news aggregator

AmiMoJo shared this post from one of the ACLU's senior technology policy analysts about what happens when security cameras get AI upgrades: [I]magine that all that video were being watched -- that millions of security guards were monitoring them all 24/7. Imagine this army is made up of guards who don't need to be paid, who never get bored, who never sleep, who never miss a detail, and who have total recall for everything they've seen. Such an army of watchers could scrutinize every person they see for signs of "suspicious" behavior. With unlimited time and attention, they could also record details about all of the people they see -- their clothing, their expressions and emotions, their body language, the people they are with and how they relate to them, and their every activity and motion... The guards won't be human, of course -- they'll be AI agents. Today we're publishing a report on a $3.2 billion industry building a technology known as "video analytics," which is starting to augment surveillance cameras around the world and has the potential to turn them into just that kind of nightmarish army of unblinking watchers.... Many or most of these technologies will be somewhere between unreliable and utterly bogus. Based on experience, however, that often won't stop them from being deployed -- and from hurting innocent people... We are still in the early days of a revolution in computer vision, and we don't know how AI will progress, but we need to keep in mind that progress in artificial intelligence may end up being extremely rapid. We could, in the not-so-distant future, end up living under armies of computerized watchers with intelligence at or near human levels. These AI watchers, if unchecked, are likely to proliferate in American life until they number in the billions, representing an extension of corporate and bureaucratic power into the tendrils of our lives, watching over each of us and constantly shaping our behavior... Policymakers must contend with this technology's enormous power. They should prohibit its use for mass surveillance, narrow its deployments, and create rules to minimize abuse. They argue that the threat is just starting to emerge. "It is as if a great surveillance machine has been growing up around us, but largely dumb and inert -- and is now, in a meaningful sense, 'waking up.'"

Read more of this story at Slashdot.

Donation-based open source programmer Andre Staltz recently collected data from GitHub, Patreon, and OpenCollective to try to calculate how much money is being donated to popular projects. The results? Out of 58 projects checked, "there were two clearly sustainable open source projects, but the majority (more than 80%) of projects that we usually consider sustainable are actually receiving income below industry standards or even below the poverty threshold." More than 50% of projects are red: they cannot sustain their maintainers above the poverty line. 31% of the projects are orange, consisting of developers willing to work for a salary that would be considered unacceptable in our industry. 12% are green, and only 3% are blue: Webpack and Vue.js... The median donation per year is $217, which is substantial when understood on an individual level, but in reality includes sponsorship from companies that are doing this also for their own marketing purposes... The total amount of money being put into open source is not enough for all the maintainers. If we add up all of the yearly revenue from those projects in this data set, it's $2.5 million. The median salary is approximately $9k, which is below the poverty line. If split up that money evenly, that's roughly $22k, which is still below industry standards. The core problem is not that open source projects are not sharing the money received. The problem is that, in total numbers, open source is not getting enough money... GitHub was bought by Microsoft for $7.5 billion. To make that quantity easier to grok, the amount of money Microsoft paid to acquire GitHub -- the company -- is more than 3000x what the open source community is getting yearly. In other words, if the open source community saved up every penny of the money they ever received, after a couple thousand years they could perhaps have enough money to buy GitHub jointly... If Microsoft GitHub is serious about helping fund open source, they should put their money where their mouth is: donate at least $1 billion to open source projects. Even a mere $1.5 million per year would be enough to make all the projects in this study become green. The article suggests concrete actions to stop this "exploitation," including donating to open source projects, as well as more scrutiny of how well open source projects are funded, and "pressuring Microsoft to donate millions to open source projects." It also suggests considering alternative licenses for new projects, and unionizing. But Chris Aniszczyk, the CTO of the Cloud Native Computing Foundation, responded on Twitter that the donation-based approach is "a path to ruin for sustainability... you solve this problem by having companies hire folks or help maintainers build businesses around their projects... let's not turn open source into a gig economy and demand more of companies instead." So what do Slashdot's readers think? Are open source developers being underfunded and exploited? And if so -- what's the solution?

Read more of this story at Slashdot.

This week USA Today's former editor-in-chief argued that "Tech overlords Google and Facebook have used monopoly to rob journalism of its revenue," in an op-ed shared by schwit1: Over the past decade, the news business has endured a bloodbath, with tens of thousands of journalists losing their jobs amid mass layoffs. The irony is, more people than ever are consuming news... Why the disconnect? Look no further than a new study by the News Media Alliance, which found that in 2018, Google made $4.7 billion off of news content -- almost as much as every news organization in America combined made from digital ads last year. Yet Google paid a grand total of zero for the privilege. News industry revenue, meanwhile, has plunged... Google and Facebook command about 60% of all U.S. digital advertising revenue, and have siphoned off billions of dollars that once were the lifeblood of the news media. Let's be perfectly clear: Journalism's primary revenue source has been hijacked. It's time that news providers are compensated for the journalism they produce. That's why passage of the bipartisan Journalism Competition and Preservation Act is crucial... Toward that end, "News industry officials, including Atlanta Journal-Constitution Editor Kevin Riley, testified Tuesday on Capitol Hill in favor of legislation they say would help recover advertising revenue lost in recent years to tech behemoths such as Google and Facebook." The bipartisan bill would provide a four-year reprieve from federal antitrust laws, allowing print and digital publishers to collectively bargain with tech companies about how their content is used -- and what share of ad dollars they'll receive.... Federal antitrust laws bar news organizations from banding together to negotiate more favorable terms from social media and search sites. And individual outlets are deterred from acting alone, according to Chavern's group, because large tech companies could tank a news organization's traffic by demoting or excluding its stories from searches. The bill's proponents say it could help turn the tide for an industry that's been harmed over the past two decades by declining print subscriptions and ad revenue streams that have dried up and increasingly headed online. As tech sites' share of advertising revenue has grown -- Google's skyrocketed from $3.8 billion in 2005 to $52.4 billion in 2017 -- U.S. newspapers have watched their's nosedive from more than $49 billion to $16.5 billion during the same 12-year period, according to the Pew Research Center.

Read more of this story at Slashdot.

ZDNet reports: Internet-connected security cameras account for almost half of the Internet of Things devices that are compromised by hackers even as homes and businesses continue to add these and other connected devices to their networks. Research from cybersecurity company SAM Seamless Network found that security cameras represent 47 percent of vulnerable devices installed on home networks. According to the data, the average U.S. household contains 17 smart devices while European homes have an average of 14 devices connected to the network... Figures from the security firm suggest that the average device is the target of an average of five attacks per day, with midnight the most common time for attacks to be executed -- it's likely that at this time of the night, the users will be asleep and not paying attention to devices, so won't be witness to a burst of strange behavior. The anonymous reader who submitted this story suggests a possible solution: government inspectors should examine every imported IoT device at the border. "The device gets rejected if it has non-essential ports open, hard-coded or generic passwords, no automated patching for at least four years, etc."

Read more of this story at Slashdot.

CBS News reports: Target acknowledged nationwide "system issues" affecting its stores on Saturday that prevented its customers from checking out at registers. The outage caused long checkout lines at Target locations, with upset customers posting images and video on social media. Slashdot reader McGruber shared an article reporting more than 5,000 posts on Downdetector.com about problems at Target stores Saturday -- and noting that Target is America's eighth-largest retailer. (CBS reports Target has 1,800 stores scattered across the country.) "This is how you bring America to a standstill," a Minnesota news producer joked on Twitter (where the phrase #targetdown is now trending...) "At least Target kept me fed," the news producer added later. "They brought out candy and popcorn and wings. I'm thinking they should set up a TV next and pop in a movie. Maybe we can play bean bag toss, too..."

Read more of this story at Slashdot.

Long-time Slashdot reader fahrbot-bot brings us news about the southern hemisphere of Mars: The University of Arizona HiRISE (High Resolution Imaging Science Experiment) has posted a photo of curious chevron shapes in southeast Hellas Planitia that are the result of "a complex story of dunes, lava, and wind." "Enterprising viewers will make the discovery that these features look conspicuously like a famous logo..." RockDoctor (Slashdot reader #15,477) adds that "For those wanting to try to find it on a Mars map, it's at Latitude (centered) -49.325Â Longitude (East) 85.331Â."

Read more of this story at Slashdot.

Since 2005 Randall Munroe has been the author/illustrator of the popular nerdy comic strip XKCD -- and he's now planning to publish "the world's least useful self-help book." How To: Absurd Scientific Advice for Common Real-World Problems offers readers a third choice beyond simply doing things either the right way or the wrong way: "a way so monumentally bad that no one would ever try it," according to a new page at XKCD.com: It describes how to cross a river by removing all the water, outlines some of the many uses for lava around the home, and teaches you how to use experimental military research to ensure that your friends will never again ask you to help them move. To promote the book Munroe has already scheduled visits in 14 nerd-friendly cities (including New York, San Francisco, Seattle, Portland, Los Angeles, and Raleigh). But a final 15th city will be chosen "based on the results of a challenge..." The challenge: Write the best story using nothing but book covers. Arrange the titles of your favorite books into sentences that tell a story, assemble a single continuous line of people holding up the covers, and take a photo or video documenting your feat. You can make the story as long as you want, but each book needs to be held by a different human. Creative grammar is fine, and you'll get extra credit for including as many books and people as possible. Photos should be either shared on social media with the hashtag #howtoxkcd, or emailed to that address on Gmail. "Submit your entry between June 10 and July 31," explains the site, adding that a winner will be announced in August. "Make sure to include your location (city/state, US only) so we know where to find you!"

Read more of this story at Slashdot.

"It took 10 months to get it done, but the Granite State is now officially a Geeky State," writes Concord Monitor science reporter David Brooks. "The latest New Hampshire Historical Highway Marker, celebrating the creation of the BASIC computer language at Dartmouth in 1964, has officially been installed. Everybody who has ever typed a GOTO command can feel proud..." Last August, I wrote in this column that the 255 official historical markers placed alongside state roads told us enough about covered bridges and birthplaces of famous people but not enough about geekiness. Since anybody can submit a suggestion for a new sign, I thought I'd give it a shot. The creation of BASIC, the first programing language designed to let newbies dip their intellectual toes into the cutting-edge world of software, seemed the obvious candidate. Beginner's All-purpose Symbolic Instruction Code has probably has done more to introduce more people to computer programming than anything ever created. That includes me: The only functioning programs I've ever created were in vanilla BASIC, and I still recall the great satisfaction of typing 100 END... But BASIC wasn't just a toy for classrooms. It proved robust enough to survive for decades, helping launch Microsoft along the way, and there are descendants still in use today. In short, it's way more important than any covered bridge. The campaign for the marker was supported by Thomas Kurtz, the retired Dartmouth math professor who'd created BASIC along with the late John Kemeny. "Our original idea was to mention both BASIC and the Dartmouth Time-Sharing System, an early system by which far-flung computers could share resources. They were created hand-in-hand as part of Kemeny's idea of putting computing in the hands of the unwashed masses. "However, the N.H. Division of Historical Resources, which has decades of experience creating these markers, said it would be too hard to cram both concepts into the limited verbiage of a sign." The highway marker calls BASIC "the first user-friendly computer programming languages... BASIC made computer programming accessible to college students and, with the later popularity of personal computers, to users everywhere. It became the standard way that people all over the world learned to program computers, and variants of BASIC are still in use today." In the original submission, an anonymous Slashdot reader notes that last month, Manchester New Hampshire also unveiled a statue of Ralph Baer, whose team built the first home video game sold as Magnavox Odyssey, sitting on a park bench. "The Granite State isn't shy about its geek side."

Read more of this story at Slashdot.

Long-time Slashdot reader jrepin writes: The KDE community has released Plasma 5.16, the newest iteration of the popular desktop environment. It features an improved notification system, Not only can you mute notifications altogether with the Do Not Disturb mode, but the system also groups notifications by app. Developers also focused on user's privacy. When any application accesses the microphone, an icon will pop up in your system tray, showing that something is listening. Vaults, a built-in utility to encrypt folders, are easier and more convenient to use. Dolphin file and folder manager now opens folders you click on in new tabs instead of new windows. Discover software manager is cleaner and clearer as it now has two distinct areas for downloading and installing software. The Wallpaper Slideshow settings window displays the images in the folders you selected, and lets you select only the graphics you want to display in the slideshow. For a more comprehensive overview of what to expect in Plasma 5.16, check out the official announcement or the changelog for the complete list of changes.

Read more of this story at Slashdot.

JustAnotherOldGuy quotes Threatpost: A high-severity bug impacting two popular command-line text editing applications, Vim and Neovim, allow remote attackers to execute arbitrary OS commands. Security researcher Armin Razmjou warned that exploiting the bug is as easy as tricking a target into clicking on a specially crafted text file in either editor. Razmjou outlined his research and created a proof-of-concept (PoC) attack demonstrating how an adversary can compromise a Linux system via Vim or Neowim. He said Vim versions before 8.1.1365 and Neovim before 0.3.6 are vulnerable to arbitrary code execution... Vim and Neovim have both released patches for the bug (CVE-2019-12735) that the National Institute of Standards and Technology warns, "allows remote attackers to execute arbitrary OS commands via the :source! command in a modeline." "Beyond patching, it's recommended to disable modelines in the vimrc (set nomodeline), to use the securemodelinesplugin, or to disable modelineexpr (since patch 8.1.1366, Vim-only) to disallow expressions in modelines," the researcher said.

Read more of this story at Slashdot.

An anonymous reader quotes the Daily Beast: The online forum where alleged Chabad of Poway shooter John Earnest shared a livestream of the shooting was served a search warrant in April for the IP and metadata information on Earnest's posts, as well as those who commented on them. The warrant served to 8chan said the people who responded to Earnest's comments could be "potential witnesses, co-conspirators and/or individuals who are inspired" by his posting about the shooting. Similarly, according to the FBI agent who penned the warrant, there was evidence that Earnest himself was "inspired and/or educated" by other individuals posting on the forum.

Read more of this story at Slashdot.

"Caterpillar Inc. is trying to stop a tiny cafe from using the word cat," reports Fast Company. Long-time Slashdot reader UnknowingFool writes: Caterpillar wishes to cancels the coffee shop's trademark claiming that the trademark on shop's apparel and footwear is too similar to theirs and would cause confusion for consumers. For reference, the coffee shop's t-shirts and merchandise feature a cat and a cloud. This is not the first time Caterpillar has made dubious trademark claims on "Cat" or "Caterpillar". "Another small business faces a crazy legal challenge from a big company that should know better..." writes Inc. "There are literally hundreds of trademarks listed that include the word cat and that are intended for clothing. Without having a trademark or license, technically Cat & Cloud wouldn't be able to sell that merchandise without permission (whether from Caterpillar or one of the many other companies with cat-related trademarks for clothing)." The coffee shop responded by setting up a GoFundMe campaign (which is now "trending" and has so far raised $12,482) for their legal defense. They're arguing that Caterpillar's efforts "would effectively set the precedent for them to OWN the word 'cat', making it un-useable by any business in the US."

Read more of this story at Slashdot.

Python reached another new all-time high on the TIOBE index, now representing 8.5% of the results for the search query +"<language> programming" on the top 25 search engines. Python overtook C++ this month for the #3 spot, now placing behind only Java (#1) and C (#2). That's prompted TIOBE to make a bold prediction: If Python can keep this pace, it will probably replace C and Java in 3 to 4 years time, thus becoming the most popular programming language of the world. The main reason for this is that software engineering is booming. It attracts lots of newcomers to the field. Java's way of programming is too verbose for beginners. In order to fully understand and run a simple program such as "hello world" in Java you need to have knowledge of classes, static methods and packages. In C this is a bit easier, but then you will be hit in the face with explicit memory management. In Python this is just a one-liner. Enough said. InfoWorld reports: Also on the rise in the June Tiobe index, Apple's Swift language is ranked 11th, with a rating of 1.419 percent. Swift was ranked 15th at this time last year and 18th last month, while its predecessor Objective-C language ranked 12th this month with a rating of 1.391. Tiobe expects Objective-C to drop out of the top 20 within two years. InfoWorld also notes that Python is already #1 in the Pypl index, which analyes how often language tutorials are searched for on Google. On that list, Python is followed by Java, JavaScript, C#, PHP, and then C/C++. Python was also TIOBE's fastest-rising language in 2018 -- though in 2017 that honor went to C, and in 2015 to Java...

Read more of this story at Slashdot.

fahrbot-bot shares a report from Ars Technica: One patient has died and another became seriously ill after fecal transplants inadvertently seeded their innards with a multi-drug resistant bacterial infection, the Food and Drug Administration warned Thursday. The cases highlight the grave risks of what some consider a relatively safe procedure. They also call attention to the mucky issues of federal oversight for the experimental transplants, which the FDA has struggled to regulate. In its warning Thursday, the agency announced new protections for trials and experimental uses of the procedure. The FDA shared minimal details from the deadly transplants. Its warning only noted that the cases involved two patients who were immunocompromised prior to the experimental transplants and received stool from the same donor. Subsequent to the transplant, the patients developed invasive infections from an E. coli strain that was resistant to a wide variety of antibiotics in the penicillin and cephalosporin groups. The E. coli strain carried a drug-defeating enzyme called an extended-spectrum beta-lactamase (ESBL), which generally cleaves a ring common to all the chemical structures of those antibiotics. When unnamed researchers who administered the transplant looked back at the donor stool, they found that the stool contained an identical ESBL-producing E. coli. One of the patients died and the fate of the other was not discussed. The agency also did not say how or why the patients were immunocompromised prior to the transplants, what the transplants were attempting to accomplish, how they were carried out, who conducted the transplants, or when they occurred.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Wired: On Friday afternoon, the Israeli forensics firm and law enforcement contractor Cellebrite publicly announced a new version of its product known as a Universal Forensic Extraction Device or UFED, one that it's calling UFED Premium. In marketing that update, it says that the tool can now unlock any iOS device cops can lay their hands on, including those running iOS 12.3, released just a month ago. Cellebrite claims UFED Premium can extract files from many recent Android phones as well, including the Samsung Galaxy S9. No other law enforcement contractor has made such broad claims about a single product, at least not publicly. The move signals not only another step in the cat and mouse game between smartphone makers and the government-sponsored firms that seek to defeat their security, but also a more unabashedly public phase of that security face-off. "Cellebrite is proud to introduce #UFED Premium! An exclusive solution for law enforcement to unlock and extract data from all iOS and high-end Android devices," the company wrote on its Twitter feed for the UFED product. On a linked web page, the company says the new tool can pull forensic data off any iOS device dating back to iOS 7, and Android devices not just from Samsung but Huawei, LG, and Xiaomi.

Read more of this story at Slashdot.

Your quick guide to hacks, patches and scandal

Roundup Here's a quick roundup of recent infosec news beyond what we've already reported.…

fahrbot-bot shares a report from ScienceAlert: Antlia 2, the "ghost of a galaxy" orbiting the Milky Way, is a dark horse in more ways than one. Not only is it so faint it was only just discovered last year, it may now be responsible for curious ripples in the hydrogen gas that makes up the Milky Way's outer disc. According to new research, Antlia 2's current position is consistent with a collision with the Milky Way hundreds of millions of years ago that could have produced the perturbations we see today. The paper has been submitted for publication and is undergoing peer review. Antlia 2 was a bit of a surprise when it showed up in the second Gaia mission data release last year. It's really close to the Milky Way -- one of our satellite galaxies -- and absolutely enormous, about the size of the Large Magellanic Cloud. Further reading: CNET

Read more of this story at Slashdot.

An anonymous reader quotes a report The Weather Channel: Scientists studying climate change expected layers of permafrost in the Canadian Arctic to melt by the year 2090. Instead, it's happening now. A new study published this week in the journal Geophysical Research Letters revealed that unusually warm summers in the Canadian High Arctic between 2003 and 2016 resulted in permafrost melt up to 240% higher than previous years. Louise Farquharson, a researcher at the Permafrost Laboratory at the University of Alaska Fairbanks and the study's lead author, told weather.com the three areas of melting permafrost studied in remote northern Canada are believed to have been frozen for thousands of years. She noted that while scientists had predicted the permafrost wouldn't melt for another 70 years, those forecasts didn't take into account the unusually warm summers that have happened in recent years. While researchers believe all indicators point to warmer temperatures continuing, there's no way to know for sure just how quickly the permafrost will continue to melt. Not only is rapidly melting permafrost a symptom of global warming, but it accelerates climate change by exposing thawing biological material to the atmosphere where it decomposes and releases CO2, a key element in global warming.

Read more of this story at Slashdot.

JustAnotherOldGuy shares a report from Boing Boing: For years, Paul Hansmeier terrorized internet users through his copyright trolling racket Prenda Law, evading the law through shell companies and fraud, until, finally, he was brought to justice and pleaded guilty last August. Now, Hansmeier has been sentenced to 14 years in prison and must pay $1.5 million in restitution to his victims -- the same people he accused of being copyright infringers and then bullied into paying "settlement" fees to avoid being dragged through expensive litigation. Any Prenda Law victim can contact the Minnesota DA to apply for compensation. Prenda's tactics included identity theft, entrapment (uploading their own files to The Pirate Bay in order to generate downloads that they could threaten people over), and several kinds of fraud. Hansmeier and his co-defendant, John Steele, were indicted for money laundering, perjury, mail and wire fraud. Both men entered into plea agreements.

Read more of this story at Slashdot.

sandbagger writes: Photographer Jim Olive's helicopter shot of Houston was used by the University of Houston on their website after they removed his watermark, a definite no-no particularly since the image was used for their school of business. The photographer then sent the university a bill for $41,000 -- $16,000 for the usage and $25,000 for removing his copyright credit. After the matter ended up in court, the university pushed for the case to be dismissed because the public institution has sovereign immunity, which protects state government entities from a variety of lawsuits and the appeals court agreed. The matter will likely go before the Supreme Court (in Allen v. Cooper) sometime in 2020. "Even if the government sets itself up as a competitor by producing a copyrighted work, there probably is not good reason to conclude automatically that the copyright has been 'taken,'" the three-judge panel cites in its ruling. "The copyright holder can still exclude all private competitors even as the government pirates the entirety of his work." "[W]e hold that the Olive's takings claim, which is based on a single act of copyright infringement by the University, is not viable," the ruling continues. "This opinion should not be construed as an endorsement of the University's alleged copyright infringement, and as discussed, copyright owners can seek injunctive relief against a state actor for ongoing and prospective infringement. Instead, in the absence of authority that copyright infringement by a state actor presents a viable takings claim [...] we decline to so hold." The National Press Photographers Association (NPPA) notes that the U.S. Congress passed the Copyright Remedy Clarification Act (CRCA) decades ago to prevent states from having governmental immunity from copyright claims, but some appeals courts have held that CRCA goes beyond Congress' powers and have therefore struck it down as unconstitutional.

Read more of this story at Slashdot.