Tech News

A team of researchers from Standford University launched a new, free, and open source TV streaming service called Puffer, as part of their non-profit academic research study. It is led by Francis Yan, a doctoral student, Computer Science, Stanford University, Sadjad Fouladi, Hudson Ayers, and Chenzhi Zhu. Puffer uses machine learning to improve video-streaming algorithms. “We are trying to figure out how to teach a computer to design new algorithms that reduce glitches and stalls in streaming video (especially over wireless networks and those with limited capacities, such as in rural areas),” say the researchers. Puffer is mainly focused on three algorithms, namely, “congestion-control” (decides when to send each piece of data), “throughput forecasters” (predicts how long it will take to send a certain amount of data over an Internet connection), and “adaptive-bitrate” (ABR) (algorithms that decide what quality of video to send for best picture quality). The project is limited to only 500 participants at a time. Participants would need to watch TV channels on Puffer and stream them over their Internet connections a few hours each week. As the participants are streaming the TV channels on the Puffer website, it will begin to automatically experiment with different algorithms to control the timing and quality of video sent to them. They will then analyze how the resulting computer-designed algorithm performs and work. Puffer is a free service and doesn’t show any ads. Puffer is capable of only re-transmitting the free over-the-air broadcast TV signals and allows streaming of up to six TV stations. These include CBS (KPIX 5), NBC (KNTV 11), ABC (KGO 7), FOX (KTVU 2), PBS (KQED 9), and Univision (KDTV 14). The  Puffer project has received funding in part by the NSF and DARPA. It has also received support from Google, Huawei, VMware, Dropbox, Facebook, and the Stanford Platform Lab. “Puffer is unique from previous academic studies...we hope that this approach will produce substantial benefits over prior work, but only time will tell”, say the researchers. For more information on Puffer, check out its official website. Researchers introduce a machine learning model where the learning cannot be proved Researchers release unCaptcha2, a tool that uses Google’s speech-to-text API to bypass the reCAPTCHA audio challenge Researchers design ‘AnonPrint’ for safer QR-code mobile payment: ACSC 2018 Conference

The recent data breach in MEGA, a popular cloud service, leaked about 87GB of data including 772,904,991 unique email addresses and over 21 million unique passwords and distributed in a folder dubbed "Collection #1" by hackers. This breach was first reported by a security researcher, Troy Hunt. The link to the dump was posted on a hacking forum, but has been since taken down from the service. https://twitter.com/haveibeenpwned/status/1085656743663693825 According to a Wired report, “While it’s difficult to confirm exactly where all that info came from, it appears to be something of a breach of breaches; that is to say, it claims to aggregate over 2,000 leaked databases that contain passwords whose protective hashing has been cracked.” “It just looks like a completely random collection of sites purely to maximize the number of credentials available to hackers. There’s no obvious patterns, just maximum exposure”, Hunt said. Hunt has uploaded all the email addresses and passwords into his site, haveibeenpwned. This allows users to be notified when their email has been tangled in a breach, or check if a password has been exposed and has to be changed. Wired states that around 140 million email accounts and over 10 million unique passwords in Collection #1 are new to Hunt’s database. This means that they do not just duplicate from prior megabreaches. “These are all plain text passwords. If we take a breach like Dropbox, there may have been 68 million unique email addresses in there, but the passwords were cryptographically hashes making them very difficult to use”, Hunt said. He also said that all this data was openly available to anyone on the popular cloud storage site and then on a public hacking site. The only way to stay safe is to never reuse a password for multiple sites. Hunt says, “It might be contrary to traditional thinking, but writing unique passwords down in a book and keeping them inside your physically locked house is a damn sight better than reusing the same one all over the web.” To know more about this breach in detail, visit Troy Hunt’s blog post. Internal memo reveals NASA suffered a data breach compromising employees social security numbers Justice Department’s indictment report claims Chinese hackers breached business  and government network Former Senior VP’s take on the Mariott data breach; NYT reports suspects Chinese hacking ties

Last year we saw some major data breaches and top companies compromising user data. This year naturally the sentiments are strongly inclining towards protecting user’s data privacy. Just two days ago, U.S. Senator introduced a bill titled ‘American Data Dissemination (ADD) Act’ for creating federal standards of privacy protection for big companies including Google, Amazon, and Facebook. The U.S. Congress is yet to pass this bill. Yesterday, Tim Cook, CEO, Apple, asked the U.S. Congress to introduce a national privacy law for securing users’ personal data, while attacking the shadow economy which trades users’ data without their consent. https://twitter.com/guardian/status/1085847219419267073 In a statement to TIME magazine, Mr. Cook said, “Last year, before a global body of privacy regulators, I laid out four principles that I believe should guide legislation” The first one was the right to have personal data minimized. According to this principle, companies should challenge themselves for identifying information from customer data or avoid collecting it in the first place. The second one is the right to knowledge, which states the right to know what data is being collected and why. The third principle is the right to access which states companies should make it easy for users to access, correct and delete their personal data. And lastly, the right to data security, without which trust is not possible. According to Cook, companies that sell data will have to register with the Federal Trade Commission. Users and lawmakers are also unaware of the secondary markets who use personal information of users and fall under shadow economy. He pointed out that few companies are into trading user data and how most of the users are unaware of it. He says, “One of the biggest challenges in protecting privacy is that many of the violations are invisible. For example, you might have bought a product from an online retailer – something most of us have done. But what the retailer doesn’t tell you is that it then turned around and sold or transferred information about your purchase to a ‘data broker’ – a company that exists purely to collect your information, package it and sell it to yet another buyer.” In November, the campaign group Privacy International filed complaints asking regulators to investigate whether the basis of their businesses was working against GDPR, the European privacy regulation. Post which, top data brokers, companies such as Experian, Acxiom, Oracle, and Criteo, came under scrutiny in Europe. Ailidh Callander, Privacy International’s legal officer, said in a press release, “The data broker and ad-tech industries are premised on exploiting people’s data. Most people have likely never heard of these companies, and yet they are amassing as much data about us as they can and building intricate profiles about our lives. GDPR sets clear limits on the abuse of personal data.” Tim Cook called for comprehensive federal privacy legislation in the US for establishing a registry of data brokers, which would let consumers check what data of theirs is getting sold. The users will further have the right to easily remove their data from that market. He writes in the TIME magazine, “I and others are calling on the US Congress to pass comprehensive federal privacy legislation - a landmark package of reforms that protect and empower the consumer.” Tim Cook said in a statement to TIME magazine, “Let’s be clear: you never signed up for that. We think every user should have the chance to say, Wait a minute. That’s my information that you’re selling, and I didn’t consent.” Tim said companies should minimize the amount of data they collect and make an easier way for users to delete it. Tim Cook seems to have hit the chord with the public with this call. https://twitter.com/antoniogm/status/1085968094730674180 https://twitter.com/SecurityBeat/status/1086022312015642625 One of the users commented on Twitter, “You have a first-party relationship with FB/TWTR/etc. They show you ads on their service, you manage your data on it (which can be deleted or de-activated). They have to face whatever user outrage they cause.” Users won’t let their data getting compromised and are much agitated by platforms like Facebook. Few users are even thinking of deactivating their accounts on Facebook. A new privacy bill was introduced for creating federal standards for privacy protection aimed at big tech firms like Facebook, Google and Amazon Project Erasmus: Former Apple engineer builds a user interface that responds to environment light Cyber security researcher withdraws public talk on hacking Apple’s Face ID from Black Hat Conference 2019: Reuters report

Yesterday, Facebook open-sourced Spectrum 1.0.0, a cross-platform image transcoding library for Android and iOS that makes uploading larger images easier. Spectrum has also improved the reliability and quality of image uploads across all Facebook apps. With Spectrum now open source, users can fully debug it and add support for new codecs using its plugin architecture. Facebook uses Spectrum in-house across all of its mobile apps. It is an all in one package for performing image-manipulation tasks for lowering file-sizes and improving resizing, cropping, and transcoding. Features of Spectrum 1.0.0 High-quality output Spectrum uses Mozjpeg to achieve higher quality file size ratio. Spectrum makes image operations easier by cropping and rotating lossless. It focuses on increasing the quality for graphical content with operations like disabling chroma sampling. Prevents common missteps Since Spectrum's API is declarative, it helps in preventing common missteps such as incomplete handling of EXIF metadata. Written in C/C++ It is written in portable C/C++ so users can adopt it to their environment. Java and Objective-C APIs are thin wrappers around the C++ core that makes development easier. C++ core allows higher execution speed for computational operations and provides control over allocations. This core allows sharing between apps on Android and iOS which makes outputs more consistent. Automatic behavior definition using Recipes Spectrum is unique because it does not require developers to manually, step-by-step define all behaviors. Instead, the developers just state what the desired outcome is, and the library takes it from there. Spectrum makes this possible by using ‘recipes’, that are bundled with the plugins used by the library and sorted by Facebook. Recipes help developers in choosing the optimal execution sequence for individual requests. For example, the JPEG plugin will provide recipes for the lossless cropping and rotation of JPEG images. Integration with Mozilla JPEG Integration with MozJpeg, a native library, helps Spectrum to control encoding parameters beyond the general purpose platform APIs. It helps developers to utilize intensive encoding, which requires more time for processing but significantly reduces the file size. Other minor features Spectrum 1.0.0 can write interlaced PNG files. This release supports consuming JPEG images with 4:1:1 and 4:4:0 chroma subsampling. For iOS bitmaps, Spectrum 1.0.0 will default to 4:2:0 chroma subsampling. This release is built with proper SIMD support for mozjpeg on Android ARMv7. It optimizes the interplay between pixel-perfect resizing and decoder sampling. Hacker news users are excited about this news and are relieved that they don’t have to recreate a bunch of scaffolding around image encoders. Users are also comparing this library with other apps like ImageOptim, a free Mac app that can handle JPEG, GIF and PNG and Google's Guetlzi that can reach 20-40% compression without any loss of quality. All is not bright, however. Users have also expressed concerns with using Spectrum saying that Facebook provides the worst image compression. One user commented on HackerNews, “Facebook photos are compressed to a point where they look horrible. Why would anyone want to use this? I do not see what this benefits any developer over just using mozjpeg with better settings.” Some users are unhappy with Messenger videos too. Another user commented, “If any Facebook compression engineer reads this, please fix the sound in Messenger videos! The sound bitrate is absolutely terrible, only for ridiculous bandwidth savings.” Also, there are issues with the name as there are other products with the same name. A comment reads, “I like how there are 2 products called Spectrum on the front page and they are completely unrelated. Anyway, this lib looks pretty ok for its purpose.” Another comment reads, “There's also the article that wants to sell you a spectrum analyzer to search your hotel room for bugs.” 3 out of 4 users don’t know Facebook categorizes them for ad targeting; with political and racial affinity being some labels: Pew Research A new privacy bill was introduced for creating federal standards for privacy protection aimed at big tech firms like Facebook, Google and Amazon Facebook plans to invest $300 million to support local journalism

On Monday, Google announced that it has partnered with Automattic Inc., the parent company of WordPress.com, to develop an advanced open-source publishing and revenue-generating platform for news organizations named Newspack. Under the Google News Initiative, they have invested $1.2 million towards their efforts in building this platform. The purpose of this platform is to help journalists put their full energy in covering stories instead of worrying about designing websites, configuring CMSes, or building commerce systems. Google mentioned in the post, “It is trying to help small publishers succeed by building best practices into the product while removing distractions that may divert scarce resources. We like to call it "an opinionated CMS:” it knows the right thing to do, even when you don’t.” It will also provide publishers full access to all the plugins created by the WordPress developer community. Automattic, in an announcement, called for small and medium-sized digital news organizations to become charter participants in the development of Newspack. If you want to become one of the partners, you can fill in the form issued by Automattic, which is due by 11:59 p.m. Eastern Time (UTC -5:00) on February 1. The platform’s beta version is estimated to be released near the end of July and will be made available to publishers globally later this year. To get a better idea of the features and capabilities needed by publishers and their business impact, Automattic will be working with Spirited Media and News Revenue Hub. Spirited Media operates local digital news sites in Denver, Philadelphia, and Pittsburgh, and News Revenue Hub provides revenue solutions for digital publishers. In addition to Google, other funding organizations for this platform include The Lenfest Institute for Journalism, ConsenSys, the organization backing Civil Media, and The John S. and James L. Knight Foundation. WordPress 5.0 (Bebo) released with improvements in design, theme and more Introduction to WordPress Plugin Google and Waze share their best practices for canary deployment using Spinnaker

The TensorFlow team released a developer preview of the newly added GPU backend support for TensorFlow Lite, earlier this week. A full open-source release for the same is planned to arrive later in 2019. The team has been using the TensorFlow Lite GPU inference support at Google for several months now in their products. For instance, using the new GPU backend accelerated the foreground-background segmentation model by over 4x and the new depth estimation model by over 10x vs. Similarly, using GPU backend support for the YouTube Stories and Playground Stickers, the team saw an increase in speed by up to 5-10x in their real-time video segmentation model across a variety of phones. They found out that the new GPU backend is much faster in performance (2-7x times faster) as compared to original floating point CPU implementation for different deep neural network models. The team also notes that GPU speed is most significant on more complex neural network models involving dense prediction/segmentation or classification tasks. For small models the speedup could be less and using CPU would be more beneficial as it would avoid latency costs during memory transfers. How does it work? The GPU delegate first gets initialized once the interpreter::ModifyGraphWithDelegate() is called in Objective-C++ or by calling Interpreter’s constructor with Interpreter.Options in Java. During this process, a canonical representation of the input neural network is built over which a set of transformation rules are applied. After this, the compute shaders are generated and compiled. GPU backend currently makes use of OpenGL ES 3.1 Compute Shaders on Android and Metal Compute Shaders on iOS. Various architecture-specific optimizations are employed while creating compute shaders. After the optimization is complete, the shader programs are compiled and the new GPU inference engine gets ready. Depending on the inference for each input, inputs are moved to GPU if required, shader programs get executed, and outputs are moved to CPU if necessary. The team intends to expand the coverage of operations, finalize the APIs and optimize the overall performance of the GPU backend in the future. For more information, check out the official TensforFlow Lite GPU inference release notes. Building your own Snapchat-like AR filter on Android using TensorFlow Lite [ Tutorial ] TensorFlow 2.0 to be released soon with eager execution, removal of redundant APIs, tf function and more Google AdaNet, a TensorFlow-based AutoML framework

Yesterday, the Microsoft Security Response Center (MSRC) announced the launch of the Azure DevOps Bounty program. This is a program launched to solidify the security provided to Azure DevOps customers. They are offering rewards up to US$20,000 if you can find eligible vulnerabilities in Azure DevOps online and Azure DevOps server. The bounty rewards range from $500 to $20,000 US. The reward will depend on Microsoft’s discretion on the severity and impact of a vulnerability. It will also depend on the quality of the submission subject to their bounty terms and conditions. Products in focus of this program are Azure DevOps services which was previously known as Visual Studio Team Services and the latest versions of Azure DevOps Server and Team Foundation Server. The goal of the program is to find any eligible vulnerabilities that may have a direct security impact on the customer base. For a submission to be eligible, it should fulfil the following criteria: Identifying a previously unreported vulnerability in one of the services or products. The web application vulnerabilities must impact supported browsers for Azure DevOps server, services, or plug-ins. The submission should have documented steps that are clear and reproducible. It can be text or video. Any necessary information to quickly reproduce and understand the issue can result in faster response and higher rewards. Any submissions that Microsoft thinks are not eligible in this criteria may be rejected. You can send your submissions to secure@microsoft.com with the help of bug submission guidelines. Participants are requested to use the Coordinated Vulnerability Disclosure when reporting the vulnerabilities. Note that there are no restrictions on how many vulnerabilities you can report or the rewards for it. When there are multiple submissions, the first one will be chosen for the reward. For more details about the eligible vulnerabilities and the Microsoft Azure DevOps bounty program, visit the Microsoft website. 8 ways Artificial Intelligence can improve DevOps Azure DevOps outage root cause analysis starring greedy threads and rogue scale units Microsoft open sources Trill, a streaming engine that employs algorithms to process “a trillion events per day”

Yesterday, the Rust team announced the release of Rust 1.32 in a blog post. The new version of the Rust programming language brings improvements to the quality of life, switches to the default allocator, and makes more functions const. Addition of the dbg macro in Rust 1.32 If you are a “print debugger”, you must have wanted to print out some value while working on code. Using something like println!("{:?}", x); isn’t fast enough. It is also a bit too much just to simply show the value of x. Also, there is no context here, if there are several println! statements, it is hard to distinguish between them. Rust now has a new package called dbg specifically for this purpose: fn main() {    let x = 5;       dbg!(x); } On running the above code, you will get: [src/main.rs:4] x = 5 In the output, you will see the file, line number, name, and value. While println! prints to the standard output, the dbg! function prints to the stderr. dbg! even works in more complex circumstances like factorial, iterations, etc. jemalloc is removed in Rust 1.32 In Rust’s initial years, it had a large Erlang type runtime. The developers then chose jemalloc instead of the system allocator for better performance. Over time, most of this runtime was removed except jemalloc. jemalloc was kept for users who would still need it. While it has great performance in most cases, it was not always the case. It adds 300kb to every Rust binary and has other issues. The core developers also thought it was strange that a systems language does not default to the system allocator. Hence Rust 1.28 had shipped with a global allocator. The work for using a system allocator is now finished and it can be used for all Rust programs now. jemalloc can still be used if you want to, via a crate in the Cargo.toml. Module improvements The last two Rust releases had some performance improvements to the module system. Rust 1.32 comes with something called “uniform paths” which allows import path statements to be resolved the same way as non-import paths. This was previously invalid. Efforts to revise the system module is now complete and the following code will now work. enum Color { Red, Green, Blue } use Color::*; Macro improvements A new literal string matcher is added. It matches against literals of any type. This includes string literals, numeric literals, and char literals. In Rust 2018 edition, macro_rules can also use ? to match 0 or 1 repetitions of the pattern. Library changes Other than the dbg! library, 19 functions were made cont. Now, all integral numeric primitives give conversion functions to and from byte-arrays that have specified endianness. There are six functions named as: to_<endian>_bytes and from_<endian>_bytes, in which <endian> is one of the following: ne - native endianness le - little endian be - big endian Cargo now has cargo_c as an alias for cargo_check and now usernames in registry URLs are allowed. These were the highlights of the changes in Rust 1.32, for a complete list of changes and fixes, visit the release notes. How has Rust and WebAssembly evolved in 2018 Rust Survey 2018 key findings: 80% developers prefer Linux, WebAssembly growth doubles, and more Red Hat announces full support for Clang/LLVM, Go, and Rust

Yesterday, the team behind Django released Django 2.2 alpha 1.0. Django 2.2 is designated as LTS, which means it will receive security updates for at least three years after its expected release in April 2019. This version will come with two new constraints classes, some minor features, and deprecates Meta.ordering. It is compatible with Python 3.5, 3.6, and 3.7. Here are some of the updates that Django 2.2 will come with: Constraints: Two new constraint classes are defined in django.db.models.constraints for adding custom database constraints, namely, CheckConstraint and UniqueConstraint. These classes are also imported into django.db.models for convenience. django.contrib.auth: A request argument is added to the RemoteUserBackend.configure_user() method as the first positional argument, if it accepts it. django.contrib.gis: Oracle support is added for the Envelope function and SpatiaLite support for the coveredby and covers lookups. django.contrib.postgres: A new ordering argument is added to the ArrayAgg and StringAgg classes for determining the ordering of aggregated elements. With new BTreeIndex, HashIndex, and SpGistIndex classes, you can now create B-Tree, hash, and SP-GiST indexes in the database. Internationalization: Support and translations are added for the Armenian language. Backward incompatible updates Database backend API: These are some of the changes that will be needed in third-party database backends: They must support table check constraints or set DatabaseFeatures.supports_table_check_constraints to False. Support for ignoring constraints or uniqueness errors while inserting is needed or you can set DatabaseFeatures.supports_ignore_conflicts to False. Support for partial indexes is needed or you can set DatabaseFeatures.supports_partial_indexes to False. DatabaseIntrospection.table_name_converter() and column_name_converter() are now removed. Third-party database backends will may have to implement DatabaseIntrospection.identifier_converter() instead. Other changes Admin actions: In this version, admin actions now follow standard Python inheritance and are no longer collected from the base ModelAdmin classes. TransactionTestCase serialized data loading: At the end of the test, initial data migrations are now loaded in TransactionTestCase after the flush. Earlier, this data was loaded at the beginning of the test, which prevented the test --keepdb option from working properly. sqlparse: The sqlparse module will be automatically installed with Django as it is now a required dependency. This change is done to simplify a few parts of Django’s database handling. Permissions for proxy models: You can now create permissions for proxy models using the content type of the proxy model rather than the content type of the concrete model. Django 2.1.2 fixes major security flaw that reveals password hash to “view only” admin users Django 2.1 released with new model view permission and more Python web development: Django vs Flask in 2018

On Monday, Eran Davidovich, a System Operations Engineer at Waze and Théo Chamley, Solutions Architect at Google Cloud shared their experience on using Spinnaker for canary deployments. Waze estimated that canary deployment helped them prevent a quarter of all incidents on their services. What is Spinnaker? Developed at Netflix, Spinnaker, is an open source, multi-cloud continuous delivery platform that helps developers to manage app deployments on different computing platforms including Google App Engine, Google Kubernetes Engine, AWS, Azure, and more. This platform also enables you to implement advanced deployment methods like canary deployment. In this type of deployment, developers roll out the changes to a subset of users to analyze whether or not the code release provides the desired outcome. If this new code poses any risks, you can mitigate it before releasing the update to all users. In April 2018, Google and Netflix introduced a new feature for Spinnaker called Kayenta using which you can create an automated canary analysis for your project. Though you can build your own canary deployment or other advanced deployment patterns, Spinnaker and Kayenta together are aimed at making it much easier and reliable. The tasks that Kayenta automates includes fetching user-configured metrics from their sources, running statistical tests, and providing an aggregating score for the canary. On the basis of the aggregated score and set limits for success, Kayenta automatically promotes or fails the canary, or triggers a human approval path. Canary best practices Check out the following best practices to ensure that your canary analyses are reliable and relevant: Instead of comparing the canary against the production, compare it against a baseline. This is because many differences can skew the results of the analysis such as cache warmup time, heap size, load-balancing algorithms, and so on. The canary should be run for enough time, at least 50 pieces of time-series data per metric, to ensure that the statistical analysis is relevant. Choose metrics that represent different aspects of your applications’ health. Three aspects are very critical as per the SRE book, which includes latency, errors, and saturation. You must put a standard set of reusable canary configs in place. This will come in handy for anyone in your team as a starting point and will also keep the canary configurations maintainable. Thunderbird welcomes the new year with better UI, Gmail support and more Introducing Azure DevOps Server 2019 RC1 with better UI, Azure SQL support and more! AIOps – Trick or Treat?

The Washington-based Pew Research Center released a report that shares the results of its survey based on Facebook user data, yesterday. The survey was conducted on a sample of Facebook users (963 U.S. Facebook users aged 18 years and above) who were asked to present their opinion on the data collected about them by the platform. The nationally representative survey was conducted by the Pew Institute between September 4, 2018, and October 1, 2018. Respondents of the survey were asked to answer a series of questions related to the content present on the Facebook ad categories page. Facebook allows its users to view a “partial compilation” of how they are classified on its “Your ad preferences” page. All the results of this analysis are based on these self-reported answers. Let’s have a look at the key findings from the survey. 60% of Facebook users are assigned 10+ categories on their ad preferences page The report states that Facebook ad preferences page consists of “your categories” tab i.e. a list of a user’s interests analyzed by Facebook’s algorithm based on content that they have posted, liked, commented on or shared.                                                    Pew Institute survey As per the survey results: 88% of American said that they are assigned categories in this system, while 11% saw a message saying, “You have no behaviours” on the ad preferences page. A large majority of Facebook users have 10 or more categories listed on the page. Six-in-ten Facebook users said that their preferences page had either 10 to 20 (27%) or 21 or more (33%) categories for them. 27% noted that their list had fewer than 10 categories. 40% of users who go on Facebook multiple times a day are listed in 21 or more categories as compared to 16% of the “less-than-daily” Facebook users. Facebook users who have been on the platform for 10 years or longer (44%) have higher chances of being listed in 21 or more categories as compared to those with less than five years of Facebook experience (22%). 74% of Facebook users didn’t know the platform lists their interests for advertisers As per the survey results: Three-quarters of Facebook users (74%) did not know the list of categories existed on Facebook, with 12% saying that they were aware of it. 59% of Facebook users say the list was very (13%) or somewhat (46%) accurate about their interests, while 27% of them found the list not very (22%) or not at all ( 5%) accurate. Pew Institute survey Almost half of the Facebook users (51%) said answered that they were not comfortable with Facebook creating the ‘interests list’. 5% of Facebook users were very comfortable with the list and another 31% said that they are somewhat comfortable. Facebook’s political and ‘racial affinity’ labels don’t necessarily match users’ views Facebook assigns political labels to its users. Users who are assigned a political label are equally divided between “liberal or very liberal (34%)”, “conservative or very conservative “(35%) and “moderate” (29%). Pew Institute survey As per the survey results: Close to three-quarters (73%) of the ones assigned a label says the listing is’ very accurate’ or ‘somewhat accurate’ about their views. However, 27% of those say that label is not very or not at all accurate. Facebook’s algorithm also assigns some of its users to groups by “multicultural affinity,” that are assigned to users whose activities “aligns with” certain cultures. About 21% of the Facebook users say they are assigned such an affinity. 60% of the Facebook users assigned with multicultural affinity say they have a “very” or “somewhat” strong affinity for the group they were assigned, while 37% say they do not have a strong affinity. 57% of the Facebook users assigned a group say they consider themselves a member of that group, with 39% saying they are not members of that group. “We want people to understand how our ad settings and controls work..while we and the rest of the online ad industry need to educate people on how interest-based advertising works and how we protect people’s information, we welcome conversations about transparency and control”, Facebook told The Verge. Check out the official Pew research centre report here. Private International shares its findings on how popular Android apps send user data to Facebook without user consent NYT says Facebook has been disclosing personal data to Amazon, Microsoft, Apple and other tech giants; Facebook denies claims with obfuscating press release ProPublica shares learnings of its Facebook Political Ad Collector project

On Tuesday, the Securities and Exchange Commission (SEC) at Oklahoma charged nine defendants who participated in a previously disclosed scheme to hack into SEC’s EDGAR corporate filing system and extracted nonpublic information for use in illegal trading. The charged defendants were, a Ukrainian hacker, six individual traders in California, Ukraine, and Russia, and two entities. According to a CNBC report, “The scheme allegedly netted $4.1 million for fraudsters from the U.S., Russia, and Ukraine. Using 157 corporate earnings announcements, the group was able to execute trades on material nonpublic information. Most of those filings were "test filings," which corporations upload to the SEC's website.” Craig Carpenito, U.S. Attorney for the District of New Jersey, said, “After hacking into the EDGAR system they stole drafts of [these] reports before the information was disseminated to the general public.” According to Carpenito, the hacked documents included quarterly earnings, mergers and acquisitions plans and other sensitive news. Also, the criminals were able to view it before it was released as a public filing, thus affecting the individual companies' stock prices. The alleged hackers also executed trades on the reports and sold them to other illicit traders. One inside trader made $270,000 in a single day, Carpenito said. The hack was carried out by sending a malicious software via email to the SEC employees. Carpenito said, after planting the software on the SEC computers, the hackers sent the information they were able to gather from the EDGAR system to servers in Lithuania, where they either used it or distributed the data to other criminals. According to SEC official press report, “the hacker and some of the traders were also involved in a similar scheme to hack into newswire services and trade on information that had not yet been released to the public.” Steven Peikin, Enforcement Division Co-Director alongside Avakian, said, “The trader defendants charged today are alleged to have taken multiple steps to conceal their fraud, including using an offshore entity and nominee accounts to place trades. Our staff’s sophisticated analysis of the defendants’ trading exposed the common element behind their success, providing overwhelming evidence that each of them traded based on information hacked from EDGAR.” Know more about this news in detail in SEC’s official press release report. Hyatt Hotels launches public bug bounty program with HackerOne Black Hat hackers used IPMI cards to launch JungleSec Ransomware, affects most of the Linux servers Cybersecurity researcher withdraws public talk on hacking Apple’s Face ID from Black Hat Conference 2019: Reuters report

Lately, big companies like Google, Amazon, Facebook and few others have come under the light for their data privacy issues. Users blindly accept the current structure of most of the privacy policies, which in turn affects users’ privacy and data. The U.S. lacks a national law that regulates the collection and use of personal data. Yesterday, Marco Rubio (R-Fla.), U.S. Senator introduced a bill titled ‘American Data Dissemination (ADD) Act’ for creating federal standards of privacy protection for big companies like Google, Amazon, and Facebook. ADD act uses Privacy Act of 1974 as its framework and thus provides transparency and accountability from the tech industry while protecting small businesses and start-ups. The Federal Trade Commission (FTC) is yet to make suggestions for regulations based on the Privacy Act of 1974. The FTC needs to give detailed privacy requirements within six months that would be similar to the requirements under the 1974 Privacy Act. This bill requires Congress to pass legislation within two years or the FTC will write the rules itself. In a statement to The Hill, Rubio said, “If Congress does not act on the FTC’s recommendations within two years, my bill gives the FTC authority to issue a final rulemaking based on the Privacy Act framework.” The American Data Dissemination (ADD) Act would let the FTC write recommendations to Congress regarding what privacy rules should look like for commercial services like Facebook, Amazon, Google based on a 1974 law which created rules for federal agencies. According to Rubio, the smaller companies should be exempted from new rules and they are finding a way out. One year after the date on which the Commission has submitted recommendations, the FTC will submit proposed regulations to the appropriate Congress Committees for imposing privacy requirements. If the Congress fails to enact a law based on the recommendations provided by two years then FTC will pass a final rule within 27 months after the date of enactment for imposing privacy requirements. Rubio believes that these recommendations will give Congress a direction for drafting legislation that will protect consumers and capabilities of the internet economy. According to him, any national privacy law must provide clear and consistent protections that consumers and companies can understand, and also the FTC can enforce. He clearly states, “we also cannot tolerate inaction.” According to a post by Axios, Congressional Democrats have given an indication that they will only agree to preempt state laws, and new rules will come into effect in 2020, in California. In a press release, Rubio stated, “There has been a growing consensus that Congress must take action to address consumer data privacy. However, I believe that any efforts to address consumer privacy must also balance the need to protect the innovative capabilities of the digital economy that have enabled new entrants and small businesses to succeed in the marketplace. That is why I am introducing the American Data Dissemination Act, which will protect small businesses and startups while ensuring that consumers are provided with overdue rights and protections. It is critical that we do not create a regulatory environment that entrenches big tech corporations. Congress must act, but it is even more important that Congress act responsibly to create a transparent, digital environment that maximizes consumer welfare over corporate welfare.” According to Rubio, big companies like Facebook, Apple, Amazon, Netflix, Google, and others would welcome regulations that will prevent start-ups and smaller competitors from challenging their dominance. Rubio said in a statement to The Hill, “While we may have disagreements on the best path forward, no one believes a privacy law that only bolsters the largest companies with the resources to comply and stifles our start-up marketplace is the right approach.” The American Data Dissemination (ADD) Act aims to exempt smaller organizations from the new rules which act against the proposed Grand Bargain on Data Privacy Legislation for America which states, “Do not exempt organizations based on size.” The Grand Bargain on Data Privacy Legislation for America bill states, “Include a limited right to rectification for sensitive data collected by critical services.” Even this goes against the ADD act as it stands for consumer data privacy and doesn’t leave any space for sensitive data being accessed. The Grand Bargain on Data Privacy Legislation for America states, “Create data protection rules based on both the type of data and the type of entity collecting the data.” The data is categorized as sensitive and non-sensitive data. But this again works against the ADD act as the bill doesn’t compromise on consumer data. To know more about this news, check out the press release and the bill. Congress passes ‘OPEN Government Data Act’ to make open data part of the US Code ITIF along with Google, Amazon, and Facebook bargain on Data Privacy rules in the U.S. Google Home and Amazon Alexa can no longer invade your privacy; thanks to Project Alias!

In a blog post, an AirBnb guest shares his experience of staying at a property and to his shock there were cameras in the rooms. You’re off to a vacation to somewhere, naturally you need a place to stay. In this digitized age, AirBnB seems to be the go to stay service. It is popular and was considered a reliable service by many. But over the years their service has noticeably degraded with complaints from guests. Among many of the cases, the delayed solution or the lack thereof has left the guests dissatisfied. In this case, the matter did take a turn of events to present the guest with redressal. Jeffrey Bigham, a computer science professor at Carnegie Mellon University was staying in an AirBnB. Initially, he noticed a white object in the top corner of the room he rented. Upon further inspection he found that it was a camera. He found another near the bathroom exit. In the online page for the property, there were pictures of the rooms in which one camera was seen but barely. The description mentioned only “at the entrance,” for placement of cameras. These however, were clearly inside the room. Bigham also took it to Twitter: https://twitter.com/jeffbigham/status/1085177332011356161 Naturally, Bigham disconnected the cameras and contacted AirBnB. After knowing this, the host went as far as to send someone to spy on the guests and left a bad review. On initial contact with AirBnB support, they told Bigham that the image was a proper disclosure of both the cameras. After many reviews, a senior person from the AirBnB team admitted that the image does give proper disclosure about the camera situation. Bigham received a refund for his stay. Bigham writes in his blog: “I feel like our experience is in some ways more insidious. If you find a truly hidden camera in your bedroom or bathroom, AirBnB will support you. If you find an undisclosed camera in the private living room, AirBnB will not support you.” Some AirBnB hosts are opting to keep cameras as a security measure incase anything happens, but it’s clearly a privacy violation any genuine guest shouldn’t have to face. As Scott Riley, the author of Mindful Design puts it in his book promo, “a lot of the mainstream design practices out there definitely couldn't claim to be making a net positive on the world. Tech as a whole harms, oppresses and manipulates because it's used as a tool within an oligarchical power structure; but I truly believe that technology and design (as a tool for simplifying complex systems) can democratize and empower and bring about societal shifts for the better. It starts with compassion, and a refusal from the inside to implement negligent or oppressive practices, products or systems. Technology that exists to augment and ease human nature is going to be more and more important in this, and I really hope we can break free from the bullshit of behaviorism in design and explore what it really means to aide in self-determination and cognitive unburdening.” The AirBnB team could take a leaf out of such thinkers to better balance the fine line of protecting their user privacy while guaranteeing hosts the security of their properties through mindful design thinking and policy formulation. Rights groups pressure Google, Amazon, and Microsoft to stop selling facial surveillance tech to government The DEA and ICE reportedly plan to turn streetlights to covert surveillance cameras, says Quartz report “We can sell dangerous surveillance systems to police or we can stand up for what’s right. We can’t do both,” says a protesting Amazon employee

Today, in a blog post, Dropbox explained how the Prilo system used by the team has automated most of the processes of the company, that were previously manually attended to by Dropbox personnel. Pirlo is used by Dropbox in two main areas- validate and configure network switches and ensure the reliability of servers before entering production. This has, in turn, helped Dropbox to safely manage their physical infrastructure operations with ease. Pirlo consists of a distributed MySQL-backed job queue built by Dropbox itself, using primitives like gRPC, service discovery, and our managed MySQL clusters. Switch provisioning at Dropbox is handled by the TOR STarter which is a Pirlo component. The TOR Starter validates and configures switches in Dropbox datacenter server racks, PoP server racks, and at the different layers of the data center fabric; responsible to connect racks in the same facility together. Server provisioning and repair validation is handled by Pirlo Server Validation. All new servers arriving at the company are validated using this component. Repaired servers are also validated before they are transitioned back into production. Pirlo has automated these manual processes at Dropbox and has led to a reduction in downtime, outages, and inefficiencies associated with the incomplete or erroneous fixing of the systems. By reducing manual work, employees can now focus their attention to more value adding jobs. Before using Pirlo, the above tasks had to be performed by operations engineers and subject matter experts who used various server error logs to take appropriate actions to fix failed hardware. After applying the remediation actions, the engineer would send the machine back into production by sending the server to Dropbox re-imaging system. If the remediation actions didn’t fix the system or properly prepare it for re-imaging, the server would be sent back to the operations engineer for additional fixing. This would end up consuming a lot of the operation engineer's time as well as company resources. Operating engineers who used Pirlo system steadily increased their output by 40+%. The automation of manual tasks allowed engineers to address more issues in the same amount of time. You can head over to Dropbox’s official blog to explore the workings of Pirlo and how it benefited the organization. How to navigate files in a Vue app using the Dropbox API Tech jobs dominate LinkedIn’s most promising jobs in 2019 NGINX Hybrid Application Delivery Controller Platform improves API management, manages microservices and much more!