By msmash from Slashdot's taking-a-stand department
Democratic presidential candidate Elizabeth Warren is proposing to break up technology companies, including Amazon.com, Google and Facebook, calling them anti-competitive behemoths that are crowding out competition. From a report: "Twenty-five years ago, Facebook, Google, and Amazon didn't exist. Now they are among the most valuable and well-known companies in the world," Warren wrote in a post on the blogging platform Medium. "It's a great story -- but also one that highlights why the government must break up monopolies and promote competitive markets." Warren's call also comes as Democrats have begun to plan for increased oversight of tech companies after winning control of the House in the 2018 midterm elections. On Wednesday, House and Senate Democrats introduced legislation to establish strong net neutrality protections that would look to prevent major service providers from using their power to manipulate how users experience the internet. Update: In a statement, Warren's team said that the proposal would also apply to Apple. "They would have to structurally separate -- choosing between, for example, running the App Store or offering their own apps," a spokesperson said.Read Replies (0)
By BeauHD from Slashdot's out-in-the-open department
Security researchers Bob Diachenko and Vinny Troia discovered an unprotected MongoDB database containing 150GB of detailed, plaintext marketing data -- including hundreds of millions of unique email addresses. An anonymous Slashdot reader shares Diachenko's findings, which were made public today: On February 25th, 2019, I discovered a non-password protected 150GB-sized MongoDB instance. This is perhaps the biggest and most comprehensive email database I have ever reported. Upon verification I was shocked at the massive number of emails that were publicly accessible for anyone with an internet connection. Some of data was much more detailed than just the email address and included personally identifiable information (PII). This database contained four separate collections of data and combined was an astounding 808,539,939 records. As part of the verification process I cross-checked a random selection of records with Troy Hunt's HaveIBeenPwned database. Based on the results, I came to conclusion that this is not just another "Collection" of previously leaked sources but a completely unique set of data. Although, not all records contained the detailed profile information about the email owner, a large amount of records were very detailed. We are still talking about millions of records.
In addition to the email databases, this unprotected Mongo instance also uncovered details on the possible owner of the database -- a company named "Verifications.io" -- which offered the services of "Enterprise Email Validation." Unfortunately, it appears that once emails were uploaded for verification they were also stored in plain text. Once I reported my discovery to Verifications.io the site was taken offline and is currently down at the time of this publication.Read Replies (0)
By BeauHD from Slashdot's self-driving-strategy department
AmiMoJo writes: Tesla has been selling "full self-driving" capability since 2016, promising that "you will be able to summon your Tesla from pretty much anywhere," and that "once it picks you up, you will be able to sleep, read or do anything else en route [sic] to your destination." Last week Tesla shifted the goalposts, redefining "full self-driving" as a number of Level 2 driver assistance features that were already available, and a few new tricks to be delivered later. All will require a qualified driver behind the wheel, paying attention at all times and ready to take over if the car can't handle the situation. Worse, owners who bought the previous full self-driving feature paid $8,000 for it. Tesla is now offering owners who bought their cars prior to the change the same package for $5,000. Owners who paid the $3,000 higher price are unsure if the previously promised technology has been abandoned and Level 2 is now the most they can expect.Read Replies (0)
By BeauHD from Slashdot's new-and-improved department
Version 6.50 of the PlayStation 4's firmware now allows you to remotely play your PS4 games from an iPhone or iPad. "To access it, you'll need to download the Remote Play app for your iOS device, and then pair it with your console," reports The Verge. "Compatible games can then be played over Wi-Fi using the on-screen buttons." From the report: Announced back in 2013, Remote Play originally let you stream games from a PS4 console to the handheld PlayStation Vita, but later in 2016, Sony released Remote Play apps for both Windows and Mac. Although Sony has yet to announce a broader Android version of the service, the existence of an Android version of the app that's exclusive to Sony Xperia phones suggests there aren't any technical barriers. Bringing the functionality to iOS is a huge expansion for Remote Play, although it's a shame that you're not officially able to pair a DualShock 4 controller with the app via Bluetooth for a more authentic experience (although some users have reported being able to get the controller working via a sneaky workaround). If you're prepared to use a non-Sony controller, then you'll be happy to know that MacStories is reporting that other MFi gamepads (such as the SteelSeries Nimbus) work just fine with the iOS app. Other limitations with the functionality are that you'll need an iPhone 7 or 6th-generation iPad or later to use it, and it's also only available over Wi-Fi. You can't use Remote Play from another location over a mobile network. PS4 version 6.50 also adds the ability for you to remap the X and O buttons on the controller.Read Replies (0)
By BeauHD from Slashdot's cease-and-desist department
An anonymous reader quotes a report from The Guardian: Facebook has removed a network of more than 100 accounts and pages for "coordinated inauthentic behavior" on its social networks -- the first time it has done so for UK-based operations seeking to influence British citizens. The operation was spread over Facebook and Instagram and used a network of fake accounts to pose as both far-right activists and their opponents. It ran pages and groups whose names frequently changed in order to drum up more followers and operated fake accounts to engage in hate speech and spread divisive comments on both sides of UK political debate, Facebook says.
The pages, with names like "Anti Far Right Extremists", "Atheists Research Centre", and "Politicalized", attracted about 175,000 followers on Facebook, and a further 4,500 on Instagram, according to the company's head of cybersecurity policy, Nathaniel Gleicher. The pages shared content from mainstream news sources, such as the BBC and the New York Times, but also shared original content, even including administrators actively engaging in debate with users. "We are constantly working to detect and stop this type of activity because we don't want our services to be used to manipulate people," Gleicher said. "We're taking down these pages and accounts based on their behavior, not the content they posted. In each of these cases, the people behind this activity coordinated with one another and used fake accounts to misrepresent themselves, and that was the basis for our action.Read Replies (0)
By BeauHD from Slashdot's recycling-is-broken department
Longtime Slashdot reader Alok writes: High contamination in recycled garbage, such as plastic bags mixed in with the recyclable plastic waste, are causing major problems for sustainability efforts in U.S. This has been exposed as a big problem recently, due to recent stricter China import rules on importing waste materials that led to changes in the sourcing pipelines. Cities such as Philadelphia have ended up processing nearly half of the recycling garbage using waste-to-energy incinerators instead, where they're being burned alongside garbage. "Today, the average U.S. recyclable load is about 25 percent contaminated," reports Gizmodo. "To make their commodities saleable, material recovery facilities started hiring more 'pickers' and buying more equipment to remove items that shouldn't be in the recycling, in addition to slowing down their processing lines." [C]ommunities like Philadelphia are going have to generate cleaner material that is more marketable," Scott McGrath, Environmental Planning Director at the City of Philadelphia Streets Department, said, adding that the city will be focusing more of its efforts on educating residents about what can and cannot be recycled. McGrath said if Philly can convince residents to stop tossing plastic bags in the recycling bin, that alone would be a big deal.
< article continued at Slashdot's recycling-is-broken department
>Read Replies (0)
By BeauHD from Slashdot's change-of-heart department
Amazon is closing all 87 of its U.S. pop-up kiosks, which let customers try and buy gadgets such as smart speakers and tablets in malls, Kohl's department stores and Whole Foods groceries. It's the latest change in Amazon's brick-and-mortar retail strategy. NPR reports: "Across our Amazon network, we regularly evaluate our businesses to ensure we're making thoughtful decisions around how we can best serve our customers," an Amazon spokesperson said Thursday. Instead, the company is expanding Amazon Books and Amazon 4-star retail stores, the spokesperson said. Amazon 4-star stores, currently in New York City, Denver and Berkeley, Calif., sell various products, including consumer electronics, kitchen products and books that are rated 4 stars or above by customers on Amazon.com. The pop-up kiosks are expected to close by the end of April, The Wall Street Journal reported.
The news comes days after a Wall Street Journal report that Amazon plans to open dozens of grocery stores in several major U.S. cities. Those stores would be separate from the Whole Foods Market chain, which Amazon bought in 2017 in a $13.7 billion deal. The Amazon spokesperson declined to comment on the report. Amazon said it launched Amazon pop-up stores in six European countries during the 2018 holiday season. It was unclear if those stores would be affected by the closings.Read Replies (0)
By BeauHD from Slashdot's sneaky-bastards department
An anonymous reader quotes a report from ZDNet: Members of Amnesty International say that Egyptian authorities are behind a recent wave of spear-phishing attacks that have targeted prominent local human rights defenders, media, and civil society organizations' staff. The attacks used a relatively new spear-phishing technique called "OAuth phishing," Amnesty experts said. OAuth phishing is when attackers aim to steal a user account's OAuth token instead of the account password. When a user grants a third-party app the right to access their account, the app receives an OAuth token instead of the user's password. These tokens work as authorization until the user revokes their access. Amnesty investigators said that in the recent spear-phishing campaign that targeted Egyptian activists, authorities created Gmail third-party apps through which they gained access to victim's accounts. Victims would receive an email that looked like a legitimate Gmail security alert. But when they clicked the link, they'd be redirected to a page where a third-party app would request access to their account. Once the victim granted the app access to their Gmail account, the user would be redirected to the account's legitimate security settings page where they'd be left to change their password. Even if the victim changes their password, at this point, the phishers would still have access to the account via the newly acquired OAuth token. The Amnesty International report says the spear-phishing campaign also targeted Yahoo, Outlook and Hotmail users.Read Replies (0)
By BeauHD from Slashdot's be-afraid-be-very-afraid department
Google's bug-hunting researchers known as Project Zero have revealed a fresh zero-day vulnerability in macOS called "BuggyCow." "The attack takes advantage of an obscure oversight in Apple's protections on its machines' memory to enable so-called privilege escalation, allowing a piece of malware with limited privileges to, in some cases, pierce into deeper, far more trusted parts of a victim's Mac," reports Wired. "The trick's name is based on a loophole the hackers found in the so-called copy-on-write, or CoW, protection built into how MacOS manages a computer's memory." From the report: Some programs, when dealing with large quantities of data, use an efficiency trick that leaves data on a computer's hard drive rather than potentially clog up resources by pulling it into memory. That data, like any data in a computer's memory, can sometimes be used by multiple processes at once. The MacOS memory manager keeps a map of its physical location to help coordinate, but if one of those processes tries to change the data, the memory manager's copy-on-write safeguard requires it to make its own copy. Which is to say, a program can't simply change the data shared by all the other processes -- some of which could be more highly privileged, sensitive programs than the one requesting the change.
< article continued at Slashdot's be-afraid-be-very-afraid department
>Read Replies (0)
By BeauHD from Slashdot's new-and-improved department
Yesterday, Tesla launched the next generation Supercharger V3 with higher charging capacity, better efficiency, and more. The biggest new feature is the ability to deliver a new 250 kW of peak power thanks to an "all-new liquid cooled cable design." Electrek reports: According to the company, the cable is "significantly lighter, more flexible, and more efficient" than their current air-cooled cable found on the V2 Superchargers. Other than the cable, the Supercharger V3 should be undifferentiated from V2 at the station. The company didn't even release new pictures for V3. The new 250 kW peak at the station is also enabled by a new 1 MW power cabinet. Instead of using onboard chargers staked together, the new Supercharger is built using technology Tesla developed for its massive grid energy storage system. With the new technology, there will be no power share between stalls like in the current version.
On Tesla's most efficient vehicles, like the Long Range Model 3, the company says that the new Supercharger V3 can add up to 75 miles of range in 5 minutes and charge at a peak rage of 1,000 miles per hour of range. A new 'On-Route Battery Warmup' software feature was also announced. When entering a Supercharger station in your navigation system, the vehicle's software will "intelligently heat the battery to ensure you arrive at the optimal temperature to charge." That's assuming you have enough charge in the battery when you come in. The new feature alone should reduce "average charge times for owners by 25%," according to the automaker. Model S and X owners may be disappointed to hear that the new peak charging rates won't be available for their vehicles at launch. Instead, they will have to wait for a software update "in the coming months." Model 3 vehicles will be the first to receive the software update to support the new speeds.Read Replies (0)
By BeauHD from Slashdot's cease-and-desist department
An anonymous reader quotes a report from Ars Technica: This week, Philadelphia's mayor signed a bill that would ban cashless retail stores, according to The Morning Call. The move makes Philadelphia the first major city to require that brick-and-mortar retail stores accept cash. Besides Philadelphia, Massachusetts has required that retailers accept cash since 1978, according to CBS. The law takes effect July 1, and it will not apply to stores like Costco that require a membership, nor will it apply to parking garages or lots, or to hotels or rental car companies that require a credit or debit card as security for future charges, according to the Wall Street Journal. Retailers caught refusing cash can be fined up to $2,000.
Amazon, whose new Amazon Go stores are cashless and queue-less, reportedly pushed back against the new law, asking for an exemption. According to the WSJ, Philadelphia lawmakers said that Amazon could work around the law under the exemption for stores that require a membership to shop there, but Amazon told the city that a Prime membership is not required to shop at Amazon Go stores, so its options are limited. A top official in Philadelphia's Chamber of Commerce said that the ban will prevent Philadelphia from modernizing with the rest of the country. Cashless companies argue that cash slows down transactions when change needs to be counted and creates security risks for employees locking up at the end of the night. Supporters of the new law argue that "not accepting cash hurts poorer residents who may not be able to afford or qualify for a credit card or who want to avoid fees that come with changing cash into a prepaid debit card," reports Ars. "Additionally, privacy advocates say that being forced to use a digital form of payment to buy things is a de facto requirement to share records of their purchases with third-party companies."Read Replies (0)
By msmash from Slashdot's making-inroads department
An anonymous reader shares a report: Generative AI models have a propensity for learning complex data distributions, which is why they're great at producing human-like speech and convincing images of burgers and faces. But training these models requires lots of labeled data, and depending on the task at hand, the necessary corpora are sometimes in short supply.
The solution might lie in an approach proposed by researchers at Google and ETH Zurich. In a paper [PDF] published on the preprint server Arxiv.org ("High-Fidelity Image Generation With Fewer Labels"), they describe a "semantic extractor" that can pull out features from training data, along with methods of inferring labels for an entire training set from a small subset of labeled images. These self- and semi-supervised techniques together, they say, can outperform state-of-the-art methods on popular benchmarks like ImageNet.
"In a nutshell, instead of providing hand-annotated ground truth labels for real images to the discriminator, we ... provide inferred ones," the paper's authors explained. In one of several unsupervised methods the researchers posit, they first extract a feature representation -- a set of techniques for automatically discovering the representations needed for raw data classification -- on a target training dataset using the aforementioned feature extractor.Read Replies (0)
By msmash from Slashdot's that's-a-start department
Java has a problem -- the language and platform is evolving faster than ever, but many developers are stuck on the five-year-old Java 8. From a report: So why have developers not upgraded? Simply, Java 9 introduced major changes, including internal restructuring, new modularity (known as "Project Jigsaw"), and the removal of little-used APIs. These changes broke code, and even developers who are happy to make the necessary revisions have dependency issues. "We have problems with libraries that do not yet support the latest versions," said one QCon attendee.
"I want to explain why it was necessary," said Oracle's Ron Pressler, part of the Java platform group developing the language and lead for Project Loom. "There are billions of lines of code in Java, and Java 9, it did break some things. The reason is that Java is 20-something years old. It will probably be big and popular in another 20 years. We have to think 20 years ahead. The way the JDK was structured prior to Java 9 was just unmaintainable. We could not keep Java competitive if we had not done that change. That was an absolute necessity."Read Replies (0)
By msmash from Slashdot's no-thank-you department
Chinese smartphone maker Meizu generated some headlines in January after it unveiled Zero, a $1300 smartphone that doesn't have a headphone jack, or a charging port, or a physical SIM card slot, or any buttons, or a speaker grill. The company said it would make the phone available to consumers via Indiegogo crowdfunding platform. Well, the market has spoken. AndroidPolice: Meizu set itself an eminently reasonably bar for the campaign, too, at $100,000. That may sound like a fair bit of cash, but Meizu would only have had to sell 77 phones in order to meet this goal. It managed just 29. It's unclear how many of those were Meizu employees, other than to say "not enough."Read Replies (0)