Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Submission + - Inside the Plot To Kill the Open Technology Fund (vice.com)

Submitted by Anonymous Coward
An anonymous reader writes: OTF’s goal is to help oppressed communities across the globe by building the digital tools they need and offering training and support to use those tools. Its work has saved countless lives, and every single day millions of people use OTF-assisted tools to communicate and speak out without fear of arrest, retribution, or even death. The fund has helped dissidents raise their voices beyond China’s advanced censorship network, known as the Great Firewall; helped citizens in Cuba to access news from sources other than the state-sanctioned media; and supported independent journalists in Russia so they could work without fear of a backlash from the Kremlin. Closer to home, the tools that OTF has funded, including the encrypted messaging app Signal, have allowed Black Lives Matter protesters to organize demonstrations across the country more securely.

But now all of that is under threat, after Michael Pack, a Trump appointee and close ally of Steve Bannon, took control of USAGM in June. Pack has ousted the OTF’s leadership, removed its bipartisan board, and replaced it with Trump loyalists, including Bethany Kozma, an anti-transgender activist. One reason the OTF managed to gain the trust of technologists and activists around the world is because, as its name suggests, it invested largely in open-source technology. By definition, open-source software's source code is publicly available, meaning it can be studied, vetted, and in many cases contributed to by anyone in the world. This transparency makes it possible for experts to study code to see if it has, for example, backdoors or vulnerabilities that would allow for governments to compromise the software's security, potentially putting users at risk of being surveilled or identified. Now, groups linked to Pack and Bannon have been pressing for the funding of closed-source technology, which is antithetical to the OTF's work over the last eight years.

Submission + - New Mac Ransomware Is Even More Sinister Than It Appears (wired.com)

Submitted by Anonymous Coward
An anonymous reader writes: THE THREAT OF ransomware may seem ubiquitous, but there haven't been too many strains tailored specifically to infect Apple's Mac computers since the first full-fledged Mac ransomware surfaced only four years ago. So when Dinesh Devadoss, a malware researcher at the firm K7 Lab, published findings on Tuesday about a new example of Mac ransomware, that fact alone was significant. It turns out, though, that the malware, which researchers are now calling ThiefQuest, gets more interesting from there. In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or "second stage," attacks. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy.

Though ThiefQuest is packed with menacing features, it's unlikely to infect your Mac anytime soon unless you download pirated, unvetted software. Thomas Reed, director of Mac and mobile platforms at the security firm Malwarebytes, found that ThiefQuest is being distributed on torrent sites bundled with name-brand software, like the security application Little Snitch, DJ software Mixed In Key, and music production platform Ableton. K7's Devadoss notes that the malware itself is designed to look like a "Google Software Update program." So far, though, the researchers say that it doesn't seem to have a significant number of downloads, and no one has paid a ransom to the Bitcoin address the attackers provide. [...] Given that the malware is being distributed through torrents, seems to focus on stealing money, and still has some kinks, the researchers say it was likely created by criminal hackers rather than nation state spies looking to conduct espionage.

Submission + - Firefox 78.0 is out (and the ESR too) (theregister.com)

Submitted by williamyf
williamyf writes: FireFox 78.0 is out.

The Register reports:
" Among the most important user facing features is Protections Dashboard, a screen which shows trackers and scripts blocked, a link to the settings, a link to Firefox Monitor for checking your email address against known data breaches, and a button for password management."

There are also plenty of goodies for Developers.

Also, since this relase IS an ESR, it means that, if you stick with it, you get no changes (only security patches) for a year, and also the blessing (or curse) of having flash installed and functioning until about Aug/Sept 2021

Submission + - 7 Best Linux Distros for Security and Privacy in 2020 (linuxsecurity.com)

Submitted by b-dayyy
b-dayyy writes: Privacy and security are pressing concerns for all of us these days – not a day goes by that we aren’t bombarded with security news headlines about hacks, breaches and the increased storing and monitoring of sensitive personal information by governments and corporations.

Luckily, when it comes to security, Linux users are faring better than their Windows- or Mac- using counterparts. Linux offers inherent security advantages over proprietary operating systems due to the transparency of its open-source code and the constant, thorough review that this code undergoes by a vibrant global community. While transparent source code may at first seem like a privacy nightmare, it is actually the complete opposite. As a result of the “many eyes” that Linux has on its code at all times, security vulnerabilities are identified and remedied very rapidly. In contrast, with proprietary OSes like Windows or MacOS, source code is hidden from outsiders — in other words, users are dependent upon Microsoft or Apple to find, fix and disclose vulnerabilities. Linux is also a relatively unpopular target for malicious hackers due to its small user base.

While all Linux “distros” — or distributed versions of Linux software — are secure by design, certain distros go above and beyond when it comes to protecting users’ privacy and security. We’ve put together a list of our favorite exceptionally-secure Linux distros and spoken with some of their lead developers to find out first-hand what makes these distros so great. This article aims to help you evaluate your options and select the distro that best meets your individual needs.

Submission + - Detroit police chief admits to 96-percent facial recognition error rate (vice.com)

Submitted by shirappu
shirappu writes: In late June, a complaint was filed with the Detroit Police Department when a black man was wrongly arrested after investigators identified him through the use of facial recognition technology. During the investigation, the man was released because the police had no other evidence other than grainy surveillance footage.

Now, the Detroit Police Chief has admitted that their facial recognition technology almost always misidentifies people, saying, "If we would use the software only [to identify subjects], we would not solve the case 95-97 percent of the time. That’s if we relied totally on the software, which would be against our current policy If we were just to use the technology by itself, to identify someone, I would say 96 percent of the time it would misidentify."

As far back as December of 2019, it was revealed in research studies that modern facial recognition technology suffers from low accuracy rates with Asian and African-American faces (link: https://www.bbc.com/news/techn...). This is occurring among growing calls for increased oversight, and even tech companies such as IBM and Amazon putting a halt on the sale and use of facial recognition software (link: https://lionbridge.ai/articles...).

Submission + - Supreme Court Says Generic Domains Like Booking.com Can Be Trademarked (arstechnica.com)

Submitted by Anonymous Coward
An anonymous reader writes: The U.S. Patent and Trademark Office erred by finding the term booking.com was too generic for trademark protection, the Supreme Court ruled on Tuesday. Trademark law prohibits anyone from registering generic terms that describe a class of products or services. Anyone can start a store company called "The Wine Company," but they can't use trademark law to stop others from using the same name. When the online travel giant Bookings Holdings sought to trademark its booking.com domain name almost a decade ago, the U.S. Patent and Trademark Office concluded that the same rule applied.

Booking Holdings challenged this decision in court. The company pointed to survey data showing that consumers associated the phrase "booking.com" with a specific website as opposed to a generic term for travel websites. Both the trial and appeals courts sided with booking.com, finding that booking.com was sufficiently distinctive to merit its own trademark—even if the generic word "booking" couldn't be trademarked on its own. Trademark law declines to protect generic terms in an effort to promote competition. If a company could trademark a word like "booking" or "wine," it could interfere with competitors who want to accurately describe their products in the marketplace. That would give companies that trademark generic terms an unfair advantage.

But an opinion by Justice Ruth Bader Ginsburg (and joined by seven other justices) found that this wasn't a serious concern for dot-com trademarks. A company like Travelocity or Expedia might describe itself as "a booking website," but it would never describe itself as "a booking.com." Ginsburg notes that the rules of the domain-name system ensure that only one company can use a name like booking.com, so consumers are likely to understand that "booking.com" refers to a particular website—it's not a generic term for booking websites in general.

Submission + - Apple Mass Deleting Forum Posts About Defective MacBook Pro Part?

Submitted by Orrin Bloquy
Orrin Bloquy writes: 2016 and later MacBook Pros cover the mainboard's multipart unshielded flexible flat cable to the screen with a separate bezel ("logo baffle"), a strip of black glass as thin as a mobile phone screen protector, but not covering a solid surface like screen protectors do. Users on Apple's forums are reporting cracks, chips and total breakage on the logo baffle, often resulting in damage to the flat cable underneath causing vertical strips to permanently reverse color or black out, subsequently requiring replacement of the entire screen assembly.

While inexpensive plastic third-party replacement baffles are available online, the process of removing the original cracked glass baffle requires a heat gun and is itself capable of permanently damaging an intact screen cable if done incorrectly, as well as voiding your warranty and possibly any additional AppleCare service contracts.

As the number of reports grows, Apple's reaction to this has gone from deleting user images in forum posts on this topic to simply deleting forum posts about it where any photos have been posted. Google Image Search still has the site's numerous user posted images (archived copy here); but the threads the images link to all return the same error page.

In 2013, a GPU mount defect with the 2011 MBPs Apple denied knowledge of caused thousands of posts on discussions.apple.com and only the ones mentioning legal recourse such as a class action suit were deleted. Eventually a class action suit was mounted, and Apple was forced to repair these MBPs out of warranty (and refund people who'd paid for repairs) to settle. Is this forum purge a move by Apple to prevent users from organizing a second time?

Submission + - California City Bans Predictive Policing In US First (reuters.com)

Submitted by Anonymous Coward
An anonymous reader writes: As officials mull steps to tackle police brutality and racism, California’s Santa Cruz has become the first U.S. city to ban predictive policing, which digital rights experts said could spark similar moves across the country. “Understanding how predictive policing and facial recognition can be disportionately biased against people of color, we officially banned the use of these technologies in the city of Santa Cruz,” Mayor Justin Cummings said on Wednesday. His administration will work with the police to “help eliminate racism in policing”, the seaside city’s first male African-American mayor said on his Facebook page, following a vote on Tuesday evening.

Used by police across the United States for almost a decade, predictive policing relies on algorithms to interpret police records, analyzing arrest or parole data to send officers to target chronic offenders, or identifying places where crime may occur. But critics says it reinforces racist patterns of policing — low-income, ethnic minority neighbourhoods have historically been overpoliced so the data shows them as crime hotspots, leading to the deployment of more police to those areas.

Submission + - Supreme Court of Canada declares Uber Drivers are Employees

Submitted by Strider-
Strider- writes: In a decision released today, the Supreme Court of Canada has released a decision declaring that Uber drivers are Employees, rather than independent contractors. The case centered on an Uber Eats driver who was forced to accept new terms before completing a delivery, and the available arbitration was impractical. This decision paves the way for a large class-action lawsuit against Uber over working conditions and benefits.

Submission + - Facial Recognition Bill Would Ban Use By Federal Law Enforcement (nbcnews.com)

Submitted by Anonymous Coward
An anonymous reader writes: Sens. Ed Markey, D-Mass., and Jeff Merkley, D-Ore., introduced legislation Thursday that seeks to ban the use of facial recognition and other biometric surveillance technology by federal law enforcement agencies. The legislation would also make federal funding for state and local law enforcement contingent on the enactment of similar bans. The Facial Recognition and Biometric Technology Moratorium Act, is supported by Reps. Ayanna Pressley, D-Mass., and Pramila Jayapal, D-Wash. It comes at a time of intense scrutiny of policing and surveillance tools, and widespread protests after the killing of George Floyd in Minneapolis police custody in late May.

The bill would make it unlawful for any federal agency or official to “acquire, possess, access or use” biometric surveillance technology in the United States. It would also prohibit the use of federal funds to purchase such technology. The bill states that this type of surveillance technology could only be used if there was a federal law with a long list of provisions to ensure it was used with extreme caution. Any such federal law would need to stipulate standards for the use, access and retention of the data collected from biometric surveillance systems; standards for accuracy rates by gender, skin color and age; rigorous protections for due process, privacy, free speech, and racial, gender and religious equity; and mechanisms to ensure compliance with the act. It also stipulates that local or state governments would not be eligible to receive federal financial assistance under the Edward Byrne Memorial Justice Assistance Grant program, which funds police training, equipment and supplies, without complying with a similar law or policy.

Submission + - Nvidia Engineer releases Vulkan GPU driver after 2 years of development (tomshardware.com)

Submitted by frootcakeuk
frootcakeuk writes: Martin Thomas has just released his version of a Vulkan compatible (somewhat) GPU driver for Raspberry Pi 0,1,2 & 3. From Tom's Hardware: "Earlier this year, the Raspberry Pi Foundation hooked up with Igalia to start development on an open-sourced Vulkan graphics driver for the Raspberry Pi. However, Martin Thomas, an engineer at Nvidia, beat them to the punch.

Thomas announced yesterday via his personal Twitter that his RPi-VK-Driver is ready for primetime. The talented engineer had been working on the Vulkan driver in his spare time for more than two years.

Technically, Thomas' iteration isn't a Vulkan driver per se because it doesn't comply with the official standards established by The Khronos Group. Nonetheless, the resourceful developer produced a driver that adheres to the Vulkan parameters as much as possible, and as close as the hardware would permit it. There's just one limitation with the RPi-VK-Driver though. Unlike the official Vulkan driver that's still in the works, Thomas' version is only compatible with the Broadcom VideoCore IV GPU that's found inside the Raspberry Pi 1, 2, 3 and Zero devices."

Submission + - Black creators sue YouTube, alleging racial discrimination (washingtonpost.com)

Submitted by AmiMoJo
AmiMoJo writes: A group of black YouTube creators filed suit against the company this week, alleging that the platform has been systematically removing their content without explanation. The suit filed Tuesday cites a sworn declaration by another YouTube creator, Stephanie Frosch, who says YouTube officials told her in 2017 that the company’s content moderation algorithms do discriminate based on race.

After asking Frosch to sign a nondisclosure agreement, YouTube representatives told Frosch that the company’s algorithms categorize creators based on their race, among other characteristics, she wrote. That information is used “when filtering and curating content and restricting access to YouTube services,” she says she was told. “The result is that the algorithm discriminates based on the identity of the creator or its intended audience when making what are supposed to be neutral content based regulations and restrictions for videos that run on YouTube.”

Submission + - Controversial theory claims forests don't just make rain—they make wind (sciencemag.org)

Submitted by sciencehabit
sciencehabit writes: With their ability to soak up carbon dioxide and breathe out oxygen, the world’s great forests are often referred to as the planet’s lungs. But Anastassia Makarieva, a theorist at the Petersburg Nuclear Physics Institute in Russia, says they are its beating heart, too. They recycle vast amounts of moisture into the air and, in the process, also whip up winds that pump that water around the world. The first part of that idea—forests as rainmakers—originated with other scientists and is increasingly appreciated by water resource managers in a world of rampant deforestation. But the second part, a theory Makarieva calls the biotic pump, is far more controversial.

Submission + - Microsoft worked with Chinese military university on artificial intelligence (ft.com)

Submitted by schwit1
schwit1 writes: Microsoft has worked with a Chinese military-run university on artificial intelligence research that could be used for surveillance and censorship, a revelation that has sparked anger among China hawks on Capitol Hill.

Three papers, published between March and November last year, were co-written by academics at Microsoft Research Asia in Beijing and researchers with affiliations to Chinas National University of Defense Technology, which is controlled by Chinas top military body, the Central Military Commission.

One of the papers described a new AI method to recreate detailed environmental maps by analysing human faces, which experts say could have clear applications for surveillance and censorship.

The paper acknowledges the system provides a better understanding of the surrounding environment not viewed by the camera, which can have a variety of vision applications.

Samm Sacks, a senior fellow at the think-tank New America and a China tech policy expert, said the papers raised red flags because of the nature of the technology, the author affiliations, combined with what we know about how this technology is being deployed in China right now.

So Microsoft will work on AI & facial recognition tools with the Chinese military, but not US law enforcement?
KDE

KDE Plasma 5.19 Released (kde.org) 18

Posted by BeauHD from the new-and-improved dept.
jrepin writes: The KDE community has released Plasma 5.19, the popular free and open-source desktop environment. "In this release, we have prioritized making Plasma more consistent, correcting and unifying designs of widgets and desktop elements; worked on giving you more control over your desktop by adding configuration options to the System Settings; and improved usability, making Plasma and its components easier to use and an overall more pleasurable experience," reads the announcement. For a complete list of what's new, you can visit the Plasma 5.19 changelog.

Slashdot Top Deals

Real Users know your home telephone number.

Close