AI

How AI Can Infer Human Emotions (oreilly.com) 23

An anonymous reader quotes OReilly.com's interview with the CEO of Affectiva, an emotion-measurement technology company that grew out of MIT's Media Lab. We can mine Twitter, for example, on text sentiment, but that only gets us so far. About 35-40% is conveyed in tone of voice -- how you say something -- and the remaining 50-60% is read through facial expressions and gestures you make. Technology that reads your emotional state, for example by combining facial and voice expressions, represents the emotion AI space. They are the subconscious, natural way we communicate emotion, which is nonverbal and which complements our language... Facial expressions and speech actually deal more with the subconscious, and are more unbiased and unfiltered expressions of emotion...

Rather than encoding specific rules that depict when a person is making a specific expression, we instead focus our attention on building intelligent algorithms that can be trained to recognize expressions. Through our partnerships across the globe, we have amassed an enormous emotional database from people driving cars, watching media content, etc. A portion of the data is then passed on to our labeling team, who are certified in the Facial Action Coding System...we have gathered 5,313,751 face videos, for a total of 38,944 hours of data, representing nearly two billion facial frames analyzed.

They got their start testing advertisements, and now are already working with a third of all Fortune 500 companies. ("We've seen that pet care and baby ads in the U.S. elicit more enjoyment than cereal ads -- which see the most enjoyment in Canada.") One company even combined their technology with Google Glass to help autistic children learn to recognize emotional cues.
Security

Hacker Steals 17 Million Zomato Users' Data, Briefly Puts It On Dark Web (hackread.com) 32

Waqas reports via Hack Read: Recently, HackRead found out a vendor going by the online handle of âoenclayâ is claiming to have hacked Zomato and selling the data of its 17 million registered users on a popular Dark Web marketplace. The database includes emails and password hashes of registered Zomato users while the price set for the whole package is USD 1,001.43 (BTC 0.5587). The vendor also shared a trove of sample data to prove that the data is legit. Here's a screenshot of the sample data publicly shared by "nclay." Upon testing the sample data on Zomato.com's login page, it was discovered that each and every account mentioned in the list exists on Zomato. Although Zomato didn't reply to our email but in their latest blog post the company has acknowledged the breach. Here's a full preview of the blog post published by Zomato 7hours ago: "Over 120 million users visit Zomato every month. What binds all of these varied individuals is the desire to enjoy the best a city has to offer, in terms of food. When Zomato users trust us with their personal information, they naturally expect the information to be safeguarded. And that's something we do diligently, without fail. We take cyber security very seriously -- if you've been a regular at Zomato for years, you'd agree."
Databases

Font Sharing Site DaFont Has Been Hacked, Exposing Thousands of Accounts (zdnet.com) 17

A popular font sharing site DaFont.com has been hacked, resulting in usernames, email addresses, and hashed passwords of 699,464 user accounts being stolen. ZDNet reports: The passwords were scrambled with the deprecated MD5 algorithm, which nowadays is easy to crack. As such, the hacker unscrambled over 98 percent of the passwords into plain text. The site's main database also contains the site's forum data, including private messages, among other site information. At the time of writing, there were over half-a-million posts on the site's forums. The hacker told ZDNet that he carried out his attack after he saw that others had also purportedly stolen the site's database. "I heard the database was getting traded around so I decided to dump it myself -- like I always do," the hacker told me. Asked about his motivations, he said it was "mainly just for the challenge [and] training my pentest skills." He told me that he exploited a union-based SQL injection vulnerability in the site's software, a flaw he said was "easy to find." The hacker provided the database to ZDNet for verification.
Open Source

Open Source SQL Database CockroachDB Hits 1.0 (infoworld.com) 80

An anonymous reader quotes InfoWorld: CockroachDB, an open source, fault-tolerant SQL database with horizontal scaling and strong consistency across nodes -- and a name few people will likely forget -- is now officially available. Cockroach Labs, the company behind its development, touts CockroachDB as a "cloud native" database solution -- a system engineered to run as a distributed resource. Version 1.0 is available in both basic and for-pay editions, and both boast features that will appeal to enterprises.

The company is rolling the dice with its handling of the enterprise edition by also making those components open source and trusting that enterprises will pay for what they use in production.

Databases

Azure Goes Database Crazy With One New NoSQL, Two New SQL Services (arstechnica.com) 39

An anonymous reader quotes a report from Ars Technica: In its continued efforts to make Azure a platform that appeals to the widest range of developers possible, Microsoft announced a range of new features at Build, its annual developer conference. Many of the features shown today had a data theme to them. The most novel feature was the release of Cosmos DB, a replacement for, or upgrade to, Microsoft's Document DB NoSQL database. Cosmos DB is designed for "planet-scale" applications, giving developers fine control over the replication policies and reliability. Replicated, distributed systems offer trade-offs between latency and consistency; systems with strong consistency wait until data is fully replicated before a write is deemed to be complete, which offers consistency at the expense of latency. Systems with eventual consistency mark operations as complete before data is fully replicated, promising only that the full replication will occur eventually. This improves latency but risks delivering stale data to applications. Document DB offered four different options for the replication behavior; Cosmos DB ups that to five. The database scales to span multiple regions, with Microsoft offering service level agreements (SLAs) for uptime, performance, latency, and consistency. There are financial penalties if Microsoft misses the SLA requirements. Many applications still call for traditional relational databases. For those, Microsoft is adding both a MySQL and a PostgreSQL service; these provide the familiar open source databases in a platform-as-a-service style, removing the administrative overhead that comes of using them and making it easier to move workloads using them into Azure. The company is also offering a preview of a database-migration service that takes data from on-premises SQL Server and Oracle databases and migrates it to Azure SQL Database. Azure SQL Database has a new feature in preview called "Managed Instances" that offers greater compatibility between on-premises SQL Server and the cloud variant, again to make workload migration easier.
The Internet

Pepe the Frog Is Dead (theguardian.com) 358

An anonymous reader quotes a report from The Guardian: The creator of Pepe the Frog has symbolically killed off the cartoon frog, effectively surrendering control of the character to the far right. Matt Furie, an artist and children's book author, created the now-infamous frog as part of his "Boy's Club" series on MySpace in 2005. Pepe took on a life of its own online as a meme, before being eventually adopted as a symbol by the "alt-right" in the lead-up to last year's U.S. election. In September, Hillary Clinton identified Pepe the Frog as a racist hate symbol, and Pepe was added to the Anti-Defamation League's database of hate symbols. Furie launched a campaign to "Save Pepe," flooding the internet with "peaceful or nice" depictions of the character in a bid to shake its association with white supremacy and antisemitism. But he now seems to have conceded defeat, killing the character off in a one-page strip for the independent publisher Fantagraphics' Free Comic Book Day. It showed Pepe laid to rest in an open casket, being mourned by his fellow characters from Boy's Club.
The Internet

A New Use For Browser Fingerprints: Defeating Spoofing (browserprint.info) 64

AnonymousCube writes: Researchers at the University of Adelaide have found a new use for browser fingerprints: uncovering and defeating spoofing by web browsers. By using machine learning on browser fingerprints they were able to correctly guess the OS or browser family of a browser 90% of the time, and defeat operating system and browser family spoofing 76% of the time. This was done with small training sets of less than 1000 fingerprints, so accuracy with a much larger training set, like the size of the EFF's Panopticlick database should give even better results; you can help prove this, and see what their site thinks your browser family and OS is, by submitting your fingerprint to their site.
Oracle

In Oracle's Cloud Pitch To Enterprises, an Echo of a Bygone Tech Era (siliconangle.com) 55

An anonymous reader writes: Oracle sought to position itself once again this week as the best place for everything companies need to move to cloud computing. On Thursday, executives at the database and business software giant distanced Oracle from public cloud leaders such as Amazon Web Services, Google Cloud Platform and Microsoft Azure that provide computing, storage and other services to corporations looking to reduce or eliminate their data centers. "Our cloud is more comprehensive than any other cloud in the market today, a full end-to-end cloud," said David Donatelli, Oracle's executive vice president of converged infrastructure. "We design from the chip all the way up to the application, fully vertically integrated." What's interesting about that messaging, which Oracle has been refining since at least its OpenWorld conference last September, is not simply the competitive positioning. Oracle is essentially saying that the nature of cloud computing suggests customers need to move away from the notion that has dominated information technology since personal computers and PC-based servers began to displace mainframes and minicomputers: cherry-picking the best applications and hardware and cobbling together their own IT setups. In short, Oracle contends, it's time for another broad swing back to the integrated, uber-suppliers of a bygone era of technology. Of course, the new tech titans such as Google, Facebook and Amazon arguably wield as much power in their particular domains of advertising and e-commerce as the Big Blue of old. But it has been a long time since a soup-to-nuts approach has worked for enterprise tech companies, and for those few still attempting it, such as Dell and Oracle, it's far from obvious it will work. The cloud, Oracle contends, may well change that.
Android

User Expresses Privacy Concerns After Software Update Replaces Default Phone App (martinruenz.de) 95

An anonymous reader writes: Since I am not living in my home country, I frequently use two different SIM cards and prefer having a phone with dual-sim support. This limits your choice significantly when buying a new device and last time I bought one, I opted for the Wileyfox Swift. It was cheap, had most features I desired and shipped with CyanogenMod (Android) -- which, I thought, might indicate that Wileyfox delivers a slim, privacy-aware system. Yesterday, I was delighted to see that Wileyfox provides an update to a new version of Android (7.1.1) and I didn't hesitate long to install the upgrade. Concerns that the hardware might not hold-up to the new system showed to be unfounded and everything seemed to work just fine. But when I realised that the dialler now labelled itself as 'truecaller' -- something I had never heard of, shoot, I didn't even know the dialler is an app -- it gave rise to a bad suspicion: Is some of my phone's core functionality now provided by a 3rd-party app? Indeed. Does it respect my privacy? No. Can I uninstall it again? No. Was I ever asked to comply with their terms and conditions? Of course not. On top of this, Truecaller doesn't seem to have a clean background. Here's how an Indian daily (Truecaller seems to be popular in emerging regions) described the app: Truecaller is a popular app that shows you contact details of unknown numbers calling you. It crowdsources contact details from all its users' address books. So even if you've never used the service, your name and number could be on Truecaller's database, thanks to someone else who's saved your contact details and allowed the app to access them.
Security

Security Researcher and Alleged Spam Operator To Square Off In Court In Ugly Lawsuit (bleepingcomputer.com) 56

An anonymous reader writes: River City Media, the company accused of running a huge spam operation, has filed a lawsuit against the security researcher and the journalist who exposed their activities. In a ludicrous lawsuit complaint, the company claims the security researcher didn't just stumble upon its unprotected Rsync server, but "perpetrated a coordinated, months-long cyberattack," during which it skirted firewall rules to access its server, used a VPN to disguise his identity, deleted critical files, and published his findings to make a name for himself as an elite security researcher. The company claims the researcher accessed Dropbox and HipChat logs, and even its PayPal account, from where it used funds to purchase various domains. The only evidence the company has is that the person who purchased the domains used a ProtonMail email, just like the researcher, who also uses a ProtonMail email. Remind you, this is the same security researcher, Chris Vickery, who discovered a Reuters database of supposed terrorism suspects, national voter databases for various U.S. states and Mexico, and various other companies.
Security

A Database of Thousands of Credit Cards Was Left Exposed on the Open Internet (zdnet.com) 37

A US online pet store has exposed the details of more than 110,400 credit cards used to make purchases through its website, researchers have found. From a report on ZDNet: In a stunning show of poor security, the Austin, TX-based company FuturePets.com exposed its entire customer database, including names, postal and email addresses, phone numbers, credit card information, and plain-text passwords. Several customers that we reached out to confirmed some of their information when it was provided by ZDNet, but did not want to be named. The database was exposed because of the company's own insecure server and use of "rsync," a common protocol used for synchronizing copies of files between two different computers, which wasn't protected with a username or password.
Security

British Cops Will Scan Every Fan's Face At the Champions League Final (vice.com) 89

Using a new facial recognition surveillance system, British police will scan every fan's face at the UEFA Champions League on June 3rd and compare them to a police database of some 500,000 "persons of interest." "According to a government tender issued by South Wales Police, the system will be deployed during the day of the game in Cardiff's main train station, as well as in and around the Principality Stadium situated in the heart of Cardiff's central retail district." From the report: Cameras will potentially be scanning the faces of an estimated 170,000 visitors plus the many more thousands of people in the vicinity of the bustling Saturday evening city center on match day, June 3. Captured images will then be compared in real time to 500,000 custody images stored in the police information and records management system alerting police to any "persons of interest," according to the tender. The security operation will build on previous police use of Automated Facial Recognition, or AFR technology by London's Metropolitan Police during 2016's Notting Hill Carnival.
Databases

Five Years Later, Legal Megaupload Data Is Still Trapped On Dead Servers (arstechnica.com) 82

An anonymous reader quotes a report from Ars Technica: It's been more than five years since the government accused Megaupload and its founder Kim Dotcom of criminal copyright infringement. While Dotcom himself was arrested in New Zealand, U.S. government agents executed search warrants and grabbed a group of more than 1,000 servers owned by Carpathia Hosting. That meant that a lot of users with gigabytes of perfectly legal content lost access to it. Two months after the Dotcom raid and arrest, the Electronic Frontier Foundation filed a motion in court asking to get back data belonging to one of those users, Kyle Goodwin, whom the EFF took on as a client. Years have passed. The U.S. criminal prosecution of Dotcom and other Megaupload executives is on hold while New Zealand continues with years of extradition hearings. Meanwhile, Carpathia's servers were powered down and are kept in storage by QTS Realty Trust, which acquired Carpathia in 2015. Now the EFF has taken the extraordinary step of asking an appeals court to step in and effectively force the hand of the district court judge. Yesterday, Goodwin's lawyers filed a petition for a writ of mandamus (PDF) with the U.S. Court of Appeals for the 4th Circuit, which oversees Virginia federal courts. "We've been asking the court for help since 2012," said EFF attorney Mitch Stolz in a statement about the petition. "It's deeply unfair for him to still be in limbo after all this time."
Databases

Microsoft Will Support Python In SQL Server 2017 (infoworld.com) 98

There was a surprise in the latest Community Technology Preview release of SQL Server 2017. An anonymous reader quotes InfoWorld: Python can now be used within SQL Server to perform analytics, run machine learning models, or handle most any kind of data-powered work. This integration isn't limited to enterprise editions of SQL Server 2017, either -- it'll also be available in the free-to-use Express edition... Microsoft has also made it possible to embed Python code directly in SQL Server databases by including the code as a T-SQL stored procedure. This allows Python code to be deployed in production along with the data it'll be processing. These behaviors, and the RevoScalePy package, are essentially Python versions of features Microsoft built for SQL Server back when it integrated the R language into the database...

An existing Python installation isn't required. During the setup process, SQL Server 2017 can pull down and install its own edition of CPython 3.5, the stock Python interpreter available from the Python.org website. Users can install their own Python packages as well or use Cython to generate C code from Python modules for additional speed.

Except it's not yet available for Linux users, according to the article. "Microsoft has previously announced SQL Server would be available for Linux, but right now, only the Windows version of SQL Server 2017 supports Python."
Google

Google's Featured Snippets Are Damaging To Small Businesses that Depend On Search Traffic (theoutline.com) 144

The Outline tells the story of CelebrityNetWorth.com, a website launched in 2008 that tells you how much a celebrity is worth. The site was an instant success, but things have turned sore in the last two years. The creator of the website Brian Warner blames Google for it. From the article: For most of its history, Google was like a librarian. You asked a question, and it guided you to the section of the web where you might find the answer. But over the past five years, Google has been experimenting with being an oracle. Type in a question, and you might see a box at the top of the search results page with the answer in large bold type. [...] In 2014, Warner received an email from Google asking if he would be interested in giving the company access to his data in order to scrape it for Knowledge Graph, for free. He said no, as he feared the traffic would plummet. [...] In February 2016, Google started displaying a Featured Snippet for each of the 25,000 celebrities in the CelebrityNetWorth database, Warner said. He knew this because he added a few fake listings for friends who were not celebrities to see if they would pop up as featured answers, and they did. "Our traffic immediately crumbled," Warner said. He acknowledged the risks in building a site that depends so heavily on Google for search traffic, and whose research can easily be reduced to a single number. But he still thinks what Google did is unfair.
United States

Steve Ballmer's New Project: Find Out How the Government Spends Your Money (theverge.com) 251

Former Microsoft CEO Steve Ballmer isn't satisfied with owning the Los Angeles Clippers and teaching at Stanford and USC. On Tuesday, the billionaire announced USAFacts, his new startup that aims to improve political discourse by making government financial data easier to access. A small "army" of economists, professors and other professionals will be looking into and publishing data structured similarly to the 10-K filings companies issue each year -- expenses, revenues and key metrics pulled from dozens of government data sources and compiled into a single massive collection of tables. From a report on The Verge: The nonpartisan site traces $5.4 trillion in government spending under four categories derived from language in the US Constitution. Defense spending, for example, is categorized under the header "provide for the common defense," while education spending is under "secure the blessing of liberty to ourselves and our prosperity." Spending allocation and revenue sources are each mapped out in blue and pink graphics, with detailed breakdowns along federal, state and local lines. Users can also search for specific datasets, such as airport revenue or crime rates, and the site includes a report of "risk factors" that could inhibit economic growth. The New York Times has the story on how this startup came to be.
Programming

Ask Slashdot: How Would You Stop The Deployment Of Unapproved Code Changes? 324

Over a million lines of code -- in existence for over 10 years -- gets updates in six-week "sprints" using source control and bug-tracking systems. But now an anonymous reader writes: In theory users report bugs, the developers "fix" the bugs, the users test and accept the fix, and finally the "fix" gets released to production as part of a larger change-set. In practice, the bug is reported, the developers implement "a fix", no one else tests it (except for the developer(s) ), and the "fix" gets released with the larger code change set, to production.

We (the developers) don't want to release "fixes" that users haven't accepted, but the code changes often include changes at all levels of the stack (database, DOAs, Business Rules, Webservices and multiple front-ends). Multiple code changes could be occurring in the same areas of code by different developers at the same time, making merges of branches very complex and error prone. Many fingers are in the same pie. Our team size, structure and locations prevent having a single gatekeeper for code check-ins... What tools and procedures do you use to prevent un-approved fixes from being deployed to production as part of the larger code change sets?

Fixes are included in a test build for users to test and accept -- but what if they never do? Leave your best answers in the comments. How woud you stop un-approved code changes from being deployed?
Transportation

Cadillac's Hands-Free Driving Option Also Nags Inattentive Drivers (theverge.com) 68

Using LIDAR sensors, Cadillac mapped 160,000 miles of U.S. highways "within five centimeters of accuracy" to give its hands-free-on-the-highway cars the ability to better anticipate the roads ahead -- and to know when a human driver should take over. An anonymous reader writes: "The car can see farther than the sensors on the car with the map..." says the chief engineer for Cadillac's new "Super Cruise" hands-free driving option for highways, "so if we have a sharp curve, we can anticipate that." The system also gives Cadillac's vehicles a safety check not available to Tesla, which can't stop drivers from using Tesla's semi-autonomous Autopilot even when they're not on a highway. "We know where the car is because of the LIDAR map and the other data in the car," says a product communications manager at Cadillac. "Therefore we have the ability to geofence it."

In addition, The Verge reports that if drivers look away for more than 30 seconds, "the car will know thanks to an infrared camera attached to the top of the steering column. Eyes closed? The car will know and start a sequence of alerts to get the driver's focus back on the road. It can even see through UV-blocking sunglasses." While the camera doesn't record or store data, it will flash a strip of red LED lights embedded in the top of the steering wheel "if the driver is caught not paying attention."

Cadillac plans to create and transmit an updated map every year, and will also regularly update its map by "constantly" checking the database from the Transportation Department, and deploying own trucks to draw new maps of construction areas.
Security

Unpatched Magento Zero Day Leaves 200,000 Merchants Vulnerable (threatpost.com) 29

An anonymous reader quotes ThreatPost: A popular version of the open source Magento ecommerce platform is vulnerable to a zero-day remote code execution vulnerability, putting as many as 200,000 online retailers at risk... According Bosko Stankovic, information security engineer at DefenseCode, despite repeated efforts to notify Magento, which began in November 2016, the vulnerability remains unpatched despite four version updates since the disclosure. Affected versions of the Magento Community Edition software include v. 2.1.6 and below. DefenseCode did not examine Magento Enterprise, the commercial version of the platform, but warns both share the same underlying vulnerable code... The remote code execution (RCE) vulnerability is tied to the default feature in Magento Community Edition that allows administrators to add Vimeo video content to product descriptions.
DefenseCode says the exploit can be mitigated by enforcing Magento's "Add Secret Keys To URLS" feature, warning in a paper that the hole otherwise "could lead to remote code execution and thus the complete system compromise including the database containing sensitive customer information such as stored credit card numbers and other payment information." Magento has confirmed the exploit, says they're investigating it, and promises they'll address it in their next patch release.
Network

Former Sysadmin Accused of Planting 'Time Bomb' In Company's Database (bleepingcomputer.com) 143

An anonymous reader writes: Allegro MicroSystems LLC is suing a former IT employee for sabotaging its database using a "time bomb" that deleted crucial financial data in the first week of the new fiscal year. According to court documents, after resigning from his job, a former sysadmin kept one of two laptops. On January 31, Patel entered the grounds of the Allegro headquarters in Worcester, Massachusetts, just enough to be in range of the factory's Wi-Fi network. Allegro says that Patel used the second business-use laptop to connect to the company's network using the credentials of another employee. While connected to the factory's network on January 31, Allegro claims Patel, who was one of the two people in charge of Oracle programming, uploaded a "time bomb" to the company's Oracle finance module. The code was designed to execute a few months later, on April 1, 2016, the first week of the new fiscal year, and was meant to "copy certain headers or pointers to data into a separate database table and then to purge those headers from the finance module, thereby rendering the data in the module worthless." The company says that "defendant Patel knew that his sabotage of the finance module on the first week of the new fiscal year had the maximum potential to cause Allegro to suffer damages because it would prevent Allegro from completing the prior year's fiscal year-end accounting reconciliation and financial reports."

Slashdot Top Deals