A Lithium-Ion Battery That You Can Scrunch
An anonymous reader quotes a report from IEEE Spectrum:
Busan-based firm Jenax has spent the past few years developing J.Flex, an advanced lithium-ion battery that is ultra-thin, flexible, and rechargeable. With the arrival of so many wearable gadgets, phones with flexible displays, and other portable gizmos, "we're now interacting with machines on a different level from what we did before," says EJ Shin, head of strategic planning at Jenax. "What we're doing at Jenax is putting batteries into locations where they couldn't be before," says Shin. Her firm demonstrated some of those new possibilities last week at CES 2020 in Las Vegas.
The devices shown by Jenax included a sensor-lined football helmet developed by UK-based firm HP1 Technologies to measure pressure and force of impact; a medical sensor patch designed in France that will be embedded in clothing to monitor a wearer's heart rate; and wearable power banks in the form of belts and bracelets for patients who must continuously be hooked up to medical devices. To make batteries flexible, companies play around with the components of a battery cell, namely the cathode, anode, electrolyte, and membrane separator. In the case of Jenax, which has more than 100 patents protecting its battery technology, Shin says the secret to its flexibility lies in "a combination of materials, polymer electrolyte, and the know-how developed over the years." J.Flex is made from graphite and lithium cobalt oxide, but its exact composition and architecture remains a secret. "J.Flex can be as thin as 0.5 millimeters (suitable for sensors), and as tiny as 20 by 20 millimeters (mm) or as large as 200 by 200 mm," the report adds. "Its operating voltage is between 3 and 4.25 volts. Depending on the size, battery capacity varies from 10 milliampere-hours to 5 ampere-hours, with close to 90 percent of this capacity remaining after 1,000 charge-discharge cycles. Each charge typically takes an hour. J. Flex's battery life depends on how it's used, Shin says -- a single charge can last for a month in a sensor, but wouldn't last that long if the battery was powering a display."
EFF Files Amicus Brief In Google v. Oracle, Arguing APIs Are Not Copyrightable
EFF has filed an amicus brief with the U.S. Supreme Court in Google v. Oracle, arguing that APIs are not copyrightable. From the press release: "The Electronic Frontier Foundation (EFF) today asked the U.S. Supreme Court to rule that functional aspects of Oracle's Java programming language are not copyrightable, and even if they were, employing them to create new computer code falls under fair use protections. The court is reviewing a long-running lawsuit Oracle filed against Google, which claimed that Google's use of certain Java application programming interfaces (APIs) in its Android operating system violated Oracle's copyrights. The case has far-reaching implications for innovation in software development, competition, and interoperability.
In a brief filed today, EFF argues that the Federal Circuit, in ruling APIs were copyrightable, ignored clear and specific language in the copyright statute that excludes copyright protection for procedures, processes, and methods of operation. 'Instead of following the law, the Federal Circuit decided to rewrite it to eliminate almost all the exclusions from copyright protection that Congress put in the statute,' said EFF Legal Director Corynne McSherry. 'APIs are not copyrightable. The Federal Circuit's ruling has created a dangerous precedent that will encourage more lawsuits and make innovative software development prohibitively expensive. Fortunately, the Supreme Court can and should fix this mess.'" Oral arguments before the U.S. Supreme Court are scheduled for March 2020, and a decision by June.
How To Beat South Korea's AI Hiring Bots and Land a Job
As Korean firms start using AI to help hire new employees, students
are going to school to learn how to beat the bots. Reuters reports:
From his basement office in downtown Gangnam, careers consultant Park Seong-jung is among those in a growing business of offering lessons in handling recruitment screening by computers, not people. Video interviews using facial recognition technology to analyze character are key, according to Park. "Don't force a smile with your lips," he told students looking for work in a recent session, one of many he said he has conducted for hundreds of people. "Smile with your eyes."
Classes in dealing with AI in hiring, now being used by major South Korean conglomerates like SK Innovation and Hyundai Engineering & Construction, are still a tiny niche in the country's multi-billion dollar cram school industry. But classes are growing fast, operators like Park's People & People consultancy claim, offering a three-hour package for up to 100,000 won ($86.26). According to Korea Economic Research Institute (KERI), nearly a quarter of the top 131 corporations in the country currently use or plan to use AI in hiring. One AI video system reviewed by Reuters asks candidates to introduce themselves, during which it spots and counts facial expressions including 'fear' and 'joy' and analyses word choices. It then asks questions that can be tough: "You are on a business trip with your boss and you spot him using the company (credit) card to buy himself a gift. What will you say?" AI hiring also uses 'gamification' to gauge a candidate's personality and adaptability by putting them through a sequence of tests.
City of Las Vegas Said It Successfully Avoided Devastating Cyberattack
An anonymous reader quotes a report from ZDNet:
Officials from the city of Las Vegas said they narrowly avoided a major security incident that took place on Tuesday, January 7. According to a statement published by the city on Wednesday, the compromise took place on Tuesday, at 4:30 am, in the morning. The city said IT staff immediately detected the intrusion and took steps to protect impacted systems. The city responded by taking several services offline, including its public website, which is still down at the time of writing.
City officials have not disclosed any details about the nature of the incident, but local press reported that it might have involved an email delivery vector. In a subsequent statement published on Twitter on Wednesday, the city confirmed it "resumed full operations with all data systems functioning as normal." "Thanks to our software security systems and fast action by our IT staff, we were fortunate to avoid what had the potential to be a devastating situation," it said. "We do not believe any data was lost from our systems and no personal data was taken. We are unclear as to who was responsible for the compromise, but we will continue to look for potential indications," the city also added.
Samsung's Removable-Battery Smartphone Is Coming To the US For $499
PolygamousRanchKid shares a report from The Verge:
We've already seen Samsung's new rugged smartphone with a removable battery, the Galaxy XCover Pro, because the company revealed it on its Finnish website before taking it down. Today, though, the company is officially announcing the phone and that it's coming to the U.S. for $499. For that price, you're getting a phone with a swappable battery that's a meaty 4,050mAh, and the phone even supports 15W fast charging, as well as with special docks that use pogo pins. The XCover Pro is intended to be used by workers in industrial settings or out in the field, so that huge battery should theoretically let workers use their phones for longer and give them the option to swap in a fresh battery in a pinch.
Otherwise, the phone's specs are mid-range: a 6.3-inch 2220 x 1080 display (which Samsung says you can use when you have gloves on), a 2GHz octa-core Exynos 9611 processor, 4GB of RAM, and 64GB of internal storage (with support for microSD storage up to 512GB). For cameras, the phone has a 13-megapixel front-facing camera in a corner of the screen and two rear cameras: a 25-megapixel camera and an 8-megapixel camera. It'll also ship with the latest Android 10 and Samsung's One UI 2.0, contrary to information from the early reveal that indicated that the XCover Pro was running Android 9 Pie.
Lawrence Lessig Sues New York Times For Defamation Over Jeffrey Epstein Donation Story
Harvard law professor Lawrence Lessig
sued the New York Times for defamation on Monday, claiming a story about Jeffrey Epstein's donations to MIT that referenced Lessig amounted to "clickbait." The Wrap reports:
The story in question was published on Sept. 14, 2019 under the headline, "A Harvard Professor Doubles Down: If You Take Epstein's Money, Do It in Secret." Its lede, or introduction, read, "It is hard to defend soliciting donations from the convicted sex offender Jeffrey Epstein. But Lawrence Lessig, a Harvard Law professor, has been trying." The lawsuit, filed in Massachusetts, states, 'Defendants' actions here are part of a growing journalistic culture of clickbaiting: the use of a shocking headline and/or lede to entice readers to click on a particular article, irrespective of the truth of the headline. Defendants are fully aware that many, if not most, readers never read past the clickbait and that their takeaway concerning the target of the headline is limited to what they read in the headline." It also states that Lessig asked the paper to change the headline and lede, but his request was not granted.
In a Medium blog post published concurrently with the lawsuit, Lessig contended that an essay he wrote, which was the central conversation piece for the interview the Times' story was based on, calls soliciting money from convicted sex offenders a "mistake." Lessig argues that the Times' headline suggests the exact opposite. His essay argued if institutions take money from such individuals, the donors should be anonymous. He added that the "mistake" he wrote about would result in "the kind of harm it would trigger in both victims and women generally." A Times spokesperson told TheWrap that "senior editors reviewed the story after Professor Lessig complained and were satisfied that the story accurately reflected his statements. We plan to defend against the claim vigorously."
Visa Is Acquiring Plaid For $5.3 Billion
announced today that it is
buying financial services API startup Plaid for $5.3 billion, roughly double the price of its last private valuation. TechCrunch reports:
Plaid develops financial services APIs. It is akin to what Stripe does for payments, but instead of facilitating payments, it helps developers share banking and other financial information more easily. It's the kind of service that makes sense for a company like Visa. The startup bought Quovo two years ago to move beyond just banking, and into broader financial services and investments. The idea was to provide a more holistic platform for financial services providers. As the founders wrote in a blog post at the time of the acquisition, "Financial applications have historically used Plaid primarily to interact with checking and savings accounts. In acquiring Quovo, we are extending our capabilities to a wider class of assets." The deal is expected to close in the next three to six months, pending regulatory approval.
Unpatched Citrix Vulnerability Now Exploited, Patch Weeks Away
An anonymous reader quotes a report from Ars Technica:
On December 16, 2019, Citrix revealed a vulnerability in the company's Application Delivery Controller and Gateway products -- commercial virtual-private-network gateways formerly marketed as NetScaler and used by tens of thousands of companies. The flaw, discovered by Mikhail Klyuchnikov of Positive Technologies, could give an attacker direct access to the local networks behind the gateways from the Internet without the need for an account or authentication using a crafted Web request. Citrix has published steps to reduce the risk of the exploit. But these steps, which simply configure a responder to handle requests using the text that targets the flaw, breaks under some circumstances and might interfere with access to the administration portal for the gateways by legitimate users. A permanent patch will not be released until January 20. And as of January 12, over 25,000 servers remain vulnerable, based on scans by Bad Packets.
This is not surprising, considering the number of Pulse Secure VPNs that have not yet been patched over six months after a fix was made available, despite Pulse Secure executives saying that they have "worked aggressively" to get customers to patch that vulnerability. And given that vulnerable Pulse Secure servers have been targeted now for ransomware attacks, the same will likely be true for unprotected Citrix VPN servers -- especially since last week, proof-of-concept exploits of the vulnerability began to appear, including at least two published on GitHub, as ZDNet's Catalin Cimpanu reported. "The vulnerability allows the remote execution of commands in just two HTTP requests, thanks to a directory traversal bug in the implementation of the gateway's Web interface," the report adds. "The attacks use a request for the directory '/vpn/../vpns/' to fool the Apache Web server on the gateway to point to the '/vpns/' directory without authentication. The attacks then inject a command based on the template returned from the first request."
You can check for the vulnerability
Bing Loses Out To DuckDuckGo in Google's New Android Search Engine Ballot
Google announced last week the alternative search engines it will show to new Android users in the EU, with DuckDuckGo the most frequently offered choice and Bing tied for last place. From a report:
EU citizens setting up Android devices from March 1 will given a choice of four search engines to use as their default, including Google. Whichever provider they chose will become the default for searches made in Chrome and through Android's home screen search box. A dedicated app for that provider will also be installed on their device.
Adobe Brings One of Its Last Legacy Products To the Cloud
Adobe unveiled a cloud-based system to
help clients build websites, bringing one of its last legacy products to the cloud almost a decade after shifting to internet-based software. From a report:
The new content management system already is being used by some customers, the San Jose, California-based company said Monday in a statement. The software maker announced the service at the National Retail Federation conference in New York. Adobe is the largest vendor for enterprise customers in a $3.8 billion market for software that builds websites and manages digital assets, according to data from research firm IDC. The company said it's the first to provide a purely cloud-computing based solution to large business clients. The software maker currently manages 15 billion web page visits per day and more than 50 million digital assets, including images and videos, across its customer base. Wix.com and closely held Squarespace are among the competitors in the field.
Barr Asks Apple To Unlock iPhones of Pensacola Gunman
Attorney General William P. Barr declared on Monday that a deadly shooting last month at a naval air station in Pensacola, Fla., was an act of terrorism, and he asked Apple in an unusually high-profile request to
provide access to two phones used by the gunman. From a report:
Mr. Barr's appeal was an escalation of an ongoing fight between the Justice Department and Apple pitting personal privacy against public safety. "This situation perfectly illustrates why it is critical that the public be able to get access to digital evidence," Mr. Barr said, calling on Apple and other technology companies to find a solution and complaining that Apple has provided no "substantive assistance."
Apple has given investigators materials from the iCloud account of the gunman, Second Lt. Mohammed Saeed Alshamrani, a member of the Saudi air force training with the American military, who killed three sailors and wounded eight others on Dec. 6. But the company has refused to help the F.B.I. open the phones themselves, which would undermine its claims that its phones are secure.
Google Can View Millions of Patient Health Records in Most States
Through its partnerships with health care providers, Google can
view tens of millions of patient records in at least three-quarters of states, the Wall Street Journal reports. From a report:
Some of these partnerships allow Google to access identifiable information about patients without their or their doctors' knowledge, raising fears about how this data may be used. Google is developing a new search tool -- designed to be used by doctors, nurses and potentially patients -- that stores and analyzes patient information on its servers. The company and some health systems say argue that data-sharing can improve patient outcomes. Google says its health endeavors aren't connected with its advertising business.
Are We on the Cusp of an 'AI Winter'?
The last decade was a big one for artificial intelligence but researchers in the field believe that the
industry is about to enter a new phase . From a report:
Hype surrounding AI has peaked and troughed over the years as the abilities of the technology get overestimated and then re-evaluated. The peaks are known as AI summers, and the troughs AI winters. The 10s were arguably the hottest AI summer on record with tech giants repeatedly touting AI's abilities. AI pioneer Yoshua Bengio, sometimes called one of the "godfathers of AI", told the BBC that AI's abilities were somewhat overhyped in the 10s by certain companies with an interest in doing so. There are signs, however, that the hype might be about to start cooling off.
"I have the sense that AI is transitioning to a new phase," said Katja Hofmann, a principal researcher at Microsoft Research in Cambridge. Given the billions being invested in AI and the fact that there are likely to be more breakthroughs ahead, some researchers believe it would be wrong to call this new phase an AI winter. Robot Wars judge Noel Sharkey, who is also a professor of AI and robotics at Sheffield University, told the BBC that he likes the term "AI autumn" -- and several others agree.
UK Govt Warns Not To Access Online Banking on Windows 7
The UK's National Cyber Security Centre (NCSC) is warning people of
using online banking or accessing sensitive accounts from devices running Windows 7 from Tuesday, 14 January, when Microsoft ends support for the operating system. From a report:
The NCSC, the government body for cybersecurity, is encouraging people to upgrade from Windows 7 as soon as possible, due to Microsoft's 2019 decision to stop providing technical support for the software. "The NCSC would encourage people to upgrade devices currently running Windows 7, allowing them to continue receiving software updates which help protect their devices," the NCSC spokesperson said. "We would urge those using the software after the deadline to replace unsupported devices as soon as possible, to move sensitive data to a supported device and not to use them for tasks like accessing bank and other sensitive accounts. They should also consider accessing email from a different device."
Supreme Court Declines To Consider Medical Diagnostic Patents
The U.S. Supreme Court stayed out of the debate over what
types of medical diagnostic tests can be patented, leaving in legal limbo companies that discover ways to diagnose and treat diseases based on patients' unique characteristics. From a report:
The justices rejected an appeal by Quest Diagnostics's Athena unit that sought to restore its patent for a test to detect the presence of an autoimmune disease. A lower court had ruled in favor of the nonprofit Mayo Clinic that the test wasn't eligible for a patent because it merely covered a natural law -- the correlation between the presence of an antibody and the disease. Justices on Monday also rejected appeals to clarify the rules regarding software patents. The Supreme Court's action leaves it to Congress to resolve an issue that's created a legal gray area for such discoveries.
Academic Research Finds Five US Telcos Vulnerable To SIM Swapping Attacks
A Princeton University academic study found that
five major US prepaid wireless carriers are vulnerable to SIM swapping attacks. From a report:
A SIM swap is when an attacker calls a mobile provider and tricks the telco's staff into changing a victim's phone number to an attacker-controlled SIM card. This allows the attacker to reset passwords and gain access to sensitive online accounts, like email inboxes, e-banking portals, or cryptocurrency trading systems. All last year, Princeton academics spent their time testing five major US telco providers to see if they could trick call center employees into changing a user's phone number to another SIM without providing proper credentials. According to the research team, AT&T, T-Mobile, Tracfone, US Mobile, and Verizon Wireless were found to be using vulnerable procedures with their customer support centers, procedures that attackers could use to conduct SIM swapping attacks. In addition, the research team also looked at 140 online services and websites and analyzed on which of these attackers could employ a SIM swap to hijack a user's account. According to the research team, 17 of the 140 websites were found to be vulnerable.
Microsoft To Replace Edge With Its Chromium Browser This Wednesday
replacing its Edge browser with the updated, Chromium-based version on January 15. Windows 10 users will be automatically transitioned over. From a report:
We already knew this was coming because Microsoft announced the new Edge's launch date last month, but it wasn't clear that users would be pushed to the new version. Thankfully it will look mostly the same as the existing Edge browser, with all the same proprietary Microsoft features, except for a slightly more Chrome-esque look. Since the new Chromium Edge will be based off the same browser as Google Chrome, Edge will now support all the same extensions. Last month developers were invited to port their Chrome extensions over to the Microsoft Store, with the company saying that most extensions could be transferred over without any additional work. Edge is the default browser for all 900 million Windows 10 users, so there's obviously an incentive there to port extensions.
Florida Joins US Government in Probing Foreign Ties of Researchers
Florida lawmakers have begun an investigation into the
foreign ties of researchers at the state's universities and research institution. The inquiry, the first of its kind at the state level, dovetails with an ongoing federal probe into whether such affiliations, notably with Chinese entities, pose a risk to the U.S. research enterprise. From a report:
The Florida effort is triggered by revelations last month that six scientists at the Moffitt Cancer Center had been dismissed for failing to disclose their participation in China's Thousand Talents Program. The researchers include the center's CEO, Alan List, and the head of its research center, Thomas Sellers. "I'm appalled by the actions of the Moffitt CEO and some of its researchers," says state Representative Chris Sprowls (R), who is chair of a bipartisan select committee created by Republican House Speaker Jose Oliva. "The question is, has there also been any theft of intellectual property? Clearly, the intent is there." The Moffitt case is the latest instance of scientists being ousted from U.S. biomedical research institutions after being accused of failing to disclose foreign research ties or undermining the integrity of the process by which the National Institutes of Health (NIH) funds research. The MD Anderson Cancer Center cut ties with three scientists in April 2019 as part of a larger investigation, and 1 month later Emory University announced it had fired two neuroscientists. All five were Asian Americans.
'We're Approaching the Limits of Computer Power -- We Need New Programmers Now'
Ever-faster processors led to bloated software, but
physical limits may force a return to the concise code of the past. John Naughton:
Moore's law is just a statement of an empirical correlation observed over a particular period in history and we are reaching the limits of its application. In 2010, Moore himself predicted that the laws of physics would call a halt to the exponential increases. "In terms of size of transistor," he said, "you can see that we're approaching the size of atoms, which is a fundamental barrier, but it'll be two or three generations before we get that far -- but that's as far out as we've ever been able to see. We have another 10 to 20 years before we reach a fundamental limit." We've now reached 2020 and so the certainty that we will always have sufficiently powerful computing hardware for our expanding needs is beginning to look complacent. Since this has been obvious for decades to those in the business, there's been lots of research into ingenious ways of packing more computing power into machines, for example using multi-core architectures in which a CPU has two or more separate processing units called "cores" -- in the hope of postponing the awful day when the silicon chip finally runs out of road. (The new Apple Mac Pro, for example, is powered by a 28-core Intel Xeon processor.) And of course there is also a good deal of frenzied research into quantum computing, which could, in principle, be an epochal development.
But computing involves a combination of hardware and software and one of the predictable consequences of Moore's law is that it made programmers lazier. Writing software is a craft and some people are better at it than others. They write code that is more elegant and, more importantly, leaner, so that it executes faster. In the early days, when the hardware was relatively primitive, craftsmanship really mattered. When Bill Gates was a lad, for example, he wrote a Basic interpreter for one of the earliest microcomputers, the TRS-80. Because the machine had only a tiny read-only memory, Gates had to fit it into just 16 kilobytes. He wrote it in assembly language to increase efficiency and save space; there's a legend that for years afterwards he could recite the entire program by heart. There are thousands of stories like this from the early days of computing. But as Moore's law took hold, the need to write lean, parsimonious code gradually disappeared and incentives changed.
India Orders Investigation Into Alleged Anti-Competitive Practices by Amazon and Walmart's Flipkart
India ordered a large-scale investigation into Flipkart and Amazon India on Monday after a retail trade group alleged that the e-commerce giants were
indulging in anti-competitive practices to gain foothold in the country. From a report:
Competition Commission of India (CCI), the local antitrust body, noted four concerns including the arrangements between smartphone vendors and e-commerce platforms to sell certain handsets exclusively online, and e-commerce firms apparently giving preferential treatment to certain sellers, and said these allegations merit an investigation. The CCI also ordered Director General to investigate whether Amazon India and Walmart are offering deep discounts on their marketplaces and promoting their own private labels.
ICANN Wants to Let VeriSign Raise Prices on .Com Domains
VeriSign has released a "proposed agreement" with ICANN to amend their exclusive .com registry agreement to allow them to
raise the price of dotcom registrations up to 28% every six years.
Those new terms "are now
open to public comment" -- and the Register points out that ICANN's decision
seems to come with a corresponding $20 million for ICANN:
Operator of the dot-com registry, Verisign, has decided to pay DNS overseer ICANN $4 million a year for the next five years in order to "educate the wider ICANN community about security threats."
Even though the generous $20 million donation has nothing to do with ICANN signing off on an extension of the dot-com contract until 2024, the "binding letter of intent" [PDF] stating the exact amount of funding will be appended to the registry agreement that Verisign has with ICANN to run the dot-com registry.
That extension lifts a price freeze put in place several years ago and will allow Verisign to increase prices by seven per cent a year [in each of the last four years of each six year contract renewal]. It's an increase that we calculated was worth $993 million and which the stock market appeared to agree with when it raised the company's share price by 16 per cent when the agreement was first flagged in November 2018...
ICANN explains the $20 million this time will be used to "support ICANN's initiatives to preserve and enhance the security, stability and resiliency of the DNS, including root server system governance, mitigation of DNS security threats, promotion and/or facilitation of DNSSEC deployment, the mitigation of name collisions, and research into the operation of the DNS."
Which is all entirely above board and not at all shady.
How Is Computer Programming Different Today Than 20 Years Ago?
This week a former engineer for the Microsoft Windows Core OS Division shared an insightful (and very entertaining) list with "
some changes I have noticed over the last 20 years" in the computer programming world. Some excerpts:
- Some programming concepts that were mostly theoretical 20 years ago have since made it to mainstream including many functional programming paradigms like immutability, tail recursion, lazily evaluated collections, pattern matching, first class functions and looking down upon anyone who don't use them...
- 3 billion devices run Java. That number hasn't changed in the last 10 years though...
- A package management ecosystem is essential for programming languages now. People simply don't want to go through the hassle of finding, downloading and installing libraries anymore. 20 years ago we used to visit web sites, downloaded zip files, copied them to correct locations, added them to the paths in the build configuration and prayed that they worked.
- Being a software development team now involves all team members performing a mysterious ritual of standing up together for 15 minutes in the morning and drawing occult symbols with post-its....
- Since we have much faster CPUs now, numerical calculations are done in Python which is much slower than Fortran. So numerical calculations basically take the same amount of time as they did 20 years ago...
- Even programming languages took a side on the debate on Tabs vs Spaces....
- Code must run behind at least three levels of virtualization now. Code that runs on bare metal is unnecessarily performant....
- A tutorial isn't really helpful if it's not a video recording that takes orders of magnitude longer to understand than its text.
- There is StackOverflow which simply didn't exist back then. Asking a programming question involved talking to your colleagues.
- People develop software on Macs.
In our new world where internet connectivity is the norm and being offline the exception, "Security is something we have to think about now... Because of side-channel attacks we can't even trust the physical processor anymore."
And of course, "We don't use IRC for communication anymore. We prefer a bloated version called Slack because we just didn't want to type in a server address...."