By msmash from Slashdot's closer-look department
Oiwan Lam, reporting for Global Voices: It has been widely reported that software and web applications made in China are often built with a "backdoor" feature, allowing the manufacturer or the government to monitor and collect data from the user's device. But how exactly does the backdoor feature work? Recent discussion among mobile phone users in mainland China has shed some light on the question. Last month, users of Vivo NEX, a Chinese Android phone, found that when they opened certain applications on the phone, including Chinese internet giant QQ browser and travel booking app Ctrip, the mobile device's camera would self-activate. [...] One Weibo user observed that the retractable camera self-activates whenever he opens a new chat on Telegram, a messaging application designed for secured and encrypted communication. [...] After the news of the self-activated camera bug spread, users started testing the issue on other applications and found that Baidu's voice input application has access to both the camera and voice recording function, which can be launched without users' authorization. A Vivo NEX user found that once she had installed Baidu's voice input system, it would activate the phone's camera and sound recording function whenever the user opened any application -- including chat apps, browsers -- that allows the user to input text.Read Replies (0)
By msmash from Slashdot's how-about-that department
Machine-learning software trained on masses of chemical-safety data is so good at predicting some kinds of toxicity that it now rivals -- and sometimes outperforms -- expensive animal studies, researchers report. From a report: Computer models could replace some standard safety studies conducted on millions of animals each year, such as dropping compounds into rabbits' eyes to check if they are irritants, or feeding chemicals to rats to work out lethal doses, says Thomas Hartung, a toxicologist at Johns Hopkins University in Baltimore, Maryland. "The power of big data means we can produce a tool more predictive than many animal tests." In a paper published in Toxicological Sciences on 11 July, Hartung's team reports that its algorithm can accurately predict toxicity for tens of thousands of chemicals -- a range much broader than other published models achieve -- across nine kinds of test, from inhalation damage to harm to aquatic ecosystems. The paper "draws attention to the new possibilities of big data," says Bennard van Ravenzwaay, a toxicologist at the chemicals firm BASF in Ludwigshafen, Germany. "I am 100% convinced this will be a pillar of toxicology in the future." Still, it could be many years before government regulators accept computer results in place of animal studies, he adds. And animal tests are harder to replace when it comes to assessing more complex harms, such as whether a chemical will cause cancer or interfere with fertility."Read Replies (0)
By BeauHD from Slashdot's send-and-receive department
Presto Vivace shares a report from The Week with the caption, "And they wonder why some of us prefer to shop online." From the report: Surveillance systems at more than 46 malls in California are capturing license plate information that is fed to Immigration and Customs Enforcement, the Electronic Frontier Foundation reported Tuesday. One company, Irvine Company Retail Properties, operates malls all over the state using a security network called Vigilant Solutions. Vigilant shares data with hundreds of law enforcement agencies, insurance companies, and debt collectors -- including ICE, which signed a contract with the security company earlier this year, reports The Verge. "[Irvine Company] is putting not only immigrants at risk, but invading the privacy of its customers by allowing a third-party to hold onto their data indefinitely," EFF wrote in its report, urging the chain of malls to stop providing information to ICE.Read Replies (0)
By msmash from Slashdot's how-about-that department
PopularScience: Chinese scientists have developed the world's first destructive, man-portable laser weapon. However, there is more to the story of this cool looking, but "less than lethal" directed energy device. The laser rifle is the ZKZM-500, developed by Xian Institute of Optics and Precision Mechanics in Xian, Shaanxi. It's manufactured by the Institute's subsidiary, ZKZM Laser. Weighing at 6 pounds (about the weight of a typical assault rifle), the ZKZM-500 has a range of 2,600 feet. The ZKZM-500 uses a lithium battery with enough power for 1000 two second shots (keep in mind, those 1000 shots may not be at full power). According to Institute designers, its laser is powerful enough to instantly scar human skin and tissue. It can also ignite clothing, knock a small drone out of the sky, or even ignite a fuel tank. That would place its power output around 100-500 watts (most surgical lasers top out at 100 watts).Read Replies (0)
By BeauHD from Slashdot's everyone-has-an-opinion department
Beardydog writes: An article currently on Ars Technica examines comments about net neutrality issues by recent Supreme Court nominee Brett Kavanaugh. Kavanaugh not only rejects the FCC's reclassification of ISPs under Title II, but seems to also support a broad First Amendment right to "editorial control," allowing ISPs to selectively block, filter, or modify transmitted data. Kavanaugh compares ISPs to cable TV operators, rather than phone companies. "Deciding whether and how to transmit ESPN and deciding whether and how to transmit ESPN.com are not meaningfully different for First Amendment purposes." Here's what Ars Technica had to say about Kavanaugh's argument, which did not address the business differences between cable TV and internet service: "Cable TV providers generally have to pay programmers for the right to carry their channels, and cable TV providers have to fit all the channels they carry into a limited amount of bandwidth. At least for now, major internet providers don't offer a set package of websites -- they just route users to whichever sites the users are requesting. ISPs also don't have to pay those websites for the right to 'transmit' them, but ISPs have argued that they should be able to demand fees from websites." The report also mentions Kavanaugh's support of NSA surveillance: "In November 2015, Kavanaugh was part of a unanimous decision when the DC Circuit denied a petition to rehear a challenge to the NSA's bulk collection of telephone metadata. Kavanaugh was the only judge to issue a written statement, which said that '[t]he Government's collection of telephony metadata from a third party such as a telecommunications service provider is not considered a search under the Fourth Amendment.' Even if this form of surveillance constituted a search, it wouldn't be an 'unreasonable' search and therefore it would be legal, Kavanaugh also wrote."Read Replies (0)
By BeauHD from Slashdot's about-face department
Despite previous reports that the program has been ended, the Orlando Police Department in Florida is planning to continue its test of Amazon's real-time facial recognition system. "News of OPD supposedly ending its use of Rekognition on footage captured by a number of CCTV cameras came just a day after the ACLU sent a letter to Orlando Mayor Buddy Dyer regarding the face recognition program," reports Gizmodo. "But the end date for the initial pilot period had already been selected -- it just happened to coincide with the ACLU's report and the ensuing backlash from civil rights groups." From the report: While the original test period ended, the OPD will soon sit down with Amazon representatives to outline the new pilot, the police department told the Orlando Sentinel. "It's really to prevent the next tragedy," Orlando Police Chief John Mina said. Now, with the program set to continue, Dyer says the practice is not as dystopian as it seems.
Details on the new pilot are sparse. OPD confirmed it will test Rekognition on at least eight cameras, as it did before, though their location isn't known. In the previous trial program, five Rekognition-enabled cameras captured footage at OPD headquarters, while three additional cameras were positioned in downtown Orlando. During its initial testing phase, Rekognition will scan officers' faces against a face database made up of volunteers. The plan, the OPD memo explains, is for officers themselves to walk in front of the cameras and record how accurately the technology recognizes them from different angles, with different clothes, or other variables. It's not known how long this initial testing phase will last, though the city plans to draft proposed regulations before any public rollout begins. It's worth noting that pilot itself requires no public approval and Dyer has wholeheartedly supported Rekognition. "No images of the public will be used for any testing," OPD said in a statement.Read Replies (0)
By BeauHD from Slashdot's blast-from-the-past department
An anonymous reader quotes a report from Open Culture: Every artist explores dimensions of space and place, orienting themselves and their works in the world, and orienting their audiences. Then there are artists like Vincent van Gogh, who make space and place a primary subject. [...] The opportunity to see all of Van Gogh's bedroom paintings in one place may have passed us by for now -- an exhibit in Chicago brought them together in 2016. But we can see the original bedroom at the yellow house in Arles in a virtual space, along with almost 1,000 more Van Gogh paintings and drawings, at the Van Gogh Museum in Amsterdam's site. The digitized collection showcases a vast amount of Van Gogh's work -- including not only landscapes, but also his many portraits, self-portraits, drawings, city scenes, and still-lifes.
The Van Gogh Museum houses the largest collection of the artist's work in the world. On their website you can read essays about his life and work, plan a visit, or shop at the online store. But most importantly, you can experience the stunning breadth of his art through your screen -- no replacement for the physical spaces of galleries, but a worthy means nonetheless of communing with Van Gogh's vision.Read Replies (0)
By BeauHD from Slashdot's can't-get-off-the-hook-that-easy department
dryriver shares a report from the BBC: PayPal wrote to a woman who had died of cancer saying her death had breached its rules and that it might take legal action as a consequence. The firm has since acknowledged that the letter was "insensitive," apologized to her widower, and begun an inquiry into how it came to be sent.
Lindsay Durdle died on May 31 aged 37. She had been first diagnosed with breast cancer about a year-and-a-half earlier. The disease had later spread to her lungs and brain. PayPal was informed of Mrs Durdle's death three weeks ago by her husband Howard Durdle. He provided the online payments service with copies of her death certificate, her will and his ID, as requested. He has now received a letter addressed in her name, sent to his home in Bucklebury, West Berkshire. It was headlined: "Important: You should read this notice carefully." It said that Mrs Durdle owed the company about 3,200 pounds (~$4,200) and went on to say: "You are in breach of condition 15.4(c) of your agreement with PayPal Credit as we have received notice that you are deceased... this breach is not capable of remedy." According to a PayPal staff member, there were three possible explanations for how the letter was sent: a bug, a bad letter template, or human error. PayPal is continuing to work with Mr Durdle and has written off the debt in the meantime.Read Replies (0)
By BeauHD from Slashdot's gotta-collect-em-all department
He Who Has No Name writes: Those who remember Cody Wilson and Defense Distributed -- the self-described cryptoanarchist and his organization that published plans for 3D printable firearm parts, respectively -- also remember that not long after the plans for the printable Liberator single-shot pistol hit the web, the Department of State seized the Defense Distributed website and prohibited Wilson from publishing 3D printable firearm plans, claiming violations of ITAR -- the International Traffic in Arms Regulation, a U.S. law taxing and restricting the distribution of a wide variety of physical goods listed as having military value. Slashdot covered the website seizure here (the Department of Defense was initially misreported in sources to have been the agency responsible).
In both a First and Second Amendment win, the Second Amendment Foundation has settled with the Department of State after suing on behalf of Defense Distributed. Slashdot reader schwit1 shares an excerpt from the report: "Under terms of the settlement, the government has agreed to waive its prior restraint against the plaintiffs, allowing them to freely publish the 3-D files and other information at issue. The government has also agreed to pay a significant portion of the plaintiffs' attorney's fees, and to return $10,000 in State Department registration dues paid by Defense Distributed as a result of the prior restraint. Significantly, the government expressly acknowledges that non-automatic firearms up to .50-caliber -- including modern semi-auto sporting rifles such as the popular AR-15 and similar firearms -- are not inherently military."Read Replies (0)
By BeauHD from Slashdot's don't-mention-it department
Security researcher Patrick Wardle helped Apple fix a bug that would crash apps displaying the word "Taiwan" or the Taiwanese flag emoji. Some iPhones could be remotely crashed by something as simple as receiving a text message with the Taiwanese flag. Apple confirmed the fix in a security update Monday. Wired reports: "Basically Apple added some code to iOS with the goal that phones in China wouldn't display a Taiwanese flag," Wardle says, "and there was a bug in that code." Since at least early 2017, iOS has included that Chinese censorship function: Switch your iPhone's location setting to China, and the Taiwanese flag emoji essentially disappears from your phone, evaporating from its library of emojis and appearing as a "missing" emoji in any text that appears on the screen. That code likely represents a favor from Apple to the Chinese government, which for the last 70 years has maintained that Taiwan is a part of China and has no legitimate independent government.
But Wardle found that in some edge cases, a bug in the Taiwan-censorship code meant that instead of treating the Taiwan emoji as missing from the phone's library, it instead considered it an invalid input. That caused phones to crash altogether, resulting in what hackers call a "denial of service" attack that would let anyone crash a vulnerable device on command. Wardle's still not sure how many devices are affected, or what caused that bug to be triggered only in some iOS devices and not others, but he believes it has something to do with the phone's location and language settings. Wardle has more details of the bug on his blog.Read Replies (0)