Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Microsoft

Microsoft Patents A User-Monitoring AI That Improves Search Results (hothardware.com) 47

Slashdot reader MojoKid quotes a HotHardware article about Microsoft's new patent filing for an OS "mediation component": This is Microsoft's all-seeing-eye that monitors all textual input within apps to intelligently decipher what the user is trying to accomplish. All of this information could be gathered from apps like Word, Skype, or even Notepad by the Mediator and processed. So when the user goes to, for example, the Edge web browser to further research a topic, those contextual concepts are automatically fed into a search query.

The search engine (e.g., Bing and Cortana) uses contextual rankers to adjust the ranking of the default suggested queries to produce more relevant [results]. The operating system...tracks all textual data displayed to the user by any application, and then performs clustering to determine the user intent (contextually).

The article argues this feels "creepy and big brother-esque," and while Microsoft talks of defining a "task continuum," suggests the patent's process "would in essence keep track of everything you type and interact with in the OS and stockpile it in real-time to data-dump into Bing."
Open Source

Ask Slashdot: Who's Building The Open Source Version of Siri? (upon2020.com) 125

We're moving to a world of voice interactions processed by AI. Now Long-time Slashdot reader jernst asks, "Will we ever be able to do that without going through somebody's proprietary silo like Amazon's or Apple's?" A decade ago, we in the free and open-source community could build our own versions of pretty much any proprietary software system out there, and we did... But is this still true...? Where are the free and/or open-source versions of Siri, Alexa and so forth?

The trouble, of course, is not so much the code, but in the training. The best speech recognition code isn't going to be competitive unless it has been trained with about as many millions of hours of example speech as the closed engines from Apple, Google and so forth have been. How can we do that? The same problem exists with AI. There's plenty of open-source AI code, but how good is it unless it gets training and retraining with gigantic data sets?

And even with that data, Siri gets trained with a massive farm of GPUs running 24/7 -- but how can the open source community replicate that? "Who has a plan, and where can I sign up to it?" asks jernst. So leave your best answers in the comments. Who's building the open source version of Siri?
Censorship

Krebs Is Back Online Thanks To Google's Project Shield (krebsonsecurity.com) 104

"After the massive 600gbps DDOS attack on KrebsOnSecurity.com that forced Akamai to withdraw their (pro-bono) DDOS protection, krebsonsecurity.com is now back online, hosted by Google," reports Slashdot reader Gumbercules!!.

"I am happy to report that the site is back up -- this time under Project Shield, a free program run by Google to help protect journalists from online censorship," Brian Krebs wrote today, adding "The economics of mitigating large-scale DDoS attacks do not bode well for protecting the individual user, to say nothing of independent journalists...anyone with an axe to grind and the willingness to learn a bit about the technology can become an instant, self-appointed global censor." [T]he Internet can't route around censorship when the censorship is all-pervasive and armed with, for all practical purposes, near-infinite reach and capacity. I call this rather unwelcome and hostile development the "The Democratization of Censorship...." [E]vents of the past week have convinced me that one of the fastest-growing censorship threats on the Internet today comes not from nation-states, but from super-empowered individuals who have been quietly building extremely potent cyber weapons with transnational reach...

Akamai and its sister company Prolexic have stood by me through countless attacks over the past four years. It just so happened that this last siege was nearly twice the size of the next-largest attack they had ever seen before. Once it became evident that the assault was beginning to cause problems for the company's paying customers, they explained that the choice to let my site go was a business decision, pure and simple... In an interview with The Boston Globe, Akamai executives said the attack -- if sustained -- likely would have cost the company millions of dollars.

One site told Krebs that Akamai-style protection would cost him $150,000 a year. "Ask yourself how many independent journalists could possibly afford that kind of protection money?" He suspects the attack was a botnet of enslaved IoT devices -- mainly cameras, DVRs, and routers -- but says the situation is exacerbated by the failure of many ISPs to implement the BCP38 security standard to filter spoofed traffic, "allowing systems on their networks to be leveraged in large-scale DDoS attacks... the biggest offenders will continue to fly under the radar of public attention unless and until more pressure is applied by hardware and software makers, as well as ISPs that are doing the right thing... What appears to be missing is any sense of urgency to address the DDoS threat on a coordinated, global scale."
Security

Street Fighter V Update Installed Hidden Rootkits on PCs (theregister.co.uk) 99

Capcom's latest update for Street Fighter V was installing a secret rootkit on PCs. An anonymous Slashdot reader quotes The Register: This means malicious software on the system can poke a dodgy driver installed by Street Fighter V to completely take over the Windows machine. Capcom claims it uses the driver to stop players from hacking...to cheat. Unfortunately, the code is so badly designed, it opens up a full-blown local backdoor... it switches off a crucial security defense in the operating system, then runs whatever instructions are given to it by the application, and then switches the protection back on
Friday Capcom tweeted "We are in the process of rolling back the security measures added to the PC version of Street Fighter V." This prompted one user to reply, "literal rootkits are the opposite of security measures."
Space

Cisco Blamed A Router Bug On 'Cosmic Radiation' (networkworld.com) 132

Network World's news editor contacted Slashdot with this report: A Cisco bug report addressing "partial data traffic loss" on the company's ASR 9000 Series routers contended that a "possible trigger is cosmic radiation causing SEU [single-event upset] soft errors." Not everyone is buying: "It IS possible for bits to be flipped in memory by stray background radiation. However it's mostly impossible to detect the reason as to WHERE or WHEN this happens," writes a Redditor identifying himself as a former [technical assistance center] engineer...
"While we can't speak to this particular case," Cisco wrote in a follow-up, "Cisco has conducted extensive research, dating back to 2001, on the effects cosmic radiation can have on our service provider networking hardware, system architectures and software designs. Despite being rare, as electronics operate at faster speeds and the density of silicon chips increases, it becomes more likely that a stray bit of energy could cause problems that affect the performance of a router or switch."

Friday a commenter claiming to be Xander Thuijs, Cisco's principal engineer on the ASR 9000 router, posted below the article, "apologies for the detail provided and the 'concept' of cosmic radiation. This is not the type of explanation I would like to see presented to the respected users of our products. We have made some updates to the DDTS [defect-tracking report] in question with a more substantial data and explanation. The issue is something that we can likely address with an FPD update on the 2x100 or 1x100G Typhoon-based linecard."
Security

Malware Evades Detection By Counting Word Documents (threatpost.com) 64

"Researchers have found a new strain of document-based macro malware that evades discovery by lying dormant when it detects a security researcher's test environment," reports Threatpost, The Kaspersky Lab security news service. Slashdot reader writes: Once a computer is compromised, the malware will count the number of Word documents stored on the local drive; if it's more than two, the malware executes. Otherwise, it figures it's landed in a virtual environment or is executing in a sandbox and stays dormant.

A typical test environment consists of a fresh Windows computer image loaded into a VM. The OS image usually lacks documents and other telltale signs of real world use [according to SentinelOne researcher Caleb Fenton]. If no Microsoft Word documents are found, the VBA macro's code execution terminates, shielding the malware from automated analysis and detection. Alternately, if more than two Word documents are found on the targeted system, the macro will download and install the malware payload.

Security

Hacker Who Aided ISIS Gets 20 Years In Prison (softpedia.com) 124

An anonymous reader quotes a report from Softpedia: Ardit Ferizi, aka Th3Dir3ctorY, 20, a citizen of Kosovo, will spend 20 years in a U.S. prison for providing material support to ISIS hackers by handing over data for 1,351 U.S. government employees. Ferizi obtained the data by hacking into a U.S. retail company on June 13, 2015. The hacker then filtered the stolen information and put aside records related to government officials, which he later handed over to Junaid Hussain, the then leader of the Islamic State Hacking Division (ISHD). Hussain then uploaded this information online, asking fellow ISIS members to seek out these individuals and execute lone wolf attacks. Because of this leak, the U.S. Army targeted and killed Hussain in a drone strike in Syria in August 2015. Before helping ISIS, Ferizi had a prodigious hacking career as the leader of Kosova Hacker's Security (KHS) hacking crew. He was arrested on October 6, 2015, at the international airport in Kuala Lumpur, Malaysia, while trying to catch a flight back to Kosovo. Ferizi was in Kuala Lumpur studying computer science.
Iphone

People Are Drilling Holes Into Their iPhone 7 To 'Make a Headphone Jack' (craveonline.com) 193

TechRax -- a popular YouTuber who destroys technology for fame and riches -- has uploaded a video where he drills a hole into an iPhone 7, claiming it to be a "secret hack" to reinstall a headphone jack in the device. The only problem is that he didn't tell people it was a joke, and of course, some people fell for it. Crave Online reports: The YouTube video has amassed over 7.5 million views since being posted online last week, with it attracting 81,000 dislikes in the process. The comments section is currently torn between people who are in on the joke, people who criticize TechRax for damaging his iPhone 7, and most unfortunately, people who have tried the "hack" out for themselves. Although this is YouTube so you can never be quite sure of whether or not these folks are trolling, parsing the comments section reveals some pretty convincing complaints lobbed in TechRax's direction. It's also firmly believable that there are people dumb enough to attempt drilling a hole into their iPhone 7, which is unfortunate but that's the way the world is in 2016. You can read the comments under the YouTube video for more "convincing complaints." But as if the report didn't make it clear enough already, the video is a joke. Apple removed the headphone jack and there's no way to get it back, unless you use an adapter.
United States

Probe Of Leaked US NSA Hacking Tools Examines Operative's Mistake (reuters.com) 56

Joseph Menn and John Walcott, reporting for Reuters: A U.S. investigation into a leak of hacking tools used by the National Security Agency is focusing on a theory that one of its operatives carelessly left them available on a remote computer and Russian hackers found them, four people with direct knowledge of the probe told Reuters. The tools, which enable hackers to exploit software flaws in computer and communications systems from vendors such as Cisco Systems and Fortinet Inc, were dumped onto public websites last month by a group calling itself Shadow Brokers. The public release of the tools coincided with U.S. officials saying they had concluded that Russia or its proxies were responsible for hacking political party organizations in the run-up to the Nov. 8 presidential election. On Thursday, lawmakers accused Russia of being responsible. Various explanations have been floated by officials in Washington as to how the tools were stolen. Some feared it was the work of a leaker similar to former agency contractor Edward Snowden, while others suspected the Russians might have hacked into NSA headquarters in Fort Meade, Maryland.
Earth

Computers Decipher Burnt Scroll Found In Ancient Holy Ark (nationalgeographic.com) 229

bsharma writes: Scientists have formally announced their reconstruction of the Ein Gedi Scroll, the most ancient Hebrew scroll since the Dead Sea Scrolls. This was done by CAT scanning the burnt scrolls and virtually reconstructing the layers of scrolls with ink blobs on them. National Geographic reports: "For decades, the Israel Antiquities Authority guarded the document, known as the Ein Gedi Scroll, careful not to open it for fear that the brittle text would shatter to pieces. But last year, scientists announced that they had scanned, virtually unrolled, and translated the scroll's hidden verses -- a feat now formally described in the scientific literature. Based on preliminary scans, [Brent Seales of the University of Kentucky, who specialized in digitally reconstructing damaged texts,] and his colleagues announced in 2015 that the Ein Gedi Scroll was a biblical text from the sixth century A.D. containing a column of text from the book of Leviticus. But the full CT scan results, published on Wednesday in Science Advances, tell a deeper story. Further analysis revealed an extra column of text, ultimately fleshing out the first two chapters of Leviticus -- ironically, a book that begins with God's instructions for burnt offerings. What's more, radiocarbon dating of the scroll suggests that it may be between 1,700 and 1,800 years old, at least 200 years older than previously thought. In fact, the scroll's distinctive handwriting hearkens back to the first or second century A.D., some five centuries earlier than the date ascribed to the scroll last year." University of Cambridge lecturer James Aitken told Smithsonian's Devin Powell in 2015: "There's little of surprise in finding a Leviticus scroll. We probably have many more copies of it than any other book, as its Hebrew style is so simple and repetitive that it was used for children's writing exercises."
Java

TypeScript 2.0 Released (arstechnica.com) 83

An anonymous reader quotes a report from Ars Technica: Since its introduction, TypeScript has included new features to improve performance, enhance JavaScript compatibility, and extend the range of error checking that the TypeScript compiler performs. TypeScript 2.0 introduces a big step forward here by giving developers greater control over null values. null, used to denote (in some broad, hand-waving sense) that a variable holds no value at all, has been called the billion dollar mistake. Time and time again, programs trip up by not properly checking to see if a variable is null, and for good or ill, every mainstream programming language continues to support the null concept. TypeScript 2.0 brings a range of new features, but the biggest is control over these null values. With TypeScript 2.0, programmers can opt into a new behavior that by default prevents values from being null. With this option enabled, variables by default will be required to have a value and can't be set to null accidentally. This in turn allows the compiler to find other errors such as variables that are never initialized.
IOS

19-Year-Old Jailbreaks iPhone 7 In 24 Hours (vice.com) 97

An anonymous reader writes: 19-year-old hacker qwertyoruiop, aka Luca Todesco, jailbroke the new iPhone 7 just 24 hours after he got it, in what's the first known iPhone 7 jailbreak. Todesco tweeted a screenshot of a terminal where he has "root," alongside the message: "This is a jailbroken iPhone 7." He even has video proof of the jailbreak. Motherboard reports: "He also said that he could definitely submit the vulnerabilities he found to Apple, since they fall under the newly launched bug bounty, but he hasn't decided whether to do that yet. The hacker told me that he needs to polish the exploits a bit more to make the jailbreak 'smoother,' and that he is also planning to make this jailbreak work through the Safari browser just like the famous 'jailbreakme.com,' which allowed anyone to jailbreak their iPhone 4 just by clicking on a link." Apple responded to the news by saying, "Apple strongly cautions against installing any software that hacks iOS."
Crime

Cops Are Raiding Homes of Innocent People Based Only On IP Addresses (fusion.net) 237

Kashmir Hill has a fascinating story today on what can go wrong when you solely rely on IP address in a crime investigation -- also highlighting how often police resort to IP addresses. In the story she follows a crime investigation that led police to raid a couple's house at 6am in the morning, because their IP address had been associated with the publication of child porn on notorious 4chan porn. The problem was, Hill writes: the couple -- David Robinson and Jan Bultmann -- weren't the ones who had uploaded the child porn. All they did was voluntarily use one of their old laptops as a Tor exit relay, a software used by activists, dissidents, privacy enthusiasts as well as criminals, so that people who want to stay anonymous when surfing the web could do so. Hill writes: Robinson and Bultmann had [...] specifically operated the riskiest node in the chain: the exit relay which provides the IP address ultimately associated with a user's activity. In this case, someone used Tor to make the porn post, and his or her traffic had been routed through the computer in Robinson and Bultmann's house. The couple wasn't pleased to have helped someone post child porn to the internet, but that's the thing about privacy-protective tools: They're going to be used for good and bad purposes, and to support one, you might have to support the other.Robinson added that he was a little let down because police didn't bother to look at the public list which details the IP addresses associated with Tor exit relays. Hill adds: The police asked Robinson to unlock one MacBook Air, and then seemed satisfied these weren't the criminals they were looking for and left. But months later, the case remains open with Robinson and Bultmann's names on police documents linking them to child pornography. "I haven't run an exit relay since. The police told me they'd be back if it happened again," Robinson said; he's still running a Tor node, just not the end point anymore. "I have to take the threat seriously because I don't want my wife or I to wake up with guns in our faces."Technologist Seth Schoen, and EFF Executive Director Cindy Cohn in a white paper aimed at courts and cops. "For many reasons, connecting an individual to a crime linked to an IP address, without any additional investigation, is irresponsible and threatens the civil liberties of innocent people."
Programming

W3C Set To Publish HTML 5.1, Work Already Started On HTML 5.2 (softpedia.com) 84

An anonymous reader quotes a report from Softpedia: Members of the World Wide Web Consortium (W3C) are getting ready to launch the HTML 5.1 specification and have already started work on the upcoming HTML 5.2 version since mid-August. The HTML 5.1 standard has been promoted from a "Release Candidate" to a "Proposed Recommendation," the last step before it becomes a "W3C Recommendation," and officially replaces HTML 5 as the current HTML standard. As a Proposed Recommendation, HTML 5.1 is practically locked against major changes, and outside small tweaks here and there, we are currently looking at a 99.99 percent version of the upcoming HTML 5.1 standard. The vote to promote HTML 5.1 from RC to PR was approved in unanimity, a clear sign that major browser makers have reached a general consensus on what the standard should look like, and what they should be implementing in their browsers in upcoming versions. You can read more on HTML 5.1 here, the changes and support table here, and the HTML 5.2 specification draft here.
GNOME

GNOME 3.22 Desktop Environment Officially Released (softpedia.com) 120

Reader prisoninmate writes: Today, September 21, is a big day for Linux users, especially those who love the GNOME desktop environment, as the next major release is now officially available. Yes, that's right, we're talking about GNOME 3.22, dubbed Karlsruhe after the German host city of the annual GUADEC (GNOME Users And Developers European Conference) event, which took place last month between August 12-14, 2016. Prominent features of the GNOME 3.22 desktop environment include batch rename functionality and support for integration of compressed files built directly into the Nautilus file manager, a new Week View, support for alarms, and the ability to drag and drop events to the GNOME Calendar, as well as an updated GNOME Music app that supports handling of music libraries with thousands of tracks. There are lots of improvements for the GNOME Games app as well, as it now offers support for numerous retro gaming consoles. Among other improvements, we can mention Flatpak integration, photo sharing, revamped GNOME Software app with support for firmware updates, redesigned keyboard settings and a brand new GNOME Control Center panel, and a redesigned dconf Editor. A video overview of the new features of GNOME 3.22 is available on the official website.
Security

Tesla Fixes Security Bugs After Claims of Model S Hack (reuters.com) 75

An anonymous reader quotes a report from Reuters: Tesla Motors Inc has rolled out a security patch for its electric cars after Chinese security researchers uncovered vulnerabilities they said allowed them to remotely attack a Tesla Model S sedan. The automaker said that it had patched the bugs in a statement to Reuters on Tuesday, a day after cybersecurity researchers with China'a Tencent Holdings Ltd disclosed their findings on their blog. Tesla said it was able to remedy the bugs uncovered by Tencent using an over-the-air fix to its vehicles, which saved customers the trouble of visiting dealers to obtain the update. Tencent's Keen Security Lab said on its blog that its researchers were able to remotely control some systems on the Tesla S in both driving and parking modes by exploiting the security bugs that were fixed by the automaker. The blog said that Tencent believed its researchers were the first to gain remote control of a Tesla vehicle by hacking into an onboard computer system known as a CAN bus. In a demonstration video, Tencent researchers remotely engaged the brake on a moving Tesla Model S, turned on its windshield wipers and opened the trunk. Tesla said it pushed out an over-the-air update to automatically update software on its vehicles within 10 days of learning about the bugs. It said the attack could only be triggered when a Tesla web browser was in use and the vehicle was close enough to a malicious Wi-Fi hotspot to connect to it. Slashdot reader weedjams adds some commentary: Does no one else think cars + computers + network connectivity = bad?
AI

MIT Scientists Use Radio Waves To Sense Human Emotions (cnn.com) 91

An anonymous reader quotes a report from CNNMoney: Researchers at the MIT Computer Science and Artificial Intelligence Laboratory have developed a device that uses radio waves to detect whether someone is happy, sad, angry or excited. The breakthrough makes it easier to accomplish what scientists have tried to do for years with machines: sense human emotions. The researchers believe tracking a person's feelings is a step toward improving their overall emotional well-being. The technology isn't invasive; it works in the background without a person having to do anything, like wearing a device. The device called EQ-Radio, which was detailed in a paper published online Tuesday, resembles a shoebox, as of now. It works by bouncing wireless signals off a person. These signals are impacted by motion, such as breathing and heartbeats. When the heart pumps blood, a force is exerted onto our bodies, and the skin vibrates ever so slightly. After the radio waves are impacted by these vibrations, they return to the device. A computer then analyzes the signals to identify changes in heartbeat and breathing. The researchers demonstrated their system detects emotions on par with an electrocardiogram (EKG), a common wearable device medical professionals use to monitor the human heart. The machine's analysis of the radio waves relies on artificial intelligence, which learns how various heartbeats indicate certain emotions. As a part of the testing, the machine bounced radio waves off actors who recreated a range of emotions. The more emotions the machine experienced, the better it identified what signals, such as a fast heartbeat, gave away their true feelings. By monitoring radio waves reflected off people who are happy, the machine is exposed to certain signs -- such as heart rate or a type of breathing -- associated with being in good spirits.
Security

College Student Got 15 Million Miles By Hacking United Airlines (fortune.com) 79

An anonymous reader quotes a report from Fortune: University of Georgia Tech student Ryan Pickren used to get in trouble for hacking websites -- in 2015, he hacked his college's master calendar and almost spent 15 years in prison. But now he's being rewarded for his skills. Pickren participated in United Airlines' Bug Bounty Program and earned 15 million United miles. At two cents a mile, that's about $300,000 worth. United's white hat hacking program invites computer experts to legally hack their systems, paying up to one million United miles to hackers who can reveal security flaws. At that rate, we can presume Pickren reported as many as 15 severe bugs. The only drawback to all those free miles? Taxes. Having earned $300,000 of taxable income from the Bug Bounty Program, Pickren could owe the Internal Revenue Service tens of thousands of dollars. He's not keeping all of the, though: Pickren donated five million miles to Georgia Tech. The ultimate thank-you for not pressing charges last year. In May, certified ethical hackers at Offensi.com identified a bug allowing remote code execution on one of United Airlines' sites and were rewarded with 1,000,000 Mileage Plus air miles. Instead of accepting the award themselves, they decided to distribute their air miles among three charities.
Mozilla

Firefox 49 Arrives With Improvements (venturebeat.com) 129

An anonymous reader writes: Mozilla today launched Firefox 49 for Windows, Mac, Linux, and Android. The new version includes expanded multi-process support, improvements to Reader Mode, and offline page viewing on Android. The built-in voice and video calling feature Firefox Hello, meanwhile, has been removed from the browser. First up, Firefox 49 brings two improvements to Reader Mode. You can now adjust the text (width and line spacing), fonts, and even change the theme from light to dark. There is also a new Narrate option that reads the content of the page aloud. Next is the Mozilla's crusade to enable multi-process support, a feature that has been in development for years as part of the Electrolysis project. With the release of Firefox 48, Mozilla enabled multi-process support for 1 percent of users, slowly ramping up to nearly half of the Firefox Release channel. Initial tests showed a 400 percent improvement in overall responsiveness.Mozilla says at least "half a billion people around the world" use its Firefox browser.
Government

US Regulators Issue Comprehensive Policy On Self-Driving Cars (vox.com) 239

An anonymous reader quotes a report from Vox: On Monday, [The U.S. Department of Transportation] released a surprisingly far-reaching "Federal Automated Vehicles Policy." The policy attempts to do all sorts of things -- we'll get into the details below -- but the overarching motivation is that DOT wants to accelerate the development and adoption of AVs. DOT views AVs as a safety technology that could reduce some of the 38,000 traffic fatalities a year in the U.S., 95 percent of which are caused by human error. It also sees AVs as an accessibility technology that could provide personal transportation to whole populations (disabled, elderly, etc.) who have lacked it. The policy comes in four buckets: What the vehicles need to do to be safe; What federal and state governments need to do; How DOT will use its existing regulatory tools; DOT may need brand new regulatory tools to deal with AVs. The "vehicle performance" section lays out a 15-point safety assessment, so that AV developers and manufacturers know the sorts of things that federal regulators will expect. It covers everything from cybersecurity to data collection to crash response. And then there are "ethical considerations." AVs will have to make life-or-death decisions. The second section addresses the division of responsibilities and authorities between the federal government and state governments, and suggests a model policy that states can adapt for their own use. The feds will retain their authority to set and enforce safety standards, communicate with the public about safety, and occasionally issue guidances about how to meet national standards. States will retain their authority to license human drivers and register cars, set and enforce traffic laws, and regulate vehicle insurance and liability. There are three broad ways that DOT communicates about standards with automakers: letters of interpretation, exemptions and rule-makings. It is promising to speed up all of them in regard to HAVs. DOT is considering a range of new authorities that may be necessary to properly regulate HAVs. The report adds that "DOT has officially abandoned the NHTSA's own levels-of-automation classification in favor of SAE's, which is preferred by the industry. Vox has neat graphic you can view here. President Obama also wrote a piece about self-driving cars in the Pittsburgh Post-Gazette: "In the seven-and-a-half years of my presidency, self-driving cars have gone from sci-fi fantasy to an emerging reality with the potential to transform the way we live..."

Slashdot Top Deals