Slashdot Mirror

Hugh Pickens writes "Time Magazine reports that computational neuroscientists Ogi Ogas and Sai Gaddam analyzed the results of 400 million online searches for porn and uncovered some startling insights into what men and women may really want from each other. In the first place, although you can find an instance of any kind of porn you can imagine on the internet, people search for and spend money and time on 20 sexual interests, which account for 80% of all porn — the top 10 sex-related searches include variations on youth (13.5 per cent), breasts (4 per cent), cheating wives (3.4 per cent) and cheerleaders (0.1 per cent) among others. Many are surprised that "cheating wives" is such a popular search but Ogas says that it's one of the top interests all around the world because men are wired to be sexually jealous but simultaneously they're also sexually aroused so if a man sees a woman — including his partner — with another man, he becomes more aroused. Women prefer stories to visual porn by a long shot and the most popular erotica for women is the romance novel because female desire requires multiple stimuli simultaneously or in quick succession."

Barence writes "The most common complaint about 3D is that the glasses give you a headache, but that's not actually true, according to the man who teaches the pros how to make better 3D. Speaking at the BBC in London, Buzz Hays, chief instructor for the Sony 3D Technology Center in Culver City, California, explained: 'It's not the technology's fault, it's really the content that can cause these problems. It's easy to make 3D but it's hard to make it good — and by "good" I mean taking care to make sure that this isn't going to cause eyestrain.' He went on to detail some of the mistakes made by inexperienced 3D film makers, from poor composition of shots, through uncomfortable convergence settings, to overuse of on-set monitors without viewing their content on a big screen. But the biggest admission Buzz made was that not even the 'experts' know all the tricks yet, which is why 3D should only get better from here. In the same seminar, Buzz also explained why 3D glasses are here to stay — at least for the next few years."

Sooner Boomer asks: "Not having met 'Mrs. Boomer' yet, I'm buying Christmas gifts for my nieces and nephews. Whether genetics or just good luck, almost all of the young 'uns are girls. I've been slowly introducing them to the classics of science fiction: Heinlein ('Podkayne of Mars', _'Starship Troopers', etc.), Asimov short stories, Ann McAffrey (the Dragonrider books), Alan Dean Foster (the Flynx books and others), Douglas Adams and Terry Prachett, some Neil Gaiman (Stardust, Good Omens), as well as the mandatory Tolkien and C.S. Lewis. This is just a partial list, but what would Slashdot consider to be good (or even essential) science fiction for teen and pre-teen girls?"

Larry Groebe writes "The most amazing unified collection of books, papers, and similar material on the history of computing is about to go on sale at Christie's auction house. Want a signed copy of 'Rossum's Universal Robots?' Original papers on the Eniac? Alan Turning's original proof of universal computability? Letters from Charles Babbage himself? It's in there, to anyone with (a whole lot of) money. Check out the estimated price on the 1974 journal article by Vinton Cerf describing IP addressing. It's increased in value in the past 30 years...just a bit."

A "limited" number of users of Microsoft's webmail services -- which include Hotmail, Outlook.com, and MSN -- "had their accounts compromised, TechCrunch reports. "We addressed this scheme, which affected a limited subset of consumer accounts, by disabling the compromised credentials and blocking the perpetrators' access," said a Microsoft spokesperson in an email. According to an email Microsoft has sent out to affected users, malicious hackers were potentially able to access an affected user's e-mail address, folder names, the subject lines of e-mails, and the names of other e-mail addresses the user communicates with -- "but not the content of any e-mails or attachments," nor -- it seems -- login credentials like passwords. Microsoft is still recommending that affected users change their passwords regardless.

The breach occurred between January 1 and March 28, Microsoft's letter to users said. The hackers got into the system by compromising a customer support agent's credentials, according to the letter. Once identified, those credentials were disabled. Microsoft told users that it didn't know what data was viewed by the hackers or why, but cautioned that users might as a result see more phishing or spam emails as a result.

Researchers from Northeastern Unviersity, the University of Southern Carolina, and tech accountability non-profit Upturn have released a paper that says Facebook's ad delivery system itself can steer ads intended to be inclusive toward discrimination without explicit intent. "In a paper titled, 'Discrimination through optimization: How Facebook's ad delivery can lead to skewed outcomes,' co-authors Muhammad Ali, Piotr Sapiezynski, Miranda Bogen, Aleksandra Korolova, Alan Mislove, and Aaron Rieke find that advertiser budgets and ad content affect ad delivery, skewing it along gender and racial lines even when neutral ad targeting settings are used," reports The Register. From the report: The researchers found that Facebook ads tend to be shown to men because women tend to click on ads more often, making them more expensive to reach through Facebook's system. That divide becomes apparent when ad budgets are compared, because the ad budget affects ad distribution. As the paper explains, "the higher the daily budget, the smaller the fraction of men in the audience." Such segregation may be appropriate and desirable for certain types of marketing pitches, but when applied to credit, employment and housing ads, the consequences can be problematic.

Ad content -- text and images -- also has a strong effect on whether ads get shown to men or women, even when the bidding strategy is the same and gender-agnostic targeting is used. In particular, the researchers found images had a surprisingly large effect on ad delivery. Ad URL destination has some effect -- an ad pointing to a bodybuilding site and an ad pointing to a cosmetics site had a baseline delivery distribution of 48 percent men and 40 percent men respectively. The addition of a title and headline doesn't change that much. But once the researchers added an image to the ad, the distribution pattern changed, with the bodybuilding site ad reaching an audience that was 75 percent male and the cosmetics ad reaching an audience that was 90 percent female. According to the researchers, their tests suggest, "Facebook has an automated image classification mechanism in place that is used to steer different ads towards different subsets of the user population." "In terms of credit, employment and housing ads, the problem with this system is that it discriminates where it shouldn't: Five ads for lumber industry jobs were delivered to an audience that was more than 90 percent men and more than 70 percent white; five ads for janitorial work were delivered to an audience that was more than 65 percent women and 75 percent black," the report adds. "Housing ads also showed a racial skew."

The latest findings come after years of criticism of Facebook's ad system. Last month, Facebook announced changes to the platform intended to prevent advertisers from deploying unfair credit, employment and housing ads. One week later, the U.S. Department of Housing and Urban Development sued Facebook for violating the Fair Housing Act.

Google+ "was an Internet-based social network. It was almost 8 years old," reports KilledByGoogle.com, which bills itself as "The Google Graveyard: A list of dead products Google has killed and laid to rest in the Google Cemetery."

But before Google+ closes for good in April, its posts are being preserved by Internet Archive and the ArchiveTeam, reports the Verge: In a post on Reddit, the sites announced that they had begun their efforts to archive the posts using scripts to capture and back up the data in an effort to preserve it. The teams say that their efforts will only encompass posts that are currently available to the public: they won't be able to back up posts that are marked private or deleted... They also note that they won't be able to capture everything: comment threads have a limit of 500 comments, "but only presents a subset of these as static HTML. It's not clear that long discussion threads will be preserved." They also say that images and video won't be preserved at full resolution...

They also urge people who don't want their content to be archived to delete their accounts, and pointed to a procedure to request the removal of specific content.
A bit of history: Linus Torvalds launched a Google+ page in 2017 called "Gadget Reviews" -- where he made exactly six posts.

An anonymous reader shares a report: Generative AI models have a propensity for learning complex data distributions, which is why they're great at producing human-like speech and convincing images of burgers and faces. But training these models requires lots of labeled data, and depending on the task at hand, the necessary corpora are sometimes in short supply.

The solution might lie in an approach proposed by researchers at Google and ETH Zurich. In a paper [PDF] published on the preprint server Arxiv.org ("High-Fidelity Image Generation With Fewer Labels"), they describe a "semantic extractor" that can pull out features from training data, along with methods of inferring labels for an entire training set from a small subset of labeled images. These self- and semi-supervised techniques together, they say, can outperform state-of-the-art methods on popular benchmarks like ImageNet.

"In a nutshell, instead of providing hand-annotated ground truth labels for real images to the discriminator, we ... provide inferred ones," the paper's authors explained. In one of several unsupervised methods the researchers posit, they first extract a feature representation -- a set of techniques for automatically discovering the representations needed for raw data classification -- on a target training dataset using the aforementioned feature extractor.

An anonymous reader quotes a report from Motherboard: Last week, Motherboard published an investigation which revealed that law enforcement agencies around the country are using PredPol -- a predictive policing software that once cited the controversial, unproven "broken windows" policing theory as a part of its best practices. Our report showed that local police in Kansas, Washington, South Carolina, California, Georgia, Utah, and Michigan are using or have used the software. In a 2014 presentation to police departments obtained by Motherboard, the company says that the software is "based on nearly seven years of detailed academic research into the causes of crime pattern formation the mathematics looks complicated -- and it is complicated for normal mortal humans -- but the behaviors upon which the math is based are very understandable."

The company says those behaviors are "repeat victimization" of an address, "near-repeat victimization" (the proximity of other addresses to previously reported crimes), and "local search" (criminals are likely to commit crimes near their homes or near other crimes they've committed, PredPol says.) But academics Motherboard spoke to say that the mathematical theory that is used to power PredPol is flawed, and that its algorithm -- at least as pitched to police -- is far too simplistic to actually predict crime. Kristian Lum, who co-wrote a 2016 paper that tested the algorithmic mechanisms of PredPol with real crime data, told Motherboard in a phone call that although PredPol is powered by complicated-looking mathematical formulas, its actual function can be summarized as a moving average -- or an average of subsets within a data set. "The academic foundation for PredPol's software takes a statistical modeling method used to predict earthquakes and apply it to crime," reports Motherboard. "Much like how earthquakes are likely to appear in similar places, the papers argue, crimes are also likely to occur in similar places. Suresh Venkatasubramanian, a professor of computing at the University of Utah and a member of the board of directors for ACLU Utah, told Motherboard that earthquake data and crime data are, naturally, collected in different ways."

"I would say in our mind, the key difference is that in earthquake models, you have seismographs everywhere -- wherever an earthquake happens, you'll find it," Venkatasubramanian said. "The crux of the issue really is that to what extent are you able to get data about what you're observing that is not also totally on the model itself." "If you build predictive policing, you are essentially sending police to certain neighborhoods based on what what they told you -- but that also means you're not sending police to other neighborhoods because the system didn't tell you to go there," Venkatasubramanian said. "If you assume that the data collection for your system is generated by police whom you sent to certain neighborhoods, then essentially your model is controlling the next round of data you get."

Security reporter Brian Krebs writes: My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. A story in The Guardian breathlessly dubbed it "the largest collection ever of breached data found." But in an interview with the apparent seller, KrebsOnSecurity learned that it is not even close to the largest gathering of stolen data, and that it is at least two to three years old.

The dump, labeled "Collection #1" and approximately 87GB in size, was first detailed earlier today by Troy Hunt, who operates the HaveIBeenPwned breach notification service. Hunt said the data cache was likely "made up of many different individual data breaches from literally thousands of different sources." KrebsOnSecurity sought perspective on this discovery from Alex Holden, CTO of Hold Security, a company that specializes in trawling underground spaces for intelligence about malicious actors and their stolen data dumps. Holden said the data appears to have first been posted to underground forums in October 2018, and that it is just a subset of a much larger tranche of passwords being peddled by a shadowy seller online.

Throughout 2018, researchers inside and outside Intel continued to find exploitable weaknesses related to Meltdown and Spectre class of "speculative execution" vulnerabilities. Fixing many of them takes not just software patches, but conceptually rethinking how processors are made. From a report: At the center of these efforts for Intel is STORM, the company's strategic offensive research and mitigation group, a team of hackers from around the world tasked with heading off next-generation security threats. Reacting to speculative execution vulnerabilities in particular has taken extensive collaboration among product development teams, legacy architecture groups, outreach and communications departments to coordinate response, and security-focused research groups at Intel. STORM has been at the heart of the technical side. "With Meltdown and Spectre we were very aggressive with how we approached this problem," says Dhinesh Manoharan, who heads Intel's offensive security research division, which includes STORM. "The amount of products that we needed to deal with and address and the pace in which we did this -- we set a really high bar."

Intel's offensive security research team comprises about 60 people who focus on proactive security testing and in-depth investigations. STORM is a subset, about a dozen people who specifically work on prototyping exploits to show their practical impact. They help shed light on how far a vulnerability really extends, while also pointing to potential mitigations. The strategy helped them catch as many variants as possible of the speculative execution vulnerabilities that emerged in a slow trickle throughout 2018. "Every time a new state of the art capability or attack is discovered we need to keep tracking it, doing work on it, and making sure that our technologies are still resilient," says Rodrigo Branco, who heads STORM. "It was no different for Spectre and Meltdown. The only difference in that case is the size, because it also affected other companies and the industry as a whole."

New submitter neo00 writes: Office 365 users in Europe, Asia, and Americas are impacted by a wide-spread outage causing users who have Multi-Factor Authentication (MFA) enabled by default policy to be unable to login to Office 365 and other services reliant on Azure Active Directory. According to The Register: "Microsoft confirmed that there were problems from 04:39 UTC with a subset of customers in Europe and Asia-Pacific experiencing 'difficulties signing into Azure resources' such as the, er, little used Azure Active Directory, when Multi-Factor Authentication (MFA) is enabled. Six hours later, and the problems are continuing."

The Office 365 health status page has reported that: "Affected users may be unable to sign in using MFA" and Azure's own status page confirmed that there are "issues connecting to Azure resources" thanks to the borked MFA."

Official Azure status updates are published here.

Mozilla is reportedly preparing to offer a VPN service for Firefox users to help protect them when surfing the web. According to Trusted Reviews, Mozilla has partnered with the ProtonVPN service, "with a new notification piping-up when the browser detects an unsecured connection, or in a scenario when VPN might be preferable to users." From the report: However, it appears Firefox users will have to pay for the privilege. Austrian site Soeren-hentzschel reports the premium VPN service will be $10 a month, which is what ProtonVPN charges its users. Users will receive a "Firefox Recommends" pop-up when browsing an unsecured wireless network. The pop-up says the VPN service will provide a "private and secure' internet connection. According to the reports, a subset of Firefox 62 users in the United States will begin receiving the pop-up from today. Mozilla will reportedly get a cut of any subscription fee handed over by users to access the VPN service. MSPowerUser points out that this will be the first advertised service that costs money for Firefox users.

Microsoft is releasing Office 2019 for Windows and Mac today. The update is designed for businesses and consumers that haven't opted into Microsoft's Office 365 service with monthly feature updates. The Verge: Office 2019 is essentially a subset of features that have been added to Office 365 over the past three years, and it includes updates to Word, Excel, PowerPoint, Outlook, Project, Visio, Access, and Publisher. Office 2019 will include a roaming pencil case and ribbon customizations across all Office apps. Microsoft is also bringing focus mode to Word, alongside a new translator, and accessibility improvements. Morph transitions, SVG and 3D model support, play in-click sequence, and 4k video export are all coming to PowerPoint. According to VentureBeat, which cites a Microsoft executive, the new versions of Word, Excel, PowerPoint, Outlook won't receive future updates.

"The economics of Open Source software are fundamentally broken," argues Matt Klein, a senior software engineer at Lyft (who created Envoy). Here's a heavily-condensed version of his essay on Medium: If we take consulting, services, and support off the table as an option for high-growth revenue generation (the only thing VCs care about), we are left with open core [with some subset of features behind a paywall], software as a service, or some blurring of the two... Everyone wants infrastructure software to be free and continuously developed by highly skilled professional developers (who in turn expect to make substantial salaries), but no one wants to pay for it. The economics of this situation are unsustainable and broken...

[W]e now come to what I have recently called "loose" open core and SaaS. In the future, I believe the most successful OSS projects will be primarily monetized via this method. What is it? The idea behind "loose" open core and SaaS is that a popular OSS project can be developed as a completely community driven project (this avoids the conflicts of interest inherent in "pure" open core), while value added proprietary services and software can be sold in an ecosystem that forms around the OSS...

Unfortunately, there is an inflection point at which in some sense an OSS project becomes too popular for its own good, and outgrows its ability to generate enough revenue via either "pure" open core or services and support... [B]uilding a vibrant community and then enabling an ecosystem of "loose" open core and SaaS businesses on top appears to me to be the only viable path forward for modern VC-backed OSS startups.
Klein also suggests OSS foundations start providing fellowships to key maintainers, who currently "operate under an almost feudal system of patronage, hopping from company to company, trying to earn a living, keep the community vibrant, and all the while stay impartial..."

"[A]s an industry, we are going to have to come to terms with the economic reality: nothing is free, including OSS. If we want vibrant OSS projects maintained by engineers that are well compensated and not conflicted, we are going to have to decide that this is something worth paying for. In my opinion, fellowships provided by OSS foundations and funded by companies generating revenue off of the OSS is a great way to start down this path."

Were the creators of Facebook and Twitter oblivious to how social networks could be abused? "I struggle to believe that these brilliant product CEOs, who have created social media services used by millions of people worldwide, are actually naive," writes Ellen Pao, the former CEO of Reddit. "It's a lot more likely that they simply don't care." [S]ocial media companies and the leaders who run them are rewarded for focusing on reach and engagement, not for positive impact or for protecting subsets of users from harm. They're rewarded for keeping costs down, which encourages the free-for-all, anything-goes approach misnomered "free speech." If they don't need to monitor their platforms, they don't need to come up with real policies -- and avoid paying for all the people and tools required to implement them....

In the earliest days, it wasn't always obvious what these platforms were doing and what they would become -- even to insiders. But at a certain point, it became clear that money was the driving factor, and dopamine- or rage-induced interactions meant more money.... CEOs should just forget about hiding behind "naivete" and "free speech," and instead remind themselves they can take actions that will meaningfully change the direction of the future. The first step is acknowledging the problem... You've solved for increasing engagement; now it's time to make real, positive interactions a priority.
The next time a CEO claims ignorance, "we must hold them accountable," the essay argues, complaining that right now there's a vacuum of leadership.

So instead, "Everyone's holding hands on the road to hell."

A folder containing an estimated 14.8 million Texas voter records was left on an unsecured server without a password. Considering Texas has 19.3 million registered voters, this leak is very substantial. The file was discovered by a New Zealand-based data breach hunter who goes by the pseudonym Flash Gordon. TechCrunch reports: It's not clear who owned the server where the exposed file was found, but an analysis of the data reveals that it was likely originally compiled by Data Trust, a Republican-focused data analytics firm created by the GOP to provide campaigns with voter data. The file -- close to 16 gigabytes in size -- contained dozens of fields, including personal information like a voter's name, address, gender and several years' worth of voting history, including primaries and presidential elections. It's not known exactly when the data was compiled, but an analysis of the data suggests it was prepared in time for the 2016 presidential election. It's also not known if the file is a subset of the 198 million records leak last year -- or if it's a standalone data set.

Facebook today revealed that, using 3.5 billion publicly shared Instagram photos and their accompany hashtags, its computer system has achieved new advances, with a 85.4 percent accuracy rate when used on ImageNet, a well-known benchmark dataset. From a report: The results were shared onstage at F8, Facebook's annual developer conference taking place today at McEnery Convention Center in San Jose, California. Other news announced at F8 this year include the release of Oculus Go, new Facebook Stories sharing capabilities, and the reopening of app and bot reviews following the Cambridge Analytica scandal. See the full rundown here. The results of Facebook's research mean that its computer vision in the real world can see more specific subsets, so instead of just saying "food," it's Indian or Italian cuisine; not just "bird" but a cedar waxwing; not just "man in a white suit" but a clown.

The Khronos Group, a consortium of hardware and software companies, has announced that the Vulkan graphics technology is coming to Apple's platforms, allowing games and apps to run at faster performance levels on Macs and iOS devices. From a report: In collaboration with Valve, LunarG, and The Brenwill Workshop, this free open-source collection includes the full 1.0 release of the previously-commercial MoltenVK, a library for translating Vulkan API calls to Apple's Metal 1 and 2 calls, as well LunarG's new Vulkan SDK for macOS. Funding the costs of open-sourcing, Valve has been utilizing these tools on their applications, noting performance gains over native OpenGL drivers with Vulkan DOTA 2 on macOS as a production-load example. Altogether, this forms the next step in Khronos' Vulkan Portability Initiative, which was first announced at GDC 2017 as their "3D Portability Initiative," and later refined as the "Vulkan Portability Initiative" last summer. Spurred by industry demand, Khronos is striving for a cross-platform API portability solution, where an appropriate subset of Vulkan can act as a 'meta-API'-esque layer to map to DirectX 12 and Metal; the holy grail being that developers can craft a single Vulkan portable application or engine that can be seamlessly deployed across Vulkan, DX12, and Metal supporting platforms.

Ever since the inception of the Like button, Facebook users have been asking for a "dislike" button. Today, Facebook is testing a "downvote" button with certain users in the comment section of posts within Facebook groups and on old Facebook memories content. The Daily Beast reports: The feature appears to give users the ability to downrank certain comments. This is the first time Facebook has tested anything similar to a "dislike" button and it could theoretically allow for content that's offensive or relevant to be pushed to the bottom of a comment feed. In 2016, citing Facebook executives, Bloomberg said a dislike button "had been rejected on the grounds that it would sow too much negativity" to the platform. It's unclear how widely the dislike button is being tested. Facebook regularly tests features with small subsets of users that never end up rolling out to the broader public. Most users currently are only able to either Like or Reply to comments in a thread. The downvote option could have radical implications on what types of discussions and comments flourish on the platform. While it could theoretically be used to de-rank inflammatory or problematic comments, it could also easily be used as a tool for abuse.