AI

Did Google's Duplex Testing Break the Law? (daringfireball.net) 31

An anonymous reader writes: Tech blogger John Gruber appears to have successfully identified one of the restaurants mentioned in a post on Google's AI blog that bragged about "a meal booked through a call from Duplex." Mashable then asked a restaurant employee there if Google had let him know in advance that they'd be receiving a call from their non-human personal assistant AI. "No, of course no," he replied. And "When I asked him to confirm one more time that Duplex had called...he appeared to get nervous and immediately said he needed to go. He then hung up the phone."

John Gruber now asks: "How many real-world businesses has Google Duplex been calling and not identifying itself as an AI, leaving people to think they're actually speaking to another human...? And if 'Victor' is correct that Hong's Gourmet had no advance knowledge of the call, Google may have violated California law by recording the call." Friday he added that "This wouldn't send anyone to prison, but it would be a bit of an embarrassment, and would reinforce the notion that Google has a cavalier stance on privacy (and adhering to privacy laws)."

The Mercury News also reports that legal experts "raised questions about how Google's possible need to record Duplex's phone conversations to improve its artificial intelligence may come in conflict with California's strict two-party consent law, where all parties involved in a private phone conversation need to agree to being recorded."

For another perspective, Gizmodo's senior reviews editor reminds readers that "pretty much all tech demos are fake as hell." Speaking of Google's controversial Duplex demo, she writes that "If it didn't happen, if it is all a lie, well then I'll be totally disappointed. But I can't say I'll be surprised."
Privacy

Repo Men Scan Billions of License Plates -- For the Government (washingtonpost.com) 129

The Washington Post notes the billions of license plate scans coming from modern repo men "able to use big data to find targets" -- including one who drives "a beat-up Ford Crown Victoria sedan." It had four small cameras mounted on the trunk and a laptop bolted to the dash. The high-speed cameras captured every passing license plate. The computer contained a growing list of hundreds of thousands of vehicles with seriously late loans. The system could spot a repossession in an instant. Even better, it could keep tabs on a car long before the loan went bad... Repo agents are the unpopular foot soldiers in the nation's $1.2 trillion auto loan market... they are the closest most people come to a faceless, sophisticated financial system that can upend their lives...

Derek Lewis works for Relentless Recovery, the largest repo company in Ohio and its busiest collector of license plate scans. Last year, the company repossessed more than 25,500 vehicles -- including tractor trailers and riding lawn mowers. Business has more than doubled since 2014, the company said. Even with the rising deployment of remote engine cutoffs and GPS locators in cars, repo agencies remain dominant. Relentless scanned 28 million license plates last year, a demonstration of its recent, heavy push into technology. It now has more than 40 camera-equipped vehicles, mostly spotter cars. Agents are finding repos they never would have a few years ago. The company's goal is to capture every plate in Ohio and use that information to reveal patterns... "It's kind of scary, but it's amazing," said Alana Ferrante, chief executive of Relentless.

Repo agents are responsible for the majority of the billions of license plate scans produced nationwide. But they don't control the information. Most of that data is owned by Digital Recognition Network (DRN), a Fort Worth company that is the largest provider of license-plate-recognition systems. And DRN sells the information to insurance companies, private investigators -- even other repo agents. DRN is a sister company to Vigilant Solutions, which provides the plate scans to law enforcement, including police and U.S. Immigration and Customs Enforcement. Both companies declined to respond to questions about their operations... For repo companies, one worry is whether they are producing information that others are monetizing.

Transportation

Should The Media Cover Tesla Accidents? (chicagotribune.com) 200

Long-time Slashdot reader rufey writes: Last weekend a Tesla vehicle was involved in a crash near Salt Lake City Utah while its Autopilot feature was enabled. The Tesla, a Model S, crashed into the rear end of a fire department utility truck, which was stopped at a red light, at an estimated speed of 60 MPH. "The car appeared not to brake before impact, police said. The driver, whom police have not named, was taken to a hospital with a broken foot," according to the Associated Press. "The driver of the fire truck suffered whiplash and was not taken to a hospital."
Elon Musk tweeted about the accident:

It's super messed up that a Tesla crash resulting in a broken ankle is front page news and the ~40,000 people who died in US auto accidents alone in past year get almost no coverage. What's actually amazing about this accident is that a Model S hit a fire truck at 60mph and the driver only broke an ankle. An impact at that speed usually results in severe injury or death.

The Associated Press defended their news coverage Friday, arguing that the facts show that "not all Tesla crashes end the same way." They also fact-check Elon Musk's claim that "probability of fatality is much lower in a Tesla," reporting that it's impossible to verify since Tesla won't release the number of miles driven by their cars or the number of fatalities. "There have been at least three already this year and a check of 2016 NHTSA fatal crash data -- the most recent year available -- shows five deaths in Tesla vehicles."

Slashdot reader Reygle argues the real issue is with the drivers in the Autopilot cars. "Someone unwilling to pay attention to the road shouldn't be allowed anywhere near that road ever again."


United Kingdom

FM Radio Faces UK Government Switch-Off As Digital Listening Passes 50 Percent Milestone (inews.co.uk) 87

The Amazon Echo and other smart speakers have helped push the audience for digital radio past that of FM and AM in the UK for the first time. According to Radio Joint Audience Research (RAJAR), digital listening has reached a new record share of 50.9%, up from 47.2% a year ago. This milestone will trigger a government review into whether the analog FM radio signal should be switched off altogether. iNews reports: The BBC said it would be "premature" to switch off the FM signal. It could cut off drivers with analogue car radios and disenfranchise older wireless listeners. Margot James, Digital minister, welcomed "an important milestone for radio." She confirmed that the Government will "work closely with all partners -- the BBC, commercial radio, (transmitter business) Arqiva, car manufacturers and listeners" before committing to a timetable for analogue switch-off.

James Purnell, BBC Director of Radio and Education, said: "We're fully committed to digital, and growing its audiences, but, along with other broadcasters, we've already said that it would be premature to switch off FM." Mr Purnell said that BBC podcast listening was up a third across all audiences since the same time last year, accounting now for 40,000 hours a week. But younger audiences have not inherited the habit of listening to "live" radio, even on digital.

Google

Google Removes 'Don't Be Evil' Clause From Its Code of Conduct (gizmodo.com) 152

Kate Conger, reporting for Gizmodo: Google's unofficial motto has long been the simple phrase "don't be evil." But that's over, according to the code of conduct that Google distributes to its employees. The phrase was removed sometime in late April or early May, archives hosted by the Wayback Machine show.

"Don't be evil" has been part of the company's corporate code of conduct since 2000. When Google was reorganized under a new parent company, Alphabet, in 2015, Alphabet assumed a slightly adjusted version of the motto, "do the right thing." However, Google retained its original "don't be evil" language until the past several weeks. The phrase has been deeply incorporated into Google's company culture -- so much so that a version of the phrase has served as the wifi password on the shuttles that Google uses to ferry its employees to its Mountain View headquarters, sources told Gizmodo.

Software

In Virtual Reality, How Much Body Do You Need? (nytimes.com) 34

An anonymous reader quotes a report from The New York Times: Will it soon be possible to simulate the feeling of a spirit not attached to any particular physical form using virtual or augmented reality? If so, a good place to start would be to figure out the minimal amount of body we need to feel a sense of self, especially in digital environments where more and more people may find themselves for work or play. It might be as little as a pair of hands and feet, report Dr. Michiteru Kitazaki and a Ph.D. student, Ryota Kondo. In a paper published Tuesday in Scientific Reports, they showed that animating virtual hands and feet alone is enough to make people feel their sense of body drift toward an invisible avatar (Warning: source may be paywalled; alternative source). Their work fits into a corpus of research on illusory body ownership, which has challenged understandings of perception and contributed to therapies like treating pain for amputees who experience phantom limb.

Using an Oculus Rift virtual reality headset and a motion sensor, Dr. Kitazaki's team performed a series of experiments in which volunteers watched disembodied hands and feet move two meters in front of them in a virtual room. In one experiment, when the hands and feet mirrored the participants' own movements, people reported feeling as if the space between the appendages were their own bodies. In another experiment, the scientists induced illusory ownership of an invisible body, then blacked out the headset display, effectively blindfolding the subjects. The researchers then pulled them a random distance back and asked them to return to their original position, still virtually blindfolded. Consistently, the participants overshot their starting point, suggesting that their sense of body had drifted or "projected" forward, toward the transparent avatar.

Intel

New Spectre Attack Can Reveal Firmware Secrets (zdnet.com) 59

Yuriy Bulygin, the former head of Intel's advanced threat team, has published research showing that the Spectre CPU flaws can be used to break into the highly privileged CPU mode on Intel x86 systems known as System Management Mode (SMM). ZDNet reports: Bulygin, who has launched security firm Eclypsium, has modified Spectre variant 1 with kernel privileges to attack a host system's firmware and expose code in SMM, a secure portion of BIOS or UEFI firmware. SMM resides in SMRAM, a protected region of physical memory that should only be accessible by BIOS firmware and not the operating system kernel, hypervisors or security software. SMM handles especially disruptive interrupts and is accessible through the SMM runtime of the firmware, knows as System Management Interrupt (SMI) handlers.

"Because SMM generally has privileged access to physical memory, including memory isolated from operating systems, our research demonstrates that Spectre-based attacks can reveal other secrets in memory (eg, hypervisor, operating system, or application)," Bulygin explains. To expose code in SMM, Bulygin modified a publicly available proof-of-concept Spectre 1 exploit running with kernel-level privileges to bypass Intel's System Management Range Register (SMRR), a set or range registers that protect SMM memory. "These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory," he notes.

Security

RedDawn Android Malware Is Harvesting Personal Data of North Korean Defectors (theinquirer.net) 20

According to security company McAfee, North Korea uploaded three spying apps to the Google Play Store in January that contained hidden functions designed to steal personal photos, contact lists, text messages, and device information from the phones they were installed on. "Two of the apps purported to be security utilities, while a third provided information about food ingredients," reports The Inquirer. All three of the apps were part of a campaign dubbed "RedDawn" and targeted primarily North Korean defectors. From the report: The apps were promoted to particular targets via Facebook, McAfee claims. However, it adds that the malware was not the work of the well-known Lazarus Group, but another North Korean hacking outfit that has been dubbed Sun Team. The apps were called Food Ingredients Info, Fast AppLock and AppLockFree. "Food Ingredients Info and Fast AppLock secretly steal device information and receive commands and additional executable (.dex) files from a cloud control server. We believe that these apps are multi-staged, with several components."

"AppLockFree is part of the reconnaissance stage, we believe, setting the foundation for the next stage unlike the other two apps. The malwares were spread to friends, asking them to install the apps and offer feedback via a Facebook account with a fake profile promoted Food Ingredients Info," according to McAfee security researcher Jaewon Min. "After infecting a device, the malware uses Dropbox and Yandex to upload data and issue commands, including additional plug-in dex files; this is a similar tactic to earlier Sun Team attacks. From these cloud storage sites, we found information logs from the same test Android devices that Sun Team used for the malware campaign we reported in January. The logs had a similar format and used the same abbreviations for fields as in other Sun Team logs. Furthermore, the email addresses of the new malware's developer are identical to the earlier email addresses associated with the Sun Team."

AI

Google's Duplex AI Robot Will Warn That Calls Are Recorded (bloomberg.com) 27

An anonymous reader quotes a report from Bloomberg: On Thursday, the Alphabet Inc. unit shared more details on how the Duplex robot-calling feature will operate when it's released publicly, according to people familiar with the discussion. Duplex is an extension of the company's voice-based digital assistant that automatically phones local businesses and speaks with workers there to book appointments. At Google's weekly TGIF staff meeting on Thursday, executives gave employees their first full Duplex demo and told them the bot would identify itself as the Google assistant. It will also inform people on the phone that the line is being recorded in certain jurisdictions, the people said.
Transportation

Utilities, Tesla Appeal Federal Rollback of Auto Emissions Standards (arstechnica.com) 106

A coalition of utilities and electric vehicle makers, including Tesla, are petitioning the EPA to reconsider its recent plan to roll back auto emissions standards. In April, the EPA said that it would relax greenhouse gas emissions standards that had been put in place for model year 2022-2025 vehicles. Ars Technica reports: The National Coalition for Advanced Transportation (NCAT) represents 12 utilities as well as Tesla, electric truck maker Workhorse, and EV charging network EVgo. NCAT earlier this month asked the Second Circuit Court of Appeals in Washington, DC to review the EPA's latest efforts to relax the Obama-era fuel economy standards.

The coalition challenge to the EPA follows a similar challenge made by 17 states, including California. The utilities' efforts show that they're interested in protecting one of the major projected avenues for growth in electricity demand. Electricity consumption has stagnated in the U.S. as efficiency measures take effect and, in some states, solar panels make it easier for residents to buy less electricity from the local utility.

AI

AI Can't Reason Why (wsj.com) 178

The current data-crunching approach to machine learning misses an essential element of human intelligence. From a report: Amid rapid developments and nagging setbacks, one essential building block of human intelligence has eluded machines for decades: Understanding cause and effect. Put simply, today's machine-learning programs can't tell whether a crowing rooster makes the sun rise, or the other way around. Whatever volumes of data a machine analyzes, it cannot understand what a human gets intuitively. From the time we are infants, we organize our experiences into causes and effects. The questions "Why did this happen?" and "What if I had acted differently?" are at the core of the cognitive advances that made us human, and so far are missing from machines.

Suppose, for example, that a drugstore decides to entrust its pricing to a machine learning program that we'll call Charlie. The program reviews the store's records and sees that past variations of the price of toothpaste haven't correlated with changes in sales volume. So Charlie recommends raising the price to generate more revenue. A month later, the sales of toothpaste have dropped -- along with dental floss, cookies and other items. Where did Charlie go wrong? Charlie didn't understand that the previous (human) manager varied prices only when the competition did. When Charlie unilaterally raised the price, dentally price-conscious customers took their business elsewhere. The example shows that historical data alone tells us nothing about causes -- and that the direction of causation is crucial.

Google

Google Is Making An AR Headset With New Qualcomm Chips (theverge.com) 10

Google is reportedly working on a standalone augmented reality headset that will use new Qualcomm chips. "It will be built by Taiwanese computer maker Quanta," reports The Verge. "The project is still in its early stages, according to documents obtained by WinFuture." From the report: The AR headset is supposed to be similar to Microsoft's HoloLens, a headset that came out in 2016 and is aimed at design, training, and industrial use. The Google AR headset that's in development will reportedly be self-contained and powered by a Qualcomm chip, rather than tethered to another device. It will also include cameras and microphones. The headset is currently going by the name "Google A65." There's no release date yet for the Google A65 as it's still in the prototype stage, according to WinFuture. The headset won't only operate like a HoloLens, but it will use the same chips. HoloLens is rumored to be getting an update this year, with a new ARM-powered design and an improved field of view. The Qualcomm chips that will reportedly be used in both the new HoloLens and the new Google headset are the Qualcomm QSC603 four-core chips, based on ARM architecture.
Transportation

Elon Musk Pitches 150 MPH Rides In Boring Company Tunnels For $1 (engadget.com) 70

An anonymous reader quotes a report from Engadget: At The Boring Company Information Session not all of the talk centered on flamethrowers. Elon Musk and project leader Steve Davis described many details of their visions for an underground network that could alleviate traffic problems in big cities. Musk said "we're not suggesting this to the exclusion of other approaches," but did take a moment to call out flying taxi solutions (like Uber Elevate) right off the bat due to danger and noise.

Earlier in the evening Musk retweeted an LA Metro tweet that said it's coordinating with The Boring Company on its test and said the two will be "partners" going forward. Much of what Musk discussed about how his concept in-city Loop would work has been answered in concept videos and the company's FAQ, but he specifically said that the plan is for rides that cost a $1, and carry up to 16 passengers through hundreds of tunnels to those small, parking space-size tunnels located throughout a city. Test runs in the loop have already hit a couple of hundred miles an hour, and Musk's plan is for vacuum Hyperloop tubes between cities that enable travel in pressurized carts at up to 300 MPH. That's compared to 150 MPH in the in-city Loop carts, all without slowing down due to traffic or anything else. The main concern is hitting speeds that are still comfortable for people inside.
The timeframe for when the "weird little Disney ride in the middle of LA" will be available to the public is unclear.
Crime

Alleged Owners of Mugshots.com Have Been Arrested For Extortion (lawandcrime.com) 101

Reader schwit1 writes: The alleged owners of Mugshots.com have been charged and arrested. These four men Sahar Sarid, Kishore Vidya Bhavnanie, Thomas Keesee, and David Usdan only removed a person's mugshot from the site if this individual paid a "de-publishing" fee, according to the California Attorney General on Wednesday. That's apparently considered extortion. On top of that, they also face charges of money laundering, and identity theft.

If you read a lot of articles about crime, then you're probably already familiar with the site (which is still up as of Friday afternoon). They take mugshots, slap the url multiple times on the image, and post it on the site alongside an excerpt from a news outlet that covered the person's arrest. According to the AG's office, the owners would only remove the mugshots if the person paid a fee, even if the charges were dismissed. This happened even if the suspect was only arrested because of "mistaken identity or law enforcement error." You can read the affidavit here.

Businesses

The Internet of Trash: IoT Has a Looming E-Waste Problem (ieee.org) 78

As we add computing and radios to more things, we're also adding to the problem of e-waste. The United Nations found that people generated 44.7 million metric tons of e-waste globally in 2016, and expects that to grow to 52.2 million metric tons by 2021. From a report: There are two issues. We're adding semiconductors to products that previously had none, and we're also shortening the life of devices as we add more computing, turning products that might last 15 years into ones that must be replaced every five years. In fact, many small connected devices such as trackers, jewelry, or wearables are designed to fail once the battery dies. At that point, the consumer tosses it out and buys another.
Programming

Ask Slashdot: What's the Most Sophisticated Piece of Software Ever Written? (quora.com) 231

An anonymous reader writes: Stuxnet is the most sophisticated piece of software ever written, given the difficulty of the objective: Deny Iran's efforts to obtain weapons grade uranium without need for diplomacy or use of force, John Byrd, CEO of Gigantic Software (formerly Director of Sega and SPM at EA), argues in a blog post, which is being widely shared in developer circles, with most agreeing with Byrd's conclusion.

He writes, "It's a computer worm. The worm was written, probably, between 2005 and 2010. Because the worm is so complex and sophisticated, I can only give the most superficial outline of what it does. This worm exists first on a USB drive. Someone could just find that USB drive laying around, or get it in the mail, and wonder what was on it. When that USB drive is inserted into a Windows PC, without the user knowing it, that worm will quietly run itself, and copy itself to that PC. It has at least three ways of trying to get itself to run. If one way doesn't work, it tries another. At least two of these methods to launch itself were completely new then, and both of them used two independent, secret bugs in Windows that no one else knew about, until this worm came along."

"Once the worm runs itself on a PC, it tries to get administrator access on that PC. It doesn't mind if there's antivirus software installed -- the worm can sneak around most antivirus software. Then, based on the version of Windows it's running on, the worm will try one of two previously unknown methods of getting that administrator access on that PC. Until this worm was released, no one knew about these secret bugs in Windows either. At this point, the worm is now able to cover its tracks by getting underneath the operating system, so that no antivirus software can detect that it exists. It binds itself secretly to that PC, so that even if you look on the disk for where the worm should be, you will see nothing. This worm hides so well, that the worm ran around the Internet for over a year without any security company in the world recognizing that it even existed."
What do Slashdot readers think?
Operating Systems

Canonical Shares Desktop Plans For Ubuntu 18.10 (ubuntu.com) 78

Canonical's Will Cooke on Friday talked about the features the company is working on for Ubuntu 18.10 "Cosmic Cuttlefish" cycle. He writes: We're also adding some new features which we didn't get done in time for the main 18.04 release. Specifically: Unlock with your fingerprint, Thunderbolt settings via GNOME Control Center, and XDG Portals support for snap.

GNOME Software improvements
We're having a week long sprint in June to map out exactly how we want the software store to work, how we want to present information and to improve the overall UX of GNOME Software. We've invited GNOME developers along to work with Ubuntu's design team and developers to discuss ideas and plan the work. I'll report back from the sprint in June.

Snap start-up time
Snapcraft have added the ability for us to move some application set up from first run to build time. This will significantly improve desktop application first time start up performance, but there is still more we can do.

Chromium as a snap
Chromium is becoming very hard to build on older releases of Ubuntu as it uses a number of features of modern C++ compilers. Snaps can help us solve a lot of those problems and so we propose to ship Chromium only as a snap from 18.10 onwards, and also to retire Chromium as a deb in Trusty. If you're still running Trusty you can get the latest Chromium as a snap right now.
In addition, Ubuntu team is also working on introducing improvements to power consumption, adding support for DLNA, so that users could share media directly from their desktop to DLNA clients (without having to install and configure extra packages), and improved phone integration by shipping GS Connect as part of the desktop, the GNOME port of KDE Connect. Additional changelog here.
Businesses

Data Science is America's Hottest Job (bloomberg.com) 78

Anonymous readers share a report: It turns out that even in the wake of Facebook's privacy scandal and other big-data blunders, finding people who can turn social-media clicks and user-posted photos into monetizable binary code is among the biggest challenges facing U.S. industry. People with data science bona fides are among the most sought-after professionals in business, with some data science Ph.Ds commanding as much as $300,000 or more from consulting firms.

Job postings for data scientists rose 75 percent from January 2015 to January 2018 at Indeed.com, while job searches for data scientist roles rose 65 percent. A growing specialty is "sentiment analysis," or finding a way to quantify how many tweets are trashing your company or praising it. A typical data scientist job pays about $119,000 at the midpoint of salaries and rises to $168,000 at the 95th percentile, according to staffing agency Robert Half Technology.

Security

A Bug in Keeper Password Manager Leads To Sparring Over 'Zero-Knowledge' Claim (zdnet.com) 46

Keeper, a password manager maker that recently and controversially sued a reporter, has fixed a bug that a security researcher claimed could have allowed access to a user's private data. From a report: The bug -- which the company confirmed and has since fixed -- filed anonymously to a public security disclosure list, detailed how anyone controlling Keeper's API server could gain access to the decryption key to a user's vault of passwords and other sensitive information. The researcher found the issue in the company's Python-powered script called Keeper Commander, which allows users to rotate passwords, eliminating the need for hardcoded passwords in software and systems.

According to the write-up, the researcher said it's possible that someone in control of Keeper's API -- such as employees at the company -- could unlock an account, because the API server stores the information used to produce an intermediary decryption key. "What seems to appear in the code of Keeper Commander from November 2015 to today is blind trust of the API server," said the researcher.

Facebook

Facebook's Android App Is Asking for Superuser Privileges, Users Say (bleepingcomputer.com) 178

Catalin Cimpanu, reporting for BleepingComputer: The Facebook Android app is asking for superuser permissions, and a bunch of users are freaking out about granting the Facebook app full access to their device, an understandable reaction following the fallout from the Cambridge Analytica privacy scandal. "Grants full access to your device," read the prompts while asking users for superuser permissions. These popups originate from the official Facebook Android app (com.facebook.katana) and are started appearing last night [UTC timezone], continuing throughout the day. Panicked users took to social media, Reddit, and Android-themed forums to share screengrabs of these suspicious popups and ask for advice on what's going on.

Slashdot Top Deals