Altineer News

The best antivirus software 2019

Thu, 11 Apr 2019 16:09:49 Z

Let's face it...we're no closer to vanquishing the cyber-criminals and hackers that plague the internet than we were a decade ago. In fact, cyber crime actually grows significantly year after year. So it's clearly as important as ever to ensure that your computer and mobile devices are afforded the protection of the best antivirus out there. You may be most familiar with names such as Norton, McAfee and AVG - but are they really the best?

We've tested and reviewed the latest packages - both premium and free antivirus - from the biggest names in cyber security, so you can be confident that our recommendations can be trusted. More than 80 antivirus and security suites have been reviewed and re-reviewed by our experts, as of April 2019, to give you the very best solution to protect and secure your devices.

Creators of malware and viruses are always coming up with new ways to gain access to your PC and other internet enabled devices (with your mobile phone and tablet included). Luckily online software security companies are constantly updating their security software packages to protect against phishing scams, ransomware and all other types of viruses and malware.

Right now, we think that Bitdefender Antivirus Plus 2019 is the best antivirus available. It combines watertight security tools with an array of other excellent security features and is super easy to use, too - best of all, it also offers extremely good value for money. You can read more about what it offers below, together with Norton AntiVirus and Webroot SecureAnywhere that complete our top three.

If you’re looking for all-round protection against the latest cyber threats, then investing in the strongest programme is the best solution you can hope for - and we also have the best business antivirus plans if you're looking to take care of your company computers. That doesn't mean you have to start spending big money either, as our guide also gives you the best available prices for the best software. And if it's the best free antivirus that you're after, we have some top recommendations for you, too.

The best free Android apps of 2019

Thu, 11 Apr 2019 16:02:54 Z

It has been over ten years since Android was first outed by Google, and back then it was hard to imagine the sheer number of apps we'd have today.

There are apps for everything, and many of them are completely free, meaning you're just a few downloads away from supercharging your smartphone at no extra cost.

Admittedly, the huge quantity of apps doesn't mean they're all quality - far from it in fact, and finding the good ones can be tough.

What's the best phone of 2019?

There are tools and techniques to help, with various lists in the Play Store providing you with Editor's Picks across a range of categories, new releases and even apps that are specifically recommended for you based on your previous installs.

You can also hunt out apps that are similar to your favorites by searching for an app you have and seeing what else comes up.

And checking out user reviews and ratings can save you from downloading a dud of an app.

But even with all that, the sheer number of apps on Google Play means many of the best can often get lost, while weaker ones sometimes rise to the top.

So to make sure you never install a duff app here's our selection of the best you should install right now - each one carefully chosen to ensure you'll have a whole suite of fun, engaging and, dammit, useful apps on your phone or tablet.

We've sorted them into categories so you can more easily find what you're looking for. But make sure to check back weekly for our free Android apps of the week.

Owners must protect their businesses from ransomware before it's too late

Thu, 11 Apr 2019 15:55:25 Z

Ransomware is a multibillion-dollar a year business and when you look at it from the aspect of the hacker you can certainly understand why. It’s the first type of malware that actually generates revenue for the attacker. When a company gets hit by a ransomware attack they’re forced to pay a “ransom” – anywhere from hundreds to thousands of dollars – to “unlock” the files that have been maliciously encrypted. Not doing so causes loss of data … and business.

Which is what happened to Brookside ENT & Hearing Services, a two-person medical office in Battle Creek, Michigan.

After entering the small business’s system, and after the owners understandably refused to pay the hackers’ demand of $6,500, the virus deleted and overwrote all of the practice’s medical records, bills and appointments, including backups. The impact, you can imagine, was devastating.

“We didn’t even know who had an appointment in order to cancel them,” one of the owners told the Star Tribune. “So what I did was just sort of sat in the office and saw whoever showed up. For the next couple of weeks.” The doctors were forced to close their business on 1 April after patients were left without any of their medical histories.

This year has already seen a spike in ransomware attacks hitting large companies and government agencies. This month both the city of Albany, New York, and Genesee county, Michigan, were hit by attacks that crippled their public services. Arizona Beverages, one of the largest beverage suppliers in the US was hit by a similar attack in March that caused major disruptions to its operations. The aluminum maker Norsk Hydro was significantly hobbled by a ransomware attack on its systems. And it was reported that officials in Jackson county, Georgia, paid $400,000 to cyber-criminals this week to get rid of a ransomware infection and regain access to their IT systems.

These are the attacks that get advertised. There are countless others – assaults that hit small businesses like Brookside ENT & Hearing Services – that never make the news, but still have a devastating effect. “The reality is that many victims are paying ransom and successfully recovering as a result. Ransomware is a proven successful business model for attackers, complete with customer service to facilitate payments,” a cybersecurity expert told the Star Tribune.

So what can a small business owner to protect oneself? There are three things I recommend.

For starters, make sure all of your security software is up to date, even if that means budgeting for your IT firm to come in monthly or monitor your systems remotely. This won’t stop a new attack but once these companies become aware of a problem – and they are on top of things – you will be updated with the latest protections. While you’re at it, ask your IT firm to train your people on how to best recognize malicious files and “phishing” website and how to otherwise be aware of potential problems.

Next, sign up for an online backup service. There are many good ones available at a minimal annual cost. With a good service all files are backed up from various devices and from your cloud-based systems to another location offsite. If your business is ever hit by an attack, you can wipe out your existing data and restore from your last good backup. You may lose a few hours or a day of work, but that’s better than trusting whether a hacker will live up to their promises and un-encrypt your files even after paying them.

Finally, make sure you’re running the most recent versions of all your operating systems. Hackers are notoriously looking for older systems that they can compromise, and if all of your devices are running the latest and greatest versions of Windows, Mac OS X and macOS then they may ignore you in lieu for another small business that’s easier to infiltrate.

None of these actions will guarantee your business protection from a ransomware attack. But they will significantly reduce the odds. You don’t want to lose money due to a ransomware attack. And you certainly don’t want to lose your business because of one either.

Does Google Chrome have its own VPN?

Mon, 08 Apr 2019 16:06:38 Z

Google Chrome is the world’s most popular web browser. But despite its near-ubiquity, many users aren’t happy with the way it allows your personal data and online activities to be tracked and, in some cases stored, by advertisers, internet service providers (ISPs) and government agencies. That’s why using a Chrome VPN is highly recommended for privacy-conscious users.

It allows you to use the web truly anonymously, leading many to wonder if Google - like rival browser Opera – offers its own service built-in to its browser.

Does Google Chrome have its own VPN? In short, no.

Discover the very best VPN service
Are free VPNs safe and can they be trusted?
Hop straight to our pick of the best Chrome VPN extensions

As with virtually any modern web browser, it does provide a private browsing option, which it calls Incognito Mode. Surfing the web in this way means that Chrome won’t store your browsing history, cookies, site data, or remember information entered into online forms.

However, as soon as you enter Chrome’s Incognito Mode, it becomes clear it’s not the solution truly privacy-conscious users want. Google immediately warns you that using Incognito Mode in Chrome won’t hide your activity from the websites you visit, employers and schools or ISPs.

This makes it pretty clear that using Incognito Mode is not the same thing as using a Virtual Private Network in full.

Fortunately, while Google doesn’t offer its own service, it does support the use of the dedicated best Chrome VPNs through extensions.

Chrome extensions are essentially little applications that you download to your browser, rather than install to your computer proper. They make it easy to access whatever tool you want to use without having to leave your browser, whether it’s a password manager, speller checker, or anything else.

Installing Chrome extensions is a doddle, so while Google’s browser might not offer its own VPN, you have a number of options that can installed and activated in a matter of minutes.

Our pick of the best extension right now is ExpressVPN, which is affordable (it costs less than $7 a month when buying a year’s subscription), easy to use, and crucially, offers a reliable connection.

Finding the best VPN can seem like a daunting task, given how much noise there is surrounding the subject, but after years of testing various services, Express is the one we recommend right now.

A free VPN can seem tempting as well, but they involve making a number of compromises. In some cases, this might be a daily limit on anonymous browsing time and bandwidth, accepting annoying pop-up ads as you browse, or their server network might just be unreliable and prone to cutting out.

That’s why coughing up a small amount for a paid option is a better course of action for the truly privacy-conscious web user. It’s a brilliant all-round service that packs all the features you need for anonymous web browsing into an easy-to-use package.

As we’ve already said, it also crucially offers a handy Chrome extension so you can activate and deactivate it at the click of a button whilst browsing. So while Google Chrome might not have its own VPN, there’s no need to worry – ExpressVPN is the next best thing. In fact, based on our experience, it might even be better!

Should Google Chrome ever introduce its own VPN, we’ll update this guide as soon as we get the news. In the meantime, read our full ExpressVPN review to learn more – then check out our guide to enabling a VPN in Chrome to learn how to set yourself up today.

How many work emails is too many?

Mon, 08 Apr 2019 15:59:16 Z

Many of us feel overburdened by emails at work. These frustrations were given voice by an assistant of Meghan, Duchess of Sussex last year who quit after her “demanding” employer would email her early as 5am in the morning. Now an employee of Carole Middleton, mother of the Duchess of Cambridge, has gone public about being “bombarded” with 71 emails a day by her boss. Some may be shocked, but many of us may feel the employee of the party catering firm had it easy. After all, the average office worker apparently receives 121 emails and sends about 40 each day.

As the number of emails received rises, so too does evidence that email overload is a bad thing. It can take upwards of 20 minutes to get back to a task after being interrupted by an email. Constant email distractions can also temporarily lower IQ by an average of 10 points, and make people perform much worse at a task. Email can also crowd out the main tasks people are hired to do, leaving them frustrated.

If too many emails are dangerous, we need to ask what is too many? Some think one email is too much. These inbox avoiders recommend we should simply set an out-of-office reply and let emails deal with themselves. In contrast, inbox embracers accept that email is part of their job and say we should just be professional and polite when dealing with them.

However, most people fall into a third group: the inbox ambivalents. They accept too few emails equates with being out of touch and too many means being overloaded. Inbox ambivalents aim to get just the right number of emails. If they would like to spend 30 minutes a day on emails, say, and it takes about one minute to deal with each, that means 30 a day. To achieve their goal, inbox ambivalents use strategic ignorance by tending to emails that are important and overlooking others that aren’t. Strategic ignorance has a cost – you may miss things and annoy some people. But there’s a pay-off: you win back time which can be used to get your job done.

Google Inbox is dead. But you can use Spark and Spike apps instead

Tue, 02 Apr 2019 19:55:14 Z

Google Inbox is dead. Long live Google Inbox! As of today, Google's beloved email app Inbox is no more. Fans loved it because it took a different approach to managing email by breaking out messages into different categories instead of one long list, as Gmail does. It's a downright shame that it's gone. But before you gnash your teeth in disappointment, we'll direct you to Spark and Spike, two other apps that could help fill the void.

Before we get to those, here's another option. The Gmail app has done a respectable job of folding Inbox features into the main Gmail app over the past few months, so if you'd rather avoid using alternatives, you can stay in Googleland. Or, you can use the two non-Google apps below, which offer Inbox-like flair with their own personal touches.

Spark

Coinciding with the sunsetting of Inbox, Spark is now available on Android. Previously, Spark was only available on iOS and Mac. Spark is free to download and use, with the option of a premium plan that includes some unique features.

Spark works with a healthy list of email providers, including Gmail, iCloud, Exchange, Outlook, Kerio Connect and IMAP email accounts. You can add more than one account to the app and view your emails in a unified view, or view each account on its own.

What makes Spark so appealing is its smart inbox feature, which separates emails into Personal, Notification and Newsletter categories. There's also a Classic view for those who prefer a chronological list of emails.

Spark also includes the options to schedule when an email is sent, snooze received emails to clear up inbox clutter, incorporate your calendars for quick access to your schedule and pin messages that need to be dealt with.

Business users can sign up for Spark's premium service and use Spark's Teams feature. Teams are able to comment on emails, delegate emails to other members or compose emails together with a collaborative Google Docs-like feature.

Download Spark for Android, iOS or Mac.

Spike

Spike is a relatively new email app that works on iOS, Android, Windows, Mac (download is on same page as the Windows version) and in any web browser.

Spike's approach to email gives you the option to ditch the traditional inbox and organize messages based on contacts -- similar to a chat app like WhatsApp or Facebook Messenger. The Chat feature tries to strip all the unnecessary formatting and signatures from the body of emails and present only what you need to read in a chatlike layout. If you'd rather have your inbox organized by email thread, there's an option for that, too.

Other notable features offered by Spike are encrypted emails (both users need to use Spike for this feature), calendar integration, advanced search and file management.

Spike works with Gmail, Outlook, Exchange, iCloud, Yahoo and IMAP email providers.

With a free personal account, you can create Groups with your coworkers, classmates or family members to work on a project or plan a trip together. Spike's Groups feature essentially creates a chat room for members to chat in. Personal Spike users can use up to 10 group chat rooms, while premium users get unlimited chat rooms.

The chat aspect of Spike is an interesting take on email and one that surely will take some getting used to.

Let's be honest, nothing will ever truly replace Inbox, but nonetheless, Spark and Spike are legitimate alternatives. And with both apps offering their core features for free, you have nothing to lose in giving either one a try. Who knows, you may be happy Inbox is gone.

Computer program developed to find 'leakage' in quantum computers

Tue, 19 Mar 2019 19:51:09 Z

A new computer program that spots when information in a quantum computer is escaping to unwanted states will give users of this promising technology the ability to check its reliability without any technical knowledge for the first time.

Researchers from the University of Warwick's Department of Physics have developed a quantum computer program to detect the presence of 'leakage', where information being processed by a quantum computer escapes from the states of 0 and 1.

Their method is presented in a paper published today (19 March) in the journal Physical Review A, and includes experimental data from its application on a publicly accessible machine, that shows that undesirable states are affecting certain computations.

Quantum computing harnesses the unusual properties of quantum physics to process information in a wholly different way to conventional computers. Taking advantage of the behaviour of quantum systems, such as existing in multiple different states at the same time, this radical form of computing is designed to process data in all of those states simultaneously, lending it a huge advantage over conventional computing.

In conventional computing, quantum computers use combinations of 0s and 1s to encode information, but quantum computers can exploit quantum states that are both 0 and 1 at the same time. However, the hardware that encodes that information may sometimes encode it incorrectly in another state, a problem known as 'leakage'. Even a miniscule leakage accumulating over many millions of hardware components can cause miscalculations and potentially serious errors, nullifying any quantum advantage over conventional computers. As a part of a much wider set of errors, leakage is playing its part in preventing quantum computers from being scaled up towards commercial and industrial application.

Armed with the knowledge of how much quantum leakage is occurring, computer engineers will be better able to build systems that mitigate against it and programmers can develop new error-correction techniques to take account of it.

Dr Animesh Datta, Associate Professor of Physics, said: "Commercial interest in quantum computing is growing so we wanted to ask how we can say for certain that these machines are doing what they are supposed to do.

"Quantum computers are ideally made of qubits, but as it turns out in real devices some of the time they are not qubits at all -- but in fact are qutrits (three state) or ququarts (four state systems). Such a problem can corrupt every subsequent step of your computing operation.

"Most quantum computing hardware platforms suffer from this issue -- even conventional computer drives experience magnetic leakage, for example. We need quantum computer engineers to reduce leakage as much as possible through design, but we also need to allow quantum computer users to perform simple diagnostic tests for it.

"If quantum computers are to enter common usage, it's important that a user with no idea of how a quantum computer works can check that it is functioning correctly without requiring technical knowledge, or if they are accessing that computer remotely."

The researchers applied their method using the IBM Q Experience quantum devices, through IBM's publicly accessible cloud service. They used a technique called dimension witnessing: by repeatedly applying the same operation on the IBM Q platform, they obtained a dataset of results that could not be explained by a single quantum bit, and only by a more complicated, higher dimensional quantum system. They have calculated that the probability of this conclusion arising from mere chance is less than 0.05%.

While conventional computers use binary digits, or 0s and 1s, to encode information in transistors, quantum computers use subatomic particles or superconducting circuits known as transmons to encode that information as a qubit. This means that it is in a superposition of both 0 and 1 at the same time, allowing users to compute on different sequences of the same qubits simultaneously. As the number of qubits increases, the number of processes also increases exponentially. Certain kinds of problems, like those found in codebreaking (which relies on factoring large integers) and in chemistry (such as simulating complicated molecules), are particularly suited to exploiting this property.

Transmons (and other quantum computer hardware) can exist in a huge number of states: 0, 1, 2, 3, 4 and so on. An ideal quantum computer only uses states 0 and 1, as well as superpositions of these, otherwise errors will emerge in the quantum computation.

Dr George Knee, whose work was funded by a Research Fellowship from the Royal Commission for the Exhibition of 1851, said: "It is quite something to be able to make this conclusion at a distance of several thousand miles, with very limited access to the IBM chip itself. Although our program only made use of the permitted 'single qubit' instructions, the dimension witnessing approach was able to show that unwanted states were being accessed in the transmon circuit components. I see this as a win for any user who wants to investigate the advertised properties of a quantum machine without the need to refer to hardware-specific details."

Android security program has helped fix over 1M apps in Google Play

Thu, 28 Feb 2019 15:49:11 Z

Google's 5-year-old Android security program has helped fix more than 1 million apps in the Play Store, the company said in a Thursday blog post.

When apps are submitted to the Google Play store, members of the Application Security Improvement Program will scan them for vulnerabilities. If there aren't any problems, the app goes through the normal tests before showing up in the Play Store. If there is an issue, the team flags the app to the developer and helps them fix it. They'll offer a diagnosis and next steps.

So far, the program has helped more than 300,000 developers fix more than 1 million apps, Google said. Just last year, the program helped more than 30,000 developers fix over 75,000 apps. That means those vulnerable apps weren't made available to users with security problems.

"Keeping Android users safe is important to Google," the company wrote in the blog post. "We know that app security is often tricky and that developers can make mistakes. We hope to see this program grow in the years to come, helping developers worldwide build apps users can truly trust."

Earlier this month, the search giant said the Play Store scans more than 50 billion apps on users' devices each day to find and stop bad apps. In 2017, the company said it removed more than 700,000 bad apps from the Google Play store. In 2018, it rejected more than 55 percent more app submissions than in 2017, Google said.

Here’s what Lite OS could look like – and why Microsoft is ‘feverishly’ working on it

Wed, 27 Feb 2019 16:01:02 Z

We’ve heard more from the rumor mill on how Microsoft’s alleged ‘Lite’ OS is shaping up, including a mock-up of what the operating system will supposedly look like.

Again, this comes from the source of previous speculation on Lite OS, namely Brad Sams, a well-respected font of Microsoft knowledge (although we should obviously treat any leaks and insider info – no matter where they come from – with a suitable dose of skepticism).

Okay, that’s the caveat done – now for the quick recap for those who may have forgotten exactly what Lite OS is about: it’s a lightweight spin on Windows designed to rival Google’s Chrome OS and run on (almost) any device.

Here’s a load of tips and tricks on how to use Windows 10
Check out our fully updated Windows 10 review
Or forget Windows, maybe you want to shift over to Linux?

The latest from Sams is the revelation that the OS will look ‘familiar’ but ‘also different’, a slightly confusing message on the face of it, but the gist is some elements will remain the same, but everything will be very much stripped-down.

To clarify this, Sams has created a mock-up of what the operating system’s UI currently looks like, which you can see above, and he contends that it will provide a similar experience to Windows 10 out-of-the-box.

Remember, though, while Sam says this is an accurate portrayal of the interface, it is only intended as an idea of how the desktop will appear, and that may well change during development.

Aggressive deployment

Speaking of development, Sams insists that Microsoft is working on an ‘aggressive schedule’ in realizing Lite OS, and that the plan is to begin testing in the summer (with an initial reveal, or at least some info on the OS, expected to be imparted at the Build developer conference in Seattle come May).

Whether the testing will include a public beta, Sams doesn’t know yet, but obviously that’s what many will be hoping for. The underlying message is that Microsoft is placing a lot of importance on this new project, and getting it out quickly (or at least as swiftly as things can move in the complex sphere of operating systems).

Sams talks more about the interface of Lite, too, and while the UI will be very much minimalist, File Explorer is still there, and windows work as they traditionally do in, er, Windows, with components like the Settings options remaining present (although likely much simplified, we’d imagine).

He also clarified what we’d previously believed, namely that Lite OS will just run apps from the Microsoft Store and PWAs (progressive web apps), with no support for traditional Windows desktop software.

However, Microsoft is apparently looking at how the operating system can eventually support full Win32 applications – perhaps by using containerization of the app, or maybe by running it from the cloud.

Getting heavy

We’ve heard previously that Microsoft is working on Lite for two different categories of devices: Centaurus (dual-screen 2-in-1) and Pegasus (which refers to various types of low-end laptops).

In this latest report, Sams further notes that while the focus may be on entry-level devices such as the latter – the core idea is a super-streamlined OS that runs on anything, after all – eventually Lite will expand to target ‘heavy users’ as well.

Microsoft’s current vision is that these heavier users will be on Windows 10, with those who have lesser performance demands using Lite OS – but rather than having these two tiers of operating systems, apparently Lite OS will eventually expand to cover “most of the features that heavy users will need”, in Sams’ words.

Of course, running full-fat Win32 apps will doubtless be part of that development path, but presumably Microsoft will keep more heavyweight features in the domain of Windows 10. After all, there needs to be some differentiation, because it doesn’t seem likely that Microsoft would want to completely sideline Windows.

Although when Sam says, “I don’t quite expect [Lite OS] to overtake the entire enterprise portfolio quite yet”, perhaps he is hinting at a future where Windows is for business and power users, and Lite is for the consumer.

Whatever happens with Lite OS, it will need to remain streamlined enough to run on lesser spec hardware, because that’s obviously the entire point.

At any rate, it’s worth reiterating that we should take all this with a pinch of the white stuff, but the broad plan for Lite seems to be: take Windows, strip it right down, then sort of build it back up again.

Best remote desktop software of 2019

Tue, 26 Feb 2019 16:07:11 Z

Welcome to our list of the best remote desktop software in 2019. Remote desktop software allows you to access one PC from another, even if the PCs are not in the same building – or even country!

There are a number of business uses for remote desktop software. For example, you could use a PC in one office to access a PC in another one, to grab important files.

You could also use a powerful remote PC to handle complex tasks while showing the results on a lower-powered laptop. The best remote desktop software is also useful for IT admins, who can remotely take control of a PC to help identify and fix any problems.

The best remote desktop software is installed on the remote computer (the host) as well as on any other computer you want to use to access the host computer (known as the client).

While certain versions of Windows have their own built-in Remote Desktop software, there are a number of alternatives that do a better job and offer more features.

Samsung's Galaxy Home quietly gains more features, but it still doesn't have an official release date

Mon, 25 Feb 2019 16:09:55 Z

We haven't seen hide nor hair of the Galaxy Home smart speaker since its unveiling alongside the Note 9 in August, but Samsung has been hard at work ahead of its presumed 2019 launch. The Galaxy Home made an appearance as part of a Bixby Routines demo I received at Mobile World Congress, and the device has gained some fun new tricks.

Bixby Routines are customized if-this-then-that commands that let you control a group of devices and actions with a single command. Currently exclusive to the Galaxy S10+, several preset options are available for optimizing your phone by turning on battery saver and night mode. But on the Galaxy Home, routines will be tailored to things that make sense in your house, such as turning on the lights when you say, "Hi Bixby, I'm home."

Setting moods is another example. You can already use Bixby to turn on lighting, your Samsung television, and other smart devices, but routines will let you control all of them at once just by saying something like, "Bixby I'm ready to meditate." On the S10, phrases and actions are all customizable via the Bixby tab in the Advanced section of Settings, but Samsung hasn't said whether a Galaxy phone will be required to operate Galaxy Home as Apple does with its HomePod.

Capabilities also extended to televisions. With Samsung's new line of 2019 sets, your Galaxy Home will be able to show weather and movie selections, just by asking. In the demo, the person said, "Hi Bixby, show me recent movies," and five selections available for rent popped up on the screen. She could then choose which one she wanted to watch just by asking.

The Galaxy Home was also used to ping a phone that had gone missing, clean a suit with an Air Dresser, and find a local restaurant. In the last example, Bixby on the Galaxy Home also gave a Yelp rating and started a call by sending the number to a nearby S10. I was also told the the Galaxy Home would be able to answer calls, but I wasn't shown that functionality.

As far as the device itself, the speaker's funky tripod design has been refined a bit, with a wood-grain option for the legs in addition to the standard silver. The voice was also different than the default Stephanie voice on Galaxy phones, so Samsung may be looking to differentiate the experience on the devices. I was told users would be able to customize Galaxy Home with the same four voices, however.

One thing Samsung didn't unveil was a ship date. Recent rumors have suggested an April launch, but Unpacked has come and gone without even a vague reference. But at least we know it'll be more than a Spotify speaker when it ships.

What’s new in the Bootstrap web development framework

Wed, 20 Feb 2019 16:54:13 Z

Bootstrap 4.3, the latest version of the Bootstrap web development framework, adds responsive font sizes, adds utilities, and deprecates code. A few details of the forthcoming Bootstrap Version 5 are also now available.

The open source Bootstrap uses JavaScript, HTML, and CSS for developing mobile-first websites. Developers can build applications using Sass variables and mixins, the Bootstrap grid system, and prebuilt components.

JDK 13: The new features coming to Java 13

Tue, 19 Feb 2019 16:57:49 Z

Java Development Kit (JDK) 13 is beginning to take shape, and the first beta builds are available. Its production release is planned for September 2019.

Two capabilities anticipated for JDK 13 have been cited by Mark Reinhold, chief architect of the Java platform group at Oracle:

Raw string literals, which can span multiple lines of source code and do not interpret escape sequences. This capability had been cut from JDK 12, which is due in March 2019. The plan is to offer raw string literals only as an opt-in beta in JDK 13. Its goal is to make development easier n Java by, for example, letting developersexpress sequences of characters in a readable form free of Java indicators, or supply strings targeted for grammars other than Java. Following the expected test run in JDK 13, raw string literals could be made production-qiality in the subsequent JDK 14 release.
A production version of switch expressions, for which JDK will offer a beta implementation. The switch statement will be extended for use as either a statement or an expression, so both could use either a “traditional” or “simplified” scoping and control flow behavior.

Attackers place cryptojacking apps in the Microsoft App Store

Fri, 15 Feb 2019 17:02:25 Z

In January, security researchers from Symantec found cryptomining applications in the Microsoft App Store, but they were published in the store between April and December 2018. It's not clear how many users downloaded or installed the apps, but they had almost 1,900 user ratings.

The rogue applications posed as browsers, search engines, YouTube video downloaders, VPN and computer optimization tutorials and were uploaded by three developer accounts called DigiDream, 1clean and Findoo. However, the Symantec researchers believe the apps were created by a single person or the same group of attackers since they all share the same origin domain on the backend.

"As soon as the apps are downloaded and launched, they fetch a coin-mining JavaScript library by triggering Google Tag Manager (GTM) in their domain servers," the Symantec researchers said in a report Friday. "The mining script then gets activated and begins using the majority of the computer’s CPU cycles to mine Monero for the operators. Although these apps appear to provide privacy policies, there is no mention of coin mining on their descriptions on the app store."

The programs were published as Progressive Web Applications (PWA), a type of app that works as a web page but also has access to the computer hardware through APIs, can send push notifications, use offline storage and behave a lot like a native program. Under Windows 10, these applications run independently from the browser, under a standalone process called WWAHost.exe.

When executed, the applications call GTM, a legitimate service that allows developers to dynamically inject JavaScript into their applications. All the applications use the same unique GTM key, which further suggests they were created by the same developer.

The script loaded by the apps is a variant of Coinhive, a Web-based cryptocurrency miner that has been used in the past by attackers to infect websites and hijack visitors' CPU resources.

"We have informed Microsoft and Google about these apps’ behaviors," the Symantec researchers said. "Microsoft has removed the apps from their store. The mining JavaScript has also been removed from Google Tag Manager."

This incident shows that cryptocurrency mining remains of high interest to cybercriminals. Whether it's to hijack people's personal computers or servers in datacenters, they are always on the lookout for new ways to deploy coinminers.

Over the past two years, attackers have launched coinmining attacks through Android apps hosted on Google Play, through browser extensions for Google Chrome and Mozilla Firefox, through regular desktop applications, through compromised websites and now, through Windows 10 PWA. There are also a variety of botnets that infect Linux and Windows servers with cryptocurrency mining programs by exploiting vulnerabilities in popular Web applications and platforms.

Users are often advised to only download applications from trusted sources, whether on their mobile devices or computers. However, with rogue apps frequently finding their way into official app stores, relying only on that advice alone for protection is no longer an option.

Good news! Only half of Internet of Crap apps fumble encryption

Thu, 14 Feb 2019 17:12:57 Z

Updated Evaluating the security of IoT devices can be difficult, particularly if you're not adept at firmware binary analysis. An alternative approach would be just to assume IoT security is generally terrible, and a new study has shown that's probably a safe bet.

In a paper distributed last week through preprint service ArXiv, computer scientists Davino Mauro Junior, Luis Melo, Harvey Lu, Marcelo d’Amorim, and Atul Prakash from the Federal University of Pernambuco, Brazil, and the University of Michigan describe how they analyzed the security of apps accompanying IoT devices as indication of the overall security of the associated hardware.

"Our intuition is that if this interaction between the companion app and device firmware is not implemented with good security principles, the device’s firmware is potentially insecure and vulnerable to attacks," they explain in their paper.

That intuition appears to be sound. The five researchers looked at the smartphone apps associated with 96 IoT devices and found almost 31 per cent use no encryption at all while 19 per cent rely on using hardcoded encryption keys that are easy to find.

This means about half of the apps (corresponding to 38 per cent of the devices) are potentially exploitable through protocol analysis. Because between 40 per cent and 60 per cent of the apps use local communication or local broadcast communication, there's a potential attack path.

The researchers conducted a detailed study of four different smartphone apps associated with five devices – two devices used the same app – and created exploits for them. They focused on Android apps rather than iOS.

The quintet examined the Kasa for Mobile app for TP-Link devices, the LIFX app for LIFX Wi-Fi enabled light bulbs, the WeMo app for Belkin IoT devices, and the e-Control app for Broadlink kit. And they managed to create exploits for each.

"We find that an Amazon top-seller smart plug from TP-Link shares the same hard-coded encryption key for all the devices of a given product line and that the initial configuration of the device is established through the app without proper authentication," the researchers explain in their paper. "Using this information, we were able to create a spoofing attack to gain control of this device."

A silent video demonstrates the vulnerability. The boffins claim that this issue exists in all other TP-Link devices because the company's hardware use the same mobile app.

The researchers went on to analyze 32 smartphone apps associated with 96 of the top-selling Wi-Fi and Bluetooth-enabled devices on Amazon and found similar flaws, though they did not attempt to create exploit code for these.

They claim they informed the relevant firms of their findings in advance of the release of their paper, providing them with explanations of their findings and suggested mitigations. So far, there's been no response.

"None of them have sent any response to our disclosures and to the best of our knowledge, have not released patches relative to these vulnerabilities," they say.

The Register asked each of the affected companies for comment.

In a statement emailed to The Register, a spokesperson for LIFX said, "The vulnerabilities outlined in the Limited Results report have been addressed at the end of 2018. We have added security measures, including the introduction of encryption."

We’re told the Limited Results report refers to a different set of flaws. We’ve asked LIFX to clarify.

Belkin, Broadlink, and TP-Link did not immediately respond, but we're hopeful they've taken action as well. ®

Updated to add

In a statement emailed to The Register on Monday, a spokesperson for Belkin said, “UPnP was chosen for its ubiquity and ease of use and because the local home network provides a good amount of security.

"We are however always working on improving and heightening the security of our products, especially due to increasing threats from malware from phishing scams and malicious web sites. We are working on introducing user accounts later this year, which will secure local network communications and provide better accessibility.”

In response to The Register’s follow-up query, LIFX acknowledged that it’s still working on the issues described in the research paper.

“We are aware of this report. As a general statement, consumers should be aware that all IoT devices are on a vulnerability spectrum,” a company spokesperson said. “We are always attempting to strike the right balance between tight security and ease of use.

"In this case, we do use unencrypted messaging to communicate with our lights over local LAN. This is not hidden by LIFX: our LAN protocol is publicly documented to help facilitate use by partners and 3rd party developers.

"Importantly though, access to the network is required in order to control the lights. So it is not the lights being hacked to get access to the Wi-Fi, but the Wi-Fi being hacked to gain access to the lights."

Bigger teams aren't always better in science and tech

Wed, 13 Feb 2019 17:05:54 Z

In today's science and business worlds, it's increasingly common to hear that solving big problems requires a big team. But a new analysis of more than 65 million papers, patents and software projects found that smaller teams produce much more disruptive and innovative research.

In a new paper published by Nature, University of Chicago researchers examined 60 years of publications and found that smaller teams were far more likely to introduce new ideas to science and technology, while larger teams more often developed and consolidated existing knowledge.

While both large and small teams are essential for scientific progress, the findings suggest that recent trends in research policy and funding toward big teams should be reassessed.

"Big teams are almost always more conservative. The work they produce is like blockbuster sequels; very reactive and low-risk." said study co-author James Evans, professor of sociology, director of the Knowledge Lab at UChicago and a leading scholar in the quantitative study of how ideas and technologies emerge. "Bigger teams are always searching the immediate past, always building on yesterday's hits. Whereas the small teams, they do weird stuff -- they're reaching further into the past, and it takes longer for others to understand and appreciate the potential of what they are doing."

Knowledge Lab is a unique research center that combines "science of science" approaches from sociology with the explosion of digital information now available on the history of research and discovery. By using advanced computational techniques and developing new tools, Knowledge Lab researchers reconstruct and examine how knowledge over time grows and influences our world, generating insights that can fuel future innovation.

The Nature study collected 44 million articles and more than 600 million citations from the Web of Science database, 5 million patents from the U.S. Patent and Trademark Office, and 16 million software projects from the Github platform. Each individual work in this massive dataset was then computationally assessed for how much it disrupted versus developed its field of science or technology.

"Intuitively, a disruptive paper is like the moon during the lunar eclipse; it overshadows the sun -- the idea it builds upon -- and redirects all future attention to itself," said study co-author Lingfei Wu, a postdoctoral researcher with the University of Chicago and Knowledge Lab. "The fact that most of the future works only cite the focal paper and not its references is evidence for the 'novelty' of the focal paper. Therefore, we can use this measure, originally proposed by Funk and Owen-Smith, as a proxy for the creation of new directions in the history of science and technology."

Across papers, patents and software products, disruption dramatically declined with the addition of each additional team member. The same relationship appeared when the authors controlled for publication year, topic or author, or tested subsets of data, such as Nobel Prize-winning articles. Even review articles, which simply aggregate the findings of previous publications, are more disruptive when authored by fewer individuals, the study found.

The main driver of the difference in disruption between large and small teams appeared to be how each treat the history of their field. Larger teams were more likely to cite more recent, highly cited research in their work, building upon past successes and acknowledging problems already in their field's zeitgeist. By contrast, smaller teams more often cited older, less popular ideas, a deeper and wider information search that creates new directions in science and technology.

"Small teams and large teams are different in nature," Wu said. "Small teams remember forgotten ideas, ask questions and create new directions, whereas large teams chase hotspots and forget less popular ideas, answer questions and stabilize established paradigms."

The analysis shows that both small and large teams play important roles in the research ecosystem, with the former generating new, promising insights that are rapidly developed and refined by larger teams. Some experiments are so expensive, like the Large Hadron Collider or the search for dark energy, that they can only be answered by a single, massive collaboration. But other complex scientific questions may be more effectively pursued by an ensemble of independent, risk-taking small teams rather than a large consortium, the authors argue.

"In the context of science, funders around the world are funding bigger and bigger teams," Evans said. "What our research proposes is that you really want to fund a greater diversity of approaches. It suggests that if you really want to build science and technology, you need to act like a venture capitalist rather than a big bank -- you want to fund a bunch of smaller and largely disconnected efforts to improve the likelihood of major, pathbreaking success."

"Most things are going to fail, or are not going to push the needle within a field. As a result it's really about optimizing failure," Evans added. "If you want to do discovery, you have to gamble."

Sitting in the Linux cockpit

Wed, 13 Feb 2019 15:55:47 Z

If you haven't tried the relatively new Linux Cockpit, you might be surprised by all it can do. It's a user-friendly web-based console that provides some very easy ways to administer Linux systems — through the web. You can monitor system resources, add or remove accounts, monitor system usage, shut down the system and perform quite a few other tasks — all through a very accessible web connection. It's also very easy to set up and use.

While many Linux sysadmins spend most of their time on the command line, access to a remote system using a tool like PuTTY doesn't always provide the most useful command output. Linux Cockpit provides graphs and easy-to-use forms for viewing performance measures and making changes to your systems.

Linux Cockpit allows you to view many aspects of system performance and make configuration changes, though the task list may depend on the particular flavor of Linux that you are using. Some of the categories of tasks include the following:

Monitoring system activity (CPU, memory, disk IO and network traffics) — System
Viewing system log entries — Logs
Seeing how full your disk partitions are — Storage
Watching networking activity (sent and received) — Networking
Taking a look at user accounts — Accounts
Checking the status of system services — Services
Pulling up information on installed applications — Applications
Viewing and installing available updates (if logged in as root) and restart the system if needed — Software Updates
Opening and using a terminal window — Terminal

Some Linux Cockpit installations will also allow you to run diagnostic reports, dump the kernel, examine SELinux (security) settings, and list subscriptions.

How to set up Linux Cockpit
On some Linux installations (e.g., recent RHEL), Linux Cockpit may already be installed and ready for use. On others, you may have to take some easy steps to install it and make it accessible.

A list of distributions that work with Cockpit along with installation instructions is available at the Cockpit Project.

Linux Cockpit doesn't provide any recognition of sudo privileges without some additional configuration. If you are not allowed to make a change using the Cockpit interface, you will see one of those little red international prohibition signs imposed over the button you'd otherwise click on.

To get sudo privileges working, you need to be sure that the user is in the wheel (RHEL) or adm (Debian) group in the /etc/group file, that the Server Administrator checkbox has been selected for this user account when logged into Cockpit as root and that the user selects "Reuse my password" when logging into Cockpit.

It's nice to be able to get some graphical control over the Linux systems you administer even when they're thousands of miles away or lacking consoles. While I love working on the console, I like seeing a graph or a button now and then. Linux Cockpit provides a very useful interface for routine administrative tasks.

Google's stunning plan to avoid apps slurping Gmail inboxes: Charge devs for security audits

Mon, 11 Feb 2019 17:07:45 Z

To prevent a data grabbing snafu along the lines of Facebook's Cambridge Analytica scandal, Google is asking developers who use sensitive Gmail APIs to pay for a security audit that proves their apps play by the rules.

And the cost – anywhere from $15,000 to $75,000 or more, every year – could put some smaller companies out of business.

"The impact is massive," said James Ivings, co-founder of SquareCat, in an email to The Register. "We are a small company and are facing the likelihood of shutting down in face of the charges, as they are currently well beyond our means. Out of the thousands of apps using the API I think our situation will be very common."

His company makes, among other things, a bulk email unsubscription app called Leave Me Alone.

Google announced its privacy policing plan in October, 2018, three months after a Wall Street Journal report about how developers of apps that interact with Gmail messages – such as email analytics biz Return Path – have programmatic access to sensitive email contents and metadata.

The change followed years of being criticized by competitors, and of lawsuits over its algorithmic parsing of consumer Gmail messages to refine the ads delivered through the service, a practice Google repudiated in mid-2017.

The revised Google API rules took effect on January 15, 2019 and apply to all new apps implementing Google's APIs. Apps that existed prior to this date have until Friday, February 15 to begin the application review process.

Applications that fail to submit an application by February 15 will no longer be able to add new users on February 22 and face revocation on March 31.

"We introduced the new policy to better ensure that user expectations align with developer uses and give users the confidence they need to keep their data safe," a Google spokesperson explained in an email.

Not everyone is happy

The situation underscores the business risks of relying on platform rules that are subject to change at any time but not subject to neutral oversight.

The only option for those dissatisfied with the changes is to take their business elsewhere. Ivings said it may be that his firm will be forced to "pivot to supporting other services exclusively, such as Outlook, instead of Gmail, abandoning a large portion of our users."

Among apps implementing Google APIs, the subset using Google OAuth API Scopes, or Restricted Scopes – Gmail APIs that allow the reading, creation, or modification of message contents, attachments, metadata or header, or that control mailbox access, message forwarding or administrative settings – face extra scrutiny: an annual security assessment, backed by a Letter of Assessment from a Google-designated third party by the end of 2019.

This applies only to consumer-facing apps, like Leave Me Alone, which uses these Gmail APIs to identity newsletters, spam, and subscription message and provide a bulk unsubscribe option. It also applies to Clean Email, which uses the Gmail APIs organizes and labels messages. It doesn't apply to apps that interact with G Suite accounts, because workers have no expectation of privacy from corporate admins.

Clean Email founder Kyryl Bystriakov, in an email to The Register, said he welcomes Google's enhanced privacy requirements because Clean Email was built around respect for user's data and have no intention of selling or aggregating it.

"We believe that paying money for our services is a much more honest and straightforward transaction," he said.

Bystriakov said he was stunned to learn that Google will require apps using the Restricted Scope APIs to pay $15,000 to $75,000 for annual security audits.

"As a business owner who deals with users’ data and privacy every day, I understand where such a requirement is coming from," he said. "I also believe that it’s not only overkill but it will also destroy the development community they’ve been building around their APIs."

And there's not much room to negotiate on price; Ivings said Google provided only two approved auditing firms to choose from. "Essentially these firms now have a monopoly market over the thousands of apps that must now commit to having the audit performed," he said.

Asked whether it has different standards for companies that collect Gmail data for marketing purposes and companies focused on subscription revenue, Google insists it is applying its rules to everyone in the same way. "The terms of the User Data Policy apply to all developers," the company's spokesperson said. "We are not offering different arrangements."

Bystriakov argues Google should do exactly that. He suggests different business models bring different sets of risks and should be covered by different standards.

Assuming their respective privacy policies are accurate, Clean Email and Leave Me Alone make significantly stronger privacy commitments than companies in the data collection business. Clean Email for says it only collect email addresses. Leave Me Alone says, "We do not store content of any of your emails in any form."

Compare that to Unroll.me, a firm caught selling email data to companies like Uber in 2017, prompting an apology (for failing to communicate its business model) and a clearer declaration of its data trafficking.

Unroll.me says it collects "purchase receipts, sales receipts, delivery confirmations and returns, subscription confirmations and cancellations, registration confirmations, transaction summaries and the like" to prepare market research reports for corporate clients. And that's in addition to IP address, the URLs of visited web pages, referring and exiting pages, page views, time spent on page, and other interaction metrics.

The Register asked Unroll.me for comment but we've not heard back.

"I really hope that Gmail will revise its requirements around the security assessment or provide other ways to achieve compliance – by requiring different levels of compliance for different user bases or offering services for developers enabling them to achieve compliance faster and easier," said Bystriakov.

Ivings said there must be a better way of ensuring trustworthy behavior than creating a financial barrier for companies that want to improve the experience in a Google product. "Imposing penalties on companies that abuse the terms of service might be effective," he said. "Or creating a more granular or restrictive set of API access rules would certainly help. For example, the GitHub API restricts apps to very specific things such as reading an email address, or editing a file, in contrast to Google's 'you-can-now-read-everything' permissions." ®

Defaulting to legacy Internet Explorer just to keep that one, weird app working? Knock it off

Fri, 08 Feb 2019 17:11:06 Z

Oddly enough, for the second time this week, Microsoft has been spotted telling the world that its software is, er, not very good.

While Redmond's marketing orifice suggested Office 2019 was old and busted compared to its 365 brother, deep within Microsoft's Experiences and Devices Group, principal program manager Chris Jackson dropped the bombshell that Internet Explorer is just a big old pile of "technical debt".

A pile of something, for sure.

Jackson went further, pointing out that IE isn't really a browser any more. Instead, he described it as little more than a "compatibility solution". Microsoft has, after all, been trying to kill it stone dead for some time by skipping the implementation of new web standards and directing users to a more modern browser. Like Edge.

But even with the love and resources lavished upon it, Edge has failed to set the world alight. A quick look at Statcounter shows it still trails Internet Explorer at 4.4 per cent desktop share compared to the mighty 5.7 per cent of IE (a share that actually grew last month).

In a mea culpa, Jackson accepted that Microsoft's obsession with backwards compatibility led to a situation where many enterprises simply found it easier to run IE with compatibility mode as a default for corporate intranets. Jackson used the example of IE8, where the browser would fall back to IE7 standards for intranet sites unless told otherwise – handy for those creaking corporate intranets, but not so good for future admins shovelling their way through piles of technical debt.

2014's IE11 introduced the concept of legacy by exception, meaning admins had to think a bit harder about their old intranets, and consider bringing legacy web apps up to date for more modern browsers rather than simply flinging a wildcard at the compatibility list.

One wag pointed out to Jackson that if defaults are the problem, perhaps Microsoft might consider stopping the likes of Windows 10 using the browser as a default for a number of file types.

As for Jackson himself, he didn't make any recommendations on what to use instead. In fact, he said Microsoft was happy for customers to keep using IE for sites that absolutely must have it. But only for those sites.

Just please, please, please stop using the thing as an easy default for everything, because that way lies madness. ®

Slack has filed for a direct IPO

Tue, 05 Feb 2019 16:18:28 Z

In context: It's no secret that Slack is one of the most popular collaboration and communication tools out there. Indeed, the software has done so well for itself that it essentially ate the competition in mid-2018, when competing tools HipChat and Stride were discontinued following a partial acquisition from Slack.
In December, we reported that Slack could be considering a public offering. Given its alleged $10 billion valuation (at the time) and growing user base, that news probably didn't come as much of a surprise to most of our readers.

Now, as spotted by The New York Times, Slack is turning its ambitions into a reality. The company on Monday announced that it had filed paperwork for a direct IPO listing.

Direct listings differ from standard IPOs in one key area - rather than selling stock to investors in advance, direct IPOs allow companies and investors to begin selling and buying shares on an exchange immediately; without waiting for a "lockup period" to end.

If you were a regular TechSpot reader in early 2018, you may remember that popular music streaming service Spotify also opted for a direct listing when it went public.

Regardless of the type of IPO Slack is pursing here, the main point is that, after an SEC review takes place, Slack will officially be a public company. Its executives will be able to reap all the rewards (and headaches) that come with that for years to come.

Interestingly, Slack's value has risen from the previously mentioned $10 billion estimate. Now, the company is expected to be worth around $13 billion, which is a pretty significant jump.

Cranelift library tackles WebAssembly execution

Mon, 04 Feb 2019 16:15:58 Z

Mozilla and Fastly Labs have led development of the Cranelift open source library, which translates functions for the WebAssembly portable code format for the web into native machine-code functions, for efficient execution. Cranelift can also be used for running WebAssembly code outside the web. Cranelift is being built under the auspices of Crane Station, the Crane Compiler Organization.

Cranelift reads WebAssembly as input and writes native machine code as output. The library also can ingest its own Crane IR (intermediate representation), providing a broader feature set. With Cranelift, functions are converted into SSA (static single assignment) form and optimizations are performed before being converted into machine code, which can be packaged into native object files (.o files) or allocated in memory and executed directly as a just-in-time (JIT).

The library is still in development, with its APIs not yet stable and platform support still being built. But it does have enough functionality to run programs such as executing WebAssembly MVP (minimum viable product) functions, if used with an external WebAssembly embedding as part of a complete WebAssembly implementation.

Cranelift’s developers say the library is similar to the LLVM compiler project in that both have textual and in-memory forms of their intermediate representation and can cross-compile by default without rebuilding the code generator. Differences include the Cranelift intermediate representation being at a slightly lower level of abstraction, for use all the way during the code-gen process. The Cranelift IR is less friendly for midlevel optimizations but it currently does not perform any. Also, LLVM has a small, well-defined instruction set and a large number of intrinsics while Cranelift has a larger instruction set and no intrinsics.

Work is under way to integrate Cranelift into Mozilla’s Firefox browser. It might be used to generate native code for the Rust compiler as well. Its builders see Cranelift as a library for large products rather as a user-facing product on its own. Work is also under way on an embeddable, lightweight nonbrowser VM for WebAssembly called Wasmtime, which uses Cranelift for compilation and runs WebAssembly outside the web. Wasmtime can be used as a command-line utility or as a library embedded in bigger application.

The most-mature Cranelift-based product is in Fastly’s Terrarium, a multilanguage, browser-based editor and deployment platform launched in late November 2018 that uses Cranelift in its compiler and server.

Another round of Jenga? This new AI-powered robot may beat you at the game Read more at: //economictimes.indiatimes.com/articleshow/67807152.cms?utm_source=contentofinterest&utm_medium=text&utm_campaign=cppst

Sat, 02 Feb 2019 16:12:38 Z

BOSTON: MIT scientists have developed a novel robot that can play a game of Jenga, combining vision and touch to carefully extract blocks without toppling the tower.

In the game of Jenga, 54 rectangular blocks are stacked in 18 layers of three blocks each, with the blocks in each layer oriented perpendicular to the blocks below.

The aim of the game is to carefully extract a block and place it at the top of the tower, thus building a new level, without toppling the entire struct

The robot, described in the journal Science Robotics, is equipped with a soft-pronged gripper, a force-sensing wrist cuff, and an external camera, all of which it uses to see and feel the tower and its individual blocks.

As the robot carefully pushes against a block, a computer takes in visual and tactile feedback from its camera and cuff, and compares these measurements to moves that the robot previously made.

It also considers the outcomes of those moves -- specifically, whether a block, in a certain configuration and pushed with a certain amount of force, was successfully extracted or not.

In real-time, the robot then "learns" whether to keep pushing or move to a new block, in order to keep the tower from falling.

"Unlike in more purely cognitive tasks or games such as chess or Go, playing the game of Jenga also requires mastery of physical skills such as probing, pushing, pulling, placing, and aligning pieces," said Alberto Rodriguez, an assistant professor at Massachusetts Institute of Technology (MIT) in the US.

"It requires interactive perception and manipulation, where you have to go and touch the tower to learn how and when to m ove blocks," Rodriguez said.

"This is very difficult to simulate, so the robot has to learn in the real world, by interacting with the real Jenga tower. The key challenge is to learn from a relatively small number of experiments by exploiting common sense about objects and physics," he said.

The tactile learning system the researchers have developed can be used in applications beyond Jenga, especially in tasks that need careful physical interaction, including separating recyclable objects from landfill trash and and assembling consumer products.

"In a cellphone assembly line, in almost every single step, the feeling of a snap-fit, or a threaded screw, is coming from force and touch rather than vision," Rodriguez said.

"Learning models for those actions is prime real-estate for this kind of technology," he said.

Curious as to how their machine-learning approach stacks up against actual human players, the team carried out a few informal trials with several volunteers.

"We saw how many blocks a human was able to extract before the tower fell, and the difference was not that much," said research team member Miquel Oller.

However, there is still a way to go if the researchers want to competitively pit their robot against a human player. In addition to physical interactions, Jenga requires strategy, such as extracting just the right block that will make it difficult for an opponent to pull out the next block without toppling the tower.

For now, the team is less interested in developing a robotic Jenga champion, and more focused on applying the robot's new skills to other application domains.

Software that can automatically detect fake news

Fri, 01 Feb 2019 19:53:07 Z

Invented stories, distorted facts: fake news is spreading like wildfire on the internet and is often shared on without thought, particularly on social media. In response, Fraunhofer researchers have developed a system that automatically analyzes social media posts, deliberately filtering out fake news and disinformation. To do this, the tool analyzes both content and metadata, classifying it using machine learning techniques and drawing on user interaction to optimize the results as it goes.

Fake news is designed to provoke a specific response or incite agitation against an individual or a group of people. Its aim is to influence and manipulate public opinion on targeted topics of the day. This fake news can spread like wildfire over the internet, particularly on social media such as Facebook or Twitter. What is more, identifying it can be a tricky task. That is where a classification tool developed by the Fraunhofer Institute for Communication, Information Processing and Ergonomics FKIE comes in, automatically analyzing social media posts and processing vast quantities of data.

As well as processing text, the tool also factors metadata into its analysis and delivers its findings in visual form. "Our software focuses on Twitter and other websites. Tweets are where you find the links pointing to the web pages that contain the actual fake news. In other words, social media acts as a trigger, if you like. Fake news items are often hosted on websites designed to mimic the web presence of news agencies and can be difficult to distinguish from the genuine sites. In many cases, they will be based on official news items, but in which the wording has been altered," explains Prof. Ulrich Schade of Fraunhofer FKIE, whose research group developed the tool.

Schade and his team begin the process by building libraries made up of serious news pieces and also texts that users have identified as fake news. These then form the learning sets used to train the system. To filter out fake news, the researchers employ machine learning techniques that automatically search for specific markers in texts and metadata. For instance, in a political context, it could be formulations or combinations of words that rarely occur in everyday language or in journalistic reporting, such as "the current chancellor of Germany." Linguistic errors are also a red flag. This is particularly common when the author of the fake news was writing in a language other than their native tongue. In such cases, incorrect punctuation, spelling, verb forms or sentence structure are all warnings of a potential fake news item. Other indicators might include out-of-place expressions or cumbersome formulations.

"When we supply the system with an array of markers, the tool will teach itself to select the markers that work. Another decisive factor is choosing the machine learning approach that will deliver the best results. It's a very time-consuming process, because you have to run the various algorithms with different combinations of markers," says Schade.

Metadata yields vital clues

Metadata is also used as a marker. Indeed, it plays a crucial role in differentiating between authentic sources of information and fake news: For instance, how often are posts being issued, when is a tweet scheduled, and at what time? The timing of a post can be very telling. For instance, it can reveal the country and time zone of the originator of the news. A high send frequency suggests bots, which increases the probability of a fake news piece. Social bots send their links to a huge number of users, for instance to spread uncertainty among the public. An account's connections and followers can also prove fertile ground for analysts.

This is because it allows researchers to build heat maps and graphs of send data, send frequency and follower networks. These network structures and their individual nodes can be used to calculate which node in the network circulated an item of fake news or initiated a fake news campaign.

Another feature of the automated tool is its ability to detect hate speech. Posts that pose as news but also include hate speech often link to fake news. "The important thing is to develop a marker capable of identifying clear cases of hate speech. Examples include expressions such as 'political scum' or 'nigger'," says the linguist and mathematician.

The researchers are able to adapt their system to various types of text in order to classify them. Both public bodies and businesses can use the tool to identify and combat fake news. "Our software can be personalized and trained to suit the needs of any customer. For public bodies, it can be a useful early warning system," says Schade.

Visual Studio Code is slated for a UX refresh

Fri, 01 Feb 2019 15:56:22 Z

The team also plans to make it easier to identify extensions that negatively impact performance. Accessibility is another fundamental goal.

The roadmap drills into a number of specific areas for consideration, covering the user experience (UX), the editor, the workbench, TypeScript support, language features, Windows Subsystem for Linux (WSL), debugging, and extensions.

UX improvements

Planned improvements cover continued incremental enhancements to presentation and behavior.
Explore the integration of the Fluent Design system, for building user interfaces for deployment on different form factors, on Windows.

Code editing

investigating both the isolation of the editor from misbehaving grammars and support for semantic coloring.
Returning localization support to the standalone Monaco editor.

Workbench capabilities

Exploration into detachable workbench parts, which would be a challenge to implement, due to architectural issues.
Filtering and fast keyboard navigation in trees.
Improvements for the file explorer when working in large workspaces.
Safe provision of richer customizability.

TypeScript support

Collaborate with the TypeScript team on code editing and navigation.
Understand experiences for both TypeScript and JavaScript.
Improve integration of the tslint linter by running it as a TypeScript Server plug-in.

Language support

Improve “Expand Selection” to better adhere to language semantics.
Enable language extensions to support call and type hierarchies.
Improve support for navigating complex error descriptions.

Windows Subsystem for Linux support

Investigate extensions to leverage available tools.
Look at what other changes are being enabled by changes needed for WSL.

Debugging improvements

Offer data breakpoints support.
Improve hovering and inline values by leveraging knowledge about the programming language.
Continue documenting debugging recipes for common configurations.

Extensions support

Support the install of an extension without reloading the workbench.
Improve the extension recommendation system.
Make extension usage more secure and improve the process for handling malicious extensions.
Collaborate with authors to improve extensions.

Microsoft last year published a 2018 roadmap for Visual Studio Code, citing planned improvements in areas such as TypeScript and memory usage.

Best free Android apps of 2019: 100 you must download

Thu, 31 Jan 2019 19:38:23 Z

Best free Android apps
It's been ten years since Android was first outed by Google, and back then it was hard to imagine the sheer number of apps we'd have today.

There are apps for everything, and many of them are completely free, meaning you're just a few downloads away from supercharging your smartphone at no extra cost.

What's the best phone of 2019?
Admittedly, the huge quantity of apps doesn't mean they're all quality - far from it in fact, and finding the good ones can be tough.

You can also hunt out apps that are similar to your favorites by searching for an app you have and seeing what else comes up.

And checking out user reviews and ratings can save you from downloading a dud of an app.

But even with all that, the sheer number of apps on Google Play means many of the best can often get lost, while weaker ones sometimes rise to the top.

Redecorating or improving your home can be a daunting prospect, but Houzz could make it a little bit more manageable.

It could do that by inspiring you through its library of millions of photos, showing exteriors and interiors of various styles.

It could also do that by giving you a single storefront to find and buy all the furniture and other items you need, even going so far as to let you see products in your home, using augmented reality.

And it can do that by helping you find experts – such as architects and builders – to do the hard work for you.

If you’re planning to take on the task yourself then there are also plenty of articles on hand to help, as well as the ability to ask the Houzz community for advice.