Linux fréttir

In his TechCrunch column, software engineer/journalist Jon Evans writes that last month "marked a victory for sanity and pragmatism over irrational paranoia." I'm talking about Microsoft finally -- finally! but credit to them for doing this nonetheless! -- removing the password expiration policies from their Windows 10 security baseline... Many enterprise-scale organizations (including TechCrunch's owner Verizon) require their users to change their passwords regularly. This is a spectacularly counterproductive policy. To quote Microsoft: "Recent scientific research calls into question the value of many long-standing password-security practices such as password expiration policies, and points instead to better alternatives... If a password is never stolen, there's no need to expire it. And if you have evidence that a password has been stolen, you would presumably act immediately rather than wait for expiration to fix the problem... If an organization has successfully implemented banned-password lists, multi-factor authentication, detection of password-guessing attacks, and detection of anomalous logon attempts, do they need any periodic password expiration? And if they haven't implemented modern mitigations, how much protection will they really gain from password expiration...?" Perfect security doesn't exist. World-class security is hard. But decent security is generally quite accessible, if you faithfully follow some basic rules. In order to do so, it's best to keep those rules to a minimum, and get rid of the ones that don't make sense. Password expiration is one of those. Goodbye to it, and good riddance. Instead the column recommends password managing software to avoid password re-use across sites, as well as two-factor authentication. "And please, if you work with code or data repositories, stop checking your passwords and API keys into your repos." But if your company still has a password expiration policy, he suggests mailing Microsoft's blog post to your sys-admin. "They will ignore you at first, of course, because that's what enterprise administrators do, and because information security (like transportation security) is too often an irrational one-way ratchet because our culture of fear incentivizes security theater rather than actual security -- but they may grudgingly begin to accept that the world has moved on."

Read more of this story at Slashdot.

John Romero has finally released Sigil, his unofficial fifth episode of Doom with nine new single-player levels and nine deathmatch levels. It's available for free on Romero's web site (though you'll also need the original Doom to play it). Hot Hardware reports: If you want to know what Sigil is about, Romero explains it best. He wrote, "After killing the Spiderdemon at the end of E4M8 (Unto the Cruel), your next stop is Earth -- you must save it from hellspawn that is causing unimaginable carnage. But Baphomet glitched the final teleporter with his hidden Sigil whose eldritch power brings you to even darker shores of Hell. You fight through this stygian pocket of evil to confront the ultimate harbingers of Satan, then finally return to become Earth's savior. In summary, rip and tear!" Kotaku calls it "some of the most punishing and devious Doom I've ever played... I've been playing it all day, and it owns..." What makes Romero's designs work so well is how unabashedly excited he seems to be about them. Levels are teeming with enemies, including many tougher ones such as the beefy, energy hurling Barons of Hell. Each new maze is punctuated with fights that mix and match Doom's precisely-designed enemies... There's a real giddiness here, a sense that a master is excitedly returning to his favourite tools... The default difficulty is tricky; higher levels feel like borderline trolling. Screw it, let's just toss a few cyberdemons at the start of this level. You know how to dodge, right? In the old days, we used to call all first-person shooters "Doom clones". But there's nothing else like Doom. There's a particular, nearly impossible to describe playfulness that even the 2016 reboot sometimes misses. A single run through Romero's new levels feels positively joyous, a chance to see fantastic level design in action and observe a master at play.

Read more of this story at Slashdot.

The NLNet Foundation is a non-profit supporting privacy, security, and the "open internet". Now the group has approved funding for the hybrid Libre RISC-V CPU/VPU/GPU, which will "pay for full-time engineering work to be carried out over the next year, and to pay for bounty-style tasks." Long-time Slashdot reader lkcl explains why that's significant: High security software is irrelevant if the hardware is fundamentally compromised, for example with the Intel spying backdoor co-processor known as the Management Engine. The Libre RISCV SoC was begun as a way for users to regain trust and ownership of the hardware that they legitimately purchase. This processor will be the first of its kind, as the first commercial SoC designed to give users the hardware and software source code of the 3D GPU, Video Decoder, main processor, boot process and the OS. Shockingly, in the year 2019, whilst there are dozens of SoCs with full source code that are missing either a VPU or a GPU (such as the TI OMAP Series and Xilinx ZYNQ7000s), there does not exist a single commercial embedded SoC which has full source code for the bootloader, CPU, VPU and GPU. The iMX6 for example has etnaviv support for its GPU however the VPU is proprietary, and all of Rockchip and Allwinner's offerings use either MALI or PowerVR yet their VPUs have full source (reverse engineered in the case of Allwinner). This processor, which will be quad core dual issue 800mhz RV64GC and capable of running full GNU/Linux SMP OSes, with 720p video playback and embedded level 25fps 3D performance in around 2.5 watts at 28nm, is designed to address that imbalance. Links and details on the Libre RISC-V SoC wiki. The real question is: why is this project the only one of its kind, and why has no well funded existing Fabless Semiconductor Company tried something like this before? The benefits to businesses of having full source code are already well-known.

Read more of this story at Slashdot.

harrymcc shares a Fast Company article about "the generally gnarly process once required to hook up peripherals" in the late 1990s -- and one Intel engineer who saw the need for "one plug to rule them all." In the olden days, plugging something into your computer -- a mouse, a printer, a hard drive -- required a zoo of cables. Maybe you needed a PS/2 connector or a serial port, the Apple Desktop Bus, or a DIN connector; maybe a parallel port or SCSI or Firewire cable. If you've never heard of those things, and if you have, thank USB. When it was first released in 1996, the idea was right there in the first phrase: Universal Serial Bus. And to be universal, it had to just work. "The technology that we were replacing, like serial ports, parallel ports, the mouse and keyboard ports, they all required a fair amount of software support, and any time you installed a device, it required multiple reboots and sometimes even opening the box," says Ajay Bhatt, who retired from Intel in 2016. "Our goal was that when you get a device, you plug it in, and it works." It was at Intel in Oregon where engineers made it work, at Intel where they drummed up the support of an industry that was eager to make PCs easier to use and ship more of them. But it was an initial skeptic that first popularized the standard: in a shock to many geeks in 1998, the Steve Jobs-led Apple released the groundbreaking first iMac as a USB-only machine. The faster speeds of USB 2.0 gave way to new easy-to-use peripherals too, like the flash drive, which helped kill the floppy disk and the Zip drive and CD-Rs. What followed was a parade of stuff you could plug in: disco balls, head massagers, security keys, an infinity of mobile phone chargers. There are now by one count six billion USB devices in the world. The article includes a thorough oral history of USB's development, and points out there's now also a new reversible Type-C cable design. And USB4, coming later this year, "will be capable of achieving speeds upwards of 40Gbps, which is over 3,000 times faster than the highest speeds of the very first USB." "Bhatt couldn't have imagined all of that when, as a young engineer at Intel in the early '90s, he was simply trying to install a multimedia card."

Read more of this story at Slashdot.

Slashdot reader Lasrick tipped us off to the first installment in a new series at the New York Times called "Op-Eds From the Future." Science fiction authors, futurists, philosophers and scientists write op-eds that they imagine we might read 10, 20 or even 100 years in the future. The challenges they predict are imaginary -- for now -- but their arguments illuminate the urgent questions of today. The first one is by science fiction writer Ted Chiang (best known for the short story which became the Hugo-winning movie Arrival). Apparently riffing on the college admissions scandal, Chiang writes that "It's 2059, and the Rich Kids Are Still Winning. DNA tweaks won't fix our problems..." His op-ed complains that a "philanthropic effort to bring genetic cognitive enhancements to low-income communities" has failed to get most of them into elite colleges or into jobs with good salaries and prospects for advancement. "With the results in hand, it is time for us to re-examine the efficacy and desirability of genetic engineering...."

Read more of this story at Slashdot.

Slashdot reader Nicola Hahn argues that at first, Edward Snowden's revelations six years ago "put mass surveillance and state sponsored hacking center stage," leading to other revelations like the ANT Catalogue, the Equation Group tools, and the Vault 7 leaks: In the wake of these developments a number of high-ranking officials scrambled to justify clandestine programs. Executives likewise recalibrated their stance toward the government and lawmakers worked to defend our civil liberties. Yet despite the tumult of the post-Snowden era and the debates that ensued, has it actually changed anything? Or did society merely offer a collective shrug to the looming threat of pervasive monitoring, surrendering to the convenience of mobile devices? One observer who has warily followed the aftermath of the Snowden affair believes that most people followed the latter path and that it does not bode well for civilization. That observer is Bill Blunden, who asks this question in an essay at Counterpunch. "After all the breathless headlines, Hollywood movies, book deals, Pulitzer prizes, and glossy primetime biopics. What, pray tell, has come of it?"

Read more of this story at Slashdot.

Researchers at the Catholic University of the Sacred Heart in Milan have discovered that Twitter-based classes actually hurts academic performance, according to the Washington Post: The finding by a team of Italian researchers is not necessarily that the crush of hashtags, likes and retweets destroys brain cells; that's a question for neuroscientists, they said. Rather, Twitter not only fails to enhance intellectual attainment but substantially undermines it, the economists said in a working paper published this month by the economics and finance department at the Catholic University of the Sacred Heart in Milan... The investigation drew on a sample of roughly 1,500 students attending 70 Italian high schools during the 2016-17 academic year. Half of the students used Twitter to analyse The Late Mattia Pascal, the 1904 novel by Italian Nobel laureate Luigi Pirandello, which satirises issues of self-knowledge and self-destruction. They posted quotes and their own reflections, commenting on tweets written by their classmates. Teachers weighed in to stimulate the online discussion. The other half relied on traditional classroom teaching methods. Performance was assessed based on a test measuring understanding, comprehension and memorisation of the book. Using Twitter reduced performance on the test by about 25 to 40 per cent of a standard deviation from the average result, as the paper explains. Jeff Hancock, the founding director of the Stanford Social Media Lab, described these as "pretty big effects". Notably, the decline was sharpest among higher-achieving students, including women, those born in Italy and those who had scored higher on a baseline test. This finding, the paper notes, bolsters the conclusion that blogs and social networking sites actively impair performance, rather than simply failing to augment learning... [Lead author Gian] Barbetta suggested that declining performance among students who had used the social networking site to study the novel was a result of two factors. The first was a mistaken belief on the part of students that they had absorbed the book by circulating tweets about its contents. The second was that time spent on social media simply replaced time spent actually poring over the book. The study contributes to growing skepticism that human activities - and learning, specifically - can be transferred to cyberspace without a cost. A spokesman for Twitter "declined to comment on the study."

Read more of this story at Slashdot.

Horst Seehofer, Germany's federal interior minister, wants to require encryption companies to provide the government with plain text transcripts. One security expert says Facebook is already working on a way to make it happen. An anonymous reader quotes his remarks in Forbes: The reality is that at its annual conference earlier this month, Facebook previewed all of the necessary infrastructure to make Germany's vision a reality and even alluded to the very issue of how Facebook's own business needs present it with the need to be able to covertly access content directly from users' devices that have been protected through end-to-end encryption... While it was little noticed at the time, Facebook's presentation on its work towards moving AI-powered content moderation from its data centers directly onto users' phones presents a perfect blueprint for Seehofer's vision. Touting the importance of edge content moderation, Facebook specifically cited the need to be able to scan the unencrypted contents of users' messages in an end-to-end encrypted environment to prevent them from being able to share content that deviated from Facebook's acceptable speech guidelines. This would actually allow a government like Germany to proactively prevent unauthorized speech before it is ever uttered, by using court orders to force Facebook to expand its censorship list for German users of its platform. Even more worryingly, Facebook's presentation alluded to the company's need to covertly harvest unencrypted illicit messages from users' devices without their knowledge and before the content has been encrypted or after it has been decrypted, using the client application itself to access the encrypted-in-transit content. While it stopped short of saying it was actively building such a backdoor, the company noted that when edge content moderation flagged a post in an end-to-end encrypted conversation as a violation, the company needed to be able to access the unencrypted contents to further train its algorithms, which would likely require transmitting an unencrypted copy from the user's device directly to Facebook without their approval. Could this be the solution Germany has been searching for? The article warns that by "sparking the idea of being able to silently harvest those decrypted conversations on the client side, Facebook is inadvertently telegraphing to anti-encryption governments that there are ways to bypass encryption while also bypassing the encryption debate."

Read more of this story at Slashdot.

"You gotta be kidding me," said a Wisconsin man, when police arrested his 82-year-old next-door neighbor "old Ray" -- the guy who would occasionally come over to fix his lawnmower. An anonymous reader quotes the Associated Press: Ray Vannieuwenhoven was his next-door neighbor -- a helpful, 82-year-old handyman with a gravelly voice and a loud, distinctive laugh, the kind of guy who always waved from his car. The widower and father of five grown children had lived quietly for two decades among the 800 residents of Lakewood, a northern Wisconsin town surrounded by forests and small lakes. Now authorities were saying this man was a cold-blooded killer. They had used genetic genealogy to crack a cold case that stretched back well into the 20th century -- a double murder 25 miles southwest of Lakewood. For nearly 43 years, Vannieuwenoven had lived in plain sight, yet outside detectives' radar.... DNA profiling in the '90s brought new hope, but detectives got no matches... Last year, detectives contacted Virginia-based Parabon NanoLabs, a DNA technology company whose work with genetic genealogy analysis has helped police identify 55 suspects in cold cases nationwide since May 2018, according to the company. Parabon uploads DNA from crime scenes to GEDmatch, a free, public genealogy database with about 1.2 million profiles, all voluntarily submitted by people who've used consumer genealogy sites like Ancestry.com and 23andMe. California law enforcement used GEDmatch to capture the Golden State Killer last year by finding distant relatives and reverse-engineering his family tree. Parabon's experts completed Vannieuwenhoven's family tree in late December. They'd found his parents, who had lived in the Green Bay area. Now detectives needed DNA samples from Vannieuwenhoven and his three brothers. Two were ruled out with DNA samples collected from one brother's trash and another's used coffee cup. On March 6, two sheriff's deputies knocked on Vannieuwenhoven's door, pretending they wanted him to fill out a brief survey on area-policing. They told him to put the survey in an envelope and seal it with his tongue. Detectives didn't need to visit the fourth brother. Eight days later, Vannieuwenhoven was in custody. Vannieuwenhoven has pleaded not guilty.

Read more of this story at Slashdot.

Long-time Slashdot reader rastos1 works for a mid-size software company that for many decades has been developing CAD-CAM software for the textile industry. But last weekend their code-signing certificate was revoked -- and they're looking for advice. On Monday morning we woke up to phones ringing from confused customers unable to launch our software. This has hit mostly Java applications launched from a web page because JRE checks the signature by default using OCSP. But traditional executables and shared libraries also would report invalid signature upon checking. We reached out, but for half a day we could not get any feedback. Later we got information that some malware was signed with our certificate. Two days and many e-mails and phone calls later, we understand that this is what happened: someone submitted one of our executables to virustotal.com -- a site that runs ~70 antivirus programs on submitted files and reports back whether they flag the uploaded file. Five of their antivirus packages flagged our executable. We tracked down the version and we positively know it was a false positive. There is random guy that wrote a tool that creates a monthly report of files flagged at Virustotal. Sectigo found the report, and, according to their statement, revoked all certificates used to sign executables -- causing major disruption to us and downtime for our customers... There was no attempt to contact us and clarify the situation. How do you prepare and deal with such scenario? Did you know how little it takes to get your certificate revoked? They'd bought their certs from the same seller for more than a decade -- and their story has already drawn some interesting comments from long-time Slashdot readers. "False positives are way too common in the anti-virus world today..." argues Z00L00K, adding "you have to cut down all unnecessary players in the chain to a minimum, so the dependency on an external CA is worth reconsidering." sjames -- Slashdot reader #1,099 -- agrees. "If you must depend on another entity, make sure they're small enough that they would actually care if they lost you as a customer." And Martin S. simply recommends talking to a lawyer, adding "This is a legal problem, not a technology problem." But what's your advice? Leave your best thoughts in the comments. What should you do when your certificate authority suddenly revokes your cert?

Read more of this story at Slashdot.

The automated MCAS system in the Boeing 737 Max played a role in two fatal crashes. But today the New York Times reports that a year before they'd finished developing the plane, Boeing "made the system more aggressive and riskier," and that "test pilots, engineers and regulators were left in the dark about a fundamental overhaul." While the original version relied on data from at least two types of sensors, the ultimate used just one, leaving the system without a critical safeguard. In both doomed flights, pilots struggled as a single damaged sensor sent the planes into irrecoverable nose-dives within minutes, killing 346 people and prompting regulators around the world to ground the Max. But many people involved in building, testing and approving the system, known as MCAS, said they hadn't fully understood the changes. Current and former employees at Boeing and the Federal Aviation Administration who spoke with The New York Times said they had assumed the system relied on more sensors and would rarely, if ever, activate. Based on those misguided assumptions, many made critical decisions, affecting design, certification and training... The company also played down the scope of the system to regulators. Boeing never disclosed the revamp of MCAS to Federal Aviation Administration officials involved in determining pilot training needs, according to three agency officials. When Boeing asked to remove the description of the system from the pilot's manual, the F.A.A. agreed. As a result, most Max pilots did not know about the software until after the first crash, in October.... While the F.A.A. officials in charge of training didn't know about the changes, another arm of the agency involved in certification did. But it did not conduct a safety analysis on the changes. The F.A.A. had already approved the previous version of MCAS. And the agency's rules didn't require it to take a second look because the changes didn't affect how the plane operated in extreme situations... The disasters might have been avoided, if employees and regulators had a better understanding of MCAS... Safety analysts said they would have acted differently if they had known it used just one sensor. Regulators didn't conduct a formal safety assessment of the new version of MCAS. The current and former employees, many of whom spoke on the condition of anonymity because of the continuing investigations, said that after the first crash, they were stunned to discover MCAS relied on a single sensor. "That's nuts," said an engineer who helped design MCAS. "I'm shocked," said a safety analyst who scrutinized it. "To me, it seems like somebody didn't understand what they were doing," said an engineer who assessed the system's sensors.

Read more of this story at Slashdot.

"A robotic boat and submersible have won the XPRIZE to find the best new technologies to map the seafloor," writes the BBC -- taking home the grand prize of $4 million. dryriver shares their report: The surface and underwater combo demonstrated their capabilities in a timed test in the Mediterranean, surveying depths down to 4km. [2.48 miles -- slightly deeper than the ocean's average depth of 2.3 miles.] Put together by the international GEBCO-NF Alumni team, the autonomous duo are likely now to play a role in meeting the "Seabed 2030" challenge. This aims to have Earth's ocean floor fully mapped to a high standard. Currently, only 20% of the world's sub-surface topography has been resolved to an acceptable level of accuracy... The group triumphed by packaging an existing, state-of-the-art solution with a novel twist. So, while its HUGIN autonomous underwater vehicle (AUV) is an established industry tool for echo-sounding the depths, its uncrewed surface vessel (USV) that deployed and recovered the sub was developed specially for the competition... On arrival, the chosen technologies had just 24 hours to make an extensive, high-resolution (5m or better) bathymetric (depth) map; and take multiple pictures of the seabed. The GEBCO-NF Alumni team covered 278 sq km in its allotted time, returning more than 10 images of identifiable geological features.

Read more of this story at Slashdot.

Russ Cox (along with Rob Pike) is the tech lead for Google's Go team and its Go project. This week he responded on the Google group golang-nuts to a blogger who'd argued that "Go is Google's language, not ours." First Cox points to a talk at Gophercon 2015 -- and its accompanying blog post -- which argued that Go's open source status is critical to its long-term success. He noted this week that "good ideas come from outside Google as often as they come from inside Google.... But getting to yes on every suggested new feature is not and never has been a goal." No one can speak for the entire Go community: it is large, it contains multitudes. As best we can, we try to hear all the many different perspectives of the Go community. We encourage bug reports and experience reports, and we run the annual Go user survey, and we hang out here on golang-nuts and on gophers slack precisely because all those mechanisms help us hear you better. We try to listen not just to the feature requests but the underlying problems people are having, and we try, as I said in the Gophercon talk, to find the small number of changes that solve 90% of the problems instead of the much more complex solution that gets to 99%. We try to add as little as possible to solve as much as possible. In short, we aim to listen to everyone's problems and address as many of them as possible, but at the same time we don't aim to accept everyone's offered solutions. Instead we aim to create space for thoughtful discussions about the offered solutions and revisions to them, and to work toward a consensus about how to move forward... The "proposal review" group meets roughly weekly to review proposal issues and make sure the process is working. We handle trivial yes and trivial no answers, but our primary job is to shepherd suggested proposals, bring in the necessary voices, and make sure discussions are proceeding constructively. We have talked in the past about whether to explicitly look for people outside Google to sit in our weekly meeting, but if that's really important, then we are not doing our job right. Again, our primary job is to make sure the issues get appropriate discussion on the issue tracker, where everyone can participate, and to lead that discussion toward a solution with broad agreement and acceptance. If you skim through any of the accepted proposals you will see how we spend most of our meetings nudging conversations along and trying to make sure we hear from everyone who has a stake in a particular decision. It remains an explicit goal to enable anyone with a good piece of code or a good idea to be able to contribute it to the project, and we've continued to revise both the code contribution and proposal contribution docs as we find gaps. But as I said in 2015, the most important thing we the original authors of Go can do is to provide consistency of vision, to keep Go feeling like a coherent system, to keep Go Go. People may disagree with individual decisions. We may get some flat wrong. But we hope that the overall result still works well for everyone, and the decision process we have seems far more likely to preserve a coherent, understandable system than a standards committee or other process. His conclusion? The Go language belongs to the Go community -- and, because it's open source, "the freedom to fork hopefully keeps me and the other current Go leadership honest."

Read more of this story at Slashdot.

Suren Enfiajyan shared this story from Science magazine: Genes are a powerful driver of risk for autism, but some researchers suspect another factor is also at play: the set of bacteria that inhabits the gut. That idea has been controversial, but a new study offers support for this gut-brain link. It reveals that mice develop autismlike behaviors when they are colonized by microbes from the feces of people with autism. The result doesn't prove that gut bacteria can cause autism. But it suggests that, at least in mice, the makeup of the gut can contribute to some hallmark features of the disorder. "It's quite an encouraging paper," says John Cryan, a neuroscientist at University College Cork in Ireland who was not involved in the research. The idea that metabolites -- the molecules produced by bacterial digestion -- can influence brain activity "is plausible, it makes sense, and it will help push the field forward..." Compared with mice colonized with bacteria from children without autism, the mice that inherited a microbiome from a child with autism were less social and showed more repetitive behavior, the authors report today in Cell. Mice with the autism-derived microbiome also had lower levels of several bacterial species that the researchers suspect could be beneficial... "There's still a lot of missing links," says Jun Huh, an immunologist at Harvard University who studies the relationship between bacteria and brain function. "But I think the real importance of this study is to show -- for the first time -- that there's a causal relationship between the bacterial community and [autismlike] behavior."

Read more of this story at Slashdot.

This week the Guardian ran an expose on Google Assistant (Google's version of Alexa or Siri) "Interpreting a spoken request isn't magic, rather it has taken a team of underpaid, subcontracted linguists to make the technology possible." "It's smoke and mirrors if anything," said a current Google employee who, as with the others quoted in this story, spoke on condition of anonymity because they were not authorized to speak to the press. "Artificial intelligence is not that artificial; it's human beings that are doing the work." The Google employee works on Pygmalion, the team responsible for producing linguistic data sets that make the Assistant work. And although he is employed directly by Google, most of his Pygmalion co-workers are subcontracted temps who have for years been routinely pressured to work unpaid overtime, according to seven current and former members of the team. These employees, some of whom spoke to the Guardian because they said efforts to raise concerns internally were ignored, alleged that the unpaid work was a symptom of the workplace culture put in place by the executive who founded Pygmalion. That executive was fired by Google in March following an internal investigation. But current and former employees also identified Google's broad reliance on approximately 100,000 temps, vendors and contractors (known at Google as TVCs) for large amounts of the company's work as a culprit. Google does not directly employ the workers who collect or create the data required for much of its technology, be they the drivers who capture photos for Google Maps' Street View, the content moderators training YouTube's filters to catch prohibited material, or the scanners flipping pages to upload the contents of libraries into Google Books. Having these two tiers of workers -- highly paid full-time Googlers and often low-wage and precarious workers contracted through staffing firms -- is "corrosive", "highly problematic", and "permissive of exploitation", the employees said. "It's like a white-collar sweatshop," said one current Google employee. "If it's not illegal, it's definitely exploitative. It's to the point where I don't use the Google Assistant, because I know how it's made, and I can't support it."

Read more of this story at Slashdot.

"Russian Twitter trolls have attempted to fuel the anti-vaccination debate in the U.S.," reports CBS News, citing a study from George Washington University. Bots are reportedly sharing opinions from both sides of the debate to stir up controversy The Daily Dot reports: The study further warns that the spread of anti-vaccine misinformation by "accounts masquerading as legitimate users" erodes the public consensus on the effectiveness of vaccination. News of the study comes as the U.S. faces the worst measles outbreak in 25 years. The Centers for Disease Control and Prevention (CDC) said Thursday that 940 known cases of measles have been reported so far this year. "This is the greatest number of cases reported in the U.S. since 1994 and since measles was declared eliminated in 2000," the CDC said. While Facebook vowed ten weeks ago to crack down on anti-vaccination information, Thursday the Wall Street Journal reported that instead it "remains widely available" across Facebook -- and that Facebook is still running paid ads from a prominent anti-vaccination group. [Paywalled article] According to the Journal, Facebook "says it is mindful of overreach and is still refining automated tools for culling content."

Read more of this story at Slashdot.

Bloomberg remembers the launch of Bing ten years ago -- "It was all a little sad". There was even a jingle-writing contest in which song-a-day writer Jonathan Mann won a $500 gift card for his song "Bing Goes the Internet". (After TechCrunch called it "awful" and compared it to the sound of dying cows, the songwriter released a second song which consisted of nothing but the text of TechCrunch's article.) Now Bloomberg asks, "How did Bing go from a joke to generating nearly three times the advertising revenue of Twitter?" What seemed like a typical Microsoft reaction to fear of Google has become -- with the help of blood, sweat, tears and the Nadellaissance -- a nice business. Microsoft now generates about $7.5 billion in annual revenue from web search advertising. That is a pipsqueak compared with Google's $120 billion in ad sales over the last 12 months. But it's more revenue brought in by either Microsoft's LinkedIn professional network or the company's line of Surface computers and other hardware... Microsoft in recent years outsourced chunks of its advertising business and stuck Bing in spots that Microsoft controls or that Google couldn't grab. Importantly, Microsoft made Bing front and center for people using search boxes on Windows computers and Office software, practically guaranteeing that a healthy share of PC owners would wittingly or unwittingly use the "decision engine." Research firm comScore estimates Microsoft accounts for a little under one-quarter of U.S. web searches conducted on desktop computers. Microsoft's market share is far smaller outside the U.S. and practically nonexistent on smartphones... [T]his year it struck a deal to handle searches and ads tied to searches on Yahoo, AOL and other Verizon Communications Inc. internet properties. Those aren't glamorous corners of the internet, but they have a lot of traffic and therefore a lot of people searching for running shoes and local dentists. All that helps use of Bing and lifts the ad revenue that flows through Microsoft's accounts. Microsoft has also pared costs to the point where Bing stopped bleeding red ink... Bing at least stands on its own two feet, and company executives have said that Microsoft has learned from the search business how to run big data-collecting and crunching technologies. The article argues that Bing's success has been good for Google, since it keeps them from looking like a monopoly.

Read more of this story at Slashdot.

Purism just published an announcement about their new social network, Librem Social, available for both iOS and Android. "Think Twitter... if Twitter respected your privacy and didn't advertise to you." Librem Social is part of a network of social network servers already boasting over 2,000,000 users! Two Million! Follow friends. Make new ones. Share stories, pictures, and videos with them. Librem One is ready and growing. Fast. One of Librem Social's most important features is that, unlike all other social hosts, it is entirely opt-in. You only see posts from people you want to follow. This means you are not force-fed an unrelenting stream of manipulated content specifically targeting you... We also do not advertise to you. Not at all. Which means we have no reason to track you. Simple, right...? Librem Social is proudly built on Mastodon, part of what is known as "The Fediverse", as well as many other Free Software projects that we actively work with and contribute to. The Fediverse is the decentralized replacement to MySpace, Orkut, Friendster, Google+, Twitter and Facebook (can you spot the trend?). The Fediverse already exists, and it is growing. What makes the Fediverse different to its forebears is that it has no central domain -- not even a central service. It's composed of lots of services, all of them speaking (mostly) the same protocol, known as ActivityPub. The new social network is part of Librem One, "the suite of privacy-protecting, no-tracking apps and services created by our team at Purism" which also includes Librem Mail, Librem Chat, and the encrypted VPN tunnel Librem Tunnel.

Read more of this story at Slashdot.

"A team of programmers at a British artificial intelligence company has designed automated 'agents' that taught themselves how to play the seminal first-person shooter Quake III Arena, and became so good they consistently beat human beings," reports AFP: The work of the researchers from DeepMind, which is owned by Google's parent company Alphabet, was described in a paper published in Science on Thursday and marks the first time the feat has ever been accomplished... "Even after 12 hours of practice, the human game testers were only able to win 25% of games against the agent team," the team wrote. The agents' win-loss ratio remained superior even when their reaction times were artificially slowed down to human levels and when their aiming ability was similarly reduced.... The team did not comment, however, on the AI's potential for future use in military settings. DeepMind has publicly stated in the past that it is committed to never working on any military or surveillance projects, and the word "shoot" does not appear even once in the paper (shooting is instead described as tagging opponents by pointing a laser gadget at them). Moving forward, Jaderberg said his team would like to explore having the agents play in the full version of Quake III Arena and find ways his AI could work on problems outside of computer games. "We use games, like Capture the Flag, as challenging environments to explore general concepts such as planning, strategy and memory, which we believe are essential to the development of algorithms that can be used to help solve real-world problems," he said. DeepMind's agents "individually played around 450,000 games of capture the flag, the equivalent of roughly four years of experience," reports VentureBeat. But that was enough to make them consistently better than human players, according to Ars Technica. "The only time humans beat a pair of bots was when they were part of a human-bot team, and even then, they typically won only five percent of their matches..." "Humans' visual abilities made them better snipers. But at close range, [DeepMind's team FTW] excelled in combat, in part because its reaction time was half that of a human's, and in part because its accuracy was 80 percent compared to the humans' 50 percent."

Read more of this story at Slashdot.

An anonymous reader quotes the Next Web: According to Spiegel Online, the country's Federal Interior Minister, Horst Seehofer, wants encrypted messaging services like WhatsApp and Telegram to provide chat logs in plain text to the authorities. Since these services come with end-to-end encryption, the companies will have to break the encryption and provide a backdoor to give access to the texts. Wired adds that "This is obviously incompatible with end-to-end encryption, used by services such as Signal, WhatsApp and Telegram and, if passed, such a law would effectively ban secure encryption for instant messaging." Some commenters on Bruce Schneier's site suggest this is just political grandstanding. An analysis from the Carnegie Endowment for International Peace, a foreign policy think tank, argues that this would be a major change from Germany's stance on encryption over the last two decades: Instead of focusing on regulating encryption itself, Germany has worked to enable its security agencies to conduct hacking. It has even passed a legal framework tailored to government hacking operations... The legal debate eventually led to a landmark supreme court ruling emphasizing the government's responsibility for the integrity of information technology systems. The conversation is far from over, with some supreme court cases still pending in regard to recent legislation on the lawful hacking framework.

Read more of this story at Slashdot.