Saturday, October 29, 2016

SPOTLIGHT ON SECURITY Bot Armies Boost Candidates' Popularity on Twitter

Internet bots have many useful online purposes, but they have a dark side, too, as three researchers demonstrated in their analysis of Twitter traffic during the first presidential debate between Hillary Clinton and Donald Trump.

Bots are used to automate functions on the Net. For example, if you belong to several social networks, you could use a bot to post a photo to all of them at once, saving the time of logging onto each network and posting the pic individually.

What the researchers found was that bots also can be used to amplify support on Twitter.

Manufactured Support

The researchers tracked how automated accounts were tweeting messages with hashtags associated with the candidates. For example, #makeamericagreatagain or #draintheswamp for Trump; #imwithher for Clinton. They found that one-third of all tweets using pro-Trump hashtags were created by bots and one-fifth of all Clinton hashtags were generated by automated accounts.

How might that affect public opinion?

"They act as a prosthesis for small groups of people to affect conversation on social media," said Samuel Woolley, director of research at Political Bots, a project to assess the effect of automated advocacy on public life. Woolley coauthored the report on debate bots with Bence Kollanyi of Corvinus University and Philip N. Howard of Oxford University

The effect of that prosthesis can be multiplied by news media.

"A lot of conversations on social media, especially those followed by journalists, are about what's trending and what candidate has a lot of support online," Woolley told TechNewsWorld, "but what we found was that a lot of traffic surrounding Donald Trump and Hillary Clinton is actually manufactured."

The researchers do not know who is behind the bots, but the practice isn't new.

"We know that in the past, Republican and Democratic candidates in the United States have been connected to either social media management or content management firms or 'astroturf' activists that have built bots for the candidates," Woolley said.

Gravy for Nation-States

Such bots were used in the 2008 special election to fill Ted Kennedy's Massachuetts Senate seat in 2008, according to a 2010 study by two researchers at Wellesley College, Panagiotis Takis Metaxas and Eni Mustafaraj.

A conservative group in Iowa, the American Future Fund, set up nine Twitter accounts that sent 929 tweets and reached more than 60,000 people with messages accusing the Democratic candidate in the race, Martha Coakley, of being anti-Catholic, the researchers found.

Nation-states aren't above using such tactics either.

"Political actors and governments worldwide have begun using bots to manipulate public opinion, choke off debate, and muddy political issues. Political bots tend to be developed and deployed in sensitive political moments when public opinion is polarized," Woolley and his colleagues wrote in their report.

"We know for a fact that Russia, as a state, has sponsored the use of bots for attacking transnational targets," Wooley pointed out.

"Other governments do it, too. We've had cases in Mexico, Turkey, South Korea and Australia," he added. "The problem is that a lot of people don't know bots exist, and that trends on social media or even online polls can be gamed by bots very easily."

Distorting Democracy

Bots aren't just a Twitter problem -- they're an Internet problem.

"The proportion of bots to humans on the Internet is about 50-50," said Tim Matthews, vice president of marketing at Imperva.

"Any task that is repetitive or mundane or can be simply automated is a likely candidate for a bot to take over," he told TechNewsWorld, "so it's not surprising to see more and more bots being used in social media for that reason."

Bots have many good uses. For example, Web spiders are bots used by search engines to keep their indexes current. However, in a political context, they can have undesirable effects.

"These sorts things can distort democracy if used for purposes of propaganda, but they can be used to support democracy if they're used for beneficial reasons," Woolley said.

That said, "there has to be some kind of regulation of this -- whether by the platforms themselves or government or advertisers," he added. "At the moment, there's a lot of fake political speech online, and it can definitely affect the way that people perceive politics and democracy."

Tech-Support Scams

Tech support scammers raked in US$1.5 billion in 2015, based on Microsoft's estimates, and the problem is getting worse, suggests a recent report from Malwarebytes.

Once carried out by telemarketers making cold calls, these scams now operate through tech support lines listed on websites, or they use pop-ups to get victims to call, the report notes. Instead of receiving help, users find their computers held for ransom.

These tech support scams aren't easy to spot, the report notes. Their tactics have become so advanced that almost anyone could fall for their tricks.

Further, getting on a tech support scammer's call list can be a descent into cold call hell for a consumer.

"It got so bad, I canceled my landline," said Jean-Philippe Taggart, a senior security researcher with Malwarebytes Labs.

"I wasn't getting any more phone calls except those from people pretending to be from Microsoft telling me that my computer was infected," he told TechNewsWorld.

From Cold Calls to Ransomware

When consumers began hanging up on the scammers' cold callers, they changed their tactics. "They moved to targeted advertising that masquerades as error messages," Taggart explained.

When consumers browsed certain websites, a pop-up ad resembling an error message appeared on the screen with instructions for calling "support." Once contact was established, the scammers used social engineering to wring money from the consumers.

Now some tech support scammers have gone beyond pop-ups.

"They're starting to use malicious software," Taggart said.

They'll buy a spot in a software bundle to have their software installed with legitimate offerings in the package.

"The software will lock up your computer, so the victims are no longer people who lack computer savvy," Taggart explained. "If you get one of these attacks as a vector, you're stuck. You can't use your computer until you call fictitious tech support."

Breach Diary

  • Oct. 17. StartPage, a European meta search engine, announces it's dropping Yahoo search from its website because of Yahoo's lack of openess about privacy and a massive data breach in 2014.
  • Oct. 17. Katy Independent School District in Texas warns 78,000 students and staff members their personal data is at risk due to a data breach.
  • Oct. 19. Czech police announce they have arrested a Russian citizen in Prague wanted by the FBI in connection to 2012 data theft of 117 million passwords at LinkedIn.
  • Oct. 18. Redbus, an Indian online travel ticketing platform, confirms data breach that may have compromised more than 4 million accounts. Company advises all its users to reset their passwords.
  • Oct. 18. Veracode releases "State of Software Security" report, which includes finding that about 97 percent of Java applications contained at least one component with a known vulnerability.
  • Oct. 19. Federal Reserve, FDIC and OCC issue notice of proposed rulemaking seeking comments on a set of enforceable cybersecurity standards for banks with more than US$50 billion in assets.
  • Oct. 20. National Payments Corporation of India reports some 3.2 million payment cards have been compromised in massive ATM security breach.
  • Oct. 20. Weebly, a San Francisco-based website creation company, starts notifying more than 43 million customers their personal information is at risk due to data breach that occurred in February.
  • Oct. 21. Kenya Commercial Bank dismisses reports earlier in the week that it was the victim of a data breach. It says the reports were based on malicious information aimed at upsetting its customers.
  • Oct. 21. Baystate Health in Springfield, Massachusetts, announces personal data of 13,000 patients is at risk from data breach in August.
  • Oct. 21. John McAfee tells CSO Online that his sources on the Dark Web lead him to believe that Iran was behind the hack of the Democratic National Committee in July.

Upcoming Security Events

  • Oct. 31. Can Privacy and Government Encryption Backdoors Co-Exist or Is It an Oxymoron? 1 p.m. ET. Webinar by Twistlock. Free with registration.
  • Nov. 1-4. Black Hat Europe. Business Design Centre, 52 Upper Street, London, UK. Registration: before Sept. 3, Pounds 1,199 with VAT; before Oct. 29, Pounds 1,559 with VAT; after Oct. 28, Pounds 1,799 with VAT.
  • Nov. 3. Vawtrak v2: The next big banking Trojan. 11 a.m. ET. Webinar by Blueliv Threat Intelligence Research Labs. Free with registration.
  • Nov. 3. Benefits and Implementation of EMV Tokenization for Stronger Payments Security. 1 p.m. ET. Webinar by Smart Card Alliance. Free with registration.
  • Nov. 7. The Cybersecurity Agenda for the Next President. 2 p.m. Online panel discussion. Free with registration.
  • Nov. 8. One Firewall to Rule them All! 5 a.m. ET. Webinar by Fortinet. Free with registration.
  • Nov. 8. Withstanding a Ransomware Attack: A Step-by-Step Guide. 9 a.m. ET. Webinar by Netwrix. Free with registration.
  • Nov. 8. How Can I Automatically Find and Fix My Data Security Blind Spots? Noon ET. Webinar by Compliance Engineering. Free with registration.
  • Nov. 8. Addressing Security Analyst Fatigue in the SOC. 2 p.m. ET. Webinar by Syncurity. Free with registration.
  • Nov. 9. Don't allow security & data regulations to slow business transformation. 6 a. m. ET. Webinar by Symantec and Bluecoat. Free with registration.
  • Nov. 9. Data Protection & Incident Response. 9 a.m. ET. Webinar by the Cyber Management Alliance. Free with registration.
  • Nov. 9. Data Protection: Going Beyond Encryption and Residency. 9 a.m. ET. Webinar by FireEye. Free with registration.
  • Nov. 9. Learn how to prevent the worst from happening when it comes to key loss 11 a.m. ET. Webinar by Product Marketing. Free with registration.
  • Nov. 9. Abusing Bleeding Edge Web Standards for AppSec Glory. Noon ET. Webinar by Cyph. Free with registration.
  • Nov. 9. Data Protection & Incident Response: Protecting Your Assets During a Crisis. 2 p.m. ET. Webinar by Iconic Security.
  • Nov. 9. Using Privileged Access Management to Beat Back Insider Threats. 4 p.m. ET. Webinar by Onion ID. Free with registration.
  • Nov. 9-10. SecureWorld Seattle. Meydenbauer Center, 11100 NE 6th St., Bellevue, Washington. Registration: conference pass, $325; SecureWorld Plus, $725; exhibits and open sessions, $30.
  • Nov. 10. How to Protect Your Organization's Confidential Data. 10 a.m. ET. Webinar by BrainStorm. Free with registration.
  • Nov. 10. Protect Against Cyber Attacks with Deep Learning. 11 a.m. ET. Webinar by Deep Instinct. Free with registration.
  • Nov. 10. Enhance Privacy and Security with Integrated IAM. 2 p.m. ET. Webinar by Forte Advisory. Free with registration.
  • Nov. 12. B-Sides Jackson. Old Capitol Museum, 100 South State St., Jackson, Mississippi. Free.
  • Nov. 12. B-Sides Atlanta. Atlanta Tech Village, 3423 Piedmont Rd. NE, Atlanta, Georgia. Free.
  • Nov. 12. B-Sides Boise. Trailhead, 500 S. 8th St., Boise, Idaho. Cost: $10.
  • Nov. 12. B-Sides Charleston. Beatty Center, College of Charleston, Charleston, South Carolina. Free.
  • Nov. 15. Wrangling Unicorns -- A Skills Shortage Survival Guide. 10 a.m. ET. Webinar by Acumin Consulting. Free with registration.
  • Nov. 23. Security: Enabling the Digital Revolution Without Disruption. 10 a.m. ET. Webinar by Alert Logic and Rackspace.
  • Nov. 28-30. FireEye Cyber Defense Summit 2016. Washington Hilton, 1919 Connecticut Ave. NW, Washington, D.C. Registration: through Sept. 30, general admission, $495; government and academic, $295; Oct. 1- Nov. 21, $995/$595; Nov. 22-30, $1,500/$1,500.
  • Dec. 2-3. B-Sides Phliadelphia. Drexel University, 3141 Chestnut St., Philadelphia, Pennsylvania. Free.

,

Microsoft Open Sources AI Toolkit

Microsoft this week released an updated version of its Microsoft Cognitive Toolkit as an open source Beta.

The deep learning system is used to speed advances in areas such as speech and image recognition and search relevance on CPUs and Nvidia GPUs. It also works with Microsoft's Azure GPU offering.

The Microsoft computer scientists who developed the toolkit initially were looking for a tool to speed up and improve their own research. Initially called "Microsoft/CNTK," it morphed into an offering that Microsoft customers and flagship product groups depend on for a wide variety of deep learning tasks, the company said.

Deep learning is an artificial intelligence technique developers and researchers use to process large amounts of data, called "training sets." The software teaches computer systems to recognize patterns from inputs such as images and sounds.

The toolkit is available on GitHub via an open source license.

"The toolkit's scalability and availability as an open source project are both pluses that should spur interest and use," noted Charles King, principal analyst at Pund-IT.

What It Does

With the update, Microsoft changed the name from "CNTK" to "Microsoft Cognitive Toolkit" to reflect an offering that is more broadly based and has new capabilities, said Microsoft spokesperson Casey Johnson.

"Our vision is to democratize artificial intelligence for every person and organization. We made Cognitive Toolkit open source so it is easily available to every developer who wants to build great AI applications," she told LinuxInsider.

The latest version of the toolkit includes new functionality that lets developers use Python or C++ programming languages in working with the toolkit. With the new version, researchers also can do a type of artificial intelligence work called "reinforcement learning."

Who It Targets

Microsoft Cognitive Toolkit is designed for researchers and developers who need machine learning and neural network tools to create artificial intelligence applications, Microsoft said. The toolkit provides users with greater flexibility and extensibility.

The upgrade delivers better performance than previous versions. The improvements focus on speed when working on big datasets across multiple machines. That speed boost is needed to support the deep learning process across multiple GPUs used to develop consumer products and professional offerings.

The toolkit's ability to work across multiple servers is a key advantage over other deep learning toolkits, according to Microsoft. When used on bigger datasets, other software products are subject to performance degradation. Microsoft Cognitive Toolkit has built-in algorithms to minimize that computational slowdown.

The toolkit helped the Microsoft Artificial Intelligence and Research team create a technology that recognizes words in a conversation as well as a person does, according to Microsoft.

Mixed Bag

It appears that Microsoft has made substantial progress in speech recognition accuracy, Pund-IT's King told LinuxInsider.

On the minus side, it is a fairly narrow solution in and of itself, he suggested. Other cognitive ecosystems, such as IBM's Watson, offer far richer and deeper resources for developers.

However, "the toolkit is another expression of the support for open source that has really blossomed at Microsoft since Satya Nadella become CEO," said King.

That's all to the good. Practically speaking, though, the company delivered the toolkit as a Windows-only solution. That limits it to a fraction of the number of developers who otherwise might take it up.


,

Friday, October 28, 2016

Xiaomi Debuts Magical Mi Mix

Xiaomi on Tuesday fired another shot in the shrinking bezel wars, as it announced a smartphone with a front that's more than 90 percent display.

The Mi Mix is a 6.4-inch phone that's stylishly crafted by French designer Philippe Starck. It sports a feature set that indicates Xiaomi wants to compete at the high end of the smartphone market.

"For many years, Xiaomi has had a reputation of copying designs and branding from Apple and Samsung," said Ross Rubin, principal analyst at Reticle Research.

"This phone breaks with those designs," he told TechNewsWorld.

"One factor for success is trying to get the greatest possible screen area into the smallest possible footprint," Rubin said. "This design comes close to the ideal of an all-screen phone."

The Mi Mix has a screen-to-body ratio of 91.3 percent. That compares to 67.7 percent for Apple's iPhone 7 Plus.

Real Estate Grab

To expand the Mi Mix's display, Xiaomi grabbed the real estate at the top of the phone occupied by the front-facing camera, ear speaker and proximity sensor.

It did that by moving the front-facing camera to the bottom of the phone, and replacing the ear speaker with a piezoelectric speaker that uses the metal frame of the phone to generate sound. It also replaced the infrared proximity sensor found on most phones with one that uses sound.

The proximity sensor turns off a smartphone's display as the device approaches the ear. Most phones use an infrared sensor at the top of the phone to do that. The Mi Mix uses ultrasound waves and software to do it.

"We use the sound transmitter that's already inside the phone," explained Guenael Strutt, vice president of product development at Elliptic Labs, maker of the ultrasound technology, which it calls "Inner Beauty."

"The sonic wave echos off the head, is picked up by a microphone, and the data is processed by our algorithms inside the phone," he told TechNewsWorld. "We use components in the phone to detect the head -- we don't have to add a new sensor."

Using sound to detect proximity also avoids issues that make infrared sensors unreliable from time to time, such as weather conditions or skin and hair coloring.

Top-Shelf Play

In addition to its eye-catching display, the Mi Mix has a 16-megapixel camera with phase-detect auto focusing, a generous 4,400 mAh battery, two SIM slots and a Snapdragon 821 processor. It supports high-definition audio with a 192 Hz/24-bit DAC chip, which users can listen to through a standard headphone jack.

Although the Mi Mix is officially a concept phone, Xiaomi will start selling it in China next week. Models with 4 GB of RAM and 128 GB of storage will be priced at US$516, and those with 6 GB of RAM and 256 GB of storage will sell for $590.

"Xiami lost a lot of traction in China as Vivo and Oppo strengthened their position in the lower end, and Huawei and Apple took the high end," said Carolina Milanesi, a principal analyst at Creative Strategies.

"I see the new Mi Mix concept phone as an attempt by Xiaomi to recapture the higher end of the market and reposition itself as an innovator," she told TechNewsWorld.

Xiaomi already is a top global contender because of its performance in China, and it wants to challenge Huawei in the West as best-performing Chinese brand.

"If this phone really goes up for sale in the West, it might jump ahead of the iPhone in terms of sexiness and design appeal," Newzoo CEO Peter Warman told TechNewsWorld.

Just the Beginning

It's unlikely the Mi Mix will be made for the mass market, though, in Milanesi's view.

"Chinese consumers love large screens, and the quality of the display looks fantastic," she said, and "$520 is in line with their pricing strategy of delivering a high-end experience at an affordable price."

That said, "it will be interesting to see what supplies will be, as I have a feeling that these phones are more focused on revamping brand than growing sales," Milanesi added.

Xiaomi might be wise to sell as many Mi Mixes as the market will bear as fast as it can before competition heats up.

More designs like the Mi Mix will start appearing in the next 12 months, said Daniel Matte, an analyst at Canalys.

"This is an indicator of where things are going. We'll see a lot of bezel-less designs in the next year," he told TechNewsWorld. "Xiaomi is one of the first to do this, but there will be many more to come."


,

Microsoft's New Tech Targets Human Creativity

Microsoft made a slew of announcements at its New York City event Wednesday, focusing on the idea of user as creator.

Among its new offerings:

  • The Surface Studio, an all-in-one desktop computer with a touchscreen that's 12.5mm thick;
  • The Surface Dial, a new input device that provides haptic feedback;
  • The Surface Book i7;
  • VR headsets for Windows 10 that use the same Windows Holographic platform as its HoloLens;
  • A revamped Paint app with 3D capability; and
  • Creator's Update, an upcoming Windows 10 refresh providing 3D creation tools, live streaming, and custom Xbox app tournaments.

"Ultimately, technology is just a tool in the hands of humanity," Microsoft CEO Satya Nadella said at the event. It's "a tool that helps amplify our ingenuity and creativity. New computing medias do not take shape by technology alone."

The Surface Studio took center stage at the event.

"The Surface Studio is my favorite simply based on looks and the way it's aimed at graphical productivity," said Michael Jude, a program manager at Stratecast/Frost & Sullivan.

"It would be ideal for desktop publishing integrating graphics," he told TechNewsWorld. "This makes productivity through graphical manipulation practical."

The Surface Studio's 4.5K ultra HD touchscreen stood out for Rob Enderle, principal analyst at the Enderle Group.

"All the OEMs buy screens based on price and yield," he told TechNewsWorld. "Microsoft specified a screen that was matched to what Windows can do, which means this one product will work better with Windows than anything currently in, or coming to, market."

The only other firm that has done that is Apple, Enderle noted.

Surface Studio Specs

The Surface Studio's screen delivers 63 percent more pixels than a state-of-the-art 4K TV, said Terry Myerson, EVP of Microsoft's Windows and Devices Group.

It works beautifully with a stylus pen, touch and the new Surface Dial, he noted.

Surface Studio desktop

The Surface Studio comes in various configurations built around an Intel Core i5 or i7 processor, starting at US$3,000.

"It replaces a high-end digitizer, lets users work vertically or horizontally, is appealing to the eye, and the screen is uniquely accurate," Enderle said.

The price tag "may be seen as a bargain," he pointed out, because the "very well-defined group of users and executives" who will want it "will generally buy the best tool, and often have stations costing over $5,000."

The Surface Studio will be available Dec. 15.

The New Surface Book

The new Surface Book has an Intel Core i5 or i7 processor and comes in several configurations. Battery life is up to 16 hours, and it ranges in price from $1,500 to $2,800.

Surface Book detach

The new version is an incremental upgrade to the Surface 2-in-1 line that "gives OEMs breathing room to incorporate new tech like Intel's Kaby Lake processors into their models before Microsoft fully upgrades Surface Pro and Surface Book next year," said Eric Smith, senior analyst at Strategy Analytics.

VR for the Masses

HP, Dell, Lenovo, ASUS and Acer will ship the first VR headsets capable of mixed reality with the coming Windows 10 Creators Update, Microsoft's Myerson announced. They will start at $300 and "work with affordable laptops and PCs."

Windows 10 VR devices

Reaction from consumers to VR and AR technologies "is fairly positive," according to Frost's Jude, and this move "will provide [Microsoft] an entry point for the consumer market, especially for e-gaming."

Microsoft's offering "should be far more acceptable in both price and ease of use" than the Oculus and HTC VR systems, which are "expensive and difficult to set up with the needed two cameras," Enderle observed.

However, the VR dev kit "requires 8 GB or more of RAM," Strategy Analytics' Smith pointed out.

"If this remains the minimum requirement, it's going to be a very exclusive group of first adopters compared to other AR/VR headsets," he told TechNewsWorld. Still, "this was a very smart move by Microsoft in showing off deeper platform integration in consumer environments following its acquisition of Minecraft."


,

Thursday, October 27, 2016

Tech on TV: A Little Realism Goes a Long Way

Watching TV shows often requires the suspension of disbelief -- that is, a willingness to press pause on one's critical faculties in order to believe the unbelievable. Realism often must be secondary to story, in other words. This very often is necessary when computers are used to advance plot lines, when programmers and hackers alike can bang away on their keyboards and produce tremendous results in seconds.

One need look no further than such shows as The Blacklist or Scorpion, which feature keyboard cowboys who can hack into systems at the drop of a hat, hook into GPS systems, or employ some other technobabble gimmick to track the badguy and save the day. This use of computers has been commonplace as long as computers have been around.

"The patterns are not just with recent tech --20 years ago, MacGyver was doing very unlikely tech things, as did the A-Team and so many others -- just with different tech," said Jim Purtilo, associate professor of computer science at the University of Maryland.

"A brief suspension of disbelief has helped storytellers since well before Shakespeare," he told TechNewsWorld.

Impossible TV

What can be done with a computer on some TV shows requires more than a basic suspension of disbelief. In some cases, what fictional computer whizzes can accomplish borders on the miraculous.

With many TV shows, it's likely that accuracy isn't the writers' primary concern, said Jay Rouman, a computer network engineer who has worked with computers since the late 1970s.

"I stopped watching Scorpion after they had a convertible chase a commercial jet down the runway with an Ethernet cable dropped out of the jet," Rouman told TechNewsWorld.

Beyond the fact that the takeoff speed of the jet could be well over 200 mph, the fact that the cable was even so readily available could be something that occurs only in the imagination of a TV show writer.

"It just happened to be on board and plugged into the master computer," recalled Rouman. "I've been in data centers where couldn't find an Ethernet cable that would give you Internet connectivity!"

Brave New World

A new wave of TV shows have been creating more realistic situations, ditching the meaningless technobabble for more accurate computer jargon. Instead of murky plot devices, actual programming is displayed.

TV shows such as AMC's Halt and Catch Fire and HBO's Silicon Valley focus on the exploits of computer programmers -- with the former highlighting the first tech boom of the 1980s and the latter taking place in the modern day.

The shows are very different in tone. Halt and Catch Fire is a workplace drama with soapy elements, while Silicon Valley, which was created by Beavis and Butt-Head creator Mike Judge, follows the more traditional comedy formula.

Yet computer programming is key in both shows. Each is full of realistic jargon, and close observers will see actual code on the screens, which certainly has made the shows appealing to those in the world of tech.

"The culture around technology is also magnificently depicted in Silicon Valley," added Purtilo.

"Sure it is stylized, just as any cartoonist must emphasize a subject's few key features in order to tell a story -- but they get it right," he explained.

"Maybe we don't know specifics of Pied Piper's fabulous compression algorithm, but I've watched a room full of geeks self-segregate around 'tabs versus eight spaces' or 'vim versus emacs' questions," Purtilo observed. "It's hilarious because that is what we do, and accurate details just help us project ourselves into those situations more readily."

Consulting With Programmers

Getting those details right takes going to the source, and in the case of Silicon Valley, it meant calling in actual programmers.

"We have a large staff of consultants who help us try not to look like idiots," said Dan O'Keefe, co-executive producer and writer for Silicon Valley.

"It's important to us not just to tell well-crafted, funny stories about people who live in this space, but to get as many of the details as right as we can," he told TechNewsWorld. "Or maybe we're just all severely OCD."

A bigger challenge for Silicon Valley was that it had to make the geek-speak not only believable, but also relatable.

"In a generic office show, all the comic tropes have been mined, from The Office going back to Dick van Dyke and further still," noted O'Keefe.

"The tech space, being newer, has newer protocols and rituals and such-like," he pointed out. "So it's necessary for us to be more realistic not just to be believable, but to be funny in the specific way we intend."

Not a Documentary

For a period piece recalling a time that many viewers may remember, Halt and Catch Fire does a decent job of getting the tech right -- especially as it presents the faux history of companies that didn't actually exist.

In terms of the technology it presents, "the show is very accurate," said engineer Rouman.

Even when the technology shown is questionable -- such as how the fictional gaming company was able to purchase an IBM when those systems typically were leased, it "mostly comes down to plot points and what would be most logical," Rouman pointed out.

"Having run a dial-in service, I think they skipped over a lot, but it's a TV show, not a tutorial on running dial-in modems," he said. "Like Star Trek, the show creators are wise not to belabor the technical details, because most people don't care."

If there is a complaint with this particular series, it is in the title suggested Rouman.

"HFC came from a joke in the old 'fortune' program that is still available on modern Linux and FreeBSD systems, where it prints a 'fortune' or some random witty saying as you log on," he explained. "The show's producers came up with some line about how it was an instruction to the CPU that would cause it to loop forever and it was a real instruction. I have never heard of such a thing."

Hack Attack

Anther side of programming on TV shows is hacking. Many have relied on keeping the actual "how it is done" so basic that it just "is" -- no need for any problematic details. No producer wants to be accused of providing a how-to guide, but USA Network's Mr. Robot does attempt to make the on-screen exploits seem a bit more genuine.

"I can't speak to the techniques used to break into systems because I don't do that, but their tools are correct," said Rouman.

"The actual hacking stuff they got right -- sometimes incredibly so," he added. "The stuff that they type makes complete sense; 'ifconfigwlan0 up' does indeed bring up a wireless interface. Nobody gets this stuff right."

Although it's not a documentary on hacking, some programmers actually might learn a thing or two.

"I am actually embarrassed to admit that after more than 25 years using Unix-like systems, I saw a very common command had a default I didn't know about," admitted Rouman. "I tried it and it worked."

Scripted Hacking

Another consideration is that TV shows need to be entertaining, so the plot must supersede how the characters conduct any hacking or programming, and at times serious pros may spot what they consider serious mistakes.

"Mr. Robot is laughable, really, because it isn't so much a show about hackers, but about script kids," suggested Adriel T. Desautels, CEO of penetration testing company Netragard.

The characters on Mr. Robot might seem like hackers, even to many in the tech world, but instead of reverse-engineering software, they rely on third-party hacking tools to do their deeds.

"It is not really the hacking world," Desautels told TechNewsWorld.

Yet "this is the first time that a TV show has even touched upon this part of the computer world," he added.

"More importantly, it is hard to translate that into an action-packed storyline," Desautels acknowledged. "It would be really boring to have the hacker playing with bits and bytes to reverse-engineer the code, especially if you didn't know what they were doing!"


,

Wednesday, October 26, 2016

Antique Kernel Flaw Opens Door to New Dirty Cow Exploit

A Linux security vulnerability first discovered more than a decade ago once again poses a threat, Red Hat warned last week, as an exploit that could allow attackers to gain enhanced privileges on affected computers has turned up in the wild.

Users need to take steps to patch their systems to prevent the exploit, known as "Dirty Cow," from granting access to unprivileged attackers.

"This flaw has actually been in the kernel for a better part of a decade -- what's changed isn't the vulnerability itself, but rather the manner in which it's being exploited," said Josh Bressers, a security strategist at Red Hat.

"As attack methods have become more sophisticated, hardware has become faster, and the kernel [has become] more predictable, a bug that was once thought to be impossible to exploit is now possible to exploit," he told LinuxInsider.

Out of the Shadows

Linux security researcher Phil Oester rediscovered the flaw while examining a server that appeared to have been under attack, he told V3.

A "race condition" was found in the way the Linux kernel's memory subsystem handled copy-on-write breakage of private read-only memory mappings, Red Hat explained in last week's security update.

Unprivileged local users could use the flaw to access otherwise read-only memory mappings and increase their privileges on the system, the update states. The issue affects Linux kernel packages as shipped with Red Hat Enterprise Linux 5,6,7 and MRG 2.x.

Shipping versions of Fedora are also affected, and Fedora is aware of the flaw, the warning notes.

Red Hat advised users running affected versions of the kernel to update as soon as patches become available, adding that a system reboot will be required to make sure the kernel update is applied.

A patch for customers running Red Hat Enterprise Linux 7.2 or greater will be available, according to the company. For several other versions of Red Hat Enterprise Linux, an active Extended Update Support subscription will be required to access the patch.

Users who don't have an active EUS subscription will have to contact Red Hat sales representatives, the company said. For those using Red Hat Enterprise Linux 6.2, 6.4 and 6.5, an active Advanced Update Support subscription will be required for access to the patch.

Possible Consequences

"The major risks are that an attacker exploiting this -- and there has been an identified attack in the wild via HTTP -- would be able to replace known binaries, including the replacement of core system applications, compilers and various publicly exposed systems -- SSH daemons, Web servers, and so on," said Kevin O'Brien, CEO of GreatHorn.

"From a risk perspective, the age, ease of exploit, and reliability of this particular vulnerability is particularly concerning," he told LinuxInsider.

Seeing a CVE of this magnitude, when combined with an in-the-wild implementation, makes this a critical issue for any systems administrator, O'Brien said.

That said, since the code must be executed on a local system and not a network, it's a two-step process for the attacker, noted Red Hat's Bressers.

"Given that most modern IT environments do not allow local untrusted users, it's a serious vulnerability, but one that requires effort on the part of the attacker to exploit," he explained.

If successful, unprivileged attackers would be able to change, remove or copy content that otherwise would be inaccessible.


,

Social Media Analytics, Meet Big Brother

The American Civil Liberties Union recently uncovered evidence that led Twitter, Facebook and its Instagram subsidiary to stop sharing data with Geofeedia, a firm accused of improperly collecting social media data on protest groups, and sharing that information with numerous law enforcement agencies.

Geofeedia, a developer of location-based analytics, had been marketing its technology to law enforcement agencies. It was used for such purposes as monitoring Black Lives Matter protests in Ferguson, Missouri, and Baltimore, Maryland, according to the ACLU.

The ACLU of Northern California uncovered the practice after requesting public records information from 63 law enforcement agencies in California.

The documents revealed that Instagram had provided Geofeedia access to streams of user posts, called the "Instagram API," until that practice was terminated last month, according to Matt Cagle, technology and civil liberties policy attorney for the ACLU of Northern California.

The data also shows that Facebook provided Geofeedia access to its Topic Feed API, which is supposed to be used for media and branding purposes, according to the ACLU. The API gave the firm access to a ranked feed of public posts that mention a specific topic.

API Access

Geofeedia had access to the Facebook's API source information, said Facebook spokesperson Jodi Seth.

Using APIs the way Geofeedia did is a "violation of our platform policies, which prohibit the sale or transfer of data," she told TechNewsWorld.

"This developer only had access to data that people chose to make public," Facebook said in a statement. "Its access was subject to the limitations in our Platform Policy, which outlines what we expect from developers that receive data using the Facebook Platform. If a developer uses our APIs in a way that has not been authorized, we will take swift action to stop them and we will end our relationship altogether if necessary."

Facebook terminated Geofeedia's access to its APIs last month, after learning about the infractions, Seth said.

While not providing access to its Firehose technology, Twitter did allow a subsidiary to provide Geofeedia with searchable access to public tweets, the ACLU said.

Twitter earlier this year added contract language designed to protect users against further surveillance techniques, the organization noted.

Based on information in the ACLU report, Twitter suspended @Geofeedia's commercial access to Twitter data.

The ACLU's Cagle acknowledges in a post on the organization's site that "neither Facebook nor Instagram has a public policy specifically prohibiting developers from exploiting user data for surveillance purposes," Twitter spokesperson Nu Wexler pointed out to TechNewsWorld.

The ACLU post goes on to say that "Twitter does have a 'longstanding rule' prohibiting the sale of user data for surveillance as well as a developer policy that bans the use of Twitter data to 'investigate, track or surveil Twitter users.'"

Twitter this spring cut off U.S. intelligence agencies from access to Dataminr, a firm that scans social media activity for information on potential terrorist attacks and political unrest, Wexler noted, pointing to a Wall Street Journal story published in May.

Targeted Protesters

Facebook severed its agreement with Geofeedia because it violated Facebook's data-sharing policies, noted Brandi Collins, campaign director of Color of Change, which had joined the ACLU and the Center for Justice in making the document request.

Facebook's decision to abandon the agreement suggests that the methods Geofeedia was employing were illegal, Collins told TechNewsWorld.

"More broadly, we should be concerned that police departments are wasting critical public resources on monitoring the social media profiles of the people in their communities, they're supposed to be protecting," she said.

"Geofeedia brags about its success monitoring protesters in Ferguson," Collins remarked, "but how does tracking people who are protesting police killings of unarmed black people make any of us safe?"


,

Tuesday, October 25, 2016

Microsoft Event: Come for Windows, Stay for Surface

Microsoft's Windows 10 event, scheduled for Wednesday, actually could focus more on hardware than on the operating system, given that the next Windows 10 refresh is expected in March.

A new Surface device -- possibly an all-in-one computer with a 21-inch or larger screen -- could be in the offing.

Whether Microsoft will unveil updates to its Surface Pro 4 and Surface Book devices or showcase products from its OEMs has generated some debate.

Windows Insiders have been testing new Windows 10 features, including trackpad innovations, noted The Verge. It might announce a F.lux-like feature to reduce blue light in Windows 10, as well as a new HomeHub smart device control feature. Further, Microsoft might bring its Holographic shell to Windows 10 PCs.

What Makes Sense

"It'll be a hardware event," predicted Rob Enderle, principal analyst at the Enderle Group.

"This is the expected refresh of the Surface product line," he told TechNewsWorld, because "all that Surface stuff belongs to the Windows 10 group."

Although some of the speculation may be groundless, "the all-in-one device makes a certain amount of sense because Microsoft hasn't had a desktop Surface product yet," Enderle pointed out.

"The smart money's on the fact that they'll probably have a Surface all-in-one, and the Surface Book and Surface Pro will probably be upgraded," he said. "It's about time."

Improvements in battery life, higher-resolution screens, better touch technology, and "a better overall stylus experience" probably will be unveiled, Enderle suggested. "Everybody has improved their stylus resolution and screens have been getting better."

However, don't expect the Surface Book or Surface Pro to get any thinner, because "they're already pretty thin and will run into thermal limits," he noted.

The Surface all-in-one PC "is what's most likely to be announced," R "Ray" Wang, principal analyst at Constellation Research, also said.

Expect deeper integration with Cortana services, Microsoft's Power BI and more, he told TechNewsWorld..

Moving into AR, VR and Games

Microsoft also might push virtual or augmented reality, Wang suggested. "Look for the battle for VR and AR to continue. With the rumors of the iPhone 8 integrating VR and AR, this is a chance to pre-empt Apple."

Microsoft might make "some type of announcement to counter Nintendo's Switch with their devices," he noted, "but we're not sure if this will happen."

The Nintendo Switch is a new home gaming system unveiled last week. It can be used in single player and multiplayer modes, and it lets gamers play the same title wherever, whenever and with whomever they choose.

Marketing Works

Redstone 2, the Windows 10 update scheduled for March, will have several new features, according to Wang, including an Office hub, better Bluetooth GATT support, onDemand sync with Microsoft OneDrive, interoperability among devices, and gaming services to the devices.

Windows 10 had a 22 percent share of the global operating systems market in September, according to Netmarketshare. Windows 7 continued to dominate with 48 percent.

Microsoft reported that revenue from Surface products grew 9 percent year over year in constant currency in fiscal Q4 2016, driven by sales of the Surface Pro 4 and Surface Book.

Sales totaled US$965 million, but Microsoft didn't state how many units were sold.

"Microsoft has been marketing the Surface hard, and, once they moved from ARM-based products to Intel Core products, they did well," Enderle said. "It shows that when you market something hard, well, it sells."


,

Floppy Candidate is The Washington Post’s new political game that’s got us in a flap

You choose a political candidate, then begin flapping your way through the 2016 electoral calendar. With unlockable characters, tons of trivia, and a decidedly tongue-in-cheek humour, this is a really smashing spin on a familiar style of game.

Point your browser at The Washington Post for more info and links to download the game for free.

imrs

Source : gamethenews[dot]net

Monday, October 24, 2016

OPINION Why Large Companies Can't Innovate

One of the things that has made Dell World very different is that at the end, one or more controversial speakers take the stage and provide an incredible amount of insight for the folks who haven't left early.

All three of the last three speakers were fascinating, but it wasn't until I wove all three speeches together that it became clear to me why innovation seems to evaporate the larger a company becomes. I was drawn in particular to why Netscape failed and Google, outside of ad revenue, largely has been unsuccessful, once you factor in economics.

I'll walk you through this and then close with my product of the week: a new set of headphones from Plantronics, which have become my favorite travel headphones.

The 4 Elements of Innovation

The first speaker used, of all things, the creation of chemotherapy as his quintessential example of innovation. He told the story of how leukemia was a death sentence for children coming into the 1960s with not only a 100 percent fatality rate, but also a horrid end for each child. It was so bad that some doctors refused to see the children, he said, and nurses visiting their wards were covered with sprayed blood. It must have been incredibly difficult to see small children suffering in incredible pain, and the images no doubt deeply disturbed the hospital staff.

Apparently there were four drugs that had some success, but they were all poisons. Each had a different function, each had terrible side effects, and each was potentially deadly. All of them individually only prolonged what was a horrid experience, so many doctors refused to use any of them.

One doctor, and you can read more details here, felt that all four might work where no one had worked before. Keep in mind the patients were children, each of the drugs individually was a deadly poison, and that doctor wanted to use all four. Oh, and since there was no animal counterpart to leukemia in children, the testing would have to be on live patients.

He got very little help and was constantly threatened with termination, but he was 98 percent successful, and his work became the foundation for modern day chemotherapy.

The speaker used this example to illustrate his contention that four elements are necessary for innovation to take hold: creativity, the ability to see an alternative; conscientiousness, the ability and drive to work to completion; contentiousness, the ability to fight against a common practice; and a sense of urgency, so the task will be completed in a timely way. (I agree with three of these.)

Interestingly, he also used Steve Jobs as an example, but those of us who knew Steve knew he was neither creative (the ideas always came from someone else) nor really conscientious (he got others to do most of the work). Just ask Steve Wozniak.

Jobs was a visionary, however, and he could see the value in someone else's idea that others often could not. Also, he sure as hell was disagreeable and contentious. The Steve Jobs example suggests that all of the elements necessary for innovation don't have to reside in the same person. It should be possible to create innovative teams that would have all of those traits and end up with something amazing.

But...

Not in a Large Company

The issue is that folks who are contentious and disagreeable, who are free thinkers, don't survive in large firms. They become the nail that the rest of the firm pounds on until they either conform, die or quit. It is actually kind of hard to find visionaries who aren't CEOs for the same reason.

Largely, they are forced to fit inside the visions of someone else, and I think that is why most large firms have to acquire much of their innovative technology after a while. It is why Xerox PARC could create the graphical user interface and mouse, but it took Steve Jobs and Apple to bring them to market.

I recall that the first iPhone-like phone I saw was created at Palm, and that group quickly was disbanded after being shot down by Palm's then-CEO for having a stupid idea. It didn't conform. Even at Apple, the iPhone required Steve seeing the threat of a music-playing phone to convince him to pioneer and then husband the product to market.

Microsoft also had a group that created an iPhone before Apple and even created a better tablet than the iPad, called the "Courier," and both were killed before ever making it to market. It wasn't that those firms didn't have people who could innovate -- they just treated them like problems, and instead of blessing and driving the related innovations, they forced them out of the company.

Google's Approach

As the Dell World speakers continued, one of the other things that became clear was that the reason Google largely has been a copycat is that it lost track of its identity. The second speaker, talking about coming innovations, showcased a list of cutting-edge firms -- all of which were created by directing people toward something the firm didn't own and monetizing it.

Facebook didn't own the content, Uber didn't own the cars, and Airbnb doesn't own the properties. However, Google was the king of monetizing what it didn't own, and that was its entire model for achieving success.

The implication was that had Google realized what it was best at -- monetizing access -- then it would have created its own Facebook, Uber and Airbnb. Instead, it tried to copy Apple, Microsoft and eventually Facebook, but none of those endeavors has been particularly successful financially, and some have cut into their revenue and added to costs. For example, both Apple and Microsoft could have been partners instead of rivals.

I recall one of IBM cofounder Thomas Watson Jr.'s saying: "Be willing to change everything but who you are." I think Google's -- now Alphabet's -- problem is that it no longer knows what it is.

Wrapping Up

Overall, the Dell World talks left me with two lessons.

One, that if you want innovation you have to identify those who are likely to innovate, and then back and protect them. Truly consider the concept of Skunk Works, (which has resulted in some of the most innovative products ever created) and the new policies at Ford, which expressly protect free thinkers.

Two, that if you don't know what your core skill is, then you are likely to fail a lot. I could go down a list of companies, starting with Netscape and ending with Yahoo, that just forgot who they were and either failed or are in the process of failing as a result.

This suggests two other things: If you are a creative free thinker, then you don't want to work for a big company that won't protect you; and one of the first things you should ask when considering a new job is whether the firm knows what its core skill is -- in other words knows more about what it is than its name suggests.

Something to noodle on this week.

Rob Enderle

I was a huge fan of the original BackBeat headphones because they were comfortable, had decent active noise cancellation, and really good battery life. The problem was they were really big, and I lost two pairs of them taking them out of my backpack to get something else and forgetting to put them back in.

At something like US$250 each that got old really, really fast.

Well, Plantronics just released the second generation, and they not only are smaller, allowing me to work around them and not take them out of my backpack, but also cheaper, coming in at a bit more reasonable price of $199.99.

Plantronics BackBeat Pro 2
Plantronics BackBeat Pro 2
I've been carrying them on my last two trips -- they have worked flawlessly, and I haven't come close to losing them.

Even though they are smaller, they cut out the noise on a plane just as well, and I've been burning through a ton of old and new TV shows and several hit movies as a result.

Because I'm a longtime fan of BackBeat and I'm less likely to lose these, and they are less likely to break me if I do, the new Plantronics BackBeat Pro 2 headphones are my product of the week. (Now if I could just get them in black not brown... .)


,

Saturday, October 22, 2016

DDoS Attack Causes Waves of Internet Outages

Hundreds of websites -- including those of biggies such as Netflix, Twitter and Spotify -- on Friday fell prey to massive DDoS attacks that cut off access to Internet users on the East Coast and elsewhere across the United States.

Three attacks were launched over a period of hours against Internet performance management company Dyn, which provides support to eight of the top 10 Internet service and retail companies and six of the top 10 entertainment companies listed in the Fortune 500.

The first attack against the Dyn Managed DNS infrastructure started at 11:10 a.m. UTC, or 7:10 a.m. EDT, the company said. Services were restored at about 9:00 a.m. Eastern time.

The second attack began around 11:52 a.m. EDT and was resolved by 2:52 p.m. The third attack, which started around 5:30 p.m., was resolved by about 6:17 p.m., according to Dyn's incident report.

"This is a new spin on an old attack, as the bad guys are finding new and innovative ways to cause further discontent," said Chase Cunningham, director of cyberoperations for A10 Networks.

"The bad guys are moving upstream for DDoS attacks on the DNS providers instead of just on sites or applications."

Dyn "got the DNS stuff back up pretty quick. They were very effective," he told TechNewsWorld.

The Severity of the Attacks

While the attacks were "pretty large," they "didn't bring anything down for very long," Cunningham noted.

Still, without confirmation from Dyn or ISPs, "it's only possible to speculate on the severity of this attack," said Craig Young, a computer security researcher at Tripwire.

"It is, however, reasonable to assume that the attackers controlled a considerable bandwidth in order to take out a service known for its resiliency against this type of attack," he told TechNewsWorld.

Getting the bandwidth to launch the attack has become easier with the proliferation of the Internet of Things. Cybercriminals and hackers increasingly have roped IoT devices into service as botnets to launch successive waves of very large DDoS attacks.

"Threat actors are leveraging insecure IoT devices to launch some of history's largest DDoS attacks," A10's Cunningham noted.

Manufacturers should eliminate the use of default or easy passwords to access and manage smart or connected devices, he said, to "hinder many of the global botnets that are created and deployed for malicious use."

Who's Pulling the Strings?

A nation state or states might be preparing to take down the Internet, cybersecurity expert Bruce Schneier recently warned, and "if there's a threat actor out there with this goal, DNS infrastructure would be a very natural target to expect," Tripwire's Young pointed out.

Another possibility is that the attacks could be a publicity stunt for a new threat actor launching a DDoS as a Service business, he suggested, in which case someone will claim responsibility for the attacks "in coming days or weeks."

Nothing points to one particular group, although it appears that recently more attacks have been coming from South America than from Russia or the former Soviet bloc, A10's Cunningham said.

At this point, considering the source "is total speculation," he added.

The United States Department of Homeland Security reportedly is looking into the attacks.

The explanation may turn out to be simple. Perhaps Dyn's DNS servers were too tempting a target for hackers and led to an attack of opportunity.

...BIND9 is 100 to 1000 times slower than an ideal DNS server, so is much harder to keep up in the face of DDoS.

— Robert Graham ❄ (@ErrataRob) October 21, 2016

Bind is an open source reference implementation of DNS protocols, as well as production-grade software suitable for use in high-volume, high-reliability applications.

More Trouble Ahead

DDoS attacks have been on the upswing and likely will increase in the near term.

There was a 129 percent increase in year-over-year DDoS attack traffic in the second quarter of this year, according to Akamai.

That amounts to nearly 5,000 mitigated attacks across a variety of industries and verticals during the period.


,

Linux Foundation Spurs JavaScript Development

The Linux Foundation earlier this week announced the addition of the JS Foundation as a Linux Foundation project. The move is an effort to inject new energy into the JavaScript developer community.

Linux Foundation Spurs JavaScript Development

By rebranding the former JQuery foundation as the JS Foundation and bringing it under the Linux umbrella, officials hope to create some stability and build critical mass. The goal is to spark greater interest in pursuing open source collaboration by intermingling some promising new players with some venerable stalwarts.

"What we hear is a need for a center of gravity in the JavaScript ecosystem and that's what we're hoping to create via the JS Foundation," said Kris Borchers, executive director of the JS Foundation.

"We want to drive the adoption and development of JavaScript technologies, and provide an environment that facilitates collaboration and encourages community for any project that drives innovation forward," he told LinuxInsider.

Joining Forces

A number of initial projects will participate in a new mentorship program that is designed to encourage a level of collaboration and sustainability heretofore lacking. They include Appium, Interledger.js, JerryScript, Mocha, Moment.js, Node-RED and webpack.

Founding members of the JS Foundation include Bocoup, IBM, Ripple, Samsung, Sauce Labs, Sense Technic Systems, SitePen, Stackpath, University of Westminster and WebsiteStartup.

Although the communities are very different, they have a mutual interest in boosting support for their respective technologies.

"Javascript has suffered from a reduced interest of late, and they likely couldn't sustain by themselves anymore," suggested Rob Enderle, principal analyst at the Enderle Group.

That is likely what drove the consolidation, he said.

"A large number of folks in both camps are volunteers, and with a severe shortage of programming talent in paid jobs in the industry, I suspect both thought they could better sustain critical mass together rather than separately," Enderle told LinuxInsider.

One of the things Javascript users want is for the projects they're using to be dependable, said Jonathan Lipps, director of open source at Sauce Labs.

Everyone loves to hate "javascript fatigue," he told LinuxInsider.

"How much worse does that fatigue become when a project which has a lot of adoption all of a sudden loses its contributors, and all of the users are forced to migrate to something else?" Lipps asked.

One of the goals of the JS Foundation is to create a level of stability in the ecosystem that heads off that scenario.

"I think we'll also see as a result a counterforce to the fragmentation trend." said Lipps. "If we can get projects working together and collaborating under a nonprofit umbrella, maybe we'll see more of them joining forces and providing the users with fewer, more sustainable choices."

More Exposure, More Adoption

A new level of cooperation could pay dividends for Sauce Labs by encouraging wider adoption of its Appium platform. The company's goal is for Appium to become the industry's most popular mobile automation tool.

"Donating Appium to the JS Foundation is a great way to shove Appium even further into view for more developers," Lipps said.

"From a development standpoint, specifically, we hope that giving up Appium's copyright to a nonprofit will encourage other companies who make money off of Appium to be less shy about contributing code to it," he explained.

Another of the initial projects in the program is JerryScript, a lightweight JavaScript engine first developed by Samsung. It can enable smartwatches, wearables and other small devices to operate across an IoT environment, noted Youngyoon Kim, vice president of the Software R&D Center at Samsung.

IBM's Node-RED, another participant, has achieved widespread adoption in the IoT community, noted Angel Diaz, vice president of cloud technology and architecture, allowing users to innovate IoT applications more rapidly and with greater agility.


,

Tesla: Everyone Gets a Self-Driving Car

Tesla on Wednesday announced plans to install hardware that will allow all of its cars to become driverless.

Tesla: Everyone Gets a Self-Driving Car

The equipment will enable self-driving at a safety level substantially greater than human-driven cars, according to the company.

The hardware includes eight cameras to provide 360-degree visibility around the car for more than 800 feet; 12 ultrasonic sensors to detect hard and soft objects; and forward-facing radar capable of seeing through rain, fog, dust and other vehicles.

Tesla also will install a new onboard computer with 40 times the computing power of previous Tesla models. It will run Tesla's neural net for processing information from the other hardware components.

Feature Suspension

Before activating the new hardware, Tesla will be calibrate it using information gathered from millions of miles of its vehicles' real-world driving experience.

During the transition, Teslas that have the new hardware will not have some first-generation Autopilot features, such as automatic emergency braking, collision warning, lane holding and active cruise control. The company will validate and then re-enable them over the air, along with new features, the company said.

Tesla's announcement reflects a thoughtful approach to automated driving, said Richard Wallace, transportation systems analysis director at the Center for Automotive Research.

By making the cars driverless-ready, Tesla easily can turn them into fully automated vehicles via an over-the-air software update.

"That's an advantage Tesla has, because not every car company can do that," Wallace told TechNewsWorld. "It's a sound strategy, and I wouldn't be surprised if some other OEMs decide to follow it."

Doubling Down

Clearly, Tesla is doubling down on its self-driving bet in the belief that the technology represents the future of consumer and commercial vehicles, said Charles King, principal analyst at Pund-IT.

"What's particularly interesting is the company's evolutionary approach -- equipping its cars with the necessary hardware, but stating that various self-driving functions will be enabled by software updates after they are fully validated," he told TechNewsWorld.

"That's a bit counterintuitive, given the tendency among many folks to prefer instant gratification, but it emphasizes the fact that autonomous driving is still a work in progress," King remarked.

"Bottom line -- it's wise of Tesla to acknowledge and to follow a safely incremental path forward," he said.

The Tesla Way

Tesla's attitude toward vehicle automation differs from other major players in the space, including the major auto makers and Google.

Both the auto makers and Google are taking a more cautious approach to the technology, King said.

Some auto makers are concentrating their efforts on commercial and industrial uses rather than consumer products.

"That's sensible, since self-driving features are likely to first emerge as pricy options rather than the standard features that Tesla is offering," King noted.

Meanwhile, Google has been deeply leveraging other companies' technologies and efforts in its driverless vehicle.

"In contrast, Tesla's decision to equip its cars with features that it called 'Autopilot' was more than a little hyperbolic. 'Driver Assist' would have been more accurate and less prone to misinterpretation," King said.

Risky Gambit

Making vehicles driverless-ready can give Tesla a first-mover advantage, but it also carries some risks.

"You're pretty much stuck with the hardware you put out there. You're telling your customers that purely through software, you're going to raise their capabilities," CAR's Wallace said.

"If they've played their cards right and they have the necessary suite of sensors, then this strategy is great for them," he continued. "If they're missing something on the sensor side, then this strategy is going to always leave them a little bit short."

Assuming risk comes with the territory of being a first mover, noted Mark Duvall, director of the energy utilization group at the Electric Power Research Institute.

"Building automobiles is a very high-risk business," he told TechNewsWorld, "so it's hard to say if what Tesla announced has a higher risk to what they're doing today. A lot of that will depend on execution."

Government Hangups

Government regulations also could challenge Tesla's driverless plans.

"We aren't all going to suddenly stop driving," Duvall said. "It will be a continuum."

Regulation of self-driving vehicles could vary from state to state, added Jim McGregor, principal analyst at Tirias Research.

"There's less than a handful of states that allow self-driving cars," he told TechNewsWorld. "What happens if Tesla enables its self-driving feature and a state doesn't allow it? They may be jumping the gun here. They may be getting ahead of themselves."


,

Friday, October 21, 2016

Microsoft AI Beats Humans at Speech Recognition

Microsoft's Artificial Intelligence and Research Unit earlier this week reported that its speech recognition technology had surpassed the performance of human transcriptionists.

The team last month published a paper describing its system's accuracy, said to be superior to that of IBM's famed Watson artificial intelligence.

The error rate for humans on the widely used NIST 2000 test set is 5.9 percent for the Switchboard portion of the data, and 11.3 percent for the CallHome portion, the team said.

The team improved on the conversational recognition system that outperformed IBM's by about 0.4 percent, it reported.

That improvement is important, noted Anne Moxie, senior analyst at Nucleus Research.

While speech recognition provides an easier way for humans to interact with technology, "it won't see adoption until it has extremely low error rates," she told TechNewsWorld.

Google, IBM and Microsoft are among the companies working on speech recognition systems, but Microsoft is the closest to overcoming the error rate issue, Moxie said. "Therefore, its technology's the most likely to see adoption."

Testing the Technology

The team's progress resulted from the careful engineering and optimization of "convolutional and recurrent neural networks." The basic structures have long been well known but "it is only recently that they have emerged as the best models for speech recognition," its report states.

To measure human performance, the team leveraged an existing pipeline in which Microsoft data is transcribed weekly by a large commercial vendor performing two-pass transcription -- that is, a human transcribes the data from scratch, and then a second listener monitors the data to perform error correction.

The team added NIST 2000 CTS evaluation data to the worklist, giving the transcribers the same audio segments as provided to the speech recognition system -- short sentences or sentence fragments from a signal channel.

For the speech recognition technology, the team used three convolutional neural network (CNN) variants.

One used VGG architecture, which employs smaller filters, is deeper, and applies up to five convolutional layers before pooling.

The second was modeled on the ResNet architecture, which adds a linear transform of each layer's input to its output. The team applied Batch Normalization activations.

The third CNN variation is the LACE (layer-wise context expansion with attention) model. LACE is a time delay neural network (TDNN) variant.

The team also trained a fused model consisting of a combination of a ResNet and a VGG model at the senone posterior level. Senones, which are states within context-dependent phones, are the units for which observation probabilities are computed during automated speech recognition (ASR).

Both base models were independently trained and the score fusion weight then was optimized on development data.

A six-layer bidirectional LSTM was used for spatial smoothing to improve accuracy.

"Our system's performance can be attributed to the systematic use of LSTMs for both acoustic and language modeling as well as CNNs in the acoustic model, and extensive combination of complementary models," the report states.

The Microsoft Cognitive Toolkit

All neural networks in the final system were trained with the Microsoft Cognitive Toolkit (CNTK) on a Linux-based multi-GPU server farm.

CNTK is an open source deep learning toolkit that allows for flexible model definition while scaling very efficiently across multiple GPUs and multiple servers, the team said.

Microsoft earlier this year released CNTK on GitHub, under an open source license.

The Voice

"Voice dictation is no longer just being used for composing text," said Alan Lepofsky, a principal analyst at Constellation Research.

"As chat-centric interfaces become more prevalent, core business processes such as ordering items, entering customer records, booking travel, or interacting with customer service records will all be voice-enabled," he told TechNewsWorld.

To illustrate his point, Lepofsky noted that he had composed his response and emailed it to TechNewsWorld "simply by speaking to my iPad."


,