the unofficial Slashdot digest archive

Amazon, Microsoft Are 'Putting World At Risk of Killer AI,' Says Study

Posted by BeauHDView on SlashDotShareable Link
oxide7 shares a report from International Business Times: Amazon, Microsoft and Intel are among leading tech companies putting the world at risk through killer robot development, according to a report that surveyed major players from the sector about their stance on lethal autonomous weapons. Dutch NGO Pax ranked 50 companies by three criteria: whether they were developing technology that could be relevant to deadly AI, whether they were working on related military projects, and if they had committed to abstaining from contributing in the future.

Google, which last year published guiding principles eschewing AI for use in weapons systems, was among seven companies found to be engaging in "best practice" in the analysis that spanned 12 countries, as was Japan's Softbank, best known for its humanoid Pepper robot. Twenty-two companies were of "medium concern," while 21 fell into a "high concern" category, notably Amazon and Microsoft who are both bidding for a $10 billion Pentagon contract to provide the cloud infrastructure for the U.S. military. Others in the "high concern" group include Palantir, a company with roots in a CIA-backed venture capital organization that was awarded an $800 million contract to develop an AI system "that can help soldiers analyze a combat zone in real time." The report noted that Microsoft employees had also voiced their opposition to a U.S. Army contract for an augmented reality headset, HoloLens, that aims at "increasing lethality" on the battlefield.
Stuart Russel, a computer science professor at the University of California, argued it was essential to take the next step in the form of an international ban on lethal AI, that could be summarized as "machines that can decide to kill humans shall not be developed, deployed, or used."

Backdoor Code Found In 11 Ruby Libraries

Posted by BeauHDView on SlashDotShareable Link
Maintainers of the RubyGems package repository have yanked 18 malicious versions of 11 Ruby libraries that contained a backdoor mechanism and were caught inserting code that launched hidden cryptocurrency mining operations inside other people's Ruby projects. ZDNet reports: The malicious code was first discovered yesterday inside four versions of rest-client, an extremely popular Ruby library. According to an analysis by Jan Dintel, a Dutch Ruby developer, the malicious code found in rest-client would collect and send the URL and environment variables of a compromised system to a remote server in Ukraine. "Depending on your set-up this can include credentials of services that you use e.g. database, payment service provider," Dintel said.

The code also contained a backdoor mechanism that allowed the attacker to send a cookie file back to a compromised project, and allow the attacker to execute malicious commands. A subsequent investigation by the RubyGems staff discovered that this mechanism was being abused to insert cryptocurrency mining code. RubyGems staff also uncovered similar code in 10 other projects. All the libraries, except rest-client, were created by taking another fully functional library, adding the malicious code, and then re-uploading it on RubyGems under a new name. All in all, all the 18 malicious library versions only managed to amass 3,584 downloads before being removed from RubyGems.


By thermopile • Score: 4, Insightful • Thread
If only there were a way to determine who made the commits to the code...

Hipster Programmers

By johnsie • Score: 4, Funny • Thread
That will teach all those hipsters who use ruby. Hopefully Node JS will next. Fucking neckbeards.

Whaddaya mean "only"

By Kokuyo • Score: 3 • Thread

Aren't these downloads indicative of 3500 compromised software projects? Wouldn't the amount of "infected" users be much higher if these libraries found their way into GA versions of these projects?

Researchers Are Creepily Close To Predicting When You're Going To Die

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from Ars Technica: If death is in the cards, it may also be in your blood. Measurements of 14 metabolic substances in blood were pretty good at predicting whether people were likely to die in the next five to 10 years. The data was published this week in Nature Communications. A team of researchers led by data scientists in the Netherlands came up with the fateful 14 based on data from 44,168 people, aged 18 to 109. The data included death records and measurements of 226 different substances in blood. Of the 44,168 people, 5,512 died during follow-up periods of nearly 17 years.

The researchers then put their death panel to the test. They used the 14 blood measurements to try to predict deaths in a cohort of 7,603 Finnish people who were surveyed in 1997. Of those Finns, 1,213 died during follow-up. Together, the 14 blood measurements were about 83% accurate at predicting the deaths that occurred within both five years and 10 years. The accuracy dropped to about 72% when predicting deaths for people over 60 years old, though.

Rather than Predicting how about Preventing Death?

By mykepredko • Score: 3 • Thread

In TFA there is a single mention of using the data to "targeted prevention of mortality" but I would have thought that should be the focus on the next steps.

It sounds like there hasn't been a correlation to the markers to the causes of death (which I would think would be pretty easy) and for things like cardio-pulmonary, cancer, diabetes and other diseases causing death then there should be approaches taken to avoid the expected deaths, resulting in longer lives and less expensive (to health care systems) disease treatments.

The Dutch scientists have some useful data, let's see it being used to prevent early deaths.

Obligatory Woody Allen Quote:

By mykepredko • Score: 4, Funny • Thread

"I'm not afraid of dying, I just don't want to be there when it happens."

Re:Rather than Predicting how about Preventing Dea

By phantomfive • Score: 4, Insightful • Thread
Yeah, the headline is misleading. They aren't saying, "We know the exact day when you will die," they are saying, "we measure that you are unhealthy so you will die soon."

And it's not creepy, it's normal.

bullshit - worse than majority classifier

By someoneOtherThanMe • Score: 3 • Thread

Out of 7603 people, 1213 died. So if I just predict "you won't die", I'll be 84 % accurate. And similarly, I'll be less accurate for people over 60.

Found the cause

By dromgodis • Score: 3 • Thread

Of those Finns, 1,213 died during follow-up.

I would really suggest not going to those follow-ups.

Splunk To Buy Cloud-Monitoring Software Maker SignalFx For $1.05 Billion

Posted by BeauHDView on SlashDotShareable Link
Splunk Inc. reached a $1.05 billion deal to buy cloud-monitoring startup SignalFx Inc., a deal that would strengthen the cybersecurity and data-analytics firm's offerings in the fast-growing cloud-computing sector. The Wall Street Journal reports: Founded in 2004, Splunk -- a play on the word "spelunking" -- collects and analyzes data to help companies identify patterns, like customers' beverage preferences, and detect anomalies, say fraud or a cyberattack. Splunk officials told analysts that Splunk has some customer overlap with San Mateo, Calif.-based SignalFx and that the target company's software represents a "top tier asset to the things that matter" to clients. Closely held SignalFx was valued at nearly $500 million after a $75 million funding round that closed in May, according to a Dow Jones VentureSource estimate.

The cash-and-stock deal is expected to close in the second half of Splunk's fiscal year, which ends Jan. 31. San Francisco-based Splunk, which went public in 2012 and carries a nearly $1.5 billion deficit, said it would be able to absorb the added operating costs from the deal. Splunk has been increasing its cloud business, which accounted for 25% of revenues in the July quarter and is expected to represent half of operations over the next few years, company officials said.

Google Postpones Shutdown of Hangouts For G Suite Users

Posted by BeauHDView on SlashDotShareable Link
Google will let G Suite customers continue to use Hangouts until next year, delaying a shutdown of the service that was supposed to begin in October. Hangouts will now stay around for business customers until at least next June. The Verge reports: The shutdown will move customers of Google's business-focused G Suite subscription over to a pair of new chat services: Hangouts Chat, a Slack competitor; and Hangouts Meet, a video conferencing service. While the services generally include the same functionality (and more), people are pretty used to Hangouts, and Google says it's heard from companies' IT teams that they'd "like more time to migrate [their] organizations from classic Hangouts to Hangouts Chat."

Google says it now plans to start transitioning all G Suite users over to the new services by the end of next year. To make the transition easier, Google says it's going to work on adding more features to classic Hangouts. Right now, classic Hangouts users can only directly message a Hangouts Chat user. In the future, Google suggests that classic users may be able to view or participate in group chats, too.

About to give up on Google...

By bogaboga • Score: 3 • Thread

Google's services are too much of a moving target that one wonders what service will be shuttered next.

No wonder they can't get messaging right despite having the "best engineers" anyone can have.

I am about to throw in the towel...what was the reason they fronted for this change in the first place?

Re:About to give up on Google...

By loufoque • Score: 5, Insightful • Thread

For chat specifically, they were initially building things of top of open-source technology, namely Jabber, in an effort called Google Talk.
They extended Jabber with their own voice and video protocol.
They provided the best Jabber platform in the world with interoperability with all other Jabber networks.

Then at some point they decided to close down their gateways and close down their network to just GTalk users.
Then they decided to just scrap GTalk and rewrite everything as Hangouts. Building tech based on open-source wasn't in line with Google's culture anymore, so they had to rewrite it with Google's internal stack. It was shit for a while but eventually Hangouts ended up being pretty decent.

Then, for some stupid reasons, they started trying to re-invent their apps thinking they were providing the wrong functionality limiting how wide of an audience they can reach. After all, new apps keep popping up and getting large market share, often larger than Google.
So they kept on releasing more crap: Duo (Facetime rip-off), Allo (Whatsapp rip-off), Hangout Meet (Zoom rip-off), Hangout Chat (Slack rip-off)... Even though they had a unified superior solution all along.

Now someone has decided Hangouts isn't needed anymore and that people should be usong their flavour-of-the-month crap instead. I think it's time to say goodbye to Google.

California High School In Silicon Valley Is Locking Up Students' Cellphones

Posted by BeauHDView on SlashDotShareable Link
San Mateo High School administrators have instituted a new policy to lock up students' cellphones. "Each school day, nearly 1,700 students place their devices in a Yondr pouch that closes with a proprietary lock," reports NBC News. "School administrators unlock them at the end of the day." The goal is to help students focus on the teacher and other students. From the report: While administrators and teachers say they have already noticed a positive effect on students, the policy has elicited mixed reactions from researchers who argue its long-term effectiveness. Devices remain in the student's possession, but they aren't able to access them, the school said. The program was funded with a $20,000 grant. The pouches have been assigned to students at no cost, but losing one will cost the high-schoolers a $25 replacement fee.

Some technology experts feel the new policy is a step in the right direction and will curb distraction in the classroom. "Taking cellphones out of the classroom is a no-brainer," said Calvin Newport, a professor of computer science at Georgetown University. Students tend to perform worse when they have access to network connectivity in the classroom, he said. "The ability to be free of distraction and concentrate on things is increasingly valuable, so it's a good general function of our schools to be a place where our students get trained to keeping their concentration on one thing at a time," he added.

While many researchers have focused on the benefits of cutting out devices from the classroom, others worry about taking away something young people depend on. Larry Rosen, a research psychologist at California State University, said young people constantly check their phones to alleviate anxiety. They are anxious about staying on top of things, and that anxiety will build up if they are forced to ditch the devices cold turkey, he added. Taking away phones doesn't work for everyone, he argues. Instead, he believes "technology breaks" are a much happier medium.

Re:yup lawsuit locked and loaded

By markdavis • Score: 5, Interesting • Thread

>"Believe it or not, kids didn't die in mass numbers at school before phones... twenty years ago."

Really. How the hell did I, and millions like me, survive going through all of school without a cell phone? There is *no way* that we would have been allowed such a distraction in classrooms back then, regardless of what type of distraction it was.

And this excuse about it "alleviating anxiety", give me a break- it is what CAUSES anxiety in the first place. I, for one, completely support the idea of locking them.

Re:yup lawsuit locked and loaded

By CrankyFool • Score: 4, Informative • Thread
Sorry, cite? I'm too lazy to pull just school stats, but according to as of 7/31/2019 246 people in the US died of mass shootings (not just in schools), so presumably fewer than that would have died in school shootings. According to, as of about the same time last year -- 7/27/2018 -- 2372 servicepeople died in Afghanistan and according to as of a year earlier about 4424 servicepeople died in Iraq, for a combined total of 6796. The number is likely higher now -- remember, the cites above are a year old and two years old -- but it doesn't need to be because it's literally more than an order of magnitude than the worst numbers you could point to for mass shootings in 2019


By VeryFluffyBunny • Score: 3 • Thread
It's a sorry state of affairs when we have to defend ourselves against criticisms for removing majorly disruptive distractions in classrooms. Big tech has spent decades & $billions brainwashing us into putting all our time & energy into little screens on our phones.

Every school needs this

By OrangeTide • Score: 3 • Thread

Too many grown adults lack the willpower to put their dopamine phone away. What chance does an emotionally undeveloped child's brain have against a flashing gizmo that is the center of their social connection to their peers?

Kids are sheep if this doesn't happen

By AlanObject • Score: 3 • Thread

Any kid I ever met would be bright enough to bring their old cell phone to be locked up, and the take their current phone in their pocket in silent mode.

The problem isn't cell phones. The problem is assholes with cell phones and the over-needy with cell phones.

Waymo Releases a Self-Driving Open Data Set For Free Use By Research Community

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from TechCrunch: Waymo is opening up its significant stores of autonomous driving data with a new Open Data Set it's making available for the purposes of research. The data set isn't for commercial use, but its definition of "research" is fairly broad, and includes researchers at other companies as well as academics. The data set is "one of the largest, riches and most diverse self-driving data sets ever released for research," according to Waymo principal scientist and head of Research, Drago Anguelov, who was at both Zoox and Google prior to joining Waymo last year. Anguelov said in a briefing that the reason he initiated the push to make this data available is that Waymo and several other companies working in the field are "currently hampered by the lack of suitable data sets."

The Waymo Open Data set tries to fill in some of these gaps for their research peers by providing data collected from 1,000 driving segments done by its autonomous vehicles on roads, with each segment representing 20 seconds of continuous driving. It includes driving done in Phoenix, Ariz.; Kirkland, Wash.; Mountain View, Calif.; and San Francisco, Calif., and offering a range of different driving conditions, including at night, during rain, at dusk and more. The segments include data collected from five of Waymo's own proprietary lidars, as well as five standard cameras that face front and to the sides, providing a 360-degree view captured in high resolution, as well as synchronization Waymo uses to fuse lidar and imaging data. Objects, including vehicles, pedestrians, cyclists and signage is all labeled.
"We decided to contribute our part to make, ultimately, researchers in academia ask the right questions -- and for that, they need the right data," Anguelov said. "And I think this will help everyone in the field; it is not an admission in any way that we have problems solving these issues. But there is always room for improvement in terms of efficiency, scaleability, amount of labels to need. It's a developing field. Mostly we're trying to get others into thinking about our problems and working with us, as opposed to doing work that's potentially not so impactful, given the current state of things."

DoorDash Still Pockets Workers' Tips Almost a Month After It Promised To Stop

Posted by BeauHDView on SlashDotShareable Link
DoorDash, the leading food delivery app in the U.S., is still pocketing workers' tips, despite announcing last month that it would stop the practice and change its tipping policies. The announcement was made after a report from The New York Times highlighted how the company uses tips to make up the worker's base pay -- essentially stealing the money you're trying to give someone to maximize their profits. Vox reports: At the time, CEO Tony Xu announced in a series of tweets that DoorDash would institute a new model to ensure workers' earnings would "increase by the exact amount a customer tips on every order." Xu promised to provide "specific details in the coming days." The next day, Xu sent out a note to DoorDash workers, broadly outlining changes and letting them know âoewhat to expect in the days ahead."

But 27 days later, current DoorDash workers tell Recode that the company's pay and tipping policies have stayed the same. The company has not made any public statements about its worker pay and how it plans to institute the changes, nor has it offered a specific date when it will fulfill its promise. A spokesperson declined to comment about the company's plans to change its tipping policy.
Soon after DoorDash's years-long tipping scheme was mentioned in the NYT's report, a class-action lawsuit was filed against the company for misleading its customers about how their tips were used. The lawsuit, filed at the end of July, claims that DoorDash failed to make clear to its customers that tips they gave through its app to couriers were not being allocated as they were intended to be, and that had customers known this, they would not have tipped through the app.


By Your.Master • Score: 5, Interesting • Thread

The part that's different is they actually advertise that this tip goes 100% to the driver. They argue that this is technically true -- 100% of your tip goes to the driver, and *exactly* that much less goes from doordash to the driver. However, that's clearly misleading bullshit and I'd argue it's not even technically true: money is fungible and the credit card payment I made went to Doordash. If Doordash gives their driver exactly the same amount of money as if I hadn't tipped, then there is no sense at all in which the tip went to the driver.

If Doordash said "the driver sees probably $0 of this money", which is literally true, then it would be a more honest arrangement -- and they'd likely get a lot less of those tips.

Jira backlog

By phantomfive • Score: 3 • Thread
Marked: in the queue, not a priority

Simple solution - Tip with cash

By prochefort • Score: 4, Insightful • Thread

Yes, it's ore trouble but at least, you know where the tip will go. If enough people stop tipping using the app, upper management might clue in and realize that their greediness has been exposed and needs to stop.


By Greyfox • Score: 3 • Thread
I guess it's back to going out. That means I have to put pants on again. I hate that! But at least I'll be able to get a drink with dinner.

Two solutions:

By forty-2 • Score: 5, Interesting • Thread

1) Tip in cash. Everywhere. Restaurants, Cabs, Deliveries... whatever. It's the only way to be sure your money is going where you think.
2) Every once in a while, lets just kill a few a few of these shifty CEOs. Make it gruesome & public; put some real fear into the rest of these psychopaths.

Google DeepMind Co-Founder Placed On Leave From AI Lab

Posted by BeauHDView on SlashDotShareable Link
Mustafa Suleyman, the co-founder of Google's high-profile AI lab DeepMind, has been placed on leave after controversy over some of the projects he led. Bloomberg reports: Mustafa Suleyman runs DeepMind's "applied" division, which seeks practical uses for the lab's research in health, energy and other fields. Suleyman is also a key public face for DeepMind, speaking to officials and at events about the promise of AI and the ethical guardrails needed to limit malicious use of the technology. "Mustafa is taking time out right now after 10 hectic years," a DeepMind spokeswoman said. She didn't say why he was put on leave.

He founded DeepMind in 2010 alongside current Chief Executive Officer Demis Hassabis. Four years later, Google bought DeepMind for 400 million pounds (currently $486 million), an ambitious bet on the potential of AI that set off an expensive race in Silicon Valley for specialists in the field. DeepMind soon began working on health-care research, eventually creating a division dedicated to the area. Suleyman, nicknamed "Moose" and whose mother was a nurse, led the development of the DeepMind Health team, building it into a 100-person unit.

now, without paywall

By nicolaiplum • Score: 5, Informative • Thread

Come on, let's have some sources that aren't paywalled. Editors, stop slacking. Here they are:

Meanwhile, The Economists's 1843 magazine has an in-depth article about Deepmind, including its connections with Peter Thiel and uber-nerd fashionable transhumanism and "singularity", and the conflicts of interest and ethics over any future artificial general intelligence:

Good old mom

By rjstanford • Score: 3 • Thread

and whose mother was a nurse

What exactly does this have to do with the story? Is it supporting it somehow that I'm just not seeing?

Moscow's Blockchain Voting System Cracked a Month Before Election

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from ZDNet: A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for the 2019 Moscow City Duma election. Pierrick Gaudry, an academic at Lorraine University and a researcher for INRIA, the French research institute for digital sciences, found that he could compute the voting system's private keys based on its public keys. This private keys are used together with the public keys to encrypt user votes cast in the election. Gaudry blamed the issue on Russian officials using a variant of the ElGamal encryption scheme that used encryption key sizes that were too small to be secure. This meant that modern computers could break the encryption scheme within minutes.

What an attacker can do with these encryption keys is currently unknown, since the voting system's protocols weren't yet available in English, so Gaudry couldn't investigate further. "Without having read the protocol, it is hard to tell precisely the consequences, because, although we believe that this weak encryption scheme is used to encrypt the ballots, it is unclear how easy it is for an attacker to have the correspondence between the ballots and the voters," the French researcher said. "In the worst case scenario, the votes of all the voters using this system would be revealed to anyone as soon as they cast their vote."
The Moscow Department of Information Technology promised to fix the reported issue. "We absolutely agree that 256x3 private key length is not secure enough," a spokesperson said in an online response. "This implementation was used only in a trial period. In few days the key's length will be changed to 1024."

However, a public key of a length of 1024 bits may not be enough, according to Gaudry, who believes officials should use one of at least 2048 bits instead.

Worst case?

By Daetrin • Score: 5, Insightful • Thread
"In the worst case scenario, the votes of all the voters using this system would be revealed to anyone as soon as they cast their vote."

I'm guessing he means the worst case scenario given this particular vulnerability? Because the general worst case scenario for a compromised voting system is being able to change the results without that change being detected.

Feature, not bug

By weilawei • Score: 3 • Thread

$ Filter error: You can type more than that for your comment.

Re:But Blockchain will change the world!

By geekoid • Score: 4, Informative • Thread

well, it's the key length that was the actual problem, not 'blockchain'. per se.

Re:Worst case?

By Sarten-X • Score: 5, Interesting • Thread

...the general worst case scenario for a compromised voting system is being able to change the results...

I'll respectfully disagree. In my opinion, the worst outcome is that people can be persecuted for their votes. By being able to associate voters with their choices, an unscrupulous candidate can ensure that his opponent's supporters will not defy him again, with varying amounts of force from "intimidation" to "elimination".

An illegitimate result can be identified with decent accuracy through statistical analysis. It's much more difficult to identify a result that is legitimate, but coerced.


By Mike Van Pelt • Score: 3 • Thread


Wear gloves.

Flaws in Cellphone Evidence Prompt Review of 10,000 Verdicts in Denmark

Posted by msmashView on SlashDotShareable Link
The authorities in Denmark say they plan to review over 10,000 court verdicts because of errors in cellphone tracking data offered as evidence. From a report: The country's director of public prosecutions on Monday also ordered a two-month halt in prosecutors' use of cellphone data in criminal cases while the flaws and their potential consequences are investigated. "It's shaking our trust in the legal system," Justice Minister Nick Haekkerup said in a statement. The first error was found in an I.T. system that converts phone companies' raw data into evidence that the police and prosecutors can use to place a person at the scene of a crime. During the conversions, the system omitted some data, creating a less-detailed image of a cellphone's whereabouts. The error was fixed in March after the national police discovered it. In a second problem, some cellphone tracking data linked phones to the wrong cellphone towers, potentially connecting innocent people to crime scenes, said Jan Reckendorff, the director of public prosecutions.

"It's a very, very serious case," Mr. Reckendorff told Denmark's state broadcaster. "We cannot live with incorrect information sending people to prison." The authorities said that the problems stemmed partly from police I.T. systems and partly from the phone companies' systems, although a telecom industry representative said he could not understand how phone companies could have caused the errors. The national police determined that the flaws applied to 10,700 court cases dating to 2012, but it is unclear whether the faulty data was a decisive factor in any verdicts. The justice minister set up a steering group to track the extent of the legal problems they may have caused and to monitor the reviews of cases that may have been affected.

Saw this coming

By 93 Escort Wagon • Score: 4, Insightful • Thread

See, now if the Danes had just accepted Mr. Trump's generous offer to buy Greenland, they could've afforded more staff and reviewed this data properly the first time - rather than embarrassingly having to publicly backtrack like this.

Intel, Google, Microsoft, and Others Launch Confidential Computing Consortium for Data Security

Posted by msmashView on SlashDotShareable Link
Major tech companies including Alibaba, Arm, Baidu, IBM, Intel, Google Cloud, Microsoft, and Red Hat today announced intent to form the Confidential Computing Consortium to improve security for data in use. From a report: Established by the Linux Foundation, the organization plans to bring together hardware vendors, developers, open source experts, and others to promote the use of confidential computing, advance common open source standards, and better protect data. "Confidential computing focuses on securing data in use. Current approaches to securing data often address data at rest (storage) and in transit (network), but encrypting data in use is possibly the most challenging step to providing a fully encrypted lifecycle for sensitive data," the Linux Foundation said today in a joint statement. "Confidential computing will enable encrypted data to be processed in memory without exposing it to the rest of the system and reduce exposure for sensitive data and provide greater control and transparency for users."

The consortium also said the group was formed because confidential computing will become more important as more enterprise organizations move between different compute environments like the public cloud, on-premises servers, or the edge. To get things started, companies made a series of open source project contributions including Intel Software Guard Extension (SGX), an SDK for code protection at the hardware layer.


By divide overflow • Score: 4, Funny • Thread
It's not a confidential "Computing Consortium," it's a "Confidential Computing" consortium." It's the computing that's confidential, not the consortium.


By BeerMilkshake • Score: 4, Insightful • Thread

Talk about putting the foxes in charge of the hen house. All these sponsors have such a spotty record on privacy, and all have a revenue stream that depends on stealing and selling your personal data. So I'm sure they'll collectively sort this one out for us, sure they will.

It's all about DRM

By Myria • Score: 3 • Thread

The primary use of this stuff, just like Intel's SGX enclaves, is keeping media encrypted during playback. There are not very many other uses of it that are actually cared about.

Fully homomorphic encryption

By katz • Score: 3 • Thread

“Confidential computing focuses on securing data in use. Current approaches to securing data often address data at rest (storage) and in transit (network), but encrypting data in use is possibly the most challenging step to providing a fully encrypted lifecycle for sensitive data,” the Linux Foundation said today in a joint statement."

I hope their platform incorporates, or at least addresses, the concept of fully homomorphic encryption. In my mind this would be the gold standard for implementing such a "fully encrypted lifecycle".


Ask Slashdot: Should Microsoft Make an Xbox Phone?

Posted by msmashView on SlashDotShareable Link
dvda247 writes: Since there's the Nintendo Switch and previously there was the Sony PSP (Playstation Portable), should Microsoft make an Xbox Phone? There are already 'gaming phones' like the ASUS ROG Phone 2, but should Microsoft jump back into the smartphone game to make a phone running Android that is focused primarily on playing Xbox One games? Xbox Game Pass and Xbox Play Anywhere would be huge selling points to make an Xbox Phone. What are your thoughts?

Not Android

By guruevi • Score: 3 • Thread

We have plenty of phones with all sorts of hardware with Android but people aren't buying it for gaming. Android is a sh*tty interface for anything and has a poor ABI for optimizing games.

If you want a gaming platform go the way of Steam Box or nVidia Shield with good hardware and Linux or Windows. Apple's stuff is working for a lot of people due to Metal and conformity between TV and Mobile so games are easy to port and have usable, uniform experiences.

Trying to diversify both hardware and software for mobile and casual gaming between x86 Windows and PowerPC or custom AMD chip XBox and ARM Android is a poor idea.

Yes... but a Windows Phone

By DogDude • Score: 3 • Thread
I'm actively using a Windows Phone today. I think it's a great phone OS, and I think they should try again. And no, I don't play any games on my phone. That seems kinda' dumb.


By JustAnotherOldGuy • Score: 3 • Thread


- Dr Evil in Goldmember

Another fucking Microsoft phone? No thanks, I'll pass.

XBox Play Anywhere?

By Tolkien • Score: 3 • Thread

Is that anything like Plays For Sure?

Make a Win32 phone

By trawg • Score: 3 • Thread

I was wondering the other day if it would be possible for MS to just say fuckit and make a win32 phone. My current laptop is about 7 years old and has 4GB of RAM and still works perfectly for tons of stuff - I feel like I see phones with better specs these days, and I was wondering how far away we are from something that can run win32 natively.

I am not a big MS person but I would be kinda interested in a portable phone (even if it was a bigger fatter phone, like a Samsung Note thing) if I could plug it into a monitor and keyboard and have my Windows desktop and core applications available.

I am sure there are tons of technical reasons why they can't do this (IIRC they kinda tried something this with Windows RT on ARM and that seemed to be useless?) but I'd love to see a 3rd serious player in the ecosystem & throwing in the decades of win32 software and knowledge out there would be a great way to boostrap it.

Researcher Publishes Second Steam Zero Day After Getting Banned on Valve's Bug Bounty Program

Posted by msmashView on SlashDotShareable Link
A Russian security researcher has published details about a zero-day in the Steam gaming client. This is the second Steam zero-day the researcher has made public in the past two weeks. From a report: However, while the security researcher reported the first one to Valve and tried to have it fixed before public disclosure, he said he couldn't do the same with the second because the company banned him from submitting further bug reports via its public bug bounty program on the HackerOne platform. The entire chain of events behind the public disclosure of these two zero-days has caused quite a drama and discussions in the infosec community. All the negative comments have been aimed at Valve and the HackerOne staff, with both being accused of unprofessional behavior. Security researchers and regular Steam users alike are mad because Valve refused to acknowledge the reported issue as a security flaw, and declined to patch it.

Re:Ha! Own it.

By geekmux • Score: 4, Insightful • Thread

Never blame the bug hunter. The bug hunter is under no obligation to "act professionally" just because your company sucks at it's job. They could have sold and exploited the bug for profit but instead they are doing what was supposed to be your company's job.

Valve is at fault here for banning them and has no room to complain for getting bit when they did Valve's job for them.

More to the point Valve really needs to grasp the fact that those who actually use their bug bounty program ARE acting professionally.

If they were acting unprofessionally, then Valve would have learned about multiple zero-day attacks the hard way.

Re: Ha! Own it.

By OrangeTide • Score: 4, Funny • Thread

Every bug reporter should open up roughly as follows:

Well, don't want to sound like a dick or nothin', but, ah... it says on your chart that you're fucked up. Ah, you talk like a fag, and your shit's all retarded.

Steam Users?

By Luthair • Score: 3 • Thread
That part seems like editorializing to me, I doubt many people who aren't in the security community have even heard of the problem.

Fake bounty program

By mysidia • Score: 5, Insightful • Thread

Don't blame the researchers when they try and report bugs they found doing your work -- in order to collect bounty.

Unless they have ALREADY tried to collect bounty on an exploit they ALREADY
disclosed or sold, or an actually fake issue: then "banning" them from the program basically just means
your program was fake in the first place -- they are deserving payout, and you're stingy, and want to try and restrict and not honor your bounties to researchers who are doing a service to you.

If they then respond to not getting paid AND getting banned, and they then publicly release their exploit you know about
PLUS some other ones they hadn't reported yet, then thats just your comeuppance for running a fake bounty program.

In fact... that switching to full disclose everything is a PROFESSIONAL response -- "Limited disclosure" after alerting the vendor and witholding the exploit until after its patched is an optional courtesy, often only secured by offering and timely paying bounty to researchers who report the issues, not a right or reasonable expectation. A less professional response would be for them to Sell their exploits and research findings off to your competitors Or more shady operations who may be interested in utilizing some of the exploits for their own advantage against the software maker or their customers, for top dollar.

Re:Valve deserves all the bad publicity

By hairyfeet • Score: 5, Interesting • Thread

Its probably because many remember what PC DRM was like before. You know how many CD and DVD burners I had to replace at the shop because DRM (I can't remember if it was Starfuck or SecuSuck, one of the two) would burn them out? A ton. You get systems that wouldn't boot cause the kernel got shit on by the DRM, drives burning up because the DRM would lock them into PIO mode, it was a clusterfuck from hell.

I still have a ton of my game discs from that time but I ended up re-buying all the games on either Steam or GOG just so I wouldn't have to risk borking up my gaming PC with their shit stain DRM and that is of course if it even ran, many times the DRM would just plain leave a game unable to be played especially if on a newer OS than what it was coded for.

So say what you will about services like Steam, Origin, UPlay, or Epic but I've never had one of them make my PC unbootable or spent hours trying to track down why my PC was crashing because of them. When I launch a game from one of those services it doesn't matter when the game was made, what year the DRM was coded, or whether I'm running a 32 bit or 64 bit OS, my game just plays which at the end of the day is all I want the damn thing to do.

Would I rather have all my games DRM free? Of course that is why I buy from GOG whenever possible, but there is a ton of games I want to play that GOG doesn't have so if its the choice of a service like Steam or each company making their own badly coded POS DRM? I'll take the service, thanks. I just can't wait until GOG Galaxy is out so I can have it all controlled by one single launcher that takes care of everything, that is gonna be so damn nice.

Microsoft Contractors Listened To Xbox Owners in Their Homes

Posted by msmashView on SlashDotShareable Link
Contractors working for Microsoft have listened to audio of Xbox users speaking in their homes in order to improve the console's voice command features, Motherboard has learned. From a report: The audio was supposed to be captured following a voice command like "Xbox" or "Hey Cortana," but contractors said that recordings were sometimes triggered and recorded by mistake. The news is the latest in a string of revelations that show contractors working on behalf of Microsoft listen to audio captured by several of its products. Motherboard previously reported that human contractors were listening to some Skype calls as well as audio recorded by Cortana, Microsoft's Siri-like virtual assistant.

"Xbox commands came up first as a bit of an outlier and then became about half of what we did before becoming most of what we did," one former contractor who worked on behalf of Microsoft told Motherboard. Motherboard granted multiple sources in this story anonymity as they had signed non-disclosure agreements. The former contractor said they worked on Xbox audio data from 2014 to 2015, before Cortana was implemented into the console in 2016. When it launched in November 2013, the Xbox One had the capability to be controlled via voice commands with the Kinect system.


By rtkluttz • Score: 5, Insightful • Thread

Cloud anything can just fuck right on outta here. If you aren't the sole entity in control of your devices, then you don't understand the issue.

fix the laws so they can't use Contractors / sub's

By Joe_Dragon • Score: 3 • Thread

fix the laws so they can't use Contractors / sub's to get away with stuff.

There are plenty of cloudless solutions

By mrwireless • Score: 4, Informative • Thread

I have no link to the company whatsoever, but for the past few weeks I've been working with Snips. It's a French startup that makes a fully open source cloudless voice product which is designed to run on a Raspberry Pi 3. I must say I'm pleasantly surprised by how well it works.

MyCroft is another open source option that I've tried. It works too, but Snips was more serious about being cloudless.

The point being: for 80% of the voice control functionality people want in their smart homes a cloud connection really is not required. Obviously it's difficult to search Wikipedia without an internet connection. But to turn things on and off or set an egg timer, well, that feels like a solved problem.

No way! Spying??!! They'd NEVER!

By BringsApples • Score: 4, Insightful • Thread

They told me, 5 years ago, that I was crazy for saying that this was happening. What next, I'm right about the Earth being a globe?? I guess after that, it'll come out that politicians don't do any actual work for a living, and that the entirety of our society is held together by interns that work for free. ...whatever

Dear Microsoft....

By Radical Moderate • Score: 4, Funny • Thread
When we said you need to listen to your customers, this isn't exactly what we meant.