Saturday, October 06, 2018

What you can and can’t say.
Bloomberg’s spy chip story reveals the murky world of national security reporting
Today’s bombshell Bloomberg story has the internet split: either the story is right, and reporters have uncovered one of the largest and jarring breaches of the U.S. tech industry by a foreign adversary… or it’s not, and a lot of people screwed up.
To recap, Chinese spies reportedly infiltrated the supply chain and installed tiny chips the size of a pencil tip on the motherboards built by Supermicro, which are used in data center servers across the U.S. tech industry — from Apple to Amazon. That chip can compromise data on the server, allowing China to spy on some of the world’s most wealthy and powerful companies.
Apple, Amazon and Supermicro — and the Chinese government — strenuously denied the allegations. Apple also released its own standalone statement later in the day, as did Supermicro. You don’t see that very often unless they think they have nothing to hide. You can — and should — read the statements for yourself.
Welcome to the murky world of national security reporting.




For my Security students. Gotta protect them cows!
DHS Warns of Threats to Precision Agriculture
Relying on various embedded and connected technologies to improve agricultural and livestock management, precise agriculture is exposed to vulnerabilities and cyber-threats, a new report from the United States Department of Homeland Security (DHS) warns.
Technologies used in precision agriculture “rely on remote sensing, global positioning systems, and communication systems to generate big data, data analytics, and machine learning,” the DHS report (PDF) says.
Cyber threats facing precision agriculture’s embedded and digital tools, however, are consistent with those other connected industries are exposed to as well.




For my Architecture students. (Podcast)
How Digital Tools Support Hyper-personalized Customer Experiences
Digital technologies are transforming every aspect of our lives – at home and at work – and how we interact with others. As customers, we are now empowered as never before. These technologies have put enormous power in our hands, and our expectations from companies are skyrocketing. What does this mean for businesses? Simply this: They need to keep the customer at the center of everything that they do and offer a superior experience. Customers will choose companies that offer them hyper-personalized and differentiated experiences, says Seeta Hariharan, general manager and group head at the digital software and solutions group at Tata Consultancy Services. In a conversation with Knowledge@Wharton, Hariharan explains why it is imperative that companies understand their customers’ needs and offer them the right products and services at the right time and in the right context.


(Related)
Facebook Messenger internally tests voice commands for chat, calls
Facebook Messenger could soon let you use your voice to dictate and send messages, initiate voice calls and create reminders.




Perspective. Not being a toddler, I missed this. Their audience is global.
Raised by YouTube
… Five years on, ChuChu TV is a fast-growing threat to traditional competitors, from Sesame Street to Disney to Nickelodeon. With all its decades of episodes, well-known characters, and worldwide brand recognition, Sesame Street has more than 5 billion views on YouTube. That’s impressive, but ChuChu has more than 19 billion. Sesame Street’s main feed has 4 million subscribers; the original ChuChu TV channel has 19 million—placing it among the top 25 most watched YouTube channels in the world, according to the social-media-tracking site Social Blade—and its subsidiary channels (primarily ChuChu TV Surprise Eggs Toys and ChuChu TV Español) have another 10 million.
According to ChuChu, its two largest markets are the United States and India, which together generate about one-third of its views.
… That kind of growth suggests that something unpredictable and wild is happening: America’s grip on children’s entertainment is coming to an end. ChuChu is but the largest of a new constellation of children’s-media brands on YouTube that is spread out across the world: Little Baby Bum in London, Animaccord Studios in Moscow, Videogyan in Bangalore, Billion Surprise Toys in Dubai, TuTiTu TV in Tel Aviv, and LooLoo Kids in Iași, a Romanian town near the country’s border with Moldova. The new children’s media look nothing like what we adults would have expected. They are exuberant, cheap, weird, and multicultural.




For my toolkit.
ytCropper - Share a Section of a YouTube Video
This week I answered an email from someone who had read my article 10 Tools for Teaching With YouTube Videos and wanted to know if there was a tool for sharing just a portion of a YouTube video. I used to recommend TubeChop but while that tool is still online it doesn't consistently work as it should. Now I recommend trying ytCropper.
ytCropper lets you share just a portion of a YouTube video by specifying the start time and end time of the video that you want others to see. To do this simply go to the ytCropper site then paste in the URL of the YouTube video that you want to share. Once you have done that you can specify the start and end time of the portion of the video that you want people to watch. ytCropper will generate a link to the cropped version of the video. Share that link to have people watch your specified portion of the video.


Friday, October 05, 2018

When will this add up to “too much?”
West Accuses Russian Spy Agency of Scores of Attacks
The West unleashed an onslaught of new evidence and indictments Thursday accusing Russian military spies of hacking so widespread that it seemed to target anyone, anywhere who investigates Moscow's involvement in an array of criminal activities — including doping, poisoning and the downing of a plane.
Russia defiantly denied the charges, neither humbled nor embarrassed by the exceptional revelations on one of the most high-tension days in East-West relations in years. Moscow lashed back with allegations that the Pentagon runs a clandestine U.S. biological weapons program involving toxic mosquitoes, ticks and more.
The nucleus of Thursday's drama was Russia's military intelligence agency known as the GRU, increasingly the embodiment of Russian meddling abroad.
In the last 24 hours: U.S. authorities charged seven officers from the GRU with hacking international agencies; British and Australian authorities accused the GRU of a devastating 2017 cyberattack on Ukraine, the email leaks that rocked the U.S. 2016 election and other damaging hacks; And Dutch officials alleged that GRU agents tried and failed to hack into the world's chemical weapons watchdog, the Organization for the Prohibition of Chemical Weapons.


(Related)
Canada Says it Was Targeted by Russian Cyber Attacks
Canada said Thursday it too was targeted by Russian cyber attacks, citing breaches at its center for ethics in sports and at the Montreal-based World Anti-Doping Agency, after allies blamed Moscow for some of the biggest hacking plots of recent years.
"The government of Canada assesses with high confidence that the Russian military's intelligence arm, the GRU, was responsible" for these cyber attacks, the foreign ministry said in a statement.




Will this solve everything?
Introducing the Internet Bill of Rights
Should American citizens get a new Bill of Rights for the internet?
… Six months ago, Ms. Pelosi charged Ro Khanna — the Democratic representative whose California district is home to Apple, Intel and Yahoo — with the creation of that list.
… Mr. Khanna’s List:

Set of Principles for an Internet Bill of Rights

The internet age and digital revolution have changed Americans’ way of life. As our lives and the U.S. economy are more tied to the internet, it is essential to provide Americans with basic protections online.
You should have the right:
(1) to have access to and knowledge of all collection and uses of personal data by companies;
(2) to opt-in consent to the collection of personal data by any party and to the sharing of personal data with a third party;
(3) where context appropriate and with a fair process, to obtain, correct or delete personal data controlled by any company and to have those requests honored by third parties;
(4) to have personal data secured and to be notified in a timely manner when a security breach or unauthorized access of personal data is discovered;
(5) to move all personal data from one network to the next;
(6) to access and use the internet without internet service providers blocking, throttling, engaging in paid prioritization or otherwise unfairly favoring content, applications, services or devices;
(7) to internet service without the collection of data that is unnecessary for providing the requested service absent opt-in consent;
(8) to have access to multiple viable, affordable internet platforms, services and providers with clear and transparent pricing;
(9) not to be unfairly discriminated against or exploited based on your personal data; and
(10) to have an entity that collects your personal data have reasonable business practices and accountability to protect your privacy.




Salesmen can talk school administrators into anything? Detection is not prevention.
Is School Surveillance Technology Worth It?
After Parkland, schools are installing gunshot-detection systems typically used in cities like Oakland and Chicago. But are they worth the expense?
… In the wake of the Parkland shooting, and Sandy Hook before that, school districts across the nation are spending hundreds of thousands to outfit campuses with high-tech surveillance, crisis response, and police technologies. Playgrounds are cordoned off by biometric locks requiring face and iris scans, parking lots are scanned and license plates are recorded, gunshot-detection devices are embedded in cafeterias, human police wear body cameras, and autonomous robots patrol hallways to detect weapons.




Inevitable? Do you need this? Is it likely to come down to “my body cam vs your body cam?”
iPhone Shortcut Automatically Records Police
iPhone users have created shortcuts that allow Apple’s flagship product to automatically record video, text a location to an emergency contact, and even stop police from entering the phone—just in case the iPhone owner has an interaction with a law enforcement officer.
Apple recently introduced “Shortcuts” to iOS 12, an app that allows iPhone owners to design their own automated commands for their phone.
According to Mic, Reddit user Robert Peterson created a trick using the virtual assistant, Siri, that lowers the phone’s brightness, turns on Do Not Disturb, texts the iPhone owner’s location to an emergency contact and lets them know you have been pulled over by police. The shortcut will also automatically start recording video and, when finished, the phone will send the video to the contact or save it to a cloud service.
The shortcut is available here, while another user created a workflow that automatically reboots the phone, rendering the fingerprint or face ID feature useless until a person enters a passcode.




Will they use Stinger or Javelin missiles?
Senate passes bill that lets the government destroy private drones
The wording comes from another bill, the Preventing Emerging Threats Act of 2018, which was strongly supported by the Department of Homeland Security and absorbed into the FAA Reauthorization Act. In June, as part of its argument as to why it needed more leeway when it comes to drones, the agency said that terrorist groups overseas "use commercially available [unmanned aircraft systems] to drop explosive payloads, deliver harmful substances and conduct illicit surveillance," and added that the devices are also used to transport drugs, interfere with law enforcement and expolit unsecured networks.
… The bill says that when a "credible threat" is posed by a drone to a "covered facility or asset," the federal government can "disrupt control" of that device, "seize or exercise control" of it, confiscate it or "use reasonable force, if necessary, to disable, damage or destroy the unmanned aircraft system." In the bill, "credible threat" is left undefined.




Because we don’t actually talk any longer? Instead of “Hello there!” now it’s “Scan my phone!”
Instagram’s Nametag feature makes it easier to follow people you meet IRL
Instagram is rolling out a new way to quickly follow people you’ve met in real life. Called Nametag, the feature works by showing your username on your phone in a format that allows it to be scanned by your soon-to-be follower. This tag can also be customized with additional designs, colors, and stickers.
Similar functionality is already available across other social media networks. Twitter, Facebook, and Snapchat users can generate QR codes for others to scan and quickly find accounts, while Spotify offers the same for music tracks.
… Alongside Nametag, Instagram is also testing a new bio field at some US universities, which will allow you to add your school, class year, and society memberships. Searching for this information will then show you a directory of everyone at that institution, making it easier to find and add classmates… and for Facebook to gather more information about you.




Perspective. The evolution of the scooter industry.
Bird unveils custom electric scooters and delivery
… Dubbed Bird Zero, the scooters have 60 percent more battery life, and better ride stability and durability than the original model. There’s also an integrated digital screen to display your speed.
… The name of the game, VanderZanden said, is to be as customer-obsessed as possible. That’s where Bird Delivery, launching soon, comes in. With Bird Delivery, riders can request a Bird be delivered to their home or office by 8 a.m. From there, the rider can use it throughout the day.


(Related) Easier to replace your car.
Google Assistant now helps you compare ride-hailing prices and summon a car
After announcing some updates to the Google Assistant user experience yesterday, today Google is rolling out a new way of booking rides with your voice — or at least getting most of the way there. Starting this week, you’ll be able to say “Hey Google, book a ride to” or “Hey Google, get me a taxi to” your destination.
Assistant will then respond by listing off price estimates and current wait times for Uber, Lyft, Ola, Grab, GO-JEK, “and many more” ride-hailing apps, according to Google.
… This works on Android, iPhone, Google Home, and all other smart speakers that have Assistant built in.




A tool for collecting the “Wit and Wisdom of Donald Trump?” Probably not.
Christian Howard · October 1, 2018 – Mining Twitter Data
“Hello again, everybody! I’m back this semester as a DH Prototyping Fellow, and together, Alyssa Collins and I are working on a project titled “Twitterature: Methods and Metadata.” Specifically, we’re hoping to develop a simple way of using Twitter data for literary research. The project is still in its early stages, but we’ve been collecting a lot of data and are now beginning to visualize it (I’m particularly interested in the geolocation of tweets, so I’m trying out a few mapping options). In this post, I want to layout our methods for collecting Twitter data.
Okay, Alyssa and I have been using a python based Twitter scraping script, which we modified to search Twitter without any time limitations (the official Twitter search function is limited to tweets of the past two weeks). So, to run the Twitter scraping script, I entered the following in my command line: python3 TwitterScraper.py. This command then prompted for the search term and the dates within which I wanted to run my search. For this post, I ran the search term #twitterature (and no, the python scraper has no problem handling hashtags as part of the search query!). After entering the necessary information, the command would create both a txt and a csv file with the results of my search…”
[From the article:
You can download the python scraper (TwitterScraper.py) from our GitHub page: github.com/CHoward345/Twitterature-Methods-and-Metadata. For the DocNow tools, visit: github.com/DocNow/twarc.




Maybe it’s just me and this has nothing to do with the White House.


Thursday, October 04, 2018

Should we trust Bloomberg? Perhaps this is Fake news? Would Apple and Amazon deny this because of some potential negative trust issues?
Chinese spies reportedly inserted microchips into servers used by Apple, Amazon, and others
Chinese spies have infiltrated the supply chain for servers used by nearly 30 US companies, including government contractors, Apple, and Amazon, according to an explosive report from Bloomberg Businessweek.
The operation is perhaps the most audacious example of hardware hacking by a nation state ever publicly reported, with a branch of China’s armed forces reportedly forcing Chinese manufacturers to insert microchips into US-designed servers.
… Both Amazon and Apple strongly refute the story. Amazon says it is “untrue” that it knew of “servers containing malicious chips or modifications in data centers based in China,” or that it “worked with the FBI to investigate or provide data about malicious hardware.” Apple is equally definitive, telling Bloomberg: “On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.”




New election, same old problems? Does Titter believe they have solved this problem or are they simply not interested?
Most Twitter Accounts Linked To 2016 Disinformation Are Still Active, Report Finds: NPR
… Most of the Twitter accounts that spread disinformation during the 2016 presidential campaign remain active now, according to an ambitious new study released on Thursday.
… "The persistence of so many easily identified abusive accounts is difficult to square with any effective crackdown," write authors Matthew Hindman of George Washington University and Vlad Barash of the social media analysis company Graphika.
Disinformation networks continue pumping out false posts at an incredible rate: in a typical day they publish more than a million tweets, the authors found.
These disinformation campaigns are largely automated. In the ecosystem of Twitter accounts pumping out false information and linking to conspiracy websites, "the true proportion of automated accounts may have exceeded 70 percent," the authors write.


(Related) Another backgrounder for my students.
Why Fake News Campaigns Are So Effective
In this opinion piece, Eric K. Clemons, a Wharton professor of operations, information and decisions, looks under the hood of fake news campaigns to explain how we have become so vulnerable to them.
… As Kara Swisher has noted, Facebook was not hacked in the 2016 Elections or the Brexit Referendum. Facebook was designed from the beginning to be used exactly as Russian hackers and others have used it.
We need a policy for minimizing the damage from the abuse of social media. Facebook will not design such a policy quickly, because any changes that minimize the impact of fake news will directly reduce Facebook revenues; enabling fake news is profitable for Facebook.




A backgrounder on Privacy.
Why Data Privacy Based on Consent Is Impossible
… Even if you tried to create totally transparent consent, you couldn’t. Well-meaning companies don’t know everything that happens with the data they collect, particularly those that have succumbed, against their better judgment, to the pressures of online tracking and behavioral targeting. They don’t know where the data is going or how it will be utilized. It’s an ever-changing landscape. On the one hand, requiring consent for every use isn’t reasonable and may prevent as many good outcomes as bad ones.




In my classrooms, T-Mobile users did not get the Alert. Other T-Mobile users did.
Didn't get presidential alert? What to do now; FEMA explanation
If you didn't get today's presidential alert, you can help FEMA figure out why by emailing FEMA-National-Test@fema.dhs.gov. Quartz reports you should include your cell phone provider, model, carrier and whether you were indoors or outdoors, stationary or moving, and in a rural or urban setting.
… if a user is on a call, or with an active data session open on their phone, they might not have received the message."
… Some AT&T, Verizon and T-Mobile users are reporting they didn't receive the message despite being on a compatible phone and near a cell phone tower.


Wednesday, October 03, 2018

Let’s think this through, people.
Apple opposing Australian encryption law which could set precedent for US
Apple is one of four tech giants to come out in opposition to a proposed new law in Australia which would force companies to provide access to encrypted user data. The fear is that, if the law is allowed to pass, it could set a precedent which other countries are likely to follow – with the USA high up the list of likely candidates to effectively ban strong encryption …
… Apple is able to provide access to iCloud backups, as these don’t currently use end-to-end encryption, but not to Messages and FaceTime conversations, which do. The only means Apple would have to comply in those cases would be to switch off end-to-end encryption.
… Seen as test case as other nations explore similar laws, Facebook, Alphabet, Apple and Amazon will jointly lobby lawmakers to amend the bill ahead of a parliamentary vote expected in a few weeks.




Something to sign up for?
Beta version of Google search engine for fact checks
Poynter: “Google wants to make it easier for people to find fact checks. To do that, the company is building another version of what it’s most known for: a search engine. On Tuesday, the Google News Initiative launched the beta version of a tool that’s specifically for fact-checking content. The feature, which the company has been working on for months, uses the same signals as other Google products, such as Google News, to surface work from fact-checkers like Snopes and (Poynter-owned) PolitiFact. “The goal here is to have fact-checking journalists have an easier job of locating all the work that fact-checkers have done on a specific topic,” said Cong Yu, a research scientist at Google. “For users, it’s if you want to know more about a certain topic.” The product alpha launched about six months ago, when fact-checking organizations started using it and giving Google feedback. Full Fact, a fact-checking charity based in the United Kingdom, was one of those organizations. While she didn’t test the fact-checking search engine directly, Mevan Babakar, Full Fact’s head of automated fact-checking, told Poynter in an email that, while the tool could be useful for collecting fact checks, it could also have unintended consequences…”




Perspective. Qualifications don’t matter, so put the CEO’s daughter (age 4) on the board?
These Tech Companies Will Need More Women on Their Boards
… California governor Jerry Brown signed the measure, known as SB 826, into law on Sunday.
… The law, sponsored by state senator Hannah-Beth Jackson, requires all publicly traded companies based in California to have at least one woman on their board by the end of 2019. By the end of 2021, all boards must have two women, and boards with six or more members must have three women.


Tuesday, October 02, 2018

We call this ‘low hanging fruit.’
Gigantic 100,000-strong botnet used to hijack traffic meant for Brazilian banks
Over 100,000 routers have had their DNS settings modified to redirect users to phishing pages. The redirection occurs only when users are trying to access e-banking pages for Brazilian banks.
Around 88% of these routers are located in Brazil, and the campaign has been raging since at least mid-August when security firm Radware first spotted something strange.
… According to Netlab experts, the hackers are scanning the Brazilian IP space for routers that use weak or no passwords, accessing the routers' settings, and replacing legitimate DNS settings with the IPs of DNS servers under their control.
This change redirects all DNS queries that pass through the compromised routers to the malicious DNS servers, which respond with incorrect info for a list of 52 sites.
Most of these sites are Brazilian banks and web hosting services, and the redirection leads back to a phishing page that steals victims' credentials for these sites.




Can you tell age by looking at a face?
Honour of Kings uses facial recognition to check ages
One of China's most popular video games is testing the use of facial recognition to check users' ages.
Honour of Kings' publisher Tencent announced the move at the weekend.
It said the trial would initially be limited to "thousands" of new players based in Beijing and Shenzhen.
The title has been criticised in local media over claims children have become addicted to it.
… Under pressure from local regulators, Tencent introduced restrictions in July 2017 to limit under-12s to one hour of gameplay a day and 13- to 18-year-olds to a maximum of two hours.




“Welcome to New Zealand! Please leave your Privacy here at the border.”
Travellers refusing digital search now face $5000 Customs fine
The Customs and Excise Act 2018 - which comes into effect today - sets guidelines around how Customs can carry out "digital strip-searches".
Previously, Customs could stop anyone at the border and demand to see their electronic devices. However, the law did not specify that people had to also provide a password.
The updated law makes clear that travellers must provide access - whether that be a password, pin-code or fingerprint - but officials would need to have a reasonable suspicion of wrongdoing.
… Council for Civil Liberties spokesperson Thomas Beagle said the law was an unjustified invasion of privacy.
"Nowadays we've got everything on our phones; we've got all our personal life, all our doctors' records, our emails, absolutely everything on it, and customs can take that and keep it."
The new requirement for reasonable suspicion did not rein in the law at all, Mr Beagle said.
"They don't have to tell you what the cause of that suspicion is, there's no way to challenge it."
Customs Minister Kris Faafoi said the power to search electronic devices was necessary.
"A lot of the organised crime groups are becoming a lot more sophisticated in the ways they're trying to get things across the border.” [Why would anyone carry digital ‘things’ across the border rather than send them over the Internet? Bob]




Suppose the Bot won’t cooperate?
Can't spot the bot? In California, automated accounts have to reveal themselves
California Gov. Jerry Brown [...] signed another bill that drew less attention — a new law that bans automated accounts, more commonly known as bots, from pretending to be real people in pursuit of selling products or influencing elections. Automated accounts can still interact with Californians, according to the law, but they will need to disclose that they are bots.
… Twitter may try to identify bots and label them as such.
Bots are also not limited to social media. Google caught the attention of the tech industry in May when it rolled out Google Duplex, a new voice assistant that could talk over the phone with humans to schedule appointments or make restaurant reservations — complete with "ums," "ahs" and pauses just like a human.
The demonstration sparked a discussion around the ethical issues of having people unknowingly interact with bots.




A backgrounder.
Locating Personal Data and Tracking Privacy Rights: An Interview with Dimitri Sirota
One of the biggest challenges for organizations is locating all the personal data they have. This task must be done, however, to comply with the General Data Protection Regulation (GDPR) and other privacy laws. Moreover, the GDPR and the new California Consumer Privacy Act provide that individuals have rights regarding their data. These rights often require that organizations must keep records of individual privacy preferences regarding their data.




Unethical, unless your employer asks you to do it and finds a way to compensate you.
The Coders Programming Themselves Out of a Job
When workers automate their own duties, who should reap the benefits?
In 2016, an anonymous confession appeared on Reddit: “From around six years ago up until now, I have done nothing at work.” As far as office confessions go, that might seem pretty tepid. But this coder, posting as FiletOFish1066, said he worked for a well-known tech company, and he really meant nothing. He wrote that within eight months of arriving on the quality assurance job, he had fully automated his entire workload. “I am not joking. For 40 hours each week, I go to work, play League of Legends in my office, browse Reddit, and do whatever I feel like. In the past six years, I have maybe done 50 hours of real work.” When his bosses realized that he’d worked less in half a decade than most Silicon Valley programmers do in a week, they fired him.




Reminder!
What you need to know about FEMA's 'Presidential Alert' emergency alert system test on Wednesday
… The U.S. Federal Emergency Management Agency (FEMA), in coordination with the Federal Communications Commission (FCC), will conduct a nationwide test of the Emergency Alert System (EAS) and Wireless Emergency Alert (WEA) system on Wednesday, Oct. 3, 2018.
The WEA test message will begin being sent at 2:18 p.m. EDT. The EAS message will be sent at 2:20 p.m. EDT.
… The WEA test message will have a header that reads:
"Presidential Alert" and text that says: “THIS IS A TEST of the National Wireless Emergency Alert System. No action is needed.”


(Related) It might even work. (This is why we test.)
FEMA, Vail test Presidential Alert system for emergencies
… Officials in Vail conducted a local test of the system in May, one of a handful of locations to do so
… The test showed that not everyone in the designated area received the text. Kirkland was standing in the communications center in the middle of Vail when the message was sent. The phones of the people around her started to buzz and emit a loud blare.
“Everyone around me got the text, but I didn’t,” she said.
Others in town also didn’t get the message, she said, but the agency couldn’t determine why.
… Other recipients heard the tone but did not get the text, according to a survey conducted by Vail Public Safety Communications after the test. A number of people outside of the test area also received the messages.




Is it me or does the robot install the drywall with the face against the wall? (Look about 10 seconds into the video)
Humanoid construction robot installs drywall by itself


Monday, October 01, 2018

This will only grow worse.
Facebook’s stunning disclosure of a massive hack on Friday in which attackers gained access tokens to at least 50 million accounts—bypassing security measures and potentially giving them full control of both profiles and linked apps—has already stirred the threat of a $1.63 billion dollar fine in the European Union, according to the Wall Street Journal.
… Facebook has not said whether the attackers attempted to extract data from the affected profiles, but vice president of product management Guy Rosen told reporters they had attempted to harvest private information from Facebook’s systems, according to the New York Times. Rosen also said Facebook was unable to determine the extent to which third-party apps could have been compromised.
It remains unclear whether the attackers could have gained access to the most sensitive information stored on the network like direct messages. Facebook has said the attack was highly sophisticated, their response is in its early stages, and they may never know who was behind it.




Is a face not a face when it is used as a key? It’s hard to encrypt a face.
Feds Force Suspect To Unlock An Apple iPhone X With Their Face
It finally happened. The feds forced an Apple iPhone X owner to unlock their device with their face.
A child abuse investigation unearthed by Forbes includes the first known case in which law enforcement used Apple Face ID facial recognition technology to open a suspect's iPhone. That's by any police agency anywhere in the world, not just in America.
It happened on August 10, when the FBI searched the house of 28-year-old Grant Michalski, a Columbus, Ohio, resident who would later that month be charged with receiving and possessing child pornography. With a search warrant in hand, a federal investigator told Michalski to put his face in front of the phone, which he duly did. That allowed the agent to pick through the suspect's online chats, photos and whatever else he deemed worthy of investigation.
… "Traditionally, using a person's face as evidence or to obtain evidence would be considered lawful," said Jerome Greco, staff attorney at the Legal Aid Society. "But never before have we had so many people's own faces be the key to unlock so much of their private information."
… In modern iPhones, to hook the cellphone up to a computer and transfer files or data between the two, the passcode is required if the device has been locked for an hour or more. And forensic technologies, which can draw out far more information at speed than can be done manually, need the iPhone to connect to a computer.
It appears Knight didn't keep the device open long enough and so couldn't start pulling out data with forensic kits. He admitted he wasn't able to get all the information he wanted, including app use and deleted files. What Knight did get he documented by taking pictures.
But he wasn't to be frustrated entirely. In another revelation in the court filings, Knight noted he'd learned both the Columbus Police Department and the Ohio Bureau of Investigation had access to "technological devices that are capable of obtaining forensic extractions from locked iPhones without the passcode." The only two companies known to have provided such services this year are Cellebrite and Grayshift.
… the cops were now using boiler plate language in warrants to allow them to access iPhones via Face ID. "Law seems to be developing to permit this tactic," Nolder added.
31. The passcode or password that would unlock any device(s) utilizing biometric security features that may be found during the search of the SUBJECT PREMISES is not known to law enforcement. Thus, it will likely be necessary to press the finger(s) of the user(s) of any biometrically secured device(s) found during the search of the SUBJECT PREMISES to the device(s) fingerprint sensor, or to present the user’s face to the device’s camera, in an attempt to unlock the device for the purpose of executing the search authorized by this warrant. Attempting to unlock the relevant device(s) with the use of the fingerprints or face of the user(s) is necessary because the government may not otherwise be able to access the data contained on those devices for the purpose of executing the search authorized by this warrant.
… In previous rulings, suspects have been allowed to decline to hand over passcodes, because the forfeiture of such knowledge would amount to self-incrimination. But because the body hasn't been deemed a piece of knowledge, the same rulings haven't been applied to biometric information, like fingerprints or face scans. That's despite the fact that the use of passcodes, fingerprints and faces on an iPhone has the same effect in each case: unlocking the device.




For my Architecture students.
In the spirit of becoming more adaptive, organizations have rushed to implement Agile software development. But many have done so in a way that actually makes them less agile. These companies have become agile in name only, as the process they’ve put in place often ends up hurting engineering motivation and productivity.




Perspective.
Internet, social media use and device ownership in U.S. have plateaued after years of growth
The use of digital technology has had a long stretch of rapid growth in the United States, but the share of Americans who go online, use social media or own key devices has remained stable the past two years, according to a new analysis of Pew Research Center data.
… A contributing factor behind this slowing growth is that parts of the population have reached near-saturation levels of adoption of some technologies. Put simply, in some instances there just aren’t many non-users left.




I have to assume everyone has noticed this trend. Cute word for it.
An Initial Exploration of the Diminishing Role of Facts and Analysis in American Public Life
Rand: Truth Decay – An Initial Exploration of the Diminishing Role of Facts and Analysis in American Public Life: Over the past two decades, national political and civil discourse in the United States has been characterized by “Truth Decay,” defined as a set of four interrelated trends: an increasing disagreement about facts and analytical interpretations of facts and data; a blurring of the line between opinion and fact; an increase in the relative volume, and resulting influence, of opinion and personal experience over fact; and lowered trust in formerly respected sources of factual information. These trends have many causes, but this report focuses on four: characteristics of human cognitive processing, such as cognitive bias; changes in the information system, including social media and the 24-hour news cycle; competing demands on the education system that diminish time spent on media literacy and critical thinking; and polarization, both political and demographic. The most damaging consequences of Truth Decay include the erosion of civil discourse, political paralysis, alienation and disengagement of individuals from political and civic institutions, and uncertainty over national policy. This report explores the causes and consequences of Truth Decay and how they are interrelated, and examines past eras of U.S. history to identify evidence of Truth Decay’s four trends and observe similarities with and differences from the current period. It also outlines a research agenda, a strategy for investigating the causes of Truth Decay and determining what can be done to address its causes and consequences.”




Some examples for my students.
What Is Deep Learning AI? A Simple Guide With 8 Practical Examples

Sunday, September 30, 2018

Imagine that! Twitter can get you in trouble!
One tweet cost Elon Musk his chairman job at Tesla and led to a $40M fine
Tesla co-founder and CEO Elon Musk has settled a lawsuit filed by the United States Securities and Exchange Commission (SEC). Though he admitted no wrong-doing, the billionaire agreed to pay a $20 million fine and step down as the company’s chairman for a three-year period for using his personal Twitter account to announce he had the funding secured to take Tesla private. The California-based automaker also agreed to make leadership reforms and pay a $20 million fine for not vetting the information Musk writes on Twitter.




A wise friend once told me, “The fastest way to riches is to invent a new sin!” Does this qualify?
Construction of "Robot brothel' in Houston must clear city hurdle
The City of Houston ordered a Canadian company called KinkySDollS to stop the construction of a so-called robot brothel for not having the appropriate permit.
… To continue construction, the KinkySDollS company will have to first "apply for a demolition permit and submit plans," said a spokesperson from the mayor's office.
KinkySDollS is a firm from Toronto that opened the first robot brothel in North America in an industrial area in the North York neighborhood.
… The concept of the KinkySDollS adult business is similar to a showroom where human-like dolls are erotically displayed and can be rented to be used in private rooms at the location by the hour or half hour. The dolls are made of synthetic skin materials with highly articulated skeletons.