<quote>Although used broadly by biology researchers, many of these programs are written by small research groups and thus have likely not been subjected to serious adversarial pressure. </quote>
<quote><snip/> copied fqzcomp from SourceForge and inserted a vulnerability into version 4.6 of its source code; a function that processes and compresses DNA reads individually, using a fixed-size buffer to store the compressed data.<quote>
<quote>Our second exploit attempt uses an obscure feature of bash, which exposes virtual /dev/tcp devices that create TCP/IP connections. We use this feature to redirect stdin and stdout of /bin/sh to a TCP/IP socket, which connects back to our server.<quote>
The “research” coders do not validate their inputs; they use whatever computer tools are handy for their purpose. Their purpose is to publish papers in their field of study. Their code works just well enough; it is MVP for an MPU. Those “researchers” who do validate their inputs, who do test their code, who do read CVE notices, who do remediate latent vulnerabilities aren’t researchers at all. They are drone coders in an on-time-under-budget, time & materials IT shop. “We” need such people and such skill is a valued trade craft by which to make an honorable living. But such activity is Not New. It is not The Research.
iRobot has independent use rights to the data produced by you.
Colin Angle, CEO, iRobot.
<quote>[We may share your personal information with] other parties in connection with any company transaction, such as a merger, sale of all or a portion of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party or in the event of bankruptcy or related or similar proceeding.</quote>
Can the Tech Giants Be Stopped?; Jonathan Taplin; In The Wall Street Journal (WSJ); 2017-07-14.
Teaser: Google, Facebook, Amazon and other tech behemoths are transforming the U.S. economy and labor market, with scant public debate or scrutiny. Changing course won’t be easy.
tl;dr → No, via Betteridge’s Law. Regulation is indicated. See book, nearby. 2200 words.
Jonathan Taplin is
the director emeritus, Annenberg Innovation Lab, University of Southern California
Move Fast and Break Things: How Facebook, Google and Amazon Cornered Culture and Undermined Democracy; Little, Brown and Company; 2017-04-18; 320 pages; Amazon:0316275778
The creative economy
Something about job loss unto the mid- hundreds-of-thousands.
Flying cars self-driving cars.
<paraphrase>calm down</paraphrase>, attributed to Marc Andreessen at Code Conference, CA, WHEN?,
<trite>Who will win<snip/>only time will tell.</trite>
Claim: 2004-08 started the problem.
Google raised $1.9 billion in its initial public offering.
A tale of search market share increase for Google, decline for everyone else follows.
Silicon Valley areis considering the moral framework of the digital revolution.
Almost all of these aren’t even yet lines of business, not really. They are research or vanity hobbies of interest to the founders.
Still a going concern?
“optical neuroimaging systems,” a brain-computer interface, type-by-thinking.
Verily (ex- Google Life Sciences)
“There is a role for government here”
<quote>The astonishing technological revolution of the past half-century would never have occurred without the impetus of three seminal antitrust prosecutions. </quote>
1956 → AT&T, a consent decree to patent license against Bell Labs
1970s → Justice Department versus IBM
The government did not prevail in 13-years. IBM consented to software portability. IBM created Microsoft.
1998 → Justice Department, versus Microsoft
Question: must the Windows product design require consumers to use Internet Explorer?
Settlement: allowed Google to exist.
Mike Allen, reporter, Axios, “thinkpieces”
staff, Project on Computational Propaganda, University of Oxford.
Philip N. Howard
staff, Internet Studies, Oxford Internet Institute
professor, Balliol College at the University of Oxford
the founding editor, Wired
attributed as “AI venture capitalist”
Secretary of the Treasury
theorist, libertarianism; a scrivener, the ghost of.
<quote>Passpoint, which is sometimes referred to as Hotspot 2.0.</quote>
<quote>When you first join a Passpoint network, you’re required to download a small file called a profile to your phone, tablet or laptop. The network will use it to ID you every time you’ve come back in range of the network. Most new operating systems support Passpoint.</quote>
Passpoint uses the same WPA2-encryption as your home or office’s network.
For color, background & verisimilitude
Mark Wuergler, staff, Immunity.
Geoffrey A. Fowler’, reporter, Wall Street Journal (WSJ)
tl;dr → any communication, which when blocked, still allows the application to function is covert communication.
This paper studies communication patterns in mobile applications. Our analysis shows that 63% of the external communication made by top-popular free Android applications from Google Play has no effect on the user-observable application functionality. To detect such covert communication in an efficient manner, we propose a highly precise and scalable static analysis technique: it achieves 93% precision and 61% recall compared to the empirically determined “ground truth”, and runs in a matter of a few minutes. Furthermore, according to human evaluators, in 42 out of 47 cases, disabling connections deemed covert by our analysis leaves the delivered application experience either completely intact or with only insignificant interference. We conclude that our technique is effective for identifying and disabling covert communication. We then use it to investigate communication patterns in the 500 top-popular applications from Google Play.
overt communications → if the app failed when this communication channel was blocked.
covert communications → if the app still worked when this channel was blocked
What are your apps hiding?; Larry Hardesty; press release; Massachusetts Institute of Technology (MIT); 2015-11-19.
Teaser: Half of the communication connections established by the top 500 Android apps have no effect on user experience.
tl;dr → QA was performed; observations were noted: data was sent, data was received; not shown: (absence of) consent, harm.
What types of user data are mobile apps sending to third parties? We chose 110 of the most popular free mobile apps as of June-July 2014 from the Google Play Store and Apple App Store, across 9 categories likely to handle potentially sensitive data about users including job information, medical data, and location. For each app, we used a man-in-the-middle proxy to record HTTP and HTTPS traffic that occurred while using the app and looked for transmissions that include personally identifiable information (PII), behavior data such as search terms, and location data, including geo-coordinates. An app that collects these data types may not need to notify the user in current permissions systems.