How Google Researchers Used Neural Networks To Make Weather Forecasts
A research team at Google has
developed a deep neural network that can make fast, detailed rainfall forecasts. Google says that its forecasts
are more accurate than conventional weather forecasts, at least for time periods under six hours. Ars Technica reports:
The researchers say their results are a dramatic improvement over previous techniques in two key ways. One is speed. Google says that leading weather forecasting models today take one to three hours to run, making them useless if you want a weather forecast an hour in the future. By contrast, Google says its system can produce results in less than 10 minutes -- including the time to collect data from sensors around the United States. A second advantage: higher spatial resolution. Google's system breaks the United States down into squares 1km on a side. Google notes that in conventional systems, by contrast, "computational demands limit the spatial resolution to about 5 kilometers."
Interestingly, Google's model is "physics-free": it isn't based on any a priori knowledge of atmospheric physics. The software doesn't try to simulate atmospheric variables like pressure, temperature, or humidity. Instead, it treats precipitation maps as images and tries to predict the next few images in the series based on previous snapshots. It does this using convolutional neural networks, the same technology that allows computers to correctly label images. Specifically, it uses a popular neural network architecture called a U-Net that was first developed for diagnosing medical images. The U-net has several layers that downsample an image from its initial 256-by-256 shape, producing a lower-resolution image where each "pixel" represents a larger region of the original image. Google doesn't explain the exact parameters, but a typical U-Net might convert a 256-by-256 grid to a 128-by-128 grid, then convert that to a 64-by-64 grid, and finally a 32-by-32 grid. While the number of pixels is declining, the number of "channels" -- variables that capture data about each pixel -- is growing.
The second half of the U-Net then upsamples this compact representation -- converting back to 64, 128, and finally 256-pixel representations. At each step, the network copies over the data from the corresponding downsampling step. The practical effect is that the final layer of the network has both the original full-resolution image and summary data reflecting high-level features inferred by the neural network. To produce a weather forecast, the network takes an hour's worth of previous precipitation maps as inputs. Each map is a "channel" in the input image, just as a conventional image has red, blue, and green channels. The network then tries to output a series of precipitation maps reflecting the precipitation over the next hour. Like any neural network, this one is trained with past real-world examples. After repeating this process millions of times, the network gets pretty good at approximating future precipitation patterns for data it hasn't seen before.
Verizon Media Launches OneSearch, a Privacy-Focused Search Engine
An anonymous reader quotes a report from VentureBeat:
Verizon Media, the media and digital offshoot of telecommunications giant Verizon, has launched a "privacy-focused" search engine called OneSearch. With OneSearch, Verizon promises there will be no cookie tracking, no ad personalization, no profiling, no data-storing, and no data-sharing with advertisers.
With its default dark mode, OneSearch lets you know that Advanced Privacy Mode is activated. You can manually toggle this mode to the "off" position which returns a brighter interface, but with this setting deactivated you won't have access to privacy features such as search-term encryption. With Advanced Privacy Mode on, links to search results will only be shareable for an hour, after which time they will "self-destruct" and return an error to anyone who clicks on it. More broadly, the OneSearch interface is clean and fairly familiar to anyone who has used a search engine before. But at its core, it promises to show the same search results to everyone given that it's not tailored to the individual. In the OneSearch
"Verizon said that it will monetize its new search engine through advertising; however, the advertising won't be based on browsing history or data that personally identifies the individual -- it will only serve contextual advertisements based on each individual search," reports VentureBeat. OneSearch is currently available on desktop and mobile web, with mobile apps coming later this month.
Cut Undersea Cable Plunges Yemen Into Days-Long Internet Outage
Last week, the internet went dark for Yemen and its 28 million citizens. It's still not fully back today. In fact, the entire Red Sea region has dealt with slow to nonexistent connectivity
since the severing of a single submarine cable on Thursday. Wired reports:
Kuwait, Saudi Arabia, Sudan, and Ethiopia all felt major effects from last week's cut of the so-called Falcon cable, which even impacted countries as far away as Comoros and Tanzania. Most of them weren't totally knocked offline, though, because they were able to fall back on other lines of connectivity. In Yemen, though, that one cable cut led to an 80 percent drop in capacity. Though the country still had that last 20 percent, trying to route a water main of web traffic through a drinking straw resulted in near-total connectivity failure.
While internet blackouts have been used in regions like Iran and Kashmir as a political cudgel, there's no indication that the cut in Yemen's case was nefarious; it's more likely that an anchor unintentionally severed it. Fixing it, though, won't be so simple. Yemen has three submarine cable landings -- a Falcon connection in the east, another Falcon connection in the west, and a third landing in the port city of Aden, which connects to two other cables altogether. Due to an ongoing civil war, Aden is the temporary capital of Yemen, controlled by the Hadi government; Houthi-controlled territory geographically divides the country. By Saturday, one of Yemen's two main internet service providers -- YemenNet -- was able to restore some connectivity by working with Oman's major ISP, Omantel, to receive service from a different undersea cable. The Falcon cable has not yet been fixed, though, and countries like Saudi Arabia and Kuwait, along with Yemen, are still dealing with lingering impacts of the cut. If providers don't have a backup means of communication, or have to reestablish service with a manual rerouting process, restoring connectivity can take days.
Dating and Fertility Apps Among Those Snitching To 'Out of Control' Ad Tech, Report Finds
The Norwegian Consumer Council
published an analysis of how popular apps are sharing user data with the behavioral ad industry. TechCrunch reports the findings:
A majority of the apps that were tested for the report were found to transmit data to "unexpected third parties" -- with users not being clearly informed about who was getting their information and what they were doing with it. Most of the apps also did not provide any meaningful options or on-board settings for users to prevent or reduce the sharing of data with third parties. "The evidence keeps mounting against the commercial surveillance systems at the heart of online advertising," the Council writes, dubbing the current situation "completely out of control, harming consumers, societies, and businesses," and calling for curbs to prevalent practices in which app users' personal data is broadcast and spread "with few restraints."
In the report, app users' data is documented being shared with tech giants such as Facebook, Google and Twitter -- which operate their own mobile ad platforms and/or other key infrastructure related to the collection and sharing of smartphone users' data for ad targeting purposes -- but also with scores of other faceless entities that the average consumer is unlikely to have heard of. [...] Among the findings are a makeup filter app sharing the precise GPS coordinates of its users; ovulation, period and mood-tracking apps sharing users' intimate personal data with Facebook and Google (among others); dating apps exchanging user data with each other, and also sharing with third parties sensitive user info like individuals' sexual preferences (and real-time device specific tells such as sensor data from the gyroscope...); and a games app for young children that was found to contain 25 embedded SDKs and which shared the Android Advertising ID of a test device with eight third parties. The 10 apps whose data flows were analyzed for the report are the dating apps Grindr, Happn, OkCupid, and Tinder; fertility/period tracker apps Clue and MyDays; makeup app Perfect365; religious app Muslim: Qibla Finder; children's app My Talking Tom 2; and the keyboard app Wave Keyboard.
Rapper Akon Created His Own Cryptocurrency City In Senegal Called 'Akon City'
An anonymous reader quotes a report from CNN:
It's official, Akon has his own city in Senegal. Known as "Akon City," the rapper and entrepreneur tweeted Monday that he had finalized the agreement for the new city. Akon, who is of Senegalese descent, originally announced plans for the futuristic "Crypto city" in 2018 saying that the city would be built on a 2,000-acre land gifted to him by the President of Senegal, Macky Sall. The new city would also trade exclusively in his own digital cash currency called AKoin, he said. The official website for the city said at the time it would be a five-minute drive from the West African state's new international airport. According to a video
posted to the project's Facebook page, "all transactional activity" in Akon City will be conducted using AKoin.
"What's worrying is that, at this stage, there doesn't appear to be any white paper for Akon's cryptocurrency, so it's hard to gauge exactly what we're in for,"
reports The Next Web. "The associated website does however hype the release of a white paper and an 'explainer video' sometime before February this year."
Coral Is Google's Quiet Initiative To Enable AI Without the Cloud
working to improve the speed and security of on-device AI through a little-known initiative called
Coral. The Verge reports:
"Traditionally, data from [AI] devices was sent to large compute instances, housed in centralized data centers where machine learning models could operate at speed," Vikram Tank, product manager at Coral, explained to The Verge over email. "Coral is a platform of hardware and software components from Google that help you build devices with local AI -- providing hardware acceleration for neural networks ... right on the edge device." To meet customers' needs Coral offers two main types of products: accelerators and dev boards meant for prototyping new ideas, and modules that are destined to power the AI brains of production devices like smart cameras and sensors. In both cases, the heart of the hardware is Google's Edge TPU, an ASIC chip optimized to run lightweight machine learning algorithms -- a (very) little brother to the water-cooled TPU used in Google's cloud servers.
While its hardware can be used by lone engineers to create fun projects (Coral offers guides on how to build an AI marshmallow-sorting machine and smart bird feeder, for example), the long-term focus, says Tank, is on enterprise customers in industries like the automotive world and health care. Although Coral is targeting the world of enterprise, the project actually has its roots in Google's "AIY" range of do-it-yourself machine learning kits, says Tank. Launched in 2017 and powered by Raspberry Pi computers, AIY kits let anyone build their own smart speakers and smart cameras, and they were a big success in the STEM toys and maker markets. Tank says the AIY team quickly noticed that while some customers just wanted to follow the instructions and build the toys, others wanted to cannibalize the hardware to prototype their own devices. Coral was created to cater to these customers. The Coral team says it's trying to differentiate itself from the competition by tightly integrating its hardware with Google's ecosystem of AI services. "Coral is so tightly integrated with Google's AI ecosystem that its Edge TPU-powered hardware only works with Google's machine learning framework, TensorFlow, a fact that rivals in the AI edge market The Verge spoke to said was potentially a limiting factor," the report says.
"Coral products process specifically for their platform [while] our products support all the major AI frameworks and models in the market," a spokesperson for AI edge firm Kneron told The Verge. (Kneron said there was "no negativity" in its assessment and that Google's entry into the market was welcome as it "validates and drives innovation in the space.")
Amazon To Ask Court To Block Microsoft From Working On $10 Billion JEDI Contract
An anonymous reader quotes a report from The Register:
Amazon Web Services is expecting a decision next month from a U.S. court about whether the brakes will be slammed on the Pentagon's lucrative Joint Enterprise Defense Infrastructure (JEDI) contract awarded to Microsoft. The filing (PDF), on January 13, sets up the schedule for key dates including February 11, when AWS and Microsoft's lawyers have agreed to expect a court to decide on AWS's motion for a temporary restraining order. A preliminary injunction is also possibly on the cards.
The significance of February -- and the reason for the sped-up negotiated schedule -- is that three days before Valentine's, the $10 billion mega-contract is supposed to begin, and, as the filing notes, "the United States has previously advised AWS and the Court [it] will begin on February 11, 2020," reiterating that "the United States' consistent position that the services to be procured under the Contract are urgently needed in support of national security." Interestingly, the U.S. -- via the Department of Defense -- said in the document that in this specific "bid protest case, it does not intend to file an answer" to AWS's complaint. Microsoft and the U.S. government have agreed to file their motions to dismiss on January 24 -- the same date AWS is flinging out its "temporary restraining order and/or preliminary injunction" to pull the JEDI light saber away from Microsoft. Amazon's initial formal appeal of the decision
pointed much of the blame at President Trump, who has been a public critic of Amazon.
"Should it get the nod, AWS's injunction will 'prevent the issuance of substantive task orders under the contract' despite the U.S.'s position that the services 'are urgently needed in support of national security,'" reports The Register.
'Why the Foundations of Physics Have Not Progressed For 40 Years'
Sabine Hossenfelder, research fellow at the Frankfurt Institute for Advanced Studies, writes:
What we have here in the foundation of physics is a plain failure of the scientific method. All these wrong predictions should have taught physicists that just because they can write down equations for something does not mean this math is a scientifically promising hypothesis. String theory, supersymmetry, multiverses. There's math for it, alright. Pretty math, even. But that doesn't mean this math describes reality. Physicists need new methods. Better methods. Methods that are appropriate to the present century. And please spare me the complaints that I supposedly do not have anything better to suggest, because that is a false accusation. I have said many times that looking at the history of physics teaches us that resolving inconsistencies has been a reliable path to breakthroughs, so that's what we should focus on. I may be on the wrong track with this, of course.
Why don't physicists have a hard look at their history and learn from their failure? Because the existing scientific system does not encourage learning. Physicists today can happily make career by writing papers about things no one has ever observed, and never will observe. This continues to go on because there is nothing and no one that can stop it. You may want to put this down as a minor worry because -- $40 billion dollar collider aside -- who really cares about the foundations of physics? Maybe all these string theorists have been wasting tax-money for decades, alright, but in the large scheme of things it's not all that much money. I grant you that much. Theorists are not expensive. But even if you don't care what's up with strings and multiverses, you should worry about what is happening here. The foundations of physics are the canary in the coal mine. It's an old discipline and the first to run into this problem. But the same problem will sooner or later surface in other disciplines if experiments become increasingly expensive and recruit large fractions of the scientific community. Indeed, we see this beginning to happen in medicine and in ecology, too.
Microsoft Patches Major Windows 10 Vulnerability After NSA Warning
Microsoft on Tuesday
patched an extraordinarily serious security vulnerability in a core cryptographic component
present in all versions of Windows. The vulnerability was spotted and reported by the NSA. CNBC reports:
The flaw affected encryption of digital signatures used to authenticate content, including software or files. If exploited, the flaw could allow criminals to send malicious content with fake signatures that make it appear safe. The finding was reported earlier by The Washington Post. It is unclear how long the NSA knew about the flaw before reporting it to Microsoft. The cooperation, however, is a departure from past interactions between the NSA and major software developers such as Microsoft. In the past, the top security agency has kept some major vulnerabilities secret in order to use them as part of the U.S. tech arsenal.
In a statement, Microsoft declined to confirm or offer further details. "We follow the principles of coordinated vulnerability disclosure as the industry best practice to protect our customers from reported security vulnerabilities. To prevent unnecessary risk to customers, security researchers and vendors do not discuss the details of reported vulnerabilities before an update is available." Jeff Jones, a senior director at Microsoft said in a statement Tuesday: "Customers who have already applied the update, or have automatic updates enabled, are already protected. As always we encourage customers to install all security updates as soon as possible." Microsoft told CNBC that it had not seen any exploitation of the flaw "in the wild," which means outside a lab testing environment.
How Digital Sleuths Unravelled the Mystery of Iran's Plane Crash
Open-source intelligence proved vital in the investigation into Ukraine Airlines flight PS752. Then
Iranian officials had to admit the truth. From a report:
[...] In the days after the Ukraine Airlines plane crashed into the ground outside Tehran, Bellingcat and The New York Times have blown a hole in the supposition that the downing of the aircraft was an engine failure. The pressure -- and the weight of public evidence -- compelled Iranian officials to admit overnight on January 10 that the country had shot down the plane "in error." So how do they do it? "You can think of OSINT as a puzzle. To get the complete picture, you need to find the missing pieces and put everything together," says Lorand Bodo, an OSINT analyst at Tech versus Terrorism, a campaign group. The team at Bellingcat and other open-source investigators pore over publicly available material. Thanks to our propensity to reach for our cameraphones at the sight of any newsworthy incident, video and photos are often available, posted to social media in the immediate aftermath of events. "Open source investigations essentially involve the collection, preservation, verification, and analysis of evidence that is available in the public domain to build a picture of what happened," says Yvonne McDermott Rees, a lecturer at Swansea University.
Some of the clips in this incident surfaced on Telegram, the encrypted messaging app popular in the Middle East, while others were sent directly to Bellingcat. "Because Bellingcat is known for our open source work on MH17, people immediately thought of us. People started sending us links they'd found," says Eliot Higgins of Bellingcat. "It was involuntary crowdsourcing." OSINT investigators then utilise metadata, including EXIF data -- which is automatically inserted into videos and photos, showing everything from the type of camera used to take the images to the precise latitude and longitude of where the taker was standing -- to validify that the footage is legitimate. They'll also try and identify who took the footage, and whether it's practical for them to have been where they claim to have been at the time. However, for this instance, they couldn't use EXIF data. "People would share photos and videos on Telegram which strip the metadata, and then someone else would find that and share it on Twitter," says Higgins. "We were really getting a second-hand or third-hand version of these images. All we have to go on is what's visible in the photograph." So instead they moved onto the next step.
Amazon Lifts FedEx Ground-Delivery Ban For Sellers
Amazon is telling sellers they can
begin using FedEx's ground delivery after the company temporarily
halted access to the service during the holiday shopping season. From a report:
The company will resume FedEx's Ground and Home services on Tuesday at 5 p.m. ET, according to an email Amazon sent Tuesday to merchants that was viewed by CNBC. An Amazon spokesperson confirmed to CNBC that the company is resuming ground-delivery service on Tuesday. The spokesperson said FedEx Ground and Home services have been consistently meeting Amazon's on-time delivery requirements, so it reinstated the shipping option for Prime orders.
Annual Global PC Shipments Grow For the First Time in 8 Years
Annual global PC shipments rose for the first time in eight years, according to data released by industry tracking firms late Monday. New submitter
International Data Group said late Monday that global PC shipments rose 2.7% year-over-year to 266.7 million units, the first annual gain since 2011, when PC shipments rose 1.7%. "This past year was a wild one in the PC world, which resulted in impressive market growth that ultimately ended seven consecutive years of market contraction," said Ryan Reith, program vice president with IDC's Worldwide Mobile Device Trackers. "The market will still have its challenges ahead, but this year was a clear sign that PC demand is still there despite the continued insurgence of emerging form factors and the demand for mobile computing," Reith said. Over at Gartner, data showed that PC shipments grew 0.6% for the year to 261.2 million units. Gartner does not include Chromebooks that run on Google operating system or Apple iPads.
Cookies Track You Across the Internet. Google Plans To Phase Them Out
Google has announced plans to
limit the ability of other companies to track people across the internet and collect information about them, a significant change that has widespread ramifications for online privacy as well as the digital economy. From a report:
The company said Tuesday that it plans to phase out the use of digital tools known as tracking cookies, which other companies use to identify people online and learn more about them. The move is meant to offer users greater control over their digital footprints and enhance user privacy, according to Google. But the move could also provide Google with even greater control over the online advertising market, which the company already dominates. Google said the change will come to its Chrome web browser and be rolled out over two years. Google did not announce any changes to its own data collection methods.
Google also said that a previously announced change to make third-party cookies more secure and precise in their abilities will be rolled out in February. Justin Schuh, director of engineering for trust and safety for Google's Chrome, said the search giant needs time to enact changes because it is working with advertisers and publishers to address the need for cookies to remember sign-ins, embed third-party services such as weather widgets and deliver targeted advertising. But he did not downplay the significance of Google's announcement. "We want to change the way the web works," he said in an interview.
Amazon Taps AI To Figure Out Why Customers Buy Seemingly Irrelevant Products
Why do customers buy products seemingly irrelevant to their web and voice assistant searches? That's a good question -- and one a team of Amazon researchers sought to answer in a
study scheduled to be presented at the upcoming ACM Web Search and Data Mining conference in February. From a report:
In it, they say that their analyses -- which looked at purchases and "engagements," the latter defined as interactions like sending search results to cell phones and adding products to shopping carts -- suggests customers are partial to products that are broadly popular or cheaper than products relevant to a given search query. Additionally, they say people are much more likely to buy or engage with irrelevant products in a few categories -- such as toys and digital products -- than in categories like beauty products and groceries. "Product search algorithms, like the ones that help customers place orders through [our Alexa assistant], aim at returning the products that are most relevant to users' queries, where relevance is usually interpreted as 'anything that satisfies the users' need,' wrote Laine Lewin-Eytan, senior manager of applied research in the Alexa Shopping group, in a blog post. "A common way to estimate customers' satisfaction is to rely on the judgment of human annotators. (We annotate a very small fraction of 1% of interactions.)"
Google To Phase Out User-Agent Strings in Chrome
Google has announced plans today to
phase out the usage of user-agent strings in its web browser Chrome. From a report:
UA strings have been developed part of the Netscape browser in the 90s, and have been in use ever since. For decades, websites have used UA strings to fine-tune features based on a visitor's technical specifications. But now, Google says that this once-useful mechanism has become a constant source of problems, on different fronts. For starters, UA strings have been used by online advertisers as a way to track and fingerprint website visitors. "On top of those privacy issues, User-Agent sniffing is an abundant source of compatibility issues, in particular for minority browsers, resulting in browsers lying about themselves (generally or to specific sites) , and sites (including Google properties) being broken in some browsers for no good reason," said Yoav Weiss, a Google engineer working on the Chrome browser.
To address these issues, Google said it plans to phase out the importance of UA strings in Chrome by freezing the standard as a whole. Google's plan is to stop updating Chrome's UA component with new strings (the UA string text that Chrome shares with websites). The long-term plan is to unify all Chrome UA strings into generic values that don't reveal too much information about a user. This means that new Chrome browser releases on new platforms such as new smartphone models or new OS releases will use a generic UA string, rather than one that's customised for that specific platform.
Apple Responds To AG Barr Over Unlocking Pensacola Shooter's Phone: 'No.'
On Monday, Attorney General William Barr called on Apple to
unlock the alleged phone of the Pensacola shooter -- a man who murdered three people and injured eight others on a Naval base in Florida in December. Apple has
responded by essentially saying: "no." From a report:
"We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation," the company said. "It was not until January 8th that we received a subpoena for information related to the second iPhone, which we responded to within hours," Apple added, countering Barr's characterization of the company being slow in its approach to the FBI's needs. However, it ends the statement in no uncertain terms: "We have always maintained there is no such thing as a backdoor just for the good guys." Despite pressure from the government, Apple has long held that giving anyone the keys to users' data or a backdoor to their phones -- even in cases where terrorism or violence was involved -- would compromise every user. The company is clearly standing by those principles.
The Military Is Building Long-Range Facial Recognition That Works in the Dark
An anonymous reader shares a report:
The U.S. military is spending more than $4.5 million to develop facial recognition technology that reads the pattern of heat being emitted by faces in order to identify specific people. The technology would work in the dark and across long distances, according to contracts posted on a federal spending database. Facial recognition is already employed by the military, which uses the technology to identify individuals on the battlefield. But existing facial recognition technology typically relies on images generated by standard cameras, such as those found in iPhone or CCTV networks.
Now, the military wants to develop a facial recognition system that analyzes infrared images to identify individuals. The Army Research Lab has previously publicized research in this area, but these contracts, which started at the end of September 2019 and run until 2021, indicate the technology is now being actively developed for use in the field. "Sensors should be demonstrable in environments such as targets seen through automotive windshield glass, targets that are backlit, and targets that are obscured due to light weather (e.g., fog)," the Department of Defense indicated when requesting proposals.
US Patents Hit Record 333,530 Granted in 2019; IBM, Samsung (Not the FAANGs) Lead the Pack
IFI Claims, a company that tracks patent activity in the US, reports that 2019 saw a new
high-watermark of 333,530 patents granted by the US Patent and Trademark Office. From a report:
The figures are notable for a few reasons. One is that this is the most patents ever granted in a single year; and the second that this represents a 15% jump on a year before. The high overall number speaks to the enduring interest in safeguarding IP, while the 15% jump has to do with the fact that patent numbers actually dipped last year (down 3.5%) while the number that were filed and still in application form (not granted) was bigger than ever. If we can draw something from that, it might be that filers and the USPTO were both taking a little more time to file and process, not a reduction in the use of patents altogether. But patents do not tell the whole story in another very important regard. Namely, the world's most valuable, and most high profile tech companies are not always the ones that rank the highest in patents filed. [...] As with previous years -- the last 27, to be exact -- IBM has continued to hold on to the top spot for patents granted, with 9,262 in total for the year. Samsung Electronics, at 6,469, is a distant second.
Boeing Employees Mocked Lion Air Staff For Seeking 737 Max Training, Calling Them 'Idiots.' A Year Later 189 People Died When One of Their Jets Crashed
Indonesia's Lion Air considered putting its pilots through simulator training before flying the Boeing 737 Max but
abandoned the idea after the planemaker convinced them in 2017 it was unnecessary,
Bloomberg reported Tuesday, citing people familiar with the matter and internal company communications. From the report:
The next year, 189 people died when a Lion Air 737 Max plunged into the Java Sea, a disaster blamed in part on inadequate training and the crew's unfamiliarity with a new flight-control feature on the Max that malfunctioned. Boeing employees had expressed alarm among themselves over the possibility that one of the company's largest customers might require its pilots to undergo costly simulator training before flying the new 737 model, according to internal messages that have been released to the media. Those messages, included in the more than 100 pages of internal Boeing communications that the company provided to lawmakers and the U.S. Federal Aviation Administration and released widely on Thursday, had Lion Air's name redacted.
Cryptic Rumblings Ahead of First 2020 Patch Tuesday
Sources tell KrebsOnSecurity that Microsoft is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. Those sources say Microsoft has quietly shipped a patch for the bug to branches of the U.S. military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. 14, the first Patch Tuesday of 2020. According to sources, the vulnerability in question resides in a Windows component known as crypt32.dll, a Windows module that Microsoft says handles "certificate and cryptographic messaging functions in the CryptoAPI." The Microsoft CryptoAPI provides services that enable developers to secure Windows-based applications using cryptography, and includes functionality for encrypting and decrypting data using digital certificates. NSA said on Tuesday that it spotted the vulnerability and reported it to Microsoft. NSA said Microsoft will report later today that it has seen no active exploitation of this vulnerability. NSA's Director of Cybersecurity, Anne Neuberger, says the critical cryptographic vulnerability resides in Windows 10 and Windows Server 2016, and that the concern about this particular flaw is that it "makes trust vulnerable."
Elon Musk Shows How Teslas Will Talk To Pedestrians
An anonymous reader quotes a report from CNET:
In a tweet, the Tesla CEO Elon Musk said the company's vehicles will soon be able to talk to pedestrians if you choose, and he showed off a clip of the unnamed feature in action. The Model 3 passing by tells the cameraman, "Well, don't just stand there staring, hop in."
Musk didn't dish out more information on the function, but the speakers used are likely the same ones added to meet new regulations for electric cars and plug-in hybrids this year. Teslas, and all other EVs, will need to make an alert tone under 18.6 mph starting this year. What also isn't clear is how the car will actually talk. Clearly, the clip above is a prerecorded message. If drivers will actually be able to speak to pedestrians remains unknown, or perhaps Tesla will offer a library of messages. Tesla told Roadshow Musk's tweet "is the extent of what we're sharing right now, though the CEO did say Teslas will also be able to "fart in [pedestrians'] general direction."
App Tracking Alert In iOS 13 Has Dramatically Cut Location Data Flow To Ad Industry
Apple's initiatives to minimize tracking by marketers
is continuing to make life harder for the advertising industry, forcing advertisers to use inefficient data sources to pinpoint users. AppleInsider reports:
Over the years, Apple has enhanced how it protects the privacy of its users online, typically by limiting what data can be seen by advertisers tracking different data points. Initiatives such as Intelligent Tracking Protection in Safari has helped secure more privacy by making it harder to track individual users, which advertising executives in December admitted has been "stunningly effective." While ITP and other improvements have helped to minimize the tracking of users, marketers are also being affected by another element of iOS 13, one where users are regularly notified of apps that are capturing their location in the background. The warning gives options for users to allow an app to continue to track all the time or to do so when it is open, with users often selecting the latter.
According to data from verification firm Location Sciences seen by DigiDay, approximately seven in ten iPhone users tracked by the company downloaded iOS 13 in its first six weeks of availability. Of those tracked users who installed the update, around 80% of them stopped all background tracking by apps. Ad tracking company Teemo suggests the opt-in rates to share data with apps when not in use are often below 50%, whereas three years ago, the same rates were close to 100%. The higher rates were due to it being a time when users were largely unaware there were options to disable tracking in the first place.
Scientists Use Stems Cells From Frogs To Build First Living Robots
Cy Guy writes:
Having not learned the lessons of Jurassic Park and the Terminator, scientists from the University of Vermont and Tufts have created "reconfigurable organisms" using stem cells from frogs. But don't worry, the research was funded by the Department of Defense, so I'm sure nothing could possibly go wrong this time. "The robots, which are less than 1mm long, are designed by an 'evolutionary algorithm' that runs on a supercomputer," reports The Guardian. "The program starts by generating random 3D configurations of 500 to 1,000 skin and heart cells. Each design is then tested in a virtual environment, to see, for example, how far it moves when the heart cells are set beating. The best performers are used to spawn more designs, which themselves are then put through their paces."
"Because heart cells spontaneously contract and relax, they behave like miniature engines that drive the robots along until their energy reserves run out," the report adds. "The cells have enough fuel inside them for the robots to survive for a week to 10 days before keeling over."
The findings have been
published in the Proceedings of the National Academy of Sciences.