AI

Eric Schmidt Says Elon Musk Is 'Exactly Wrong' About AI (techcrunch.com) 6

At the VivaTech conference in Paris, Alphabet CEO Eric Schmidt was asked about Elon Musk's warnings about AI. He responded by saying: "I think Elon is exactly wrong. He doesn't understand the benefits that this technology will provide to making every human being smarter. The fact of the matter is that AI and machine learning are so fundamentally good for humanity." TechCrunch reports: He acknowledged that there are risks around how the technology might be misused, but he said they're outweighed by the benefits: "The example I would offer is, would you not invent the telephone because of the possible misuse of the telephone by evil people? No, you would build the telephone and you would try to find a way to police the misuse of the telephone."

After wryly observing that Schmidt had just given the journalists in the audience their headlines, interviewer (and former Publicis CEO) Maurice Levy asked how AI and public policy can be developed so that some groups aren't "left behind." Schmidt replied that government should fund research and education around these technologies. "As [these new solutions] emerge, they will benefit all of us, and I mean the people who think they're in trouble, too," he said. He added that data shows "workers who work in jobs where the job gets more complicated get higher wages -- if they can be helped to do it." Schmidt also argued that contrary to concerns that automation and technology will eliminate jobs, "The embracement of AI is net positive for jobs." In fact, he said there will be "too many jobs" -- because as society ages, there won't be enough people working and paying taxes to fund crucial services. So AI is "the best way to make them more productive, to make them smarter, more scalable, quicker and so forth."

The Courts

Tesla Agrees To Settle Class Action Over Autopilot Billed As 'Safer' (reuters.com) 32

An anonymous reader quotes a report from Reuters: Tesla on Thursday reached an agreement to settle a class action lawsuit with buyers of its Model S and Model X cars who alleged that the company's assisted-driving Autopilot system was "essentially unusable and demonstrably dangerous." The lawsuit said Tesla misrepresented on its website that the cars came with capabilities designed to make highway driving "safer." The Tesla owners said they paid an extra $5,000 to have their cars equipped with the Autopilot software with additional safety features such as automated emergency braking and side collision warning. The features were "completely inoperable," according to the complaint. Under the proposed agreement, class members, who paid to get the Autopilot upgrade between 2016 and 2017, will receive between $20 and $280 in compensation. Tesla has agreed to place more than $5 million into a settlement fund, which will also cover attorney fees.
Wireless Networking

FBI Tells Router Users To Reboot Now To Kill Malware Infecting 500,000 Devices (arstechnica.com) 30

The FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices. Ars Technica reports: Researchers from Cisco's Talos security team first disclosed the existence of the malware on Wednesday. The detailed report said the malware infected more than 500,000 devices made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link. Known as VPNFilter, the malware allowed attackers to collect communications, launch attacks on others, and permanently destroy the devices with a single command. The report said the malware was developed by hackers working for an advanced nation, possibly Russia, and advised users of affected router models to perform a factory reset, or at a minimum to reboot. Later in the day, The Daily Beast reported that VPNFilter was indeed developed by a Russian hacking group, one known by a variety of names, including Sofacy, Fancy Bear, APT 28, and Pawn Storm. The Daily Beast also said the FBI had seized an Internet domain VPNFilter used as a backup means to deliver later stages of the malware to devices that were already infected with the initial stage 1. The seizure meant that the primary and secondary means to deliver stages 2 and 3 had been dismantled, leaving only a third fallback, which relied on attackers sending special packets to each infected device.

The redundant mechanisms for delivering the later stages address a fundamental shortcoming in VPNFilter -- stages 2 and 3 can't survive a reboot, meaning they are wiped clean as soon as a device is restarted. Instead, only stage 1 remains. Presumably, once an infected device reboots, stage 1 will cause it to reach out to the recently seized ToKnowAll.com address. The FBI's advice to reboot small office and home office routers and NAS devices capitalizes on this limitation. In a statement published Friday, FBI officials suggested that users of all consumer-grade routers, not just those known to be vulnerable to VPNFilter, protect themselves.
The Justice Department and U.S. Department of Homeland Security have also issued statements advising users to reboot their routers as soon as possible.
Government

Apple Will Report Government Requests To Remove Apps From the App Store (theverge.com) 13

In its bi-annual transparency report today, Apple said that it will soon start reporting government requests to take down apps from the App Store. These requests will relate to alleged legal and/or policy provision violations, Apple says. The Verge reports: These numbers will tell us just how often governments are trying to block access to certain apps, and how many of those orders are actually obeyed. Google doesn't yet report these numbers specifically for the Play Store. As for takedown requests over the last year, governments around the world sent requests for information on 29,718 devices. Data was provided in 79 percent of cases. Governments also requested information on 3,358 Apple accounts, and data was provided in 82 percent of cases.
Security

In Apple Mail, There's No Protecting PGP-Encrypted Messages (theintercept.com) 24

It has been nearly two weeks since researchers unveiled "EFAIL," a set of critical software vulnerabilities that allow encrypted email messages to be stolen from within the inbox. The Intercept reports that developers of email clients and encryption plugins are still scrambling to come up with a permanent fix. From the report: Apple Mail is the email client that comes free with every Mac computer, and an open source project called GPGTools allows Apple Mail to smoothly encrypt and decrypt messages using the 23-year-old PGP standard. The day the EFAIL paper was published, GPGTools instructed users to workaround EFAIL by changing a setting in Apple Mail to disable loading remote content. Similarly, the creator of PGP, Phil Zimmermann, co-signed a blog post Thursday stating that EFAIL was "easy to mitigate" by disabling the loading of remote content in GPGTools. But even if you follow this advice and disable remote content, Apple Mail and GPGTools are still vulnerable to EFAIL.

I developed a proof-of-concept exploit that works against Apple Mail and GPGTools even when remote content loading is disabled (German security researcher Hanno Bock also deserves much of the credit for this exploit, more on that below). I have reported the vulnerability to the GPGTools developers, and they are actively working on an update that they plan on releasing soon.

Security

Microsoft Explains Why Windows Defender Isn't Ranked Higher in New Antivirus Tests (zdnet.com) 81

In its most recent reports, AV-Test had very few flattering things to say about Windows Defender. Microsoft's security suite was rated as the seventh best antivirus product in the independent test. In total, 15 AV products were tested. Microsoft, however, has now disputed AV-Test's methodology and conclusion. For some context, the top AV products rated by AV-Test on Windows 10 were Trend Micro, Vipre, AhnLab, Avira, Bitdefender, Kaspersky, and McAfee.

Windows Defender was able to detect 100 percent of new and old malware, but it lost few points for performance (which, AV-Test measures on the basis of how a security suite slows applications and websites on the test computer); and usability (which counts false-positives or instances where AV wrongly identifies a file as malicious.) From a report: Windows Defender's performance rating was dragged down because it slowed the installation of frequently used applications more than the industry average, and wrongly detected 16 pieces of legitimate software compared with the industry average of four. But Microsoft wants enterprise customers to know that Windows Defender is only half the picture, given the option for customers to also deploy Windows Defender Advanced Threat Protection's (ATP) "stack components" including Smartscreen, Application Guard, and Application Control.

In the January and February test Windows Defender also scored 100 percent on protection. However it did miss two samples. Since then it's retrained its machine-learning classifiers to detect them. But Microsoft notes in a new paper that Defender ATP did catch them, which isn't reflected in AV-Test's or other testing firms' result. Microsoft hopes to change this so that testers include so-called stack components available in ATP. "As threats become more sophisticated, Microsoft and other security platform vendors continue evolving their product capabilities to detect threats across different attack stages," Microsoft's Windows Defender Research team writes. "We hope to see independent testers evolve their methodologies as well. Our customers need greater transparency and optics into what an end-to-end solution can accomplish in terms of total preventive protection, including the quality of individual components like antivirus."

Facebook

Facebook Accused of Conducting Mass Surveillance Through Its Apps (theguardian.com) 84

A court case in California alleges that Facebook used its apps to gather information about users and their friends, including some who had not signed up to the social network, reading their text messages, tracking their locations and accessing photos on their phones. The Guardian reports: The claims of what would amount to mass surveillance are part of a lawsuit brought against the company by the former startup Six4Three, listed in legal documents filed at the superior court in San Mateo as part of a court case that has been ongoing for more than two years. The allegations about surveillance appear in a January filing, the fifth amended complaint made by Six4Three. It alleges that Facebook used a range of methods, some adapted to the different phones that users carried, to collect information it could use for commercial purposes.

"Facebook continued to explore and implement ways to track users' location, to track and read their texts, to access and record their microphones on their phones, to track and monitor their usage of competitive apps on their phones, and to track and monitor their calls," one court document says. But all details about the mass surveillance scheme have been redacted on Facebook's request in Six4Three's most recent filings. Facebook claims these are confidential business matters. It has until next Tuesday to submit a claim to the court for the documents to remain sealed from public view.

Android

Some Low-Cost Android Phones Shipped With Malware Built In (techcrunch.com) 49

More than 100 different low-cost Android models from manufacturers such as ZTE, Archos, and myPhone ship with malware pre-installed, researchers at Avast Threat Labs reported on Thursday. Users in more than 90 countries, including the U.S., are affected by this, the researchers said. From a report: The malware, called called Cosiloon, overlays advertisements over the operating system in order to promote apps or even trick users into downloading apps. The app consists of a dropper and a payload. "The dropper is a small application with no obfuscation, located on the /system partition of affected devices. The app is completely passive, only visible to the user in the list of system applications under 'settings.' We have seen the dropper with two different names, 'CrashService' and 'ImeMess,'" wrote Avast.

The dropper then connects with a website to grab the payloads that the hackers wish to install on the phone. "The XML manifest contains information about what to download, which services to start and contains a whitelist programmed to potentially exclude specific countries and devices from infection. However, we've never seen the country whitelist used, and just a few devices were whitelisted in early versions. Currently, no countries or devices are whitelisted. The entire Cosiloon URL is hardcoded in the APK."

Linux

Robin "Roblimo" Miller, a Long-Time Voice of the Linux Community, Has Passed Away (wikipedia.org) 313

Reader rootmon writes: Our thoughts/prayers are with the family and friends of long time open source writer/journalist Robin "Roblimo" Miller who passed away this morning. Robin "Roblimo" Miller (born October 30, 1952) served as the Editor-in-Chief of Open Source Technology Group, the company which owned Slashdot, SourceForge.net, Freshmeat, Linux.com, NewsForge, and ThinkGeek between 2000 to 2008. Miller formerly owned Robin's Limousine, a small limo company based in Elkridge, Maryland, the origin of his online nickname. Miller is best known for his involvement with Slashdot, where he was not only the corporate editorial overseer but also Interview Editor.

As a freelancer, Miller wrote for a number of print and online publications including Time.com, Baltimore City Paper, American Medical News, Innkeeping World, Machine Design, The Baltimore Sun, and Rewired.com. Miller is the author of three books: The Online Rules of Successful Companies, Point -- Click Linux!, and Point -- Click OpenOffice.org, all published by Prentice Hall. His most recent ventures revolved around Internet-delivered video, including video software "tours" and tutorials on Linux.com and his recent "side" venture, Internet Video Promotion, Inc. Miller has been a judge for the Lulu Blooker Prize and is on the online advisory board of the Online Journalism Review of the Annenberg Center for Communication at the University of Southern California. (Biographical Info Quoted in Part from Wikipedia)
Further reading: Linux Journal: RIP Robin "Roblimo" Miller.

Remembering Miller, ZDNet journalist S. Vaughan-Nichols wrote, "He was funny, bright, quick with a quip, caring, and wise. I, and many others who had the pleasure of knowing him, will miss him enormously." Paul Jones, Clinical Professor at the School of Information & Library Science, and Director of ibiblio.org, wrote, "Robin taught me many things, besides the immense gift of his friendship, including 'the way to make money on the internet is to take on more than you spend.' Both funny and accurate in context and very much true to roblimo." Writer and engineer Emmett Initiative said, "He was my editor, which means he was my best friend and worst enemy. He was a kind and thoughtful man that made every writer around him at least 300% better. I already miss him."
Network

Pornhub Launches VPNhub, Its Own Virtual Private Network App (venturebeat.com) 68

"Adult entertainment" giant Pornhub is entering the busy virtual private network (VPN) space with the launch of its very own VPN service. From a report: Dubbed VPNhub, the new service is available for free via native apps on Android, iOS, MacOS, and Windows, though there is a premium subscription available that gets rid of the ads and promises faster speeds. In the U.S., this will cost between $12 and $14 per month, depending on the platform. VPNhub promises unlimited bandwidth, even on the free service, which is key given that Pornhub's core selling point is bandwidth-intensive video, while it offers around 1,000 servers across 15 countries. And it promises that it logs no user data.
Government

US Government Can't Get Controversial Kaspersky Lab Software Off Its Networks (thedailybeast.com) 125

The law says American agencies must eliminate the use of Kaspersky Lab software by October. But U.S. officials say that's impossible as the security suite is embedded too deep in our infrastructure, The Daily Beast reported Wednesday. From a report: Multiple divisions of the U.S. government are confronting the reality that code written by the Moscow-based security company is embedded deep within American infrastructure, in routers, firewalls, and other hardware -- and nobody is certain how to get rid of it. "It's messy, and it's going to take way longer than a year," said one U.S. official. "Congress didn't give anyone money to replace these devices, and the budget had no wiggle-room to begin with."

At issue is a provision of the National Defense Authorization Act (NDAA) enacted last December that requires the government to fully purge itself of "any hardware, software, or services developed or provided, in whole or in part," by Kaspersky Lab. The law was a dramatic expansion of an earlier DHS directive that only outlawed "Kaspersky-branded" products. Both measures came after months of saber rattling by the U.S., which has grown increasingly anxious about Kaspersky's presence in federal networks in the wake of Russia's 2016 election interference campaign.

Security

Cyber Firms Warn on Suspected Russian Plan To Attack Ukraine (reuters.com) 72

Jim Finkle, reporting for Reuters: Cisco Systems on Wednesday warned that hackers have infected at least 500,000 routers and storage devices in dozens of countries with highly sophisticated malicious software, possibly in preparation for another massive cyber attack on Ukraine. Cisco's Talos cyber intelligence unit said it has high confidence that the Russian government is behind the campaign, dubbed VPNFilter, because the hacking software shares code with malware used in previous cyber attacks that the U.S. government has attributed to Moscow. Cisco said the malware could be used for espionage, to interfere with internet communications or launch destructive attacks on Ukraine, which has previously blamed Russia for massive hacks that took out parts of its energy grid and shuttered factories. Head of Ukraine's cyber police said on Wednesday that the agency is aware of new large malware campaign, and that it is working to protect Ukraine against possible new cyber threat.
AI

Microsoft Also Has An AI Bot That Makes Phone Calls To Humans (theverge.com) 61

An anonymous reader quotes a report from The Verge: At an AI event in London today, Microsoft CEO Satya Nadella showed off the company's Xiaoice (pronounced "SHAO-ICE") social chat bot. Microsoft has been testing Xiaoice in China, and Nadella revealed the bot has 500 million "friends" and more than 16 channels for Chinese users to interact with it through WeChat and other popular messaging services. Microsoft has turned Xiaoice, which is Chinese for "little Bing," into a friendly bot that has convinced some of its users that the bot is a friend or a human being. "Xiaoice has her own TV show, it writes poetry, and it does many interesting things," reveals Nadella. "It's a bit of a celebrity."

While most of Xiaoice's interactions have been in text conversations, Microsoft has started allowing the chat bot to call people on their phones. It's not exactly the same as Google Duplex, which uses the Assistant to make calls on your behalf, but instead it holds a phone conversation with you. "One of the things we started doing earlier this year is having full duplex conversations," explains Nadella. "So now Xiaoice can be conversing with you in WeChat and stop and call you. Then you can just talk to it using voice." (The term "full duplex" here refers to a conversation where both participants can speak at the same time; it's not a reference to Google's product, which was named after the same jargon.)

Encryption

FBI Repeatedly Overstated Encryption Threat Figures To Congress, Public (techcrunch.com) 160

mi shares a report from The Washington Post (Warning: source may be paywalled; alternative source): The FBI has repeatedly provided grossly inflated statistics to Congress and the public about the extent of problems posed by encrypted cellphones, claiming investigators were locked out of nearly 7,800 devices connected to crimes last year when the correct number was much smaller, probably between 1,000 and 2,000.

Over a period of seven months, FBI Director Christopher A. Wray cited the inflated figure as the most compelling evidence for the need to address what the FBI calls "Going Dark" -- the spread of encrypted software that can block investigators' access to digital data even with a court order. "The FBI's initial assessment is that programming errors resulted in significant over-counting of mobile devices reported,'' the FBI said in a statement Tuesday. The bureau said the problem stemmed from the use of three distinct databases that led to repeated counting of phones. Tests of the methodology conducted in April 2016 failed to detect the flaw, according to people familiar with the work.

Desktops (Apple)

Razer Slims Down Blade, Debuts MacOS-Compatible eGPU Enclosure (arstechnica.com) 40

An anonymous reader quotes a report from Ars Technica: Today, Razer debuted big updates to its Razer Blade laptop, focusing on design and performance to usher the gaming notebook into 2018. While the new Blade still looks unmistakably "Razer," its design has changed dramatically for the better. Razer upped the screen size from 14 inches to 15.6 inches, reducing the surrounding bezels to just 4.9mm so that the device fits in with the other nearly bezel-less ultrabooks popular today. Razer is offering 1080p 60Hz or 144Hz panels, along with a 4K touchscreen option as well. The larger display panel makes the laptop slightly heavier than its predecessor, and it's a bit wider overall, too (4.7 pounds and 9.3 inches, respectively). However, the slimmer bezels, sharper edges, and aluminum unibody make the new Razer Blade look like a clear upgrade from the previous model.

Another new addition to the Razer lineup is the Core X, a Thunderbolt 3 external graphics enclosure with space for large, three-slot wide graphics cards. The Core X joins the Core V2 graphics enclosure as one of Razer's solutions for gamers who want to add desktop-like graphics power to their laptops -- and it's more affordable than the V2 as well. While it's a bit stockier than Razer's existing enclosure, the Core X has an aluminum body with open vents to properly handle heat, regardless of the task at hand. The Core X connects to a compatible notebook through one Thunderbolt 3 port, providing eGPU access and 100W of power thanks to its 650 ATX power supply. It's both cheaper and seemingly easier to use than the V2, but that comes with some compromises: the Core X doesn't have Chroma lighting, and it lacks USB and Ethernet ports.
Some other specs of the new Blade include a Intel Core i7-8750H processor, Nvidia GTX 1060 or 1070 with Max-Q graphics, up to 32GB of RAM, up to 2TB of PCIe-based SSD, and 80Whr battery. There are three USB-A 3.1 ports, one proprietary charging port, one Thunderbolt 3 port, a Mini DisplayPort, and an HDMI port.
Open Source

Computer History Museum Makes Eudora Email Client Source Code Available To the Public (medium.com) 53

Computer History Museum (CHM), an institution which explores the history of computing and its impact on the human experience, announced on Tuesday the public release and long-term preservation of the Eudora source code, one of the early successful email clients, as part of its Center for Software History's Historical Source Code. The release comes after a five-year negotiation with Qualcomm. From the press release: The first version of Eudora was created in the 1980s by Steve Dorner who was working at the University of Illinois at Urbana-Champaign. It took Dorner over a year to create the first version of Eudora, which had 50,000 lines of C code and ran only on the Apple Macintosh. In 1991, Qualcomm licensed Eudora from the University of Illinois and distributed it free of charge. Qualcomm later released Eudora as a consumer product in 1993, and it quickly gained popularity. Available both for the IBM PC and the Apple Macintosh, in its heyday Eudora had tens of millions of users. After 15 years, in 2006, Qualcomm decided that Eudora was no longer consistent with their other major project lines, and they stopped development. The discussion with Qualcomm for the release of the Eudora source code by the company's museum took five years. Len Shustek, the chairman of the board of trustees of the Computer History Museum, writes: Eventually many email clients were written for personal computers, but few became as successful as Eudora. Available both for the IBM PC and the Apple Macintosh, in its heyday Eudora had tens of millions of happy users. Eudora was elegant, fast, feature-rich, and could cope with mail repositories containing hundreds of thousands of messages. In my opinion it was the finest email client ever written, and it has yet to be surpassed. I still use it today, but, alas, the last version of Eudora was released in 2006. It may not be long for this world. With thanks to Qualcomm, we are pleased to release the Eudora source code for its historical interest, and with the faint hope that it might be resuscitated. I will muse more about that later.
Open Source

The Percentage of Open Source Code in Proprietary Apps is Rising (helpnetsecurity.com) 60

Zeljka Zorz, writing for Help Net Security: The number of open source components in the codebase of proprietary applications keeps rising and with it the risk of those apps being compromised by attackers leveraging vulnerabilities in them, a recent report has shown. Compiled after examining the findings from the anonymized data of over 1,100 commercial codebases audited in 2017 by the Black Duck On-Demand audit services group, the report revealed two interesting findings:

96 percent of the scanned applications contain open source components, with an average 257 components per application. The average percentage of open source in the codebases of the applications scanned grew from 36% last year to 57%, suggesting that a large number of applications now contain much more open source than proprietary code.

Transportation

Tesla Model 3 Falls Short of Consumer Reports Recommendation (cnbc.com) 295

Consumer Reports published their review of the Tesla Model 3 today. The product review site liked the vehicle's range of the battery and agile handling, but had issues with braking, controls, and ride quality. Overall, it failed to get a recommendation. CNBC highlights the key shortfalls: "Our testers also found flaws -- big flaws -- such as long stopping distances in our emergency braking test and difficult-to-use controls," said a review in the publication. In particular, the car's stopping distance of 152 feet from a speed of 60 miles per hour was slower than any of its contemporaries, including the Ford F-150, a full-size pickup. The location of almost all of Tesla's controls on a touchscreen and the vehicle's ride quality were also factors in the group's decision. Tesla issued a statement in response to Consumer Reports' stopping distance claim: "Tesla's own testing has found braking distances with an average of 133 feet when conducting the 60-0 mph stops using the 18-inch Michelin all season tire and as low as 126 feet with all tires currently available. Stopping distance results are affected by variables such as road surface, weather conditions, tire temperature, brake conditioning, outside temperature, and past driving behavior that may have affected the brake system. Unlike other vehicles, Tesla is uniquely positioned to address more corner cases over time through over-the-air software updates, and it continually does so to improve factors such as stopping distance."
Businesses

Amazon's New Marketplace Appstore Connects Sellers To Software (cnet.com) 6

Amazon is creating another app store, but it's not for consumers. From a report: Instead, the online retail giant will for the first time put its seal of approval on a bunch of third-party apps intended for professional sellers with its new Marketplace Appstore. It launches to sellers starting Monday, the company said. CNET reported on plans for the app store earlier this month. The new app store, which will be available in North America through Amazon's main hub for sellers called Seller Central, will include tools to handle pricing, inventory, advertising and other needs for pro sellers. The app store will be introduced to sellers slowly to ensure a smooth rollout. "Many developers have innovated and created applications that complement our tools and integrate with our service," Amazon said in a statement Monday. "We created the Marketplace Appstore to help businesses more easily discover these applications, streamline their business operations, and ultimately create a better experience for our customers."
AI

New Toronto Declaration Calls On Algorithms To Respect Human Rights 164

A coalition of human rights and technology groups released a new declaration on machine learning standards, calling on both governments and tech companies to ensure that algorithms respect basic principles of equality and non-discrimination. The Verge reports: Called The Toronto Declaration, the document focuses on the obligation to prevent machine learning systems from discriminating, and in some cases violating, existing human rights law. The declaration was announced as part of the RightsCon conference, an annual gathering of digital and human rights groups. "We must keep our focus on how these technologies will affect individual human beings and human rights," the preamble reads. "In a world of machine learning systems, who will bear accountability for harming human rights?" The declaration has already been signed by Amnesty International, Access Now, Human Rights Watch, and the Wikimedia Foundation. More signatories are expected in the weeks to come.

Beyond general non-discrimination practices, the declaration focuses on the individual right to remedy when algorithmic discrimination does occur. "This may include, for example, creating clear, independent, and visible processes for redress following adverse individual or societal effects," the declaration suggests, "[and making decisions] subject to accessible and effective appeal and judicial review."

Slashdot Top Deals