Slashdot Mirror

Even as Apple has addressed some of the concerns outlined by iOS developers in the recent years, many say it's not enough. As the iOS App Store approaches its tenth anniversary, some app developers are still arguing for better App Store policies, ones that they say will allow them to make a better living as independent app makers. On Friday, a small group of developers, including one who recently made a feature-length film about the App Store and app culture, are forming a union to lobby for just that. From a report: In an open letter to Apple that published this morning, a group identifying themselves as The Developers Union wrote that "it's been difficult for developers to earn a living by writing software" built on Apple's existing values. The group then asked Apple to allow free trials for apps, which would give customers "the chance to experience our work for themselves, before they have to commit to making a purchase."

The grassroots effort is being lead by Jake Schumacher, the director of App: The Human Story; software developer Roger Ogden and product designer Loren Morris, who both worked for a timesheet app that was acquired last year; and Brent Simmons, a veteran developer who has made apps like NetNewsWire, MarsEdit, and Vesper, which he co-created with respected Apple blogger John Gruber.

An anonymous reader quotes a report from Wired: The ubiquitous email encryption schemes PGP and S/MIME are vulnerable to attack, according to a group of German and Belgian researchers who posted their findings on Monday. The weakness could allow a hacker to expose plaintext versions of encrypted messages -- a nightmare scenario for users who rely on encrypted email to protect their privacy, security, and safety. The weakness, dubbed eFail, emerges when an attacker who has already managed to intercept your encrypted emails manipulates how the message will process its HTML elements, like images and multimedia styling. When the recipient gets the altered message and their email client -- like Outlook or Apple Mail -- decrypts it, the email program will also load the external multimedia components through the maliciously altered channel, allowing the attacker to grab the plaintext of the message.

The eFail attack requires hackers to have a high level of access in the first place that, in itself, is difficult to achieve. They need to already be able to intercept encrypted messages, before they begin waylaying messages to alter them. PGP is a classic end-to-end encryption scheme that has been a go-to for secure consumer email since the late 1990s because of the free, open-source standard known as OpenPGP. But the whole point of doing the extra work to keep data encrypted from the time it leaves the sender to the time it displays for the receiver is to reduce the risk of access attacks -- even if someone can tap into your encrypted messages, the data will still be unreadable. eFail is an example of these secondary protections failing.

You would think that after decades of analyzing and fighting email spam, there'd be a fix by now for the internet's oldest hustle -- the Nigerian Prince scam. But the problem, a new report suggests, has only grown to become more widespread and sophisticated. From the report: There's generally more awareness that a West African noble demanding $1,000 in order to send you millions is a scam, but the underlying logic of these "pay a little, get a lot" schemes, also known as 419 fraud, still ensnares a ton of people. In fact, groups of fraudsters in Nigeria continue to make millions off of these classic cons. And they haven't just refined the techniques and expanded their targets -- they've gained minor celebrity status for doing it.

On Thursday, the security firm Crowdstrike published detailed findings on Nigerian confraternities, cultish gangs that engage in various criminal activities and have steadily evolved email fraud into a reliable cash cow. The groups, like the notorious Black Axe syndicate, have mastered the creation of compelling and credible-looking fraud emails. Crowdstrike notes that the groups aren't very regimented or technically sophisticated, but flexibility and camaraderie still allow them to develop powerful scams.

A recent Bloomberg article describes Elon Musk's "bizarre" conference call on Wednesday -- and its aftermath on Wall Street. Elon Musk told investors not to buy Tesla Inc. shares if they can't stomach volatility. They got the message. The comments -- part of a bizarre, heated conference call after the close Wednesday -- sent the electric-car maker's stock plunging. Tesla fell as much as 8.6 percent Thursday after the chief executive officer rejected analysts' questions on another quarter in which the company burned more than $1 billion in cash.
Investors had shorted a total of more than 40 million shares by Thursday -- the most ever in Tesla history -- and despite a rise in Tesla's stock price on Friday, they shorted 500,000 more shares.

Wired argues that Musk "clearly is avoiding some hard questions about Tesla's financial viability. But it's equally true that the call exposed how limited Wall Street can be about visions for the future and what it takes to create new templates for doing old things." This clash was highlighted by Musk's response to "sober questions by respected Wall Street analysts" like Toni Sacconaghi.

Musk brushed him off, sniping that "bonehead, boring questions are not cool." To add insult to that injury, Musk then fielded questions from a YouTube user, who proceeded to dominate a call normally open only to significant Wall Street analysts. That did not sit well with the Street, and Sacconaghi lambasted Musk the next day on CNBC with the rather clever jab, "This is a financial analyst call, this is not a TED talk."

Friday, Musk returned fire, with tweets asserting that the question was boneheaded because the analyst already knew the answer and was asking purely to advocate a negative thesis about the company.
But Barron's replayed the conference call, and argued that Musk was mistaken, reporting that "the analyst wanted to know about capital requirements, not expenditures."

An anonymous reader writes: "Amazon, but for Crispr." It's a notion that may sound far-fetched -- but it's exactly what Synthego, a Silicon Valley biotech startup, wants to be. Synthego's first product let scientists order a custom Crispr kit and have it delivered within a week; in the next few weeks, the startup will add custom Crispr'd human cell lines to its on-demand offerings, which will help scientists working on potentially life-saving medicines. Crispr, as this WIRED guide explains, "is a new class of molecular tools that scientists can use to precisely target and cut any kind of genetic material." It's revolutionizing biology -- but neither of Synthego's founders is a biologist. Turns out, in the ever-expanding industry around genome engineering, that's hardly a disqualifier.

Across the country, companies are trying to snag a seat on the fast-moving Crispr train. There's Inscripta, which is gunning to be the Apple of gene-editing by building the biological equivalent of the personal computer. In theory, that hardware will make gene editing as easy as pushing a button. And then there's Twist Biosciences, which can print out a powerful Crispr guide (the tool that identifies the bits of genetic code a scientist is hoping to target) on a single semiconductor chip -- the Intel of genome engineering, if you will. As Megan Molteni writes, "all these analogies to the computing industry are more than just wordplay." Rather, they offer a language for understanding the complex world of Crispr. "Crispr is making biology more programmable than ever before," Molteni writes. "And the biotech execs staking their claims in Crispr's backend systems have read their Silicon Valley history. They're betting biology will be the next great computing platform, DNA will be the code that runs it, and Crispr will be the programming language."

An anonymous reader writes: "Amazon, but for Crispr." It's a notion that may sound far-fetched -- but it's exactly what Synthego, a Silicon Valley biotech startup, wants to be. Synthego's first product let scientists order a custom Crispr kit and have it delivered within a week; in the next few weeks, the startup will add custom Crispr'd human cell lines to its on-demand offerings, which will help scientists working on potentially life-saving medicines. Crispr, as this WIRED guide explains, "is a new class of molecular tools that scientists can use to precisely target and cut any kind of genetic material." It's revolutionizing biology -- but neither of Synthego's founders is a biologist. Turns out, in the ever-expanding industry around genome engineering, that's hardly a disqualifier.

Across the country, companies are trying to snag a seat on the fast-moving Crispr train. There's Inscripta, which is gunning to be the Apple of gene-editing by building the biological equivalent of the personal computer. In theory, that hardware will make gene editing as easy as pushing a button. And then there's Twist Biosciences, which can print out a powerful Crispr guide (the tool that identifies the bits of genetic code a scientist is hoping to target) on a single semiconductor chip -- the Intel of genome engineering, if you will. As Megan Molteni writes, "all these analogies to the computing industry are more than just wordplay." Rather, they offer a language for understanding the complex world of Crispr. "Crispr is making biology more programmable than ever before," Molteni writes. "And the biotech execs staking their claims in Crispr's backend systems have read their Silicon Valley history. They're betting biology will be the next great computing platform, DNA will be the code that runs it, and Crispr will be the programming language."

A coalition of Silicon Valley tech giants has doubled down on its criticism of encryption backdoors following a proposal that would give law enforcement access to locked and encrypted devices. From a report: The group, which focuses on efforts to reform government surveillance, said in a statement that it continues to advocate for strong encryption, and decried attempts to undermine the technology. "Recent reports have described new proposals to engineer vulnerabilities into devices and services -- but they appear to suffer from the same technical and design concerns that security researchers have identified for years," the statement read. The renewed criticism follows a lengthy Wired article, in which former Microsoft software chief Ray Ozzie proposed a new spin on key escrow. Device encryption has hampered police investigations, and law enforcement officials have pushed tech companies to fix the problem -- even by way of suing them.

In a world where artificial intelligence is no longer just a Spielberg-Kubrick collaboration, could algorithms be better at picking the next big blockbuster than studio execs? From a report: "Filmmakers are getting closer to understanding what moviegoers go to theaters to see thanks to neural networks fed off of data from previous box office hits," says Landon Starr, the head of data science at Clearlink, which uses machine learning to help companies understand consumer behavior. "Although this technology isn't spot-on quite yet, AI-powered predictions are likely stronger than the human calculations used in the past." And they're advancing quickly.

Vault, an Israeli startup founded in 2015, is developing a neural-network algorithm based on 30 years of box office data, nearly 400,000 story features found in scripts, and data like film budgets and audience demographics to estimate a movie's opening weekend. The company is only a couple years in, but founder David Stiff recently said that roughly 75 percent of Vault's predictions "come 'pretty close'" to films' actual opening grosses.

Scriptbook takes a similar approach, using its own AI platform to predict a movie's success based on the screenplay only. The Antwerp startup's AI analyzed 62 movies from 2015 and 2016, and claims it was able to successfully predict the box office failure or success of 52 of them, judging 30 movies correctly as profitable and 22 movies correctly as not profitable.

Google co-founder Sergey Brin has warned that the current boom in artificial intelligence has created a "technology renaissance" that contains many potential threats. In the company's annual Founders' Letter, the Alphabet president struck a note of caution. "The new spring in artificial intelligence is the most significant development in computing in my lifetime," writes Brin. "Every month, there are stunning new applications and transformative new techniques." But, he adds, "such powerful tools also bring with them new questions and responsibilities." From a report: When Google was founded in 1998, Brin writes, the machine learning technique known as artificial neural networks, invented in the 1940s and loosely inspired by studies of the brain, was "a forgotten footnote in computer science." Today the method is the engine of the recent surge in excitement and investment around artificial intelligence. The letter unspools a partial list of where Alphabet uses neural networks, for tasks such as enabling self-driving cars to recognize objects, translating languages, adding captions to YouTube videos, diagnosing eye disease, and even creating better neural networks.

Brin nods to the gains in computing power that have made this possible. He says the custom AI chip running inside some Google servers is more than a million times more powerful than the Pentium II chips in Google's first servers. In a flash of math humor, he says that Google's quantum computing chips might one day offer jumps in speed over existing computers that can be only be described with the number that gave Google its name, a googol, or a 1 followed by 100 zeroes.

As you might expect, Brin expects Alphabet and others to find more uses for AI. But he also acknowledges that the technology brings possible downsides. "Such powerful tools also bring with them new questions and responsibilities," he writes. AI tools might change the nature and number of jobs, or be used to manipulate people, Brin says -- a line that may prompt readers to think of concerns around political manipulation on Facebook. Safety worries range from "fears of sci-fi style sentience to the more near-term questions such as validating the performance of self-driving cars," Brin writes.

On the sidelines of Gmail's big refresh push, Google also released a new app called Google Tasks. It's a simple app that aims to help users manage their work and home tasks. But it's being talked about for one more reason. From a blog post: Unlike most of their other apps, though, Tasks uses an inconsistent mix of Roboto, their old brand typeface, and Product Sans, their new one. The two faces don't look good together -- it's like when Apple shipped apps that used both Helvetica and Lucida Grande. According to their announcement of Product Sans and their new logo, the typeface was supposed to be used in promotional materials and lockups, but there's no mention of it being used for product UIs. In fact, the only other product I can find that has this same inconsistent mix is the new Gmail.com, also previewed today.

It isn't just about what these typefaces look like, either, but how they're used. For example, when entering a new task, the name of the task is set in Product Sans; when it is added to the list, it becomes Roboto. Tapping on the task takes you to a details view where, now, the name of the task is in Product Sans. There are three options to add more information: if you want to add details, you'll do it in Roboto, but adding a due date will be in Product Sans. The "add subtasks" button -- well, text in the same grey as everything else except other buttons that are blue -- is set in Product Sans, but the tasks are set in Roboto.

NCSA Mosaic 1.0, the first web browser to achieve popularity among the general public, was released on April 22, 1993. It was developed by a team of students at the University of Illinois' National Center for Supercomputing Applications (NCSA), and had the ability to display text and images inline, meaning you could put pictures and text on the same page together, in the same window. Wired reports: It was a radical step forward for the web, which was at that point, a rather dull experience. It took the boring "document" layout of your standard web page and transformed it into something much more visually exciting, like a magazine. And, wow, it was easy. If you wanted to go somewhere, you just clicked. Links were blue and underlined, easy to pick out. You could follow your own virtual trail of breadcrumbs backwards by clicking the big button up there in the corner. At the time of its release, NCSA Mosaic was free software, but it was available only on Unix. That made it common at universities and institutions, but not on Windows desktops in people's homes.

The NCSA team put out Windows and Mac versions in late 1993. They were also released under a noncommercial software license, meaning people at home could download it for free. The installer was very simple, making it easy for just about anyone to get up and running on the web. It was then that the excitement really began to spread. Mosaic made the web come to life with color and images, something that, for many people, finally provided the online experience they were missing. It made the web a pleasure to use.

No random number generator you've ever used is truly, provably random. Until now, that is. Researchers have used an experiment developed to test quantum mechanics to generate demonstrably random numbers, which could come in handy for encryption. From a report: The method uses photons to generate a string of random ones and zeros, and leans on the laws of physics to prove that these strings are truly random, rather than merely posing as random. The researchers say their work could improve digital security and cryptography. The challenge for existing random number generators is not only creating truly random numbers, but proving that those numbers are random. "It's hard to guarantee that a given classical source is really unpredictable," says Peter Bierhorst, a mathematician at the National Institute of Standards and Technology (NIST), where this research took place. "Our quantum source and protocol is like a fail-safe. We're sure that no one can predict our numbers." For example, random number algorithms often rely on a source of data which may ultimately prove predictable, such as atmospheric noise. And however complex the algorithm, it's still applying consistent rules. Despite these potential imperfections, these methods are relied on in the day-to-day encryption of data. This team's method, however, makes use of the properties of quantum mechanics, or what Einstein described as "spooky action at a distance." Further reading: Wired, LiveScience, and CNET.

Google is betting that algorithms that understand images and text will draw business to its cloud services, make augmented reality popular, and prompt us to search using our smartphone cameras. From a report: The search company's machine learning systems work best on material from a few rich parts of the world, like the US. They stumble more frequently on data from less affluent countries -- particularly emerging economies like India that Google is counting on to maintain its growth. "We have a very sparse training data set from parts of the world that are not the United States and Western Europe," says Anurag Batra, a researcher at Google.

When Batra travels to his native Delhi, he says Google's AI systems become less smart. Now, he leads a project trying to change that. "We can understand pasta very well, but if you ask about pesarattu dosa, or anything from Korea or Vietnam, we're not very good," Batra says. To fix the problem, Batra is tapping the brains and phones of some of Google's billions of users. His team built an app called Crowdsource that asks people to perform quick tasks like checking the accuracy of Google's image-recognition and translation algorithms. Starting this week, the Crowdsource app also asks users to take and upload photos of nearby objects.

Earlier this week, Emmanuel Macron, President of France, pledged to spend $1.9 billion over the next five years and allow expanded data-sharing to help make France a leader in artificial intelligence. In an interview with Wired, Emmanuel Macron, President of France, explained why he is making big investments to bring France into the "winner takes all" race with the U.S. and China on artificial intelligence. An interesting quote, "At some point, as citizens, people will say, 'I want to be sure that all of this personal data is not used against me, but used ethically, and that everything is monitored. I want to understand what is behind this algorithm that plays a role in my life." An excerpt from the story: AI will raise a lot of issues in ethics, in politics, it will question our democracy and our collective preferences. For instance, if you take healthcare: you can totally transform medical care making it much more predictive and personalized if you get access to a lot of data. We will open our data in France. I made this decision and announced it this afternoon. But the day you start dealing with privacy issues, the day you open this data and unveil personal information, you open a Pandora's Box, with potential use cases that will not be increasing the common good and improving the way to treat you.

In particular, it's creating a potential for all the players to select you. This can be a very profitable business model: this data can be used to better treat people, it can be used to monitor patients, but it can also be sold to an insurer that will have intelligence on you and your medical risks, and could get a lot of money out of this information. The day we start to make such business out of this data is when a huge opportunity becomes a huge risk. It could totally dismantle our national cohesion and the way we live together. This leads me to the conclusion that this huge technological revolution is in fact a political revolution.

Researchers have discovered flaws in Monero, a digital currency that boasts a high degree of anonymity, that could lead to the identification of users. From a report: Monero is designed to mix up any given Monero "coin" with other payments, so that anyone scouring Monero's blockchain can't link it to any particular identity or previous transaction from the same source. But in a recent paper, a team of researchers from a broad collection of institutions -- including Princeton, Carnegie Mellon, Boston University, MIT, and the University of Illinois at Urbana-Champaign -- point to flaws in that mixing that make it possible to nonetheless extract individual transactions.

That shouldn't just worry anyone trying to stealthily spend Monero today. It also means evidence of earlier not-quite-untraceable payments remain carved into Monero's blockchain for years to come, visible for any snoop that cares to look.

An anonymous reader quotes a report from Quartz: Zuckerberg should have heeded what he heard from the late Steve Jobs eight years ago. Then, when the social network had a measly half-billion users, Jobs spoke at The Wall Street Journal's AllThingsD conference, where Zuckerberg was in the audience, waiting to be interviewed himself, and described what privacy meant. Journalist Walt Mossberg asked Jobs his thoughts on recent privacy issues around Facebook (which at the time was revamping its privacy controls after criticism it was forcing people to share data) and Google (which was literally recording private wifi information), and whether Silicon Valley looks at privacy differently than the rest of the world.

"Silicon Valley is not monolithic," Jobs responded, "We've always had a very different view of privacy than some of our colleagues in the Valley." Apple, for instance, does not leave it up to developers to decide whether to be dutiful about warning users that their apps are tracking their location data, instead forcing pop-ups on users to alert them that an app is tracking them, and to turn off that ability if they don't want. "We do a lot of things like that, to ensure that people know what these apps are doing," he added. It's a stance his successor, Tim Cook, still holds. Mossberg then asked Jobs if that applied to Apple's own apps in the cloud. Here's what Jobs said: "Privacy means people know what they're signing up for, in plain English, and repeatedly. I'm an optimist; I believe people are smart, and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you're going to do with their data." If the company had been more forthright about how developers could take data shared with them by Facebook users and sold to third parties, it may not have been in the mess it's in today. Additionally, TechCrunch reports that Zuckerberg was warned about app permissions in 2011 by European privacy campaigner and lawyer Max Schrems. "In August 2011, Schrems filed a complaint with the Irish Data Protection Commission exactly flagging the app permissions data sinkhole (Ireland being the focal point for the complaint because that's where Facebook's European HQ is based)."

"[T]his means that not the data subject but 'friends' of the data subject are consenting to the use of personal data," wrote Schrems in the 2011 complaint, fleshing out consent concerns with Facebook's friends' data API. "Since an average facebook user has 130 friends, it is very likely that only one of the user's friends is installing some kind of spam or phishing application and is consenting to the use of all data of the data subject. There are many applications that do not need to access the users' friends personal data (e.g. games, quizzes, apps that only post things on the user's page) but Facebook Ireland does not offer a more limited level of access than 'all the basic information of all friends.'" [...] "The data subject is not given an unambiguous consent to the processing of personal data by applications (no opt-in). Even if a data subject is aware of this entire process, the data subject cannot foresee which application of which developer will be using which personal data in the future. Any form of consent can therefore never be specific," he added. It took Facebook from September 2012 until May 2014 and May 2015 to implement changes and tighten app permissions.

Long-time Slashdot reader Lauren Weinstein argues that fixing Facebook may be impossible because "Facebook's entire ecosystem is predicated on encouraging the manipulation of its users by third parties who posses the skills and financial resources to leverage Facebook's model. These are not aberrations at Facebook -- they are exactly how Facebook was designed to operate." Meanwhile one fund manager is already predicting that sooner or later every social media platform "is going to become MySpace," adding that "Nobody young uses Facebook," and that the backlash over Cambridge Analytica "quickens the demise."

But Slashdot reader silvergeek asks, "is there a safe, secure, and ethical alternative?" to which tepples suggests "the so-called IndieWeb stack using the h-entry microformat." He also suggests Diaspora, with an anonymous Diaspora user adding that "My family uses a server I put up to trade photos and posts... Ultimately more people need to start hosting family servers to help us get off the cloud craze... NethServer is a pretty decent CentOS based option."

Meanwhile Slashdot user Locke2005 shared a Washington Post profile of Mastodon, "a Twitter-like social network that has had a massive spike in sign-ups this week." Mastodon's code is open-source, meaning anybody can inspect its design. It's distributed, meaning that it doesn't run in some data center controlled by corporate executives but instead is run by its own users who set up independent servers. And its development costs are paid for by online donations, rather than through the marketing of users' personal information... Rooted in the idea that it doesn't benefit consumers to depend on centralized commercial platforms sucking up users' personal information, these entrepreneurs believe they can restore a bit of the magic from the Internet's earlier days -- back when everything was open and interoperable, not siloed and commercialized.
The article also interviews the founders of Blockstack, a blockchain-based marketplace for apps where all user data remains local and encrypted. "There's no company in the middle that's hosting all the data," they tell the Post. "We're going back to the world where it's like the old-school Microsoft Word -- where your interactions are yours, they're local and nobody's tracking them." On Medium, Mastodon founder Eugene Rochko also acknowledges Scuttlebutt and Hubzilla, ending his post with a message to all social media users: "To make an impact, we must act."

Lauren Weinstein believes Google has already created an alternative to Facebook's "sick ecosystem": Google Plus. "There are no ads on Google+. Nobody can buy their way into your feed or pay Google for priority. Google doesn't micromanage what you see. Google doesn't sell your personal information to any third parties..." And most importantly, "There's much less of an emphasis on hanging around with those high school nitwits whom you despised anyway, and much more a focus on meeting new persons from around the world for intelligent discussions... G+ posts more typically are about 'us' -- and tend to be far more interesting as a result." (Even Linus Torvalds is already reviewing gadgets there.)

Wired has also compiled their own list of alternatives to every Facebook service. But what are Slashdot's readers doing for their social media fix? Leave your own thoughts and suggestions in the comments.

Is there a good alternative to Facebook?

An anonymous reader writes: That's the conclusion that two sociologists came to after observing seven hackathons over the period of one year, reports Wired. In "Hackathons As Co-optation Ritual: Socializing Workers and Institutionalizing Innovation in the 'New' Economy," sociologists Sharon Zukin and Max Papadantonakis argue that companies use the allure of hackathons to get people to work for free. They says sponsors fuel the "romance of digital innovation by appealing to the hackers' aspiration to be multi-dimensional agents of change" when in fact the hackathons are just a means of labor control.

An anonymous reader quotes a report from WIRED: The people of Sweetwater, Florida were supposed to wait until early 2019 for the Florida International University-Sweetwater University City Bridge to open. Instead, they will wait about that long for an official assessment from the National Transportation Safety Board of why it collapsed just five days after its installation, killing at least six people. In the immediate aftermath of the disaster, many queries have centered on the unconventional technique used to build the bridge, something called Accelerated Bridge Construction, or ABC. But ABC is more complicated than its acronym suggests -- and it's hardly brand new. ABC refers to dozens of construction methods, but at its core, it's about drastically reducing on-site construction time. Mostly, that relies on pre-fabricating things like concrete decks, abutments, walls, barriers, and concrete topped steel girders, and hauling them to the work site. There, cranes or specialized vehicles known as Self-Propelled Modular Transporter install them. A video posted online by Florida International University, which helped fund the bridge connects to its campus, showed an SPMT lifting and then lowering the span into place.

In a now-deleted press release, the university called the "largest pedestrian bridge moved via SPMT in U.S. history," but that doesn't seem to mean much, engineering-wise. SPMTs have been around since the 1970s, and have moved much heavier loads. In 2017, workers used a 600-axle SPMT to salvage the 17,000 ton ferry that sank off the coast of South Korea in 2014. The ABC technique is much more expensive than building things in place, but cities and places like FIU like it for a specific reason: Because most of the work happens far away, traffic goes mostly unperturbed. When years- or months-long construction projects can have serious effects on businesses and homes, governments might make up the money in the long run. Workers installed this collapsed span in just a few hours. These accelerated techniques are also much safer for workers, who do most their work well away from active roads. The report goes on to note that the bridge collapse is still under investigation and the search for a culprit is ongoing. "The answers could run the gamut, from design flaws to fabrication flubs to installation issues," reports WIRED. As of publication, The Washington Post is reporting that an engineer called the state to report cracking two days before its collapse.

An anonymous reader writes: If aliens ever do come across the Pioneer spacecraft and make assumptions about the entire human species based on the man and woman etched onto the plaque it carries, this is what they will think of us: We all look like white people; we all look about 30ish years old; we do not wear clothes. It's a problem you encounter anytime you have to choose a few individuals to represent an entire group, and it's one that the editors of Wikipedia have debated for years: What image should grace the top of the "human" entry in the online dictionary?

The photo that's there now, after years of feverish debate, is of an Akha couple from a region of Thailand along the Mekong river. "The photo of the Akha couple remain humanity's type specimens on Wikipedia," writes author Ellen Airhart. "Just as a shriveled northeastern leopard frog at the University of Michigan Museum of Zoology represents its whole species, so this couple stands for all of us."

Such musing about the taxonomic representation of the human species could actually have a big impact on our digital future. "Future scientists will have to teach computers, not aliens, to recognize the human image. Right now, software engineers program artificial intelligence to recognize people by feeding them millions of pictures of faces," she writes. "But whose faces? Computer scientists run into the same questions about gender, race, and culture that the Wikipedia editors encountered. Being able to use more than one photo expands the conversation but does not necessarily make it easier."

An anonymous reader writes: San Francisco Bay Area residents have long been aware of the threat that sea level rise poses to their coastal existence -- but things suddenly look a lot more serious. A new study examines the simultaneous phenomena of rising sea levels and subsiding coastal land, and as Wired reports, the situation is pretty dire. Models that factor in just sea level rise predict that at least 20 square miles could be underwater by 2100. Once you add in subsiding land, that jumps to nearly 50 square miles, and could get as bad as 165 square miles. Or, put another way, by the end of the century, half of the runways and taxiways at San Francisco Airport could be submerged.

The study found that most of the Bay's coastline is sinking at a rate of less than 2 millimeters a year -- and while that may not sound like a lot, the millimeters can add up fast. "You talk to someone about, 'Oh the land is going down a millimeter a year,' and that can be kind of unimpressive," says William Hammond, a researcher at the University of Nevada Reno who studies subsidence (but was not involved in this particular project). "But we know as scientists that these motions, especially if they come from plate tectonics, that they are relentless and they will never stop, at least as long as we're alive on this planet."

An anonymous reader shares a report: In 1965, tech pioneer Gordon Moore noticed a trend: The number of components on an integrated circuit was doubling every year. Long story short: The world of bits was transformed. Could the same thing be happening now -- to the world of atoms? Neil Gershenfeld thinks it is. He's the MIT professor who in 2003 helped create the first "fab lab": a roomful of computer-guided fabrication tools, like laser cutters and mills for carving materials, that allows everyday people to create things with a precision normally available only to a Boeing or Siemens.

In 2009, Gershenfeld helped set up the Fab Foundation in part to help people make products they needed that the mass market wasn't providing. It took off. Indian farmers used fab labs to create instruments to verify the quality of milk; a Kenyan engineering student made "vein finder" tools for doctors. By 2016 there were more than 1,000 fab labs worldwide. Then Sherry Lassiter, who leads the Fab Foundation and is known as "Lass," noticed that the global total was doubling every year. It looked just like Moore's law! Now there's Lass' law -- the prediction that the number of fab labs, or such tools, will double roughly every year and a half. Why would this be happening? It's part inspiration (people hear about the labs and want their own) and, as with Moore's law, technical progress: The machinery has gotten cheaper and more digitized. If Lass' law continues, custom fabrication will explode.

A 1.35 terabit-per-second DDoS attack hit GitHub all at once last Wednesday. "It was the most powerful distributed denial of service attack recorded to date -- and it used an increasingly popular DDoS method, no botnet required," reports Wired. From the report: GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its DDoS mitigation service, Akamai Prolexic. Prolexic took over as an intermediary, routing all the traffic coming into and out of GitHub, and sent the data through its scrubbing centers to weed out and block malicious packets. After eight minutes, attackers relented and the assault dropped off. "We modeled our capacity based on fives times the biggest attack that the internet has ever seen," Josh Shaul, vice president of web security at Akamai told WIRED hours after the GitHub attack ended. "So I would have been certain that we could handle 1.3 Tbps, but at the same time we never had a terabit and a half come in all at once. It's one thing to have the confidence. It's another thing to see it actually play out how you'd hope."

Akamai defended against the attack in a number of ways. In addition to Prolexic's general DDoS defense infrastructure, the firm had also recently implemented specific mitigations for a type of DDoS attack stemming from so-called memcached servers. These database caching systems work to speed networks and websites, but they aren't meant to be exposed on the public internet; anyone can query them, and they'll likewise respond to anyone. About 100,000 memcached servers, mostly owned by businesses and other institutions, currently sit exposed online with no authentication protection, meaning an attacker can access them, and send them a special command packet that the server will respond to with a much larger reply.

Louise Matsakis, writing for Wired: The internet is full of Facebook users frustrated with how the company handles malware threats. For nearly four years, people have complained about Facebook's anti-malware scan on forums, Twitter, Reddit, and on personal blogs. The problems appear to have gotten worse recently. While the service used to be optional, Facebook now requires it if it flags your device for malware. And according to screenshots reviewed by WIRED from people recently prompted to run the scan, Facebook also no longer allows every user to select what type of device they're on. The malware scans likely only impact a relatively small population of Facebook's billions of users, some of whose computers may genuinely be infected. But even a fraction of Facebook's users still potentially means millions of impacted people.

The mandatory scan has caused widespread confusion and frustration; WIRED spoke to people who had been locked out of their accounts by the scan, or simply baffled by it, on four different continents. The mandatory malware scan has downsides beyond losing account access. Facebook users also frequently report that the feature is poorly designed, and inconsistently implemented. In some cases, if a different user logs onto Facebook from the same device, they sometimes won't be greeted with the malware message. Similarly, if the "infected" user simply switches browsers, the message also appears to occasionally go away.

An anonymous reader writes: You've arrived at the airport early. You have already selected the perfect seat. You've employed all possible tricks for making the check-in and security processes zoom by. But there's still some blood-pressure-raising chaos you can't avoid: boarding. From impatient fellow travelers who are determined to beat you onto the plane to passengers who insist on jamming their too-big carry-ons into overhead bins, making your way to your seat can be straight-up hellish -- and Wired's Alex Davies offers up a cheery explanation of why the situation is unlikely to improve any time soon. It's not that airlines aren't trying. In fact, United is in the middle of a months-long test at LAX that involves splitting its five groups of passengers into two lines, instead of five, to see whether that will make boarding less painful. But there are some basic measures that airlines could be taking to speed things up -- offering free baggage check, for instance, or cutting down on early boarding perks -- if they weren't so worried about their bottom lines. "The question for the airlines, then, is not how to get everyone onto a plane as quickly as possible," Davies writes. "It's how to get everyone onto a plane as quickly as possible while still charging them extra for bags, doting on the regular customers, and maintaining the system that, like all class structures, serves whoever built it."

An anonymous reader quotes a report from Wired: In the wake of Wednesday's Parkland, Florida school shooting, which resulted in 17 deaths, troll and bot-tracking sites reported an immediate uptick in related tweets from political propaganda bots and Russia-linked Twitter accounts. Hamilton 68, a website created by Alliance for Securing Democracy, tracks Twitter activity from accounts it has identified as linked to Russian influence campaigns. On RoBhat Labs' Botcheck.me, a website created by two Berkeley students to track 1500 political propaganda bots, all of the top two-word phrases used in the last 24 hours -- excluding President Trump's name -- are related to the tragedy: School shooting, gun control, high school, Florida school. The top hashtags from the last 24 hours include Parkland, guncontrol, and guncontrolnow.

While RoBhat Labs tracks general political bots, Hamilton 68 focuses specifically on those linked to the Russian government. According to the group's data, the top link shared by Russia-linked accounts in the last 48 hours is a 2014 Politifact article that looks critically at a statistic cited by pro-gun control group Everytown for Gun Safety. Twitter accounts tracked by the group have used the old link to try to debunk today's stats about the frequency of school shootings. Another top link shared by the network covers the "deranged" Instagram account of the shooter, showing images of him holding guns and knives, wearing army hats, and a screenshot of a Google search of the phrase "Allahu Akbar." Characterizing shooters as deranged lone wolves with potential terrorist connections is a popular strategy of pro-gun groups because of the implication that new gun laws could not have prevented their actions. Meanwhile, some accounts with large bot followings are already spreading misinformation about the shooter's ties to far-left group Antifa, even though the Associated Press reported that he was a member of a local white nationalist group. The Twitter account Education4Libs, which RoBhat Labs shows is one among the top accounts tweeted at by bots, is among the prominent disseminators of that idea.

Fast Company: Facebook unveiled this kid-friendly version of its signature messaging service in December, while the YouTube Kids scandal was in full swing. Messenger Kids, Facebook said, had been designed to serve as a "fun, safer solution" for family communications. It would be available for children as young as 6, the company said. To forestall criticism, Facebook asserted that the app had been developed alongside thousands of parents and a dozen expert advisors. But it looks like many of those outside experts were funded with Facebook dollars. According to Wired, "At least seven members of Facebook 13-person advisory board have some kind of financial tie to the company." Those advisors include the National PTA, Blue Star Families, Connect Safely, and the Yale Center for Emotional Intelligence.

An anonymous reader shares a report: In December of 2016, Google announced it had fixed a troubling quirk of its autocomplete feature: When users typed in the phrase, "are jews," Google automatically suggested the question, "are jews evil?" Almost a year after removing the "are jews evil?" prompt, Google search still drags up a range of awful autocomplete suggestions for queries related to gender, race, religion, and Adolf Hitler. Google appears still unable to effectively police results that are offensive, and potentially dangerous -- especially on a platform that two billion people rely on for information. Like journalist Carol Cadwalladr, who broke the news about the "are jews evil" suggestion in 2016, I too felt a certain kind of queasiness experimenting with search terms like, "Islamists are," "blacks are," "Hitler is," and "feminists are." The results were even worse. For the term "Islamists are," Google suggested I might in fact want to search, "Islamists are not our friends," or "Islamists are evil." For the term, "blacks are," Google prompted me to search, "blacks are not oppressed." The term "Hitler is," autocompleted to, among other things, "Hitler is my hero."

Steve Kovach, writing for BusinessInsider: To corporate giants like Facebook, leaks to rivals or the media are a cardinal sin. That notion was clear in a new Wired story about Facebook's rocky time over the last two years. The story talks about how Facebook was able to find two leakers who told a Gizmodo reporter about its news operations. But one source for the Wired story highlighted just how concerned employees are about how their company goes after leakers. According to the story, the source, a current Facebook employee, asked a Wired reporter to turn off his phone so Facebook wouldn't be able to use location tracking and see that the two were close to each other for the meeting. The Wired's 11,000-word wide-ranging piece, for which it spoke with more than 50 current and former Facebook employees, gives us an inside look at how the company has been struggling to curb spread of fake news; battling internal discrimination among employees; and becoming furious when anything leaks to the media. Another excerpt from the story: The day after Fearnow (a contractor who leaked information to a Gizmodo reporter) took that second screenshot was a Friday. When he woke up after sleeping in, he noticed that he had about 30 meeting notifications from Facebook on his phone. When he replied to say it was his day off, he recalls, he was nonetheless asked to be available in 10 minutes. Soon he was on a video-conference with three Facebook employees, including Sonya Ahuja, the company's head of investigations. According to his recounting of the meeting, she asked him if he had been in touch with Nunez (the Gizmodo reporter, who eventually published this and this). He denied that he had been. Then she told him that she had their messages on Gchat, which Fearnow had assumed weren't accessible to Facebook. He was fired. "Please shut your laptop and don't reopen it," she instructed him.

Steve Kovach, writing for BusinessInsider: To corporate giants like Facebook, leaks to rivals or the media are a cardinal sin. That notion was clear in a new Wired story about Facebook's rocky time over the last two years. The story talks about how Facebook was able to find two leakers who told a Gizmodo reporter about its news operations. But one source for the Wired story highlighted just how concerned employees are about how their company goes after leakers. According to the story, the source, a current Facebook employee, asked a Wired reporter to turn off his phone so Facebook wouldn't be able to use location tracking and see that the two were close to each other for the meeting. The Wired's 11,000-word wide-ranging piece, for which it spoke with more than 50 current and former Facebook employees, gives us an inside look at how the company has been struggling to curb spread of fake news; battling internal discrimination among employees; and becoming furious when anything leaks to the media. Another excerpt from the story: The day after Fearnow (a contractor who leaked information to a Gizmodo reporter) took that second screenshot was a Friday. When he woke up after sleeping in, he noticed that he had about 30 meeting notifications from Facebook on his phone. When he replied to say it was his day off, he recalls, he was nonetheless asked to be available in 10 minutes. Soon he was on a video-conference with three Facebook employees, including Sonya Ahuja, the company's head of investigations. According to his recounting of the meeting, she asked him if he had been in touch with Nunez (the Gizmodo reporter, who eventually published this and this). He denied that he had been. Then she told him that she had their messages on Gchat, which Fearnow had assumed weren't accessible to Facebook. He was fired. "Please shut your laptop and don't reopen it," she instructed him.

Jason Pontin, writing for Wired: Sundar Pichai, the chief executive of Google, has said that AI "is more profound than ... electricity or fire." Andrew Ng, who founded Google Brain and now invests in AI startups, wrote that "If a typical person can do a mental task with less than one second of thought, we can probably automate it using AI either now or in the near future." Their enthusiasm is pardonable.

[...] But there are many things that people can do quickly that smart machines cannot. Natural language is beyond deep learning; new situations baffle artificial intelligences, like cows brought up short at a cattle grid. None of these shortcomings is likely to be solved soon. Once you've seen you've seen it, you can't un-see it: deep learning, now the dominant technique in artificial intelligence, will not lead to an AI that abstractly reasons and generalizes about the world. By itself, it is unlikely to automate ordinary human activities.

To see why modern AI is good at a few things but bad at everything else, it helps to understand how deep learning works. Deep learning is math: a statistical method where computers learn to classify patterns using neural networks. [...] Deep learning's advances are the product of pattern recognition: neural networks memorize classes of things and more-or-less reliably know when they encounter them again. But almost all the interesting problems in cognition aren't classification problems at all.

Jason Koebler shares a report from Motherboard: An anonymous person posted what experts say is the source code for a core component of the iPhone's operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve. The code is for "iBoot," which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. It's the program that loads iOS, the very first process that runs when you turn on your iPhone. The code says it's for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11. Bugs in the boot process are the most valuable ones if reported to Apple through its bounty program, which values them at a max payment of $200,000. "This is the biggest leak in history," Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told Motherboard in an online chat. "It's a huge deal." Levin, along with a second security researcher familiar with iOS, says the code appears to be the real iBoot code because it aligns with the code he reverse engineered himself.

Yesterday, Bloomberg reported that the U.S. Commodity Futures Trading Commission sent subpoenas last week to virtual-currency venue Bitfinex and Tether, a company that issues a widely traded coin and claims it's pegged to the dollar. Wired's Sandra Upson explains why Tether's collapse would be bad for the entire cryptocurrency market: Unlike bitcoin and its many siblings, tether is what is called a stablecoin, an entity designed to not fluctuate in value. With most cryptocurrencies prone to wild swings, tether offers people who dabble in the market the option of buying a currency that its backers say is pegged to the U.S. dollar. The root of the controversy is whether the company behind it, also called Tether, is telling the truth when it claims that every unit in circulation is matched by a U.S. dollar it holds in reserve. If the company has a dollar for every tether, that means in theory any holder can sell tethers back to the company for an equal number of dollars at any time. This belief keeps the value of a tether pegged to a dollar.

If tethers are not backed by a matching number of dollars, then Tether can print an arbitrary amount of money. (Other cryptocurrencies, by contrast, create new tokens according to strictly prescribed, predictable rules.) Other problems ensue, including suspicions that Tether is timing the release of new tethers to coincide with drops in the price of bitcoin and then using those tethers to scoop up bitcoins. Some observers fear that these purchases are artificially inflating the price of bitcoin. If traders lose faith in tether, they could end up triggering the crypto version of a bank run. Tether helps stabilize cryptocurrency exchanges in various ways, so its collapse could also cause some exchanges to topple, wiping out billions of dollars of investments overnight and potentially undoing much of the public's growing interest in new technologies like bitcoin.

jwhyche, Slashdot reader #6,192, writes: If you bought some illegal narcotics off Silk Road or even gave money to Wikileaks. Researchers at Qatar University and Hamad Bin Khalifa University have been able to link these transactions with real world identities. They have been able to do this even if the transactions are years old. Their research shows how easy it is to link accounts to these transactions without using any of the tools available to law enforcement like search warrants or subpoenas.
The researchers started with 88 unique bitcoin addresses from Tor hidden services, and then searched 5 billion tweets and 1 million pages on the Bitcoin Talk forum -- ultimately linking 125 unique users to 20 Tor hidden services. "Bitcoin addresses should always be considered exploitable," the researchers conclude, "as they can be used to deanonymize users retroactively."

Their paper is titled "When a Small Leak Sinks a Great Ship: Deanonymizing Tor Hidden Service Users Through Bitcoin Transactions Analysis," and Wired summarizes one of their conclusions. "Even deleting profile information that includes bitcoin addresses may not be enough if a post has been cached or captured by services like the Internet Archive, they point out. 'If you're vulnerable now, you're vulnerable in the future.'"

An anonymous reader quotes a report from The Hill: Special counsel Robert Mueller's team has interviewed at least one Facebook employee tasked with helping the Trump campaign's digital operations during the 2016 campaign, Wired reported on Friday. The report, which cited a source familiar with the matter, does not say when the employee was questioned nor does it detail the focus of the interview. Mueller's team has been investigating for months any collusion between Trump campaign associates and Russia. During the election, Facebook deployed employees to embed with the Trump campaign to assist its digital operations. The company also worked with Hillary Clinton's campaign team but did not have employees embedded with them. The company has also been scrutinized by Congress for selling more than 3,000 ads to the Internet Research Agency, a Russian "troll farm" alleged to have carried out misinformation operations online during the campaign.

Ultrasound, which works on the principle of piezoelectricity, is finding a second lease of life in medicine, Wired outlines. Applying voltage to a piezoelectric crystal makes it vibrate, sending out a sound wave. When the echo that bounces back is converted into electrical signals, you get an image of, say, a fetus, or a submarine. But in the last few years, the lo-fi tech has reinvented itself in some weird new ways. From a report: Researchers are fitting people's heads with ultrasound-emitting helmets to treat tremors and Alzheimer's. They're using it to remotely activate cancer-fighting immune cells. Startups are designing swallowable capsules and ultrasonically vibrating enemas to shoot drugs into the bloodstream. One company is even using the shockwaves to heal wounds -- stuff Curie never could have even imagined. So how did this 100-year-old technology learn some new tricks? With the help of modern-day medical imaging, and lots and lots of bubbles.

Tinder's mobile apps still lack the standard encryption necessary to keep your photos, swipes, and matches hidden from snoops, a security firm reports. From Wired: On Tuesday, researchers at Tel Aviv-based app security firm Checkmarx demonstrated that Tinder still lacks basic HTTPS encryption for photos. Just by being on the same Wi-Fi network as any user of Tinder's iOS or Android app, the researchers could see any photo the user did, or even inject their own images into his or her photo stream. And while other data in Tinder's apps are HTTPS-encrypted, Checkmarx found that they still leaked enough information to tell encrypted commands apart, allowing a hacker on the same network to watch every swipe left, swipe right, or match on the target's phone nearly as easily as if they were looking over the target's shoulder. The researchers suggest that lack of protection could enable anything from simple voyeuristic nosiness to blackmail schemes.

Google Play, the marquee Android apps store, is filled with apps that are riddled with hidden trackers that siphon a smorgasbord of data from all sensors, in all directions, unknown to the Android user. Not content with the strides Google has made to curtail the issue, Yale Privacy Lab has collaborated with Exodus Privacy to detect and expose trackers with the help of the F-Droid app store. From a report on Wired: F-Droid is the best replacement for Google Play, because it only offers FOSS apps without tracking, has a strict auditing process, and may be installed on most Android devices without any hassles or restrictions. F-Droid doesn't offer the millions of apps available in Google Play, so some people will not want to use it exclusively. It's true that Google does screen apps submitted to the Play store to filter out malware, but the process is still mostly automated and very quick -- too quick to detect Android malware before it's published, as we've seen. Installing F-Droid isn't a silver bullet, but it's the first step in protecting yourself from malware.

An anonymous reader shares a report: For decades, pilots heading into or out of Wichita Eisenhower National Airport in southeast Kansas have had three runways to choose from: 1L/19R, 1R/19L, and 14/32. Now, at the orders of the FAA, the airport will spend hundreds of thousands of dollars to give itself a makeover. Workers will repaint those huge numbers at the ends of each runway and replace copious signage. Pilots and air traffic controllers will study new reference manuals and approach plates, all updated to reflect an airport whose three runways have been renamed. World, meet 2L/20R, 2R/20L, and 15/33 -- which happen to be the same runways that have been welcoming planes since 1954.

This is not a "What's in a name?" situation. The runways may be the same sweet-smelling stretches of tarmac they've always been, but the world around them has changed. Well, the magnetic fields around the world have changed. The planet's magnetic poles -- the points that compasses recognize as north and south -- are always wandering about. That's a problem, because most runways are named for their magnetic headings. Take Wichita's 14/32. First off, because planes can land or take off from either direction, you can think of it as two runways: 14 and 32. (Pro tip: Pilots say "one-four" and "three-two," not 14 and 32.) If you're looking at a compass, one end is about 140 degrees off of north, counting clockwise. For simplicity's sake, the headings are rounded to the nearest five, and dropped to two digits. So if you're looking down at Wichita Eisenhower, runway 14/32 is the one running from the northwest to the southeast.

An anonymous reader shares a report: Humanity must not pass a rise of 2 degrees Celsius in global temperature from pre-industrial levels, so says the Paris climate agreement. Cross that line and the global effects of climate change start looking less like a grave situation and more like a catastrophe. The frustrating bit about studying climate change is the inherent uncertainty of it all. Predicting where it's going is a matter of mashing up thousands of variables in massive, confounding systems. But today in the journal Nature, researchers claim they've reduced the uncertainty in a key metric of climate change by 60 percent, narrowing a range of potential warming from 3C to 1.2C. And that could have implications for how the international community arrives at climate goals like it did in Paris. The metric is called equilibrium climate sensitivity, but don't let the name scare you.

From a report: Book a night at LAX's Residence Inn and you may be fortunate enough to meet an employee named Wally. His gig is relatively pedestrian -- bring you room service, navigate around the hotel's clientele in the lobby and halls -- but Wally's life is far more difficult than it seems. If you put a tray out in front of your door, for instance, he can't get to you. If a cart is blocking the hall, he can't push it out of the way. But fortunately for Wally, whenever he gets into a spot of trouble, he can call out for help. See, Wally is a robot -- specifically, a Relay robot from a company called Savioke. And when the machine finds itself in a particularly tricky situation, it relies on human agents in a call center way across the country in Pennsylvania to bail it out. [...]

The first companies to unleash robots into service sectors have been quietly opening call centers stocked with humans who monitor the machines and help them get out of jams. "It's something that's just starting to emerge, and it's not just robots," says David Poole, CEO and co-founder of Symphony Ventures, which consults companies on automation. "I think there is going to be a huge industry, probably mostly offshore, in the monitoring of devices in general, whether they're health devices that individuals wear or monitoring pacemakers or whatever it might be."

schwit1 quotes the Wall Street Journal: Authorities in Tehran have ratcheted up their policing of the internet in the past week and a half, part of an attempt to stamp out the most far-reaching protests in Iran since 2009. But the crackdown is driving millions of Iranians to tech tools that can help them evade censors, according to activists and developers of the tools. Some of the tools were attracting three or four times more unique users a day than they were before the internet crackdown, potentially weakening government efforts to control access to information online. "By the time they wake up, the government will have lost control of the internet," said Mehdi Yahyanejad, executive director of NetFreedom Pioneers, a California-based technology nonprofit that largely focuses on Iran and develops educational and freedom of information tools.
Wired calls it "the biggest protest movement in Iran since the 2009 Green Movement uprising," criticing tech companies which "continue to deny services to Iranians that could be crucial to free and open communications."

Tom Simonite, writing for Wired: In 2015, a black software developer embarrassed Google by tweeting that the company's Photos service had labeled photos of him with a black friend as "gorillas." Google declared itself "appalled and genuinely sorry." An engineer who became the public face of the clean-up operation said the label gorilla would no longer be applied to groups of images, and that Google was "working on longer-term fixes." More than two years later, one of those fixes is erasing gorillas, and some other primates, from the service's lexicon. The awkward workaround illustrates the difficulties Google and other tech companies face in advancing image-recognition technology, which the companies hope to use in self-driving cars, personal assistants, and other products. WIRED tested Google Photos using a collection of 40,000 images well-stocked with animals. It performed impressively at finding many creatures, including pandas and poodles. But the service reported "no results" for the search terms "gorilla," "chimp," "chimpanzee," and "monkey."

A group of crytopgraphers from Germany's Ruhr University Bochum have uncovered flaws in WhatsApp's security that compromise the instant messaging service's end-to-end encryption. WhatsApp, owned by Facebook, has over one billion active users. In a paper published last week, "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema," anyone who controls WhatsApp's servers, including company employees, can covertly add members to any group -- a claim that might not bode well with privacy enthusiasts. From the paper: The described weaknesses enable attacker A, who controls the WhatsApp server or can break the transport layer security, to take full control over a group. Entering the group however leaves traces since this operation is listed in the graphical user interface. The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group. Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members. Additionally the WhatsApp server can forward these messages to the members individually such that a subtly chosen combination of messages can help it to cover the traces. Further reading: Wired.

"The movement to encrypt the web reached milestone after milestone in 2017," writes the EFF, adding that "the web is in the middle of a massive change from non-secure HTTP to the more secure, encrypted HTTPS protocol." In February, the scales tipped. For the first time, approximately half of Internet traffic was protected by HTTPS. Now, as 2017 comes to a close, an average of 66% of page loads on Firefox are encrypted, and Chrome shows even higher numbers. At the beginning of the year, Let's Encrypt had issued about 28 million certificates. In June, it surpassed 100 million certificates. Now, Let's Encrypt's total issuance volume has exceeded 177 million certificates...

Browsers have been pushing the movement to encrypt the web further, too. Early this year, Chrome and Firefox started showing users "Not secure" warnings when HTTP websites asked them to submit password or credit card information. In October, Chrome expanded the warning to cover all input fields, as well as all pages viewed in Incognito mode. Chrome has eventual plans to show a "Not secure" warning for all HTTP pages... The next big step in encrypting the web is ensuring that most websites default to HTTPS without ever sending people to the HTTP version of their site. The technology to do this is called HTTP Strict Transport Security (HSTS), and is being more widely adopted. Notably, the registrar for the .gov TLD announced that all new .gov domains would be set up with HSTS automatically...

The Certification Authority Authorization (CAA) standard became mandatory for all CAs to implement this year... [And] there's plenty to look forward to in 2018. In a significant improvement to the TLS ecosystem, for example, Chrome plans to require Certificate Transparency starting next April.

A new study in IEEE Transactions on Intelligent Transportation Systems mathematically suggests that if you and everyone else on the road kept an equal distance between the cars ahead and behind, traffic would move twice as quickly. From a report: Now sure, you're probably not going to convince everyone on the road to do that. Still, the finding could be a simple yet powerful way to optimize semi-autonomous cars long before the fully self-driving car of tomorrow arrives. Traffic is perhaps the world's most infuriating example of what's known as an emergent property. Meaning, lots of individual things forming together to create something more complex. Emergent properties are usually quite astounding. You've probably seen video of starlings forming a murmuration, a great shifting blob of thousands upon thousands of birds. Bats flying en masse out of a cave is another example, swarming sometimes by the millions through a small exit. And scientists are just beginning to understand how they do so.

An anonymous reader quotes a report from The Verge: Researchers at Trend Micro have found that certain models of Sonos and Bose speakers have vulnerabilities that leave them open to hijacking, as reported by Wired. The accessible speakers are being exploited by hackers that are using them to play spooky sounds, Alexa commands, and Rick Astley tracks. Only a small percentage of speakers by the two companies are actually affected, including some of the Sonos Play:1, the Sonos One, and the Bose SoundTouch. All it takes is for the speaker to be connected to a misconfigured network and a simple internet scan. Once the speaker is discovered via the scan, the API it uses to talk to apps can be utilized to tell the speakers to play any audio file hosted at a specific URL. Of all the models, between 2,500 to 5,000 Sonos devices and 400 to 500 Bose devices were found by Trend Micro to be open to audio hacking.

theodp writes: Over at Wired, Leslie Berlin writes about Futures Day at the 1977 Xerox World Conference, an invitation-only demonstration of the Alto personal computer system developed at Xerox PARC. It's an excerpt from Troublemakers: How a Generation of Silicon Valley Upstarts Invented the Future. Both Berlin's book and Brian Dear's recent The Friendly Orange Glow: The Untold Story of the PLATO System and the Dawn of Cyberculture are shedding light on groundbreaking systems of the '70s that were ultimately done in by the less-featured but low-cost Apple II (yes, $2,638 for a system with 48 kB of RAM was 'low cost'!) and other personal computers. Interestingly, Dear notes that the Xerox Parc and PLATO teams sent people out to see and learn and exchange ideas with each other over the years. Their interactions included 'tremendous battles' over the advantages and disadvantages of mouse interfaces [Xerox] vs. touch screens [PLATO], as well as plasma displays [PLATO] vs. other, cheaper display solutions [Xerox]. As is the case with many debates, both teams proved to be "right." Apple wouldn't introduce the masses to a mouse interface until 1984 [Macintosh] and a touch screen interface until 2007 [iPhone].

An anonymous reader shares a Wired report: Algorithms, unlike humans, are susceptible to a specific type of problem called an "adversarial example." These are specially designed optical illusions that fool computers into doing things like mistake a picture of a panda for one of a gibbon. They can be images, sounds, or paragraphs of text. Think of them as hallucinations for algorithms. While a panda-gibbon mix-up may seem low stakes, an adversarial example could thwart the AI system that controls a self-driving car, for instance, causing it to mistake a stop sign for a speed limit one. They've already been used to beat other kinds of algorithms, like spam filters. Those adversarial examples are also much easier to create than was previously understood, according to research released Wednesday from MIT's Computer Science and Artificial Intelligence Laboratory. And not just under controlled conditions; the team reliably fooled Google's Cloud Vision API, a machine learning algorithm used in the real world today. For example, in November another team at MIT (with many of the same researchers) published a study demonstrating how Google's InceptionV3 image classifier could be duped into thinking that a 3-D-printed turtle was a rifle. In fact, researchers could manipulate the AI into thinking the turtle was any object they wanted.

An anonymous reader shares a Wired report: Algorithms, unlike humans, are susceptible to a specific type of problem called an "adversarial example." These are specially designed optical illusions that fool computers into doing things like mistake a picture of a panda for one of a gibbon. They can be images, sounds, or paragraphs of text. Think of them as hallucinations for algorithms. While a panda-gibbon mix-up may seem low stakes, an adversarial example could thwart the AI system that controls a self-driving car, for instance, causing it to mistake a stop sign for a speed limit one. They've already been used to beat other kinds of algorithms, like spam filters. Those adversarial examples are also much easier to create than was previously understood, according to research released Wednesday from MIT's Computer Science and Artificial Intelligence Laboratory. And not just under controlled conditions; the team reliably fooled Google's Cloud Vision API, a machine learning algorithm used in the real world today. For example, in November another team at MIT (with many of the same researchers) published a study demonstrating how Google's InceptionV3 image classifier could be duped into thinking that a 3-D-printed turtle was a rifle. In fact, researchers could manipulate the AI into thinking the turtle was any object they wanted.