – The New York Times

So – yes, centralised databases. What a great idea. Not.

Tesla Remotely Removes Autopilot Features From Customer’s Used Tesla Without Any Notice

Posted on by

One of the less-considered side effects of car features moving from hardware to software is that important features and abilities of a car can now be removed without any actual contact with a given car. Where once de-contenting involved at least a screwdriver (or, if you were in a hurry, a hammer), now thousands of dollars of options can vanish with the click of a mouse somewhere. And that’s exactly what happened to one Tesla owner, and, it seems many others.

[…]

The car was sold at auction as a result of a California Lemon Law buyback, as the car suffered from a well-known issue where the center-stack screen developed a noticeable yellow border.

When the dealer bought the car at auction from Tesla on November 15, it was optioned with both Enhanced Autopilot and Tesla’s confusingly-named Full Self Driving Capability; together, these options totaled $8,000.

[…]

It’s also worth noting that those repairs on the disclosure were not actually made, which is why Alec took his car to a service center in January.

Illustration for article titled Tesla Remotely Removes Autopilot Features From Customers Used Tesla Without Any Notice

Let’s recap a little bit at this point: A Model S with Enhanced Autopilot (which includes the Summon feature) and FSD “capability” is sold at auction, a dealer buys it, after the sale to the dealer Tesla checks in on the car and decides that it shouldn’t have Autopilot or FSD “capability,” dealer sells car to customer based on the specifications they were aware the car had (and were shown on the window sticker, and confirmed via a screenshot from the car’s display showing the options), and later, when the customer upgrades the car’s software, Autopilot and FSD disappear.

Source: Tesla Remotely Removes Autopilot Features From Customer’s Used Tesla Without Any Notice

Facial recognition fails in China as people wear masks to avoid coronavirus – Face ID fails users as the China coronavirus outbreak sparks widespread adoption of surgical masks

Posted on by

Residents donning surgical face masks while venturing outside their homes or meeting strangers have found themselves in an unfamiliar conundrum. With their faces half-covered, some are unable to unlock their phones or use mobile payments with their faces.

People wearing protective masks to help stop the spread of a deadly virus, which began in Wuhan, at the Beijing railway station on January 27. (Picture: Nicolas Asfouri/AFP)

“Been wearing a mask everyday recently and I just want to throw away this phone with face unlock,” said one frustrated user who posted on Weibo using an iPhone.

“Under the current circumstances, for the past two days, I’ve been basically wearing a mask all the time except while sleeping. In times like this, the iPhone’s Face ID doesn’t really work that well,” another user wrote, adding that she hopes Apple will bring back fingerprint unlock.

It’s more than just handset troubles, though. In China, facial recognition is being deployed from train stations and airports to stores and hotels. Some people say they now have trouble entering gated communities protected by facial recognition systems.

“Just came in through the community gate. I was standing under the facial recognition [camera] but it didn’t recognize me,” one user said. “Around two minutes later, I realized I was wearing a mask.”

[…]

For some people, though, facial recognition has become such an integral part of life that older technology now seems annoyingly inconvenient.

“I’ve gotten used to WeChat Pay’s facial recognition,” said one user. “I’ve been wearing masks these days. Not really used to changing to passcode payment.”

“Fingerprint payment is still better,” another wrote. “This facial recognition, I don’t even dare pull down my mask. And passcode comes so slow. All I want is to pay and quickly run.”

Source: Facial recognition fails in China as people wear masks to avoid coronavirus – Face ID fails users as the China coronavirus outbreak sparks widespread adoption of surgical masks | Abacus

Apple’s Independent Repair Program Is Invasive to Shops and Their Customers, Contract Shows

Posted on by

Last August, in what was widely hailed a victory for the right-to-repair movement, Apple announced it would begin selling parts, tools, and diagnostic services to independent repair shops in addition to its “authorized” repair partners. Apple’s so-called Independent Repair Provider (IRP) program had its limitations, but was still seen as a step forward for a company that’s fought independent repair for years.

Recently, Motherboard obtained a copy of the contract businesses are required to sign before being admitted to Apple’s IRP Program. The contract, which has not previously been made public, sheds new light on a program Apple initially touted as increasing access to repair but has been remarkably silent on ever since. It contains terms that lawyers and repair advocates described as “onerous” and “crazy”; terms that could give Apple significant control over businesses that choose to participate. Concerningly, the contract is also invasive from a consumer privacy standpoint.

In order to join the program, the contract states independent repair shops must agree to unannounced audits and inspections by Apple, which are intended, at least in part, to search for and identify the use of “prohibited” repair parts, which Apple can impose fines for. If they leave the program, Apple reserves the right to continue inspecting repair shops for up to five years after a repair shop leaves the program. Apple also requires repair shops in the program to share information about their customers at Apple’s request, including names, phone numbers, and home addresses.

[…]

Participating repair shops must allow Apple to audit their facilities “at any time,” including during normal business hours. According to the contract, Apple may continue conducting audits, which can involve interviewing the repair shop’s employees, for five years following termination of the contract.

These audits go beyond Apple dropping in on businesses to interrogate workers. The contract requires that IRPs “maintain an electronic service database and/or written documentation” of customer information to assist Apple in its investigations. According to the contract, that database must include the names, phone numbers, email addresses and physical addresses of customers, stipulations that gave Perzanowski “serious misgivings.” As he noted, “some consumers may prefer an independent repair shop, in part, to reduce the data Apple maintains about them.”

[…]

the one-sidedness of Apple’s terms are evident from the outset, when it defines its “agreement” with independent repair businesses to include any additional documents Apple chooses to release in the future.

“Like Darth Vader, they can alter the deal and you can only pray they don’t alter it any further,” Walsh said.

Source: Apple’s Independent Repair Program Is Invasive to Shops and Their Customers, Contract Shows – VICE

Wacom tablet drivers phone home with names, times of every app opened on your computer

Posted on by

Wacom’s official tablet drivers leak to the manufacturer the names of every application opened, and when, on the computers they are connected to.

Software engineer Robert Heaton made this discovery after noticing his drawing board’s fine-print included a privacy policy that gave Wacom permission to, effectively, snoop on him.

Looking deeper, he found that the tablet’s driver logged each app he opened on his Apple Mac and transmitted the data to Google to analyze. To be clear, we’re talking about Wacom’s macOS drivers here: the open-source Linux ones aren’t affected, though it would seem the Windows counterparts are.

[…]

Wacom’s request made me pause. Why does a device that is essentially a mouse need a privacy policy?”

Source: Sketchy behavior? Wacom tablet drivers phone home with names, times of every app opened on your computer • The Register

VMWare starts pricing more for CPU with > 32 cores

Posted on by

Pricing is being tweaked upwards where software is licensed on a per CPU basis. If the chip has more than 32 cores like, say, a 64 core AMD EPYC, then users will need to fork out for two CPU licences.

Both AMD and Intel will cheerfully sell punters chips with more than the requisite 32 cores, and utilising such chippery with the original per-CPU pricing was, in a very real way, a useful method of getting more bang for one’s buck from the software.

With Intel struggling to make enough of its high-end hardware to satisfy demand, AMD looked set to steal a march with the likes of the EPYC 7742. VMware’s pricing change will you make you think twice about the benefits of sticking a core-dense processor into a server with a view to keeping software costs down.

Virtzilla claims “the change moves VMware closer to the current software industry standard model of core-based pricing” and indeed, the likes of Microsoft (PDF) and Oracle (PDF) both use core-based pricing these days, although even the most determined apologist would struggle to suggest the move is aimed at anything other than boosting the bottom line.

Naturally, observers have been less than impressed by the move.

Source: Virtualization juggernaut VMware hits the CPU turbo button for licensing costs • The Register