By msmash from Slashdot's OMG department
Google has been collecting Android phones' locations even when location services are turned off, and even when there is no carrier SIM card installed on the device, an investigation has found. Keith Collins, reporting for Quartz: Since the beginning of 2017, Android phones have been collecting the addresses of nearby cellular towers -- even when location services are disabled -- and sending that data back to Google. The result is that Google, the unit of Alphabet behind Android, has access to data about individuals' locations and their movements that go far beyond a reasonable consumer expectation of privacy. Quartz observed the data collection occur and contacted Google, which confirmed the practice. The cell tower addresses have been included in information sent to the system Google uses to manage push notifications and messages on Android phones for the past 11 months, according to a Google spokesperson. They were never used or stored, the spokesperson said, and the company is now taking steps to end the practice after being contacted by Quartz. By the end of November, the company said, Android phones will no longer send cell-tower location data to Google, at least as part of this particular service, which consumers cannot disable.Read Replies (0)
By BeauHD from Slashdot's pull-the-reins department
wyattstorch516 writes: The Trump administration is tightening the scrutiny on the H-1B visa program (Warning: paywalled; alternative source). Changes would undo actions by the Obama administration. There are two big regulatory changes looming that would undo actions by the Obama administration. "The first change allowed spouses of H-1B workers the right to work. That regulation is being challenged in court and the Trump administration is expected to eliminate the provision rather than defend it," reports WSJ. "The second change affects the Optional Practical Training program, which allows foreign graduates from U.S. colleges in science and technology an extra two years of work authorization, giving them time to win an H-1B visa. The Trump administration could kill that benefit or reduce the two-year window, according to people familiar with the discussions." The Journal highlights a "series of more modest changes that have added scrutiny to visa processing":
- "USCIS directed last month that adjudicators no longer pay 'deference' to past determinations for renewal applications. This means an applicant's past approval won't carry any weight if he or she applies for a renewal.
- The agency is conducting more applicant interviews, which critics say slows the system. The agency spokesman says this process will ramp up over several years and is needed to detect fraud and make accurate decisions.
- In the spring, the agency suspended premium processing, which allowed for fast-track consideration to those who paid an extra fee. This option wasn't resumed until October, meaning many workers who qualified for a coveted H-1B visa had to wait months for a decision.
< article continued at Slashdot's pull-the-reins department
>Read Replies (0)
By BeauHD from Slashdot's new-and-improved department
In a blog post, Google's Product Manager, Chris Kleban, announced that the company is cutting the price of using Nvidia's Tesla GPUs through its Compute Engine by up to 36 percent. The older K80 GPUs will now cost $0.45 per hour while the more powerful P100 machines will cost $1.46 per minute (all with per-second billing). TechCrunch reports: The company is also dropping the prices for preemptible local SSDs by almost 40 percent. "Preemptible local SSDs" refers to local SSDs attached to Google's preemptible VMs. You can't attach GPUs to preemptible instances, though, so this is a nice little bonus announcement -- but it isn't going to directly benefit GPU users. As for the new GPU pricing, it's clear that Google is aiming this feature at developers who want to run their own machine learning workloads on its cloud, though there also are a number of other applications -- including physical simulations and molecular modeling -- that greatly benefit from the hundreds of cores that are now available on these GPUs. The P100, which is officially still in beta on the Google Cloud Platform, features 3594 cores, for example. Developers can attach up to four P100 and eight K80 dies to each instance. Like regular VMs, GPU users will also receive sustained-use discounts, though most users probably don't keep their GPUs running for a full month.Read Replies (0)
By BeauHD from Slashdot's session-replay-scripts department
An anonymous reader quotes a report from Motherboard: The idea of websites tracking users isn't new, but research from Princeton University released last week indicates that online tracking is far more invasive than most users understand. In the first installment of a series titled "No Boundaries," three researchers from Princeton's Center for Information Technology Policy (CITP) explain how third-party scripts that run on many of the world's most popular websites track your every keystroke and then send that information to a third-party server. Some highly-trafficked sites run software that records every time you click and every word you type. If you go to a website, begin to fill out a form, and then abandon it, every letter you entered in is still recorded, according to the researchers' findings. If you accidentally paste something into a form that was copied to your clipboard, it's also recorded. These scripts, or bits of code that websites run, are called "session replay" scripts. Session replay scripts are used by companies to gain insight into how their customers are using their sites and to identify confusing webpages. But the scripts don't just aggregate general statistics, they record and are capable of playing back individual browsing sessions. The scripts don't run on every page, but are often placed on pages where users input sensitive information, like passwords and medical conditions. Most troubling is that the information session replay scripts collect can't "reasonably be expected to be kept anonymous," according to the researchers.Read Replies (0)
By BeauHD from Slashdot's new-energy-storage department
UCLA researchers have designed a device that can use solar energy to inexpensively and efficiently create and store energy, which could be used to power electronic devices, and to create hydrogen fuel for eco-friendly cars. Phys.Org reports: The device could make hydrogen cars affordable for many more consumers because it produces hydrogen using nickel, iron and cobalt -- elements that are much more abundant and less expensive than the platinum and other precious metals that are currently used to produce hydrogen fuel. Traditional hydrogen fuel cells and supercapacitors have two electrodes: one positive and one negative. The device developed at UCLA has a third electrode that acts as both a supercapacitor, which stores energy, and as a device for splitting water into hydrogen and oxygen, a process called water electrolysis. All three electrodes connect to a single solar cell that serves as the device's power source, and the electrical energy harvested by the solar cell can be stored in one of two ways: electrochemically in the supercapacitor or chemically as hydrogen. The device also is a step forward because it produces hydrogen fuel in an environmentally friendly way. Currently, about 95 percent of hydrogen production worldwide comes from converting fossil fuels such as natural gas into hydrogen -- a process that releases large quantities of carbon dioxide into the air, said Maher El-Kady, a UCLA postdoctoral researcher and a co-author of the research. The technology is described in the journal Energy Storage Materials.Read Replies (0)
By BeauHD from Slashdot's autonomous-control-technology department
Uber agreed to buy 24,000 sport utility vehicles from Volvo to form a fleet of driverless autos. According to Bloomberg, "The XC90s, priced from $46,900 at U.S. dealers, will be delivered from 2019 to 2021 in the first commercial purchase by a ride-hailing provider." Uber will add its own sensors and software to permit pilot-less driving. From the report: Uber's order steps up efforts to replace human drivers, the biggest cost in its on-demand taxi service. The autonomous fleet is small compared with the more than 2 million people who drive for Uber but reflects dedication to the company's strategy of developing self-driving cars. "This new agreement puts us on a path toward mass-produced, self-driving vehicles at scale," Jeff Miller, Uber's head of auto alliances, told Bloomberg News. "The more people working on the problem, we'll get there faster and with better, safer, more reliable systems."Read Replies (0)
By BeauHD from Slashdot's always-listening department
According to Apple firmware gurus Steven Troughton-Smith and Guilherme Rambo, the upcoming iMac Pro will feature an A10 Fusion coprocessor to enable two interesting new features. "The first is the ability for the iMac Pro to feature always-on 'Hey, Siri' voice command support, similar to what's currently available on more recent iPhone devices," reports The Verge. "[T]he bigger implication of the A10 Fusion is for a less user-facing function, with Apple likely to use the coprocessor to enable SecureBoot on the iMac Pro." From the report: In more practical terms, it means that Apple will be using the A10 Fusion chip to handle the initial boot process and confirm that software checks out, before passing things off to the regular x86 Intel processor in your Mac. It's not something that will likely change how you use your computer too much, like the addition of "Hey, Siri" support will, but it's a move toward Apple experimenting with an increased level of control over its software going forward.Read Replies (0)
By BeauHD from Slashdot's always-supported department
An anonymous reader shares a report from Android Police: Google's in-development operating system, named "Fuchsia," first appeared over a year ago. It's quite different from Android and Chrome OS, as it runs on top of the real-time "Magenta" kernel instead of Linux. According to recent code commits, Google is working on Fuchsia OS support for the Swift programming language. If you're not familiar with it, Swift is a programming language developed by Apple, which can be used to create iOS/macOS/tvOS/watchOS applications (it can also compile to Linux). Apple calls it "Objective-C without the C," and on the company's own platforms, it can be mixed with existing C/Objective-C/C++ code (similar to how apps on Android can use both Kotlin and Java in the same codebase). We already know that Fuchsia will support apps written in Dart, a C-like language developed by Google, but it looks like Swift could also be supported. On Swift's GitHub repository, a pull request was created by a Google employee that adds Fuchsia OS support to the compiler. At the time of writing, there are discussions about splitting it into several smaller pull requests to make reviewing the code changes easier.Read Replies (0)
Why Hackers Reuse Malware
Posted by News Fetcher on November 20 '17 at 04:23 PM
By BeauHD from Slashdot's reuse-and-recycle department
Orome1 shares a report from Help Net Security: Software developers love to reuse code wherever possible, and hackers are no exception. While we often think of different malware strains as separate entities, the reality is that most new malware recycles large chunks of source code from existing malware with some changes and additions (possibly taken from other publicly released vulnerabilities and tools). This approach makes sense. Why reinvent the wheel when another author already created a working solution? While code reuse in malware can make signature-based detection methods more effective in certain cases, more often than not it frees up time for attackers to do additional work on detection avoidance and attack efficacy -- which can create a more dangerous final product.
There are multiple reasons why hackers reuse code when developing their own malware. First, it saves time. By copying code wherever possible, malware authors have more time to focus on other areas, like detection avoidance and attribution masking. In some cases, there may be only one way to successfully accomplish a task, such as exploiting a vulnerability. In these instances, code reuse is a no-brainer. Hacker also tend to reuse effective tactics such as social engineering, malicious macros and spear phishing whenever possible simply because they have a high rate of success.Read Replies (0)
By BeauHD from Slashdot's gone-with-the-wind department
An anonymous reader quotes a report from Motherboard: A startup on the Ethereum platform vanished from the internet on Sunday after raising $374,000 USD from investors in an Initial Coin Offering (ICO) fundraiser. Confido is a startup that pitched itself as a blockchain-based app for making payments and tracking shipments. It sold digital tokens to investors over the Ethereum blockchain in an ICO that ran from November 6 to 8. During the token sale, Confido sold people bespoke digital tokens that represent their investment in exchange for ether, Ethereum's digital currency. But on Sunday, the company unceremoniously deleted its Twitter account and took down its website. A company representative posted a brief comment to the company's now-private subforum on Reddit, citing legal problems that prevent the Confido team from continuing their work. The same message was also posted to Medium but quickly deleted.
"Right now, we are in a tight spot, as we are having legal trouble caused by a contract we signed," the message stated (a cached version of the Medium post is viewable). "It is likely that we will be able to find a solution to rectify the situation. However, we cannot assure you with 100% certainty that we will get through this." The message was apparently written by Confido's founder, one Joost van Doorn, who seems to have no internet presence besides a now-removed LinkedIn profile. Even the Confido representative on Reddit doesn't seem to know what's going on, though, posting hours after the initial message, "Look I have absolutely no idea what has happened here. The removal of all of our social media platforms and website has come as a complete surprise to me." Confido tokens had a market cap of $10 million last week, before the company disappeared, but now the tokens are worthless. And investors are crying foul.Read Replies (0)
By msmash from Slashdot's stranger-things department
Steven Troughton-Smith, a prominent iOS developer best known for combing new software codes for references for upcoming features, over the weekend indicated that portrait mode lighting effects, a major feature in the current iPhone generation -- iPhone 8 Plus, and iPhone X, could technically be added to iPhone 7 Plus from last year. The feature works like this: you take a picture, go to the photos app on your new iPhone and play with the "Lighting" effects. He writes: So yeah you just need to hexedit the metadata in the HEIC. Not quite sure where, I copied a whole section from an iPhone X Portrait Mode photo and it worked. Original photo taken on 7 Plus on iOS 11. Someone could automate this. Just to add insult to injury, if you AirDrop that photo back to the iPhone 7 Plus now it shows the Portrait Lighting UI, and lets you change mode. So Portrait Lighting is 100% an artificial software limitation. 7 Plus photos can have it, 7 Plus can do it.Read Replies (0)
By msmash from Slashdot's what's-happening department
From a report: Instacart shoppers and drivers -- the people who gather your groceries and deliver them to you after you order via the Instacart app -- are on strike. While independent contractors can't technically strike, via a Facebook group some of the company's thousands of employees have organized a "no delivery day" in the hopes of getting higher wages, the San Francisco Chronicle reports. The strike is only taking place in a few of the 154 cities nationwide that Instacart operates in. The action may be small, but the grievances are big. While Instacart, the 5-year-old San Francisco startup, is valued at $3.4 billion, it allegedly pays its workers as little as $1 per order. Ars Technica has a great breakdown of all the issues surrounding how Instacart employees get paid and it's complex, with three different income streams coming together Voltron-like to form a wage. The result, though, is that some shoppers are being paid less than the federal minimum wage, like a Jackson, Miss., worker who put in a 19-hour week in Jackson, Mississippi, that paid out $37.75 (roughly $2/hour). That's far below the $14/hour wage that Ars Technica says Instacart is targeting.Read Replies (0)
By msmash from Slashdot's it's-here department
Pete Warden, engineer and CTO of Jetpac, shares his view on how deep learning is already starting to change some of the programming is done. From a blog post, shared by a reader last week: The pattern is that there's an existing software project doing data processing using explicit programming logic, and the team charged with maintaining it find they can replace it with a deep-learning-based solution. I can only point to examples within Alphabet that we've made public, like upgrading search ranking, data center energy usage, language translation, and solving Go, but these aren't rare exceptions internally. What I see is that almost any data processing system with non-trivial logic can be improved significantly by applying modern machine learning. This might sound less than dramatic when put in those terms, but it's a radical change in how we build software. Instead of writing and maintaining intricate, layered tangles of logic, the developer has to become a teacher, a curator of training data and an analyst of results. This is very, very different than the programming I was taught in school, but what gets me most excited is that it should be far more accessible than traditional coding, once the tooling catches up. The essence of the process is providing a lot of examples of inputs, and what you expect for the outputs. This doesn't require the same technical skills as traditional programming, but it does need a deep knowledge of the problem domain. That means motivated users of the software will be able to play much more of a direct role in building it than has ever been possible. In essence, the users are writing their own user stories and feeding them into the machinery to build what they want.Read Replies (0)
By msmash from Slashdot's secret-sauce department
Christopher Mims, writing for the Wall Street Journal: A funny thing is happening to the most basic building blocks of nearly all our devices. Microchips, which are usually thin and flat, are being stacked like pancakes (Editor's note: the link could be paywalled). Chip designers -- now playing with depth, not just length and width -- are discovering a variety of unexpected dividends in performance, power consumption and capabilities. Without this technology, the Apple Watch wouldn't be possible. Nor would the most advanced solid-state memory from Samsung, artificial-intelligence systems from Nvidia and Google, or Sony's crazy-fast next-gen camera. Think of this 3-D stacking as urban planning. Without it, you have sprawl -- microchips spread across circuit boards, getting farther and farther apart as more components are needed. But once you start stacking chips, you get a silicon cityscape, with everything in closer proximity. The advantage is simple physics: When electrons have to travel long distances through copper wires, it takes more power, produces heat and reduces bandwidth. Stacked chips are more efficient, run cooler and communicate across much shorter interconnections at lightning speed, says Greg Yeric, director of future silicon technology for ARM Research, part of microchip design firm ARM.Read Replies (0)