A government watchdog has criticized U.S. border authorities for failing to properly disclose the agency's use of facial recognition at airports, which included instructions on how Americans can opt out. From a report: U.S. Customs and Border Protection (CBP), tasked with protecting the border and screening immigrants, has deployed its face-scanning technology in 27 U.S. airports as part of its Biometric Entry-Exit Program. The program was set up to catch visitors who overstay their visas. Foreign nationals must complete a facial recognition check before they are allowed to enter and leave the United States, but U.S. citizens are allowed to opt out. But the Government Accountability Office (GAO) said in a new report out Wednesday that CBP did "not consistently" provide notices that informed Americans that they would be scanned as they depart the United States.

Read more of this story at Slashdot.

Out of scores of federal civilian agencies, only a handful of them have official programs to work with outside security researchers to find and fix software bugs -- a process that is commonplace in the private sector. From a report: Now, to put an end to the feet-dragging, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency is giving agencies six months to set up the programs, known as vulnerability disclosure policies (VDPs). CISA on Wednesday issued a directive requiring agencies to establish VDPs that foreswear legal action against researchers who act in good faith, allow participants to submit vulnerability reports anonymously and cover at least one internet-accessible system or service. Itâ(TM)s the latest sign that federal officials are warming to white-hat hackers from various walks of life. "We believe that better security of government computer systems can only be realized when the people are given the opportunity to help," CISA Assistant Director Bryan S. Ware said in announcing the directive. The White House echoed that language in a memo to agencies backing the VDP initiative and setting deadlines for agencies to act.

Read more of this story at Slashdot.

An anonymous reader shares a report: Over the course of August 2020, more than 300 Microsoft employees shared their salaries, bonuses, and stock awards in a Google spreadsheet to continue their push for fairer compensation. "You are legally protected to share this info, and you should share it so your coworkers can determine if they're being underpaid; however, you should still exercise caution," the Google Form to submit information reads. Sharing compensation data has become an annual tradition at Microsoft during this time of year, when full-time employees are notified of any raises or bonuses. Last year, more than 400 employees similarly shared their salaries, OneZero reported. The employees who respond to each year's survey are mainly based in Redmond, Microsoft's Washington headquarters. By the last day of August 2020, 310 employees had added their data to the spreadsheet. Microsoft employs more than 150,000 employees around the world. Employees shared their previous base salary, any cash bonuses, other bonuses paid out in stock, and merit-based increases in salary. This year's spreadsheet also included two new questions: one asking whether the employee was a person of color, and another asking whether the employee felt marginalized or at risk of being marginalized due to their gender or gender identity. Microsoft's latest diversity report showed the company was mainly white and male, especially at the highest levels. At Microsoft, like most tech companies, seniority and compensation is based on a person's level. At Microsoft, the levels start at 59 and go beyond 80. Microsoft's senior positions start at level 63, according to the crowdsourced tech compensation website Levels.fyi.

Read more of this story at Slashdot.

The National Security Agency program that swept up details on billions of Americans' phone calls was illegal and possibly unconstitutional, a federal appeals court ruled Wednesday. From a report: However, the unanimous three-judge panel of the 9th Circuit Court of Appeals said the role the so-called telephone metadata program played in a criminal terror-fundraising case against four Somali immigrants was so minor that it did not undermine their convictions. The long-awaited decision is a victory for prosecutors, but some language in the court's opinion could be viewed as a rebuke of sorts to officials who defended the snooping by pointing to the case involving Basaaly Moalin and three other men found guilty by a San Diego jury in 2013 on charges of fundraising for Al-Shabaab. Judge Marsha Berzon's opinion, which contains a half-dozen references to the role of former NSA contractor and whistleblower Edward Snowden in disclosing the NSA metadata program, concludes that the "bulk collection" of such data violated the Foreign Intelligence Surveillance Act. The call-tracking effort began without court authorization under President George W. Bush following the Sept. 11, 2001, terrorist attacks. A similar program was approved by the secretive FISA Court beginning in 2006 and renewed numerous times, but the 9th Circuit panel said those rulings were legally flawed.

Read more of this story at Slashdot.

EmagGeek writes: A camera slowly stalks a woman walking to her SUV in a desolate, empty parking garage. "If question 1 passes in Massachusetts, anyone could access the most personal data stored in your vehicle," a narrator says. "Domestic violence advocates say a sexual predator could use the data to stalk their victims. Pinpoint exactly where you are. Whether you are alone ..." The woman's keys jingle as she approaches her car. The camera gets closer. The woman whips her head around. The stalker has found her. The screen flashes to black. "Vote NO on 1," the narrator says. The Alliance for Automotive Innovation, which represents nearly every major auto manufacturer in the United States, is funding this and a series of other TV ads like it to scare Massachusetts residents into voting against a ballot measure that would expand the state's already existing right to repair law to ensure that you can continue to get your car fixed by anyone you want. The ads heavily imply -- and at times state outright -- that the legislation would somehow lead women to be stalked and sexually assaulted, a charge that cybersecurity experts say has no grounding in reality. Instead, the auto industry wants to ensure that when your car breaks, you have to take it to a manufacturer "authorized" mechanic or the dealer itself. The legislation is an update to an already-existing law passed by Massachusetts voters in 2012 that has become a national standard for auto repair and a model piece of legislation for other right to repair bills that would make it easier to fix all sorts of electronics. The 2012 law enshrines the ability for independent mechanics (meaning, anyone who is not a car dealer) to repair the vast majority of cars, because it requires manufacturers to use a nonproprietary diagnostic interface to diagnose problems. This means that anyone can buy an OBD reader (called a "scanner," a "dongle," a "computer"), hook it up to a port beneath their steering wheel, and determine what's wrong with their car. The law also makes repair information available to independent repair professionals. Question 1 seeks to close a loophole in that earlier law, which exempted cars that transmitted this data wirelessly. As cars become even more computerized, independent repair shops are worried that manufacturers will do away with the OBD port and will store this data wirelessly, exempting them from the earlier law. The new initiative simply guarantees that car owners and independent repair companies can access this data wirelessly without "authorization by the manufacturer," and requires car manufacturers to store this data in a secure, "standardized, open-access platform."

Read more of this story at Slashdot.

A threat intelligence firm called HYAS, a private company that tries to prevent or investigates hacks against its clients, is buying location data harvested from ordinary apps installed on peoples' phones around the world, and using it to unmask hackers. The company is a business, not a law enforcement agency, and claims to be able to track people to their "doorstep." From a report: The news highlights the complex supply chain and sale of location data, traveling from apps whose users are in some cases unaware that the software is selling their location, through to data brokers, and finally to end clients who use the data itself. The news also shows that while some location firms repeatedly reassure the public that their data is focused on the high level, aggregated, pseudonymous tracking of groups of people, some companies do buy and use location data from a largely unregulated market explicitly for the purpose of identifying specific individuals. HYAS' location data comes from X-Mode, a company that started with an app named "Drunk Mode," designed to prevent college students from making drunk phone calls and has since pivoted to selling user data from a wide swath of apps. Apps that mention X-Mode in their privacy policies include Perfect365, a beauty app, and other innocuous looking apps such as an MP3 file converter. "As a TI [threat intelligence] tool it's incredible, but ethically it stinks," a source in the threat intelligence industry who received a demo of HYAS' product told Motherboard.

Read more of this story at Slashdot.

Intel took the wraps off its not-so-secret central processing units (CPUs) code-named Tiger Lake, built with a 10-nanometer manufacturing process. It may has well been called Tiger Leak. From a report: The 11th Generation Intel Core Processor models include the Intel Core i7-1185G7 chip, with a base 3GHz frequency that can be boosted to 4.8GHz. The Santa Clara, California-based company has dual-core and quad-core variants in the new family, which will be used in high-powered laptops coming this fall. Intel is also unveiling the Intel Xe 12th Gen integrated graphics processing unit (GPU), which replaces the Iris Plus integrated GPU. It has improved AI performance, Thunderbolt 4 input-output, and software optimizations. Intel said it has 20% better CPU performance and two times the graphics performance than the previous generation. With the integrated GPU, Intel said it can deliver frame rates in games that are two times faster than previous models. All told, there are nine new Tiger Lake chips. The chips are the top of the line for now as Intel faces severe competition from rival Advanced Micro Devices, which uses external producers such as TSMC to make its chips and is making historic market share gains. Intel normally makes its own chips, and it is rumored to be talking to TSMC for contract manufacturing, but that deal won't come in time for Tiger Lake. "We're leading the ecosystem forward to deliver new PC experiences," said Gregory Bryant, executive vice president of client computing at Intel, in a briefing.

Read more of this story at Slashdot.

A reporter asked what I think of Clubhouse. It's been a month since I wrote my first impressions. So it seems like a good time to take stock.

• I still think it's interesting.
• I've added three of my friends to the service, I think that's important for its success, that people you know from outside Clubhouse are there, so you can see how they react to it, and how it reacts to them, what they see. The three of them come from very different perspectives. However so far I have yet to be on Clubhouse at the same time as they have, as far as I know. Not sure if there's a way to tell, especially when the people in a room are only fully available when you visit that room, and I don't always want to do that. How do I say to the room "I'm just lurking to see if there's anything there for me."
• I didn't do it through their system, I made special requests to the support people. I didn't want to give them access to my contacts. It's not clear why they need access to contacts to add a friend to the system.
• I use Twitter and Facebook as places to rest my mind between programming and writing work. I've tried to use Clubhouse that way but it hasn't worked. The times I've gotten into discussions have been in the evenings after work (Eastern time). When I have more time to wait and watch and listen.
• On one room I heard a woman moderator with a beautiful radio voice. I wanted to say that, because along with intellect, having a soothing voice is important in a medium that only has audio and no visual cues. I like that, of course, like podcasting, because it involves your imagination, if they don't give you visual images. Your mind has to supply them, and that stimulates your creativity. Anyway I didn't say it because I wasn't sure it would be received well.
• There were times when I got into discussions that, if I had them on Twitter, I probably would have gotten excoriated for, because as a white man I am not supposed to know anything about certain things. It's kind of the opposite of mansplaining. Shut up stupid man, we'll explain to you how this really works. Well that didn't happen on Clubhouse. Maybe because what's said there is so ephemeral, or it's harder to project on a real human voice as opposed to characters on a screen, or because it's still early and almost everyone there is in a good mood and excited to be there at the beginning of something they think may be substantial. I like that feeling too.
• I would like to see it used to explore things I don't know anything about. For example, I'd like to know what it's like now to live in NYC, which is where I grew up, and lived for 9 years before I moved to the Mid Hudson Valley in March 2019. I've been thinking about driving to NYC to explore neighborhoods I lived in, see what's changed I did after Katrina in New Orleans, a city I know because I went to college there. It was a life-changing experience.
• I think Clubhouse is going to hit some of the same walls other systems with the same structure do and in fact already is hitting them. If you go to a random room, chances are pretty good it's going to be a discussion about how Clubhouse should work. As if being there near the beginning gives you any power over how it will evolve.
• There's an assumption that you aren't being recorded, but I have a funny feeling the company must be recording what's said. Anyone who's listening could be recording. This could be a problem.
• I think it would be great if there were excellent discussion leaders who knew most of the people who had the power to speak in a room and could call on people. We had conferences in this format, called BloggerCons, in the 2000s. I think this system could work for that. They were very good, in most conferences the conversations move into the hallway. On Clubhouse those conversations don't happen.
• I've tried starting rooms a few times, invited people I know, and nothing happens. I still have yet to learn how to get a discussion going. I'd especially like to try it with one of my blog posts, but not enough of the people who read my blog are on Clubhouse.

The Russian group that interfered in the 2016 presidential election is at it again, using a network of fake accounts and a website set up to look like a left-wing news site, Facebook and Twitter said on Tuesday. From a report: The disinformation campaign by the Kremlin-backed group, known as the Internet Research Agency, is the first public evidence that the agency is trying to repeat its efforts from four years ago and push voters away from the Democratic presidential candidate, Joseph R. Biden Jr., to help President Trump. Intelligence agencies have warned for months that Russia and other countries were actively trying to disrupt the November election, and that Russian intelligence agencies were feeding conspiracy theories designed to alienate Americans by laundering them through fringe sites and social media. Now Facebook and Twitter are offering evidence of this meddling, even as the White House in recent weeks has sought to more tightly control the flow of information about foreign threats to November's election and downplay Russian interference. The Trump administration's top intelligence official as recently as Sunday has tried to suggest that China is a graver risk than Moscow. Facebook and Twitter, which were slow to react to wide-ranging disinformation campaigns on their services in 2016 and continue to face criticism -- even from their own employees -- that they are not doing enough to confront the issue, said they were warned by the Federal Bureau of Investigation about the Russian effort.

Read more of this story at Slashdot.

Apple on Wednesday highlighted the estimated number of US jobs created by its iOS app ecosystem. It comes as the company battles Fortnite developer Epic over App Store commission rates, which can be as high as 30%. From a report: The iOS app economy has created almost 300,000 new jobs since April 2019 and supports more than 2.1 million US jobs across all 50 states,Apple estimated in a blog post that cited research by Washington DC-based think tank Progressive Policy Institute. Most of these jobs are concentrated in states on the East and West Coasts, as well as Texas, while the Midwest has the fewest. Apps have proven critical for Americans adapting to life during the coronavirus pandemic, Apple said, whether it's ordering food remotely, stay-at-home education or telehealth. As a result, it noted that developers' jobs have remained sustainable even as many Americans lose their jobs.

Read more of this story at Slashdot.

I have a new macros feature in Old School, the Node app I use to build the pages out of the outline I use to edit this blog. Every blogging system needs macros. We had them in Manila and Radio UserLand. I probably had them in AutoWeb and Clay Basket too. I haven't put them in Old School, wanting to wait to see how the software evolved without them

Old School already has a glossary. You give it a string and a value that is substituted when the string occurs in the text. Today's machines are infinitely fast at that kind of thing, so it's not a burden to make the list of substitutions longer. It makes linking easier, and more consistent. Here's the OPML source for the glossary I maintain.

But what happens when you want to link to a search for a term on this blog. Like here are all the references on scripting.com for Dr Nick. Not something I'd likely put in the glossary because it's not a term I'd use a lot in my writing. But product names like Old School are a good candidate for glossarification.

This is the syntax: [%search: Dr Nick%].

Right now I'm the only one who can use it. ;-)

oh the hunky dory buzzing

India's Minister of Information Technology Ravi Shankar Prasad accused some Facebook employees of blocking right-wing views in the nation, escalating a battle over content moderation in the social media company's largest market by users. From a report: Prasad made the allegations in a letter to Facebook Chief Executive Officer Mark Zuckerberg on Tuesday. The note comes two weeks after the Wall Street Journal reported that the U.S. firm failed to remove alleged hate speech from a lawmaker belonging to Prasad's ruling Hindu nationalist Bharatiya Janata Party. Facebook is grappling with a backlash in India after the Journal reported Facebook deleted anti-Muslim posts by BJP lawmaker Raja Singh and three other Hindu nationalists only after being questioned by the paper. Current and former Facebook employees told the paper that Facebook's head of public policy, Ankhi Das, opposed the deletion of the posts despite being flagged internally as breaching standards. Prasad also alleged that Facebook tried to influence public opinion before India's 2019 elections.

Read more of this story at Slashdot.

The Lincoln Project is really fucking with DJ Trump.

A U.S. appeals court rejected Oracle's challenges to the Pentagon's disputed $10 billion cloud-computing contract. From a report: Oracle had raised a number of issues, including allegations of conflicts of interest with Amazon.com, and claims the Pentagon violate its own rules when it set up the contract to be awarded to a single firm. The U.S. Court of Appeals for the Federal Circuit affirmed a lower court ruling that Oracle wasn't harmed by any errors the Pentagon made in developing the contract proposal because it wouldnâ(TM)t have qualified for the contract anyway. Oracle was fighting its exclusion from seeking the lucrative cloud-computing deal, known as the Joint Enterprise Defense Infrastructure, or JEDI. The Pentagon awarded the contract to Microsoft in October over market leader Amazon Web Services. The project, which is valued at as much as $10 billion over a decade, is designed to help the Pentagon consolidate its technology programs and quickly move information to warfighters around the world.

Read more of this story at Slashdot.