Amazon, Microsoft Are 'Putting World At Risk of Killer AI,' Says Study
oxide7 shares a report from International Business Times:
Amazon, Microsoft and Intel are among leading tech companies putting the world at risk through killer robot development, according to a report that surveyed major players from the sector about their stance on lethal autonomous weapons. Dutch NGO Pax ranked 50 companies by three criteria: whether they were developing technology that could be relevant to deadly AI, whether they were working on related military projects, and if they had committed to abstaining from contributing in the future.
Google, which last year published guiding principles eschewing AI for use in weapons systems, was among seven companies found to be engaging in "best practice" in the analysis that spanned 12 countries, as was Japan's Softbank, best known for its humanoid Pepper robot. Twenty-two companies were of "medium concern," while 21 fell into a "high concern" category, notably Amazon and Microsoft who are both bidding for a $10 billion Pentagon contract to provide the cloud infrastructure for the U.S. military. Others in the "high concern" group include Palantir, a company with roots in a CIA-backed venture capital organization that was awarded an $800 million contract to develop an AI system "that can help soldiers analyze a combat zone in real time." The report noted that Microsoft employees had also voiced their opposition to a U.S. Army contract for an augmented reality headset, HoloLens, that aims at "increasing lethality" on the battlefield. Stuart Russel, a computer science professor at the University of California, argued it was essential to take the next step in the form of an international ban on lethal AI, that could be summarized as "machines that can decide to kill humans shall not be developed, deployed, or used."
Backdoor Code Found In 11 Ruby Libraries
Maintainers of the RubyGems package repository
have yanked 18 malicious versions of 11 Ruby libraries that contained a backdoor mechanism and were caught inserting code that launched hidden cryptocurrency mining operations inside other people's Ruby projects. ZDNet reports:
The malicious code was first discovered yesterday inside four versions of rest-client, an extremely popular Ruby library. According to an analysis by Jan Dintel, a Dutch Ruby developer, the malicious code found in rest-client would collect and send the URL and environment variables of a compromised system to a remote server in Ukraine. "Depending on your set-up this can include credentials of services that you use e.g. database, payment service provider," Dintel said.
The code also contained a backdoor mechanism that allowed the attacker to send a cookie file back to a compromised project, and allow the attacker to execute malicious commands. A subsequent investigation by the RubyGems staff discovered that this mechanism was being abused to insert cryptocurrency mining code. RubyGems staff also uncovered similar code in 10 other projects. All the libraries, except rest-client, were created by taking another fully functional library, adding the malicious code, and then re-uploading it on RubyGems under a new name. All in all, all the 18 malicious library versions only managed to amass 3,584 downloads before being removed from RubyGems.
Researchers Are Creepily Close To Predicting When You're Going To Die
An anonymous reader quotes a report from Ars Technica:
If death is in the cards, it may also be in your blood. Measurements of 14 metabolic substances in blood were pretty good at predicting whether people were likely to die in the next five to 10 years. The data was published this week in Nature Communications. A team of researchers led by data scientists in the Netherlands came up with the fateful 14 based on data from 44,168 people, aged 18 to 109. The data included death records and measurements of 226 different substances in blood. Of the 44,168 people, 5,512 died during follow-up periods of nearly 17 years.
The researchers then put their death panel to the test. They used the 14 blood measurements to try to predict deaths in a cohort of 7,603 Finnish people who were surveyed in 1997. Of those Finns, 1,213 died during follow-up. Together, the 14 blood measurements were about 83% accurate at predicting the deaths that occurred within both five years and 10 years. The accuracy dropped to about 72% when predicting deaths for people over 60 years old, though.
Splunk To Buy Cloud-Monitoring Software Maker SignalFx For $1.05 Billion
Splunk Inc.
reached a $1.05 billion deal to buy cloud-monitoring startup SignalFx Inc., a deal that would strengthen the cybersecurity and data-analytics firm's offerings in the fast-growing cloud-computing sector. The Wall Street Journal reports:
Founded in 2004, Splunk -- a play on the word "spelunking" -- collects and analyzes data to help companies identify patterns, like customers' beverage preferences, and detect anomalies, say fraud or a cyberattack. Splunk officials told analysts that Splunk has some customer overlap with San Mateo, Calif.-based SignalFx and that the target company's software represents a "top tier asset to the things that matter" to clients. Closely held SignalFx was valued at nearly $500 million after a $75 million funding round that closed in May, according to a Dow Jones VentureSource estimate.
The cash-and-stock deal is expected to close in the second half of Splunk's fiscal year, which ends Jan. 31. San Francisco-based Splunk, which went public in 2012 and carries a nearly $1.5 billion deficit, said it would be able to absorb the added operating costs from the deal. Splunk has been increasing its cloud business, which accounted for 25% of revenues in the July quarter and is expected to represent half of operations over the next few years, company officials said.
Google Postpones Shutdown of Hangouts For G Suite Users
Google will let G Suite customers continue to use Hangouts until next year,
delaying a shutdown of the service that was supposed to begin in October. Hangouts will now stay around for business customers
until at least next June. The Verge reports:
The shutdown will move customers of Google's business-focused G Suite subscription over to a pair of new chat services: Hangouts Chat, a Slack competitor; and Hangouts Meet, a video conferencing service. While the services generally include the same functionality (and more), people are pretty used to Hangouts, and Google says it's heard from companies' IT teams that they'd "like more time to migrate [their] organizations from classic Hangouts to Hangouts Chat."
Google says it now plans to start transitioning all G Suite users over to the new services by the end of next year. To make the transition easier, Google says it's going to work on adding more features to classic Hangouts. Right now, classic Hangouts users can only directly message a Hangouts Chat user. In the future, Google suggests that classic users may be able to view or participate in group chats, too.
California High School In Silicon Valley Is Locking Up Students' Cellphones
San Mateo High School administrators
have instituted a new policy to lock up students' cellphones. "Each school day, nearly 1,700 students place their devices in a
Yondr pouch that closes with a proprietary lock," reports NBC News. "School administrators unlock them at the end of the day." The goal is to help students focus on the teacher and other students. From the report:
While administrators and teachers say they have already noticed a positive effect on students, the policy has elicited mixed reactions from researchers who argue its long-term effectiveness. Devices remain in the student's possession, but they aren't able to access them, the school said. The program was funded with a $20,000 grant. The pouches have been assigned to students at no cost, but losing one will cost the high-schoolers a $25 replacement fee.
Some technology experts feel the new policy is a step in the right direction and will curb distraction in the classroom. "Taking cellphones out of the classroom is a no-brainer," said Calvin Newport, a professor of computer science at Georgetown University. Students tend to perform worse when they have access to network connectivity in the classroom, he said. "The ability to be free of distraction and concentrate on things is increasingly valuable, so it's a good general function of our schools to be a place where our students get trained to keeping their concentration on one thing at a time," he added.
While many researchers have focused on the benefits of cutting out devices from the classroom, others worry about taking away something young people depend on. Larry Rosen, a research psychologist at California State University, said young people constantly check their phones to alleviate anxiety. They are anxious about staying on top of things, and that anxiety will build up if they are forced to ditch the devices cold turkey, he added. Taking away phones doesn't work for everyone, he argues. Instead, he believes "technology breaks" are a much happier medium.
Waymo Releases a Self-Driving Open Data Set For Free Use By Research Community
An anonymous reader quotes a report from TechCrunch:
Waymo is opening up its significant stores of autonomous driving data with a new Open Data Set it's making available for the purposes of research. The data set isn't for commercial use, but its definition of "research" is fairly broad, and includes researchers at other companies as well as academics. The data set is "one of the largest, riches and most diverse self-driving data sets ever released for research," according to Waymo principal scientist and head of Research, Drago Anguelov, who was at both Zoox and Google prior to joining Waymo last year. Anguelov said in a briefing that the reason he initiated the push to make this data available is that Waymo and several other companies working in the field are "currently hampered by the lack of suitable data sets."
The Waymo Open Data set tries to fill in some of these gaps for their research peers by providing data collected from 1,000 driving segments done by its autonomous vehicles on roads, with each segment representing 20 seconds of continuous driving. It includes driving done in Phoenix, Ariz.; Kirkland, Wash.; Mountain View, Calif.; and San Francisco, Calif., and offering a range of different driving conditions, including at night, during rain, at dusk and more. The segments include data collected from five of Waymo's own proprietary lidars, as well as five standard cameras that face front and to the sides, providing a 360-degree view captured in high resolution, as well as synchronization Waymo uses to fuse lidar and imaging data. Objects, including vehicles, pedestrians, cyclists and signage is all labeled. "We decided to contribute our part to make, ultimately, researchers in academia ask the right questions -- and for that, they need the right data," Anguelov said. "And I think this will help everyone in the field; it is not an admission in any way that we have problems solving these issues. But there is always room for improvement in terms of efficiency, scaleability, amount of labels to need. It's a developing field. Mostly we're trying to get others into thinking about our problems and working with us, as opposed to doing work that's potentially not so impactful, given the current state of things."
DoorDash Still Pockets Workers' Tips Almost a Month After It Promised To Stop
DoorDash, the leading food delivery app in the U.S.,
is still pocketing workers' tips, despite
announcing last month that it would stop the practice and change its tipping policies. The announcement was made after a report from The New York Times highlighted how the company
uses tips to make up the worker's base pay -- essentially stealing the money you're trying to give someone to maximize their profits. Vox reports:
At the time, CEO Tony Xu announced in a series of tweets that DoorDash would institute a new model to ensure workers' earnings would "increase by the exact amount a customer tips on every order." Xu promised to provide "specific details in the coming days." The next day, Xu sent out a note to DoorDash workers, broadly outlining changes and letting them know âoewhat to expect in the days ahead."
But 27 days later, current DoorDash workers tell Recode that the company's pay and tipping policies have stayed the same. The company has not made any public statements about its worker pay and how it plans to institute the changes, nor has it offered a specific date when it will fulfill its promise. A spokesperson declined to comment about the company's plans to change its tipping policy. Soon after DoorDash's years-long tipping scheme was mentioned in the NYT's report, a class-action lawsuit was
filed against the company for misleading its customers about how their tips were used. The lawsuit, filed at the end of July, claims that DoorDash failed to make clear to its customers that tips they gave through its app to couriers were not being allocated as they were intended to be, and that had customers known this, they would not have tipped through the app.
Google DeepMind Co-Founder Placed On Leave From AI Lab
Mustafa Suleyman, the co-founder of Google's high-profile AI lab DeepMind,
has been placed on leave after controversy over some of the projects he led. Bloomberg reports:
Mustafa Suleyman runs DeepMind's "applied" division, which seeks practical uses for the lab's research in health, energy and other fields. Suleyman is also a key public face for DeepMind, speaking to officials and at events about the promise of AI and the ethical guardrails needed to limit malicious use of the technology. "Mustafa is taking time out right now after 10 hectic years," a DeepMind spokeswoman said. She didn't say why he was put on leave.
He founded DeepMind in 2010 alongside current Chief Executive Officer Demis Hassabis. Four years later, Google bought DeepMind for 400 million pounds (currently $486 million), an ambitious bet on the potential of AI that set off an expensive race in Silicon Valley for specialists in the field. DeepMind soon began working on health-care research, eventually creating a division dedicated to the area. Suleyman, nicknamed "Moose" and whose mother was a nurse, led the development of the DeepMind Health team, building it into a 100-person unit.
Moscow's Blockchain Voting System Cracked a Month Before Election
An anonymous reader quotes a report from ZDNet:
A French security researcher has found a critical vulnerability in the blockchain-based voting system Russian officials plan to use next month for the 2019 Moscow City Duma election. Pierrick Gaudry, an academic at Lorraine University and a researcher for INRIA, the French research institute for digital sciences, found that he could compute the voting system's private keys based on its public keys. This private keys are used together with the public keys to encrypt user votes cast in the election. Gaudry blamed the issue on Russian officials using a variant of the ElGamal encryption scheme that used encryption key sizes that were too small to be secure. This meant that modern computers could break the encryption scheme within minutes.
What an attacker can do with these encryption keys is currently unknown, since the voting system's protocols weren't yet available in English, so Gaudry couldn't investigate further. "Without having read the protocol, it is hard to tell precisely the consequences, because, although we believe that this weak encryption scheme is used to encrypt the ballots, it is unclear how easy it is for an attacker to have the correspondence between the ballots and the voters," the French researcher said. "In the worst case scenario, the votes of all the voters using this system would be revealed to anyone as soon as they cast their vote." The Moscow Department of Information Technology promised to fix the reported issue. "We absolutely agree that 256x3 private key length is not secure enough," a spokesperson
said in an online response. "This implementation was used only in a trial period. In few days the key's length will be changed to 1024."
However, a public key of a length of 1024 bits may not be enough,
according to Gaudry, who believes officials should use one of at least 2048 bits instead.
Flaws in Cellphone Evidence Prompt Review of 10,000 Verdicts in Denmark
The authorities in Denmark say they plan to review over 10,000 court verdicts
because of errors in cellphone tracking data offered as evidence. From a report:
The country's director of public prosecutions on Monday also ordered a two-month halt in prosecutors' use of cellphone data in criminal cases while the flaws and their potential consequences are investigated. "It's shaking our trust in the legal system," Justice Minister Nick Haekkerup said in a statement. The first error was found in an I.T. system that converts phone companies' raw data into evidence that the police and prosecutors can use to place a person at the scene of a crime. During the conversions, the system omitted some data, creating a less-detailed image of a cellphone's whereabouts. The error was fixed in March after the national police discovered it. In a second problem, some cellphone tracking data linked phones to the wrong cellphone towers, potentially connecting innocent people to crime scenes, said Jan Reckendorff, the director of public prosecutions.
"It's a very, very serious case," Mr. Reckendorff told Denmark's state broadcaster. "We cannot live with incorrect information sending people to prison." The authorities said that the problems stemmed partly from police I.T. systems and partly from the phone companies' systems, although a telecom industry representative said he could not understand how phone companies could have caused the errors. The national police determined that the flaws applied to 10,700 court cases dating to 2012, but it is unclear whether the faulty data was a decisive factor in any verdicts. The justice minister set up a steering group to track the extent of the legal problems they may have caused and to monitor the reviews of cases that may have been affected.
Intel, Google, Microsoft, and Others Launch Confidential Computing Consortium for Data Security
Major tech companies including Alibaba, Arm, Baidu, IBM, Intel, Google Cloud, Microsoft, and Red Hat today announced
intent to form the Confidential Computing Consortium to improve security for data in use. From a report:
Established by the Linux Foundation, the organization plans to bring together hardware vendors, developers, open source experts, and others to promote the use of confidential computing, advance common open source standards, and better protect data. "Confidential computing focuses on securing data in use. Current approaches to securing data often address data at rest (storage) and in transit (network), but encrypting data in use is possibly the most challenging step to providing a fully encrypted lifecycle for sensitive data," the Linux Foundation said today in a joint statement. "Confidential computing will enable encrypted data to be processed in memory without exposing it to the rest of the system and reduce exposure for sensitive data and provide greater control and transparency for users."
The consortium also said the group was formed because confidential computing will become more important as more enterprise organizations move between different compute environments like the public cloud, on-premises servers, or the edge. To get things started, companies made a series of open source project contributions including Intel Software Guard Extension (SGX), an SDK for code protection at the hardware layer.
Ask Slashdot: Should Microsoft Make an Xbox Phone?
dvda247 writes:
Since there's the Nintendo Switch and previously there was the Sony PSP (Playstation Portable), should Microsoft make an Xbox Phone? There are already 'gaming phones' like the ASUS ROG Phone 2, but should Microsoft jump back into the smartphone game to make a phone running Android that is focused primarily on playing Xbox One games? Xbox Game Pass and Xbox Play Anywhere would be huge selling points to make an Xbox Phone. What are your thoughts?
Researcher Publishes Second Steam Zero Day After Getting Banned on Valve's Bug Bounty Program
A Russian security researcher has published details about a zero-day in the Steam gaming client. This is the second Steam zero-day the researcher has made public in the past two weeks. From a report:
However, while the security researcher reported the first one to Valve and tried to have it fixed before public disclosure, he said he couldn't do the same with the second because the company banned him from submitting further bug reports via its public bug bounty program on the HackerOne platform. The entire chain of events behind the public disclosure of these two zero-days has caused quite a drama and discussions in the infosec community. All the negative comments have been aimed at Valve and the HackerOne staff, with both being accused of unprofessional behavior. Security researchers and regular Steam users alike are mad because Valve refused to acknowledge the reported issue as a security flaw, and declined to patch it.
Microsoft Contractors Listened To Xbox Owners in Their Homes
Contractors working for Microsoft have
listened to audio of Xbox users speaking in their homes in order to improve the console's voice command features,
Motherboard has learned. From a report:
The audio was supposed to be captured following a voice command like "Xbox" or "Hey Cortana," but contractors said that recordings were sometimes triggered and recorded by mistake. The news is the latest in a string of revelations that show contractors working on behalf of Microsoft listen to audio captured by several of its products. Motherboard previously reported that human contractors were listening to some Skype calls as well as audio recorded by Cortana, Microsoft's Siri-like virtual assistant.
"Xbox commands came up first as a bit of an outlier and then became about half of what we did before becoming most of what we did," one former contractor who worked on behalf of Microsoft told Motherboard. Motherboard granted multiple sources in this story anonymity as they had signed non-disclosure agreements. The former contractor said they worked on Xbox audio data from 2014 to 2015, before Cortana was implemented into the console in 2016. When it launched in November 2013, the Xbox One had the capability to be controlled via voice commands with the Kinect system.
Attribution