The Linkielist

Linking ideas with the world

The Linkielist

Apple’s T2 Security Chip ensure used laptops become unrecyclable junk, a Nightmare for MacBook Refurbishers

Posted on by

As predicted, the proprietary locking system Apple rolled out with its 2018 MacBook Pros is hurting independent repair stores, refurbishers, and electronics recyclers. A combination of secure software locks, diagnostic requirements, and Apple’s new T2 security chip are making it hard to breathe new life into old MacBook Pros that have been recycled but could be easily repaired and used for years were it not for these locks.

It’s a problem that highlights Apple’s combative attitude towards the secondhand market and the need for national right to repair legislation.

“The irony is that I’d like to do the responsible thing and wipe user data from these machines, but Apple won’t let me,” John Bumstead, a MacBook refurbisher and owner of the RDKL INC repair store, said in a tweet with an attached picture of two “bricked” MacBook Pros. “Literally the only option is to destroy these beautiful $3,000 MacBooks and recover the $12/ea they are worth as scrap.”

Source: Apple’s T2 Security Chip Has Created a Nightmare for MacBook Refurbishers – VICE

Way to highlight capitalist consumer planet unfriendly culture, Apple

Iceland Has Tested 13% of Its Population for Coronavirus. They have days with 0 deaths. Here’s What It Found

Posted on by

Iceland’s testing yielded new leads for scientists about how the virus behaves. Early results suggested 0.6 percent of the population were “silent carriers” of the disease with no symptoms or only a mild cough and runny nose.

Preliminary research suggests one-third of those who tested positive at deCODE infected someone around them, providing evidence that silent carriers do transmit the disease but much less than symptomatic patients.

In a random sample of 848 children under the age of 10 none of them tested positive, which guided Icelandic authorities’ decision to keep schools open for children under 16.

Alongside the testing, civil defense authorities set up a Contact Tracing Team, including police officers and university students, which used legwork and phone calls to identify people who had come into contact with infected individuals. A mobile phone tracing app was up and running a few weeks later.

Gudnason said the approach’s success is shown by the fact that about 60% of people who tested positive were already in quarantine after being contacted by the tracing team.

Altogether, 19,000 people were ordered into two-week quarantine. Everyone else carried on with a semblance of normality. Primary schools remained open, and some cafes and restaurants kept operating, following social distancing rules: no more than 20 people gathered at once and everyone 2 meters (6.5 feet) apart.

Starting Monday, gatherings of up to 50 will be permitted, high schools and colleges can resume classes and all businesses except bars, gyms and swimming pools can reopen.

The entire country, however, must self-isolate from the rest of the world for the time being. Everyone arriving from abroad faces a 14-day quarantine.

Source: Iceland Has Tested 13% of Its Population for Coronavirus. Here’s What It Found | Time

Researchers create a new system to protect users’ online data by checking if data entered is consistent with the privacy policy

Posted on by

Researchers have created a new a new system that helps Internet users ensure their online data is secure.

The software-based system, called Mitigator, includes a plugin users can install in their browser that will give them a secure signal when they visit a website verified to process its data in compliance with the site’s privacy policy.

“Privacy policies are really hard to read and understand,” said Miti Mazmudar, a PhD candidate in Waterloo’s David R. Cheriton School of Computer Science. “What we try to do is have a compliance system that takes a simplified model of the privacy policy and checks the code on the website’s end to see if it does what the privacy policy claims to do.

“If a website requires you to enter your email address, Mitigator will notify you if the privacy policy stated that this wouldn’t be needed or if the privacy policy did not mention the requirement at all.”

Mitigator can work on any computer, but the companies that own the website servers must have machines with a trusted execution environment (TEE). TEE, a secure area of modern server-class processors, guarantees the protection of code and data loaded in it with respect to confidentiality and integrity.

“The big difference between Mitigator and prior systems that had similar goals is that Mitigator’s primary focus is on the signal it gives to the user,” said Ian Goldberg, a professor in Waterloo’s Faculty of Mathematics. “The important thing is not just that the company knows their software is running correctly; we want the user to get this assurance that the company’s software is running correctly and is processing their data properly and not just leaving it lying around on disk to be stolen.

“Users of Mitigator will know whether their data is being properly protected, managed, and processed while the companies will benefit in that their customers are happier and more confident that nothing untoward is being done with their data.”

The study, Mitigator: Privacy policy compliance using trusted hardware, authored by Mazmudar and Goldberg, has been accepted for publication in the Proceedings of Privacy Enhancing Technologies.

Source: Researchers create a new system to protect users’ online data | Waterloo Stories | University of Waterloo

Antwerpen Uni bans video app Zoom – city of Antwerp is stupid enough to keep using it

Posted on by

De Universiteit Antwerpen verbiedt het gebruik van videobelapp Zoom. De applicatie zou niet veilig genoeg en de universiteit wil geen risico’s nemen nadat men vorig jaar al eens het slachtoffer is geworden van een cyberaanval.

Ook Google en de Amerikaanse ruimtevaartorganisatie NASA namen onlangs het besluit om Zoom niet meer te gebruiken.

Bij de stad Antwerpen wordt Zoom nog volop gebruikt. ‘Door het nemen van gepaste veiligheidsmaatregelen en gebruikmakend van de beveiligingsopties van Zoom zelf werden onnodige risico’s vermeden’, zegt woordvoerder Dirk Delechambre.

Source: Universiteit Antwerpen verbiedt videobelapp Zoom – Emerce

Sorry Dirk, you’re wrong. There is no “safe” way to use the app.

UK COVID-19 contact tracing app data may be kept for ‘research’ after crisis ends, MPs told

Posted on by

Britons will not be able to ask NHS admins to delete their COVID-19 tracking data from government servers, digital arm NHSX’s chief exec Matthew Gould admitted to MPs this afternoon.

Gould also told Parliament’s Human Rights Committee that data harvested from Britons through NHSX’s COVID-19 contact tracing app would be “pseudonymised” – and appeared to leave the door open for that data to be sold on for “research”.

The government’s contact-tracing app will be rolled out in Britain this week. A demo seen by The Register showed its basic consumer-facing functions. Key to those is a big green button that the user presses to send 28 days’ worth of contact data to the NHS.

Screenshot of the NHSX covid-19 contact tracing app

Screenshot of the NHSX COVID-19 contact tracing app … Click to enlarge

Written by tech arm NHSX, Britain’s contact-tracing app breaks with international convention by opting for a centralised model of data collection, rather than keeping data on users’ phones and only storing it locally.

In response to questions from Scottish Nationalist MP Joanna Cherry this afternoon, Gould told MPs: “The data can be deleted for as long as it’s on your own device. Once uploaded all the data will be deleted or fully anonymised with the law, so it can be used for research purposes.”

Source: UK COVID-19 contact tracing app data may be kept for ‘research’ after crisis ends, MPs told • The Register

Why smartphones are digital truth serum

Posted on by

Do smartphones alter what people are willing to disclose about themselves to others? A new study in the Journal of Marketing suggests that they might. The research indicates that people are more willing to reveal about themselves online using their smartphones compared to desktop computers. For example, Tweets and reviews composed on smartphones are more likely to be written from the perspective of the first person, to disclose negative emotions, and to discuss the writer’s private family and personal friends. Likewise, when consumers receive an online ad that requests personal information (such as and income), they are more likely to provide it when the request is received on their smartphone compared to their desktop or laptop computer.

Why do smartphones have this effect on behavior? Melumad explains that “Writing on one’s smartphone often lowers the barriers to revealing certain types of sensitive information for two reasons; one stemming from the unique form characteristics of phones and the second from the emotional associations that consumers tend to hold with their device.” First, one of the most distinguishing features of phones is the small size; something that makes viewing and creating content generally more difficult compared with desktop computers. Because of this difficulty, when writing or responding on a smartphone, a person tends to narrowly focus on completing the task and become less cognizant of external factors that would normally inhibit self-disclosure, such as concerns about what others would do with the information. Smartphone users know this effect well—when using their phones in public places, they often fixate so intently on its content that they become oblivious to what is going on around them.

The second reason people tend to be more self-disclosing on their phones lies in the feelings of comfort and familiarity people associate with their phones. Melumad adds, “Because our smartphones are with us all of the time and perform so many vital functions in our lives, they often serve as ‘adult pacifiers’ that bring feelings of comfort to their owners.” The downstream effect of those feelings shows itself when people are more willing to disclose feelings to a close friend compared to a stranger or open up to a therapist in a comfortable rather than uncomfortable setting. As Meyer says, “Similarly, when writing on our phones, we tend to feel that we are in a comfortable ‘safe zone.’ As a consequence, we are more willing to open up about ourselves.”

The data to support these ideas is far-ranging and includes analyses of thousands of social media posts and online reviews, responses to web ads, and controlled laboratory studies. For example, initial evidence comes from analyses of the depth of self-disclosure revealed in 369,161 Tweets and 10,185 restaurant reviews posted on TripAdvisor.com, with some posted on PCs and some on smartphones.? Using both automated natural-language processing tools and human judgements of self-disclosure, the researchers find robust evidence that -generated content is indeed more self-disclosing. Perhaps even more compelling is evidence from an analysis of 19,962 “call to action” web ads, where consumers are asked to provide private information.

Consistent with the tendency for smartphones to facilitate greater self-disclosure, compliance was systematically higher for ads targeted at smartphones versus PCs.

The findings have clear and significant implications for firms and consumers. One is that if a firm wishes to gain a deeper understanding of the real preferences and needs of consumers, it may obtain better insights by tracking what they say and do on their smartphones than on their desktops. Likewise, because more self-disclosing content is often perceived to be more honest, firms might encourage consumers to post reviews from their personal devices. But therein lies a potential caution for —these findings suggest that the device people use to communicate can affect what they communicate. This should be kept in mind when thinking about the device one is using when interacting with firms and others.

Source: Why smartphones are digital truth serum

OK, Landlord: If Copyright Supporters Are Going To Insist Copyright Is Property, Why Are They So Mad About Being Called Landlords?

Posted on by

Law professor Brian Frye has spent the last month or so making a really important point regarding the never-ending “is copyright property” debate — saying that if copyright is property, then copyright holders should be seen and treated as landlords. This whole approach can be summed up in the slightly snarky and trollish phrase: “OK, Landlord” used to respond to all sorts of nonsensical takes in support of more egregious copyright policies:

Like everyone, the copyright cops want to have their cake and eat it too. They claim that copyright is a kind of property, so the law should protect it just like any other kind of property. But they also claim that authors are morally entitled to copyright ownership because of their special contribution to society. I find both claims uncompelling, but in any case, they can’t have it both ways. If copyright is a property right, they have to own it and can’t claim the moral high ground.

What’s been most telling about this useful analogy is just how angry it seems to make copyright holders and copyright-system supporters. They react very negatively to the suggestion that they are “landlords” and any money they make from copyright licensing is a form of “rent.” But if you’re going to claim that your copyright is profit, then, well, the landlord moniker fits.

But the copyright cops persist, insisting that copyright is property, so copyright owners are entitled to the entire value of the works they create because that’s what property means. Accordingly, copying a work of authorship without permission is theft, even though it only increases the number of copies, because the copyright owner didn’t profit. And even consuming a work of authorship without permission is wrong because copyright owners are entitled to profit from every use of the work they own.

The circularity of these claims should be obvious: copyright is property because copyright owners receive exclusive rights, and copyright owners receive exclusive rights because copyright is property. But let’s run with it. Okay, copyright is property and copyright owners are property owners. Why are copyright owners entitled to profit from the use of their property?

Because they’re landlords. Copyright owners want to own the property metaphor? Then, let ‘em own it. If copyright is property, then they are landlords and copyright profits are rent. Just like landlords, copyright owners simply make a capital investment in creating or acquiring a property, then sit back and wait for the profits to roll in.

As Frye notes, the whole idea that copyright holders are landlords (even as they claim that they are holding property that you need to pay them to use), shows the sort of emotional trickery that copyright holders use in also claiming some sort of moral right to their works as “creators.” They’re picking and choosing which arguments to use when — and, have long tried to imbue some sort of magical mystical status on holding the copyright to creativity (which is often quite different than creating itself).

Of course, the real issue at play is that many of the most vocal copyright system supporters want to believe that they’re “artists” who are fighting the system and speaking for the oppressed… and being a “landlord” who is renting out their property goes against that self-image. But as Frye notes, they can’t really have it both ways. If they want to declare that they have property rights, they should be perfectly find with recognizing that they are the current landlords for that “property.”

Source: OK, Landlord: If Copyright Supporters Are Going To Insist Copyright Is Property, Why Are They So Mad About Being Called Landlords? | Techdirt

Scientists can 3D print insect-like robots in minutes

Posted on by

It might soon be relatively trivial to make soft robots — at least, if you have a 3D printer handy. UC San Diego researchers have devised a way to 3D-print insect-like flexible robots cheaply, quickly and without using exotic equipment. The trick was to print “flexoskeletons,” or rigid materials 3D-printed on to flexible and thin polycarbonate sheets. Much like insects, there are features that increase rigidity only in specific areas — a contrast with conventional soft robots that often have soft features tacked on to solid bodies.

Each flexoskeleton component takes about 10 minutes to print, and a completely assembled bot should be ready in less than two hours. An individual part costs less than $1 — the processing power, sensors and battery are likely to be the most expensive parts.

This will initially help researchers build robots quickly and easily, but the final aim is to mass-produce robots without human involvement. That could lead to robot swarms that can accomplish tasks at least as well as large, monolithic machines, but with lower costs and less risk.

Source: Scientists can 3D print insect-like robots in minutes | Engadget

The Dot Org Sale Has Been Rejected – now what?

Posted on by

When I began writing about the dot-org sale, it was out of concern for the loss of what I felt strongly was long understood to be a unique place in the Internet’s landscape. Like a national park, dot-org deserved special protection. It turns out lots of people and organizations agreed.

On April 30th, 2020, The ICANN Board upheld these values. They unanimously withheld consent for a change of control of the Public Interest Registry to a private equity firm. There were real questions about public support, financial stability and ultimately about whether the proposal was in the best interest of those most affected, dot-org domain owners.

Ethos, PIR and ISOC failed to respond to any in a convincing manner. They failed to gather any material support for their approach. As of today, the #savedotorg campaign has nearly 27,000 supporters and 2,000 nonprofits behind it. It dwarfs any campaign Internet governance has ever seen. There’s no way to de-legitimize such an outpouring of concern.

[…]

ISOC and PIR’s announcements seem to imply that things will simply go back to the way they were. PIR will continue to run dot-org and ISOC will continue to do what it does. This is the same kind of magical thinking that led to the idea that dot-org could be sold to a private equity firm. It is not grounded in the reality of how decisions that impact massive global communities are made.

Here’s what needs to be done:

First, ISOC and PIR leadership must recognize and apologize for the harm and uncertainty that they have caused both nonprofits and Internet governance. There never should have needed to be a #savedotorg campaign, because dot-org should never have been put at risk.

Second, The ISOC board should invite the leadership of the organizations that led the #SaveDotOrg campaign to an open dialogue to understand their concerns and priorities for the future of dot-org. This dialogue should recognize that it may be agreed that ISOC and PIR may no longer be the appropriate stewards for dot-org.

Third, the leadership of the #SaveDotOrg campaign needs to recognize that this was a closeted decision by a few actors, taken in secret. There are many skilled professionals that work at both PIR and ISOC. While ISOC and PIR may have to change dramatically, solutions must be sought that consider the value and future of these organizations, their staff, and their members.

Fourth, all parties should agree to work together with ICANN to chart a course of action that builds confidence and faith in the multi-stakeholder model of Internet governance. While there are many challenges with this model, one being how messy it seems, in the end the right decisions were taken. We must all come together to defend the model that has built and will continue to sustain a single global Internet.

Source: The Dot Org Sale Has Been Rejected – savedotorg – Medium

Facebook releases Blender AI Chatbot sources

Posted on by

  • Facebook AI has built and open-sourced Blender, the largest-ever open-domain chatbot. It outperforms others in terms of engagement and also feels more human, according to human evaluators.

  • The culmination of years of research in conversational AI, this is the first chatbot to blend a diverse set of conversational skills — including empathy, knowledge, and personality — together in one system.

  • We achieved this milestone through a new chatbot recipe that includes improved decoding techniques, novel blending of skills, and a model with 9.4 billion parameters, which is 3.6x more than the largest existing system.

  • Today we’re releasing the complete model, code, and evaluation set-up, so that other AI researchers will be able to reproduce this work and continue to advance conversational AI research.

[…]

As the culmination of years of our research, we’re announcing that we’ve built and open-sourced Blender, the largest-ever open-domain chatbot. It outperforms others in terms of engagement and also feels more human, according to human evaluators. This is the first time a chatbot has learned to blend several conversational skills — including the ability to assume a persona, discuss nearly any topic, and show empathy — in natural, 14-turn conversation flows. Today we’re sharing new details of the key ingredients that we used to create our new chatbot.

Some of the best current systems have made progress by training high-capacity neural models with millions or billions of parameters using huge text corpora sourced from the web. Our new recipe incorporates not just large-scale neural models, with up to 9.4 billion parameters — or 3.6x more than the largest existing system — but also equally important techniques for blending skills and detailed generation.

[…]

We’re currently exploring ways to further improve the conversational quality of our models in longer conversations with new architectures and different loss functions. We’re also focused on building stronger classifiers to filter out harmful language in dialogues. And we’ve seen preliminary success in studies to help mitigate gender bias in chatbots.

True progress in the field depends on reproducibility — the opportunity to build upon the best technology possible. We believe that releasing models is essential to enable full, reliable insights into their capabilities. That’s why we’ve made our state of the art open-domain chatbot publicly available through our dialogue research platform ParlAI. By open-sourcing code for fine-tuning and conducting automatic and human evaluations, we hope that the AI research community can build on this work and collectively push conversational AI forward.

 

Read the paper here.

 

Get the code here.

Source: A state-of-the-art open source chatbot

AI can’t be legally credited as an inventor, says US Patent Office

Posted on by

Artificial intelligence has myriad use cases, but it turns out inventing devices isn’t one of them — at least in the eyes of the US Patent and Trademark Office. The agency issued a decision on two patent applications for devices created by an AI system, determining that only humans can legally be credited as inventors.

The items in question — an emergency flashlight and a shape-shifting drink container — were the brainchildren of a system called DABUS. The Artificial Inventor Project filed the applications last year on behalf of the AI’s creator, Stephen Thaler. AIP lawyers argued that, since Thaler didn’t have any expertise in either of those types of products and couldn’t have come up with them by himself, DABUS should be the credited inventor.

The USPTO wasn’t buying it. The agency noted that US patent law uses pronouns and language such as “whoever” to refer to inventors. It wrote that “only natural persons may be named as an inventor in a patent application” as the law stands. The UK Intellectual Property Office and the European Patent Office previously rejected AIP applications on similar grounds, despite their belief that the devices were patent-worthy.

There was no suggestion, however, that DABUS itself might obtain any patents. Thaler himself was the applicant. “Machines should not own patents,” the AIP says on its website. “They do not have legal personality or independent rights, and cannot own property.”

Source: AI can’t be legally credited as an inventor, says USPTO | Engadget

However, patent rights can extend to the relatives of a dead person? I’m pretty sure dead people have no legal personality and can’t own property either

Virgin Galactic’s spaceship flies from its new home base for the first time

Posted on by

The pieces are finally starting to come together for Virgin Galactic’s space tourism — the company has flown SpaceShipTwo from Spaceport America for the first time. It was just a glide test from 50,000 feet up, but the flight let the spaceport fulfill its intended purpose and gave pilots familiarity with the New Mexico airspace. This will also help Virgin compare performance against similar maneuvers from earlier tests.

And before you ask: yes, Virgin took steps to keep crews safe during the COVID-19 pandemic. It reworked operational elements to keep people apart, and required “universal” mask usage.

There are still more test flights in the pipeline. Even so, this nudges Virgin considerably closer to its goal of taking paying passengers into space. The company is certainly under pressure to get things up and running quickly. Its financial situation has been rough for a while, and it won’t turn around until customers get what they’re paying for.

Source: Virgin Galactic’s spaceship flies from its new home base for the first time | Engadget

Trolls, bots flooding social media with anti-quarantine disinformation

Posted on by

Christopher Bouzy, the founder of bot tracking platform Bot Sentinel, conducted a Twitter analysis for Business Insider and found bots and trolls are using hashtags like #ReOpenNC, #ReopenAmericaNow, #StopTheMadness, #ENDTHESHUTDOWN, and #OperationGridlock to spread disinformation. According to Bouzy, the bots and trolls are spreading conspiracy theories about Democrats wanting to hurt the economy to make Trump look bad, Democrats trying to take away people’s civil liberties, and Democrats trying to prevent people from voting. The accounts are also using false data to underplay the threat of the coronavirus.

[…]

“Inauthentic accounts are amplifying disinformation and inaccurate statistics and sharing false information as a reason to reopen the country,” Bouzy says. “Many of these accounts are also spreading bizarre conspiracy theories about Democrats using COVID-19 as a way to take away American freedoms and prevent Americans from voting.”

[…]

“Inauthentic accounts are downplaying the seriousness of COVID-19, and they sharing inaccurate information about the mortality rate of the virus. The problem is significant because many of these inauthentic accounts are retweeted by other larger accounts, which increases their reach and visibility.”

According to the New York Times, Chinese operatives spread claims on social media in mid-March that the Trump administration was going to lock down the entire country and enforce this lockdown with soldiers on the streets. The White House’s National Security Council later tweeted that these claims were false. That was just some of the disinformation that’s been spread on social media by inauthentic sources.

[…]

Brooke Binkowski, managing editor of the fact-checking website Truth or Fiction and former managing editor of Snopes, tells Business Insider that the media has been struggling with its coverage of the protests, which she says are “completely inauthentic and coordinated.”

“Journalists are largely missing that fact in their bids to find ‘other sides to the story,'” Binkowski says.

[…]

She believes that the disinformation is being spread by trolls and bots but also by “useful idiots.”

“Empowering violent extremists is a very old method for collapsing unstable states,” Binkowski says. “This is the end result of weaponized disinformation — it’s doing its job. It would have been the virus or it would have been something like a fire, or a hurricane, or an earthquake. But disinformation purveyors are nothing if not opportunistic.”

Source: Trolls, bots flooding social media with anti-quarantine disinformation – Business Insider

New Firefox service will generate unique email aliases to enter in online forms

Posted on by

Browser maker Mozilla is working on a new service called Private Relay that generates unique aliases to hide a user’s email address from advertisers and spam operators when filling in online forms.

The service entered testing last month and is currently in a closed beta, with a public beta currently scheduled for later this year, ZDNet has learned.

Private Relay will be available as a Firefox add-on that lets users generate a unique email address — an email alias — with one click.

The user can then enter this email address in web forms to send contact requests, subscribe to newsletters, and register new accounts.

“We will forward emails from the alias to your real inbox,” Mozilla says on the Firefox Private Relay website.

“If any alias starts to receive emails you don’t want, you can disable it or delete it completely,” the browser maker said.

The concept of an email alias has existed for decades, but managing them has always been a chore, or email providers didn’t allow users access to such a feature.

Through Firefox Private Relay, Mozilla hopes to provide an easy to use solution that can let users create and destroy email aliases with a few button clicks.

Source: New Firefox service will generate unique email aliases to enter in online forms | ZDNet

Tesla shares fall on Elon Musk “stock price too high” tweet

Posted on by

CEO Elon Musk tweeted Friday that the company’s stock price was “too high” in his opinion, immediately sending shares into a free fall and in possible violation of an agreement reached with the U.S. Securities and Exchange Commission last year.

Tesla shares fell nearly 12% in the half hour following his stock price tweets — just one of many sent out in rapid fire that covered everything from demands to “give people back their freedom” and lines from the U.S. National Anthem to quotes from poet Dylan Thomas and a claim that he will sell all of his possessions.

The SEC declined to comment on whether this was a violation of a settlement agreement. Tesla did not respond to a request for comment. Musk did tell the Wall Street Journal in an email that he was not joking and that his tweets were not vetted in advance, a condition in the prior agreement reached with the SEC.

The meltdown on Twitter occurred as SpaceX — Musk’s other company — participated in a live press conference on one of its most important missions ever.

Musk’s tweet comes almost exactly a year after he reached a settlement agreement with the U.S. Securities and Exchange Commission that gave the CEO freedom to use Twitter —within certain limitations — without fear of being held in contempt for violating an earlier court order.

Source: Tesla shares fall on Elon Musk “stock price too high” tweet | TechCrunch

Elon Musk Tweets ‘FREE AMERICA NOW’ As His Coronavirus Predictions Prove Very Wrong

Posted on by

Billionaire Elon Musk, America’s dumbest smart guy, spent the night tweeting about how America needs to “reopen” its economy, despite Musk’s failed predictions about the trajectory of the coronavirus crisis. A month ago, Musk insisted that new coronavirus cases in the U.S. would be “close to zero” by the end of April. Well, it’s the end of April, and the country is still reporting over 20,000 new cases per day, according to the CDC.

“FREE AMERICA NOW,” Musk tweeted overnight after sending out news articles about plans to relax social distancing restrictions in various parts of the U.S., the country with the highest number of coronavirus deaths in the world by far.

“Give people their freedom back!” Musk wrote in another tweet that linked to a Wall Street Journal opinion piece by millionaire T.J. Rodgers. The 72-year-old libertarian held up Sweden’s relaxed lockdown rules as a relative success because, “Older people in care homes accounted for half of Sweden’s deaths.”

“Bravo Texas!” Musk exclaimed in yet another tweet overnight about how Texas plans to reopen restaurants, malls, and movie theaters on Friday. Texas has seen at least 690 coronavirus deaths, though the real number is believed by experts to be much higher.

Musk also agreed with a pro-Trump conspiracy theorist overnight who tweeted, “The scariest thing about this pandemic is not the virus itself, it’s seeing American so easily bow down & give up their blood bought freedom to corrupt politicians who promise them safety.” Musk simply replied, “True.”

The U.S. has identified at least 1,012,583 cases of covid-19 and 58,355 deaths as of Wednesday morning, according to the Johns Hopkins University coronavirus tracker. And those numbers are expected to rise if the social distancing restrictions denounced by Musk are lifted too early, according to the latest projections by the CDC. But over the past few months, Musk has shown he’s not the guy you want to be taking advice from during this worldwide pandemic.

[…]

The 48-year-old entrepreneur has been skeptical, if we can call it that, of the coronavirus pandemic from the beginning. On March 6, Musk tweeted “The coronavirus panic is dumb” and on March 19, he tweeted “kids are essentially immune” to the disease, something that’s objectively not true. As just one example, the 5-month-old daughter of a New York City firefighter died this past weekend of the novel coronavirus.

In case it wasn’t clear, Elon Musk is not volunteering to die for the economy. He’s volunteering his workers and your kids to act as guinea pigs for a disease that we still know very little about. The CDC just added six new coronavirus symptoms for diagnosing the disease, and we’re learning that most patients who’ve required hospitalization in New York have not had fevers. That’s counter to everything we thought we knew about the virus just a couple of months ago. In fact, you couldn’t get a covid-19 test in the U.S. without a fever and it’s not clear that you’d even be able to get one today if you don’t register a high body temperature.

As long as Musk has got a Twitter account, he’ll continue spewing his most ill-informed thoughts to the world in the middle of the night. And given a recent court ruling in his favor, let’s just hope he doesn’t start calling anyone with the virus a pedophile. It’s really the best we can hope for these days.

Source: Elon Musk Tweets ‘FREE AMERICA NOW’ As His Coronavirus Predictions Prove Very Wrong

Brave accuses European governments of GDPR resourcing failure

Posted on by

Brave, a maker of a pro-privacy browser, has lodged complaints with the European Commission against 27 EU Member States for under resourcing their national data protection watchdogs.

It’s asking the European Union’s executive body to launch an infringement procedure against Member State governments, and even refer them to the bloc’s top court, the European Court of Justice, if necessary.

“Article 52(4) of the GPDR [General Data Protection Regulation] requires that national governments give DPAs the human and financial resources necessary to perform their tasks,” it notes in a press release.

Brave has compiled a report to back up the complaints — in which it chronicles a drastic shortage of tech expertise and budget resource among Europe’s privacy agencies to enforce the region’s data protection framework.

Lack of proper resource to ensure the regulation’s teeth are able to clamp down on bad behavior — as the law drafters’ intended — has been a long standing concern.

In the Irish data watchdog’s annual report in February — AKA the agency that regulates most of big tech in Europe — the lack of any decisions in major cross-border cases against a roll-call of tech giants loomed large, despite plenty of worthy filler, with reams of stats included to illustrate the massive case load of complaints the agency is now dealing with.

Ireland’s decelerating budget and headcount in the face of rising numbers of GDPR complaints is a key concern highlighted by Brave’s report.

Per the report, half of EU data protection agencies have what it dubs a small budget (sub €5M), while only five of Europe’s 28 national GDPR enforcers have more than 10 “tech specialists”, as it describes them.

“Almost a third of the EU’s tech specialists work for one of Germany’s Länder (regional) or federal DPAs,” it warns. “All other EU countries are far behind Germany.”

“Europe’s GDPR enforcers do not have the capacity to investigate Big Tech,” is its top-line conclusion.

“If the GDPR is at risk of failing, the fault lies with national governments, not with the data protection authorities,” said Dr Johnny Ryan, Brave’s chief policy & industry relations officer, in a statement. “Robust, adversarial enforcement is essential. GDPR enforcers must be able to properly investigate ‘big tech’, and act without fear of vexatious appeals. But the national governments of European countries have not given them the resources to do so. The European Commission must intervene.”

It’s worth noting that Brave is not without its own commercial interest here. It absolutely has skin in the game, as a provider of privacy-sensitive adtech.

[…]

Source: Brave accuses European governments of GDPR resourcing failure | TechCrunch

ThinkPad’s Iconic Nub and Keyboard Comes to Your Desktop – but not mechanical

Posted on by

ThinkPad’s keyboards have a fiercely loyal following, and for $100 you can keep using the design that time forgot with this detached wireless version that will work any other laptop or computer.

The ThinkPad TrackPoint Keyboard II is now available on Lenovo’s website, and it looks like a piece of hardware that dates back over 25 years to the early ‘90s. In 1992, IBM, the company that created the ThinkPad laptop, introduced the TrackPoint which was a small rubber nub embedded in the middle of the keyboard that was used to move the cursor around. There are those who hated it, but more than enough that loved it for Lenovo (who purchased IBM’s PC division in 2005) to continue to offer the TrackPoint on its current laptop lineup, alongside a touchpad.

Illustration for article titled Lenovos Wireless Keyboard Puts the ThinkPads Iconic Nub on Your Desk
Photo: Lenovo

But you won’t find a touchpad on the ThinkPad TrackPoint Keyboard II—it’s TouchPoint only, with a trio of mouse buttons located just below the space bar. There’s nothing stopping you from using a mouse alongside it, but the small nub means you can still navigate a cursor-driven user interface if you don’t have a lot of desk space at your disposal or you are using the keyboard on your lap.

It connects to other devices using an included wireless USB dongle or Bluetooth, meaning it can be used with mobile devices as well. But unlike previous versions, it can’t be tethered to another device with a cord. Its USB-C port is used for charging only, which really only has to be done about every two months, depending on usage. Keyboard snobs might still want to pass on this one, however, because hidden beneath the contoured chiclet-style keys you’ll find scissor-switches instead of a more complex mechanical switch.

Source: ThinkPad’s Iconic Nub Comes to Your Desktop

Three things in life are certain: Death, taxes, and cloud-based IoT gear bricked by vendors. Looking at you, Belkin

Posted on by

Oh look, here’s another cautionary tale about buying cloud-based IoT kit. On 29 May, global peripheral giant Belkin will flick the “off” switch on its Wemo NetCam IP cameras, turning the popular security devices into paperweights.

It’s not unusual for a manufacturer to call time on physical hardware. Like software, it has a lifespan where, afterwards, it’s deemed not economically viable for the vendor to continue providing support.

But this is a little different, because Belkin isn’t merely ending support. It also plans to decommission the cloud services required for its Wemo NetCam devices to actually work.

“Although your Wemo NetCam will still connect to your Wi-Fi network, without these servers you will not be able to view the video feed or access the security features of your Wemo NetCam, such as Motion Clips and Motion Notifications,” Belkin said on its official website.

“If you use your Wemo NetCam as a motion sensor for your Wemo line of products, it will no longer provide this functionality and will be removed as an option from your Wemo app,” the company added.

Adding insult to injury, the ubiquitous consumer network gear maker only plans to refund customers with active warranties, which excludes anyone who bought their device more than two years ago. The window to submit requests is open from now until 30 June.

Source: Three things in life are certain: Death, taxes, and cloud-based IoT gear bricked by vendors. Looking at you, Belkin • The Register

Apple chucks $3 at iPhone users after killing FaceTime on iOS 6 because it didn’t want to pay connectivity charges after 6 year legal fight

Posted on by

Apple has agreed to settle a class-action lawsuit brought by folks upset the iGiant broke FaceTime overnight on millions of iPhones. The settlement amounts to a few bucks a device, meaning the Cupertino giant almost certainly made a net profit in the process.

This week the Tim Cook-led corporation said it would pay $18m [PDF] into a fund to compensate the estimated 3.6 million people living in California for whom the video-conferencing app suddenly stopped working on their iOS 6 smartphones in April 2014.

The $18m sum is a third of the fair compensation the lawsuit’s claimants had calculated. Apple had made it plain it would aggressively fight the case for years, though, and so a decision was taken to settle for a lower sum. After all, Apple has been battling for more than a decade a separate legal claim that ultimately led to the FaceTime breakage, and is still firing away even after the US Supreme Court snubbed it.

About half of the settlement money will foot lawyers’ bills and pay a company to disburse tiny checks to people, possibly as low as $2.44 to $3 per Californian, depending on how many claim. If there is any good news, it’s the fact those eligible won’t have to apply for it, but should receive e-checks to their email addresses: Apple estimates that it has the details for 90 per cent of those eligible, and we suspect the remaining 10 per cent won’t bother to collect.

The two people who brought the case, Christina Grace and Ken Potter, had four in-person mediation sessions and spent three years and countless hours trying to drag compensation out of Apple for killing FaceTime. They will get $7,500 apiece.

Meanwhile, the lawyers – Steyer Lowenthal Boodrookas and Smith in San Francisco and Pearson, Smith and Warshaw in Los Angeles – will get up to $7.9m, and the check disbursement company Epiq Systems will get $1.4m. No surprises there.

Apple changed the way FaceTime worked in 2014 because a court found the software infringed VirnetX’s patents, and Apple had been ordered to pay $368m. FaceTime was revised to avoid those patents, and a new version was pushed out in an operating system update, iOS 7.

Go slow

However, millions of iPhone owners chose not to update their smartphones because iOS 7 was resource hungry and slowed down their handsets, so they stayed on iOS 6. In order to avoid continuing to infringe VirnetX’s patents before iOS 7 was released, Apple had stopped using a peer-to-peer technique for routing calls, and instead put some FaceTime calls through a relay run by Akamai. But that relay cost Apple money.

And so, after iOS 7 was released, Apple let a digital certificate expire that killed FaceTime for anyone using iOS version 6 or lower, and thus there was no longer a need to operate and pay for the relay. Everyone was expected to upgrade to the non-infringing FaceTime in iOS 7, which didn’t need the Akamai’s system.

Apple claimed at the time this sudden loss of connectivity was a “bug,” and that users should upgrade to iOS 7 to fix the knackered chat app. But internal documents suggest that Apple knowingly broke FaceTime because it was costing it money. “Our users on [iOS 6] are basically screwed,” an Apple engineer noted in an internal email quoted in the lawsuit.

Source: Apple chucks $3 at iPhone users after killing FaceTime on iOS 6 because it didn’t want to pay connectivity charges • The Register

Zoom admits it doesn’t have 300 million users, corrects misleading claims

Posted on by

Zoom has admitted it doesn’t have 300 million daily active users. The admission came after The Verge noticed the company had quietly edited a blog post making the claim earlier this month. Zoom originally stated it had “more than 300 million daily users” and that “more than 300 million people around the world are using Zoom during this challenging time.” Zoom later deleted these references from the original blog post, and now claims “300 million daily Zoom meeting participants.”

The difference between a daily active user (DAU) and “meeting participant” is significant. Daily meeting participants can be counted multiple times: if you have five Zoom meetings in a day then you’re counted five times. A DAU is counted once per day, and is commonly used by companies to measure service usage. Only counting meeting participants is an easy, somewhat misleading, way to make your platform usage seem larger than it is.

The misleading blog was edited on April 24th, a day after the numbers made headlines worldwide. After The Verge reached out for comment from Zoom, the company added a note to the blog post admitting the error yesterday, and provided the following statement:

“We are humbled and proud to help over 300 million daily meeting participants stay connected during this pandemic. In a blog post on April 22, we unintentionally referred to these participants as “users” and “people.” When we realized this error, we adjusted the wording to “participants.” This was a genuine oversight on our part.”

Zoom’s growth has been impressive, but the company has not actually provided a daily active user count. Zoom usage has soared from 10 million daily meeting participants back in December to 300 million this month. Rivals like Microsoft Teams and Google Meet appear to be closing the gap, though. Microsoft said yesterday it now has 75 million daily active users of Teams, a jump from 70 percent in a month. Microsoft also recorded 200 million meeting participants in a single day this month.

Google Meet is adding roughly 3 million new users each day, and hit over 100 million daily Meet meeting participants recently. Cisco also revealed earlier this month that it has a total of 300 million Webex users, and saw sign-ups close to 240,000 in a 24-hour period. Cisco has not yet provided daily meeting participant numbers, or daily active user counts.

Google, Microsoft, Facebook, and others are still chasing Zoom with new features and free services. Google made its Meet service free this week, and both Microsoft and Google have increased how many people you can see simultaneously in response to Zoom’s popular gallery view.

Source: Zoom admits it doesn’t have 300 million users, corrects misleading claims – The Verge

Surprise surprise, Xiaomi web browser and music player are sending data about you to China

Posted on by

When he looked around the Web on the device’s default Xiaomi browser, it recorded all the websites he visited, including search engine queries whether with Google or the privacy-focused DuckDuckGo, and every item viewed on a news feed feature of the Xiaomi software. That tracking appeared to be happening even if he used the supposedly private “incognito” mode.

The device was also recording what folders he opened and to which screens he swiped, including the status bar and the settings page. All of the data was being packaged up and sent to remote servers in Singapore and Russia, though the Web domains they hosted were registered in Beijing.

Meanwhile, at Forbes’ request, cybersecurity researcher Andrew Tierney investigated further. He also found browsers shipped by Xiaomi on Google Play—Mi Browser Pro and the Mint Browser—were collecting the same data. Together, they have more than 15 million downloads, according to Google Play statistics.

[…]

And there appear to be issues with how Xiaomi is transferring the data to its servers. Though the Chinese company claimed the data was being encrypted when transferred in an attempt to protect user privacy, Cirlig found he was able to quickly see just what was being taken from his device by decoding a chunk of information that was hidden with a form of easily crackable encoding, known as base64. It took Cirlig just a few seconds to change the garbled data into readable chunks of information.

“My main concern for privacy is that the data sent to their servers can be very easily correlated with a specific user,” warned Cirlig.

[…]

But, as pointed out by Cirlig and Tierney, it wasn’t just the website or Web search that was sent to the server. Xiaomi was also collecting data about the phone, including unique numbers for identifying the specific device and Android version. Cirlig said such “metadata” could “easily be correlated with an actual human behind the screen.”

Xiaomi’s spokesperson also denied that browsing data was being recorded under incognito mode. Both Cirlig and Tierney, however, found in their independent tests that their web habits were sent off to remote servers regardless of what mode the browser was set to, providing both photos and videos as proof.

[…]

Both Cirlig and Tierney said Xiaomi’s behavior was more invasive than other browsers like Google Chrome or Apple Safari. “It’s a lot worse than any of the mainstream browsers I have seen,” Tierney said. “Many of them take analytics, but it’s about usage and crashing. Taking browser behavior, including URLs, without explicit consent and in private browsing mode, is about as bad as it gets.”

[…]

Cirlig also suspected that his app use was being monitored by Xiaomi, as every time he opened an app, a chunk of information would be sent to a remote server. Another researcher who’d tested Xiaomi devices, though was under an NDA to discuss the matter openly, said he’d seen the manufacturer’s phone collect such data. Xiaomi didn’t respond to questions on that issue.

[…]

Late in his research, Cirlig also discovered that Xiaomi’s music player app on his phone was collecting information on his listening habits: what songs were played and when.

Source: Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use

It’s a bit of a puff piece, as American software also records all this data and sends it home. The article also seems to suggest that the whole phone is always sending data home, but only really talks about the browser and a music player app. So yes, you should have installed Firefox and used that as a browser as soon as you got the phone, but that goes for any phone that comes with Safari or Chrome as a browser too. A bit of anti Chinese storm in a teacup

Sense prevails over money! ICANN finally halts $1.1bn sale of .org registry, says it’s ‘the right thing to do’ after months of controversy

Posted on by

ICANN has vetoed the proposed $1.1bn sale of the .org registry to an unknown private equity firm, saying this was “the right thing to do.”

The DNS overseer has been under growing pressure to use its authority to refuse the planned transfer of the top-level domain from the Internet Society to Ethos Capital, most recently from the California Attorney General who said the deal “puts profits above the public interest.”

ICANN ultimately bowed to the US state’s top lawyer when it concluded today it “finds the public interest is better served in withholding consent.”

It gave several factors, all of which were highlighted by Attorney General Xavier Becerra as reasons to reject it: the fact that the sale would see the registry – which has long served non-profit organizations – turn from a non-profit itself into a for-profit vehicle; that Ethos Capital was a “wholly different form of entity” to the Internet Society; that the $360m in debt that was being used to finance the deal “raises further question about how the .org registrants will be protected”; and that the measures that Ethos Capital had put in place following an outcry were “untested.”

The decision will likely spark a mixture of relief and celebration from millions of .org domain holders, including some of the world’s largest non-profit organizations, many of which were certain that their long-standing online addresses were going to be milked for profit by an organization that never fully revealed who its directors or investors were.

Source: ICANN finally halts $1.1bn sale of .org registry, says it’s ‘the right thing to do’ after months of controversy • The Register

annoying Netsweeper internet filter comes with a pre-auth remote-command execution hole and there’s no patch

Posted on by

Netsweeper’s internet filter has a nasty security vulnerability that can be exploited to hijack the host server and tamper with lists of blocked websites. There are no known fixes right now.

For those unfamiliar, Netsweeper makes software that monitors and blocks connections to undesirable websites and servers. It’s aimed at parents, schools, government offices, and companies. It has a lot of customers in the Middle East, where it’s used to prevent access to content not meant for the local populace, according to investigative Canadian non-profit Citizen Lab.

The flaw, yet to be given a CVE number, was discovered by an anonymous researcher, and documented this week by SecuriTeam Secure Disclosure team leader Noam Rathaus. The bug is present in the web-based Netsweeper administration tool versions 6.4.3 and earlier. It doesn’t require any authentication to exploit: if you can reach the software over the local network or public internet, you can compromise it.

What Rathaus’s source found was that the control panel’s login script, /webadmin/tools/unixlogin.php, fails to fully sanitize user-supplied data, allowing miscreants to commandeer the machine. The login script accepts three parameters: timeout, login, and password. If you set the HTTP request referer header to a specific string, such as webadmin/admin/service_manager_data.php, the login script will execute a shell script that ultimately uses the password parameter unsafely in a Python invocation.

The second parameter, $2, below is derived from the original user-supplied password, in this line in the wonky shell script:

password=$($PYTHON -c "import crypt; print crypt.crypt('$2','\$$algo\$$salt\$')")

If you supply a password that causes $2 to contain, for example…

($P>YTHON -c "import crypt; print crypt.crypt('g','');import os;os.system('id >/tmp/pwnd')#','\$$algo\$$salt\$')")

…you inject and execute a command that stores the Netsweeper software’s user ID to the file /tmp/pwnd. It’s left as an exercise for the reader to turn this remote-code execution into something malicious.

Rathaus told The Register that, in the worst case scenario, a hacker could exploit the bug to not only take over the host server, but also manipulate how users have their content filtered and delivered by Netsweeper.

“[You can] control what data they receive when they access sites and download files,” he said. “This is the worst part – as they can be made to unintentionally download malware and viruses.”

Source: What’s worse than an annoying internet filter? How about one with a pre-auth remote-command execution hole and there’s no patch?

Google’s medical AI was super accurate in a lab. Real life was a different story, so they need to tweak

Posted on by

The covid-19 pandemic is stretching hospital resources to the breaking point in many countries in the world. It is no surprise that many people hope  AI could speed up patient screening and ease the strain on clinical staff. But a study from Google Health—the first to look at the impact of a deep-learning tool in real clinical settings—reveals that even the most accurate AIs can actually make things worse if not tailored to the clinical environments in which they will work.

Existing rules for deploying AI in clinical settings, such as the standards for FDA clearance in the US or a CE mark in Europe, focus primarily on accuracy. There are no explicit requirements that an AI must improve the outcome for patients, largely because such trials have not yet run. But that needs to change, says Emma Beede, a UX researcher at Google Health: “We have to understand how AI tools are going to work for people in context—especially in health care—before they’re widely deployed.”

[…]

Google’s first opportunity to test the tool in a real setting came from Thailand. The country’s ministry of health has set an annual goal to screen 60% of people with diabetes for diabetic retinopathy, which can cause blindness if not caught early. But with around 4.5 million patients to only 200 retinal specialists—roughly double the ratio in the US—clinics are struggling to meet the target. Google has CE mark clearance, which covers Thailand, but it is still waiting for FDA approval. So to see if AI could help, Beede and her colleagues outfitted 11 clinics across the country with a deep-learning system trained to spot signs of eye disease in patients with diabetes.

In the system Thailand had been using, nurses take photos of patients’ eyes during check-ups and send them off to be looked at by a specialist elsewhere­—a process that can take up to 10 weeks. The AI developed by Google Health can identify signs of diabetic retinopathy from an eye scan with more than 90% accuracy—which the team calls “human specialist level”—and, in principle, give a result in less than 10 minutes. The system analyzes images for telltale indicators of the condition, such as blocked or leaking blood vessels.

Sounds impressive. But an accuracy assessment from a lab goes only so far. It says nothing of how the AI will perform in the chaos of a real-world environment, and this is what the Google Health team wanted to find out. Over several months they observed nurses conducting eye scans and interviewed them about their experiences using the new system. The feedback wasn’t entirely positive.

When it worked well, the AI did speed things up. But it sometimes failed to give a result at all. Like most image recognition systems, the deep-learning model had been trained on high-quality scans; to ensure accuracy, it was designed to reject images that fell below a certain threshold of quality. With nurses scanning dozens of patients an hour and often taking the photos in poor lighting conditions, more than a fifth of the images were rejected.

Patients whose images were kicked out of the system were told they would have to visit a specialist at another clinic on another day. If they found it hard to take time off work or did not have a car, this was obviously inconvenient. Nurses felt frustrated, especially when they believed the rejected scans showed no signs of disease and the follow-up appointments were unnecessary. They sometimes wasted time trying to retake or edit an image that the AI had rejected.

Because the system had to upload images to the cloud for processing, poor internet connections in several clinics also caused delays. “Patients like the instant results, but the internet is slow and patients then complain,” said one nurse. “They’ve been waiting here since 6 a.m., and for the first two hours we could only screen 10 patients.”

The Google Health team is now working with local medical staff to design new workflows. For example, nurses could be trained to use their own judgment in borderline cases. The model itself could also be tweaked to handle imperfect images better.

[…]

Source: Google’s medical AI was super accurate in a lab. Real life was a different story. | MIT Technology Review

Of course the anti ML people are using this as some sort of AI will never work kind of way, but as far as I can see these kinds of tests are necessary and seemed to have been performed with oversight, meaning there was no real risk to patients involved. Lessons were learned and will be implemented, as with all new technologies. And going public with the lessons is incredibly useful for everyone in the field.