Google researchers have exposed details of multiple security flaws in its rival Apple's Safari web browser that allowed users' browsing behavior to be tracked [Editor's note: the link may be paywalled; alternative source], despite the fact that the affected tool was specifically designed to protect their privacy. From a report: The flaws, which were ironically found in an anti-tracking feature known as Intelligent Tracking Prevention, were first disclosed by Google to Apple in August last year. In a soon-to-be published paper seen by the Financial Times, researchers in Google's cloud team have since identified five different types of potential attack that could have resulted from the vulnerabilities, allowing third parties to obtain "sensitive private information about the user's browsing habits." "You would not expect privacy-enhancing technologies to introduce privacy risks," said Lukasz Olejnik, an independent security researcher who has seen the paper. "If exploited or used, [these vulnerabilities] would allow unsanctioned and uncontrollable user tracking. Apple rolled out Intelligent Tracking Prevention in 2017, with the specific aim of protecting Safari browser users from being tracked around the web by advertisers' and other third-parties' cookies.

Read more of this story at Slashdot.

A deep dive into an archive will never be the same. From an essay: Instead of reading papers during an archival visit, historians can snap pictures of the documents and then look at them later. Ian Milligan, a historian at the University of Waterloo, noticed the trend among his colleagues and surveyed 250 historians, about half of them tenured or tenure-track, and half in other positions, about their work in the archives. The results quantified the new normal. While a subset of researchers (about 23 percent) took few (fewer than 200) photos, the plurality (about 40 percent) took more than 2,000 photographs for their "last substantive project." The driving force here is simple enough. Digital photos drive down the cost of archival research, allowing an individual to capture far more documents per hour. So an archival visit becomes a process of standing over documents, snapping pictures as quickly as possible. Some researchers organize their photos swiping on an iPhone, or with an open-source tool named Tropy; some, like Alex Wellerstein, a historian at Stevens Institute of Technology, have special digital-camera setups, and a standardized method. In my own work, I used Dropbox's photo tools, which I used to output PDFs, which I dropped into Scrivener, my preferred writing software. These practices might seem like a subtle shift -- researchers are still going to collections and requesting boxes and reading papers -- but the ways that information is collected and managed transmute what historians can learn from it. There has been, as Milligan put it, a "dramatic reshaping of historical practice." Different histories will be written because the tools of the discipline are changing.

Read more of this story at Slashdot.

The future of the next 46 billion devices. From a report: "What do you think is the biggest hardware business at Microsoft?" asked Microsoft CEO Satya Nadella last week during a private media event. "Xbox," answered a reporter who had been quizzing Nadella on how the company's hardware products like Surface and Xbox fit into the broader ambitions of Microsoft. "No, it's our cloud," fired back Nadella, explaining how Microsoft is building everything from the data centers to the servers and network stack that fit inside. As the reporter pushed further on the hardware point, a frequent question given Microsoft's focus on the cloud, Nadella provided us with the best vision for the modern Microsoft that moves well beyond the billion-or-so Windows users that previously defined the company. "The way I look at it is Windows is the billion user install base of ours. We continue to add a couple of hundred million PCs every year, and we want to serve that in a super good way," explained Nadella. "The thing that we also want to think about is the broader context. We don't want to be defined by just what we achieved. We look at if there's going to be 50 billion endpoints. Windows with its billion is good, Android with its 2 billion is good, iOS with its billion is good -- but there is 46 billion more. So let's go and look at what that 46 billion plus 4 [billion] looks like, and define a strategy for that, and then have everything have a place under the sun."

Read more of this story at Slashdot.

Quincy Larson, founder of freeCodeCamp, a non-profit organization that runs an open-source community for learning to code, writes in a blog post: I tucked my son under my arm and jogged to my desk. I'd been up until 2 a.m. finishing the announcement for our new #AWSCertified Challenge. And so far, the launch was going well. Our new Twitter bot was tweeting, and our Discord chatroom was abuzz with ambitious developers eager to earn their AWS certifications. I was getting ready to meet with my team when I noticed two strange emails -- both of which arrived within minutes of one another. "Your a fraud" read one of the emails in typo-riddled English. "That's exactly what I'm thinking since I see a charge on my financial institution from you and since I've never heard of you. Yes you need to resolve this." The other email was... well, let's just say it was also an angry letter and let's leave it at that. freeCodeCamp is a donor-supported nonprofit, and we have thousands of people around the world who donate to us each month. Once in a while, there are misunderstandings -- usually when one family member donates without telling the other. But this felt different. So I tabbed over to Stripe, the credit card processing service our nonprofit uses for donations. On a typical day, we'd have 20 or 30 new donors. But here's what I saw instead: Stripe's dashboard showing 11,000 new customers and $60,000 in revenue for a single 24 hour period. It took me a moment to process what was happening. Our nonprofit -- which operates on an annual budget of less than $400,000 -- had just received more than $60,000 in 24 hours - and from thousands of donors. And my heart began to sink. There was no way those were real donations. We've had spikes in donations from articles in major newspapers. Heck -- I've even been interviewed on Good Morning America. But none of those spikes caused such a surge in donations. No. There was only one thing that could cause a surge in donations like this. Fraud. Extensive, programmatic credit card fraud. I'd heard about this technique before. It's called "card testing." Here's how it works: 1. A fraudster finds a website with a relatively simple credit card form. 2. Then they run scripts to test thousands of stolen credit card numbers in rapid succession. 3. That way they can see which cards are still valid and which ones have been cancelled. Then they turn around and sell those valid card numbers on the dark web. In this case, I'd detected the fraud much faster than a lot of other websites would have. So I had a window.

Read more of this story at Slashdot.

Running an outdated operating system will cost Germany some additional fee. The German federal government stands to pay at least $886,000 this year to Microsoft, according to local media. ZDNet: The sum represents support fees for over 33,000 government workstations that are still running Windows 7, a Microsoft operating system that reached end of support (EoS) on January 14, and for which Microsoft has stopped providing free security updates and bug fixes. Last year, Redmond announced a paid program for governments and enterprise partners. The program, named the are Windows 7 Extended Security Updates (ESU), would provide paid access to Windows 7 security updates until January 10, 2023. ESU updates, for which the German government has recently signed up, cost between $25 to $200 per workstation, depending on the Windows 7 version a company is running (Enterprise or Pro) and the amount of time they'll need the updates.

Read more of this story at Slashdot.

We make decisions by weighing pros and cons. Artificial intelligence has the potential to help us with that by sifting through ever-increasing mounds of data. But to be truly useful, it needs to reason more like a human. An artificial intelligence technique known as argument mining could help. From a report: IBM has just taken a big step in that direction. The company's Project Debater team has spent several years developing an AI that can build arguments. Last year IBM demonstrated its work-in-progress technology in a live debate against a world-champion human debater, the equivalent of Watson's Jeopardy! showdown. Such stunts are fun, and it provided a proof of concept. Now IBM is turning its toy into a genuinely useful tool. The version of Project Debater used in the live debates included the seeds of the latest system, such as the capability to search hundreds of millions of new articles. But in the months since, the team has extensively tweaked the neural networks it uses, improving the quality of the evidence the system can unearth. One important addition is BERT, a neural network Google built for natural-language processing, which can answer queries. The work will be presented at the Association for the Advancement of Artificial Intelligence conference in New York next month. To train their AI, lead researcher Noam Slonim and his colleagues at IBM Research in Haifa, Israel, drew on 400 million documents taken from the LexisNexis database of newspaper and journal articles. This gave them some 10 billion sentences, a natural-language corpus around 50 times larger than Wikipedia. They paired this vast evidence pool with claims about several hundred different topics, such as "Blood donation should be mandatory" or "We should abandon Valentine's Day." They then asked crowd workers on the Figure Eight platform to label sentences according to whether or not they provided evidence for or against particular claims. The labeled data was fed to a supervised learning algorithm.

Read more of this story at Slashdot.

EDF Energy wants to build new reactors next to the existing Sizewell B near Minsmere nature reserve.

At the World Economic Forum, he asked: "Do we want to go down in history as the people who did nothing?"

Microsoft has announced that it will install a new Google Chrome extension for some Office 365 ProPlus customers that will force the browser to use Bing as the default search engine "to access relevant workplace information directly from the browser address bar." From a report: The Microsoft Search in Bing extension will be added to all new Office 365 ProPlus installations and when updating to newer releases. The only customers that won't have this Chrome extension installed automatically are those that already have set Bing as their default Chrome search engine. "Microsoft Search is part of Microsoft 365 and is turned on by default for all Microsoft apps that support it," Microsoft says. "Even after Bing is made the default search engine, your users can still change to a different default search engine in Google Chrome on their own."

Read more of this story at Slashdot.

Getting back on track podcast-wise after our brief brush with politics. I explain in this 25-minute cast what I'm doing here and why I value the connection with Doc. It's all about creating a groove with smart people so we can keep innovating. We used to call it (as I'm sure Doc remembers) "users and developers party together." I thrive off collaboration with people such as Doc. I provide examples of other times I've benefited from the insights of others to create new uses for networks.

A report investigating the potential hack of Jeff Bezos' iPhone indicates that forensic investigators found a suspicious file but no evidence of any malware on the phone. Motherboard: It also says that investigators had to reset Bezos's iTunes backup password because investigators didn't have it to access the backup of his phone. The latter suggests that Bezos may have forgotten his password. The report, obtained by Motherboard, indicates that investigators set up a secure lab to examine the phone and its artifacts and spent two days poring over the device but were unable to find any malware on it. Instead, they only found a suspicious video file sent to Bezos on May 1, 2018 that "appears to be an Arabic language promotional film about telecommunications." That file shows an image of the Saudi Arabian flag and Swedish flags and arrived with an encrypted downloader. Because the downloader was encrypted this delayed or further prevented "study of the code delivered along with the video." Investigators determined the video or downloader were suspicious only because Bezos' phone subsequently began transmitting large amounts of data. "[W]ithin hours of the encrypted downloader being received, a massive and unauthorized exfiltration of data from Bezos' phone began, continuing and escalating for months thereafter," the report states. "The amount of data being transmitted out of Bezos' phone changed dramatically after receiving the WhatsApp video file and never returned to baseline. Following execution of the encrypted downloader sent from MBS' account, egress on the device immediately jumped by approximately 29,000 percent," it notes. "Forensic artifacts show that in the six (6) months prior to receiving the WhatsApp video, Bezos' phone had an average of 430KB of egress per day, fairly typical of an iPhone. Within hours of the WhatsApp video, egress jumped to 126MB. The phone maintained an unusually high average of 101MB of egress data per day for months thereafter, including many massive and highly atypical spikes of egress data. The digital forensic results, combined with a larger investigation, interviews, research, and expert intelligence information, led the investigators "to assess Bezos' phone was compromised via tools procured by Saud al Qahtani," the report states.

Read more of this story at Slashdot.

The heir to the throne calls for a "paradigm shift" in the way the world deals with climate change.

Brilliant. Kids are swapping AirPods in class then using text to speech to talk without talking.

I was spooked last night by how much Jeffries conveys "Obama." The 8th Congressional District of New York.

Many police departments across the United States already have the ability to crack mobile devices, including the iPhone. From a report: Over the past three months, OneZero sent Freedom of Information Act (FOIA) requests to over 50 major police departments, sheriffs, and prosecutors around the country asking for information about their use of phone-cracking technology. Hundreds of documents from these agencies reveal that law enforcement in at least 11 states spent over $4 million in the last decade on devices and software designed to get around passwords and access information stored on phones. OneZero obtained documents from law enforcement agencies in New York, California, Florida, Texas, Washington, Colorado, Illinois, Ohio, Michigan, New Mexico, and Massachusetts. These agencies included district attorneys' offices, local police departments, and county sheriffs' offices. The number of offices with access to phone-cracking tools across the country is likely far greater than what OneZero uncovered. Not all agencies responded to OneZero's request for documents. Some departments and offices claimed the records were exempt from public release. Others told OneZero they would need several months and thousands of dollars to provide the information.

Read more of this story at Slashdot.