Slashdot Mirror

"Researchers at Google have found a vulnerability in the way watermarks are used by stock imagery sites like Adobe Stock that makes it possible to remove the opaque stamp used to protect copyright," writes Khari Johnson via VentureBeat. "The consistent nature in which the watermarks are placed on photos can be exploited using an algorithm trained to recognize and automatically remove watermarks." From the report: Changing the position or opacity of a watermark do not impact the algorithm's ability to remove watermarks from images with copyright protection. Randomization, the researchers say, is required to keep images from being stolen. In results presented at the Computer Vision and Pattern Recognition conference last month, subtle modifications to each watermark can make it harder to remove watermarks. With these warped watermarks, attempts to get rid of watermarks with an algorithm or photo editing software leaves noticeable marks, rendering an image useless. "As often done with vulnerabilities discovered in operating systems, applications or protocols, we want to disclose this vulnerability and propose solutions in order to help the photography and stock image communities adapt and better protect its copyrighted content and creations," research scientists Tali Dekel and Michael Rubenstein wrote in a blog post today. "From our experiments much of the world's stock imagery is currently susceptible to this circumvention." You can learn more about the different types of randomization that can be done to combat watermark removal and see more example images in Google's blog post. The full report and research is available via the project's GitHub page.

Krystalo writes: YouTube today rolled out the ability to share videos with contacts directly in its mobile app for Android and iOS. Users can chat about shared videos using text, react with emoji, like messages with a heart, reply with other videos, and invite more friends to the conversation (up to a maximum of 30 people per group message). YouTube first started testing letting groups of users share and talk about videos in May 2016. The company then pushed the feature to Canada in January 2017 as a test, since Canadians share more videos online than any other nation. After some tweaks, the Google-owned company is now pushing it out to all its Android and iOS users. "We've been improving the feature since our experiments began last year," a YouTube spokesperson told VentureBeat. "For example, we've made changes to the chat visual; and we've made the video stick to the top of the chat when scrolling down, to allow replying and chatting while watching a video; and we'll continue making improvements." With the new update, YouTube has become yet another Google messaging app, on top of Android Messages, Allo, Duo, Hangouts Chat, and Hangouts Meet.

An anonymous reader quotes Ars Technica: Google has expelled 20 Android apps from its Play marketplace after finding they contained code for monitoring and extracting users' e-mail, text messages, locations, voice calls, and other sensitive data. The apps, which made their way onto about 100 phones, exploited known vulnerabilities to root devices running older versions of Android.... As a result, the apps were capable of surreptitiously accessing sensitive data stored, sent, or received by at least a dozen other apps, including Gmail, Hangouts, LinkedIn, and Messenger. The now-ejected apps also collected messages sent and received by Whatsapp, Telegram, and Viber, which all encrypt data in an attempt to make it harder for attackers to intercept messages while in transit... To conceal their surveillance capabilities, the apps posed as utilities for cleaning unwanted files or backing up data.
Google reports that the malicious apps also had these functions:

• Call recording
• VOIP recording
• Recording from the device microphone
• Location monitoring
• Taking screenshots
• Taking photos with the device camera(s)
• Fetching device information and files
• Fetching user information (contacts, call logs, SMS, application-specific data)

12 hours later an antivirus provider reported two more Google Play apps could surreptitiously steal text messages by downloading a malicious plugin -- and that the apps had already been downloaded at least 100,000 times.

An anonymous reader quotes a report from Ars Technica: In a blog post, YouTube outlined more specific definitions of hate speech and what kinds of incendiary content wouldn't be eligible for monetization. Three categories are classified as hate speech, with the broadest one being "hateful content." YouTube is defining this as anything that "promotes discrimination or disparages or humiliates an individual or group of people on the basis of the individual's or group's race, ethnicity, or ethnic origin, nationality, religion, disability, age, veteran status, sexual orientation, gender identity, or other characteristic associated with systematic discrimination or marginalization." The second category is "inappropriate use of family entertainment characters," which means content showing kid-friendly characters in "violent, sexual, vile, or otherwise inappropriate behavior," no matter if the content is satirical or a parody. The final category is somewhat broad: "incendiary and demeaning content" means that anything "gratuitously" demeaning or shameful toward an individual or group is prohibited. The updated guidelines are a response to creators asking YouTube to clarify what will and will not be deemed advertiser-friendly. YouTube acknowledges that its systems still aren't perfect, but it says it's doing its best to inform creators while maintaining support for advertisers. YouTube also launched a new course in its Creator Academy that creators can take to learn more about how to make "content appealing for a broad range of advertisers."

Krystalo quotes a report from VentureBeat: Google has paid security researchers millions of dollars since launching its bug bounty program in 2010. The company today expanded its Android Security Rewards program because "no researcher has claimed the top reward for an exploit chain in two years." Right. Well, the program has only been around for two years -- a Google spokesperson confirmed that nobody has ever claimed the top reward. The Android team is making two bug bounty increases today. The reward for a remote exploit chain or exploit leading to TrustZone or Verified Boot compromise has quadrupled from $50,000 to $200,000. The reward for a remote kernel exploit has quintupled from $30,000 to $150,000. Want to make six figures? Just figure out how to hack Android.

Krystalo quotes a report from VentureBeat: Google has paid security researchers millions of dollars since launching its bug bounty program in 2010. The company today expanded its Android Security Rewards program because "no researcher has claimed the top reward for an exploit chain in two years." Right. Well, the program has only been around for two years -- a Google spokesperson confirmed that nobody has ever claimed the top reward. The Android team is making two bug bounty increases today. The reward for a remote exploit chain or exploit leading to TrustZone or Verified Boot compromise has quadrupled from $50,000 to $200,000. The reward for a remote kernel exploit has quintupled from $30,000 to $150,000. Want to make six figures? Just figure out how to hack Android.

One of the new tools Google has announced for its advertisers today promises to tie your offline credit card data together with all your online viewing to tell advertisers exactly what's working as they try to target you and your wallet. Consumerist reports: That return, for decades, was hard to measure in all but the most vaguely correlative of ways. Did people buy your product after seeing your TV ad? After seeing your billboard? On a whim after seeing neither? Who knows! But in the age of highly targeted, algorithmic advertising, the landscape is completely different. The apps on your phone know what you looked at and when, and can tie that in to what you see on other devices you're also logged into their services on (like your work computer). Meanwhile, you're leaving tracks out in the physical world -- not only the location history of your phone, but also the trail of payments you leave behind you if you pay with a credit card, debit card, or app (as millions of us do). Google also introduced some offline measurements to its online tool suite back in 2014, when it started using phone location data to try to match store visit location data to digital ad views. But a store doesn't make any money when you simply walk into it; you need to buy something. So Google's tracking that very granularly now, too. "In the coming months, we'll be rolling out store sales measurement at the device and campaign levels. This will allow you to measure in-store revenue in addition to the store visits delivered by your Search and Shopping ads," Google explains to advertisers. That's very literally a collection of spending data matched to the people who spent it, matched in turn to people who saw ads.

Thelasko quotes a report from Ars Technica: Ahead of Google I/O, Google has just dropped a bombshell of a blog post that promises, for real this time, that it is finally doing something about Android's update problems. "Project Treble" is a plan to modularize the Android OS, separating the OS framework code from "vendor specific" hardware code. In theory, this change would allow for a new Android update to be flashed on a device without any involvement from the silicon vendor. Google calls it "the biggest change to the low-level system architecture of Android to date," and it's already live on the Google Pixel's Android O Developer Preview. This is not a magic bullet that will solve all of Android's update problems, however. After an update is released, Google lists three steps to creating an Android update:

1. Silicon manufacturers (Qualcomm, Samsung Exynos, etc) "modify the new release for their specific hardware" and do things like make sure drivers and power management will still work.
2. OEMs (Samsung, LG, HTC) step in and "modify the new release again as needed for their devices." This means making sure all the hardware works, rebranding Android with a custom skin, adding OEM apps, and modifying core parts of the Android OS to add special features like (before 7.0) multi-window support.
3. Carriers add more apps, more branding, and "test and certify the new release."

Orome1 writes: In the last five months, Google's OSS-Fuzz program has unearthed over 1,000 bugs in 47 open source software projects... So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg -- and the list goes on...
Google launched the program in December and wants more open source projects to participate, so they're offering cash rewards for including "fuzz" targets for testing in their software. "Eligible projects will receive $1,000 for initial integration, and up to $20,000 for ideal integration" -- or twice that amount, if the proceeds are donated to a charity.

Today, Google has introduced a series of improvements to Chrome for Android to make it easier to save content for offline access. The improvements will be made to the "Downloads" feature rolled out in December that allows you to save webpages, music and videos for offline access. TechCrunch reports: To download a web page previously, you would open Chrome's menu in the top-right of the browser, then tap the "save" icon that's located next to the star for bookmarking the site. You could then see all the content you had saved for offline access by tapping on "Downloads" from this same menu. Now, Google is adding more ways to save content, including a way to long press on a link the way you do when you want to open up a page in a new tab. The option to "Download Link" will appear on the pop-up screen you see after your press, below the options to open the page in a new tab or incognito tab. Google says this long press action will also work on its article suggestions on its New Tab page. This New Tab page will also include the articles you've already downloaded, which will be flagged with an offline badge.

Google's Material Design specs are finally coming to the YouTube desktop site, the company said on Tuesday. The feature isn't rolling out to all just yet, but you can test drive it here. My initial impressions after playing with the new design: lots and lots of white space, but the optional dark theme looks pretty. Here's how the company describes the changes: The key principles of this new design are:
1. Simplicity: The only thing you should be concerned about is watching the content you love. The new design is clean and fresh, thanks to the removal of visuals that can distract from your browsing or watching experience. We're focused on making the content shine!
2. Consistency: The new design is aligned across Google platforms, including the YouTube mobile app, while still providing the features you know and love.
3. Beauty: We strive to combine beauty and purpose to create an effortless experience.

In late February, YouTube unveiled its live TV service called YouTube TV, which offers live TV streaming over the internet for $35 per month with no long-term contract required. The company has officially launched the service today in five select markets: New York, Los Angeles, San Francisco Bay Area, Chicago, and Philadelphia. YouTube says that more markets are coming soon, however, details on when/where are scarce. PhoneDog reports: A membership to YouTube TV costs $35 per month and includes live streaming of channels like ABC, CBS, Fox, NBC, ESPN, and others. Subscribers also get an unlimited cloud DVR for recording shows that'll last up to nine months, and six accounts that each get their own recommendations and cloud DVRs. YouTube is offering a free one-month trial of YouTube TV so that everyone can give it a try. After your first paid month, YouTube will give you a Google Chromecast to thank you for sticking with the service. Source: YouTube Official Blog

BrianFagioli writes: Google is an essential member of the open source community. The search giant contributes some really great projects, offering code to be used many -- it claims more than 2,000 such contributions! Heck, the company even hosts the annual Summer of Code program, where it pairs students with open source projects teams. In other words, Google is helping to get young folks excited about open source. Today, Google announced that it is launching an all-new website to focus on open source. It is not a general open source site, but a destination to learn more about the search-giant's relationship with it. "Today, we're launching opensource.google.com, a new website for Google Open Source that ties together all of our initiatives with information on how we use, release, and support open source. This new site showcases the breadth and depth of our love for open source. It will contain the expected things: our programs, organizations we support, and a comprehensive list of open source projects we've released. But it also contains something unexpected: a look under the hood at how we 'do' open source," says Will Norris, Open Source Programs Office, Google.

A year after Google released the Android N Developer Preview, the company has made available the developer preview of the next major version of Android, "Android O." You will not want to put it on your primary Android smartphone as the preview is likely to have rough edges. Google says as much. "it's early days, there are more features coming, and there's still plenty of stabilization and performance work ahead of us. But it's booting :)."

The company is using the developer preview to give beta testers a sneak peek into some new features, such as "notification channels," which will offer users the ability to group notifications. There is also Picture in Picture, which will enable you to have a video appear in a small window on top of homescreen or any application. Google is also adding "multi-display support" and improved "keyboard navigation." Your guess is as good as mine as to what these features will actually do. There's also better "background limits" which will supposedly help save battery, and wider Wi-Fi support to include things like Neighborhood Aware Networking (NAN).

No word on what "O" in Android O stands for.

You know those notes found plastered on many YouTube videos, often asking for you to "CLICK TO SUBSCRIBE?" Well, they're called annotations and they're being replaced with what YouTube calls "End Screen and Cards," which are mobile-friendly tools that let content creators poll their audience, link to merchandise, recommend videos, and more. Unlike annotations, they work on mobile and are designed to be less obnoxious to viewers. The Verge reports: YouTube says it made this change primarily because annotations didn't work on mobile and most viewers found them obnoxious and unhelpful. The change takes effect on May 2nd, and existing annotations will continue to show up when using the desktop browser version of YouTube. YouTube annotations have felt increasingly outdated and out of place. The small text boxes were meant as a way to let creators link to other videos, write in little jokes, and add ancillary information to a video much like a hyperlink or footnote of sorts. But over the years, annotation use has drastically fallen off, by 70 percent, YouTube product manager Muli Salem says. In fact, a majority of viewers interact with annotations only to close them, so the boxes don't obstruct the video screen. Many users turn them off altogether. So now YouTube is investing entirely in End Screens and Cards, and making both tools easier to use and faster to implement.

BrianFagioli writes: Today, Google released yet another open source project. Called "Guetzli," it is a JPEG encoder that aims to produce even smaller image file sizes. In fact, the search giant claims a whopping 35 percent improvement over existing JPEG compression. If you are wondering why smaller file sizes are important, it is quite simple -- the web. If websites can embed smaller images, users can experience faster load times while using less data. While Google didn't aim to improve JPEG image quality with Guetzli, it seems it has arguably done so. It is subjective, but the search giant surveyed human beings and found they preferred Google's open source offering 75 percent of the time. Smaller file sizes and better image quality? Wow! Google has done something amazing here.

BrianFagioli quotes a report from BetaNews: As more and more consumers buy Mac computers, evildoers will have increased incentive to write malware for macOS. Luckily, users of Apple's operating system that choose to use Google Chrome for web surfing will soon be safer. You see, the search giant is improving its Safe Browsing initiative to better warn macOS users of malicious websites and attempts to alter browser settings. "As part of this next step towards reducing macOS-specific malware and unwanted software, Safe Browsing is focusing on two common abuses of browsing experiences: unwanted ad injection, and manipulation of Chrome user settings, specifically the start page, home page, and default search engine. Users deserve full control of their browsing experience and Unwanted Software Policy violations hurt that experience," says Google. The search giant further explains, "The recently released Chrome Settings API for Mac gives developers the tools to make sure users stay in control of their Chrome settings. From here on, the Settings Overrides API will be the only approved path for making changes to Chrome settings on Mac OSX, like it currently is on Windows. Also, developers should know that only extensions hosted in the Chrome Web Store are allowed to make changes to Chrome settings. Starting March 31 2017, Chrome and Safe Browsing will warn users about software that attempts to modify Chrome settings without using the API."

YouTube announced in a blog post that people around the world are now watching a billion hours of YouTube videos every single day. According to YouTube, "If you were to sit and watch a billion hours of YouTube, it would take you over 100,000 years." Mashable reports: The milestone "represents the enjoyment of the fantastically diverse videos that creative people make every single day," Cristos Goodrow, VP of engineering at YouTube, wrote in a blog post Monday. "Around the world, people are spending a billion hours every day rewarding their curiosity, discovering great music, keeping up with the news, connecting with their favorite personalities, or catching up with the latest trend." The 1 billion figure is a 10-fold increase since 2012, YouTube said. The statistic is one that underscores YouTube's efforts to dominate the digital space. On YouTube -- which operates under the motto "Broadcast Yourself" -- users upload 400 hours of video each minute, or 65 years of video a day.

Reader Artem Tashkinov writes: Ten years after of SHA-1 was first introduced, Google has announced the first practical technique for generating an SHA-1 collision. It required two years of research between the CWI Institute in Amsterdam and Google. As a proof of the attack, Google has released two PDF files that have identical SHA-1 hashes but different content. The amount of computations required to carry out the attack is staggering: nine quintillion (9,223,372,036,854,775,808) SHA1 computations in total which took 6,500 years of CPU computation to complete the attack first phase and 110 years of GPU computation to complete the second phase.

Google says that people should migrate to newer hashing algorithms like SHA-256 and SHA-3, however it's worth noting that there are currently no ways of finding a collision for both MD5 and SHA-1 hashes simultaneously which means that we still can use old proven hardware accelerated hash functions to be on the safe side.

BrianFagioli quotes a report from BetaNews: Today, Google unveiled yet another way to share files. Called "Upspin," the open source project aims to make sharing easier for home users. With that said, the project does not seem particularly easy to set up or maintain. For example, it uses Unix-like directories and email addresses for permissions. While it may make sense to Google engineers, I am dubious that it will ever be widely used. "Upspin looks a bit like a global file system, but its real contribution is a set of interfaces, protocols, and components from which an information management system can be built, with properties such as security and access control suited to a modern, networked world. Upspin is not an "app" or a web service, but rather a suite of software components, intended to run in the network and on devices connected to it, that together provide a secure, modern information storage and sharing network," says Google. The search giant adds: "Upsin is a layer of infrastructure that other software and services can build on to facilitate secure access and sharing. This is an open source contribution, not a Google product. We have not yet integrated with the Key Transparency server, though we expect to eventually, and for now use a similar technique of securely publishing all key updates. File storage is inherently an archival medium without forward secrecy; loss of the user's encryption keys implies loss of content, though we do provide for key rotation."

Starting February 13, 2017, Google will not allow JavaScript files to be sent as an attachment via Gmail in an effort to reduce malicious attacks. Android Police reports: Malicious emails often attach various forms of executable programs and trick users into running them. These include standard Windows executables (.exe), batch files (.bat), and even JavaScript files (.js). If you're not familiar with web development, JavaScript is a common language used when developing web applications, and JS files are often loaded as part of web pages. However, opening an unknown JS file on Windows can be dangerous, as it runs inside Windows Script Host by default. From there, the script can easily run Windows executables. While blocking .js attachments is a step in the right direction, it is unclear if any warnings will be shown when receiving emails with JS files attached. Source: G Suite Updates

An anonymous reader quotes PCWorld: Over the past two years, Google has pressured developers to patch security issues in more than 275,000 Android apps hosted on its official app store. In many cases this was done under the threat of blocking future updates to the insecure apps...

In the early days of the App Security Improvement program, developers only received notifications, but were under no pressure to do anything. That changed in 2015 when Google expanded the types of issues it scanned for and also started enforcing deadlines for fixing many of them... Google added checks for six new vulnerabilities in 2015, all of them with a patching deadline, and 17 in 2016, 12 of which had a time limit for fixes. These issues ranged from security flaws in third-party libraries, development frameworks and advertising SDKs to insecure implementations of Android Java classes and interfaces.
100,000 applications had been patched by April of 2016, but that number tripled over the next nine months, with 90,000 developers fixing flaws in over 275,000 apps.

An anonymous reader quotes InfoWorld: Grumpy, an experimental project from Google, transpiles Python code into Go, allowing Python programs to be compiled and run as static binaries using the Go toolchain... In a blog post announcing the open source release, Google stated the project stemmed from its efforts to speed up the Python-powered front end for YouTube. But Google hit an obstacle that's familiar to folks who've deployed Python in production: It's hard to get CPython -- the default Python interpreter written in C -- to scale efficiently. "We think Grumpy has the potential to scale more gracefully than CPython for many real world workloads," writes Google...

Because it doesn't support C extensions, Grumpy doesn't have CPython's Global Interpreter Lock, which is commonly cited as a roadblock to running Python concurrent workloads smoothly. Grumpy also uses Go's garbage collection mechanisms to manage memory under the hood, instead of CPython's. Grumpy creates close interoperation between Python and Go by allowing Go packages to be imported and used with the same syntax as Go modules.

An anonymous reader quotes a report from BleepingComputer: We have a new in-development variant of the Koolova Ransomware that will decrypt your files for free if you educate yourself about ransomware by reading two articles. Discovered by security researcher Michael Gillespie, this in-development ransomware is not ready for prime time. In fact, I had to mess with it a bit and setup a local http server to even get it to display the ransom screen. In its functional state, Koolova will encrypt a victim's files and then display a screen similar to the Jigsaw Ransomware where the text is slowly shown on the screen. This text will tell the victim that they must read two articles before they can get a decryption key. It then tells you that if you are too lazy to read two articles before the countdown gets to zero, like Jigsaw, it will delete the encrypted files. This is not an idle threat as it actually does delete the files. The articles that Koolova wants you to read are an article from Google Security Blog called Stay safe while browsing and BleepingComputer's very own Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom article. Once you read both articles, the Decripta i Miei File, or Decrypt My Files, button becomes available. Once you click on this button, Koolova will connect to the Command and Control server and retrieve the victim's decryption key. It will then display it in a message box labeled "Nice Jigsaw," in reference to the Jigsaw Ransomware, that displays your decryption key. A victim will then be able to take that key and enter it into the key field in order to decrypt files.

An anonymous reader quotes a report from Kotaku: For months, YouTubers have complained that their view counts are down. New data from the third-party stat tracker SocialBlade confirms what YouTubers fear: viewership is lower across the board. SocialBlade crunched some numbers for Kotaku and determined that, since the first half of the year, YouTube views are now 5-7% lower. Between July and September, that decrease was 10%. It's pretty significant. Why YouTube views have gone down is unclear, but some good theories are floating around. SocialBlade Community Manager Danny Fratella pointed to two potential causes: view audits and altered video-promoting algorithms. During view audits, YouTubers don't actually lose views. YouTube is removing botted or invalid playbacks from the view count. This happens all at once in a sort of purge -- something YouTube has explained publicly. But now that YouTubers have tools like SocialBlade to more rigorously moderate their data, they may be noticing these purges more, Fratella suggested. He added that SocialBlade doesn't see view counts purged as often as subscriber counts -- the main complaint going around YouTube communities. Although YouTubers have widely complained that fans are now randomly unsubscribed from their channels, YouTube and SocialBlade both told me that they've noticed nothing out of the ordinary in subscription data. YouTube's video-promoting algorithm may also play a role in an apparent decreased viewership. What videos the platform draws more eyes to reflects their philosophy on what videos should go viral.

Trailrunner7 quotes a report from On the Wire: Google has released a new set of tests it uses to probe cryptographic libraries for vulnerabilities to known attacks. The tests can be used against most kinds of crypto algorithms and the company already has found 40 new weaknesses in existing algorithms. The tests are called Project Wycheproof, and Google's engineers designed them to help developers implement crypto libraries without having to become experts. Cryptographic libraries can be quite difficult to implement and making errors can lead to serious security problems. Attackers often will look for weak crypto implementations as a means of circumventing strong encryption in a target app. Among the issues that Google's engineers found with the Project Wycheproof tests is one in ECDH that allows an attacker to recover the private key in some circumstances. The bug is the result of some libraries not checking the elliptic curve points that they get from outside sources. "In cryptography, subtle mistakes can have catastrophic consequences, and mistakes in open source cryptographic software libraries repeat too often and remain undiscovered for too long. Good implementation guidelines, however, are hard to come by: understanding how to implement cryptography securely requires digesting decades' worth of academic literature. We recognize that software engineers fix and prevent bugs with unit testing, and we found that many cryptographic issues can be resolved by the same means," Daniel Bleichenbacher and Thai Duong, security engineers at Google, said in a post announcing the tool release. "Encodings of public keys typically contain the curve for the public key point. If such an encoding is used in the key exchange then it is important to check that the public and secret key used to compute the shared ECDH secret are using the same curve. Some libraries fail to do this check," Google's documentation says.

BrianFagioli quotes a report from BetaNews: Today, Google announces that it has joined the Cloud Foundry Foundation as a gold member. This is yet another example of the search giant's open source focus. Google joins some other respected companies at this membership level, such as Verizon, GE Digital, and Huawei to name a few. For whatever reason, the search giant stopped short of committing as the highest-level platinum member, however. "From the beginning, our goal for Google Cloud Platform has been to build the most open cloud for all developers and businesses alike, and make it easy for them to build and run great software. A big part of this is being an active member of the open source community and working directly with developers where they are, whether they're at an emerging startup or a large enterprise. Today we're pleased to announce that Google has joined the Cloud Foundry Foundation as a Gold member to further our commitment to these goals", says Brian Stevens, Vice President, Google Cloud.

Google today announced it will open up Home to third-party developers, allowing all developers to start bringing their applications and services to the Google Assistant. Developers can start building "conversation actions" for the Google Assistant, which "allows developers to create back-and-forth conversations with users through the Assistant," writes Frederic Lardinois via TechCrunch. "Users can simply start these conversations by using a phrase like 'OK Google, talk to Eliza.'" TechCrunch reports: While the Assistant also runs on the Pixel phones and inside the Allo chat app, Google says it plans to bring actions to these other "Assistant surfaces" in the future, but it's unclear when exactly this will happen. To help developers who want to build these new Conversation Actions get started, Google has teamed up with a number of partners, including API.AI, GupShup, DashBot and VoiceLabs, Assist, Notify.IO, Witlingo and Spoken Layer. Google has also allowed a small number of partners to enable their apps on Google Home already. These integrations will roll out as early as next week. Given that users will be able to invoke these new actions with a simple command (and without having to first enable a skill, like on Alexa), Google's platform looks to be a rather accessible and low-friction way for developers to get their voice-enabled services to users. Google will have the final say over which actions will be enabled on Google Home.

An anonymous reader quotes a report from BleepingComputer: Google engineers are working on an improved version of the reCAPTCHA system that uses a computer algorithm to distinguish between automated bots and real humans, and requires no user interaction at all. Called "Invisible reCAPTCHA," and spotted by Windows IT Pro, the service is still under development, but the service is open for sign-ups, and any webmaster can help Google test its upcoming technology. Invisible reCAPTCHA comes two years after Google has revolutionized CAPTCHA technologies by releasing the No CAPTCHA reCAPTCHA service that requires users to click on one checkbox instead of solving complex visual puzzles made up of words and numbers. The service helped reduce the time needed to fill in forms, and maintained the same high-level of spam detection we've become accustomed from the reCAPTCHA service. The introduction of the new Invisible reCAPTCHA technology is unlikely to make the situation better for Tor users since CloudFlare will likely force them to solve the same puzzle if they come from IPs seen in the past performing suspicious actions. Nevertheless, CloudFlare started working on an alternative.

Google says it has built support for the leap second into the time servers that regulate all Google services. An anonymous reader shares a blogpost by Google:No commonly used operating system is able to handle a minute with 61 seconds, and trying to special-case the leap second has caused many problems in the past. Instead of adding a single extra second to the end of the day, we'll run the clocks 0.0014% slower across the ten hours before and ten hours after the leap second, and "smear" the extra second across these twenty hours. For timekeeping purposes, December 31 will seem like any other day. All Google services, including all APIs, will be synchronized on smeared time, as described above. You'll also get smeared time for virtual machines on Compute Engine if you follow our recommended settings. You can use non-Google NTP servers if you don't want your instances to use the leap smear, but don't mix smearing and non-smearing time servers.

After a little over a month of learning more languages to translate beyond Spanish, Google's recently announced Neural Machine Translation system has used deep learning to develop its own internal language. TechCrunch reports: GNMT's creators were curious about something. If you teach the translation system to translate English to Korean and vice versa, and also English to Japanese and vice versa... could it translate Korean to Japanese, without resorting to English as a bridge between them? They made this helpful gif to illustrate the idea of what they call "zero-shot translation" (it's the orange one). As it turns out -- yes! It produces "reasonable" translations between two languages that it has not explicitly linked in any way. Remember, no English allowed. But this raised a second question. If the computer is able to make connections between concepts and words that have not been formally linked... does that mean that the computer has formed a concept of shared meaning for those words, meaning at a deeper level than simply that one word or phrase is the equivalent of another? In other words, has the computer developed its own internal language to represent the concepts it uses to translate between other languages? Based on how various sentences are related to one another in the memory space of the neural network, Google's language and AI boffins think that it has. The paper describing the researchers' work (primarily on efficient multi-language translation but touching on the mysterious interlingua) can be read at Arxiv.

itwbennett quotes a report from CSO Online: Following similar decisions by Mozilla and Apple, Google plans to reject new digital certificates issued by certificate authorities WoSign and StartCom because they violated industry rules and best practices. The ban will go into effect in Chrome version 56, which is currently in the dev release channel, and will apply to all certificates issued by the two authorities after October 21. Browsers rely on digital certificates to verify the identity of websites and to establish encrypted connections with them. Certificates issued before October 21 will continue to be trusted as long as they're published to the public Certificate Transparency logs or have been issued to a limited set of domains owned by known WoSign and StartCom customers. "Due to a number of technical limitations and concerns, Google Chrome is unable to trust all pre-existing certificates while ensuring our users are sufficiently protected from further misissuance," said Chrome security team member Andrew Whalley in a blog post Monday. "As a result of these changes, customers of WoSign and StartCom may find their certificates no longer work in Chrome 56. Sites that find themselves on the whitelist will be able to request early removal once they've transitioned to new certificates," Whalley said. "Any attempt by WoSign or StartCom to circumvent these controls will result in immediate and complete removal of trust."

An anonymous reader writes: Google today shared details about a security flaw in Windows, just 10 days after disclosing it to Microsoft on October 21. To make matters worse, Google says it is aware that this critical Windows vulnerability is being actively exploited in the wild. That means attackers have already written code for this specific security hole and are using it to break into Windows systems.In a blog post, security researchers at Google write, "The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome's sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability."

An anonymous Slashdot reader quotes Hot Hardware: It's been working on the project over the past five years in collaboration with Monotype in hopes of eradicating so-called "tofu" -- the blank boxes you see when a PC or website can't display a particular text -- from the web. Noto, or No more tofu, is Google's answer, and it's available now to download...

"We are thrilled to have played such an important role in what has become one of the most significant type projects of all time," said Scott Landers, president and CEO of Monotype... Monotype played the biggest role, though Google also collaborated with Adobe and had a network of volunteer reviewers. As far as Monotype is concerned, Noto is one of the expansive typography projects ever undertaken.
There's 110,000 characters, and Google says the project "required design and technical testing in hundreds of languages."

Mark Bergen, reporting for Bloomberg: Google published research this week detailing how its software enables robots to learn from one another. To demonstrate, the company's scientists showed videos featuring robotic arms whirling inside its labs. Google's robotics group built those machines and wanted to sell them to manufacturers, warehouse operators and others. However, executives at Google parent Alphabet Inc. nixed the plan because it failed Chief Executive Officer Larry Page's "toothbrush test," a requirement that the company only ship products used daily by billions of people, according to people familiar with the situation.

BrianFagioli quotes a report from BetaNews: Machine learning and vision are essential technologies for the advancement of robotics. When sensors come together, they can enable a computer or robot to collect data and images in real-time. A good example of this technology in real-world use is the latest Roomba vacuums. As the robot cleans your dirty floor, it is using sensors combined with a camera to map your home. Today, Google releases Cartographer -- an open source project that developers can use for many things, such as robots and self-driving cars. "We are happy to announce the open source release of Cartographer, a real-time simultaneous localization and mapping (SLAM) library in 2D and 3D with ROS support. SLAM is an essential component of autonomous platforms such as self driving cars, automated forklifts in warehouses, robotic vacuum cleaners, and UAVs," says Google in a blog post. "Our focus is on advancing and democratizing SLAM as a technology. Currently, Cartographer is heavily focused on LIDAR SLAM. Through continued development and community contributions, we hope to add both support for more sensors and platforms as well as new features, such as lifelong mapping and localizing in a pre-existing map."

Google has renamed "Apps for Work" to "G Suite" to "help people everywhere work and innovate together, so businesses can move faster and go bigger." They have also added a bunch of new features, such as a "Quick Access" section for Google Drive for Android that uses machine learning to predict what files you're going to need when you open up the app, based off your previous behavior. Calendar will automatically pick times to set up meetings through the use of machine intelligence. Sheets is also using AI "to turn your layman English requests into formulas through its 'Explore' feature," reports The Next Web. "In Slides, Explore uses machine learning to dynamically suggest and apply design ideas, while in Docs, it will suggest backup research and images you can use in your musings, as well as help you insert files from your Drive account. Throughout Docs, Sheets, and Slides, you can now recover deleted files on Android from a new 'Trash' option in the side/hamburger menu." Google's cloud services will now fall under a new "Google Cloud" brand, which includes G Suite, Google Cloud Platform, new machine learning tools and APIs, and Google's various devices that access the cloud. Slashdot reader wjcofkc adds: I just received the following email from Google. When I saw the title, my first thought was that there was malware lying at the end -- further inspection proved it to be real. Is this the dumbest name change in the history of name changes? Google of all companies does not have to try so hard. "Hello Google Apps Customer, We created Google Apps to help people everywhere work and innovate together, so that your organization can move faster and achieve more. Today, we're introducing a new name that better reflects this mission: G Suite. Over the coming weeks, you'll see our new name and logo appear in familiar places, including the Admin console, Help Center, and on your invoice. G Suite is still the same all-in-one solution that you use every day, with the same powerful tools -- Gmail, Docs, Drive, and Calendar. Thanks for being part of the journey that led us to G Suite. We're always improving our technology so it learns and grows with your team. Visit our official blog post to learn more."

Google has renamed "Apps for Work" to "G Suite" to "help people everywhere work and innovate together, so businesses can move faster and go bigger." They have also added a bunch of new features, such as a "Quick Access" section for Google Drive for Android that uses machine learning to predict what files you're going to need when you open up the app, based off your previous behavior. Calendar will automatically pick times to set up meetings through the use of machine intelligence. Sheets is also using AI "to turn your layman English requests into formulas through its 'Explore' feature," reports The Next Web. "In Slides, Explore uses machine learning to dynamically suggest and apply design ideas, while in Docs, it will suggest backup research and images you can use in your musings, as well as help you insert files from your Drive account. Throughout Docs, Sheets, and Slides, you can now recover deleted files on Android from a new 'Trash' option in the side/hamburger menu." Google's cloud services will now fall under a new "Google Cloud" brand, which includes G Suite, Google Cloud Platform, new machine learning tools and APIs, and Google's various devices that access the cloud. Slashdot reader wjcofkc adds: I just received the following email from Google. When I saw the title, my first thought was that there was malware lying at the end -- further inspection proved it to be real. Is this the dumbest name change in the history of name changes? Google of all companies does not have to try so hard. "Hello Google Apps Customer, We created Google Apps to help people everywhere work and innovate together, so that your organization can move faster and achieve more. Today, we're introducing a new name that better reflects this mission: G Suite. Over the coming weeks, you'll see our new name and logo appear in familiar places, including the Admin console, Help Center, and on your invoice. G Suite is still the same all-in-one solution that you use every day, with the same powerful tools -- Gmail, Docs, Drive, and Calendar. Thanks for being part of the journey that led us to G Suite. We're always improving our technology so it learns and grows with your team. Visit our official blog post to learn more."

An anonymous reader quotes a report from Tom's Hardware: D-Wave, a Canadian company developing the first commercial "quantum computer," announced its next-generation quantum annealing computer with 2,000 qubits, which is twice as many as its previous generation had. One highly exciting aspect of quantum computers of all types is that beyond the seemingly Moore's Law-like increase in number of qubits every two years, their performance increases much more than just 2x, unlike with regular microprocessors. This is because qubits can hold a value of 0, 1, or a superposition of the two, making quantum systems able to deal with much more complex information. If D-Wave's 2,000-qubit computer is now 1,000 faster than the previous 1,000-qubit generation (D-Wave 2X), that would mean that, for the things Google tested last year, it should now be 100 billion times faster than a single-core CPU. The new generation also comes with control features, which allows users to modify how D-Wave's quantum system works to better optimize their solutions. These control features include the following capabilities: The ability to tune the rate of annealing of individual qubits to enhance application performance; The ability to sample the state of the quantum computer during the quantum annealing process to power hybrid quantum-classical machine learning algorithms that were not previously possible; The ability to combine quantum processing with classical processing to improve the quality of both optimization and sampling results returned from the system. D-Wave's CEO, Vern Brownell, also said that D-Wave's quantum computers could also be used for machine learning task in ways that wouldn't be possible on classical computers. The company is also training the first generation of programmers to develop applications for D-Wave quantum systems. Last year, Google said that D-Wave's 1,000 qubit computer proved to be 100 million times faster than a classical computer with a single core: "We found that for problem instances involving nearly 1,000 binary variables, quantum annealing significantly outperforms its classical counterpart, simulated annealing. It is more than 10^8 times faster than simulated annealing running on a single core," said Hartmut Neven, Google's Director of Engineering.

sciencehabit quotes a report from Science Magazine: Today, Google rolled out a new translation system that uses massive amounts of data and increased processing power to build more accurate translations. The new system, a deep learning model known as neural machine translation, effectively trains itself -- and reduces translation errors by up to 87%. When compared with Google's previous system, the neural machine translation system scores well with human reviewers. It was 58% more accurate at translating English into Chinese, and 87% more accurate at translating English into Spanish. As a result, the company is planning to slowly replace the system underlying all of its translation work -- one language at a time. The report adds: "The new method, reported today on the preprint server arXiv, uses a total of 16 processors to first transform words into a value known as a vector. What is a vector? 'We don't know exactly,' [Quoc Le, a Google research scientist in Mountain View, California, says.] But it represents how related one word is to every other word in the vast dictionary of training materials (2.5 billion sentence pairs for English and French; 500 million for English and Chinese). For example, 'dog' is more closely related to 'cat' than 'car,' and the name 'Barack Obama' is more closely related to 'Hillary Clinton' than the name for the country 'Vietnam.' The system uses vectors from the input language to come up with a list of possible translations that are ranked based on their probability of occurrence. Other features include a system of cross-checks that further increases accuracy and a special set of computations that speeds up processing time."

An anonymous Slashdot reader quotes ZDNet: Google has open-sourced a model for its machine-learning system, called Show and Tell, which can view an image and generate accurate and original captions... The image-captioning system is available for use with TensorFlow, Google's open machine-learning framework, and boasts a 93.9 percent accuracy rate on the ImageNet classification task, inching up from previous iterations.

The code includes an improved vision model, allowing the image-captioning system to recognize different objects in images and hence generate better descriptions. An improved image model meanwhile aids the captioning system's powers of description, so that it not only identifies a dog, grass and frisbee in an image, but describes the color of grass and more contextual detail.

The earlier reports were right when they said YouTube was working on launching its own social networking service for content creators. Instead of the "YouTube Backstage" branding, YouTube has decided to call their social networking service "YouTube Community," which allows content creators to use text, GIFs, and images to better engage viewers. Given the controversy surrounding YouTube in regard to demonetizing videos that are not deemed "friendly to advertisers," many YouTube creators have been or are thinking about leaving the site and joining competing services. These new tools are designed to help keep creators from departing to competing platforms. TechCrunch reports: YouTube has been testing the new service over the past several months with a handful of creators in order to gain feedback. It's launching the service into public beta with this group of early testers, and will make it available to a wider group of creators in the "month's ahead," it says. Access to this expanded feature set is made available to the creators and their viewers by way of a new "Community" tab on their channels. From here, creators can share things like text posts, images, GIFs and other content, which the audience can thumbs up and down, like the videos themselves, as well as comment on. Viewers will see these posts in their "Subscriptions" feed in the YouTube mobile application, and can also choose to receive push notifications on these posts from their favorite creators, YouTube says." Only time will tell whether or not this new move will be better received than YouTube's Google+ integration...

An anonymous reader quotes a report from Windows Central: Google has posted a new video showing how much it has improved battery life while using Chrome on Windows. It demonstrated those changes in a video that featured the web browser on Microsoft's Surface Book notebooks. The video test was based on running a Vimeo video on Chrome 46, which was released in 2015, and the same video running on Chrome 53, which was released last week. The Surface Book with Chrome 46 ran out of battery power after 8 hours and 27 minutes, while the same notebook running Chrome 53 shut down in 10 hours and 39 minutes, or over 2 hours later. Chrome 53 also features Material Design, a user interface that "makes more liberal use of grid-based layouts, responsive animations and transitions, padding, and depth effects such as lighting and shadows." You can force the update to Chrome 53 by navigating to the about section of Chrome.

An anonymous reader writes from a report via VentureBeat: On Monday, Google announced Google Cast is now built right into Chrome, allowing anyone using the company's browser to cast content to supported devices without having to install or configure anything. The Google Cast extension for Chrome, which launched in July 2013, is no longer required for casting. The report adds: "Here's how it works. When you browse websites that are integrated with Cast, Chrome will now show you a Cast icon as long as you're on the same network as a Cast device. With a couple of clicks, you can view the website content on your TV, listen to music on your speakers, and so on. In fact, Google today also integrated Hangouts with Google Cast: Signed-in users on Chrome 52 or higher can now use the 'Cast...' menu item from Chrome to share the contents of a browser tab or their entire desktop into a Hangout." The support document details all the ways you you can use Google Cast with Chrome.

An anonymous reader quotes a report from VentureBeat: Google today announced two updates to mobile search results: an aesthetic one rolling out now and an algorithmic one coming next year. The former consists of removing the "mobile-friendly" label in search results and the latter will punish mobile sites that use interstitials. The goal is to "make finding content easier for users," though as always, the company didn't share exactly how much of an impact users and webmasters can expect. The report adds: "If your site is in the 15 percent group, here's a quick recap. A webpage is considered 'mobile friendly' if it meets the following criteria, as detected in real time by Googlebot: Avoids software that is not common on mobile devices, like Flash; Uses text that is readable without zooming; Sizes content to the screen so users don't have to scroll horizontally or zoom; Places links far enough apart so that the correct one can be easily tapped. The company now wants to tackle 'intrusive interstitials' as they 'provide a poorer experience to users than other pages where content is immediately accessible.' After January 10, 2017, pages where content is not easily accessible when coming from mobile search results 'may not rank as highly.' Interstitials that Google doesn't like include showing a popup that covers the main content (immediately or delayed), displaying a standalone interstitial that the user has to dismiss before accessing the main content, and using a layout where the above-the-fold portion is similar to a standalone interstitial but the original content is inlined underneath. Interstitials that Google deems OK include legal obligations (cookie usage or for age verification), login dialogs on sites where content is not publicly indexable, and banners that use a reasonable amount of screen space and are easily dismissible."

Google announced in a blog post today that Chrome will officially start to "de-emphasize Flash in favor of HTML5." VentureBeat reports: "In September 2016, Chrome will block Flash content that loads behind the scenes, which the company estimates accounts for more than 90 percent of the Flash on the web. In December, Chrome will make HTML5 the default experience for central content, such as games and videos, except on sites that only support Flash." Google detailed next month's plan (design doc), when Chrome 53 will be released: "In September 2015, we made 'Detect and run important plugin content' the default plugin setting in Chrome, automatically pausing any cross-origin plugin content smaller than 400px in width or 300px in height. This behavior has an exception for any plugin content that is 5x5 or smaller or is an undefined size, because there was no canonical way of detecting viewability until Intersection Observer was standardized and implemented. We would now like to remove this exception and instead not load tiny, cross-origin content. If the user has their plugin setting set to the default of 'Detect and run important plugin content,' the browser will not instantiate cross-origin plugin content that is roughly 5x5 or smaller or has an undefined size. An icon will be displayed in the URL bar indicating that plugin content is not running, allowing the user to reload the page with plugin content running or open settings to add a site-wide exception. Other choices of the plugin content setting are unaffected by this launch."

An anonymous reader writes from a report via The Stack: A year-long study between Google and New York University has determined that unwanted software unwittingly downloaded as part of a bundle is a larger problem for users than malware. Google Safe Browsing currently generates three times as many Unwanted Software (UwS) warnings than malware warnings -- over 60 million per week. Types of unwanted software fall into five categories: ad injectors, browser settings hijackers, system utilities, anti-virus, and major brands. While estimates of UwS installs are still emerging, studies suggest that ad injection affects 5% of browsers, and that deceptive extensions in the Chrome Web store affect over 50 million users. 59% of the bundles studied were flagged by at least one anti-virus engine as potentially unwanted.

"With Google Play and Android app support hitting Chromebooks, it's now possible to run Windows applications/games on Chromebooks via CrossOver For Android," reports Phoronix. Slashdot reader grungy writes: The first Intel ChromeBooks have access to the Play Store now, and the Android version of Wine apparently runs on them... Pictures show the Steam client running, and a clip of a D3D game. Of course, the Play Store is only available on the ChromeOS developer channel so far, but that should change later this year.
CrossOver for Android also hasn't been officially released, but Thursday CodeWeavers' president blogged excitedly that "we are staring at a Leprechaun riding on the back of a Unicorn while taking a picture of a UFO. We are running CrossOver through Android on a ChromeBook running a Windows based game launched from the Steam client. THIS HAS NEVER BEEN DONE BEFORE...EVER!!!"

An anonymous reader writes: Google has announced in a blog post Friday their support for the controversial Trans-Pacific Trade Partnership (TPP). Recode reports: "The trade agreement includes key provisions about the global passage of digital data, intellectual property and copyright -- measures that have drawn criticism from both the political right and left, including several outspoken tech groups. Google's endorsement isn't exactly full-throated, but its stake clearly demonstrates another key area of support with the Obama administration, to which Google is close." Google's SVP and general counsel Kent Walker wrote: "The TPP is not perfect, and the trade negotiation process would certainly benefit from greater transparency. We will continue to advocate for process reforms, including the opportunity for all stakeholders to have a meaningful opportunity for input into trade negotiations." The company has already shown support of the TPP behind the Internet Association, which endorsed the trade agreement in March. Google joins a list of other tech titans, like Apple and Microsoft, who have shown their support as well. The Electronic Frontier Foundation calls the TPP a "secretive, multinational trade agreement" that will restrict IP laws and enforce digital policies that "benefit big corporations at the expense of the public." The TPP is still awaiting congressional approval after being signed in February.

Google on Thursday announced Nearby, a new feature for Android devices that recommends apps and websites based on your physical location. The idea is simple: You're on the go and there is an app that might be useful to you but you don't know it exists. Nearby will let you know about such apps. The company writes in a blog post: To use Nearby, just turn on Bluetooth and Location, and we'll show you a notification if a nearby app or website is available. Once you've opted-in, tapping on a notification takes you straight into the intended experience. If you're not interested, just swipe it away to give us a clear signal. Nearby has started rolling out to users as part of the upcoming Google Play Services release and will work on Android 4.4 (KitKat) and above.If you're a developer, Google has published another blog post to help you get started.