Slashdot Mirror

Trailrunner7 shares a report: The discovery of a new, sophisticated team of hackers spying on dozens of government targets is never good news. But one team of cyberspies has pulled off that scale of espionage with a rare and troubling trick, exploiting a weak link in the internet's cybersecurity that experts have warned about for years: DNS hijacking, a technique that meddles with the fundamental address book of the internet. Researchers at Cisco's Talos security division on Wednesday revealed that a hacker group it's calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations.

In the process, they went so far as to compromise multiple country-code top-level domains -- the suffixes like .co.uk, or .ru, that end a foreign web address -- putting all the traffic of every domain in multiple countries at risk. The hackers' victims include telecoms, internet service providers, and domain registrars responsible for implementing the domain name system. But the majority of the victims and the ultimate targets, Cisco believes, were a collection of mostly governmental organizations including ministries of foreign affairs, intelligence agencies, military targets, and energy-related groups, all based in the Middle East and North Africa. By corrupting the internet's directory system, hackers were able to silently use "man-in-the-middle" attacks to intercept all internet data from email to web traffic sent to those victim organizations.

[...] Cisco Talos said it couldn't determine the nationality of the Sea Turtle hackers, and declined to name the specific targets of their spying operations. But it did provide a list of the countries where victims were located: Albania, Armenia, Cypress, Egypt, Iraq, Jordan, Lebanon, Libya, Syria, Turkey, and the United Arab Emirates. Cisco's Craig Williams confirmed that Armenia's .am top-level domain was one 'of the "handful" that were compromised, but wouldn't say which of the other countries' top-level domains were similarly hijacked.

Daetrin writes: Sony is unwilling to confirm "Playstation 5" as the name, but their next console is "no mere upgrade" according to a report from Wired, which cites Sony executives -- who spoke on the record:

"PlayStation's next-generation console ticks all those boxes, starting with an AMD chip at the heart of the device. (Warning: some alphabet soup follows.) The CPU is based on the third generation of AMD's Ryzen line and contains eight cores of the company's new 7nm Zen 2 microarchitecture. The GPU, a custom variant of Radeon's Navi family, will support ray tracing, a technique that models the travel of light to simulate complex interactions in 3D environments. While ray tracing is a staple of Hollywood visual effects and is beginning to worm its way into $10,000 high-end processors, no game console has been able to manage it. Yet."

The console will also have a solid-state drive and is currently planned to be backward-compatible with both PS4 games and PSVR.

An anonymous reader quotes a report from Motherboard: The U.S. government does not have any evidence that WikiLeaks founder Julian Assange succeeded in cracking a password for whistleblower Chelsea Manning, according to a newly unsealed affidavit written by an FBI agent. Last week, Assange was escorted out of the Ecuadorian embassy in London, and arrested for breaching bail in connection to allegations of sexual misconduct in Sweden. The day of Assange's arrest, the U.S. government unsealed an indictment against Assange with a hacking conspiracy charge. The Department of Justice accused WikiLeaks' founder of agreeing to help Manning crack a password that would have helped the former military analyst get into a classified computer system under a username that did not belong to her, making it harder for investigators to trace the eventual leak.

On Monday, the U.S. District Court for the Eastern District of Virginia unsealed the affidavit, which is dated December 21, 2017. The document contains more details on the interactions between Assange and Manning. And, most significantly, contains the admission that the U.S. government -- as of December of 2017 -- had no idea whether Assange actually cracked the password. Until now, we knew that the U.S. was aware that Assange attempted to crack a password for Manning once, but didn't know if it had more evidence of further attempts or whether it thought Assange was successful. "Investigators have not recovered a response by Manning to Assange's question, and there is no other evidence as to what Assange did, if anything, with respect to the password," FBI agent Megan Brown said in the affidavit. According to lawyers, the simple offer to help can be considered part of a conspiracy to violate the Computer Fraud and Abuse Act.

"For purposes of a conspiracy charge, it is not necessary for the action to be successful. All that is needed is an overt action in furtherance of the conspiracy, namely Assange's efforts to crack the password for Manning," Bradley, a lawyer at the Mark Zaid P.C law firm in Washington, DC, told Motherboard via email. "That he failed is irrelevant."

Salon writes that Silicon Valley tech workers are "defying their overlords," arguing that recent unionization attempts by Kickstarter employees may be only the beginning: The workers' Kickstarter campaign is not the first attempt, though, or even the first time rumblings of unionization, have circulated among programmers. In 2018, software engineers at the startup Lanetix announced their intent to unionize -- and were promptly fired by management (It is illegal to fire employees for trying to unionize). The National Labor Relations Board intervened, and ultimately forced Lanetix to pay the 15 fired engineers a total of $775,000. The show of worker power at Lanetix may have paved the way for Kickstarter's workers. Similarly, workers across the video game industry -- generally among the most overworked, underpaid workers within the tech industry -- have been making steps towards unionization. Game Workers Unite, profiled by Salon last year, is building a grassroots movement to organize the ranks of video game makers.

Together, this suggests that a small but visible movement for white-collar software engineers unionizing has been gaining steam in the Valley over the past few years -- suggesting that the people who make up the tech industry, once a bastion of libertarianism, are starting to understand the often subtle ways that their employers exploit them... For decades, libertarianism was part and parcel to the tech industry. Despite a grueling work culture and a high-profile collusion scandal among major tech corporations to suppress software engineers' wages, tech workers were more likely to see themselves as future founders than an exploited underclass -- a point of view encouraged by employers through high wages and generous, often absurd office perks. Recent developments suggest such endearing tactics are no longer working.

An anonymous reader shares a report: In 2015, WIRED published a list of the 'dark web drug lords who got away.' That list included the Dread Pirate Roberts 2 (DPR2), the creator of the second Silk Road site, which launched almost immediately after the FBI ended the first with the famous arrest of founder Ross Ulbricht. Under DPR2, Silk Road 2 went on to rake in hundreds of thousands of dollars a day. The FBI shut that one down too and arrested its remaining administrator. By that time, DPR2 had already passed ownership of the site on and, publicly, it looked like he had evaded prosecution.

But today, a court in Liverpool, England, sentenced Thomas White, a technologist and privacy activist, for crimes committed in part while running Silk Road 2 under the DPR2 persona, among other crimes committed under another persona. White pleaded guilty to drug trafficking, money laundering, as well as making indecent images of children, and was sentenced to a total of 5 years and 4 months in prison. White's arrest took place in November 2014, but the case has remained largely under-wraps because of the UK's strict court reporting rules, which prohibit journalists from covering cases before their conclusion. This is to stop suspects facing "trial by media," and in order to let cases run their course.

An anonymous reader quotes a report from The Verge: Now that Google+ is history, today, Google unveiled what will be offered to G Suite users in its place: Currents. The new app "enables people to have meaningful discussions and interactions across your organization, helping keep everyone in the know and giving leaders the opportunity to connect with their employees." The company says Currents has a new look and feel compared to Google+ -- it seems somewhat similar to my eyes -- and it's been streamlined to make it faster to post content and tag it. Posts from a company's top executives can be given priority in the Currents stream to make sure employees see it. Currents is launching in beta, and Google says G Suite companies can request access to the program starting now. Google+ posts will automatically be transferred over to Currents. (I'm just talking about G Suite posts; personal Google+ posts are a goner at this point.) If the Currents name sounds familiar, it's because it "was previously a magazine app that was the precursor to Google Play Newsstand, which itself was later replaced by Google News," the report notes.

dmoberhaus writes: On Wednesday, the United Nations convened its first ever round table on floating cities. WIRED was in attendance to hear about one specific proposal -- Oceanix City -- the creation of a co-founder of Blue Frontiers, the for-profit wing of the Thiel-backed Seasteading Institute. This project, he says, is less about libertarianism and more about survival. It sounds like paradise, but many technological, economic, and political hurdles will have to be overcome before it's a reality. "Oceanix City was designed by the renowned Danish architect Bjarke Ingels, along with dozens of experts from institutions like the UN and MIT," Wired reports. "According to Ingels, who lives on a houseboat himself, residents of the floating city will use 100 percent renewable energy, eat only plant-based food, produce zero waste, and provide housing affordable to all, not just the rich."

"At the core of Oceanix City is a 4.5-acre hexagonal floating platform that is meant to host up to 300 people," the report adds. "These platforms are modular, meaning they can be linked to form larger communities as they tessellate across the surface of the ocean. Each platform will be anchored to the ocean floor using biorock, a material that is harder than concrete and can be grown using minerals found in the ocean, which could make the anchor more secure over time. These anchors might also serve as the seeds of artificial reefs to rejuvenate aquatic ecosystems around the floating city." The community's needs and city's location will determine the design of each platform. For example, some could act as barriers to limit the impact of waves; while others could be dedicated to agriculture. Wired goes on to discuss the political and technological challenges associated with these floating cities.

"The plan for the first Oceanix City is to moor it about a mile off the coast of a major city," reports Wired. "If one of these ocean-top communities were to get parked near New York City, for example, the floating community could be treated as a new borough, or a separate city under the jurisdiction of the state..."

Jake Laperruque, Senior Counsel at The Constitution Project, where he is working on issues of government surveillance, national security and defending privacy rights in the digital age, argues via Wired that it's time to end the National Security Agency's metadata collection program, known as CDR. An anonymous reader shares an excerpt: In 2015, Congress passed the USA Freedom Act to reform Section 215 and prohibit the nationwide bulk collection of communications metadata, like who we make calls to and receive them from, when, and the call duration. The provision was replaced with a significantly slimmed-down call detail record program, known as CDR. Rather than collecting information in bulk, CDR collects communications metadata of surveillance targets as well as those of individuals up to two degrees of separation (commonly called "two hops") from the surveillance target. But this newer system appears to be no more effective than its predecessor and is highly damaging to constitutional rights. Given this combination, it's time for Congress to pull the plug and end the authority for the CDR program.

It's unsurprising that just last week a bipartisan group in Congress introduced a bill to do so. Last month, the New York Times reported that a highly placed congressional staffer had stated that the CDR program has been out of operation for months, and several days later, NSA Director Paul Nakasone issued comments responding to questions about the Times story by saying the NSA was deliberating the future of the program. If accurate, this news is major but not shocking; this large-scale-collection program has been fraught with problems. Last year, the NSA announced that technical problems had caused it to collect information it wasn't legally authorized to, and that in response, the agency had voluntarily deleted all the call detail records it had previously acquired through the CDR program -- without even waiting for a court order or trying to save some of the data -- indicating that the system was unwieldy and the data being collected was not important to the agency.

Cloudflare has announced that it's adding a VPN service to its 1.1.1.1 DNS resolver app. The 1.1.1.1 service, which first came to mobile back in November, currently attempts to speed up mobile data speeds by using Cloudflare's network to resolve DNS queries faster than your existing mobile network. From a report: "We wanted to build a VPN service that my dad would install on his phone," says Cloudflare CEO Matthew Prince. "If you tell him that it will make his connection more private and secure, he'd never do it. But if you tell him it will make his connection faster, make his phone's battery last longer, and make his connections more private, then it would be something he'd install."

Mobile phone users can begin signing up for the service, dubbed Warp, through Cloudflare's mobile app 1.1.1.1 on Monday; Cloudflare says it hopes the service is working Monday, but it might take a few days. Regardless, Warp is a sign of things to come for the rest of the internet. The technology that Cloudflare is betting will make Warp fast is a protocol invented by Google called QUIC, and it could one day make the rest of the internet faster and more reliable. QUIC is essentially a substitute for TCP, the venerable protocol now used for most internet connections. TCP, introduced in 1981, made reliable internet connections possible, says Jana Iyengar, who worked on QUIC for Google; Iyengar is now a distinguished engineer at the cloud computing company Fastly working to help finalize QUIC with the Internet Engineering Task Force standards body.

An anonymous reader shares a report: In 2004, Geoffrey Hinton doubled down on his pursuit of a technological idea called a neural network. It was a way for machines to see the world around them, recognize sounds and even understand natural language. But scientists had spent more than 50 years working on the concept of neural networks, and machines couldn't really do any of that. Backed by the Canadian government, Dr. Hinton, a computer science professor at the University of Toronto, organized a new research community with several academics who also tackled the concept. They included Yann LeCun, a professor at New York University, and Yoshua Bengio at the University of Montreal.

On Wednesday, the Association for Computing Machinery, the world's largest society of computing professionals, announced that Drs. Hinton, LeCun and Bengio had won this year's Turing Award for their work on neural networks. The Turing Award, which was introduced in 1966, is often called the Nobel Prize of computing, and it includes a $1 million prize, which the three scientists will share. More: The Godfathers of the AI Boom Win Computing's Highest Honor; Hinton Says We Need To Start Over; Bengio is Worried About Its Future; and Deep Learning May Need a New Programming Language That's More Flexible Than Python, LeCun Says.

An anonymous reader shares a report: Mention McDonald's to someone today, and they're more likely to think about Big Mac than Big Data. But that could soon change: The fast-food giant has embraced machine learning, in a fittingly super-sized way. McDonald's is set to announce that it has reached an agreement to acquire Dynamic Yield, a startup based in Tel Aviv that provides retailers with algorithmically driven "decision logic" technology. When you add an item to an online shopping cart, it's the tech that nudges you about what other customers bought as well. Dynamic Yield reportedly had been recently valued in the hundreds of millions of dollars; people familiar with the details of the McDonald's offer put it at over $300 million. That would make it the company's largest purchase since it acquired Boston Market in 1999.

dmoberhaus writes: In a major breakthrough for DNA computing, researchers from UC Davis, Caltech and Maynooth University developed a technique for creating molecular algorithms that can be reprogrammed. Prior to this research, molecular algorithms had to be painstakingly designed for specific purposes, which is "like having to build a new computer out of new hardware just to run a new piece of software," according to the researchers. This new technique could blow open the door for a host of futuristic DNA computing applications -- nanofactories, light-based computers, etc. -- that would've been impossible before. The paper was published this week in Nature.

A group of researchers claims to have built a prototype for an "online polygraph" that uses machine learning to detect deception from text alone. But as a few machine learning academics point out, what these researchers have actually demonstrated is the inherent danger of overblown machine learning claims. From a report: When Wired showed the study to a few academics and machine learning experts, they responded with deep skepticism. Not only does the study not necessarily serve as the basis of any kind of reliable truth-telling algorithm, it makes potentially dangerous claims: A text-based "online polygraph" that's faulty, they warn, could have far worse social and ethical implications if adopted than leaving those determinations up to human judgment.

"It's an eye-catching result. But when we're dealing with humans, we have to be extra careful, especially when the implications of whether someone's lying could lead to conviction, censorship, the loss of a job," says Jevin West, a professor at the Information School at the University of Washington and a noted critic of machine learning hype. "When people think the technology has these abilities, the implications are bigger than a study."

Microsoft's programming language TypeScript has become one of the most popular languages among developers, at least according to a report published by the analyst firm RedMonk this week. Wired: TypeScript jumped from number 16 to number 12, just behind Apple's programming language Swift in RedMonk's semiannual rankings, which were last published in August. Microsoft unveiled TypeScript in 2012, and while it hasn't grown as quickly as Swift -- which has grown faster than any other language, ever since RedMonk started compiling the rankings in 2011 -- TypeScript's own ascendance is impressive, given the sheer number of available programming languages.

More and more applications these days use TypeScript. Google's programming framework Angular, the second most popular tool of its type according to data released last year by the startup NPM, is written in TypeScript. So is Vue, an increasingly popular framework finding a home both among smaller companies and tech giants like Alibaba. But RedMonk doesn't look at how many jobs are available for people skilled in a particular language, nor how many companies actually use the language. Instead, the firm tries to spot trends in developer interest by looking at how many projects on GitHub use certain languages, and how many questions are asked about those languages on the programmer Q&A site Stack Overflow. The idea is to get a sense of where the software development profession is heading.

For software engineers, lack of friction is an aesthetic joy, an emotional high, the ideal existential state. It's what drives them, and what shapes our world. An excerpt from an upcoming book on coding, via Wired: The thrust of Silicon Valley is always to take human activity and shift it into metabolic overdrive. And maybe you've wondered, why the heck is that? Why do techies insist that things should be sped up, torqued, optimized? There's one obvious reason, of course: They do it because of the dictates of the market. Capitalism handsomely rewards anyone who can improve a process and squeeze some margin out. But with software, there's something else going on too. For coders, efficiency is more than just a tool for business. It's an existential state, an emotional driver.

Coders might have different backgrounds and political opinions, but nearly every one I've ever met found deep, almost soulful pleasure in taking something inefficient -- even just a little bit slow -- and tightening it up a notch. Removing the friction from a system is an aesthetic joy; coders' eyes blaze when they talk about making something run faster or how they eliminated some bothersome human effort from a process. This passion for efficiency isn't unique to software developers. Engineers and inventors have long been motivated by it. During the early years of industrialization, engineers elevated the automation of everyday tasks to a moral good. The engineer was humanity's "redeemer from despairing drudgery and burdensome labor," as Charles Hermany, an engineer himself, wrote in 1904.

[...] Many of today's programmers have their efficiency "aha" moment in their teenage years, when they discover that life is full of blindingly dull repetitive tasks and that computers are really good at doing them. (Math homework, with its dull litany of exercises, was one thing that inspired a number of coders I've talked to.) Larry Wall, who created the Perl programming language, and several coauthors wrote that one of the key virtues of a programmer is "laziness" -- of the variety where your unwillingness to perform rote actions inspires you to do the work to automate them.

nj_peeps shares an excerpt from a report via Wired: [Foursquare cofounder Dennis Crowley says the company is working on a new game.] Think Candyland, but instead of fantasy locations like Lollipop Woods, the game's virtual board includes place categories associated with New York City neighborhoods. There's a Midtown Bar, a Downtown Movie Theatre, Brooklyn Coffeeshop, Uptown Park, and so on. As in Candyland, you move your game piece forward by drawing cards. But in Crowley's version, the cards are the habits and locations of real people whose data has been turned into literal pawns in the game. Foursquare knows where their phones are in real time, because it powers many widely used apps, from Twitter and Uber to TripAdvisor and AccuWeather. These people aren't playing Crowley's game, but their real-world movements animate it: If one of them goes into a bar in midtown, for example, the person playing the game would get a Midtown Bar card.

Ask someone about Foursquare and they'll probably think of the once-hyped social media company, known for gamifying mobile check-ins and giving recommendations. But the Foursquare of today is a location-data giant. During an interview with NBC in November, the company's CEO, Jeff Glueck, said that only Facebook and Google rival Foursquare in terms of location-data precision. You might think you don't use Foursquare, but chances are you do. Foursquare's technology powers the geofilters in Snapchat, tagged tweets on Twitter; it's in Uber, Apple Maps, Airbnb, WeChat, and Samsung phones, to name a few.

Researchers at Ohio State University, the security company FireEye, and research firm Leidos last week published a paper [PDF] describing a new system that reads millions of tweets for mentions of software security vulnerabilities, and then, using their machine-learning-trained algorithm, assessed how much of a threat they represent based on how they're described. From a report: They found that Twitter can not only predict the majority of security flaws that will show up days later on the National Vulnerability Database -- the official register of security vulnerabilities tracked by the National Institute of Standards and Technology -- but that they could also use natural language processing to roughly predict which of those vulnerabilities will be given a "high" or "critical" severity rating with better than 80 percent accuracy.

"We think of it almost like Twitter trending topics," says Alan Ritter, an Ohio State professor who worked on the research and will be presenting it at the North American Chapter of the Association for Computational Linguistics in June. "These are trending vulnerabilities." A work-in-progress prototype they've put online, for instance, surfaces tweets from the last week about a fresh vulnerability in MacOS known as "BuggyCow," as well as an attack known as SPOILER that could allow webpages to exploit deep-seated vulnerabilities in Intel chips. Neither of the attacks, which the researchers' Twitter scanner labeled "probably severe," has shown up yet in the National Vulnerability Database.

Google's bug-hunting researchers known as Project Zero have revealed a fresh zero-day vulnerability in macOS called "BuggyCow." "The attack takes advantage of an obscure oversight in Apple's protections on its machines' memory to enable so-called privilege escalation, allowing a piece of malware with limited privileges to, in some cases, pierce into deeper, far more trusted parts of a victim's Mac," reports Wired. "The trick's name is based on a loophole the hackers found in the so-called copy-on-write, or CoW, protection built into how MacOS manages a computer's memory." From the report: Some programs, when dealing with large quantities of data, use an efficiency trick that leaves data on a computer's hard drive rather than potentially clog up resources by pulling it into memory. That data, like any data in a computer's memory, can sometimes be used by multiple processes at once. The MacOS memory manager keeps a map of its physical location to help coordinate, but if one of those processes tries to change the data, the memory manager's copy-on-write safeguard requires it to make its own copy. Which is to say, a program can't simply change the data shared by all the other processes -- some of which could be more highly privileged, sensitive programs than the one requesting the change.

Google's BuggyCow trick, however, takes advantage of the fact that when a program mounts a new file system on a hard drive -- basically loading a whole collection of files rather than altering just one -- the memory manager isn't warned. So a hacker can unmount a file system, remount it with new data, and in doing so silently replace the information that some sensitive, highly privileged code is using. Technically, as a zero-day vulnerability with no patch in sight, BuggyCow applies to anyone with an Apple laptop or desktop. But given the technical skill and access needed to pull it off, you shouldn't lose much sleep over it. To even start carrying out this Rube Goldberg -- style attack, a hacker would need a victim to already have some form of malware running on their computer. And while BuggyCow would allow that malware to potentially mess with the inner workings of higher-privileged parts of the computer, it could do so only if it found a highly privileged program that kept its sensitive data on the hard drive rather than memory. Project Zero says it warned Apple about BuggyCow back in November, but Apple hadn't acted to patch it ahead of last week's public reveal.

An anonymous reader quotes a report from Ars Technica: According to Wired, glass-maker Corning is "working on ultrathin, bendable glass that's 0.1 millimeters thick and can bend to a 5 millimeter radius" that may be usable for smartphone displays within two years. Corning produces Gorilla Glass used in Apple's iPhones, as well as in phones made by other manufacturers like LG, Asus, OnePlus, Nokia, Samsung, and more. Developing Gorilla Glass that can bend or fold like the materials used for the Samsung Galaxy Fold display or other foldable phone concepts could address some shortcomings endemic to these early designs.

The folding phones you see in headlines and gadget blog galleries today rely on plastic polymers that may scratch easier or have other undesirable properties. Generally, smartphone-makers that have announced foldable phones have not allowed us to test-drive these phones, which is otherwise normal practice for traditional smartphone product unveilings. That may be primarily because the software is not there yet, but it could also be that the companies anticipate negative reactions to the plastic displays, which have not been standard in flagship phones for a decade. [...] John Bayne, Corning's head of Gorilla Glass, and another expert Wired spoke with believe that Corning (or a competitor like ACG) will have foldable glass ready for use in foldable smartphones within a couple of years. But it's a difficult journey. "We have glasses we've sampled to customers, and they're functional," Bayne told Wired. "But they're not quite meeting all the requirements. People either want better performance against a drop event or a tighter bend radius. We can give them one or the other; the key is to give them both."

The FIDO Alliance -- a consortium that develops open source authentication standards -- has been pushing to expand its secure login protocols to make seamless logins a reality for several years. Today, it has hit the jackpot: Google. From a report: On Monday, Google and the FIDO Alliance announced that Android has added certified support for the FIDO2 standard, meaning that the vast majority of devices running Android 7 or later will now be able to handle password-less logins in mobile browsers like Chrome. Android already offered secure FIDO login options for mobile apps, where you authenticate using a phone's fingerprint scanner or with a hardware dongle like a YubiKey. But FIDO2 support will make it possible to use these easy authentication steps for web services in a mobile browser instead of laboriously typing in your password every time you want to log in. Web developers can now design their sites to interact with Android's FIDO2 management infrastructure.

The fleets of electric scooters that have inundated cities are alarming enough as is. Now add cybersercurity concerns to the list: Researchers from the mobile security firm Zimperium are warning that Xiaomi's popular M365 scooter model has a worrying bug. From a report: The flaw could allow an attacker to remotely take over any of the scooters to control crucial things like, ahem, acceleration and braking. Rani Idan, Zimperium's director of software research, says he found and was able to exploit the flaw within hours of assessing the M365's security. His analysis found that the scooters contain three software components: battery management, firmware that coordinates between hardware and software, and a Bluetooth module that lets users communicate with their scooter via a smartphone app. The latter leaves the devices woefully exposed.

Idan quickly found that he could connect to the scooter via Bluetooth without being asked to enter a password or otherwise authenticate. From there, he could go a step further and install firmware on the scooter without the system checking that this new software was an official, trusted Xiaomi update. This means that an attacker could easily put malware on a scooter, giving herself full command over it. "I was able to control any of the scooter features without authentication and install malicious firmware," Idan says. "An attacker could brake suddenly, or accelerate a person into traffic, or whatever the worst case scenario you can imagine."

According to a new 16-month study of 1.5 billion tweets, researchers write that Twitter still isn't keeping up with the flood of automated accounts designed to spread spam, inflate follower counts, and game trending topics. Wired reports: In a 16-month study of 1.5 billion tweets, Zubair Shafiq, a computer science professor at the University of Iowa, and his graduate student Shehroze Farooqi identified more than 167,000 apps using Twitter's API to automate bot accounts that spread tens of millions of tweets pushing spam, links to malware, and astroturfing campaigns. They write that more than 60 percent of the time, Twitter waited for those apps to send more than 100 tweets before identifying them as abusive; the researchers' own detection method had flagged the vast majority of the malicious apps after just a handful of tweets. For about 40 percent of the apps the pair checked, Twitter seemed to take more than a month longer than the study's method to spot an app's abusive tweeting. That lag time, they estimate, allows abusive apps to cumulatively churn out tens of millions of tweets per month before they're banned.

The researchers say they've been sharing their results with Twitter for more than a year but that the company hasn't asked for further details of their method or data. When WIRED reached out to Twitter, the company expressed appreciation for the study's goals but objected to its findings, arguing that the Iowa researchers lacked the full picture of how it's fighting abusive accounts. "Research based solely on publicly available information about accounts and tweets on Twitter often cannot paint an accurate or complete picture of the steps we take to enforce our developer policies," a spokesperson wrote.

An anonymous reader shares a report: By 2050 there will be 9 billion carbon-burning, plastic-polluting, calorie-consuming people on the planet. By 2100, that number will balloon to 11 billion, pushing society into a Soylent Green scenario. Such dire population predictions aren't the stuff of sci-fi; those numbers come from one of the most trusted world authorities, the United Nations. But what if they're wrong? Not like, off by a rounding error, but like totally, completely goofed?

That's the conclusion Canadian journalist John Ibbitson and political scientist Darrel Bricker come to in their newest book, Empty Planet, due out February 5th. After painstakingly breaking down the numbers for themselves, the pair arrived at a drastically different prediction for the future of the human species. "In roughly three decades, the global population will begin to decline," they write. "Once that decline begins, it will never end." But Empty Planet is not a book about statistics so much as it is about what's driving the choices people are making during the fastest period of change in human history.

Along America's west coast, the world's most valuable companies are racing to make artificial intelligence smarter. Google and Facebook have boasted of experiments using billions of photos and thousands of high-powered processors. But late last year, a project in eastern Tennessee quietly exceeded the scale of any corporate AI lab. It was run by the US government. From a report: The record-setting project involved the world's most powerful supercomputer, Summit, at Oak Ridge National Lab. The machine captured that crown in June last year, reclaiming the title for the US after five years of China topping the list. As part of a climate research project, the giant computer booted up a machine-learning experiment that ran faster than any before. Summit, which occupies an area equivalent to two tennis courts, used more than 27,000 powerful graphics processors in the project. It tapped their power to train deep-learning algorithms, the technology driving AI's frontier, chewing through the exercise at a rate of a billion billion operations per second, a pace known in supercomputing circles as an exaflop.

"Deep learning has never been scaled to such levels of performance before," says Prabhat, who leads a research group at the National Energy Research Scientific Computing Center at Lawrence Berkeley National Lab. His group collaborated with researchers at Summit's home base, Oak Ridge National Lab. Fittingly, the world's most powerful computer's AI workout was focused on one of the world's largest problems: climate change. Tech companies train algorithms to recognize faces or road signs; the government scientists trained theirs to detect weather patterns like cyclones in the copious output from climate simulations that spool out a century's worth of three-hour forecasts for Earth's atmosphere.

An anonymous reader shares a report: When hackers breached companies like Dropbox and LinkedIn in recent years -- stealing 71 and 117 million passwords, respectively -- they at least had the decency to exploit those stolen credentials in secret, or sell them for thousands of dollars on the dark web. Now, it seems, someone has cobbled together those breached databases and many more into a gargantuan, unprecedented collection of 2.2 billion unique usernames and associated passwords, and is freely distributing them on hacker forums and torrents, throwing out the private data of a significant fraction of humanity like last year's phone book.

Earlier this month, security researcher Troy Hunt identified the first tranche of that mega-dump, named Collection #1 by its anonymous creator, a set of cobbled-together breached databases Hunt said represented 773 million unique usernames and passwords. Now other researchers have obtained and analyzed an additional vast database called Collections #2-5, which amounts to 845 gigabytes of stolen data and 25 billion records in all. After accounting for duplicates, analysts at the Hasso Plattner Institute in Potsdam, Germany, found that the total haul represents close to three times the Collection #1 batch.

An anonymous reader quotes Fortune: The future is now: Starting this week, Amazon is testing autonomous package delivery with adorable little robot vehicles in a northern Seattle suburb. Six of the Amazon Scouts, the company announced yesterday, are now delivering packages in Snohomish County in a trial run that complements its existing delivery options... The six-wheeled vehicles are fully electric and will move at "walking pace," for the time being only during daylight hours on weekdays while accompanied by Amazon employees for safety's sake.... [C]onsidering the drone delivery Prime Air program never got off the ground, Amazon Scout already seems like a more sensible solution to the last-mile problem: the time-intensive activity of getting packages from distribution centers to homes.

Wired points out some particular problems, though: "A delivery robot can't open gates without hands, and it can't climb steps to get right to your door. And if the robot requires the customer to enter a PIN to get the package out, how can the robot leave the package if you're not home?" And compared to the orderly structure of roads, sidewalks are pure chaos, with people, pets and objects sharing the space. Whether autonomous delivery vehicles are allowed to share the sidewalks varies by state and by city too; San Francisco has severely restricted them since 2017. Amazon's road test in Seattle may determine whether the delivery method finally arrives.

In 2017, a poker bot called Libratus made headlines when it roundly defeated four top human players at no-limit Texas Hold 'Em. Now, Libratus' technology is being adapted to take on opponents of a different kind -- in service of the US military.

From a report: Libratus -- Latin for balanced -- was created by researchers from Carnegie Mellon University to test ideas for automated decision making based on game theory. Early last year, the professor who led the project, Tuomas Sandholm, founded a startup called Strategy Robot to adapt his lab's game-playing technology for government use, such as in war games and simulations used to explore military strategy and planning. Late in August, public records show, the company received a two-year contract of up to $10 million with the US Army. It is described as "in support of" a Pentagon agency called the Defense Innovation Unit, created in 2015 to woo Silicon Valley and speed US military adoption of new technology.

[...] Sandholm declines to discuss specifics of Strategy Robot's projects, which include at least one other government contract. He says it can tackle simulations that involve making decisions in a simulated physical space, such as where to place military units. The Defense Innovation Unit declined to comment on the project, and the Army did not respond to requests for comment. Libratus' poker technique suggests Strategy Robot might deliver military personnel some surprising recommendations. Pro players who took on the bot found that it flipped unnervingly between tame and hyperaggressive tactics, all the while relentlessly notching up wins as it calculated paths to victory.

If you've spent any time on social media lately, you've probably noticed a trend where users are posting their then-and-now profile pictures, mostly from 10 years ago and this year. While this "10 Year Challenge" appears harmless, founder of KO Insights and the author of Tech Humanist, Kate O'Neill, says all this data "could be mined to train facial recognition algorithms on age progression and age recognition." She adds: "It's worth considering the depth and breadth of the personal data we share without reservations." From the report: Imagine that you wanted to train a facial recognition algorithm on age-related characteristics, and, more specifically, on age progression (e.g. how people are likely to look as they get older). Ideally, you'd want a broad and rigorous data set with lots of people's pictures. It would help if you knew they were taken a fixed number of years apart -- say, 10 years. Sure, you could mine Facebook for profile pictures and look at posting dates or EXIF data. But that whole set of profile pictures could end up generating a lot of useless noise. People don't reliably upload pictures in chronological order, and it's not uncommon for users to post pictures of something other than themselves as a profile picture. A quick glance through my Facebook friends' profile pictures shows a friend's dog who just died, several cartoons, word images, abstract patterns, and more. In other words, it would help if you had a clean, simple, helpfully-labeled set of then-and-now photos.

What's more, for the profile pictures on Facebook, the photo posting date wouldn't necessarily match the date that the picture was taken. [...] Through the Facebook meme, most people have been helpfully adding that context back in (e.g. "me in 2008, and me in 2018"), as well as further info, in many cases, about where and how the pic was taken (e.g. "2008 at University of Whatever, taken by Joe; 2018 visiting New City for this year's such-and-such event"). In other words, thanks to this meme, there's now a very large data set of carefully curated photos of people from roughly 10 years ago and now. In closing, Kate says it's not necessarily bad that someone could use your Facebook photos to train a facial recognition algorithm -- it's inevitable. "Still, the broader takeaway here is that we need to approach our interactions with technology mindful of the data we generate and how it can be used at scale."

Last Saturday a firm which rents promotional robots claimed that one of their robots broke free from a line of robots, only to be hit by a self-driving Tesla.

Though video of the incident has now been viewed over 1.2 million times, Wired followed up on the company's claim that "Nevada police" were investigating the incident. Or weren't. Aden Ocampo Gomez, a public information officer with the Las Vegas Metropolitan Police Department, said he couldn't find any record of such an incident. And anyway, he says, "We don't report to that kind of incident on private property."
Wired also challenged Promobot's claim that their robot was hit by "a self-driving Tesla car": Teslas don't have a "full self-driving" mode. Autopilot, the automaker's semiautonomous system, is made for highways, not the sort of private road shown in a video of the alleged crash published by the robotics company. Promobot seems to start falling over just a moment before the car gets to it. And that video appears to show a rope snaking away from the incident -- the sort that could be used, say, to pull down a robot that hadn't been hit by a car at all.
When Wired contacted the company for a comment, they didn't respond.

The company's press release also claims that after the collision "most likely there is no way to restore" their robot -- and yet the Daily Dot reports Promobot "does not intend to pursue reparations".

Throughout 2018, researchers inside and outside Intel continued to find exploitable weaknesses related to Meltdown and Spectre class of "speculative execution" vulnerabilities. Fixing many of them takes not just software patches, but conceptually rethinking how processors are made. From a report: At the center of these efforts for Intel is STORM, the company's strategic offensive research and mitigation group, a team of hackers from around the world tasked with heading off next-generation security threats. Reacting to speculative execution vulnerabilities in particular has taken extensive collaboration among product development teams, legacy architecture groups, outreach and communications departments to coordinate response, and security-focused research groups at Intel. STORM has been at the heart of the technical side. "With Meltdown and Spectre we were very aggressive with how we approached this problem," says Dhinesh Manoharan, who heads Intel's offensive security research division, which includes STORM. "The amount of products that we needed to deal with and address and the pace in which we did this -- we set a really high bar."

Intel's offensive security research team comprises about 60 people who focus on proactive security testing and in-depth investigations. STORM is a subset, about a dozen people who specifically work on prototyping exploits to show their practical impact. They help shed light on how far a vulnerability really extends, while also pointing to potential mitigations. The strategy helped them catch as many variants as possible of the speculative execution vulnerabilities that emerged in a slow trickle throughout 2018. "Every time a new state of the art capability or attack is discovered we need to keep tracking it, doing work on it, and making sure that our technologies are still resilient," says Rodrigo Branco, who heads STORM. "It was no different for Spectre and Meltdown. The only difference in that case is the size, because it also affected other companies and the industry as a whole."

No one told them to look for the Earth. It was Christmas Eve 1968 and the first manned mission to the moon had reached its destination. As Apollo 8 slipped into lunar orbit the crew prepared to read passages of Genesis for a TV broadcast to the world. But as the command module came around on its fourth lap, there it was visible through the window -- a bright blue and white bauble suspended in the black above the relentless grey of the moon. The Guardian: Before that moment 50 years ago, no one had seen an earthrise. The sight sent Bill Anders, the mission photographer, scrambling for his camera. He slapped a 70mm colour roll into the Hasselblad, set the focus to infinity, and started shooting though the telephoto lens. What he captured became one of the most influential images in history. A driving force of the environmental movement, the picture, which became known as Earthrise, showed the world as a singular, fragile, oasis.

On previous laps Anders had snapped the far side of the moon for the geologists and the near side of it for Apollo's landing site planners. "It didn't take long for the moon to become boring. It was like dirty beach sand," Anders told the Guardian. "Then we suddenly saw this object called Earth. It was the only colour in the universe." Apollo 8 launched from the Kennedy Space Centre in Florida on 21 December 1968. The enormous Saturn V rocket, more than 110 metres tall, had flown only twice before and never with a crew. But on that day the rocket performed. Tucked inside the command module, Anders, Frank Borman and James Lovell looped the planet twice before the third stage blasted them onwards to the moon. They arrived nearly three days later, completed 10 lunar orbits, and headed home for a splashdown in the north Pacific.

Earthrise did not have an immediate impact. Its philosophical significance sunk in over years, after Nasa put it on a stamp, and Time and Life magazine highlighted it as an era-defining image. "It gained this iconic status," Anders said. "People realised that we lived on this fragile planet and that we needed to take care of it." The shot did more than boost the environmental movement. Even Anders, who calls himself "an arch cold war warrior," felt it held a message for humanity. "This is the only home we have and yet we're busy shooting at each other, threatening nuclear war, and wearing suicide vests," he said. "It amazes me." Further reading: Wired.

Tim May, co-founder of the influential Cypherpunks mailing list and a significant influence on both bitcoin and WikiLeaks, passed away in mid-December at his home in Corralitos, California. The news was announced last Saturday on a Facebook post written by his friend Lucky Green. Long-time Slashdot reader SonicSpike quotes Reason: In his influential 1988 essay, "The Crypto Anarchist Manifesto," May predicted that advances in computer technology would eventually allow "individuals and groups to communicate and interact with each other" anonymously and without government intrusion. "These developments will alter completely the nature of government regulation [and] the ability to tax and control economic interactions," he wrote... Running 497 words, it was his most influential piece of writing... May became convinced that public-key cryptography combined with networked computing would break apart social power structures...

In September 1992, May and his friends Eric Hughes and Hugh Daniels came up with the idea of setting up an online mailing list to discuss their ideas. Within a few days of its launch, a hundred people had signed up for the Cypherpunks mailing list. (The group's name was coined by Hughes' girlfriend as a play on the "cyberpunk" genre of fiction.) By 1997, it averaged 30 messages daily with about 2,000 subscribers. May was its most prolific contributor. May and Hughes, along with free speech activist John Gilmore, wore masks on the cover of the second issue of Wired magazine accompanying a profile by journalist Steven Levy, who described the Cypherpunks as "more a gathering of those who share a predilection for codes, a passion for privacy, and the gumption to do something about it...."

WikiLeaks founder Julian Assange was an active reader and participant on the list, contributing his first posts in 1995 under the name "Proff."
The article notes that May "recently expressed disgust with the current state of the cryptocurrency community, citing its overpriced conferences and the advent of 'bitcoin exchanges that have draconian rules about KYC, AML, passports, freezes on accounts and laws about reporting 'suspicious activity' to the local secret police.'"

In his last published interview he told CoinDesk "I think Satoshi would barf."

An anonymous reader shares a report: Pushing the cargo bike across a rain-soaked parking lot at a UPS distribution center in Seattle, where the shipper showed off its newest delivery vehicle, I had a realization once the pedal assist kicked in. "Yep, this will totally work," I thought. Bike messengers have long known cycling is the fastest way to get around traffic-choked cities. More commuters are getting it too. Now UPS is giving it a shot: The 111-year-old delivery service has started moving packages around Seattle by electric tricycle, in a yearlong pilot.

The vehicle in question was designed and built by Truck Trike in Portland, Oregon. When the rider starts to pedal, human power pushes the front hub. With a thumb throttle, the rider can draw power from a pair of battery packs in the base of the trike to rear hub motors for the back two wheels, with enough juice for 12 to 18 miles of range. The extra power comes in handy because the trailer, made by Portland's Silver Eagle, can fit as many as 40 packages, or about 350 pounds worth of stuff. For UPS the move is pretty spot on, because while the Emerald City is always congested, it's less than two months from what its traffic engineers call the "period of maximum constraint."

That ominous-sounding constrained period arrives on February 4, when the Alaskan Way Viaduct elevated highway along the waterfront is torn down and the 2-mile tunnel Seattle dug to replace it comes online. Crews are finishing the ramps that connect the tunnel to surface roads, and for three weeks, the city won't have a road to get through downtown on the city's waterfront side. To dodge the traffic horror show, Seattleites are planning vacations, renting Airbnbs to stay downtown, anything to avoid driving, including working from home.

An anonymous reader shares a report: Sitting in front of a Converus EyeDetect station, it's impossible not to think of Blade Runner. In the 1982 sci-fi classic, Harrison Ford's rumpled detective identifies artificial humans using a steam-punk Voight-Kampff device that watches their eyes while they answer surreal questions. EyeDetect's questions are less philosophical, and the penalty for failure is less fatal (Ford's character would whip out a gun and shoot). But the basic idea is the same: By capturing imperceptible changes in a participant's eyes -- measuring things like pupil dilation and reaction time -- the device aims to sort deceptive humanoids from genuine ones.

It claims to be, in short, a next-generation lie detector. Polygraph tests are a $2 billion industry in the US and, despite their inaccuracy, are widely used to screen candidates for government jobs. Released in 2014 by Converus, a Mark Cuban-funded startup, EyeDetect is pitched by its makers as a faster, cheaper, and more accurate alternative to the notoriously unreliable polygraph. By many measures, EyeDetect appears to be the future of lie detection -- and it's already being used by local and federal agencies to screen job applicants.

Chris Reeve writes: Wired Magazine is reporting that astronomers have since 2014 witnessed up to 100 possible instances of quasars transforming into galaxies over very short timespans, but the article leaves no hint of the trouble this spells for the Big Bang cosmology. The article begins, "Stephanie Lamassa did a double take. She was staring at two images on her computer screen, both of the same object — except they looked nothing alike... The quasar seemed to have vanished, leaving just another galaxy. That had to be impossible, she thought. Although quasars turn off, transitioning into mere galaxies, the process should take 10,000 years or more. This quasar appeared to have shut down in less than 10 years — a cosmic eyeblink."

What the Wired article fails to mention is that the short timespans vindicate the quasar ejection model proposed by Edwin Hubble's assistant, Halton Arp, who insisted that these objects must be considerably closer than the extreme distances inferred by their redshifts:

"The conclusion was very, very strong just from looking at this picture that these objects had been ejected from the central galaxy, and that they were initially at high redshift, and the redshift decayed as time went on. And therefore, we were looking at a physics that was operating in the universe in which matter was born with low mass and very high redshift, and it matured and evolved into our present form, that we were seeing the birth and evolution of galaxies in the universe."

Arp's attempts to publish his quasar ejection model famously led to his removal from the world's largest optical telescope at that time — the 200-inch Palomar. He decided to resign from his permanent position at the Carnegie Institute of Washington on the principle of "whether scientists could follow new lines of investigation, and follow up... on evidence which apparently contradicted the current theorems and the current paradigms." The fact that these quasar changes appear to occur over just months in some cases should raise questions about whether or not the objects are truly at the vast distances and scales implied by their redshift-inferred distances.
The original submission also included a comment with a carefully-documented "list of vindications for Halton Arp" -- and complains again that Wired failed to include any mention of Arp's theory, and it's "dire" implications for the Big Bang theory's assumptions about redshift.

"Influencers" are being paid big sums to pitch products on Instagram and YouTube. If you're trying to grow a product on social media, you either fork over cash or pay in another way. This is the murky world of influencing, reports Wired. Brands will pay influencers to position products on their desks, behind them, or anywhere else they can subtly appear on screen. Payouts increase if an influencer tags a brand in a post or includes a link, but silent endorsements are often preferred. An excerpt from the report: The suggestions started early. Months before Lashify had officially launched, one of her investors, who had ties to the cosmetics industry, pulled her aside. He told her to prepare to pay influencers to speak positively about her lashes on YouTube and Instagram. She thought he was being dramatic. He wasn't. Lotti recalls the investor saying that if she wanted Lashify to succeed, quality didn't matter, nor did customer satisfaction -- only influencers. And they didn't come cheap. She was told to expect to shell out $50,000 to $70,000 per influencer just to make her company's name known, an insane amount for a new startup. There was no way around it; that's just how things worked.

On Monday, November 26th, NASA will attempt to land the InSight spacecraft on Elysium Planitia, a vast plain just north of the Martian equator. If NASA is successful, InSight (short for Interior Exploration using Seismic Investigations, Geodesy, and Heat Transport) will be the first mission to investigate Mars' deep interior with thermal probes and seismometry, an approach scientists think will address questions about the red planet's formation and composition. But first, the spacecraft must land. From a report: Getting to Mars is hard, but NASA engineers consider entry, descent, and landing -- the seven-minute period in which mission planners are helpless to intervene, due to the tremendous distance between Mars and Earth -- the riskiest sequence in the entire mission. Here's how NASA plans to pull it off.

For InSight, the action will begin Monday, November 26th at around 11:47 am PT (2:47 pm ET). That's when the lander is slated to hit the top of Mars' atmosphere, at an altitude roughly 43 miles above the planet's surface. On contact, the spacecraft will be blazing along at a not-so-cool 5500 meters per second. That's 12,300 miles per hour. At those speeds, the primary concern for NASA's engineers is friction. Mars' atmosphere, which is roughly 100 times thinner than Earth's, plays a vitally important role in InSight's arrival: Bleeding the spacecraft of its kinetic energy. Yet the atmosphere poses a significant threat, as well. The resistance it exerts on InSight's heat shield, a 419-pound enclosure composed primarily of crushed cork, will drive the temperature of the protective barrier to temperatures greater than 2,700 degrees Fahrenheit -- hot enough to melt steel.

On Monday, November 26th, NASA will attempt to land the InSight spacecraft on Elysium Planitia, a vast plain just north of the Martian equator. If NASA is successful, InSight (short for Interior Exploration using Seismic Investigations, Geodesy, and Heat Transport) will be the first mission to investigate Mars' deep interior with thermal probes and seismometry, an approach scientists think will address questions about the red planet's formation and composition. But first, the spacecraft must land. From a report: Getting to Mars is hard, but NASA engineers consider entry, descent, and landing -- the seven-minute period in which mission planners are helpless to intervene, due to the tremendous distance between Mars and Earth -- the riskiest sequence in the entire mission. Here's how NASA plans to pull it off.

For InSight, the action will begin Monday, November 26th at around 11:47 am PT (2:47 pm ET). That's when the lander is slated to hit the top of Mars' atmosphere, at an altitude roughly 43 miles above the planet's surface. On contact, the spacecraft will be blazing along at a not-so-cool 5500 meters per second. That's 12,300 miles per hour. At those speeds, the primary concern for NASA's engineers is friction. Mars' atmosphere, which is roughly 100 times thinner than Earth's, plays a vitally important role in InSight's arrival: Bleeding the spacecraft of its kinetic energy. Yet the atmosphere poses a significant threat, as well. The resistance it exerts on InSight's heat shield, a 419-pound enclosure composed primarily of crushed cork, will drive the temperature of the protective barrier to temperatures greater than 2,700 degrees Fahrenheit -- hot enough to melt steel.

Earlier this week, the Centers for Disease Control and Prevention put out an unusually strong statement telling Americans to toss any romaine lettuce in any form: whole, chopped, pre-bagged into Caesar salads, combined into spring mix, and so on. The warning covered not just homes but retailers and restaurants, and came with a recommendation to empty any fridge where romaine has been stored, and wash it out with soap and warm water. From a report: The CDC said it was making the recommendation to not eat, serve or sell any romaine lettuce because 32 people in 11 states, plus 18 people in Ontario and Quebec, have been made ill by E. coli O157:H7, which causes very serious illness because it produces a toxin that destroys cells lining the intestines and kidneys. The patients are all infected with the same strain, based on genetic fingerprinting, and the only thing they have in common is that they all ate romaine.

But, the CDC said, "no common grower, supplier, distributor, or brand of romaine lettuce has been identified." The agency isn't usually so sweeping in its statements, but with a holiday coming -- one that's centered around eating and that takes people offline into the real world of airports and cars and dinner tables -- it warned against all romaine until the threat can be better defined. The Food and Drug Administration, which does have the power to compel foods to be recalled, is investigating, along with health departments in the 11 states where people have gotten sick.

As you travel this holiday season, bouncing from airport to airplane to hotel, you'll likely find yourself facing a familiar quandary: Do I really trust this random public Wi-Fi network? As recently as a couple of years ago, the answer was almost certainly a resounding no. But in the year of our lord 2018? Friend, go for it. Wired: This advice comes with plenty of qualifiers. If you're planning to commit crimes online at the Holiday Inn Express, or to visit websites that you'd rather people not know you frequented, you need to take precautionary steps that we'll get to in a minute. Likewise, if you're a high-value target of a sophisticated nation state, stay off of public Wi-Fi at all costs. But for the rest of us? You're probably OK. That's not because hotel and airport Wi-Fi networks have necessarily gotten that much more secure. The web itself has.

"A lot of the former risks, the reasons we used to warn people, those things are gone now," says Chet Wisniewski, principle researcher at security firm Sophos. "It used to be because almost nothing on the internet was encrypted. You could sit there and sniff everything. Or someone could set up a rogue access point and pretend to be Hilton, and then you would connect to them instead of the hotel." In those Wild West days, in other words, signing onto a shared Wi-Fi network exposed you to myriad attacks, from hackers tracking your every move online, to so-called man-in-the-middle efforts that tricked you into entering your passwords, credit card information, or more on phony websites. A cheap, easy to use device called a Wi-Fi Pineapple makes those attacks simple to pull off. All of that's still technically possible. But a critical internet evolution has made those efforts much less effective: the advent of HTTPS.

Mozilla has released its second annual "Privacy Not Included" guide that rates 70 products to help give you an idea as to how secure or insecure they are. "We want to provide people information about how to make informed decisions when shopping for gifts that are connected to the internet," says Ashley Boyd, vice president of advocacy at Mozilla. "These products are becoming really popular. And in some cases, it's easy to forget that they're even connected to the internet." Wired reports: Among the important signifiers of a trustworthy stocking stuffer, according to Mozilla's rubric: the use of encryption, pushing automatic software security updates, strong password hygiene, a way to deal with vulnerabilities should they arise, and a privacy policy that doesn't take a PhD to parse. The most surprising result of Mozilla's testing may be how many products actually earned its seal of approval. Thirty-three of the 70 items in the "Privacy Not Included" guide passed muster; fans of the Nintendo Switch, Google Home, and Harry Potter Kano Coding Kit can sleep a little easier.

On the other end of the scale, Mozilla highlighted seven products that may not hit the mark -- yes, including the sous vide wand, the Anova Precision Cooker. Also scoring low marks in Mozilla's accounting: the DJI Spark Selfie Drone (no encryption, does not require users to change the default password), the Parrot Bebop 2 drone (no encryption, complex privacy policy), and unsurprisingly, at least one baby monitor. The remaining 30 items on the list all exist somewhere in the murky middle, usually because Mozilla was unable to confirm at least one attribute. Which may be the real takeaway from the report: Typically, you have no reasonable way to find out if a given internet-connected device is secure. "If you can't tell, that says that there's a problem of communication between manufacturers and consumers," says Boyd. "We would love for makers of these products to be more clear and more transparent about what they're doing and not doing. That's a big place we think change is needed."

You may be thinking: But sand is everywhere, there are whole deserts filled with the stuff. The sand in a desert, though, is useless as a construction material. The grains are out in the open and blow around for thousands of years. From a report: This rounds them off until they become useless as building blocks. Imagine trying to make a building with golf balls. In order to build, sand with angular edges must be used. The preferential type is the kind found in a river bed, sea, or beach. The fact that desert sand is useless makes for some unexpected situations. Despite being surrounded by endless miles of sand, the tallest building in the world, the Burj Khalifa in Dubai, was built with sand imported from Australia. Dubai also imports sand for its beaches from Australia. Apparently desert sand doesn't do well in a beach atmosphere either. Sand also regenerates slowly. It takes thousands upon thousands of years for rock and sediment to break down into the usable grains we all rely on.

The world has seen a construction boom in recent years. The base that boom is built on, quite literally, is concrete. The United Nations estimates that the world consumes more than 40 billion tons of building aggregate -- sand, gravel, and crushed stone -- each year. Some estimates predict consumption will top 50 billion tons by next year, with China alone gobbling up much of the world's concrete supply as it undergoes a massive urbanization. According to data from the U.S. Geological Survey, between 2011 and 2013 China used more concrete than the U.S. used throughout the entire 20th century. Other parts of Asia, such as India, are rapidly expanding as well. The urbanization driving this construction boom, and increasing reliance on concrete, shows no signs of slowing. By 2030 the U.N. expects 60 percent of the world's population to live in urban areas.

[...] One of the prime issues with sand is that it's heavy. Heavy items incur large transportation costs, especially over a long distance. The scarcity and high prices attract the attention of criminals. Why go to a legal mining area when sand can be extracted for next to nothing elsewhere? "Sand mafias" are groups of criminals that illegally dredge sand from areas where extraction is prohibited. Since they're not following laws, all environmental protocols are ignored. Often rivers are illegally mined, destroying the habitat for fish and fishermen. Sometimes land from private villages is even taken over by these mafias. If they're confronted, violence often results. And according to a 2015 Wired story on sand mafias in India, police are typically of little help: "The conventional wisdom says that many local authorities accept bribes from the sand miners to stay out of their business -- and not infrequently, are involved in the business themselves."

As chipmakers struggle to keep up with Moore's law, they are increasingly looking for alternatives to boost computers' performance. "We're seeing Moore's law slowing," says Mark Papermaster, chief technology officer at chip designer AMD. "You're still getting more density but it costs more and takes longer. It's a fundamental change." Wired has a feature story which looks at those alternatives and the progress chipmakers have been able to make with them so far. From a report: AMD's Papermaster is part of an industry-wide effort around a new doctrine of chip design that Intel, AMD, and the Pentagon all say can help keep computers improving at the pace Moore's law has conditioned society to expect. The new approach comes with a snappy name: chiplets. You can think of them as something like high-tech Lego blocks. Instead of carving new processors from silicon as single chips, semiconductor companies assemble them from multiple smaller pieces of silicon -- known as chiplets. "I think the whole industry is going to be moving in this direction," Papermaster says. Ramune Nagisetty, a senior principal engineer at Intel, agrees. She calls it "an evolution of Moore's law."

Chip chiefs say chiplets will enable their silicon architects to ship more powerful processors more quickly. One reason is that it's quicker to mix and match modular pieces linked by short data connections than to painstakingly graft and redesign them into a single new chip. That makes it easier to serve customer demand, for example for chips customized to machine learning, says Nagisetty. New artificial-intelligence-powered services such as Google's Duplex bot that makes phone calls are enabled in part by chips specialized for running AI algorithms.

Chiplets also provide a way to minimize the challenges of building with cutting-edge transistor technology. The latest, greatest, and smallest transistors are also the trickiest and most expensive to design and manufacture with. In processors made up of chiplets, that cutting-edge technology can be reserved for the pieces of a design where the investment will most pay off. Other chiplets can be made using more reliable, established, and cheaper techniques. Smaller pieces of silicon are also inherently less prone to manufacturing defects.

An anonymous reader quotes a report from Wired: On Thursday, Russian officials held a press conference to reveal that they have determined what caused last month's Soyuz mid-flight failure. The culprit: a damaged sensor on one of the rocket's four boosters responsible for stage separation. With the investigation complete, the officials announced that they will move up the date of the next crew launch to the International Space Station. Russian space agency officials confirmed that the faulty sensor, designed to signal stage separation, had caused one of the boosters to improperly separate. This led the first and second stages of the rocket to collide, which then triggered the vehicle's emergency abort system.

Video of the incident, released today by the space agency, shows the accident from the rocket's point of view. In it, the booster in question strikes the core of the rocket, causing a significant jolt, which triggered the abort. According to officials, the afflicted sensor rod was bent slightly during the assembly of the rocket. To check for any handling errors that might have also affected other rockets, Russian officials said that all assembled Soyuz rockets -- and their attached booster pack -- will be taken apart and put together anew.

Oregon Senator Ron Wyden has introduced the Consumer Data Protection Act that "would dramatically beef up Federal Trade Commission authority and funding to crack down on privacy violations, let consumers opt out of having their sensitive personal data collected and sold, and impose harsh new penalties on a massive data monetization industry that has for years claims that self-regulation is all that's necessary to protect consumer privacy," reports Motherboard. From the report: Wyden's bill proposes that companies whose revenue exceeds $1 billion per year -- or warehouse data on more than 50 million consumers or consumer devices -- submit "annual data protection reports" to the government detailing all steps taken to protect the security and privacy of consumers' personal information. The proposed legislation would also levy penalties up to 20 years in prison and $5 million in fines for executives who knowingly mislead the FTC in these reports. The FTC's authority over such matters is currently limited -- one of the reasons telecom giants have been eager to move oversight of their industry from the Federal Communications Commission to the FTC. "Today's economy is a giant vacuum for your personal information -- everything you read, everywhere you go, everything you buy and everyone you talk to is sucked up in a corporation's database," Wyden said in a statement. "But individual Americans know far too little about how their data is collected, how it's used and how it's shared."

"It's time for some sunshine on this shadowy network of information sharing," Wyden said. "My bill creates radical transparency for consumers, gives them new tools to control their information and backs it up with tough rules with real teeth to punish companies that abuse Americans' most private information."

An anonymous reader quotes NBC News: The California man behind a years-long string of hoax 911 calls -- including one that ended in a Kansas man's death -- wants to plead guilty to all charges, court documents revealed. Tyler Rai Barriss, 25, intends to waive his right to trial and admit guilt to a 46-count federal indictment, according to a document he signed on Oct. 18 and was filed in U.S. District Court on Wednesday. Barriss faces up to life behind bars for his dozens of acts of "swatting" -- calling police to falsely report a serious crime, in hopes of drawing a massive response to the home of an unsuspecting target.... According to the court records, Barriss will admit to dozens of "swatting" incidents all over America between 2015 and the end of 2017, The false alarms connected to Barriss happened in Ohio, Nevada, Illinois, Indiana, Virginia, Texas, Arizona, Massachusetts, MIssouri, Maine, Pennsylvania, New Mexico, Indiana, Michigan, Florida, Connecticut and New York.
Barriss performed SWATs if clients sent him $10 over PayPal -- occasionally demanding "upwards of $50," according to a new (possibly pay-walled) article on Wired. A Call of Duty player hired Barriss to SWAT a teammate who'd caused them to lose a $1.50 wager, but his intended target supplied a false address across town which resulted in the fatal police shooting.

Both gamers are now "awaiting trial on lesser charges," reports NBC.

An anonymous reader quotes a report from The Hill: An Amazon employee is seeking to put new pressure on the company to stop selling its facial recognition technology to law enforcement. An anonymous worker, whose employment at Amazon was verified by Medium, published an op-ed on that platform on Tuesday criticizing the company's facial recognition work and urging the company to respond to an open letter delivered by a group of employees. The employee wrote that the government has used surveillance tools in a way that disproportionately hurts "communities of color, immigrants, and people exercising their First Amendment rights."

"Ignoring these urgent concerns while deploying powerful technologies to government and law enforcement agencies is dangerous and irresponsible," the person wrote. "That's why we were disappointed when Teresa Carlson, vice president of the worldwide public sector of Amazon Web Services, recently said that Amazon 'unwaveringly supports' law enforcement, defense, and intelligence customers, even if we don't 'know everything they're actually utilizing the tool for.'" The op-ed comes one day after Amazon CEO Jeff Bezos defended technology companies working with the federal government on matters of defense during Wired's ongoing summit in San Francisco. "If big tech companies are going to turn their back on the U.S. Department of Defense, this country is going to be in trouble," Bezos said on Monday.

An anonymous reader shares a report: "Helsinki VTS, thank you for permission to depart," the captain says over the radio. He checks with the Vessel Traffic Service to see if there's anything to be looking out for. Just one other big ship, but also lots of small boats, enjoying the calm water, which could be hazards. Not a problem for this captain -- he has a giant screen on the bridge, which overlays the environment around his vessel with an augmented reality view. He can navigate the Baltic Discoverer confidently out of Finland's Helsinki Port using the computer-enhanced vision of the world, with artificial intelligence spotting and labeling every other water user, the shore, and navigation markers.

This not-too-far-in-the-future vision comes from Rolls-Royce. (One iteration of it, anyway: The Rolls-Royce car company, the jet engine maker, and this marine-focused enterprise all have different corporate owners.) The view provided to the crew of the (fictional) Baltic Discoverer is an example of the company's Intelligent Awareness system, which mashes together data from sensors all over a vessel, to give its humans a better view of the world. But that's just the early part of the plan. Using cameras, lidar, and radar, Rolls wants to make completely autonomous ships. And it's already running trials around the world.

"Tugs, ferries, and short-sea transport, these are all classes of vessels that we believe would be suitable for completely autonomous operations, monitored by a land based crew, who get to go home every night," says Kevin Daffey, Rolls-Royce's director of marine engineering and technology. Suitable, because they all currently rely on humans who demand to be paid -- and can make costly mistakes. Over the past decade, there have been more than 1,000 total losses of large ships, and at least 70 percent of those resulted from human error. [...] Moreover, the economic case for automating shipping is clear: About 100,000 large vessels are currently sailing the world's oceans, and the amount of cargo they carry is projected to grow around 4 percent a year, according to the United Nations Conference on Trade and Development. Beyond preventing accidents, human-free ships could be 15 percent more efficient to run, because they don't need energy-gobbling life support systems, doing things like heating, cooking, and lugging drinking water along for the ride.

At Wired's 25th anniversary summit, Google CEO Sundar Pichai said the company's internal tests developing a censored search engine in China have been very promising. Pichai is strengthening his commitment on the controversial search engine, codenamed Project Dragonfly, saying the potential to expose the world to more information is guiding Google's push into China. "We are compelled by our mission [to] provide information to everyone, and [China is] 20 percent of the world's population." Wired reports: Pichai was careful to emphasize that this was a decision that weighs heavy on the company. "People don't understand fully, but you're always balancing a set of values," in every new country, he said. Those values include providing access to information, freedom of expression, and user privacy. "But we also follow the rule of law in every country," he said. This is a reversal of a decision from about eight years, when Google pulled its search engine, which was also censored, from the Chinese market. Pichai said the time had come to reevaluate that choice. "It's a wonderful, innovative market. We wanted to learn what it would look like if we were in China, so that's what we built internally," Pichai said. "Given how important the market is and how many users there are," he added, "we feel obliged to think hard about this problem and take a longer-term view." In response to the company's decision to back out of a project with the Department of Defense, nicknamed Project Maven, to build AI and facial recognition technology, and the employee concerns surrounding it, Pichai said: "Throughout Google's history, we've given our employees a lot of voice and say. But we don't run the company by holding referendums. It's an important input. We take it seriously." On the issue of Maven, however, "it's more also the debate within the AI Community around how you perceive our work in the area."

Blue Origin founder Jeff Bezos predicted Monday that we'll have one trillion humans in the solar system one day -- and he showed off how the rocket company plans to help get there. "I won't be alive to see the fulfillment of that long term mission," Bezos said at the Wired 25th anniversary summit in San Francisco. "We are starting to bump up against the absolute true fact that Earth is finite." From a report: Blue Origin's aim is to lower the cost of access to space, Bezos said. Elon Musk's SpaceX and Richard Branson's Virgin Galactic are also eyeing commercial space travel. "The dynamism that I have seen over the last 20 years in the internet where incredible things have happened in really short periods of time," Bezos said. "We need thousands of companies. We need the same dynamism in space that we've seen online over the last 20 years. And we can do that." Further reading: Jeff Bezos Wants Us All to Leave Earth -- for Good.