United States

Senate Confirms Trump's Pick for NSA, Cyber Command (politico.com) 9

An anonymous reader shares a report: The Senate Tuesday quietly confirmed President Donald Trump's nominee to lead the National Security Agency and U.S. Cyber Command. U.S. Army Cyber Command chief Lt. Gen. Paul Nakasone was unanimously confirmed by voice vote to serve as the "dual-hat" leader of both organizations. The two have shared a leader since the Pentagon established Cyber Command in 2009. He will replace retiring Navy Adm. Mike Rogers after a nearly four-year term. The Senate Intelligence and Armed Services committees both previously approved Nakasone's nomination by voice vote.
Security

Ask Slashdot: Do We Need a New Word For Hacking? 87

goombah99 writes: Hacking and Hackers get a bum rap. Headline scream "Every Nitendo switch can be hacked." But that's good right? Just like farmers hacking their tractors or someone re-purposing a talking teddy bear. On the other hand, remote hacking a Intel processor backdoor or looting medical data base, that are also described as hacking, are ill-motivated. It seems like we need words with different connotations for hacking. One for things you should definitely do, like program an Arduino or teddy bear. One for things that are pernicious. And finally one for things that are disputably good/bad such as hacking DRM protected appliances you own. What viral sounds terms and their nuances would you suggest? Editor's note: We suggest reading this New Yorker piece "A Short History of 'Hack'", and watching this Defcon talk by veteran journalist Steven Levy on the creativeness and chutzpah of the early hackers.
Facebook

Facebook Has Considered Profiling Its Users' Personalities and Using the Information To Target Ads (bbc.com) 35

An anonymous reader shares a report: A patent filed by the social network describes how personality characteristics, including emotional stability, could be determined from people's messages and status updates. The firm is currently embroiled in a privacy scandal over the use of its data by a political consultancy. Facebook says it has never used the personality test in its products. The patent, first filed in 2012, is in the names of Michael Nowak and Dean Eckles. Mr Nowak has worked for Facebook for 10 years, while Prof Eckles now teaches at the Massachusetts Institute of Technology. The patent has been updated twice, most recently in 2016. The BBC has seen emails from Mr Eckles and other Facebook staff to University of Cambridge psychologists in which they discuss analysis of data to infer personality traits, and talk of using such research to improve the product for users and advertisers.
Technology

Far From Being a Utilitarian Afterthought, an Astonishing Number of Design Choices Go Into Pagination (theoutline.com) 78

An anonymous reader shares a report: In his landmark 1931 book An Essay on Typography, the British typographer Eric Gill discusses everything from the proper place for the tail of an 'R' to terminate to which type of word press might best serve the amateur typographer. He casts the printed word as sacred. But there's one thing -- a silent, steady workhorse found in nearly every book -- that Gill fails to address: the lowly page number. The functional role of the page number is simple: it provides order and sequence to a text. And while it is a supremely utilitarian design element, more thought is put into it than you might imagine. Should it go at the top or the bottom of the page? In the right or left margin? Or in the center? These are all conscious and deliberate choices made by designers.
Security

Atlanta Projected To Spend At Least $2.6 Million on Ransomware Recovery (zdnet.com) 60

Atlanta is setting aside more than $2.6 million on recovery efforts stemming from a ransomware attack, which crippled a sizable part of the city's online services. ZDNet reports: The city was hit by the notorious SamSam ransomware, which exploits a deserialization vulnerability in Java-based servers. The ransom was set at around $55,000 worth of bitcoin, a digital cryptocurrency that in recent weeks has wildy fluctated in price. But the ransom was never paid, said Atlanta city spokesperson Michael Smith in an email. Between the ransomware attack and the deadline to pay, the payment portal was pulled offline by the ransomware attacker. According to newly published emergency procurement figures, the city is projected to spend as much as 50 times that amount in response to the cyberattack. Between March 22 and April 2, the city budgeted $2,667,328 in incident response, recovery, and crisis management.
Businesses

Spotify Wants More Paid Subscribers, So It Has Launched a New App To Give Away More Music For Free (recode.net) 38

Spotify on Tuesday announced a new redesigned app for free customers, its first major change to the free tier in four years, as it attempts to lure more customers into buying its subscription service. Free listeners will now get on-demand access to 15 playlists; they can play any song they want in those playlists and are no longer stuck in a world of shuffled playback. From a report: The idea: If people get more stuff without paying, they are more likely to end up paying in the long run. The new mobile app gives free users the ability to play more songs on demand, from 15 pre-populated playlists -- some of which are personalized for individual users, like its popular "Discover Weekly" feature. Spotify has always let users listen to on-demand music for free via an ad-supported option -- it's the main thing that set the company apart from other streaming services in the past. But it has limited full, free access to its library of songs to desktop users, and limited what free users could get to on its mobile app. Today's move doesn't remove those limits entirely, but gives users more opportunity to sample. Paid users get full access to Spotify's entire catalog, on-demand, without ads. The new app also offers users the ability to stream songs with lower data usage. The company says users can save up to 75% of mobile data with data saver mode while streaming on 3G.
AI

Scientists Plan Huge European AI Hub To Compete With US (theguardian.com) 48

Leading scientists have drawn up plans for a vast multinational European institute devoted to world-class artificial intelligence (AI) research in a desperate bid to nurture and retain top talent in Europe. From a report: The new institute would be set up for similar reasons as Cern, the particle physics lab near Geneva, which was created after the second world war to rebuild European physics and reverse the brain drain of the brightest and best scientists to the US. Named the European Lab for Learning and Intelligent Systems, or Ellis, the proposed AI institute would have major centres in a handful of countries, the UK included, with each employing hundreds of computer engineers, mathematicians and other scientists with the express aim of keeping Europe at the forefront of AI research. In an open letter that urges governments to act, the scientists describe how Europe has not kept up with the US and China, where the vast majority of leading AI firms and universities are based. The letter adds that while a few "research hotspots" still exist in Europe, "virtually all of the top people in those places are continuously being pursued for recruitment by US companies."
Businesses

Chinese Tech Companies Post Men-Only Job Listings, Report Finds (theverge.com) 245

Major Chinese tech companies like Huawei, Alibaba, and Tencent discriminate against women in their online job listings, a new report from Human Rights Watch found today. Some job postings directly state they are for men only, while others specify that women must have attractive appearances and even be a certain height. The Verge reports: The Human Rights Watch report reveals gender discrimination amongst major tech companies, as in the rest of Chinese society, is common and widespread. Search engine Baidu listed a job for content reviewers in March 2017 stating that applicants had to be men with the "strong ability to work under pressure, able to work on weekends, holidays and night shifts." The conglomerate Tencent, which owns WeChat, the massive game Honor of Kings, and a majority stake in League of Legends, was found to have posted an ad for a sports content editor in March 2017, stating it was looking for "strong men who are able to work nightshifts."

And Alibaba, despite Jack Ma touting the company's inclusiveness, merited an entire case study from the Human Rights Watch report. The report noted the e-commerce giant came under fire in 2015 for posting a job ad on its site for a "computer programmer's motivator" seeking women applicants with physical characteristics like Japanese adult film star Sola Aoi. Alibaba removed the reference to Sola Aoi after media reported on it, but kept the ad on the site. As recently as January this year, Alibaba still mentioned "men preferred" in job listings for "restaurant operations support specialist" positions. Tech companies also often tout the attractive women they've hired as incentives for more men to come on board, according to the HRW report. Both Tencent and Baidu were noted to have posted to their social media accounts interviews with male employees who cited having beautiful women around them as an incentive for working there.

Piracy

Netflix, Amazon, and Major Studios Try To Shut Down $20-Per-Month TV Service (arstechnica.com) 152

An anonymous reader quotes a report from Ars Technica: Netflix, Amazon, and the major film studios have once again joined forces to sue the maker of a TV service and hardware device, alleging that the products are designed to illegally stream copyrighted videos. The lawsuit was filed against the company behind Set TV, which sells a $20-per-month TV service with more than 500 channels.

"Defendants market and sell subscriptions to 'Setvnow,' a software application that Defendants urge their customers to use as a tool for the mass infringement of Plaintiffs' copyrighted motion pictures and television shows," the complaint says. Besides Netflix and Amazon, the plaintiffs are Columbia Pictures, Disney, Paramount Pictures, Twentieth Century Fox, Universal, and Warner Bros. The complaint was filed Friday in U.S. District Court for the Central District of California. The companies are asking for permanent injunctions to prevent further distribution of Set TV software and devices, the impoundment of Set TV devices, and for damages including the defendants' profits.

The Internet

Mosaic, the First HTML Browser That Could Display Images Alongside Text, Turns 25 (wired.com) 111

NCSA Mosaic 1.0, the first web browser to achieve popularity among the general public, was released on April 22, 1993. It was developed by a team of students at the University of Illinois' National Center for Supercomputing Applications (NCSA), and had the ability to display text and images inline, meaning you could put pictures and text on the same page together, in the same window. Wired reports: It was a radical step forward for the web, which was at that point, a rather dull experience. It took the boring "document" layout of your standard web page and transformed it into something much more visually exciting, like a magazine. And, wow, it was easy. If you wanted to go somewhere, you just clicked. Links were blue and underlined, easy to pick out. You could follow your own virtual trail of breadcrumbs backwards by clicking the big button up there in the corner. At the time of its release, NCSA Mosaic was free software, but it was available only on Unix. That made it common at universities and institutions, but not on Windows desktops in people's homes.

The NCSA team put out Windows and Mac versions in late 1993. They were also released under a noncommercial software license, meaning people at home could download it for free. The installer was very simple, making it easy for just about anyone to get up and running on the web. It was then that the excitement really began to spread. Mosaic made the web come to life with color and images, something that, for many people, finally provided the online experience they were missing. It made the web a pleasure to use.

Earth

Cow Could Soon Be Largest Land Mammal Left Due To Human Activity, Says Study (theguardian.com) 206

An anonymous reader quotes a report from The Guardian: The cow could be left as the biggest land mammal on Earth in a few centuries, according to a new study that examines the extinction of large mammals as humans spread around the world. The spread of hominims -- early humans and related species such as Neanderthals -- from Africa thousands of years ago coincided with the extinction of megafauna such as the mammoth, the sabre-toothed tiger and the glyptodon, an armadillo-like creature the size of a car. "There is a very clear pattern of size-biased extinction that follows the migration of hominims out of Africa," the study's lead author, Felisa Smith, of the University of New Mexico, said of the study published in the journal Science on Thursday. Humans apparently targeted big species for meat, while smaller creatures such as rodents escaped, according the report, which examined trends over 125,000 years. In North America, for instance, the mean body mass of land-based mammals has shrunk to 7.6kg (17lb) from 98kg after humans arrived. If the trend continues "the largest mammal on Earth in a few hundred years may well be a domestic cow at about 900kg", the researchers wrote. That would mean the loss of elephants, giraffes and hippos. In March, the world's last male northern white rhino died in Kenya.
Youtube

YouTube Says Computers Helped It Pull Down Millions of Objectionable Videos Last Quarter (recode.net) 114

YouTube says it has successfully trained computers to flag objectionable videos. In the last quarter of 2017, the company reportedly pulled down more than six million of these videos before any users saw them. The news comes from a brief aside in Google CEO Sundar Pichai's scripted remarks during parent company Alphabet's earnings call today. "He said YouTube had pulled down more than six million videos in the last quarter of 2017 after first being flagged by its 'machine systems,' and that 75 percent of those videos 'were removed before receiving a single view,'" reports Recode.
Software

Algorithm Automatically Spots 'Face Swaps' In Videos (technologyreview.com) 38

yagoda shares a report from MIT Technology Review: Andreas Rossler at the Technical University of Munich in Germany and colleagues have developed a deep-learning system that can automatically spot face-swap videos. The new technique could help identify forged videos as they are posted to the web. But the work also has sting in the tail. The same deep-learning technique that can spot face-swap videos can also be used to improve the quality of face swaps in the first place -- and that could make them harder to detect. The new technique relies on a deep-learning algorithm that Rossler and co have trained to spot face swaps. These algorithms can only learn from huge annotated data sets of good examples, which simply have not existed until now. In semi-related news, the Screen Actors Guild-American Federation of Television and Radio Artists (SAG-AFTRA) says it's "fighting back" against the dangers posed by new face-swapping technologies that have been used to digitally superimpose the faces of its members onto the bodies of porn stars.

"SAG-AFTRA has undertaken an exhaustive review of our collective bargaining options and legislative options to combat any and all uses of digital re-creations, not limited to deepfakes, that defame our members and inhibit their ability to protect their images, voices and performances from misappropriation. We are talking with our members' representatives, union allies, and with state and federal legislators about this issue right now and have legislation pending in New York and Louisiana that would address this directly in certain circumstances. We also are analyzing state laws in other jurisdictions, including California, to make sure protections are in place. To the degree that there are not sufficient protections in place, we will work to fix that..."
Cellphones

Surface Phone Speculation Spurred By New Phone APIs In Windows (arstechnica.com) 61

Microsoft has been rumored to be working on a "Surface Phone" for years now, with little concrete evidence that such a device actually exists. "But the latest Windows 10 Insider Preview has given new fuel for the speculative fire, it has a set of new APIs for cellular phones," reports Ars Technica. From the report: Windows has had integrated support for cell modems since Windows 8, but this has been restricted to supporting data connections. Telephony -- dialing numbers, placing calls -- has always required either Windows Phone or Windows 10 Mobile. This has made the full Windows 10 unsuitable for a phone. That may be changing. Windows 10 build 17650 -- a preview of Redstone 5, the next Windows update after the delayed April update -- includes some telephony APIs. The new APIs cover support for a range of typical phone features: dialing numbers and contacts, blocking withheld numbers, support for Bluetooth headsets and spearphone mode, and so on and so forth. There also looks to be some kind of video-calling support, suggesting support for 3G or LTE video calling.
Government

US Government Weighing Sanctions Against Kaspersky Lab (cyberscoop.com) 83

An anonymous reader quotes a report from CyberScoop: The U.S. government is considering sanctions against Russian cybersecurity company Kaspersky Lab as part of a wider round of action carried out against the Russian government, according to U.S. intelligence officials familiar with the matter. The sanctions would be a considerable expansion and escalation of the U.S. government's actions against the company. Kaspersky, which has two ongoing lawsuits against the U.S. government, has been called "an unacceptable threat to national security" by numerous U.S. officials and lawmakers.

Officials told CyberScoop any additional action against Kaspersky would occur at the lawsuits' conclusion, which Kaspersky filed in response to a stipulation in the 2018 National Defense Authorization Act that bans its products from federal government networks. If the sanctions came to fruition, the company would be barred from operating in the U.S. and potentially even in U.S. allied countries.

Advertising

Facebook Sued Over Fake Ads (theguardian.com) 55

shilly writes: British finance expert Martin Lewis is suing Facebook for defamation, after a year of trying to persuade the company to stop accepting scam ads featuring his name and image. Facebook insists that he report to them every time he spots a scam; he wants them to check with him before they take money for an ad featuring his name or picture, so he can tell them if it's legit or not. "Lewis said he would not profit from any damages won, which he would donate to charities combating fraud, but that he hoped the action would prompt the site to stamp out scam adverts," reports The Guardian.
Operating Systems

Microsoft Readies Windows 10 April Update With New Features and Enhancements (hothardware.com) 92

MojoKid writes: Microsoft has been preparing a Spring Creators Update for Windows 10 for a while now, which was recently pushed out as an RTM (Release To Manufacturing) build to all rings of the Windows Insider program. Now dubbed the "Windows 10 April Update," Redmond is billing that "lots of new features" are rolling out with this release, including the ability to resume past activities in timeline and a file sharing feature with nearby devices. Also, based on what has been tested in pre-release builds, there will be other features coming as well, including a rebuilt Game Bar with a new Fluent design UI, a diagnostic data viewing tool in the Security and Privacy section, and Cortana is reportedly easier to use with a new Organizer interface and My Skills tab. It is expected Microsoft will be pushing out this update for Windows 10 this week sometime.
Nintendo

The 'Unpatchable' Exploit That Makes Every Current Nintendo Switch Hackable (arstechnica.com) 83

An anonymous reader quotes a report from Ars Technica: A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusee Gelee coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch. "Fusee Gelee isn't a perfect, 'holy grail' exploit -- though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ. The exploit, as outlined, makes use of a vulnerability inherent in the Tegra X1's USB recovery mode, circumventing the lock-out operations that would usually protect the chip's crucial bootROM. By sending a bad "length" argument to an improperly coded USB control procedure at the right point, the user can force the system to "request up to 65,535 bytes per control request." That data easily overflows a crucial direct memory access (DMA) buffer in the bootROM, in turn allowing data to be copied into the protected application stack and giving the attacker the ability to run arbitrary code. The exploit can't be fixed via a downloadable patch because the flawed bootROM can't be modified once the Tegra chip leaves the factory. As Temkin writes, "unfortunately, access to the fuses needed to configure the device's ipatches was blocked when the ODM_PRODUCTION fuse was burned, so no bootROM update is possible. It is suggested that consumers be made aware of the situation so they can move to other devices, where possible." Ars notes that Nintendo may however be able to detect "hacked" systems when they sign on to Nintendo's servers. "The company could then ban those systems from using the Switch's online functions."
Google

Google Accused of Showing 'Total Contempt' for Android Users' Privacy (bleepingcomputer.com) 91

On the heels of a terse privacy debate, Google may have found another thing to worry about: its attempt to rethink the traditional texting system. From a report: Joe Westby is Amnesty International's Technology and Human Rights researcher. Recently, in response to Google's launch of a new messaging service called "Chat", Westby argued that Google, "shows total contempt for Android users' privacy."

"With its baffling decision to launch a messaging service without end-to-end encryption, Google has shown utter contempt for the privacy of Android users and handed a precious gift to cybercriminals and government spies alike, allowing them easy access to the content of Android users' communications. Following the revelations by CIA whistleblower Edward Snowden, end-to-end encryption has become recognized as an essential safeguard for protecting people's privacy when using messaging apps. With this new Chat service, Google shows a staggering failure to respect the human rights of its customers," Westby contended. Westby continued, saying: "In the wake of the recent Facebook data scandal, Google's decision is not only dangerous but also out of step with current attitudes to data privacy."

AI

AI Trained on Images from Cosmological Simulations Surprisingly Successful at Classifying Real Galaxies in Hubble Images (ucsc.edu) 19

A machine learning method which has been widely used in face recognition and other image- and speech-recognition applications, has shown promise in helping astronomers analyze images of galaxies and understand how they form and evolve. From a report: In a new study, accepted for publication in Astrophysical Journal and available online [PDF], researchers used computer simulations of galaxy formation to train a deep learning algorithm, which then proved surprisingly good at analyzing images of galaxies from the Hubble Space Telescope. The researchers used output from the simulations to generate mock images of simulated galaxies as they would look in observations by the Hubble Space Telescope. The mock images were used to train the deep learning system to recognize three key phases of galaxy evolution previously identified in the simulations. The researchers then gave the system a large set of actual Hubble images to classify.

The results showed a remarkable level of consistency in the neural network's classifications of simulated and real galaxies. "We were not expecting it to be all that successful. I'm amazed at how powerful this is," said coauthor Joel Primack, professor emeritus of physics and a member of the Santa Cruz Institute for Particle Physics (SCIPP) at UC Santa Cruz. "We know the simulations have limitations, so we don't want to make too strong a claim. But we don't think this is just a lucky fluke."

Slashdot Top Deals