×
Facebook

Facebook Warns Growth To 'Decelerate Significantly', Mandates Vaccine For US Staff (reuters.com) 113

Facebook said on Wednseday it expects revenue growth to "decelerate significantly." It also announced that it would require anyone working at its U.S. offices to be vaccinated against COVID-19. Google announced a similar policy earlier this morning. Reuters reports: The warning overshadowed the company's beat on Wall Street estimates for quarterly revenue, bolstered by increased advertising spending as businesses build their digital presence to cater to consumers spending more time and money online. Facebook said it expects Apple's recent update to its iOS operating system to impact its ability to target ads and therefore ad revenue in the third quarter. The iPhone maker's privacy changes make it harder for apps to track users and restrict advertisers from accessing valuable data for targeting ads.

Monthly active users came in at 2.90 billion, up 7% from the same period last year but missing analyst expectations of 2.92 billion and marking the slowest growth rate in at least three years, according to IBES data from Refinitiv. "The user growth slowdown is notable and highlights the engagement challenges as the world opens up. But importantly, Facebook is the most exposed to Apple's privacy changes, and it looks like it is starting to have an impact to the outlook beginning in 3Q," said Ygal Arounian, an analyst at Wedbush Securities. Brian Wieser, GroupM's global president of business intelligence, said all social media companies would see slower growth in the second half of the year and that it would take more concrete warnings about activity in June and July for anyone to anticipate a "meaningful deceleration."

Google

Google Delays Return To Office, Mandates Vaccines (seattletimes.com) 146

Google is postponing a return to the office for most workers until mid-October and rolling out a policy that will eventually require everyone to be vaccinated once its sprawling campuses are fully reopened. The Associated Press reports: The announcement Wednesday came as the more highly contagious delta variant is driving a dramatic spike in COVID-19 cases and hospitalizations. In an email sent to Google's more than 130,000 employees worldwide, CEO Sundar Pichai said the company is now aiming to have most of its workforce back to its offices beginning Oct. 18 instead of its previous target date of Sept. 1. The decision also affects tens of thousands of contractors who Google intends to continue to pay while access to its campuses remains limited. "This extension will allow us time to ramp back into work while providing flexibility for those who need it," Pichai wrote.

And Pichai disclosed that once offices are fully reopened, everyone working there will have to be vaccinated. The requirement will be first imposed at Google's Mountain View, California, headquarters and other U.S. offices, before being extended to the more than 40 other countries where the Google operates. Google's vaccine mandate will be adjusted to adhere to the laws and regulations of each location, Pichai wrote, and exceptions will be made for medical and other "protected" reasons. "Getting vaccinated is one of the most important ways to keep ourselves and our communities healthy in the months ahead," Pichai explained.

Links

What That Google Drive 'Security Update' Message Means (arstechnica.com) 9

An anonymous reader quotes a report from Ars Technica: A security update will be applied to Drive," Google's weird new email reads. If you visit drive.google.com, you'll also see a message saying, "On September 13, 2021, a security update will be applied to some of your files." You can even see a list of the affected files, which have all gotten an unspecified "security update." So what is this all about? Google is changing the way content sharing works on Drive. Drive files have two sharing options: a single-person allow list (where you share a Google Doc with specific Google accounts) and a "get link" option (where anyone with the link can access the file). The "get link" option works the same way as unlisted YouTube videos -- it's not really private but, theoretically, not quite public, either, since the link needs to be publicized somewhere. The secret sharing links are really just security through obscurity, and it turns out the links are actually guessable.

Google knew about the problem of guessable secret links for a while and changed the way link generation works back in 2017 (presumably for Drive, too?). Of course, that doesn't affect links you've shared in the past, and soon Google is going to require your old links to change, which can break them. Google's new link scheme adds a "resourcekey" to the end of any shared Drive links, making them harder to guess. So a link that used to look like "https://drive.google.com/file/d/0BxI1YpjkbX0OZ0prTHYyQ1U2djQ/" will now look like "https://drive.google.com/file/d/0BxI1YpjkbX0OZ0prTHYyQ1U2djQ/view?resourcekey=0-OsOHHiQFk1QEw6vIyh8v_w." The resource key makes it harder to guess. If you head to drive.google.com/drive/update-drives in a browser, you should be able to see a list of your impacted files, and if you mouse over them you'll see a button on the right to remove or apply the security update. "Applied" means the resourcekey will be required after September 13, 2021, and will (mostly) break the old link, while "removed" means the resourcekey isn't required and any links out there should keep working.
YouTube is also making similar changes. "In 2017, we rolled out an update to the system that generates new YouTube Unlisted links, which included security enhancements that make the links for your Unlisted videos even harder for someone to discover if you haven't shared the link with them," says YouTube in a support page.

YouTube creators can decide to opt out of this change. They also have the option of making Unlisted pre-2017 videos public or re-uploading as a new Unlisted video at the expense of stats.
Cloud

Google Cloud Offers a Model For Fixing Google's Product-Killing Reputation (arstechnica.com) 49

An anonymous reader quotes a report from Ars Technica: Google's reputation for aggressively killing products and services is hurting the company's brand. Any new product launch from Google is no longer a reason for optimism; instead, the company is met with questions about when the product will be shut down. It's a problem entirely of Google's own making, and it's yet another barrier that discourages customers from investing (either time, money, or data) in the latest Google thing. The wide public skepticism of Google Stadia is a great example of the problem. A Google division with similar issues is Google Cloud Platform, which asks companies and developers to build a product or service powered by Google's cloud infrastructure. Like the rest of Google, Cloud Platform has a reputation for instability, thanks to quickly deprecating APIs, which require any project hosted on Google's platform to be continuously updated to keep up with the latest changes. Google Cloud wants to address this issue, though, with a new "Enterprise API" designation.

Enterprise APIs basically get a roadmap that promises stability for certain APIs. Google says, "The burden is on us: Our working principle is that no feature may be removed (or changed in a way that is not backwards compatible) for as long as customers are actively using it. If a deprecation or breaking change is inevitable, then the burden is on us to make the migration as effortless as possible." If Google needs to change an API, customers will now get a minimum of one year's notice, along with tools, documentation, and other materials. Google goes on to say, "To make sure we follow these tenets, any change we introduce to an API is reviewed by a centralized board of product and engineering leads and follows a rigorous product lifecycle evaluation."

Despite being one of the world's largest Internet companies and basically defining what modern cloud infrastructure looks like, Google isn't doing very well in the cloud infrastructure market. Analyst firm Canalys puts Google in a distant third, with 7 percent market share, behind Microsoft Azure (19 percent) and market leader Amazon Web Services (32 percent). Rumor has it (according to a report from The Information) that Google Cloud Platform is facing a 2023 deadline to beat AWS and Microsoft, or it will risk losing funding. Ex-Googler Steve Yegge laid out the problems with Google Cloud Platform last year in a post titled "Dear Google Cloud: Your Deprecation Policy is Killing You." Google's announcement seems to hit most of what that post highlights, like a lack of documentation and support, an endless treadmill of API upgrades, and Google Cloud's general disregard for backward compatibility. Yegge argues that successful platforms like Windows, Java, and Android (a group Yegge says is isolated from the larger Google culture) owe much of their success to their commitment to platform stability. AWS is the market leader partly because it's considered a lot more stable than Google Cloud Platform.

Security

Google Launches New Bug Hunters Vulnerability Rewards Platform (bleepingcomputer.com) 4

Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof. From a report: Since launching its first VRP more than ten years ago, the company has rewarded 2,022 security researchers from 84 different countries worldwide for reporting over 11,000 bugs. [...] "To celebrate our anniversary and ensure the next 10 years are just as (or even more) successful and collaborative, we are excited to announce the launch of our new platform, bughunters.google.com," Google said.

"This new site brings all of our VRPs (Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues." The new VRP platform should provide researchers with per-country leaderboards, healthier competition via gamification, awards/badges for specific bugs, and more opportunities for interaction. Google also launched a new Bug Hunter University, which would allow bug hunters to brush up on their skills or start a hunting learning streak.

Chrome

Google Updates Timeline For Unpopular Privacy Sandbox, Which Will Kill Third-Party Cookies In Chrome By 2023 (theregister.com) 27

Google has updated the schedule for its introduction of "Privacy Sandbox" browser technology and the phasing out of third-party cookies. The Register reports: The new timeline has split the bundle of technologies in the Privacy Sandbox into five phases: discussion, testing, implementation in Chrome (called "Ready for adoption"), Transition State 1 during which Chrome will "monitor adoption and feedback" and then the next stage that involves winding down support for third-party cookies over a three-month period finishing "late 2023." Although "late 2023" might sound a long way off, the timeline has revealed that "discussion" of the contentious FLoC (Federated Learning of Cohorts) is planned to end in Q3 2021 -- just a couple of months away -- and that discussion for First Party Sets, rejected by the W3C Technical Architecture Group as "harmful to the web in its current form," is scheduled to end around mid-November.

Google said that "extended discussions and testing stages often produce better, more complete solutions, and the timeline for testing and ready for adoption of use cases might change accordingly," so the dates are not set in stone. There is no suggestion that any of the proposals will be withdrawn; the company appears to believe it can alleviate concerns by tweaking rather than abandoning its proposals. Discussion of the various pieces is set to take place in the W3C Web Incubator Community Group (WICG), though at a FLEDGE WICG Call last week, Google's Michael Kleber, tech lead for Privacy Sandbox, suggested that the W3C would not be deciding which technologies are implemented, at least in the context of FLEDGE (formerly TURTLEDOVE), which enables auctions for personalized ads in a more private manner than today.

FLEDGE is competing for attention with the Microsoft-devised PARAKEET and MaCAW. Asked by Julien Delhommeau, staff system architect at adtech company Xandr, if the WICG would get a say in whether FLEDGE or PARAKEET/MaCAW would be adopted, Kleber said: "The W3C doesn't get to be the boss of anyone, the decisions are going to be made at each of the browsers. The goal isn't to have one winner and everyone else losing -- the goal of W3C is to put out a bunch of ideas, understand the positives of each, and come to a chimera that has the most necessary features. Every browser seems to want convergence, long term, so figuring out how to make convergence happen is important." [...] According to Kleber, when asked if personalized advertising could be removed from the web, he said "while most of the sites in the world would lose 50-70 per cent of their revenue in the alternative you're advocating for, Google is not one of them." He made this claim on the basis that "Google makes most of its money from the ads that appear on Google Search," which do not require tracking technology.

EU

European Commission Starts Legal Action Against 23 EU Countries Over Copyright Rules (reuters.com) 37

France, Spain, Italy and 20 other EU countries may be taken to court for their tardiness in enacting landmark EU copyright rules into national law, the European Commission said on Monday as it asked the group to explain the delays. From a report: The copyright rules, adopted two years ago, aim to ensure a level playing field between the European Union's trillion-euro creative industries and online platforms such as Google, owned by Alphabet, and Facebook. Some of Europe's artists and broadcasters, however, are still not happy, in particular over the interpretation of a key provision, Article 17, which is intended to force sharing platforms such as YouTube and Instagram to filter copyrighted content.

The Commission said it had sent letters of formal notice, the first step of its infringement proceedings, to the countries group asking for explanations. The deadline for enacting the EU rules was June 7. The other countries are Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic, Denmark, Estonia, Greece, Finland, Ireland, Lithuania, Luxembourg, Latvia, Poland, Portugal, Romania, Sweden, Slovenia and Slovakia.

EU

EU Pushes for Changes To Google's Flight and Hotel Search Results (nypost.com) 37

The European Union is pushing for clarity from Google about how the company processes flight and hotel searches. From a report: The tech giant must explain why it ranks certain flights and hotels above others and provide more clarity about how it calculates prices, European Union regulators demanded Monday, accusing the company of having "misled" consumers. The final prices that Google displays should include all fees and taxes that can be calculated in advance, regulators said in a statement. "EU consumers cannot be misled when using search engines to plan their holidays," EU Justice Commissioner Didier Reynders said. "We need to empower consumers to make their choices based on transparent and unbiased information." The regulators are giving Google two months to propose a fix to the issues or face possible unspecified sanctions.
Facebook

Facebook, Twitter and Other Tech Giants To Target Attacker Manifestos, Far-right Militias in Database (reuters.com) 197

A counterterrorism organization formed by some of the biggest U.S. tech companies including Facebook and Microsoft is significantly expanding the types of extremist content shared between firms in a key database, aiming to crack down on material from white supremacists and far-right militias, the group told Reuters. From the report: Until now, the Global Internet Forum to Counter Terrorism's (GIFCT) database has focused on videos and images from terrorist groups on a United Nations list and so has largely consisted of content from Islamist extremist organizations such as Islamic State, al Qaeda and the Taliban. Over the next few months, the group will add attacker manifestos -- often shared by sympathizers after white supremacist violence -- and other publications and links flagged by U.N. initiative Tech Against Terrorism. It will use lists from intelligence-sharing group Five Eyes, adding URLs and PDFs from more groups, including the Proud Boys, the Three Percenters and neo-Nazis. The firms, which include Twitter and Alphabet 's YouTube, share "hashes," unique numerical representations of original pieces of content that have been removed from their services. Other platforms use these to identify the same content on their own sites in order to review or remove it.
Chrome

Google Explored New Safari-like Redesign for Chrome in 2016 -- But Decided Against It (read.cv) 26

Chris Lee, a former staff interaction designer at Google, writes in a blog post: Chrome Home was an ambitious redesign of mobile Chrome's main UI. It brought Chrome's toolbar to the bottom of the screen and turned in into a peeking panel that could be swiped to expose additional controls. I created the original concept and pitch for Chrome Home in 2016. It was based off two insights:

1. Phones were growing in size, and we had opportunity to innovate in creating a gestural, spatial interface that would still be usable with one hand.
2. Mobile Chrome was also growing in features - but because its minimalist interface kept everything behind a "three dot" menu, these features were underutilized and hard to access.

The idea caught traction internally, eventually becoming a Chrome org priority. I then led a team to execute and iterate on the concept. Executing on Chrome Home required rethinking not just the toolbar, but almost all of Chrome's UI: search, bookmarks, tabs, prompts, etc. To inform our decisions, we used a variety of prototyping and testing approaches of increasing fidelity. Ultimately, such a fundamental change to a web browser required nothing short of building it into the product and testing it in longitudinal studies and live beta experiments. We heard a mixture of reactions. The feature gained a cult following among the tech community. But for some mainstream users, the change felt disorienting. Chrome serves billions of users around the globe with varying tech literacy. I became increasingly convinced that launching Chrome Home would not serve all our users well. So just as I strongly as I had pitched the original concept, I advocated for us to stop the launch -- which took not a small amount of debate.
Lee adds, "oh, and Safari in iOS 15 picked up some similar ideas and criticisms."
United States

For Million of Americans, Unemployment Benefits Require Facial Recognition Scanning (cnn.com) 152

Millions of Americans "are being instructed to use ID.me, along with its facial recognition software, to get their unemployment benefits," reports CNN. The software compares their photo ID with a selfie video they take on their phone with the company's software — but some privacy advocates are concerned: A rapidly growing number of U.S. states, including Colorado, California and New York, turned to ID.me in hopes of cutting down on a surge of fraudulent claims for state and federal benefits that cropped up during the pandemic alongside a tidal wave of authentic unemployment claims. As of this month, 27 states' unemployment agencies had entered contracts with ID.me, according to the company, with 25 of them already using its technology. ID.me said it is in talks with seven more...

The company's rapid advance at state unemployment agencies marks the latest chapter in the story of facial recognition software's spread across the United States. It also highlights how this controversial technology gained a foothold during the pandemic and now appears destined to remain part of our lives for the foreseeable future...

Several ID.me users told CNN Business about problems they had verifying their identities with the company, which ranged from the facial recognition technology failing to recognize their face to waiting for hours to reach a human for a video chat after encountering problems with the technology. A number of people who claim to have had issues with ID.me have taken to social media to beg the company for help with verification, express their own concerns about its face-data collection or simply rant, often in response to ID.me's own posts on Twitter... From ID.me's perspective, its service is making it easier for a wide range of people to access essential government services, as it avoids the common practice of using information gleaned from data brokers and credit bureaus as a means of checking identities. The company said this lets it give a green light to those who don't have a credit history, or may have changed their name, for instance — people who might otherwise have more trouble getting verified.

However, it doesn't sit well with employee and privacy advocates and civil rights groups interviewed by CNN Business. They have concerns about the facial recognition technology itself and for the ID.me verification process's reliance on access to a smartphone or computer and the internet, which may be out of reach for the people to whom unemployment dollars are most critical... ID.me said it does not sell user data — which includes biometric and related information such as selfies people upload, data related to facial analyses, and recordings of video chats users participate in with ID.me — but it does keep it. Biometric data, like the facial geometry produced from a user's selfie, may be kept for years after a user closes their account... In March, ID.me announced raising $100 million in funding from investors including hedge fund Viking Global Investors and CapitalG, which is Google parent company Alphabet's independent growth fund. With that funding round, ID.me said it was valued at $1.5 billion... "We're verifying more than 1% of the American adult population each quarter, and that's starting to compress more to like 45 or 50 days," Hall said. The company has more than 50 million users, he said, and signs up more than 230,000 new ones each day.

CNN also quotes a man who complains the state never gave him an option. "If I wanted unemployment, I had no choice but to do this."
Cellphones

Church Official Exposed Through America's 'Vast and Largely Unregulated Data-Harvesting' (nytimes.com) 101

The New York Times' On Tech newsletter shares a thought-provoking story: This week, a top official in the Roman Catholic Church's American hierarchy resigned after a news site said that it had data from his cellphone that appeared to show the administrator using the L.G.B.T.Q. dating app Grindr and regularly going to gay bars. Journalists had access to data on the movements and digital trails of his mobile phone for parts of three years and were able to retrace where he went.

I know that people will have complex feelings about this matter. Some of you may believe that it's acceptable to use any means necessary to determine when a public figure is breaking his promises, including when it's a priest who may have broken his vow of celibacy. To me, though, this isn't about one man. This is about a structural failure that allows real-time data on Americans' movements to exist in the first place and to be used without our knowledge or true consent. This case shows the tangible consequences of practices by America's vast and largely unregulated data-harvesting industries. The reality in the United States is that there are few legal or other restrictions to prevent companies from compiling the precise locations of where we roam and selling that information to anyone.

This data is in the hands of companies that we deal with daily, like Facebook and Google, and also with information-for-hire middlemen that we never directly interact with. This data is often packaged in bulk and is anonymous in theory, but it can often be traced back to individuals, as the tale of the Catholic official shows...

Losing control of our data was not inevitable. It was a choice — or rather a failure over years by individuals, governments and corporations to think through the consequences of the digital age.

We can now choose a different path.

"Data brokers are the problem," writes the EFF, arguing that the incident "shows once again how easy it is for anyone to take advantage of data brokers' stores to cause real harm." This is not the first time Grindr has been in the spotlight for sharing user information with third-party data brokers... But Grindr is just one of countless apps engaging in this exact kind of data sharing. The real problem is the many data brokers and ad tech companies that amass and sell this sensitive data without anything resembling real users' consent.

Apps and data brokers claim they are only sharing so-called "anonymized" data. But that's simply not possible. Data brokers sell rich profiles with more than enough information to link sensitive data to real people, even if the brokers don't include a legal name. In particular, there's no such thing as "anonymous" location data. Data points like one's home or workplace are identifiers themselves, and a malicious observer can connect movements to these and other destinations. Another piece of the puzzle is the ad ID, another so-called "anonymous" label that identifies a device. Apps share ad IDs with third parties, and an entire industry of "identity resolution" companies can readily link ad IDs to real people at scale.

All of this underlines just how harmful a collection of mundane-seeming data points can become in the wrong hands... That's why the U.S. needs comprehensive data privacy regulation more than ever. This kind of abuse is not inevitable, and it must not become the norm.

Chrome

Researchers Found a Malicious NPM Package Using Chrome's Password-Recovery Tools (threatpost.com) 13

Threatpost reports on "another vast software supply-chain attack" that was "found lurking in the npm open-source code repository...a credentials-stealing code bomb" that used the password-recovery tools in Google's Chrome web browser. Researchers caught the malware filching credentials from Chrome on Windows systems. The password-stealer is multifunctional: It also listens for incoming commands from the attacker's command-and-control (C2) server and can upload files, record from a victim's screen and camera, and execute shell commands...

ReversingLabs researchers, who published their findings in a Wednesday post, said that during an analysis of the code repository, they found an interesting embedded Windows executable file: a credential-stealing threat. Labeled "Win32.Infostealer.Heuristics", it showed up in two packages: nodejs_net_server and temptesttempfile. At least for now, the first, main threat is nodejs_net_server. Some details:

nodejs_net_server: A package with 12 published versions and a total of more than 1,300 downloads since it was first published in February 2019...finally upgrading it last December with a script to download the password-stealer, which the developer hosts on a personal website. It was subsequently tweaked to run TeamViewer.exe instead, "probably because the author didn't want to have such an obvious connection between the malware and their website," researchers theorized...

ReversingLabs contacted the npm security team on July 2 to give them a heads-up about the nodejs_net_server and tempdownloadtempfile packages and circled back once again last week, on Thursday, since the team still hadn't removed the packages from the repository. When Threatpost reached out to npm Inc., which maintains the repository, a GitHub spokesperson sent this statement: "Both packages were removed following our investigation...."

Japan

Iconic Japanese Videogame Music Incorporated Into Olympic Opening Ceremony (huffpost.com) 23

"Fans of Japanese video games couldn't believe their ears as Olympic athletes paraded into Tokyo's National Stadium during the opening ceremony for the 2020 Games on Friday..." reports the Huffington Post. During the Parade of Nations section of the ceremony, "The orchestra was playing tunes from some of their favorite games." In a celebration of Japanese popular culture that is appreciated worldwide, the entry parade was set to tunes from games developed by Sega, Capcom and Square Enix. It kicked off with "Overture: Roto's Theme" from Dragon Quest. Next up was "Victory Fanfare" from Final Fantasy. The parade featured more tunes from Monster Hunter, Soulcaliber and Sonic the Hedgehog. According to Classic FM, the music from Kingdom Hearts was composed by Yoko Shimomura, who is responsible for the music for some of the biggest video games ever made. Fans were delighted to hear her work being incorporated into the ceremony.

While the list didn't feature widely recognized tunes from cultural juggernauts like Mario Bros. or The Legend of Zelda, the music helped give a sense of atmosphere to the ceremony, which was held in almost an empty stadium due to coronavirus restrictions.

There's even an elaborate doodle at Google.com commemorating the Opening Ceremonies with an anime animation that leads to a multi-level 1980s-style videogame in which Lucky the cat competes in various sporting events. (Though the Huffington Post notes that in the real world, about 1,000 people sat in the 68,000-capacity stadium.)

The Washington Post reports the Japanese public "overwhelmingly opposed hosting the Olympics as a new wave of the pandemic hit the country." But unfortunately, host city Tokyo signed a contract agreeing the event could only be cancelled by the International Olympic Committee, and now "There's the possibility — once utterly remote — that Japanese voters could kick Prime Minister Yoshihide Suga out of power in parliamentary elections later this year."
Android

Google's Wear OS 3 Update Plans Will Leave Most Existing Devices Behind (arstechnica.com) 15

In a post titled "What Wear OS 3 means for you," Google provides a few more details about its upcoming Wear OS update plans, which will be the first major Wear OS update since Wear OS 2 in 2018. Unfortunately, as Ars Technica points out, the list of devices receiving the new update are limited to some of Mobvoi's TicWatch devices and Fossil Group's new generation of devices launching later this year. Older Wear OS devices featuring the Wear 3100 SoC, which makes up almost all the current Wear OS devices, will not support the new update. From the report: We still have next to no information about Wear OS 3, but there are a few tidbits in the upgrade announcement indicating that things will be very different. One line in the announcement lays out the requirement for a mandatory factory reset for any Wear 4100 devices upgrading from Wear OS 2 to version 3. Wear OS 3 is apparently so different that user data can't be ported over, and all local data will need to be wiped. We've certainly heard Google and Samsung talk about how Wear OS 3 will combine the "best of Wear OS and Tizen," indicating that even the base OS might be rebuilt.

Google also vaguely tells 4100 upgraders that "in some limited cases, the user experience will also be impacted." Is this a reference to the 4100 performance or the app selection and features compared to Wear OS 2? It's hard to say. Because Wear OS 3 will be so different, Google says it won't force the upgrade on 4100 users: "We expect that for these reasons, some of you will prefer to keep your current Wear OS experience. Therefore, we will offer the system upgrade on an opt-in basis for eligible devices. We will provide more details in advance of the update so you can make an informed decision. We expect our partners to be able to roll out the system update starting in mid to second half of 2022."

The Samsung Watch with Wear OS 3 is expected to ship sometime in August 2021, so the partner time of "2H 2022" -- potentially a year after Samsung's release -- is surprisingly late. Android has typically been very good at letting partners get early access to code, so (at least the ones that care) can be ready for launch, but this suggests Samsung is getting a huge head start. Google's message that upcoming Fossil watches, launching later this year, will be "eligible for upgrade" to Wear OS 3 also suggests that we might see Wear OS 2 devices launch from other companies after Samsung launches Wear OS 3 next month.

Privacy

NSO Group CEO Says Law-Abiding Citizens Have 'Nothing To Be Afraid Of' (appleinsider.com) 117

The CEO of NSO Group, whose spyware tools have reportedly been used to target journalists and activists, says that people who aren't criminals shouldn't be afraid of being surveilled AppleInsider reports: Shalev Hulio, 39, recently spoke to Forbes after investigations indicated that NSO Group's Pegasus spyware was used by authoritarian governments to hack and surveil the mobile devices of world leaders, high-profile journalists, and activists. NSO Group says that it sells its tools to governments to help them catch serious criminals like terrorists or gangsters. However, Hulio admitted that it can't control what governments ultimately do with the tools. "We are selling our products to governments. We have no way to monitor what those governments do," he said.

Hulio did note that NSO Group has mechanisms in place to detect when abuse happens so that the company can "shut them down." He says that NSO Group has "done it before and will continue to do so. On the other hand, he said that NSO Group shouldn't be responsible for government misuse. Additionally, Hulio said that the average smartphone has nothing to worry about. While NSO Group's spyware can break into the latest iPhones running up-to-date software, often without any action from the user, it's only aimed at criminals. "The people that are not criminals, not the Bin Ladens of the world -- there's nothing to be afraid of. They can absolutely trust on the security and privacy of their Google and Apple devices," Hulio said.

Google

Google is Finally Doing Something About Google Drive Spam (arstechnica.com) 15

You can now block people in Google Drive. From a report: A notification pops up on your phone: "Click here for hot XXX action!" It's Google Drive again. Someone shared a document containing that title, and now your phone is begging you to look at it. Even if you ban Google Drive from generating phone notifications, you'll still get emails. If you block the emails, you'll have to see the spam when you click on the "shared" section of Google Drive. The problem is that Drive document sharing was built with no spam-management tools. Anyone who gets a hold of your email is considered to be an important sharer of valid documents, and there has been nothing you can do about it -- until now.

Google officially acknowledged the problem back in 2019, and the company said it was making spam controls "a priority." Now, more than two years later, Google is finally rolling out the most basic of spam tools to Google Drive sharing -- you can block individual email addresses! The company announced this feature in May, but the tool is rolling out to users over the next 15 days. Soon, once the spam arrives in your Google Drive, you'll be able to click the menu button next to the item and choose "block user." Drive sharing works just like email spam. Anyone can share a drive file with you if they know your address. Documents that have been shared with you still automatically show up in your Drive collection without your consent. There's no way to turn off sharing, to limit sharing to approved users, or to limit it to existing contacts. It's a free-for-all.

Bug

Everyone Cites That 'Bugs Are 100x More Expensive To Fix in Production' Research, But the Study Might Not Even Exist (theregister.com) 118

"Software research is a train wreck," says Hillel Wayne, a Chicago-based software consultant who specialises in formal methods, instancing the received wisdom that bugs are way more expensive to fix once software is deployed. Wayne did some research, noting that "if you Google 'cost of a software bug' you will get tons of articles that say 'bugs found in requirements are 100x cheaper than bugs found in implementations.' They all use this chart from the 'IBM Systems Sciences Institute'... There's one tiny problem with the IBM Systems Sciences Institute study: it doesn't exist." The Register: Laurent Bossavit, an Agile methodology expert and technical advisor at software consultancy CodeWorks in Paris, has dedicated some time to this matter, and has a post on GitHub called "Degrees of intellectual dishonesty". Bossavit referenced a successful 1987 book by Roger S Pressman called Software Engineering: a Practitioner's Approach, which states: "To illustrate the cost impact of early error detection, we consider a series of relative costs that are based on actual cost data collected for large software projects [IBM81]." The reference to [IBM81] notes that the information comes from "course notes" at the IBM Systems Sciences Institute. Bossavit discovered, though, that many other publications have referenced Pressman's book as the authoritative source for this research, disguising its tentative nature.

Bossavit took the time to investigate the existence of the IBM Systems Science Institute, concluding that it was "an internal training program for employees." No data was available to support the figures in the chart, which shows a neat 100x the cost of fixing a bug once software is in maintenance. "The original project data, if any exist, are not more recent than 1981, and probably older; and could be as old as 1967," said Bossavit, who also described "wanting to crawl into a hole when I encounter bullshit masquerading as empirical support for a claim, such as 'defects cost more to fix the later you fix them'."

Google

Google Turns AlphaFold Loose On the Entire Human Genome (arstechnica.com) 20

An anonymous reader quotes a report from Ars Technica: Just one week after Google's DeepMind AI group finally described its biology efforts in detail, the company is releasing a paper that explains how it analyzed nearly every protein encoded in the human genome and predicted its likely three-dimensional structure -- a structure that can be critical for understanding disease and designing treatments. In the very near future, all of these structures will be released under a Creative Commons license via the European Bioinformatics Institute, which already hosts a major database of protein structures. In a press conference associated with the paper's release, DeepMind's Demis Hassabis made clear that the company isn't stopping there. In addition to the work described in the paper, the company will release structural predictions for the genomes of 20 major research organisms, from yeast to fruit flies to mice. In total, the database launch will include roughly 350,000 protein structures.
[...]
At some point in the near future (possibly by the time you read this), all this data will be available on a dedicated website hosted by the European Bioinformatics Institute, a European Union-funded organization that describes itself in part as follows: "We make the world's public biological data freely available to the scientific community via a range of services and tools." The AlphaFold data will be no exception; once the above link is live, anyone can use it to download information on the human protein of their choice. Or, as mentioned above, the mouse, yeast, or fruit fly version. The 20 organisms that will see their data released are also just a start. DeepMind's Demis Hassabis said that over the next few months, the team will target every gene sequence available in DNA databases. By the time this work is done, over 100 million proteins should have predicted structures. Hassabis wrapped up his part of the announcement by saying, "We think this is the most significant contribution AI has made to science to date." It would be difficult to argue otherwise.
Further reading: Google details its protein-folding software, academics offer an alternative (Ars Technica)
Google

Google Pushed a One-Character Typo To Production, Bricking Chrome OS Devices (arstechnica.com) 75

Google says it has fixed a major Chrome OS bug that locked users out of their devices. Google's bulletin says that Chrome OS version 91.0.4472.165, which was briefly available this week, renders users unable to log in to their devices, essentially bricking them. From a report: Chrome OS automatically downloads updates and switches to the new version after a reboot, so users who reboot their devices are suddenly locked out them. The go-to advice while this broken update is out there is to not reboot. The bulletin says that a new build, version 91.0.4472.167, is rolling out now to fix the issue, but it could take a "few days" to hit everyone. Users affected by the bad update can either wait for the device to update again or "powerwash" their device -- meaning wipe all the local data -- to get logged in. Chrome OS is primarily cloud-based, so if you're not doing something advanced like running Linux apps, this solution presents less of an inconvenience than it would on other operating systems. Still, some users are complaining about lost data.

slashdot Top Deals