Please wait....
T-Mobile, Verizon, and AT&T Have Reportedly Killed Their RCS Joint Venture
According to a new report from Light Reading, the three major U.S. carriers (four at the time) have reportedly abandoned their joint venture to launch a new Cross Carrier Messaging Initiative (CCMI), that promised interoperability for an RCS Universal Profile-based messaging standard. It was originally set to be launched in 2020. [For a detailed explanation of RCS Messaging, we recommend this article.] Android Police reports: Although the company handling the logistics behind the cross-carrier effort claims that it's still "continuing to move forward with preparations," a Verizon spokesperson told Light Reading that "the owners of the Cross Carrier Messaging Initiative decided to end the joint venture effort." [...] This may seem like bad news, but things have changed since 2019. In the time since the CCMI was announced, Google leapfrogged the carrier's selfish dithering and rolled out its own RCS messaging solution via the Messages app, all connected to its Jibe network (though it will use your carrier network if it's Universal Profile-compatible). It's a move that means customers don't have to wait on their carriers to start the work they should have done five years ago. More recently, T-Mobile has essentially handed the reins for its whole network messaging solution to Google by adopting Messages as the default SMS app for all T-Mobile phones, connecting all its customers to Google's RCS network. Given what has and hasn't succeeded when it comes to RCS messaging, what we'd like to see is for Verizon and AT&T to follow T-Mobile, give up on their own stupid standards, and simply adopt Google's RCS Messaging -- either by connecting their chat apps to Google's Jibe network somehow or by adopting the Messages app as sanctioned solutions, as T-Mobile did. But in the meantime, there's nothing to prevent customers on either network from just installing the Messages app themselves and bypassing the carrier mess altogether -- especially since it sounds like the carriers have given up on fixing it.

Read more of this story at Slashdot.

;
FCC Urges Americans To Run Internet Speed App To Counter Broadband Data Fudging
The FCC is encouraging netizens to use its internet speed mobile app in an effort to finally get accurate broadband data across the United States. The Register reports: In an announcement on Monday, the telecoms regulator noted that "the app provides a way for consumers to test the performance of their mobile and in-home broadband networks" and "provides the test results to the FCC." It stops far short of saying that the data will be used to make policy decisions, however, saying only that the figures gathered "will help to inform the FCC's efforts to collect more accurate and granular broadband deployment data." The public push doesn't mean that things are going to get better soon. Big Cable has aggressively -- and successfully -- argued in the past that data provided by users over an app is not sufficiently robust to form the basis of governmental decisions. And so the FCC will have to use the results as a way to push for change rather than use the data to make direct decisions. Everybody, including numerous states, cities, congressfolk and the GAO, know that the official FCC data provided by ISPs is not worth the paper it's written on. But broader usage of the app should expose just how inaccurate official figures are, which should in turn provide enough impetus for change. The bigger question is whether enough progress is made in the next four years to make any difference.

Read more of this story at Slashdot.

;
Australia's NDIS Gets a Government App With Blockchain But No Ethics
An anonymous reader quotes a report from ZDNet: Good news, disabled Australians! You'll soon be getting an app that will implement a welfare compliance regime designed by the people who brought you robo-debt. But don't worry, it'll have blockchain. No, this isn't good news at all. What makes it worse is that it's clear the government wants to extend technology-driven compliance to all Australians, with an emphasis on cracking down on your mistakes, not theirs. Kathryn Campbell, Secretary of the Department of Social Services, says the long-term plan is to have one app for all Commonwealth government services. "One to rule the world," she said last month, apparently oblivious to how evil that sounds. Senators are already worried that the disability app, intended to be used by participants in the National Disability Insurance Scheme (NDIS) to claim expenses against their support plan, will go the way of COVIDSafe: Millions of dollars spent on technology that doesn't really do the job. The intention was to fix a poor web experience, and allow claims to be made from a mobile device. But instead of simply creating a better website, in 2018, the Digital Transformation Agency (DTA) joined forces with CSIRO's Data61 and the Commonwealth Bank to trial blockchain-based smart money that would magically know whether the expense was legitimate or not. According to the CEO of the National Disability Insurance Agency (NDIA), Martin Hoffman, that pilot app has been "very popular and well-received," and the feedback has been "extremely positive." The app will be "fully available in the coming months, first on Google Play and then Apple's app store," he said. "Given the horrendously complex NDIS environment, defective processes and vulnerable people, there needs to be considerable caution in the application of blockchain technology," wrote former NDIS Technology Authority chief Marie Johnson in a submission [PDF] to the Parliamentary Joint Standing Committee on the NDIS. "Blockchain in itself -- as with other technology innovations -- does not address fundamental design and human rights issues. Ethics is paramount. The involvement of the Commonwealth Bank itself raises further ethics issues, given the value of participant data; the size of the market; and the yet to be realized emarket honey pot of data, funds and services." You can view the detailed "Making Money Smart: Empowering NDIS participants with Blockchain technologies" report here (PDF).

Read more of this story at Slashdot.

;
Genetic Mistakes That Could Shape Our Species
Slashdot reader omfglearntoplay shares an excerpt from a BBC article that explores the new technologies that may have already introduced genetic errors to the human gene pool. The article starts by mentioning He Jiankui, a Shenzhen researcher who was sentenced to prison in late 2019 for creating the world's first genetically altered babies. From the report: Jiankui had made the first genetically modified babies in the history of humankind. After 3.7 billion years of continuous, undisturbed evolution by natural selection, a life form had taken its innate biology into its own hands. The result was twin baby girls who were born with altered copies of a gene known as CCR5, which the scientist hoped would make them immune to HIV. But things were not as they seemed. In the years since, it's become clear that Jiankui's project was not quite as innocent as it might sound. He had broken laws, forged documents, misled the babies' parents about any risks and failed to do adequate safety testing. However, arguably the biggest twist were the mistakes. It turns out that the babies involved, Lulu and Nana, have not been gifted with neatly edited genes after all. Not only are they not necessarily immune to HIV, they have been accidentally endowed with versions of CCR5 that are entirely made up -- they likely do not exist in any other human genome on the planet. And yet, such changes are heritable -- they could be passed on to their children, and children's children, and so on. In fact, there have been no shortage of surprises in the field. From the rabbits altered to be leaner that inexplicably ended up with much longer tongues to the cattle tweaked to lack horns that were inadvertently endowed with a long stretch of bacterial DNA in their genomes (including some genes that confer antibiotic resistance, no less) -- its past is riddled with errors and misunderstandings. More recently, researchers at the Francis Crick Institute in London warned that editing the genetics of human embryos can lead to unintended consequences. By analyzing data from previous experiments, they found that approximately 16% had accidental mutations that would not have been picked up via standard tests. Why are these mistakes so common? Can they be overcome? And how could they affect future generations?

Read more of this story at Slashdot.

;
Detroit Man Sues Police For Wrongfully Arresting Him Based On Facial Recognition
A man who was falsely accused of shoplifting has sued the Detroit Police Department for arresting him based on an incorrect facial recognition match. The American Civil Liberties Union filed suit on behalf of Robert Williams, whom it calls the first US person wrongfully arrested based on facial recognition. The Verge reports: The Detroit Police Department arrested Williams in 2019 after examining security footage from a shoplifting incident. A detective used facial recognition technology on a grainy image from the video, and the system flagged Williams as a potential match based on a driver's license photo. But as the lawsuit notes, facial recognition is frequently inaccurate, particularly with Black subjects and a low-quality picture. The department then produced a photo lineup that included Williams' picture, showed it to a security guard who hadn't actually witnessed the shoplifting incident, and obtained a warrant when that guard picked him from the lineup. Williams -- who had been driving home from work during the incident -- spent 30 hours in a detention center. The ACLU later filed a formal complaint on his behalf, and the prosecutor's office apologized, saying he could have the case expunged from his records. The ACLU claims Detroit police used facial recognition under circumstances that they should have known would produce unreliable results, then dishonestly failed to mention the system's shortcomings -- including a "woefully substandard" image and the known racial bias of recognition systems.

Read more of this story at Slashdot.

;
NSA Helps Out Microsoft With Critical Exchange Server Vulnerability Disclosures
April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency (NSA). The Register reports: Forty-four different products and services are affected, mainly having to do with Azure, Exchange Server, Office, Visual Studio Code, and Windows. Among the vulnerabilities, four have been publicly disclosed and a fifth is being actively exploited. Nineteen of the CVEs have been designated critical. "This month's release includes a number of critical vulnerabilities that we recommend you prioritize, including updates to protect against new vulnerabilities in on-premise Exchange Servers," Microsoft said in its blog post. "These new vulnerabilities were reported by a security partner through standard coordinated vulnerability disclosure and found internally by Microsoft. We have not seen the vulnerabilities used in attacks against our customers. Clicking through Microsoft's coy links to CVE-2021-28480 (9.8 severity), CVE-2021-28481 (9.8 severity), CVE-2021-28482 (8.8 severity), and CVE-2021-28483 (9.0 severity), you'll find the unspecified security partner is the NSA. Exchange Server 2013 CU23, Exchange Server 2016 CU19 and CU20, and Exchange Server 2019 CU8 and CU9 are affected by this set of problems. "NSA urges applying critical Microsoft patches released today, as exploitation of these #vulnerabilities could allow persistent access and control of enterprise networks," the signals intelligence agency said via Twitter.

Read more of this story at Slashdot.

;
Inspur, China's Largest Cloud Hardware Vendor, Joins Open-Source Patent Consortium
An anonymous reader quotes a report from ZDNet: The Open Invention Network (OIN) defends the intellectual property (IP) rights of Linux and open-source software developers from patent trolls and the like. This is a global fight and now the OIN has a new, powerful allied member in China: Inspur. Inspur is a leading worldwide provider and China's leading data center infrastructure, cloud computing, and artificial intelligence (AI) server providers. While not a household name like Lenovo, Inspur ranks among the world's top-three server manufacturers. Inspur is only the latest of many companies to join the OIN. Besides such primarily hardware-oriented companies as Inspur, Baidu, China's largest search engine company, and global banks such as Barclays and the TD Bank Group, have joined the OIN. In 2021, companies far removed from traditional Linux companies such as Canonical, Red Hat, and SUSE all recognize Linux and OSS's importance. Donny Zhang, VP of Inspur information, said, "Linux and open source are critical elements in technologies which we are developing and provisioning. By joining the Open Invention Network, we are demonstrating our continued commitment to innovation, and supporting it with patent non-aggression in core Linux and adjacent open-source software." "Linux is rewriting what is possible in infrastructure computing," says OIN CEO Keith Bergelt. "OSS-based cloud computing and on-premise data centers are driving down the cost-per-compute while significantly increasing businesses' ability to provision AI and machine-learning (ML) capabilities. We appreciate Inspur's participation in joining OIN and demonstrating its commitment to innovation and patent non-aggression in open source."

Read more of this story at Slashdot.

;
School Custodian Refuses To Download Phone App That Monitors Location, Says It Got Her Fired
Michelle Dionne, a former employee at a cleaning company in Darwell, Alberta, says she was fired for refusing to download an app that would check her location and ensure she was working her scheduled hours. CBC.ca reports: Dionne says she was thrilled to get the job last fall -- responsible for things like disinfecting door handles, light switches and bathrooms to prevent possible spread of the coronavirus. When her boss told her to download the app, Dionne says she was concerned about her privacy. The app would go on her personal phone and, she says, her boss didn't clearly explain how it worked or what would happen to any data it collected.[...] The app, called Blip, generates a geofence -- a virtual boundary, created by the employer using GPS -- that detects when an employee enters or leaves. The app registers a signal from the worker's cell phone, when their "locations" setting is turned on, so the boss can tell whether an employee is on site and how many hours that person works. It only registers an employee's location when they enter and exit the geofence and doesn't track their specific movements. It's not clear where that data is stored, or whether any other employee information might be included. Go Public reached out to the maker of the app, U.K.-based BrightHR. Spokesperson Natalie Shallow said, although the app collects data, that data "belongs to the customer organization" -- meaning, the company using the app -- and therefore is subject to the company's own policies. The data's protection "complies with all applicable laws, including Alberta's Personal Information Protection Act," Shallow said. Dionne worried about where the information might end up. She knew apps like Instagram, Facebook and others had been breached. She says no one told her how securely the information would be protected. Dionne's former boss admits she didn't know where the data generated by Blip would be stored when she introduced the app to her workforce last fall. "I never asked that question and it never came up in my mind to ask," said Hanan Yehia, founder and owner of H.Y. Cleaning Services, which operates cleaning services for eight locations in northern Alberta. She says after Dionne raised concerns, she went back to BrightHR for more information and was told employees' movements within the geofence are not specifically monitored. Yehia says she shared that information with Dionne. The app was a solution to a problem, says Yehia -- she was looking for a way to simplify payroll by easily tracking hours and making sure employees who claimed they were working were actually on the job. "We had some issues in some locations where they would say they were on site, that they were working, but they weren't," she said, clarifying that attendance was not an issue with Dionne. She also says Dionne's refusal to download the app wasn't the sole reason she was fired.

Read more of this story at Slashdot.

;
Las Vegas Pushes To Become First To Ban Ornamental Grass
With a first-in-the-nation policy, Las Vegas is seeking to ban grass that nobody walks on. "Las Vegas-area water officials have spent two decades trying to get people to replace thirsty greenery with desert plants, and now they're asking the Nevada Legislature to outlaw roughly 40% of the turf that's left," reports The Associated Press. By outlawing this ornamental grass that requires four times as much water as drought-tolerant landscaping, the region can reduce annual water consumption by roughly 15% and save about 14 gallons of water per person per day. From the report: The proposal is part of a turf war waged since at least 2003, when the water authority banned developers from planting green front yards in new subdivisions. It also offers owners of older properties the region's most generous rebate policies to tear out sod -- up to $3 per square foot. Those efforts are slowing. The agency says the number of acres converted under its rebate program fell last year to six times less than what it was in 2008. Meanwhile, water consumption in southern Nevada has increased 9% since 2019. Justin Jones, a Clark County commissioner who serves on the water authority's board, doesn't think ripping out ornamental turf will upend people's lives. "To be clear, we are not coming after your average homeowner's backyard," he said. But grass in the middle of a parkway, where no one walks: "That's dumb." "The only people that ever set foot on grass that's in the middle of a roadway system are people cutting the grass," Jones said. The agency has different regulations for yards and public parks. Based on satellite imaging, it believes banning ornamental grass will primarily affect common areas maintained by homeowner associations and commercial property owners.

Read more of this story at Slashdot.

;
Global PC Market Swells by 55% in Q1 2021 To 82.7 Million
The latest data from research firm Canalys shows continued strength in the worldwide PC market in the first quarter of 2021, with shipments of desktops and notebooks, including workstations, up 55% year on year. From the report: Though this growth rate was buoyed by a weak Q1 2020, total shipments of 82.7 million units is still impressive, and the highest Q1 shipment number since 2012. Backlogs on orders from 2020, particularly for notebooks, were a key driver, though new demand is also a factor as smaller businesses begin their recoveries. Shipments of notebooks and mobile workstations increased 79% year on year to reach 67.8 million units. Desktops improved slightly at the start of 2021 after a string of poor quarters in 2020, with the level of shipment decline easing. Shipments of desktop and desktop workstations fell 5% year on year to 14.8 million units. The strong recovery from a weak Q1 2020 saw all vendors in the top five achieve double-digit year-on-year shipment growth. Lenovo maintained pole position in the PC market, securing a 25% market share and posting year-on-year growth of 61%, with shipments of 20.4 million units. HP, spurred by strong Chromebook shipments, came second with total shipments of 19.2 million units, a 64% increase on Q1 2020. Dell lost market share against Q4, but took third place in the rankings, growing shipments 23% year on year to hit 12.9 million units. Apple and Acer made up the rest of the top five, shipping 6.6 million and 5.7 million units to enjoy the highest and second-highest annual growth respectively. Cumulatively, the top five vendors accounted for 78.5% of all PC shipments in Q1 2021.

Read more of this story at Slashdot.

;
Tech Workers At the New York Times Have Formed a Union
An anonymous reader quotes a report from The Verge: Tech workers at The New York Times have formed a union under the NewsGuild of New York, and they are demanding voluntary recognition from the paper's management. The new union, called the Tech Times Guild, represents more than 650 workers from the digital side of the company, including software engineers, designers, and data analysts. Those employees are not included in the editorial union of The New York Times, which represents more than 3,000 reporters and media professionals at the newspaper and is also organized under NewsGuild. The editorial union has historically excluded employees on the digital side of the paper, even as the company has expanded into more ambitious data and digital work. As a result, the Tech Times Guild is seeking a separate bargaining unit, which would negotiate separately with the Times management. "As of now, we face a number of challenges," the Tech Times Guild said in a statement on Twitter, "including sudden or unexplained termination, opaque promotion processes, unpaid overtime, and underinvestment in diverse representation. Without a union, we lack the data or bargaining rights to address these issues." The Times has not formally responded to the union's request for recognition. "Voluntary recognition is a significant decision," The New York Times Company said in a statement. "We have heard questions from colleagues such as what a union would mean for staff, who might be included in the union, and how colleagues would have a say in who might represent them. We want to make sure all voices are heard."

Read more of this story at Slashdot.

;
EU Poised To Set AI Rules That Would Ban Surveillance and Social Behavior Ranking
The European Union is poised to ban artificial intelligence systems used for mass surveillance or for ranking social behavior, while companies developing AI could face fines as high as 4% of global revenue if they fail to comply with new rules governing the software applications. From a report: The rules are part of legislation set to be proposed by the European Commission, the bloc's executive body, according to a draft of the proposal obtained by Bloomberg. The details could change before the commission unveils the measure, which is expected to be as soon as next week. The EU proposal is expected to include the following rules: * AI systems used to manipulate human behavior, exploit information about individuals or groups of individuals, used to carry out social scoring or for indiscriminate surveillance would all be banned in the EU. Some public security exceptions would apply. * Remote biometric identification systems used in public places, like facial recognition, would need special authorization from authorities. * AI applications considered to be 'high-risk' would have to undergo inspections before deployment to ensure systems are trained on unbiased data sets, in a traceable way and with human oversight. * High-risk AI would pertain to systems that could endanger people's safety, lives or fundamental rights, as well as the EU's democratic processes -- such as self-driving cars and remote surgery, among others. * Some companies will be allowed to undertake assessments themselves, whereas others will be subject to checks by third-parties. Compliance certificates issued by assessment bodies will be valid for up to five years. * Rules would apply equally to companies based in the EU or abroad.

Read more of this story at Slashdot.

;
There's Another Facebook Phone Number Database Online
An online tool lets customers pay to unmask the phone numbers of Facebook users that liked a specific Page, and the underlying dataset appears to be separate from the 500 million account database that made headlines last week, signifying another data breach or large scale scraping of Facebook users' data, Motherboard reports. From the report: Motherboard verified the tool, which comes in the form of a bot on the social network and messaging platform Telegram, outputs accurate phone numbers of Facebook users that aren't included in the dataset of 500 million users. The data also appears to be different to another Telegram bot outputting Facebook phone numbers that Motherboard first reported on in January. "Hello, can you tell me how you got my number?" one person included in the dataset asked Motherboard when reached for comment. "Omg, this is insane," they added. Another person returned Motherboard's call and, after confirming their name, said "If you have my number then yes it seems the data is accurate." A description for the bot reads "The bot give [sic] out the phone numbers of users who have liked the Facebook page." To use the bot, customers need to first identify the unique identification code of the Facebook Page they want to get phone numbers from, be that a band, restaurant, or any other sort of Page. This is possible with at least one free to use website. From there, customers enter that code into the bot, which provides a cost of the data in U.S. dollars and the option to proceed with the purchase, according to Motherboard's tests. A Page with tens of thousands of likes from Facebook users can cost a few hundred dollars, the bot shows. The data for Motherboard's own Page would return 134,803 results and cost $539, for example.

Read more of this story at Slashdot.

;
'Why It's Easier To Move Country Than Switch Social Media'
Cory Doctorow, writing at Wired: When we talk about social media monopolies, we focus too much on network effects, and not enough on switching costs. Yes, it's true that all your friends are already stuck in a Big Tech silo that doesn't talk to any of the other Big Tech silos. It needn't be that way: interoperable platforms have existed since the first two Arpanet nodes came online. You can phone anyone with a phone number and email anyone with an email address. The reason you can't talk to Facebook users without having a Facebook account isn't that it's technically impossible -- it's that Facebook forbids it. What's more, Facebook (and its Big Tech rivals) have the law on their side: the once-common practice of making new products that just work with existing ones (like third-party printer ink, or a Mac program that can read Microsoft Office files, or an emulator that can play old games) has been driven to the brink of extinction by Big Tech. They were fine with this kind of "competitive compatibility" when it benefited them, but now that they dominate the digital world, it's time for it to die. To restore competitive compatibility, we would need reform to many laws: software copyright and patents, the anti-circumvention laws that protect digital rights management, and the cybersecurity laws that let companies criminalize violations of their terms of service.

Read more of this story at Slashdot.

;
NAME:WRECK Vulnerabilities Impact Millions of Smart and Industrial Devices
Catalin Cimpanu, reporting at Record: Security researchers have found a new set of vulnerabilities that impact hundreds of millions of servers, smart devices, and industrial equipment. Called NAME:WRECK, the vulnerabilities have been discovered by enterprise IoT security firm Forescout as part of its internal research program named Project Memoria -- which the company describes as "an initiative that aims at providing the cybersecurity community with the largest study on the security of TCP/IP stacks." Although never visible to end-users, TCP/IP stacks are libraries that vendors add to their firmware to support internet connectivity and other networking functions for their devices. These libraries are very small but, in most cases, underpin the most basic functions of a device, and any vulnerability here exposes users to remote attacks. The NAME:WRECK research is the fifth set of vulnerabilities impacting TCP/IP libraries that have been disclosed over the past three years, and the third set disclosed part of Project Memoria.

Read more of this story at Slashdot.

;
T-Mobile, Verizon, and AT&T Have Reportedly Killed Their RCS Joint Venture
According to a new report from Light Reading, the three major U.S. carriers (four at the time) have reportedly abandoned their joint venture to launch a new Cross Carrier Messaging Initiative (CCMI), that promised interoperability for an RCS Universal Profile-based messaging standard. It was originally set to be launched in 2020. [For a detailed explanation of RCS Messaging, we recommend this article.] Android Police reports: Although the company handling the logistics behind the cross-carrier effort claims that it's still "continuing to move forward with preparations," a Verizon spokesperson told Light Reading that "the owners of the Cross Carrier Messaging Initiative decided to end the joint venture effort." [...] This may seem like bad news, but things have changed since 2019. In the time since the CCMI was announced, Google leapfrogged the carrier's selfish dithering and rolled out its own RCS messaging solution via the Messages app, all connected to its Jibe network (though it will use your carrier network if it's Universal Profile-compatible). It's a move that means customers don't have to wait on their carriers to start the work they should have done five years ago. More recently, T-Mobile has essentially handed the reins for its whole network messaging solution to Google by adopting Messages as the default SMS app for all T-Mobile phones, connecting all its customers to Google's RCS network. Given what has and hasn't succeeded when it comes to RCS messaging, what we'd like to see is for Verizon and AT&T to follow T-Mobile, give up on their own stupid standards, and simply adopt Google's RCS Messaging -- either by connecting their chat apps to Google's Jibe network somehow or by adopting the Messages app as sanctioned solutions, as T-Mobile did. But in the meantime, there's nothing to prevent customers on either network from just installing the Messages app themselves and bypassing the carrier mess altogether -- especially since it sounds like the carriers have given up on fixing it.

Read more of this story at Slashdot.

;
FCC Urges Americans To Run Internet Speed App To Counter Broadband Data Fudging
The FCC is encouraging netizens to use its internet speed mobile app in an effort to finally get accurate broadband data across the United States. The Register reports: In an announcement on Monday, the telecoms regulator noted that "the app provides a way for consumers to test the performance of their mobile and in-home broadband networks" and "provides the test results to the FCC." It stops far short of saying that the data will be used to make policy decisions, however, saying only that the figures gathered "will help to inform the FCC's efforts to collect more accurate and granular broadband deployment data." The public push doesn't mean that things are going to get better soon. Big Cable has aggressively -- and successfully -- argued in the past that data provided by users over an app is not sufficiently robust to form the basis of governmental decisions. And so the FCC will have to use the results as a way to push for change rather than use the data to make direct decisions. Everybody, including numerous states, cities, congressfolk and the GAO, know that the official FCC data provided by ISPs is not worth the paper it's written on. But broader usage of the app should expose just how inaccurate official figures are, which should in turn provide enough impetus for change. The bigger question is whether enough progress is made in the next four years to make any difference.

Read more of this story at Slashdot.

;
Australia's NDIS Gets a Government App With Blockchain But No Ethics
An anonymous reader quotes a report from ZDNet: Good news, disabled Australians! You'll soon be getting an app that will implement a welfare compliance regime designed by the people who brought you robo-debt. But don't worry, it'll have blockchain. No, this isn't good news at all. What makes it worse is that it's clear the government wants to extend technology-driven compliance to all Australians, with an emphasis on cracking down on your mistakes, not theirs. Kathryn Campbell, Secretary of the Department of Social Services, says the long-term plan is to have one app for all Commonwealth government services. "One to rule the world," she said last month, apparently oblivious to how evil that sounds. Senators are already worried that the disability app, intended to be used by participants in the National Disability Insurance Scheme (NDIS) to claim expenses against their support plan, will go the way of COVIDSafe: Millions of dollars spent on technology that doesn't really do the job. The intention was to fix a poor web experience, and allow claims to be made from a mobile device. But instead of simply creating a better website, in 2018, the Digital Transformation Agency (DTA) joined forces with CSIRO's Data61 and the Commonwealth Bank to trial blockchain-based smart money that would magically know whether the expense was legitimate or not. According to the CEO of the National Disability Insurance Agency (NDIA), Martin Hoffman, that pilot app has been "very popular and well-received," and the feedback has been "extremely positive." The app will be "fully available in the coming months, first on Google Play and then Apple's app store," he said. "Given the horrendously complex NDIS environment, defective processes and vulnerable people, there needs to be considerable caution in the application of blockchain technology," wrote former NDIS Technology Authority chief Marie Johnson in a submission [PDF] to the Parliamentary Joint Standing Committee on the NDIS. "Blockchain in itself -- as with other technology innovations -- does not address fundamental design and human rights issues. Ethics is paramount. The involvement of the Commonwealth Bank itself raises further ethics issues, given the value of participant data; the size of the market; and the yet to be realized emarket honey pot of data, funds and services." You can view the detailed "Making Money Smart: Empowering NDIS participants with Blockchain technologies" report here (PDF).

Read more of this story at Slashdot.

;
Genetic Mistakes That Could Shape Our Species
Slashdot reader omfglearntoplay shares an excerpt from a BBC article that explores the new technologies that may have already introduced genetic errors to the human gene pool. The article starts by mentioning He Jiankui, a Shenzhen researcher who was sentenced to prison in late 2019 for creating the world's first genetically altered babies. From the report: Jiankui had made the first genetically modified babies in the history of humankind. After 3.7 billion years of continuous, undisturbed evolution by natural selection, a life form had taken its innate biology into its own hands. The result was twin baby girls who were born with altered copies of a gene known as CCR5, which the scientist hoped would make them immune to HIV. But things were not as they seemed. In the years since, it's become clear that Jiankui's project was not quite as innocent as it might sound. He had broken laws, forged documents, misled the babies' parents about any risks and failed to do adequate safety testing. However, arguably the biggest twist were the mistakes. It turns out that the babies involved, Lulu and Nana, have not been gifted with neatly edited genes after all. Not only are they not necessarily immune to HIV, they have been accidentally endowed with versions of CCR5 that are entirely made up -- they likely do not exist in any other human genome on the planet. And yet, such changes are heritable -- they could be passed on to their children, and children's children, and so on. In fact, there have been no shortage of surprises in the field. From the rabbits altered to be leaner that inexplicably ended up with much longer tongues to the cattle tweaked to lack horns that were inadvertently endowed with a long stretch of bacterial DNA in their genomes (including some genes that confer antibiotic resistance, no less) -- its past is riddled with errors and misunderstandings. More recently, researchers at the Francis Crick Institute in London warned that editing the genetics of human embryos can lead to unintended consequences. By analyzing data from previous experiments, they found that approximately 16% had accidental mutations that would not have been picked up via standard tests. Why are these mistakes so common? Can they be overcome? And how could they affect future generations?

Read more of this story at Slashdot.

;
Detroit Man Sues Police For Wrongfully Arresting Him Based On Facial Recognition
A man who was falsely accused of shoplifting has sued the Detroit Police Department for arresting him based on an incorrect facial recognition match. The American Civil Liberties Union filed suit on behalf of Robert Williams, whom it calls the first US person wrongfully arrested based on facial recognition. The Verge reports: The Detroit Police Department arrested Williams in 2019 after examining security footage from a shoplifting incident. A detective used facial recognition technology on a grainy image from the video, and the system flagged Williams as a potential match based on a driver's license photo. But as the lawsuit notes, facial recognition is frequently inaccurate, particularly with Black subjects and a low-quality picture. The department then produced a photo lineup that included Williams' picture, showed it to a security guard who hadn't actually witnessed the shoplifting incident, and obtained a warrant when that guard picked him from the lineup. Williams -- who had been driving home from work during the incident -- spent 30 hours in a detention center. The ACLU later filed a formal complaint on his behalf, and the prosecutor's office apologized, saying he could have the case expunged from his records. The ACLU claims Detroit police used facial recognition under circumstances that they should have known would produce unreliable results, then dishonestly failed to mention the system's shortcomings -- including a "woefully substandard" image and the known racial bias of recognition systems.

Read more of this story at Slashdot.

;
NSA Helps Out Microsoft With Critical Exchange Server Vulnerability Disclosures
April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency (NSA). The Register reports: Forty-four different products and services are affected, mainly having to do with Azure, Exchange Server, Office, Visual Studio Code, and Windows. Among the vulnerabilities, four have been publicly disclosed and a fifth is being actively exploited. Nineteen of the CVEs have been designated critical. "This month's release includes a number of critical vulnerabilities that we recommend you prioritize, including updates to protect against new vulnerabilities in on-premise Exchange Servers," Microsoft said in its blog post. "These new vulnerabilities were reported by a security partner through standard coordinated vulnerability disclosure and found internally by Microsoft. We have not seen the vulnerabilities used in attacks against our customers. Clicking through Microsoft's coy links to CVE-2021-28480 (9.8 severity), CVE-2021-28481 (9.8 severity), CVE-2021-28482 (8.8 severity), and CVE-2021-28483 (9.0 severity), you'll find the unspecified security partner is the NSA. Exchange Server 2013 CU23, Exchange Server 2016 CU19 and CU20, and Exchange Server 2019 CU8 and CU9 are affected by this set of problems. "NSA urges applying critical Microsoft patches released today, as exploitation of these #vulnerabilities could allow persistent access and control of enterprise networks," the signals intelligence agency said via Twitter.

Read more of this story at Slashdot.

;
Inspur, China's Largest Cloud Hardware Vendor, Joins Open-Source Patent Consortium
An anonymous reader quotes a report from ZDNet: The Open Invention Network (OIN) defends the intellectual property (IP) rights of Linux and open-source software developers from patent trolls and the like. This is a global fight and now the OIN has a new, powerful allied member in China: Inspur. Inspur is a leading worldwide provider and China's leading data center infrastructure, cloud computing, and artificial intelligence (AI) server providers. While not a household name like Lenovo, Inspur ranks among the world's top-three server manufacturers. Inspur is only the latest of many companies to join the OIN. Besides such primarily hardware-oriented companies as Inspur, Baidu, China's largest search engine company, and global banks such as Barclays and the TD Bank Group, have joined the OIN. In 2021, companies far removed from traditional Linux companies such as Canonical, Red Hat, and SUSE all recognize Linux and OSS's importance. Donny Zhang, VP of Inspur information, said, "Linux and open source are critical elements in technologies which we are developing and provisioning. By joining the Open Invention Network, we are demonstrating our continued commitment to innovation, and supporting it with patent non-aggression in core Linux and adjacent open-source software." "Linux is rewriting what is possible in infrastructure computing," says OIN CEO Keith Bergelt. "OSS-based cloud computing and on-premise data centers are driving down the cost-per-compute while significantly increasing businesses' ability to provision AI and machine-learning (ML) capabilities. We appreciate Inspur's participation in joining OIN and demonstrating its commitment to innovation and patent non-aggression in open source."

Read more of this story at Slashdot.

;
School Custodian Refuses To Download Phone App That Monitors Location, Says It Got Her Fired
Michelle Dionne, a former employee at a cleaning company in Darwell, Alberta, says she was fired for refusing to download an app that would check her location and ensure she was working her scheduled hours. CBC.ca reports: Dionne says she was thrilled to get the job last fall -- responsible for things like disinfecting door handles, light switches and bathrooms to prevent possible spread of the coronavirus. When her boss told her to download the app, Dionne says she was concerned about her privacy. The app would go on her personal phone and, she says, her boss didn't clearly explain how it worked or what would happen to any data it collected.[...] The app, called Blip, generates a geofence -- a virtual boundary, created by the employer using GPS -- that detects when an employee enters or leaves. The app registers a signal from the worker's cell phone, when their "locations" setting is turned on, so the boss can tell whether an employee is on site and how many hours that person works. It only registers an employee's location when they enter and exit the geofence and doesn't track their specific movements. It's not clear where that data is stored, or whether any other employee information might be included. Go Public reached out to the maker of the app, U.K.-based BrightHR. Spokesperson Natalie Shallow said, although the app collects data, that data "belongs to the customer organization" -- meaning, the company using the app -- and therefore is subject to the company's own policies. The data's protection "complies with all applicable laws, including Alberta's Personal Information Protection Act," Shallow said. Dionne worried about where the information might end up. She knew apps like Instagram, Facebook and others had been breached. She says no one told her how securely the information would be protected. Dionne's former boss admits she didn't know where the data generated by Blip would be stored when she introduced the app to her workforce last fall. "I never asked that question and it never came up in my mind to ask," said Hanan Yehia, founder and owner of H.Y. Cleaning Services, which operates cleaning services for eight locations in northern Alberta. She says after Dionne raised concerns, she went back to BrightHR for more information and was told employees' movements within the geofence are not specifically monitored. Yehia says she shared that information with Dionne. The app was a solution to a problem, says Yehia -- she was looking for a way to simplify payroll by easily tracking hours and making sure employees who claimed they were working were actually on the job. "We had some issues in some locations where they would say they were on site, that they were working, but they weren't," she said, clarifying that attendance was not an issue with Dionne. She also says Dionne's refusal to download the app wasn't the sole reason she was fired.

Read more of this story at Slashdot.

;
Las Vegas Pushes To Become First To Ban Ornamental Grass
With a first-in-the-nation policy, Las Vegas is seeking to ban grass that nobody walks on. "Las Vegas-area water officials have spent two decades trying to get people to replace thirsty greenery with desert plants, and now they're asking the Nevada Legislature to outlaw roughly 40% of the turf that's left," reports The Associated Press. By outlawing this ornamental grass that requires four times as much water as drought-tolerant landscaping, the region can reduce annual water consumption by roughly 15% and save about 14 gallons of water per person per day. From the report: The proposal is part of a turf war waged since at least 2003, when the water authority banned developers from planting green front yards in new subdivisions. It also offers owners of older properties the region's most generous rebate policies to tear out sod -- up to $3 per square foot. Those efforts are slowing. The agency says the number of acres converted under its rebate program fell last year to six times less than what it was in 2008. Meanwhile, water consumption in southern Nevada has increased 9% since 2019. Justin Jones, a Clark County commissioner who serves on the water authority's board, doesn't think ripping out ornamental turf will upend people's lives. "To be clear, we are not coming after your average homeowner's backyard," he said. But grass in the middle of a parkway, where no one walks: "That's dumb." "The only people that ever set foot on grass that's in the middle of a roadway system are people cutting the grass," Jones said. The agency has different regulations for yards and public parks. Based on satellite imaging, it believes banning ornamental grass will primarily affect common areas maintained by homeowner associations and commercial property owners.

Read more of this story at Slashdot.

;
Global PC Market Swells by 55% in Q1 2021 To 82.7 Million
The latest data from research firm Canalys shows continued strength in the worldwide PC market in the first quarter of 2021, with shipments of desktops and notebooks, including workstations, up 55% year on year. From the report: Though this growth rate was buoyed by a weak Q1 2020, total shipments of 82.7 million units is still impressive, and the highest Q1 shipment number since 2012. Backlogs on orders from 2020, particularly for notebooks, were a key driver, though new demand is also a factor as smaller businesses begin their recoveries. Shipments of notebooks and mobile workstations increased 79% year on year to reach 67.8 million units. Desktops improved slightly at the start of 2021 after a string of poor quarters in 2020, with the level of shipment decline easing. Shipments of desktop and desktop workstations fell 5% year on year to 14.8 million units. The strong recovery from a weak Q1 2020 saw all vendors in the top five achieve double-digit year-on-year shipment growth. Lenovo maintained pole position in the PC market, securing a 25% market share and posting year-on-year growth of 61%, with shipments of 20.4 million units. HP, spurred by strong Chromebook shipments, came second with total shipments of 19.2 million units, a 64% increase on Q1 2020. Dell lost market share against Q4, but took third place in the rankings, growing shipments 23% year on year to hit 12.9 million units. Apple and Acer made up the rest of the top five, shipping 6.6 million and 5.7 million units to enjoy the highest and second-highest annual growth respectively. Cumulatively, the top five vendors accounted for 78.5% of all PC shipments in Q1 2021.

Read more of this story at Slashdot.

;
Tech Workers At the New York Times Have Formed a Union
An anonymous reader quotes a report from The Verge: Tech workers at The New York Times have formed a union under the NewsGuild of New York, and they are demanding voluntary recognition from the paper's management. The new union, called the Tech Times Guild, represents more than 650 workers from the digital side of the company, including software engineers, designers, and data analysts. Those employees are not included in the editorial union of The New York Times, which represents more than 3,000 reporters and media professionals at the newspaper and is also organized under NewsGuild. The editorial union has historically excluded employees on the digital side of the paper, even as the company has expanded into more ambitious data and digital work. As a result, the Tech Times Guild is seeking a separate bargaining unit, which would negotiate separately with the Times management. "As of now, we face a number of challenges," the Tech Times Guild said in a statement on Twitter, "including sudden or unexplained termination, opaque promotion processes, unpaid overtime, and underinvestment in diverse representation. Without a union, we lack the data or bargaining rights to address these issues." The Times has not formally responded to the union's request for recognition. "Voluntary recognition is a significant decision," The New York Times Company said in a statement. "We have heard questions from colleagues such as what a union would mean for staff, who might be included in the union, and how colleagues would have a say in who might represent them. We want to make sure all voices are heard."

Read more of this story at Slashdot.

;
EU Poised To Set AI Rules That Would Ban Surveillance and Social Behavior Ranking
The European Union is poised to ban artificial intelligence systems used for mass surveillance or for ranking social behavior, while companies developing AI could face fines as high as 4% of global revenue if they fail to comply with new rules governing the software applications. From a report: The rules are part of legislation set to be proposed by the European Commission, the bloc's executive body, according to a draft of the proposal obtained by Bloomberg. The details could change before the commission unveils the measure, which is expected to be as soon as next week. The EU proposal is expected to include the following rules: * AI systems used to manipulate human behavior, exploit information about individuals or groups of individuals, used to carry out social scoring or for indiscriminate surveillance would all be banned in the EU. Some public security exceptions would apply. * Remote biometric identification systems used in public places, like facial recognition, would need special authorization from authorities. * AI applications considered to be 'high-risk' would have to undergo inspections before deployment to ensure systems are trained on unbiased data sets, in a traceable way and with human oversight. * High-risk AI would pertain to systems that could endanger people's safety, lives or fundamental rights, as well as the EU's democratic processes -- such as self-driving cars and remote surgery, among others. * Some companies will be allowed to undertake assessments themselves, whereas others will be subject to checks by third-parties. Compliance certificates issued by assessment bodies will be valid for up to five years. * Rules would apply equally to companies based in the EU or abroad.

Read more of this story at Slashdot.

;
There's Another Facebook Phone Number Database Online
An online tool lets customers pay to unmask the phone numbers of Facebook users that liked a specific Page, and the underlying dataset appears to be separate from the 500 million account database that made headlines last week, signifying another data breach or large scale scraping of Facebook users' data, Motherboard reports. From the report: Motherboard verified the tool, which comes in the form of a bot on the social network and messaging platform Telegram, outputs accurate phone numbers of Facebook users that aren't included in the dataset of 500 million users. The data also appears to be different to another Telegram bot outputting Facebook phone numbers that Motherboard first reported on in January. "Hello, can you tell me how you got my number?" one person included in the dataset asked Motherboard when reached for comment. "Omg, this is insane," they added. Another person returned Motherboard's call and, after confirming their name, said "If you have my number then yes it seems the data is accurate." A description for the bot reads "The bot give [sic] out the phone numbers of users who have liked the Facebook page." To use the bot, customers need to first identify the unique identification code of the Facebook Page they want to get phone numbers from, be that a band, restaurant, or any other sort of Page. This is possible with at least one free to use website. From there, customers enter that code into the bot, which provides a cost of the data in U.S. dollars and the option to proceed with the purchase, according to Motherboard's tests. A Page with tens of thousands of likes from Facebook users can cost a few hundred dollars, the bot shows. The data for Motherboard's own Page would return 134,803 results and cost $539, for example.

Read more of this story at Slashdot.

;
'Why It's Easier To Move Country Than Switch Social Media'
Cory Doctorow, writing at Wired: When we talk about social media monopolies, we focus too much on network effects, and not enough on switching costs. Yes, it's true that all your friends are already stuck in a Big Tech silo that doesn't talk to any of the other Big Tech silos. It needn't be that way: interoperable platforms have existed since the first two Arpanet nodes came online. You can phone anyone with a phone number and email anyone with an email address. The reason you can't talk to Facebook users without having a Facebook account isn't that it's technically impossible -- it's that Facebook forbids it. What's more, Facebook (and its Big Tech rivals) have the law on their side: the once-common practice of making new products that just work with existing ones (like third-party printer ink, or a Mac program that can read Microsoft Office files, or an emulator that can play old games) has been driven to the brink of extinction by Big Tech. They were fine with this kind of "competitive compatibility" when it benefited them, but now that they dominate the digital world, it's time for it to die. To restore competitive compatibility, we would need reform to many laws: software copyright and patents, the anti-circumvention laws that protect digital rights management, and the cybersecurity laws that let companies criminalize violations of their terms of service.

Read more of this story at Slashdot.

;
NAME:WRECK Vulnerabilities Impact Millions of Smart and Industrial Devices
Catalin Cimpanu, reporting at Record: Security researchers have found a new set of vulnerabilities that impact hundreds of millions of servers, smart devices, and industrial equipment. Called NAME:WRECK, the vulnerabilities have been discovered by enterprise IoT security firm Forescout as part of its internal research program named Project Memoria -- which the company describes as "an initiative that aims at providing the cybersecurity community with the largest study on the security of TCP/IP stacks." Although never visible to end-users, TCP/IP stacks are libraries that vendors add to their firmware to support internet connectivity and other networking functions for their devices. These libraries are very small but, in most cases, underpin the most basic functions of a device, and any vulnerability here exposes users to remote attacks. The NAME:WRECK research is the fifth set of vulnerabilities impacting TCP/IP libraries that have been disclosed over the past three years, and the third set disclosed part of Project Memoria.

Read more of this story at Slashdot.

;
T-Mobile, Verizon, and AT&T Have Reportedly Killed Their RCS Joint Venture
According to a new report from Light Reading, the three major U.S. carriers (four at the time) have reportedly abandoned their joint venture to launch a new Cross Carrier Messaging Initiative (CCMI), that promised interoperability for an RCS Universal Profile-based messaging standard. It was originally set to be launched in 2020. [For a detailed explanation of RCS Messaging, we recommend this article.] Android Police reports: Although the company handling the logistics behind the cross-carrier effort claims that it's still "continuing to move forward with preparations," a Verizon spokesperson told Light Reading that "the owners of the Cross Carrier Messaging Initiative decided to end the joint venture effort." [...] This may seem like bad news, but things have changed since 2019. In the time since the CCMI was announced, Google leapfrogged the carrier's selfish dithering and rolled out its own RCS messaging solution via the Messages app, all connected to its Jibe network (though it will use your carrier network if it's Universal Profile-compatible). It's a move that means customers don't have to wait on their carriers to start the work they should have done five years ago. More recently, T-Mobile has essentially handed the reins for its whole network messaging solution to Google by adopting Messages as the default SMS app for all T-Mobile phones, connecting all its customers to Google's RCS network. Given what has and hasn't succeeded when it comes to RCS messaging, what we'd like to see is for Verizon and AT&T to follow T-Mobile, give up on their own stupid standards, and simply adopt Google's RCS Messaging -- either by connecting their chat apps to Google's Jibe network somehow or by adopting the Messages app as sanctioned solutions, as T-Mobile did. But in the meantime, there's nothing to prevent customers on either network from just installing the Messages app themselves and bypassing the carrier mess altogether -- especially since it sounds like the carriers have given up on fixing it.

Read more of this story at Slashdot.

;
FCC Urges Americans To Run Internet Speed App To Counter Broadband Data Fudging
The FCC is encouraging netizens to use its internet speed mobile app in an effort to finally get accurate broadband data across the United States. The Register reports: In an announcement on Monday, the telecoms regulator noted that "the app provides a way for consumers to test the performance of their mobile and in-home broadband networks" and "provides the test results to the FCC." It stops far short of saying that the data will be used to make policy decisions, however, saying only that the figures gathered "will help to inform the FCC's efforts to collect more accurate and granular broadband deployment data." The public push doesn't mean that things are going to get better soon. Big Cable has aggressively -- and successfully -- argued in the past that data provided by users over an app is not sufficiently robust to form the basis of governmental decisions. And so the FCC will have to use the results as a way to push for change rather than use the data to make direct decisions. Everybody, including numerous states, cities, congressfolk and the GAO, know that the official FCC data provided by ISPs is not worth the paper it's written on. But broader usage of the app should expose just how inaccurate official figures are, which should in turn provide enough impetus for change. The bigger question is whether enough progress is made in the next four years to make any difference.

Read more of this story at Slashdot.

;
Australia's NDIS Gets a Government App With Blockchain But No Ethics
An anonymous reader quotes a report from ZDNet: Good news, disabled Australians! You'll soon be getting an app that will implement a welfare compliance regime designed by the people who brought you robo-debt. But don't worry, it'll have blockchain. No, this isn't good news at all. What makes it worse is that it's clear the government wants to extend technology-driven compliance to all Australians, with an emphasis on cracking down on your mistakes, not theirs. Kathryn Campbell, Secretary of the Department of Social Services, says the long-term plan is to have one app for all Commonwealth government services. "One to rule the world," she said last month, apparently oblivious to how evil that sounds. Senators are already worried that the disability app, intended to be used by participants in the National Disability Insurance Scheme (NDIS) to claim expenses against their support plan, will go the way of COVIDSafe: Millions of dollars spent on technology that doesn't really do the job. The intention was to fix a poor web experience, and allow claims to be made from a mobile device. But instead of simply creating a better website, in 2018, the Digital Transformation Agency (DTA) joined forces with CSIRO's Data61 and the Commonwealth Bank to trial blockchain-based smart money that would magically know whether the expense was legitimate or not. According to the CEO of the National Disability Insurance Agency (NDIA), Martin Hoffman, that pilot app has been "very popular and well-received," and the feedback has been "extremely positive." The app will be "fully available in the coming months, first on Google Play and then Apple's app store," he said. "Given the horrendously complex NDIS environment, defective processes and vulnerable people, there needs to be considerable caution in the application of blockchain technology," wrote former NDIS Technology Authority chief Marie Johnson in a submission [PDF] to the Parliamentary Joint Standing Committee on the NDIS. "Blockchain in itself -- as with other technology innovations -- does not address fundamental design and human rights issues. Ethics is paramount. The involvement of the Commonwealth Bank itself raises further ethics issues, given the value of participant data; the size of the market; and the yet to be realized emarket honey pot of data, funds and services." You can view the detailed "Making Money Smart: Empowering NDIS participants with Blockchain technologies" report here (PDF).

Read more of this story at Slashdot.

;
Genetic Mistakes That Could Shape Our Species
Slashdot reader omfglearntoplay shares an excerpt from a BBC article that explores the new technologies that may have already introduced genetic errors to the human gene pool. The article starts by mentioning He Jiankui, a Shenzhen researcher who was sentenced to prison in late 2019 for creating the world's first genetically altered babies. From the report: Jiankui had made the first genetically modified babies in the history of humankind. After 3.7 billion years of continuous, undisturbed evolution by natural selection, a life form had taken its innate biology into its own hands. The result was twin baby girls who were born with altered copies of a gene known as CCR5, which the scientist hoped would make them immune to HIV. But things were not as they seemed. In the years since, it's become clear that Jiankui's project was not quite as innocent as it might sound. He had broken laws, forged documents, misled the babies' parents about any risks and failed to do adequate safety testing. However, arguably the biggest twist were the mistakes. It turns out that the babies involved, Lulu and Nana, have not been gifted with neatly edited genes after all. Not only are they not necessarily immune to HIV, they have been accidentally endowed with versions of CCR5 that are entirely made up -- they likely do not exist in any other human genome on the planet. And yet, such changes are heritable -- they could be passed on to their children, and children's children, and so on. In fact, there have been no shortage of surprises in the field. From the rabbits altered to be leaner that inexplicably ended up with much longer tongues to the cattle tweaked to lack horns that were inadvertently endowed with a long stretch of bacterial DNA in their genomes (including some genes that confer antibiotic resistance, no less) -- its past is riddled with errors and misunderstandings. More recently, researchers at the Francis Crick Institute in London warned that editing the genetics of human embryos can lead to unintended consequences. By analyzing data from previous experiments, they found that approximately 16% had accidental mutations that would not have been picked up via standard tests. Why are these mistakes so common? Can they be overcome? And how could they affect future generations?

Read more of this story at Slashdot.

;
Detroit Man Sues Police For Wrongfully Arresting Him Based On Facial Recognition
A man who was falsely accused of shoplifting has sued the Detroit Police Department for arresting him based on an incorrect facial recognition match. The American Civil Liberties Union filed suit on behalf of Robert Williams, whom it calls the first US person wrongfully arrested based on facial recognition. The Verge reports: The Detroit Police Department arrested Williams in 2019 after examining security footage from a shoplifting incident. A detective used facial recognition technology on a grainy image from the video, and the system flagged Williams as a potential match based on a driver's license photo. But as the lawsuit notes, facial recognition is frequently inaccurate, particularly with Black subjects and a low-quality picture. The department then produced a photo lineup that included Williams' picture, showed it to a security guard who hadn't actually witnessed the shoplifting incident, and obtained a warrant when that guard picked him from the lineup. Williams -- who had been driving home from work during the incident -- spent 30 hours in a detention center. The ACLU later filed a formal complaint on his behalf, and the prosecutor's office apologized, saying he could have the case expunged from his records. The ACLU claims Detroit police used facial recognition under circumstances that they should have known would produce unreliable results, then dishonestly failed to mention the system's shortcomings -- including a "woefully substandard" image and the known racial bias of recognition systems.

Read more of this story at Slashdot.

;
NSA Helps Out Microsoft With Critical Exchange Server Vulnerability Disclosures
April showers bring hours of patches as Microsoft delivers its Patch Tuesday fun-fest consisting of over a hundred CVEs, including four Exchange Server vulnerabilities reported to the company by the US National Security Agency (NSA). The Register reports: Forty-four different products and services are affected, mainly having to do with Azure, Exchange Server, Office, Visual Studio Code, and Windows. Among the vulnerabilities, four have been publicly disclosed and a fifth is being actively exploited. Nineteen of the CVEs have been designated critical. "This month's release includes a number of critical vulnerabilities that we recommend you prioritize, including updates to protect against new vulnerabilities in on-premise Exchange Servers," Microsoft said in its blog post. "These new vulnerabilities were reported by a security partner through standard coordinated vulnerability disclosure and found internally by Microsoft. We have not seen the vulnerabilities used in attacks against our customers. Clicking through Microsoft's coy links to CVE-2021-28480 (9.8 severity), CVE-2021-28481 (9.8 severity), CVE-2021-28482 (8.8 severity), and CVE-2021-28483 (9.0 severity), you'll find the unspecified security partner is the NSA. Exchange Server 2013 CU23, Exchange Server 2016 CU19 and CU20, and Exchange Server 2019 CU8 and CU9 are affected by this set of problems. "NSA urges applying critical Microsoft patches released today, as exploitation of these #vulnerabilities could allow persistent access and control of enterprise networks," the signals intelligence agency said via Twitter.

Read more of this story at Slashdot.

;
Inspur, China's Largest Cloud Hardware Vendor, Joins Open-Source Patent Consortium
An anonymous reader quotes a report from ZDNet: The Open Invention Network (OIN) defends the intellectual property (IP) rights of Linux and open-source software developers from patent trolls and the like. This is a global fight and now the OIN has a new, powerful allied member in China: Inspur. Inspur is a leading worldwide provider and China's leading data center infrastructure, cloud computing, and artificial intelligence (AI) server providers. While not a household name like Lenovo, Inspur ranks among the world's top-three server manufacturers. Inspur is only the latest of many companies to join the OIN. Besides such primarily hardware-oriented companies as Inspur, Baidu, China's largest search engine company, and global banks such as Barclays and the TD Bank Group, have joined the OIN. In 2021, companies far removed from traditional Linux companies such as Canonical, Red Hat, and SUSE all recognize Linux and OSS's importance. Donny Zhang, VP of Inspur information, said, "Linux and open source are critical elements in technologies which we are developing and provisioning. By joining the Open Invention Network, we are demonstrating our continued commitment to innovation, and supporting it with patent non-aggression in core Linux and adjacent open-source software." "Linux is rewriting what is possible in infrastructure computing," says OIN CEO Keith Bergelt. "OSS-based cloud computing and on-premise data centers are driving down the cost-per-compute while significantly increasing businesses' ability to provision AI and machine-learning (ML) capabilities. We appreciate Inspur's participation in joining OIN and demonstrating its commitment to innovation and patent non-aggression in open source."

Read more of this story at Slashdot.

;
School Custodian Refuses To Download Phone App That Monitors Location, Says It Got Her Fired
Michelle Dionne, a former employee at a cleaning company in Darwell, Alberta, says she was fired for refusing to download an app that would check her location and ensure she was working her scheduled hours. CBC.ca reports: Dionne says she was thrilled to get the job last fall -- responsible for things like disinfecting door handles, light switches and bathrooms to prevent possible spread of the coronavirus. When her boss told her to download the app, Dionne says she was concerned about her privacy. The app would go on her personal phone and, she says, her boss didn't clearly explain how it worked or what would happen to any data it collected.[...] The app, called Blip, generates a geofence -- a virtual boundary, created by the employer using GPS -- that detects when an employee enters or leaves. The app registers a signal from the worker's cell phone, when their "locations" setting is turned on, so the boss can tell whether an employee is on site and how many hours that person works. It only registers an employee's location when they enter and exit the geofence and doesn't track their specific movements. It's not clear where that data is stored, or whether any other employee information might be included. Go Public reached out to the maker of the app, U.K.-based BrightHR. Spokesperson Natalie Shallow said, although the app collects data, that data "belongs to the customer organization" -- meaning, the company using the app -- and therefore is subject to the company's own policies. The data's protection "complies with all applicable laws, including Alberta's Personal Information Protection Act," Shallow said. Dionne worried about where the information might end up. She knew apps like Instagram, Facebook and others had been breached. She says no one told her how securely the information would be protected. Dionne's former boss admits she didn't know where the data generated by Blip would be stored when she introduced the app to her workforce last fall. "I never asked that question and it never came up in my mind to ask," said Hanan Yehia, founder and owner of H.Y. Cleaning Services, which operates cleaning services for eight locations in northern Alberta. She says after Dionne raised concerns, she went back to BrightHR for more information and was told employees' movements within the geofence are not specifically monitored. Yehia says she shared that information with Dionne. The app was a solution to a problem, says Yehia -- she was looking for a way to simplify payroll by easily tracking hours and making sure employees who claimed they were working were actually on the job. "We had some issues in some locations where they would say they were on site, that they were working, but they weren't," she said, clarifying that attendance was not an issue with Dionne. She also says Dionne's refusal to download the app wasn't the sole reason she was fired.

Read more of this story at Slashdot.

;
Las Vegas Pushes To Become First To Ban Ornamental Grass
With a first-in-the-nation policy, Las Vegas is seeking to ban grass that nobody walks on. "Las Vegas-area water officials have spent two decades trying to get people to replace thirsty greenery with desert plants, and now they're asking the Nevada Legislature to outlaw roughly 40% of the turf that's left," reports The Associated Press. By outlawing this ornamental grass that requires four times as much water as drought-tolerant landscaping, the region can reduce annual water consumption by roughly 15% and save about 14 gallons of water per person per day. From the report: The proposal is part of a turf war waged since at least 2003, when the water authority banned developers from planting green front yards in new subdivisions. It also offers owners of older properties the region's most generous rebate policies to tear out sod -- up to $3 per square foot. Those efforts are slowing. The agency says the number of acres converted under its rebate program fell last year to six times less than what it was in 2008. Meanwhile, water consumption in southern Nevada has increased 9% since 2019. Justin Jones, a Clark County commissioner who serves on the water authority's board, doesn't think ripping out ornamental turf will upend people's lives. "To be clear, we are not coming after your average homeowner's backyard," he said. But grass in the middle of a parkway, where no one walks: "That's dumb." "The only people that ever set foot on grass that's in the middle of a roadway system are people cutting the grass," Jones said. The agency has different regulations for yards and public parks. Based on satellite imaging, it believes banning ornamental grass will primarily affect common areas maintained by homeowner associations and commercial property owners.

Read more of this story at Slashdot.

;
Global PC Market Swells by 55% in Q1 2021 To 82.7 Million
The latest data from research firm Canalys shows continued strength in the worldwide PC market in the first quarter of 2021, with shipments of desktops and notebooks, including workstations, up 55% year on year. From the report: Though this growth rate was buoyed by a weak Q1 2020, total shipments of 82.7 million units is still impressive, and the highest Q1 shipment number since 2012. Backlogs on orders from 2020, particularly for notebooks, were a key driver, though new demand is also a factor as smaller businesses begin their recoveries. Shipments of notebooks and mobile workstations increased 79% year on year to reach 67.8 million units. Desktops improved slightly at the start of 2021 after a string of poor quarters in 2020, with the level of shipment decline easing. Shipments of desktop and desktop workstations fell 5% year on year to 14.8 million units. The strong recovery from a weak Q1 2020 saw all vendors in the top five achieve double-digit year-on-year shipment growth. Lenovo maintained pole position in the PC market, securing a 25% market share and posting year-on-year growth of 61%, with shipments of 20.4 million units. HP, spurred by strong Chromebook shipments, came second with total shipments of 19.2 million units, a 64% increase on Q1 2020. Dell lost market share against Q4, but took third place in the rankings, growing shipments 23% year on year to hit 12.9 million units. Apple and Acer made up the rest of the top five, shipping 6.6 million and 5.7 million units to enjoy the highest and second-highest annual growth respectively. Cumulatively, the top five vendors accounted for 78.5% of all PC shipments in Q1 2021.

Read more of this story at Slashdot.

;
Tech Workers At the New York Times Have Formed a Union
An anonymous reader quotes a report from The Verge: Tech workers at The New York Times have formed a union under the NewsGuild of New York, and they are demanding voluntary recognition from the paper's management. The new union, called the Tech Times Guild, represents more than 650 workers from the digital side of the company, including software engineers, designers, and data analysts. Those employees are not included in the editorial union of The New York Times, which represents more than 3,000 reporters and media professionals at the newspaper and is also organized under NewsGuild. The editorial union has historically excluded employees on the digital side of the paper, even as the company has expanded into more ambitious data and digital work. As a result, the Tech Times Guild is seeking a separate bargaining unit, which would negotiate separately with the Times management. "As of now, we face a number of challenges," the Tech Times Guild said in a statement on Twitter, "including sudden or unexplained termination, opaque promotion processes, unpaid overtime, and underinvestment in diverse representation. Without a union, we lack the data or bargaining rights to address these issues." The Times has not formally responded to the union's request for recognition. "Voluntary recognition is a significant decision," The New York Times Company said in a statement. "We have heard questions from colleagues such as what a union would mean for staff, who might be included in the union, and how colleagues would have a say in who might represent them. We want to make sure all voices are heard."

Read more of this story at Slashdot.

;
EU Poised To Set AI Rules That Would Ban Surveillance and Social Behavior Ranking
The European Union is poised to ban artificial intelligence systems used for mass surveillance or for ranking social behavior, while companies developing AI could face fines as high as 4% of global revenue if they fail to comply with new rules governing the software applications. From a report: The rules are part of legislation set to be proposed by the European Commission, the bloc's executive body, according to a draft of the proposal obtained by Bloomberg. The details could change before the commission unveils the measure, which is expected to be as soon as next week. The EU proposal is expected to include the following rules: * AI systems used to manipulate human behavior, exploit information about individuals or groups of individuals, used to carry out social scoring or for indiscriminate surveillance would all be banned in the EU. Some public security exceptions would apply. * Remote biometric identification systems used in public places, like facial recognition, would need special authorization from authorities. * AI applications considered to be 'high-risk' would have to undergo inspections before deployment to ensure systems are trained on unbiased data sets, in a traceable way and with human oversight. * High-risk AI would pertain to systems that could endanger people's safety, lives or fundamental rights, as well as the EU's democratic processes -- such as self-driving cars and remote surgery, among others. * Some companies will be allowed to undertake assessments themselves, whereas others will be subject to checks by third-parties. Compliance certificates issued by assessment bodies will be valid for up to five years. * Rules would apply equally to companies based in the EU or abroad.

Read more of this story at Slashdot.

;
There's Another Facebook Phone Number Database Online
An online tool lets customers pay to unmask the phone numbers of Facebook users that liked a specific Page, and the underlying dataset appears to be separate from the 500 million account database that made headlines last week, signifying another data breach or large scale scraping of Facebook users' data, Motherboard reports. From the report: Motherboard verified the tool, which comes in the form of a bot on the social network and messaging platform Telegram, outputs accurate phone numbers of Facebook users that aren't included in the dataset of 500 million users. The data also appears to be different to another Telegram bot outputting Facebook phone numbers that Motherboard first reported on in January. "Hello, can you tell me how you got my number?" one person included in the dataset asked Motherboard when reached for comment. "Omg, this is insane," they added. Another person returned Motherboard's call and, after confirming their name, said "If you have my number then yes it seems the data is accurate." A description for the bot reads "The bot give [sic] out the phone numbers of users who have liked the Facebook page." To use the bot, customers need to first identify the unique identification code of the Facebook Page they want to get phone numbers from, be that a band, restaurant, or any other sort of Page. This is possible with at least one free to use website. From there, customers enter that code into the bot, which provides a cost of the data in U.S. dollars and the option to proceed with the purchase, according to Motherboard's tests. A Page with tens of thousands of likes from Facebook users can cost a few hundred dollars, the bot shows. The data for Motherboard's own Page would return 134,803 results and cost $539, for example.

Read more of this story at Slashdot.

;
'Why It's Easier To Move Country Than Switch Social Media'
Cory Doctorow, writing at Wired: When we talk about social media monopolies, we focus too much on network effects, and not enough on switching costs. Yes, it's true that all your friends are already stuck in a Big Tech silo that doesn't talk to any of the other Big Tech silos. It needn't be that way: interoperable platforms have existed since the first two Arpanet nodes came online. You can phone anyone with a phone number and email anyone with an email address. The reason you can't talk to Facebook users without having a Facebook account isn't that it's technically impossible -- it's that Facebook forbids it. What's more, Facebook (and its Big Tech rivals) have the law on their side: the once-common practice of making new products that just work with existing ones (like third-party printer ink, or a Mac program that can read Microsoft Office files, or an emulator that can play old games) has been driven to the brink of extinction by Big Tech. They were fine with this kind of "competitive compatibility" when it benefited them, but now that they dominate the digital world, it's time for it to die. To restore competitive compatibility, we would need reform to many laws: software copyright and patents, the anti-circumvention laws that protect digital rights management, and the cybersecurity laws that let companies criminalize violations of their terms of service.

Read more of this story at Slashdot.

;
NAME:WRECK Vulnerabilities Impact Millions of Smart and Industrial Devices
Catalin Cimpanu, reporting at Record: Security researchers have found a new set of vulnerabilities that impact hundreds of millions of servers, smart devices, and industrial equipment. Called NAME:WRECK, the vulnerabilities have been discovered by enterprise IoT security firm Forescout as part of its internal research program named Project Memoria -- which the company describes as "an initiative that aims at providing the cybersecurity community with the largest study on the security of TCP/IP stacks." Although never visible to end-users, TCP/IP stacks are libraries that vendors add to their firmware to support internet connectivity and other networking functions for their devices. These libraries are very small but, in most cases, underpin the most basic functions of a device, and any vulnerability here exposes users to remote attacks. The NAME:WRECK research is the fifth set of vulnerabilities impacting TCP/IP libraries that have been disclosed over the past three years, and the third set disclosed part of Project Memoria.

Read more of this story at Slashdot.

;