Slashdot Mirror

Technology writer Tom Chanter explores the life story of venture capitalist Marc Andreessen to ask whether software will not only eat the world, but also the jobs of what one historian predicts will be a "massive new unworking class: people devoid of any economic, political or even artistic value." Can Marc Andreessen prevent a so-called "useless class" who "will not merely be unemployed -- it will be unemployable"?

Andreessen grew up in New Lisbon, Wisconsin (population: 1,500), and taught himself the BASIC programming language at age 8. He co-developed the original Mosaic web browser before he'd graduated from college, went on to co-found Netscape, and by age 23 was worth $53 million. He then transformed into a "super angel" investor in companies like Twitter, Airbnb, Lyft, Facebook, Skype, and GitHub. "Having been an innovator in the tech start-up game, Andreessen is now an innovator in the tech venture capital game," writes Chanter. "He is a jedi that has become the master." In 2011, Marc Andreessen published an article in the Wall Street Journal titled, Why Software Is Eating The World. He wrote, "Over the next 10 years, the battles between incumbents and software-powered insurgents will be epic...." 7 years later, it's clear Andreessen was correct. Lyft has destroyed taxi jobs. Airbnb has destroyed hotel jobs. Amazon destroyed independent bookstores. How does Andreessen feel about that? "Screw the independent bookstores," he said in his New Yorker profile. "There weren't any near where I grew up. There were only ones in college towns. The rest of us could go pound sand."
But the 4,900-word article also notes Andreessen's pledge to give half his income to charitable causes -- and his observation in a 2015 interview that outside of the United States, global income inequality is falling, not rising. "He has seen technology transform his own life, and has seen how technology has bridged the global wealth gap. Why shouldn't he be optimistic about the future of America's working class?"

And Andreessen's ultimate answer to the jobs destroyed by technology may be Udacity. The article cites Andreessen's investment in the company in 2012, and points to the online education platform's hopeful mission statement. "Virtually anyone on the planet with an internet connection and a commitment to self-empowerment through learning can come to Udacity, master a suite of job-ready skills, and pursue rewarding employment."

As a boy in Wisconsin he was starved for information. He has created an education institution accessible from Wisconsin to Africa. As a boy in Wisconsin he was starved for connection. He has married an innovative philanthropist and author, Laura Arrillaga-Andreessen. They have a son named John. Andreessen is optimistic for both the working class and the future tech elite.

In his New Yorker profile he says of his son, "He'll come of age in a world where ten or a hundred times more people will be able to contribute in science and medicine and the arts, a more peaceful and prosperous world."

He added, tongue in cheek, "I'm going to teach him how to take over that world!"

Slate's senior technology writer reports that his hunt for a reliable ISP "led me on a convoluted journey through accusations and counteraccusations, companies with shadowy leadership and those with conflicts of interest, and VPN ratings sites that might be even shadier than the companies they're reviewing." Many VPNs appear to be outright scams. Others make internet browsing sluggish. Free versions bombard you with ads. It's a world so thicketed that the leading firms and experts can't agree on the basic criteria for what counts as "reputable," let alone which companies best meet that description. The CEO of one top VPN company, Silicon Valley-based AnchorFree, told me in a phone interview that he suspects one of his top rivals is secretly based in China -- which would raise a red flag for many privacy advocates because of the Chinese government's aggressive surveillance regime... [But] many VPN users consider offshore providers preferable to U.S.-based firms. AnchorFree, for its part, has been dinged by reviewers for running a free, ad-supported VPN, which some privacy experts consider a conflict of interest. (It also offers a paid VPN service.) The two companies point to dueling trust reports by outside groups, each of which appears to reflect well on the firm that's touting it, thanks to different methodologies. "It is fascinating the amount of sniping that goes on" between VPN companies, said Joseph Jerome, who has closely studied VPNs in his role as policy counsel for the Privacy and Data Project at the nonprofit Center for Democracy & Technology. "They are very quick to pull out knives and shiv each other...."

If it's so hard to assess the credibility of the industry's top names...you can imagine how difficult it might be to suss out the myriad lesser-known alternatives. A January investigation by the site Top10VPN found that more than half of the top 20 free VPN apps on the iOS and Android app stores either have Chinese ownership or are based in China. That's all the more suspicious given that China officially banned VPNs last year. The concern: If China is allowing them to continue operating, it could be because they're sharing data on their users with the Chinese government. When you use a VPN, you're trusting that VPN with the same deep level of access to your online activity that you'd normally give your ISP. In other words, now they can see what you're up to whenever you're using the internet. VPNs may be more privacy-focused than big, corporate ISPs, but they're also smaller, more opaque, and less publicly accountable.
"I just wanted internet privacy. I hadn't bargained on a knife fight..." the author writes, concluding that "Several weeks, dozens of calls, and thousands of words later, I can't say I'm much closer to a clear-cut answer... One of the only definitive takeaways, besides 'steer clear of free VPNs,' is that your choice of VPN should depend on what you're using it for.

"If you're just trying to stay safe online, it may make sense to steer toward a larger, U.S.-based company that's clear about both who owns it and how it treats your data."

William Chalk, reporting for HackerNoon: After big names like Whatsapp, Snapchat, and Facebook, VPNs are the most searched-for applications in the world. "VPN" is the second-highest non-branded search term behind "games", and free apps completely dominate the search results. The most popular applications have amassed hundreds of millions of installs between them worldwide, yet there seems to be very little attention paid to the companies behind them, and very little scrutiny done on behalf of the marketplaces hosting them. We investigated the top free VPN apps in the App Store and Google Play Store. We found that very few of these hugely popular apps do anywhere near enough to deserve the trust of those looking to protect their privacy online. We recorded the top 20 free apps in the search results for "VPN" in the App and Play Store for UK and US locales. In total, these applications have been downloaded 80 million times from Google and 4 million times each month from Apple. Our investigation discovered that over half of the top free VPN apps either have Chinese ownership or are actually based in China, which has aggressively clamped down on VPN services in recent years and maintains an iron grip on the internet within its borders. Furthermore, we found the majority of these apps have insufficient formal privacy protections and non-existent user support.

William Chalk, reporting for HackerNoon: After big names like Whatsapp, Snapchat, and Facebook, VPNs are the most searched-for applications in the world. "VPN" is the second-highest non-branded search term behind "games", and free apps completely dominate the search results. The most popular applications have amassed hundreds of millions of installs between them worldwide, yet there seems to be very little attention paid to the companies behind them, and very little scrutiny done on behalf of the marketplaces hosting them. We investigated the top free VPN apps in the App Store and Google Play Store. We found that very few of these hugely popular apps do anywhere near enough to deserve the trust of those looking to protect their privacy online. We recorded the top 20 free apps in the search results for "VPN" in the App and Play Store for UK and US locales. In total, these applications have been downloaded 80 million times from Google and 4 million times each month from Apple. Our investigation discovered that over half of the top free VPN apps either have Chinese ownership or are actually based in China, which has aggressively clamped down on VPN services in recent years and maintains an iron grip on the internet within its borders. Furthermore, we found the majority of these apps have insufficient formal privacy protections and non-existent user support.

An anonymous reader shares a report:In a landmark study, 20 top US corporate lawyers with decades of experience in corporate law and contract review were pitted against an AI. Their task was to spot issues in five Non-Disclosure Agreements (NDAs), which are a contractual basis for most business deals. The study, carried out with leading legal academics and experts, saw the LawGeex AI achieve an average 94% accuracy rate, higher than the lawyers who achieved an average rate of 85%. It took the lawyers an average of 92 minutes to complete the NDA issue spotting, compared to 26 seconds for the LawGeex AI. The longest time taken by a lawyer to complete the test was 156 minutes, and the shortest time was 51 minutes.

Google's director of engineering Ray Kurzweil made a startling prediction at the 2018 TED conference. Hacker Noon reports: "In the early 2030s, we'll have universal basic income in the developed world, and worldwide by the end of the 2030s. You'll be able to live very well on that. The primary concern will be meaning and purpose," he said onstage at the annual event...

Kurzweil believes that by 2029, computers will have human-level intelligence. It's not inconceivable then that AI will be distributing UBI to humans based on algorithms that are capable of crunching numbers in ways we cannot follow. Indeed, what we call the "State" in even just 10 years time may have been transformed by AI and blockchain tech in a way whereby even our experience of consensus decision making and democracy itself may have evolved.

A report via Hacker Noon sheds some light on the practice of using bots to mass-produce videos for YouTube. The YouTube channel Breaking News Today, for example, constantly generates new videos from recent news sources, and posts as often as every few minutes. You can tell the videos are bot-produced because they always start off with a cringe-worthy 80's style intro, followed by a robotic voiceover and floating low quality images. From the report: Someone has effectively created a fully automated process running 24/7 that is taking and stripping recent articles, converting them into video format, and posting it on Youtube as their own. And while doing so, they take credit for it and reap all the rewardsâS -- such as revenue and influenceâS -- âSthat come with it. Some videos, especially the ones that gain momentum and get popular, even feature a large juicy ad on the bottom, in which Google displays and shares profits with. Sure, one video with a few thousand views isn't really that significant, but when you have hundreds of videos being pumped out week after week, you can see how quickly things can add up. And while many new videos are still awaiting their first dozen views, others are in the tens of thousands. One even amassed almost 50k views in just two days. In total, the channel's videos have been viewed more than 225,000 times just in the past month, with an average of around 8,000 views per day. Did I mention that there are more than just this one channel? There's also this one, and this one, both following the same concept. There's actually many, MANY more. There are few solutions to deal with this new type of fully automated plagiarism. While you can certainly down vote the videos and report them to YouTube if the uploader is infringing on your copyright, they will likely stay online for days racking up views and revenue before any action is taken. There's also no reason why the videos couldn't be uploaded to separate channels to fly under YouTube's radar.

An anonymous reader quotes a report from NBC News: NBC News is publishing its database of more than 200,000 tweets that Twitter has tied to "malicious activity" from Russia-linked accounts during the 2016 U.S. presidential election. These accounts, working in concert as part of large networks, pushed hundreds of thousands of inflammatory tweets, from fictitious tales of Democrats practicing witchcraft to hardline posts from users masquerading as Black Lives Matter activists. Investigators have traced the accounts to a Kremlin-linked propaganda outfit founded in 2013 known as the Internet Research Association (IRA). The organization has been assessed by the U.S. Intelligence Community to be part of a Russian state-run effort to influence the outcome of the 2016 U.S. presidential race. And they're not done. At the request of NBC News, three sources familiar with Twitter's data systems cross-referenced the partial list of names released by Congress to create a partial database of tweets that could be recovered. You can download the streamlined spreadsheet (29 mb) with just usernames, tweet and timestamps, view the full data for ten influential accounts via Google Sheets, download tweets.csv (50 mb) and users.csv with full underlying data, and/or explore a graph database in Neo4j, whose software powered the Panama Papers and Paradise Papers investigations.

NBC News' partners at Neo4j have put together a "get started" guide to help you explore the database of Russian tweets. "To recreate a link to an individual tweet found in the spreadsheet, replace 'user_key' in https://twitter.com/user_key/status/tweet_id with the screenname from the 'user_key' field and 'tweet_id' with the number in the 'tweet_id' field," reports NBC News. "Following the links will lead to a suspended page on Twitter. But some copies of the tweets as they originally appeared, including images, can be found by entering the links on webcaches like the Internet Archive's Wayback Machine and archive.is."

Open-source veteran Gaël Duval created Mandrake Linux in 1998. But in a new essay, he writes that "I realized that I had become lazy. Not only wasn't I using Linux anymore as my main operating system, but I was using a proprietary OS on my smartphone. And I was using Google more and more."

Long-time Slashdot reader nuand999 writes: He's creating a non-profit project called eelo.io that's going to release a "privacy-friendly" smartphone OS and associated web-services... eelo is going to be forked fromLineageOS, and will ship with the existing open source bricks put together into a consistent and privacy-enhanced, yet desirable, smartphone OS + web-services. A crowdfunding campaign has just started on Kickstarter to fuel early developments.
"iOS is proprietary and I prefer Open Source Software," Gaël writes on Hacker Noon, while also adding that "like millions of others, I'VE BECOME A PRODUCT OF GOOGLE... I'm not happy because Google has become too big and is tracking us by catching a lot of information about what we do. They want to know us as much as possible to sell advertising..."

"People are free to do what they want. They can choose to be volunteery slaves. But I do not want this situation for me anymore. I want to reconquer my privacy. My data is MY data. And I want to use Open Source software as much as possible."

Travis Jeffery, writing for HackerNoon: There's a security best practice where sign ins aren't supposed to say "password is incorrect." Instead they're supposed to say the "username or password is incorrect." This "best practice" is bullshit. Stripe's and GitHub's sign ins for example follow this practice. The idea is if an attacker knows a username, he or she could concentrate on that account using SQL injection, brute forcing the password, phishing, and so on. Here's the problem. All a hacker has to do is sign up to know whether the username is valid or not. Why bother then with obfuscating the sign in? Only the dumbest, laziest hacker is stopped by the "username or password is incorrect" sign in. You gain no security, yet your customers lose clarity. Stripe has their form submission behind reCAPTCHA to prevent naive scripts attacking their sign up. However this has been broken multiple times and likely won't ever be perfect. Even if reCAPTCHA was perfect, a hacker could manually validate their usernames of interest by trying to sign up, then automate an attack on the sign in page.

Jeff Kao from Hacker Noon used natural language processing techniques to analyze net neutrality comments submitted to the FCC from April-October 2017 and found that at least 1.3 million pro-repeal net neutrality comments were faked. From the report: NY Attorney General Schneiderman estimated that hundreds of thousands of Americans' identities were stolen and used in spam campaigns that support repealing net neutrality. My research found at least 1.3 million fake pro-repeal comments, with suspicions about many more. In fact, the sum of fake pro-repeal comments in the proceeding may number in the millions. In this post, I will point out one particularly egregious spambot submission, make the case that there are likely many more pro-repeal spambots yet to be confirmed, and estimate the public position on net neutrality in the "organic" public submissions. [The key findings include:]

1. One pro-repeal spam campaign used mail-merge to disguise 1.3 million comments as unique grassroots submissions.
2. There were likely multiple other campaigns aimed at injecting what may total several million pro-repeal comments into the system.
3. It's highly likely that more than 99% of the truly unique comments were in favor of keeping net neutrality.

Trent Lapinski from Hacker Noon writes an informal letter to Apple, asking "who the hell actually asked for Face ID?" and calling the iPhone X and new face-scanning security measure "Orwellian" and "creepy": For the company that famously used 1984 in its advertising to usher in a new era of personal computing, it is pretty ironic that 30+ years later they would announce technology that has the potential to eliminate global privacy. I've been waiting 10-years since the first iPhone was announced for a full-screen device that is both smaller in my hand but has a larger display and higher capacity battery. However, I do not want these features at the cost of my privacy, and the privacy of those around me. While the ease of use and user experience of Face ID is apparent, I am not questioning that, the privacy concerns are paramount in today's world of consistent security breaches. Given what we know from Wikileaks Vault7 and the CIA / NSA capabilities to hijack any iPhone, including any sensor on the phone, the very thought of handing any government a facial ID system for them to hack into is a gift the world may never be able to return. Face ID will have lasting privacy implications from 2017 moving forward, and I'm pretty sure I am not alone in not wanting to participate.

The fact of the matter is the iPhone X does not need Face ID, Apple could have easily put a Touch ID sensor on the back of the phone for authentication (who doesn't place their finger on the back of their phone?). I mean imagine how cool it would be to put your finger on the Apple logo on the back of your iPhone for Touch ID? It would have been a highly marketable product feature that is equally as effective as Face ID without the escalating Orwellian privacy implications. [...] For Face ID to work, the iPhone X actively has to scan faces looking for its owner when locked. This means anyone within a several foot range of an iPhone X will get their face scanned by other people's phones and that's just creepy.

The FCC lets you upload any file to their website and make that file publicly accessible using the FCC.gov domain. Or rather they don't, but they have somehow not realized that they are letting people do it and telling them how in their own documentation. From a report: Take a look at this document about FCC Chairman Ajit Pai which has clearly not been put there by anyone who works at the FCC, neither has this one. Those currently uploading files are able to do this using the FCC's own public API, a key that they seem to send to anyone with any email address. Obviously I am not going to tell you how, but if you have enough of the right kind of technical experience the public FCC API documentation will. People seem to be experimenting uploading different filetypes, so far they have managed pdf/gif/ELF/exe/mp4 files up to 25MB in size, which means that you could easily host malware on the FCC.gov website right now and use it in phishing campaigns that link to malware on a .gov website.

Thursday Lproven (Slashdot reader #6030) wrote: It appears that Ubuntu is using a feature it has added -- intended to insert headlines of breaking tech news (security alerts and so on) into the Message of the Day displayed at login to the console -- to display advertising and promotional messages.
The message in question linked to a Hacker Noon article titled "How HBO's Silicon Valley built 'Not Hotdog' with mobile TensorFlow, Keras & React Native." Later that day Dustin Kirkland, a Ubuntu Product Manager for the feature's design (and the Core Developer for its implementation) suggested the message had been mistaken for an ad, describing it on Hacker News as a "fun fact... an interesting tidbit of potpourri from the world of Ubuntu," and later saying it was intended like Google's doodles. "Last week's message actually announced an Ubuntu conference in Latin America. The week before, we linked to an article asking for feedback on Kubuntu. Before that, we announced the availability of Extended Security Maintenance updates for 12.04. And so on." He later confirmed Canonical received no money for the message, and also pointed out that the messages all come from an open source repository, and "You're welcome to propose your own messages for merging, if you have a well formatted, informative message for Ubuntu users."

Click through for a condensed version of the complete response by Dustin Kirkland, Ubuntu Product and Strategy at Canonical.
Kirkland describes the design of the feature as follows:

• Asynchronously, about 60 seconds after boot, a systemd timer fires which runs "/etc/update-motd.d/50-motd-news --force"
• It sources 3 admin-editable config variables in /etc/default/motd-news. The defaults are: ENABLED=1, URLS="https://motd.ubuntu.com", WAIT="5"
• The admin can disable it entirely (ENABLED=0), change or add other MOTD news sources (your corporate IT team could run its own), and change the wait time in seconds
• If it's enabled, that systemd timer job will loop over each of the URLS (note, that it's important that these should be https with valid SSL certificates), trim them to 80 characters per line, and a maximum of 10 lines, and concatenate them to a cache file in /var/cache/motd-news
• Every ~12 hours thereafter (with a little bit of random timer fuzzing), this systemd timer job will re-run and update the /var/cache/motd-news
• Upon login, the contents of /var/cache/motd-news is just printed to screen.

Kirkland notes the message can be customized by local IT administrators, or used to deliver warnings about serious vulnerabilities like Shellshock or Heartbleed. And he also describes the dynamic motd as a Ubuntu feature since adopted by other distros (including Debian) as "a flexible framework that enables distro packages or administrators to add executable scripts in /etc/update-motd.d/* to generate informative, interesting messages displayed at login... for almost 40 years of Linux/UNIX, the 'Message of the Day' was anything but that... It was a message that was created at one point in time, when the distro released, and that's about it. And we managed to change that."

New submitter DuroSoft writes: For myself and the vast majority of people I have talked to, this is the case. Any attempts we make to estimate the amount of time software development tasks will take inevitably end in folly. Do you find you can make accurate estimates, or is it really the case, as the author, DuroSoft Technologies' CTO/Co-CEO Sam Johnson, suggests via Hacker Noon, that "writing and maintaining code can be seen as a fundamentally chaotic activity, subject to sudden, unpredictable gotchas that take up an inordinate amount of time" and that therefore attempting to make predictions in the first place is itself a waste of our valuable time?

An anonymous reader shares a CNBC article: Behold the open industrial office space. At one moment, it feels like such a hip environment, bustling with easy communication and collaboration, innovation and headphones just behind every monitor. At another moment, the open office is the loudest, most annoying, distracting and unproductive environment one can imagine. What if the open industrial office is just part of a larger misguided fantasy? What if this office style is hurting our employees working on the hardest problems -- our high-performance employees (HPEs)? What if the open office is causing retention problems, and affecting the quality of our end products? As I outlined in my HPE article, executives and high-performance employees tend to optimize against completely different trade and life principles -- they generally have very different views of the world. This disconnect shows itself very clearly in the environmental conditions of our creative and technical offices. My latest anonymous survey shows that 58% of HPEs need more private spaces for problem solving, and 54% of HPEs find their office environment "too distracting."