AI

Google To Open AI Center In China Despite Search Ban (bbc.com) 14

An anonymous reader quotes a report from BBC: Google is deepening its push into artificial intelligence (AI) by opening a research center in China, even though its search services remain blocked in the country. Google said the facility would be the first its kind in Asia and would aim to employ local talent. In a blog post on the company's website, Google said the new research center was an important part of its mission as an "AI first company." "Whether a breakthrough occurs in Silicon Valley, Beijing or anywhere else, [AI] has the potential to make everyone's life better for the entire world," said Fei-Fei Li, chief scientist at Google Cloud AI and Machine Learning. The research center, which joins similar facilities in London, New York, Toronto and Zurich, will be run by a small team from its existing office in Beijing. The tech giant operates two offices in China, with roughly half of its 600 employees working on global products, company spokesperson Taj Meadows told the AFP news agency. But Google's search engine and a number of other services are banned in China. The country has imposed increasingly strict rules on foreign companies over the past year, including new censorship restrictions.
Android

Andy Rubin's Essential Phone Considered Anything But (theregister.co.uk) 91

An anonymous reader shares a report: Andy Rubin's ambitions to create a new consumer electronics ecosystem are floundering at base camp. Sales of Essential's phone, which forms a key part of the strategy, are tepid. Google Play reports a mere 50,000 download of Essential's Camera app so far, the Android Police blog notes. This doesn't paint the full picture, but it can be assumed a fairly complete one, barring a few brush strokes. Essential launched in the US with support from Sprint, at a recommended SIM-free retail price of $699. After reported sales of just five thousand in the first month, this was slashed to $499 and could be grabbed for $399 in the post-Thanksgiving sales. As devices from different manufacturers proliferate in the home, Rubin has alluded to "a new operating system so it can speak all those protocols and it can do it securely and privately." But rather than launching a new software platform he's had to launch hardware.
AI

What Does Artificial Intelligence Actually Mean? (qz.com) 107

An anonymous reader writes: A new bill (pdf) drafted by senator Maria Cantwell asks the Department of Commerce to establish a committee on artificial intelligence to advise the federal government on how AI should be implemented and regulated. Passing of the bill would trigger a process in which the secretary of commerce would be required to release guidelines for legislation of AI within a year and a half. As with any legislation, the proposed bill defines key terms. In this, we have a look at how the federal government might one day classify artificial intelligence. Here are the five definitions given:

A) Any artificial systems that perform tasks under varying and unpredictable circumstances, without significant human oversight, or that can learn from their experience and improve their performance. Such systems may be developed in computer software, physical hardware, or other contexts not yet contemplated. They may solve tasks requiring human-like perception, cognition, planning, learning, communication, or physical action. In general, the more human-like the system within the context of its tasks, the more it can be said to use artificial intelligence.
B) Systems that think like humans, such as cognitive architectures and neural networks.
C) Systems that act like humans, such as systems that can pass the Turing test or other comparable test via natural language processing, knowledge representation, automated reasoning, and learning.
D) A set of techniques, including machine learning, that seek to approximate some cognitive task.
E) Systems that act rationally, such as intelligent software agents and embodied robots that achieve goals via perception, planning, reasoning, learning, communicating, decision-making, and acting.

Businesses

Trump Signs Into Law US Government Ban on Kaspersky Lab Software (reuters.com) 133

President Donald Trump signed into law on Tuesday legislation that bans the use of Kaspersky Lab within the U.S. government, capping a months-long effort to purge the Moscow-based antivirus firm from federal agencies amid concerns it was vulnerable to Kremlin influence. From a report: The ban, included as part of a broader defense policy spending bill that Trump signed, reinforces a directive issued by the Trump administration in September that civilian agencies remove Kaspersky Lab software within 90 days. The law applies to both civilian and military networks. "The case against Kaspersky is well-documented and deeply concerning. This law is long overdue," said Democratic Senator Jeanne Shaheen, who led calls in Congress to scrub the software from government computers. She added that the company's software represented a "grave risk" to U.S. national security.
Twitter

Twitter Officially Launches 'Threads,' a New Feature For Easily Posting Tweetstorms (techcrunch.com) 39

New submitter FatdogHaiku writes: For those people that must use multiple tweets to rant (or educate) on Twitter, a feature called "Threads" is being rolled out to aid in creating "tweetstorms" (i.e. gang tweets). Given how tweetstorms are normally used, how about we call them twitphoons? TechCrunch explains just how easy to use the new threads feature is: "There's now a new plus ('+') button in the composer screen where you can type out your series of tweets. Each line represents one tweet, with a character limit of 280 as per usual. You can also add the same amount of media -- like GIFs, images, videos, and more -- to any individual tweet in the thread, as you could on Twitter directly. When you're finished with one tweet, you just tap in the space below to continue your thread. While writing out your tweetstorm, you can go back and edit the tweets at any time as they're still in draft format. When you're ready to post, you tap the 'Tweet all' button at the top to send the stream to Twitter. (Twitter will pace the tweets' posting a bit so they don't all hit at once.)"

"In addition, another handy feature allows you to go back and update a thread by adding new tweets after it already posted," adds TechCrunch. "To do so, you'll write out the new tweet after tapping the 'Add another Tweet' button. This lets you continue to update a thread forever -- something Twitter CEO Jack Dorsey already does with his own threads, for example. Twitter tells us there's currently a limit of 25 entries in a thread, but that number may be subject to change depending on how the feature is adopted by the wider user base."
IT

Tech Support Scammers Invade Spotify Forums To Rank in Search Engines (bleepingcomputer.com) 33

Tech support scammers have been aggressively posting on Spotify forums to inject their phone numbers in a bid to vastly improve their odds of showing up on Google and Bing search results, a new report claims. And that bet seems to be working. From the report: They do this by submitting a constant stream of spam posts to the Spotify forums, whose pages tend to rank well in Google. While this behavior causes the Spotify forums to become harder to use for those who have valid questions, the bigger problem is that it allows tech support scammers to rank extremely well and trick unknowing callers into purchasing unnecessary services and software. BleepingComputer was alerted to this problem by security researcher Cody Johnston who started to see an alarming amount of tech support scam phone numbers being listed in Google search results through indexed Spotify forum posts. The tech support scams being posted to Spotify include Tinder, Linksys, AOL, Turbotax, Coinbase, Amazon, Apple, Microsoft, Norton, McAfee and more.
Microsoft

Microsoft Releases Free Preview of Its Quantum Development Kit (zdnet.com) 30

Microsoft is releasing a free preview version of its Quantum Development Kit. "The kit includes the Q# programming language and compiler and a local quantum computing simulator, and is fully integrated with Visual Studio," reports ZDNet. "There's also an Azure-based simulator that allows developers to simulate more than 40 logical qubits of computing power, plus documentation libraries, and sample programs, officials said in their December 11 announcement." From the report: Quantum computers are designed to process in parallel, thus enabling new types of applications across a variety of workloads. They are designed to harness the physics of subatomic particles to provide a different way to store data and solve problems compared to conventional computers, as my ZDNet colleague Tony Baer explains. The result is that quantum computers could solve certain high-performance-computing problems more efficiently. Microsoft officials have said applications that developers create for use with the quantum simulator ultimately will work on a quantum computer, which Microsoft is in the process of developing. Microsoft's goal is to build out a full quantum computing system, including both the quantum computing hardware and the related full software stack.
AI

AI-Assisted Fake Porn Is Here and We're All Screwed (vice.com) 281

New submitter samleecole shares a report from Motherboard: There's a video of Gal Gadot having sex with her stepbrother on the internet. But it's not really Gadot's body, and it's barely her own face. It's an approximation, face-swapped to look like she's performing in an existing incest-themed porn video. The video was created with a machine learning algorithm, using easily accessible materials and open-source code that anyone with a working knowledge of deep learning algorithms could put together. It's not going to fool anyone who looks closely. Sometimes the face doesn't track correctly and there's an uncanny valley effect at play, but at a glance it seems believable. It's especially striking considering that it's allegedly the work of one person -- a Redditor who goes by the name 'deepfakes' -- not a big special effects studio that can digitally recreate a young Princess Leia in Rouge One using CGI. Instead, deepfakes uses open-source machine learning tools like TensorFlow, which Google makes freely available to researchers, graduate students, and anyone with an interest in machine learning. Anyone could do it, and that should make everyone nervous.
Music

Apple Buys Shazam To Boost Apple Music (bloomberg.com) 36

An anonymous reader quotes a report from Bloomberg: Apple agreed to acquire music-identification service Shazam, taking ownership of one of the first apps to demonstrate the power of the iPhone, recognizing songs after hearing just a few bars of a tune. Terms of the deal weren't disclosed, but a person familiar with the situation said Apple is paying about $400 million for the U.K.-based startup. That would be one of Apple's largest acquisitions ever, approaching the size of its 1996 purchase of Next Computer Inc. which brought co-founder Steve Jobs back to the company. That transaction would be worth more than $600 million in today's dollars. The Shazam app uses the microphone on a smartphone or computer to identify almost any song playing nearby, then points users to places they can listen to it in future, such as Apple Music or Google's YouTube.

"Apple Music and Shazam are a natural fit, sharing a passion for music discovery and delivering great music experiences to our users," Apple said in an emailed statement on Monday. "We have exciting plans in store, and we look forward to combining with Shazam upon approval of today's agreement. Since the launch of the App Store, Shazam has consistently ranked as one of the most popular apps for iOS," Apple also said. "Today, it's used by hundreds of millions of people around the world, across multiple platforms." The acquisition would help Apple embed that capability more deeply into its music offerings. The company's digital assistant Siri gained Shazam integration in 2014, so users could ask it what song is playing in the background.

Google

Google Releases Tool To Help iPhone Hackers (vice.com) 52

Lorenzo Franceschi-Bicchierai, writing for Motherboard: Google has released a powerful tool that can help security researchers hack and find bugs in iOS 11.1.2, a very recent version of the iPhone operating system. The exploit is the work of Ian Beer, one of the most prolific iOS bug hunters, and a member of Google Project Zero, which works to find bugs in all types of software, including that not made by Google. Beer released the tool Monday, which he says should work for "all devices." The proof of concept works only for those devices he tested -- iPhone 7, 6s and iPod touch 6G -- "but adding more support should be easy," he wrote. Last week, Beer caused a stir among the community of hackers who hack on the iPhone -- also traditionally known as jailbreakers -- by announcing that he was about to publish an exploit for iOS 11.1.2. Researchers reacted with excitement as they realized the tool would make jailbreaking and security research much easier.
HP

HP Laptops Found To Have Hidden Keylogger (bbc.com) 114

Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models, BBC reported on Monday citing the findings of a security researcher. From the report: Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work. HP said more than 460 models of laptop were affected by the "potential security vulnerability." It has issued a software patch for its customers to remove the keylogger. The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012. Mr Myng discovered the keylogger while inspecting Synaptics Touchpad software, to figure out how to control the keyboard backlight on an HP laptop. He said the keylogger was disabled by default, but an attacker with access to the computer could have enabled it to record what a user was typing. According to HP, it was originally built into the Synaptics software to help debug errors. It acknowledged that could lead to "loss of confidentiality" but it said neither Synaptics nor HP had access to customer data as a result of the flaw.
Debian

Does Systemd Makes Linux Complex, Error-Prone, and Unstable? (ungleich.ch) 733

"Systemd developers split the community over a tiny detail that decreases stability significantly and increases complexity for not much real value." So argues Nico Schottelius, talking about his experiences as the CEO of a Swiss company providing VM hosting, datacenters, and high-speed fiber internet. Long-time Slashdot reader walterbyrd quotes Nico's essay: While I am writing here in flowery words, the reason to use Devuan is hard calculated costs. We are a small team at ungleich and we simply don't have the time to fix problems caused by systemd on a daily basis. This is even without calculating the security risks that come with systemd. Our objective is to create a great, easy-to-use platform for VM hosting, not to walk a tightrope...

[W]hat the Devuan developers are doing is creating stability. Think about it not in a few repeating systemd bugs or about the insecurity caused by a huge, monolithic piece of software running with root privileges. Why do people favor Linux on servers over Windows? It is very easy: people don't use Windows, because it is too complex, too error prone and not suitable as a stable basis. Read it again. This is exactly what systemd introduces into Linux: error prone complexity and instability. With systemd the main advantage to using Linux is obsolete.

The essay argues that while Devuan foisted another choice into the community, "it is not their fault. Creating Devuan is simply a counteraction to ensure Linux stays stable. which is of high importance for a lot of people."
IOS

Top iOS Apps of 2017: Bitmoji Beats Snapchat, YouTube, and Facebook Messenger (cnn.com) 27

An anonymous reader quotes CNN: Apple has unveiled its list of most downloaded iOS apps of the year, and topping the list is free custom emoji app Bitmoji... Bitmoji soared to the top of the list, thanks to an integration with Snapchat. (Snapchat's parent company acquired Bitmoji last year for an unknown amount)... Users must download the Bitmoji app to use it with Snapchat.

Fittingly, the main Snapchat app took second place, despite a tough year on Wall Street that was attributed to slow user growth. Snapchat was the most downloaded app of 2016. Google's YouTube took the number three spot this year, while Facebook's Messenger and Instagram placed fourth and fifth, respectively.

Python

Did Programming Language Flaws Create Insecure Apps? (bleepingcomputer.com) 99

Several popular interpreted programming languages are affected by severe vulnerabilities that expose apps built on these languages to attacks, according to research presented at the Black Hat Europe 2017 security conference. An anonymous reader writes: The author of this research is IOActive Senior Security Consultant Fernando Arnaboldi, who says he used an automated software testing technique named fuzzing to identify vulnerabilities in the interpreters of five of today's most popular programming languages: JavaScript, Perl, PHP, Python, and Ruby.

Fuzzing involves providing invalid, unexpected, or random data as input to a software application. The researcher created his own fuzzing framework named XDiFF that broke down programming languages per each of its core functions and fuzzed each one for abnormalities. His work exposed severe flaws in all five languages, such as a hidden flaw in PHP constant names that can be abused to perform remote code execution, and undocumented Python methods that can be used for OS code execution. Arnaboldi argues that attackers can exploit these flaws even in the most secure applications built on top of these programming languages.

Intel

Intel's ME May Be Massively Infringing on Minix3's Free Software License (ipwatchdog.com) 249

Software engineer (and IP Watchdog contributor) Fredrik Ohrstrom (a.k.a. Slashdot reader anjara) writes: Almost all Free Software licenses (BSD, MIT, GPL...) require some sort of legal notice (legal attribution) given to the recipient of the software, both when the software is distributed in source and in binary forms. The legal notice usually contains the copyright holder's name and the license text. This means that it's not possible to hide and keep secret the existence of Free Software that you have stuck into your product that you distribute. If you do so, then you are not complying with the Free Software license and you are committing a copyright infringement!

This is exactly what Intel seems to have done with the Intel ME. The Minix3 operating system license requires a legal notice, but so far it seems like Intel has not given the necessary legal notices. (Probably because they want to keep the inside of the ME secret.) Thus not only is Minix3 the most installed OS on our recent x86 CPUs -- but it might also the most pirated OS on our recent x86 CPUs!

Government

Autocratic Governments Can Now 'Buy Their Own NSA' (wired.com) 109

Citizen Lab has been studying information controls since 2001, and this week their director -- a Toronto political science professor -- revealed how governments (including Ethiopia's) are using powerful commercial spyware. Slashdot reader mspohr shared their report: We monitored the command and control servers used in the campaign and in doing so discovered a public log file that the operators mistakenly left open... We were also able to identify the IP addresses of those who were targeted and successfully infected: a group that includes journalists, a lawyer, activists, and academics... Many of the countries in which the targets live -- the United States, Canada, and Germany, among others -- have strict wiretapping laws that make it illegal to eavesdrop without a warrant... Our team reverse-engineered the malware used in this instance, and over time this allowed us to positively identify the company whose spyware was being employed by Ethiopia: Cyberbit Solutions, a subsidiary of the Israel-based homeland security company Elbit Systems. Notably, Cyberbit is the fourth company we have identified, alongside Hacking Team, Finfisher, and NSO Group, whose products and services have been abused by autocratic regimes to target dissidents, journalists, and others...

Remarkably, by analyzing the command and control servers of the cyber espionage campaign, we were also able to monitor Cyberbit employees as they traveled the world with infected laptops that checked in to those servers, apparently demonstrating Cyberbit's products to prospective clients. Those clients include the Royal Thai Army, Uzbekistan's National Security Service, Zambia's Financial Intelligence Centre, and the Philippine president's Malacañang Palace. Outlining the human rights abuses associated with those government entities would fill volumes.... Governments like Ethiopia no longer depend on their own in-country advanced computer science, engineering, and mathematical capacity in order to build a globe-spanning cyber espionage operation. They can simply buy it off the shelf from a company like Cyberbit. Thanks to companies like these, an autocrat whose country has poor national infrastructure but whose regime has billions of dollars, can order up their own NSA. To wit: Elbit Systems, the parent company of Cyberbit, says it has a backlog of orders valuing $7 billion.

Reached for comment, Cyberbit said they were not responsible with what others do with their software, arguing that "governmental authorities and law enforcement agencies are responsible to ensure that they are legally authorized to use the products in their jurisdictions."
AI

Emotion Recognition Systems Could Be Used In Job Interviews (techtarget.com) 145

dcblogs writes: Emotion recognition software identifies micro-expressions through video analysis. These are expressions that may be as fast as 1/25 of a second and invisible to the human eye, but a close analysis of video can detect them. These systems are being used in marketing research, but some employers may be interested in using them to assess job candidates.

Vendors claim these systems can be used to develop a personality profile and discover a good cultural fit. The technology raises concerns, illustrated earlier this year who showed that face-reading technology could use photographs to determine sexual orientation with a high degree of accuracy.

One company has already added face recognition into their iPad-based time clock, which the company's CEO thinks could be adapted to also detect an employee's mood when they're clocking out. Yet even he has his reservations. While he thinks it could provide more accurate feedback from employees, he also admits that "There's something very Big Brother about it."
Businesses

Patreon Hits Donors With New Fees, Angering Creators (venturebeat.com) 143

Patreon's changing their fee structure to make donors cover payment-processing fees (standardized to 2.9%) -- plus an additional 35 cents for every pledge. Long-time Slashdot reader NewtonsLaw reports that Patreon's users are furious: Despite Patreon's hype that this is a good thing for creators, few of these actually seem to agree and there's already a growing backlash on social media... many fear that their net return will be lower because the extra fees levied on patreons are causing them to either reduce the amount they pledge or withdraw completely... For those patrons supporting only a few creators the effect won't be large, but for those who make small donations to many creators this could amount to a hike of almost 40% in the amount charged to their credit cards. Without exception, all the content creators I have spoken to would have:

a) liked to have been consulted first

b) wanted the option to retain the old system where they bear the cost of the fees.

As a content creator, I've already seen quite a few of my patreons reducing their pledge and others canceling their pledges completely -- and I understand why they are doing that.

"Everyone hates Patreon's new fee," writes VentureBeat, adding "Many creators are saying it's unfair for patrons to have to pay transaction fees. In addition to that, most people support multiple creators and not just one, and they'll have to pay the extra fee for each pledge they make."

Tech journalist Bryan Lunduke is already soliciting suggestions on Twitter for an open source or Free Software solution that accepts donations from multiple payment systems, and while the change doesn't go into effect until December 18th, NewtonsLaw writes that "it's starting to look as if many content creators will be getting a slightly larger percentage of a much smaller amount as a result of this lunacy by Patreon -- something that will see them far worse off than the were before."
Security

'Process Doppelganging' Attack Bypasses Most Security Products, Works On All Windows Versions (bleepingcomputer.com) 125

An anonymous reader quotes a report from Bleeping Computer: Yesterday, at the Black Hat Europe 2017 security conference in London, two security researchers from cyber-security firm enSilo have described a new code injection technique called "Process Doppelganging." This new attack works on all Windows versions and researchers say it bypasses most of today's major security products. Process Doppelganging is somewhat similar to another technique called "Process Hollowing," but with a twist, as it utilizes the Windows mechanism of NTFS Transactions.

"The goal of the technique is to allow a malware to run arbitrary code (including code that is known to be malicious) in the context of a legitimate process on the target machine," Tal Liberman & Eugene Kogan, the two enSilo researchers who discovered the attack told Bleeping Computer. "Very similar to process hollowing but with a novel twist. The challenge is doing it without using suspicious process and memory operations such as SuspendProcess, NtUnmapViewOfSection. In order to achieve this goal we leverage NTFS transactions. We overwrite a legitimate file in the context of a transaction. We then create a section from the modified file (in the context of the transaction) and create a process out of it. It appears that scanning the file while it's in transaction is not possible by the vendors we checked so far (some even hang) and since we rollback the transaction, our activity leaves no trace behind." The good news is that "there are a lot of technical challenges" in making Process Doppelganging work, and attackers need to know "a lot of undocumented details on process creation." The bad news is that the attack "cannot be patched since it exploits fundamental features and the core design of the process loading mechanism in Windows."
More research on the attack will be published on the Black Hat website in the following days.
Android

Google Puts Android Accessibility Crackdown On Hold (slashgear.com) 28

Last month, Google issued a warning to Android app developers that they will no longer be able to access Android accessibility service functions in their apps, unless they can demonstrate that those functions are specifically used to help users with "disabilities." Since a lot of password managers use the Accessibility API, as well as poplar apps like Tasker automation and Greenify battery saver, there was a large amount of backlash from developers and users alike. According to SlashGear, Google is putting the Android accessibility crackdown on hold. From the report: Google has now sent another email that basically says "we'll think about it." It is evaluating "responsible and innovative use" of those services on a case to case basis. It is also requiring developers to explicitly inform users why they are asking for accessibility permissions rather than just informing them. This, of course, puts a heavier burden on Google, as it has to be more involved in the screening of apps rather than just rely on good ol' machine learning and automation. Developers and users probably won't mind, if it means still having access to those features that make Android a platform above all the rest.

Slashdot Top Deals