Lawsuits Accuse Siri, Alexa, and Google of Listening When They're Not Supposed To Slashdotby EditorDavid on privacy at January 1, 1970, 1:00 am (cached at September 5, 2021, 11:35 pm)

"Tech companies have long encouraged putting listening devices in homes and pockets..." reports the Washington Post. "But some are growing concerned that these devices are recording even when they're not supposed to — and they're taking their fears to the courts." (Alternate URLs here and here.) On Thursday, a judge ruled that Apple will have to continue fighting a lawsuit brought by users in federal court in California, alleging that the company's voice assistant Siri has improperly recorded private conversations... [H]e ruled that the plaintiffs, who are trying to make the suit a class action case, could continue pursuing claims that Siri turned on unprompted and recorded conversations that it shouldn't have and passed the data along to third parties, therefore violating user privacy. The case is one of several that have been brought against Apple, Google and Amazon that involve allegations of violation of privacy by voice assistants... The voice assistants are supposed to turn on when prompted — saying "Hey, Siri," for example — but the lawsuit alleges that plaintiffs saw their devices activate even when they didn't call out the wake word. That conversation was recorded without their consent and the information was then used to target advertisements toward them and sent on to third-party contractors to review, they allege... The lawsuits ask the companies to contend with what they do once they hear something they weren't intended to. Nicole Ozer, the technology and civil liberties director of the ACLU of California, said the suits are a sign that people are realizing how much information the voice technology is collecting. "I think this lawsuit is part of people finally starting to realize that Siri doesn't work for us, it works for Apple," she said. An Amazon spokesperson told the Post only a "small fraction" of audio is manually reviewed, and users can opt-out of those reviews or manage their recordings. Apple told the Post that isn't selling its Siri recordings, and that its recordings are not associated with an "identifiable individual." And Google pointed out that they don't retain audio recordings by default "and make it easy to manage your privacy preferences." But there's still concerns. "A Washington Post investigation in 2019 found that Amazon kept a copy of everything Alexa records after it thinks it hears its name — even if users didn't realize," the Post adds. In a 2019 video, Post reporter Geoffrey A. Fowler even spliced together all of Amazon's recordings of his voice, into a spoken-word anthem titled "Your voice now belongs to Amazon. "Eavesdropping is an invasion," Fowler argues in the video, adding that Amazon "is putting its profits over our privacy. It's also a sign of a bold data grab that's going on in our increasingly connected homes."

Read more of this story at Slashdot.

Malware Found Preinstalled In Classic Push-button Phones Sold In Russia Slashdotby EditorDavid on security at January 1, 1970, 1:00 am (cached at September 5, 2021, 10:35 pm)

"A security researcher has discovered malicious code inside the firmware of four low-budget push-button mobile phones sold through Russian online stores," reports the Record: In a report published this week by a Russian security researcher named ValdikSS, push-button phones such as DEXP SD2810, Itel it2160, Irbis SF63, and F+ Flip 3 were caught subscribing users to premium SMS services and intercepting incoming SMS messages to prevent detection. ValdikSS, who set up a local 2G base station in order to intercept the phonesâ(TM) communications, said the devices also secretly notified a remote internet server when they were activated for the first time, even if the phones had no internet browser... All the remote servers that received this activity were located in China, ValdikSS said, where all the devices were also manufactured before being re-sold on Russian online stores as low-budget alternatives to more popular push-button phone offerings, such as those from Nokia. But who's responsible, the article ultimately asks. The third party supplying the firmware? The parties shipping the phones? The vendors selling the phone without detecting its malware? Or the government agencies lacking a mechanism for collecting reports of malware...

Read more of this story at Slashdot.

High Ivermectin Overdosages Caused 1,143 Calls to America's Poison Control Centers T Slashdotby EditorDavid on medicine at January 1, 1970, 1:00 am (cached at September 5, 2021, 9:35 pm)

America's poison control centers are getting more calls this year from people who tried self-medicating with ivermectin, NPR reports — with at least 592 calls coming since July 1: According to the National Poison Data System, which collects information from the nation's 55 poison control centers, there was a 245% jump in reported exposure cases from July to August — from 133 to 459. Meanwhile, emergency rooms across the country are treating more patients who have taken the drug... Most patients are overdosing on a [high-concentration] version of the drug that is formulated to treat parasites in cows and horses... The National Poison Data System says 1,143 ivermectin exposure cases were reported between Jan. 1 and Aug. 31. That marks an increase of 163% over the same period last year... In Mississippi, which has one of the lowest rates of vaccination against the coronavirus, the state Department of Health issued an alert about the surge in calls to poison control in August. The department said that at least 70% of recent calls to the state poison control center were related to people who ingested a version of the drug meant for livestock. Minnesota's Poison Control System is dealing with the same problem. According to the department, only one ivermectin exposure case was reported in July, but in August, the figure jumped to nine. Kentucky has seen similar increases. Thirteen misuse calls have been reported this year, Ashley Webb, director of the Kentucky Poison Control Center, told the Louisville Courier-Journal. "Of the calls, 75% were from people who bought ivermectin from a feed store or farm supply store and treated themselves with the animal product," Webb said. The other 25% were people who had a prescription, she added. "You are not a horse. You are not a cow. Seriously, y'all. Stop it," the FDA said in a renewed warning late last month. Those with a prescription from a health care provider should only fill it "through a legitimate source such as a pharmacy, and take it exactly as prescribed," the agency instructs. It also cautioned that large doses of the drug are "dangerous and can cause serious harm" and said that doses of ivermectin produced for animals could contain ingredients harmful to humans. The agency added: "Even the levels of ivermectin for approved human uses can interact with other medications, like blood-thinners. You can also overdose on ivermectin, which can cause nausea, vomiting, diarrhea, hypotension (low blood pressure), allergic reactions (itching and hives), dizziness, ataxia (problems with balance), seizures, coma and even death." At least two more states — Louisiana and Washington — have also "issued alerts after an uptick in calls to poison control centers," according to a health writer for the Associated Press: By mid-August U.S. pharmacies were filling 88,000 weekly prescriptions for the medication, a 24-fold increase from pre-COVID levels, according to the Centers for Disease Control and Prevention. Meanwhile, U.S. poison control centers have seen a five-fold increase in emergency calls related to the drug, with some incidents requiring hospitalization.

Read more of this story at Slashdot.

The 'Dead Internet' Theory Posits Forums are Now Almost Entirely Overrun By AI Slashdotby EditorDavid on internet at January 1, 1970, 1:00 am (cached at September 5, 2021, 8:35 pm)

Ideas from 4chan (including its paranormal section) have percolated into the "dead internet" theory, writes the Atlantic, with a seminal post on another forum by "IlluminatiPirate" now arguing that the internet is almost entirely overrun by artificial intelligence: Like lots of other online conspiracy theories, the audience for this one is growing because of discussion led by a mix of true believers, sarcastic trolls, and idly curious lovers of chitchat... Peppered with casually offensive language, the post suggests that the internet died in 2016 or early 2017, and that now it is "empty and devoid of people," as well as "entirely sterile." Much of the "supposedly human-produced content" you see online was actually created using AI, IlluminatiPirate claims, and was propagated by bots, possibly aided by a group of "influencers" on the payroll of various corporations that are in cahoots with the government. The conspiring group's intention is, of course, to control our thoughts and get us to purchase stuff... He argues that all modern entertainment is generated and recommended by an algorithm; gestures at the existence of deepfakes, which suggest that anything at all may be an illusion; and links to a New York story from 2018 titled "How Much of the Internet Is Fake? Turns Out, a Lot of It, Actually." "I think it's entirely obvious what I'm subtly suggesting here given this setup," the post continues. "The U.S. government is engaging in an artificial intelligence powered gaslighting of the entire world population." So far, the original post has been viewed more than 73,000 times... The theory has become fodder for dramatic YouTube explainers, including one that summarizes the original post in Spanish and has been viewed nearly 260,000 times. Speculation about the theory's validity has started appearing in the widely read Hacker News forum and among fans of the massively popular YouTube channel Linus Tech Tips. In a Reddit forum about the paranormal, the theory is discussed as a possible explanation for why threads about UFOs seem to be "hijacked" by bots so often. The theory's spread hasn't been entirely organic. IlluminatiPirate has posted a link to his manifesto in several Reddit forums that discuss conspiracy theories... Anyway ... dead-internet theory is pretty far out-there. But unlike the internet's many other conspiracy theorists, who are boring or really gullible or motivated by odd politics, the dead-internet people kind of have a point... [Y]ou could even say that the point of the theory is so obvious, it's cliché — people talk about longing for the days of weird web design and personal sites and listservs all the time. Even Facebook employees say they miss the "old" internet. The big platforms do encourage their users to make the same conversations and arcs of feeling and cycles of outrage happen over and over, so much so that people may find themselves acting like bots, responding on impulse in predictable ways to things that were created, in all likelihood, to elicit that very response. That 2018 article in New York magazine had argued that (at that time) a majority of web traffic was probably coming from bots — including especially high bot traffic on YouTube — while even the engagement metrics for major sites like Facebook had been gamed or inflated. But whether or not that's changed, the Atlantic shares a compelling argument from a forum poster arguing that their very presence in this discussion proves they must be a bot. "If I was real I'm pretty sure I'd be out there living each day to the fullest and experiencing everything I possibly could with every given moment of the relatively infinitesimal amount of time I'll exist for instead of posting on the internet about nonsense."

Read more of this story at Slashdot.

In Novel Attack Technique, Salesforce Email Service Used For Phishing Campaign Slashdotby EditorDavid on security at January 1, 1970, 1:00 am (cached at September 5, 2021, 7:35 pm)

Slashdot reader storagedude writes: In a novel attack technique, Israeli security researchers discovered that cybercriminals were subscribing to Salesforce in order to use its email service to launch a phishing campaign and thus bypass corporate security defenses like whitelisting. The researchers, from email security service provider Perception Point, said bad actors are sending phishing emails via the Salesforce email service by impersonating the Israel Postal Service in a campaign that has targeted multiple Israeli organizations. In a blog post, security analysts Miri Slavoutsky and Shai Golderman wrote that this is the first time they had seen attackers abuse Salesforce services for malicious purposes. "Mass Email gives users the option to send an individual, personalized email to each recipient, thus creating the perception of receiving a unique email, created especially for you," Slavoutsky and Golderman wrote. "Spoofing attempts of Salesforce are nothing new to us. Attackers spoof emails from Salesforce for credential theft, is a typical example. In this case, the attackers actually purchased and abused the service; knowing that most companies use this service as part of their business, and therefore have it whitelisted and even allowed in their SPF records." Shlomi Levin, Perception Point's co-founder and CTO, told eSecurity Planet that given how whitelisting a trusted source can result in security breaches, "it is essential to employ a zero-trust attitude combined with a strong filtering mechanism to any content that enters the organization no matter the source: email, collaboration tools or Instant Messaging." Stephen Banda, senior manager of security solutions at cybersecurity vendor Lookout, agreed with the researchers that it's a new approach by malicious actors. "The practice of legitimately signing up for an email service with the full intention of using it for malice is an innovative strategy," Banda said. "This breach should be a warning to all service providers to conduct extensive due diligence into who is requesting access to their services so that this type of scam can be avoided in the future." "There are ways to detect spoofing but in this case the emails look authentic and are also coming from where they say they are coming from," said Saumitra Das, CTO of cybersecurity firm Blue Hexagon. "This means that attackers have got through the first email firewall both from a threat intelligence signature perspective of blocking known bad sources and also in some sense the instinct of the user themselves to be suspicious of what something is. It is common for attacks to get through email security solutions, but then well-trained or savvy users are the next line of defense. This [use of a legitimate email service] increases the chances of those users also clicking on links or downloading attachments."

Read more of this story at Slashdot.

[no title] Scripting News(cached at September 5, 2021, 7:03 pm)

When someone says "X is part of the problem" that's wrong in so many ways. Useless. They're actually the problem, not part of it even. Working together is how we get ahead. Unite rather than divide. I don't care how you got to the party, I'm just glad you're here now.
[no title] Scripting News(cached at September 5, 2021, 7:03 pm)

I once designed a JSONified version of RSS. Wrote about it and even put up a demo. I was surprised that somewhere in my sprawling ecosystem is a piece of code, still running, that maintains my JSONified RSS feed. Geek pride.
Facebook is Subcontracting Its Content Moderation for Hundreds of Millions of Dollar Slashdotby EditorDavid on facebook at January 1, 1970, 1:00 am (cached at September 5, 2021, 6:35 pm)

"For years, Facebook has been under scrutiny for the violent and hateful content that flows through its site...." reports the New York Times. "But behind the scenes, Facebook has quietly paid others to take on much of the responsibility. Since 2012, the company has hired at least 10 consulting and staffing firms globally to sift through its posts, along with a wider web of subcontractors, according to interviews and public records." Facebook's single biggest partner for content moderating is Accenture, the Times adds. "Facebook has signed contracts with it for content moderation and other services worth at least $500 million a year, according to The Times's examination." Accenture employs more than a third of the 15,000 people whom Facebook has said it has hired to inspect its posts... Their contracts, which have not previously been reported, have redefined the traditional boundaries of an outsourcing relationship. Accenture has absorbed the worst facets of moderating content and made Facebook's content issues its own. As a cost of doing business, it has dealt with workers' mental health issues from reviewing the posts. It has grappled with labor activism when those workers pushed for more pay and benefits. And it has silently borne public scrutiny when they have spoken out against the work. Those issues have been compounded by Facebook's demanding hiring targets and performance goals and so many shifts in its content policies that Accenture struggled to keep up, 15 current and former employees said. And when faced with legal action from moderators about the work, Accenture stayed quiet as Facebook argued that it was not liable because the workers belonged to Accenture and others. "You couldn't have Facebook as we know it today without Accenture," said Cori Crider, a co-founder of Foxglove, a law firm that represents content moderators. "Enablers like Accenture, for eye-watering fees, have let Facebook hold the core human problem of its business at arm's length...." The firm soon parlayed its work with Facebook into moderation contracts with YouTube, Twitter, Pinterest and others, executives said. (The digital content moderation industry is projected to reach $8.8 billion next year, according to Everest Group, roughly double the 2020 total.) Facebook also gave Accenture contracts in areas like checking for fake or duplicate user accounts and monitoring celebrity and brand accounts to ensure they were not flooded with abuse... Each U.S. moderator generated $50 or more per hour for Accenture, two people with knowledge of the billing said. In contrast, moderators in some U.S. cities received starting pay of $18 an hour.

Read more of this story at Slashdot.

JSON Feed after four years Scripting News(cached at September 5, 2021, 6:32 pm)

I've written about JSON Feed a few times. Summary: it was a bad idea. I don't know why devs want to come up with new names for well-established concepts. It makes all our lives more complicated if the format catches on, and if it doesn't, it just makes a mess.

If you absolutely had to have a JSON feed format, which no one does, it's easy to encapsulate anything you don't like about a format behind a simplifying API, and anything you can represent in RSS can be represented in JSON and vice versa, the best thing to do was a JSONified RSS. But they didn't do that either.

Okay, so four years later this thread appears in the support repo.

I might have been vaguely aware that Apple has a new format, obviously its own reinvention of RSS, also a totally bad idea, and another developer thinks JSON Feed should adopt its features. He is correct. That is the right move. Or even better, just leave JSON Feed behind and support both Apple's new incompatible format and RSS 2.0. Given that they're rooted in the Apple world, probably both. But the sparsely supported format they put out there was a bad idea and today it's an even worse idea, and it's only going to get more so.

People keep doing this, thinking that starting over is the thing to do. Apple will have trouble with their format because publishers will see it as the trap that it obviously is and probably will forever tell Apple it would be better if they didn't go off and blaze a new trail when there already is a well-worn path. No one wants to get locked in the trunk, they want to ride up front with you. And in publishing, thankfully, Apple still is not dominant. And hopefully it stays that way. And the rest of us have to circle the wagons and reduce the number of formats we have to deal with, not add to them.

[no title] Scripting News(cached at September 5, 2021, 6:32 pm)

If you want to make a long-term contribution to tech, make your users' data accessible through open file formats. Software comes and goes, lots of planned obsolescence, but users' files tend to stick around.
[no title] Scripting News(cached at September 5, 2021, 6:02 pm)

Most people in America don’t get how slavery is what we’re still fighting over. Colin Kaepernick is black, in America that means he’s a slave. Our country has yet to settle that question. Most of us have decided to grow out of it, but for a sizeable minority, they’re going keep fighting it. What Kaepernick is to them, a slave who forgot his place.
IBM's New Mainframe 7nm CPU Telum: 16 Cores At 5GHz, Virtual L3 and L4 Cache Slashdotby EditorDavid on ibm at January 1, 1970, 1:00 am (cached at September 5, 2021, 5:35 pm)

Long-time Slashdot reader UnknowingFool writes: Last week IBM announced their next generation mainframe CPU Telum. Manufactured by Samsung's 7nm node, each Telum processor has 8 cores with each core running at a base 5GHz. Two processors are combined in a package similar to AMD's chiplet design. A drawer in each mainframe can hold 4 packages (sockets), and the mainframe can hold 4 drawers for combined 256 cores. Different from previous generations, there is no dedicated L3 or L4 cache. Instead each core has a 32MB L2 cache that can pool to become a 256MB L3 "virtual" cache on the same processor or 2GB L4 "virtual" cache on the same drawer. Also included to help with AI is a on-die but not on-core inference accelerator running at 6TFLOPS using Intel's AVX-512 to communicate with the cores.

Read more of this story at Slashdot.

School Science Projects Reveal Very High Lead Levels in the Schools' Water Slashdotby EditorDavid on uk at January 1, 1970, 1:00 am (cached at September 5, 2021, 5:05 pm)

650 U.K. schools received educational kits from a charity for testing the lead levels in their water. Students at more than 14 schools then discovered their drinking water had higher lead levels than the recommended maximum. The Guardian reports: Several schools reported levels of lead at 50 micrograms per litre — five times the maximum allowed. Even low levels of lead are toxic and can reduce children's IQ and damage their nervous system... The charity conducted its own tests on samples returned by 81 schools and has confirmed that 14 samples have lead above 50 micrograms per litre, with several more showing signs of elevated levels. The charity is now contacting the schools to alert them and filtration firm Aquaphor, which co-sponsored the project, said it would supply free water filters to affected schools. "One of the frustrations of most school science is that it doesn't have any significance," writes Slashdot reader. "This is a story of one that revealed that lead levels were far higher than everyone was assuming..." A spokesperson for the Department of Environment Food and Rural Affairs told the Guardian that "If a school becomes aware they have lead pipework or have a test which has failed for lead, they should contact their local water company who will be required to enforce the removal of the lead pipe by the owner of the building."

Read more of this story at Slashdot.

Getting caught up with Electron Scripting News(cached at September 5, 2021, 4:32 pm)

A query for Electron devs.

I have been developing Electron apps for five years at least.

I have an Electron version of Drummer for the Mac (to start) almost ready to go, but there are problems with the File dialogs. It feels like a versioning thing? These routines worked fine in earlier software. So I figure what I need to do is get this app building using the latest versions of Electron and the latest build tools. If I recall correctly they change a lot. And it's been a while since I figured out how to do it. When I read their docs for building stuff I feel as lost as I felt when I was just starting out.

Okay, so here's how I build the app currently:

sudo electron-packager . "Electric Drummer" --platform=darwin --arch=all --overwrite --icon=drummer.icns --electron-version=7.1.10

What should I change to get my build process up to date?

It works, it builds the app, and I've been using it, it's just not the current Electron release and their are quirks with the file dialogs.

Ideally I'd like to not have to learn too much about the the Electron release process or versions -- just give me something that works and I can get back to my sprawling codebase.

Here's a thread for comments. Thanks in advance.

[no title] Scripting News(cached at September 5, 2021, 4:32 pm)

New term: Inter-outline inclusions. 0 matches.