Forbes magazine tested four of the most popular handsets running Google's operating systems and Apple's iPhone to see how easy it'd be to break into them with a 3D-printed head. All of the Android handsets opened with the fake. Apple's phone, however, was impenetrable. From the report: For our tests, we used my own real-life head to register for facial recognition across five phones. An iPhone X and four Android devices: an LG G7 Linq, a Samsung S9, a Samsung Note 8 and a OnePlus 6. I then held up my fake head to the devices to see if the device would unlock. For all four Android phones, the spoof face was able to open the phone, though with differing degrees of ease. The iPhone X was the only one to never be fooled.

There were some disparities between the Android devices' security against the hack. For instance, when first turning on a brand new G7 Linq, LG actually warns the user against turning facial recognition on at all. No surprise then that, on initial testing, the 3D-printed head opened it straightaway. [...] The OnePlus 6 came with neither the warnings of the other Android phones nor the choice of slower but more secure recognition.

Netflix CEO Reed Hastings loves to identify sleep as the biggest competition of its service. "Sometimes employees at Netflix think, 'Oh my god, we're competing with FX, HBO, or Amazon, but think about it. If you didn't watch Netflix last night: What did you do? There's such a broad range of things that you did to relax and unwind, hang out, and connect -- and we compete with all of that," he once said. "You get a show or a movie you're really dying to watch, and you end up staying up late at night, so we actually compete with sleep," he added. Turns out, Hastings does not need to look that far for competition.

From a report: Despite Netflix and Amazon investing billions of dollars in producing original content, they are struggling to make inroads in emerging markets. YouTube, on the other hand, is growing rapidly, becoming a daily habit for even new internet users. In India, for instance, YouTube reaches 245 million unique users each month, or 85 percent of all internet users in the country, the company told VentureBeat. About 60 percent of all YouTube traffic in India comes from outside of its six major cities. [Globally, YouTube has 1.9 billion monthly active users.]

As consumption on YouTube grows, creators are also finding loyal audiences. In India alone, YouTube now has more than 600 channels with more than 1 million subscribers, up from 20 channels in 2016. Record label T-Series, which is fighting with PewDiePie for the title of most-subscribed YouTube channel, took 10 years to get to its first 10 million subscribers. In the last two years, it has grown to 60 million subscribers. Globally, YouTube says the number of channels with more than 1 million subscribers has grown by 75 percent this year.

Globally, YouTube told VentureBeat that 75 percent of the platform's watch time occurs on a mobile device. The average watch time for a mobile user is 60 minutes per day. Or in other words, this is the time a user could have spent watching Netflix. According to eMarketer's estimates, an average user would spend about 86 minutes per day watching digital videos on streaming services this year.

SwiftOnSecurity, regarding Microsoft's switch to Chromium as Windows's built-in rendering engine: This isn't about Chrome. This is about ElectronJS. Microsoft thinks EdgeHTML cannot get to drop-in feature-parity with Chromium to replace it in Electron apps, whose duplication is becoming a significant performance drain. They want to single-instance Electron with their own fork. Electron is a cancer murdering both macOS and Windows as it proliferates. Microsoft must offer a drop-in version with native optimizations to improve performance and resource utilization. This is the end of desktop applications. There's nowhere but JavaScript. John Gruber of DaringFireball: I don't share the depth of their pessimism regarding native apps, but Electron is without question a scourge. I think the Mac will prove more resilient than Windows, because the Mac is the platform that attracts people who care. But I worry. In some ways, the worst thing that ever happened to the Mac is that it got so much more popular a decade ago. In theory, that should have been nothing but good news for the platform -- more users means more attention from developers. The more Mac users there are, the more Mac apps we should see.

The problem is, the users who really care about good native apps -- users who know HIG violations when they see them, who care about performance, who care about Mac apps being right -- were mostly already on the Mac. A lot of newer Mac users either don't know or don't care about what makes for a good Mac app.

A new report (PDF) from the AINow Institute calls for the U.S. government to take general steps to improve the regulation of facial recognition technology amid much debate over the privacy implications. "The implementation of AI systems is expanding rapidly, without adequate governance, oversight, or accountability regimes," it says. The report suggests, for instance, extending the power of existing government bodies in order to regulate AI issues, including use of facial recognition: "Domains like health, education, criminal justice, and welfare all have their own histories, regulatory frameworks, and hazards." MIT Technology Review reports: It also calls for stronger consumer protections against misleading claims regarding AI; urges companies to waive trade-secret claims when the accountability of AI systems is at stake (when algorithms are being used to make critical decisions, for example); and asks that they govern themselves more responsibly when it comes to the use of AI. And the document suggests that the public should be warned when facial-recognition systems are being used to track them, and that they should have the right to reject the use of such technology.

The report also warns about the use of emotion tracking in face-scanning and voice detection systems. Tracking emotion this way is relatively unproven, yet it is being used in potentially discriminatory ways -- for example, to track the attention of students. "It's time to regulate facial recognition and affect recognition," says Kate Crawford, cofounder of AINow and one of the lead authors of the report. "Claiming to 'see' into people's interior states is neither scientific nor ethical."

DuckDuckGo, a privacy-focused search engine, offers a variety of useful features such as instant answers and bangs. The latter are particularly useful for people who want to use DuckDuckGo to search directly on other sites. Typing '!yt keyword', for instance, will do a direct search on YouTube, while '!w keyword' goes to Wikipedia. This library of bangs has been around for a long time and has grown to more than 10,000 over the years.

From a report: However, a few days ago, roughly 2,000 of these were removed. Interestingly, this included many bangs that link to torrent sites, such as The Pirate Bay, 1337x and RARBG. Similarly, bangs for OpenSubtitles, Sci-Hub and LibGen are gone too. Initially, it was unclear what had happened, but after people started asking questions on Reddit, DuckDuckGo staff explained that this was part of a larger cleanup operation. DuckDuckGo went through its bangs library and removed all non-working versions, as well as verbose ones that were not actively used. In addition, many pirate site bangs were deleted as these are no longer"permitted."

"Bangs had been neglected for some time, and there were tons of broken ones. As part of the bang clean-up, we also removed some that were pointing to primarily illegal content," DuckDuckGo staffer Tagawa explains. The search engine still indexes the sites in question but it feels that offering curated search shortcuts for these sites in their service might cause problems. "It may not seem like so at first blush, but it is very different legally if it is a bang vs. in the search results because the bangs are added to the product by us explicitly, and can be interpreted legally as an editorial decision that is actively facilitating that site and its content," the staff wrote.

Even as a furious debate broke out in China over gene-edited babies, some scientists in the US are also hoping to improve tomorrow's children. From a report: [...] Amid the condemnation, though, it was easy to lose track of what the key experts were saying. Technology to alter heredity is for real. It is improving very quickly, it has features that will make it safe, and much wider exploratory use to create children could be justified soon. That was the message delivered at a gene-editing summit in Hong Kong on Wednesday, by Harvard Medical School dean George Daley, just ahead of He's own dramatic appearance on the stage (see video starting at 1:15:30).

Astounding some listeners, the Harvard doctor and stem-cell researcher didn't condemn He but instead characterized the Chinese actions as a wrong turn on the right path (see video). "The fact that it is possible that the first instance of human germ-line editing came forward as a misstep should in no way lead us to stick our heads in the sand," Daley said. "It's time to ... start outlining what an actual pathway for clinical translation would be."

Major dark web drug suppliers have started to voluntarily ban the synthetic opioid fentanyl because it is too dangerous. "They are 'delisting' the high-strength painkiller, effectively classifying it alongside mass-casualty firearms and explosives as commodities that are considered too high-risk to trade," reports The Guardian. From the report: Vince O'Brien, one of the NCA's leads on drugs, told the Observer that dark web marketplace operators appeared to have made a commercial decision, because selling a drug that could lead to fatalities was more likely to prompt attention from police. It is the first known instance of these types of operators moving to effectively ban a drug.

O'Brien said: "If they've got people selling very high-risk commodities then it's going to increase the risk to them. There are marketplaces that will not accept listings for weapons and explosives -- those are the ones that will not accept listings for fentanyl. Clearly, law enforcement would prioritize the supply of weapons, explosives and fentanyl over, for example, class C drugs -- and that might well be why they do this. "There are also drug users on the dark web who say on forums that they don't think it's right that people are selling fentanyl because it is dangerous and kills a lot of people."

More than 45,000 Internet routers have been compromised by a newly discovered campaign that's designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers say. From a report: The new attack exploits routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445, content delivery network Akamai said in a blog post. As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. While Internet scans don't reveal precisely what happens to the connected devices once they're exposed, Akamai said the ports --which are instrumental for the spread of EternalBlue and its Linux cousin EternalRed -- provide a strong hint of the attackers' intentions.

The attacks are a new instance of a mass exploit the same researchers documented in April. They called it UPnProxy because it exploits Universal Plug and Play -- often abbreviated as UPnP -- to turn vulnerable routers into proxies that disguise the origins of spam, DDoSes, and botnets.

Amazon Web Services announced a slew of new or updated offerings at its cloud-computing conference in Las Vegas, seeking to maintain its lead in the market for internet-based computing. Following is a rundown.

Amazon Elastic Inference is a new service that lets customers attach GPU-powered inference acceleration to any Amazon EC2 instance and reduces deep learning costs by up to 75 percent. From a report: "What we see typically is that the average utilization of these P3 instances GPUs are about 10 to 30 percent, which is pretty wasteful with elastic inference. You don't have to waste all that costs and all that GPU," AWS chief executive Andy Jassy said onstage at the AWS re:Invent conference earlier today. "[Amazon Elastic Inference] is a pretty significant game changer in being able to run inference much more cost-effectively." While the majority of workloads in the cloud are Linux-based, Amazon Web Services (AWS) CEO Andy Jassy said he is well aware that Windows is still significant, and as a result his company launched a new fully managed Windows file system built on native Windows file servers. From a report: "What we were hoping to do was make this Windows file system work as part of EFS -- would have been much easier for us to layer on another file system ... because it's much easier if you're trying to build a business at scale," he explained. However, he said customers wanted a native Windows file system and they "weren't being flexible." "So we changed our approach," he continued. Inferentia is company's own dedicated machine learning chip. From a report: "Inferentia will be a very high-throughput, low-latency, sustained-performance very cost-effective processor," AWS CEO Andy Jassy explained during the announcement. Holger Mueller, an analyst with Constellation Research, says that while Amazon is far behind, this is a good step for them as companies try to differentiate their machine learning approaches in the future. Inferentia supports popular frameworks like INT8, FP16 and mixed precision. What's more, it supports multiple machine learning frameworks, including TensorFlow, Caffe2 and ONNX. TechCrunch writes about SageMaker Ground Truth: You can't build a good machine learning model without good training data. But building those training sets is hard, often manual work, that involves labeling thousand and thousands of images, for example. With SageMaker, AWS has been working on a service that makes building machine learning models a lot easier. But until today, that labeling task was still up to the user. Now, however, the company is launching SageMaker Ground Truth, a training set labeling service. Using Ground Truth, developers can point the service at the storage buckets that hold the data and allow the service to automatically label it. What's nifty here is that you can both set a confidence level for the fully automatic service or you can send the data to human laborers. GeekWire writes about the self-driving racing league and DeepRacer : Amazon Web Services chief and big sports fan Andy Jassy on Wednesday in Las Vegas unveiled a first-of-its-kind global autonomous racing league called AWS DeepRacer. The league features AWS DeepRacer, a 1/18th scale radio-controlled, self-driving four-wheel race car designed to help developers learn about reinforcement learning, a type of machine learning feature found in Amazon SageMaker. It features an Intel Atom processor; a 4-megapixel camera with 1080p resolution; multiple USB ports; and a 2-hour battery. And OutPosts: Starting next year, AWS will allow customers to order the same hardware that it uses to power its cloud services to run in their own data centers through a service called AWS Outposts. Building on its partnership with VMware, AWS Outposts will allow customers to enjoy a consistent set of hardware, software and services across their own servers and cloud servers, said AWS CEO Andy Jassy. Customers will have two options: they can run VMware Cloud on AWS on AWS Outposts, or they can run something called "AWS native" to enable this hybrid cloud setup. AWS will "deliver racks, install them, and then we'll do all the maintenance and repair on them," Jassy said.

How and why a 1,500-year-old game has conquered the internet. From a report: Two years ago, the world chess championship match drew about 10 million online viewers, while this year's competition between Magnus Carlsen and Fabio Caruana, currently underway in London, is expected to draw more attention yet. Worldwide, chess claims about 600 million fans, which makes it one of the most popular games or sports.

It is noteworthy that China, one of the two most important countries in the world, has decided to invest heavily in chess. This year Chinese teams won both the men's and women's divisions at the Chess Olympiad, a first. That would not have happened without the active support of the Chinese Communist Party. The U.S. is stepping up too, with the aid of chess patron Rex Sinquefield. In recent times America has placed three players in the world's top 10, including Caruana, currently No. 2.

It turns out that chess is oddly well-suited for a high-tech world. Chess does not make for gripping television, but the option of live viewing online, supplemented by computer analysis or personal commentary, has driven a renaissance of the game. For one thing, computer evaluations have made watching more intelligible. Even if you barely understand chess, you can quickly get a sense of the state of play with the frequently changing numerical evaluations ("+ 2.00," for instance, means white has a decisive advantage, whereas "0.00" signals an even position). You also can see, with each move, whether the player will choose what the computer finds best.

This year's report contains many of the same findings cited in the previous National Climate Assessment, published in 2014. From a report: More and more of the predicted impacts of global warming are now becoming a reality. For instance, the 2014 assessment forecast that coastal cities would see more flooding in the coming years as sea levels rose. That's no longer theoretical: Scientists have now documented a record number of "nuisance flooding" events during high tides in cities like Miami and Charleston, S.C.

"High tide flooding is now posing daily risks to businesses, neighborhoods, infrastructure, transportation, and ecosystems in the Southeast," the report says. As the oceans have warmed, disruptions in United States fisheries, long predicted, are now underway. In 2012, record ocean temperatures caused lobster catches in Maine to peak a month earlier than usual, and the distribution chain was unprepared.

Standing desks have become trendy in recent years -- so much so that they have been promoted by some health officials as well as some countries. Research, however, suggests that warnings about sitting at work are overblown, and that standing desks are overrated as a way to improve health. From a report: Dr. David Rempel, a professor of medicine at the University of California, San Francisco, who has written on this issue, said, "Well-meaning safety professionals and some office furniture manufacturers are pushing sit-stand workstations as a way of improving cardiovascular health -- but there is no scientific evidence to support this recommendation." Let's start with what we know about research on sitting, then explain why it can be misleading as it relates to work. A number of studies have found a significant association between prolonged sitting time over a 24-hour period and increased risk for cardiovascular disease. A 2015 study, for instance, followed more than 150,000 older adults -- all of whom were healthy at the start of the study -- for almost seven years on average. Researchers found that those who sat at least 12 hours a day had significantly higher mortality than those who sat for less than five hours per day.

For convenience and comfort, it's nice to have options if you have various aches and pains -- "Alternating standing and sitting while using a computer may be useful for some people with low back or neck pain," he said -- but people shouldn't be under the illusion that they're getting exercise. A 2012 study in JAMA Internal Medicine followed more than 220,000 people for 2.8 years on average and found similar results. Prolonged sitting over the course of a day was associated with increased all-cause mortality across sexes, ages and body mass index. So did a smaller but longer (8.6 years on average) study published in 2015 in the Journal of Physical Activity & Health. Another study from 2015, which followed more than 50,000 adults for more than three years, also found this relationship. But it found that context mattered. Prolonged sitting in certain situations -- including when people were at work -- did not have this same effect.

How did Choc, a quirky calligraphic typeface drawn by a French graphic designer in the 1950s, end up on storefronts everywhere? From a report: Stand just about anywhere on Broadway, or on Canal Street with its sprightly neon and overstuffed souvenir shops, or the long stretch of restaurants, hardware stores, pharmacies, bars, realtors, barber shops, groceries and auto shops that extends through Fifth Avenue in South Brooklyn, and you'll find a surplus of vibrant and overstated signage -- a cacophony of typography. Steven Heller, a co-chairman at the School of Visual Arts' M.F.A. program, sees it somewhat differently. "You say 'cacophony,'" he said. "I call it chaos." But amid all of this chaos there is the occasional beacon. Choc, for instance.

It's a typeface that draws the eye with its inherent contradictions. It seems to have been drawn improvisationally with a brush, and yet it's so hefty it looks like it could slip off a wall. It's both delicate and emphatic, a casual paradox, like a Nerf weapon. Choc is far from the most popular typeface on the storefronts of New York, but it can still be found everywhere and in every borough. It's strewn on fabric awnings and etched in frosted glass. It gleams in bright magenta or platinum lighting. It's used for beauty salons, Mexican restaurants, laundromats, bagel shops, numerous sushi bars. It may be distorted, stacked vertically, or shoehorned into a cluster of other typefaces. But even here Choc remains clear and articulate, its voice deep and friendly, its accent foreign, perhaps, yet endearing. You've already seen it, probably repeatedly, like a stranger you recognize from your morning commute.

The Google Assistant app on iOS has been updated to allow you to launch it on your iPhone by saying "Hey Siri, OK Google." As TechCrunch notes, you will need to open the app to set up a new Siri Shortcut for the Google Assistant in order for this to work. From the report: As the name suggests, Siri Shortcuts lets you record custom phrases to launch specific apps or features. By default, Google suggests the phrase "OK Google." You can choose something shorter, or "Hey Google," for instance. After setting that up, you can summon Siri and use this custom phrase to launch Google's app. You may need to unlock your iPhone or iPad to let iOS open the app. The Google Assistant app then automatically listens to your query. Again, you need to pause and wait for the app to appear before saying your query.

Charter has been using the argument that their First Amendment rights are being violated as it fights off state lawsuits for its poor service. "It recently tried to use the First Amendment card again in a legal battle with Byron Allen's Entertainment Studios Networks (ESN), which recently accused Charter of violating the Civil Rights Act of 1866 by refusing to carry TV channels run by the African-American-owned ESN," reports Techdirt. "While Charter tried to have the suit dismissed by claiming that the First Amendment prohibits such claims because an ISP enjoys 'editorial discretion,' the ruling by the U.S. Court of Appeals for the Ninth Circuit didn't agree." From the report: The court noted that while ISPs and cable companies do enjoy some First Amendment protection, it doesn't apply here, just like it didn't apply in the net neutrality fight: "As part of its defense, Charter had told the court that by choosing which channels to carry, the company was engaging in a form of editorial discretion protected by the First Amendment. Therefore, it said, the court would have to use a stricter standard to evaluate Entertainment Studios' claim of a legal violation -- a standard that might result in the claim being rejected. The Ninth Circuit said otherwise, saying that just because Charter engages in corporate speech when it selects which channels to carry does not 'automatically' require the court to use the tougher standard."

As a result, the court is letting the case move forward. For its part, ESN's discrimination complaint alleges that its complaint is based on more than just having its channel withheld from the company's cable lineup: "The opinion on Charter's motion to dismiss also marks a victory for the 25-year-old programming firm founded by comedian Byron Allen, which bought the Weather Channel in March and accused Charter executives in court of hurling racist insults at Allen and other black Americans in numerous encounters. In one alleged instance, Charter chief executive Tom Rutledge called Allen, who is black, 'boy' at an industry conference and advised him to change his behavior, according to court documents. In another alleged example, the court said, Charter's senior executive in charge of programming, Allan Singer, approached a group of black protesters outside Charter's offices to tell them to 'get off of welfare.'"

Be careful what you're downloading from Google Play. Especially if it's one of 13 apps posing as driving games created by one developer called Luiz Pinto. From a report: More than 560,000 have already been tricked into downloading the games, which include a mix of luxury car and truck simulation apps, as discovered by Android malware researcher Lukas Stefanko. Once installed on a user's Android device, the games don't actually work. Looking at the reviews on Google Play, users who downloaded them complained it was a virus. For instance, among the masses of one-star reviews for the Truck Cargo Simulator, one noted his device slowed down after it forced him to download an app that wasn't the game itself. Many simply called it a scam.

Despite vast increases in the time and money spent on research, progress is barely keeping pace with the past. What went wrong? An anonymous reader shares a report: Today, there are more scientists, more funding for science, and more scientific papers published than ever before. On the surface, this is encouraging. But for all this increase in effort, are we getting a proportional increase in our scientific understanding? Or are we investing vastly more merely to sustain (or even see a decline in) the rate of scientific progress? It's surprisingly difficult to measure scientific progress in meaningful ways. Part of the trouble is that it's hard to accurately evaluate how important any given scientific discovery is.

[...] With that in mind, we ran a survey asking scientists to compare Nobel prizewinning discoveries in their fields. We then used those rankings to determine how scientists think the quality of Nobel prizewinning discoveries has changed over the decades. As a sample survey question, we might ask a physicist which was a more important contribution to scientific understanding: the discovery of the neutron (the particle that makes up roughly half the ordinary matter in the universe) or the discovery of the cosmic microwave background radiation (the afterglow of the Big Bang). Think of the survey as a round-robin tournament, competitively matching discoveries against one another, with expert scientists judging which is better.

For the physics prize, we surveyed 93 physicists from the world's top academic physics departments (according to the Shanghai Rankings of World Universities), and they judged 1,370 pairs of discoveries. [...] The first decade has a poor showing. In that decade, the Nobel Committee was still figuring out exactly what the prize was for. There was, for instance, a prize for a better way of illuminating lighthouses and buoys at sea. That's good news if you're on a ship, but scored poorly with modern physicists. But by the 1910s the prizes were mostly awarded for things that accord with the modern conception of physics. A golden age of physics followed, from the 1910s through the 1930s. [...]

Our graph stops at the end of the 1980s. The reason is that, in recent years, the Nobel Committee has preferred to award prizes for work done in the 1980s and 1970s. In fact, just three discoveries made since 1990 have yet been awarded Nobel Prizes. This is too few to get a good quality estimate for the 1990s, and so we didn't survey those prizes. However, the paucity of prizes since 1990 is itself suggestive. The 1990s and 2000s have the dubious distinction of being the decades over which the Nobel Committee has most strongly preferred to skip back and award prizes for earlier work. Given that the 1980s and 1970s themselves don't look so good, that's bad news for physics.

"Think your vintage computer hardware is old?" writes long-time Slashdot reader corrosive_nf. "Ken Shirriff, Robert Garne, and their associates probably have you beat.

"The IBM 1401 was introduced in 1959, and these guys are keeping one alive in a computer museum... [T]he volunteers have to go digging through historical archives and do some detective work to figure out solutions to pretty much anything!" Many things that we take for granted are done very differently in old computers. For instance, the IBM 1401 uses 6-bit characters, not bytes. It used decimal memory addressing, not binary. It's also interesting how much people could accomplish with limited resources, running a Fortran compiler on the 1401 with just 8K of memory. Finally, working on the 1401 has given them a deeper understanding of how computers really work. It's not a black box; you can see the individual transistors that are performing operations and each ferrite core that stores a bit.
"It's a way of keeping history alive," says one of the volunteers at Silicon Valley's Computer History museum. "For museum visitors, seeing the IBM 1401 in operation gives them a feeling for what computers were like in the 1960s, the full experience of punching data onto cards and then seeing and hearing the system processing cards....

"So far, things are breaking slowly enough that we can keep up, so it's more of a challenge than an annoyance."

An anonymous reader quotes a report from Motherboard: Most modern browsers -- such as Chrome, Firefox, and Edge, and even browsers such as FuzzyFox and DeterFox (different, security-focused versions of Firefox) -- have vulnerabilities that allow hosts of malicious websites to extract hundreds to thousands of URLs in a user's web history, per new research from the University of California San Diego. What's worse, the vulnerabilities are built into the way they structure links, meaning that major structural changes will have to take place in these browsers in order to protect user privacy. The only browser that was immune to the attacks was Tor Browser, as the browser does not keep track of a user's internet history.

The vulnerabilities have to do with why, for instance, unclicked links appear blue while visited links appear violet: there's a different set of rules and style that apply to links depending on whether they've been visited or not. However, a bad actor building a web page can manipulate this faster loading time for visited links by "sniffing," or inferting your browsing history. In essence, sniffing is finding and exploiting proxies that reveal your web history. As outlined in the UC San Diego report, this sniffing could happen in a couple of ways: they could force the browser to reload multiple complex images or image transformations that differ based on whether you've visited a link or not, which would create drastic differences in the loading time for each. With this strategy, actors can test 60 sensitive URLs per second. Bad actors could exploit a "bytecode cache," which speeds up the loading time for revisiting a link that you've already visited. "By embedding a special script in a web page, the actor can test how long it takes for a web page to load and infer whether you've visited it or not," reports Motherboard. "Actors can probe 3,000 URLs per second with this method. When the vulnerability was reported to Google, the company marked the issue as "security-sensitive" but "low-priority."

As the saying goes, "There are three kinds of lies: lies, damned lies, and statistics." We know that's true because statisticians themselves just said so. From a report: A stunning report published in the Annals of Internal Medicine concludes that researchers often ask statisticians to make "inappropriate requests." And by "inappropriate," the authors aren't referring to accidental requests for incorrect statistical analyses; instead, they're referring to requests for unscrupulous data manipulation or even fraud. The authors surveyed 522 consulting biostatisticians and received sufficient responses from 390. Then, they constructed a table that ranks requests by level of inappropriateness. For instance, at the very top is "falsify the statistical significance to support a desired result," which is outright fraud. At the bottom is "do not show plot because it did not show as strong an effect as you had hoped," which is only slightly naughty.