Windows is Bloated, Thanks to Adobe’s Extensible Metadata Platform –

I put together a tool that scans files for PNG images containing Adobe metadata and was surprised that Windows is host to a lot of this gunk.
Windows Explorer, for example, is a critical Shell component in the startup hot path. But despite its importance, it’s comprised of ~20% pure garbage. ApplicationFrame.dll, responsible for Windows app title bars and frame gizmos, is ~41% garbage. Twinui, imageres, and other related components scored with much lower numbers but couldn’t fully escape Adobe XMP.

Source: Windows is Bloated, Thanks to Adobe’s Extensible Metadata Platform –


Popular belief that saturated fat clogs up arteries is a myth, experts say – let the wars begin: others disagree!

Heart experts have been criticised for claiming it is “plain wrong” to believe that saturated fat clogs up arteries.

Three specialists argued that eating “real food”, taking exercise and reducing stress are better ways to stave off heart disease than cutting out dietary saturated fat.

Writing in a respected journal, they maintained that inflammation is the chief threat to arteries and there is little evidence linking saturated fat consumption with heart disease, diabetes and premature death.

But the editorial, published in the British Journal of Sports Medicine, attracted scathing criticism for being “simplistic”, “muddled” and “misleading”.

The authors, led by Dr Aseem Malhotra, from Lister Hospital, Stevenage, wrote: “Despite popular belief among doctors and the public, the conceptual model of dietary saturated fat clogging a pipe is just plain wrong.”

Dr Malhotra and colleagues Professor Rita Redberg, from the University of California at San Francisco, and Pascal Meier from University Hospital Geneva in Switzerland and University College London, cited a “landmark” review of evidence that appeared to exonerate saturated fat.

Source: Popular belief that saturated fat clogs up arteries is a myth, experts say

iPhone lawyers literally compare Apples with Pears in trademark war – and win!

Pear Technology, which produces digital mapping software and services, applied for the pear logo in 2014 and was almost immediately challenged by Apple, which claimed it was confusingly similar to its own apple-with-a-bite-out-of-it silhouette logo.

The Cupertino intellectual property lawyers claimed that despite one being a picture of a pear and one being a picture of an apple they were, legally, the same. How? Here are the words that make this leap of logic possible: “abstract stylization” and “sleek, rounded silhouettes of the fruits.”

As opposed to the jagged, spiky pears that you see in the supermarket all the time.

Even though the Pear Technologies trademark application had the word “Pear Technologies” written underneath as part of the mark, this mere detail was not enough to prevent consumers from being confused as to the difference between a pear and an apple, it seems.

Source: iPhone lawyers literally compare Apples with Pears in trademark war

Absolutely incredible that Apple(tm) have managed to trademark any and all fruits! How ridiculous is this world getting?

FYI: You can blow Intel-powered broadband modems off the ‘net with a ‘trivial’ packet stream

This week, inquisitive netizens discovered that, when presented with even modest amounts of network packets – as little as 1.5Mbps spread across various TCP or UDP ports – modems equipped with a Puma 6 slow to an unusable crawl.

According to one engineer who spoke to El Reg on the issue, the flaw would be “trivial” to exploit in the wild, and would effectively render a targeted box useless for the duration of the attack.

“You send a stream of 200Kbps of TCP, UDP or maybe even ICMP to different port numbers, and it has a tiny table to keep track of these that fills up. The device becomes immediately unresponsive. It comes back after you stop,” our tipster explained.

“It can be exploited remotely, and there is no way to mitigate the issue.”

Source: FYI: You can blow Intel-powered broadband modems off the ‘net with a ‘trivial’ packet stream

UK gov forces porn sites to gather personal info and allows gov depts to share citizens data despite being hugely unsafe

ISPs may be forced to block sites which fail to do so, and the fact that many such sites are not based in the UK nor subject to British law shall pose plenty of difficulties for the law’s implementation, as will its provisions forcing ISPs to prohibit access to “non-conventional sex acts”, which has provoked plenty of criticism from the less vanilla members of society.

The legislation, which requires websites serving up adult content to verify users’ ages or be blocked by ISPs, was criticised as an “unworkable proposal” by Open Rights Group, among others, including feminist pornographer Pandora Blake:

On the passing of the bill, Open Rights Group’s executive director Jim Killock said: “Age verification is an accident waiting to happen. Despite repeated warnings, parliament has failed to listen to concerns about the privacy and security of people who want to watch legal adult content.

“As we saw with the Ashley Madison leaks, the hacking of private information about people’s sex lives, has huge repercussions for those involved. The UK government has failed to take responsibility for its proposals and placed the responsibility for people’s privacy into the hands of porn companies.”
Last year, the National Audit Office warned of government’s data-handling capabilities, noting that there were 9,000 data breaches over the reporting period and warning that “cuts to departmental budgets and staff numbers, and increasing demands form citizens for online public services, have changed the way government collects, stores and manages information.”

Samson said that large parts of the Digital Economy Bill regarding data sharing remained unclear, and noted that it received Royal Assent with a lot of information left to follow.

“We’ve been told throughout the process that everything will adhere to the Data Protection Act, but that will be redundant from May of next year when the EU’s General Data Protection Regulation comes in,” said Samson. “Whatever is drafted to comply with the DPA will have to change for the GDPR, which means ensuring the individual’s consent and knowledge regarding how their data is being used.”

Source: Just delete the internet – pr0n-blocking legislation receives Royal Assent

How Did Get Users to Allow It to Sell Their Inbox Data?

But a New York Times profile of Uber this weekend revealed, in passing, that, which is owned by a company called Slice Intelligence, isn’t just in the business of tidying up customers’ inboxes. Slice makes money by scanning its users’ email for receipts, then packaging that information into intel reports on consumer habits. Uber, for example, was paying Slice to find users’ Lyft receipts, so it could see how much they were spending each month, “as a proxy for the health of Lyft’s business.”

On its website, Slice brags that it has access to 4.2 million people’s inboxes, where it quietly sits looking at receipts from “hundreds of thousands of retailers.” Many users have been quite upset to learn about the extent of the data collection, which the service’s CEO, Jojo Hedaya, wrote in a blog post yesterday is “heartbreaking.”

“[W]hile we try our best to be open about our business model, recent customer feedback tells me we weren’t explicit enough,” Hedaya wrote.

Source: How Did Get Users to Allow It to Sell Their Inbox Data?

Hint – they used some nice tricks including the “for any purpose” line…

Nuh-uh, Google, you WILL hand over emails stored on foreign servers, says US judge

Google has been ordered by a US court to cough up people’s private Gmail messages stored overseas – because if that information can be viewed stateside, it is subject to American search warrants, apparently.

During a hearing on Wednesday in California, magistrate judge Laurel Beeler rejected [PDF] the advertising giant’s objections to a US government search warrant seeking data stored on its foreign servers. The Mountain View goliath had filed a motion to quash the warrant, and was denied.

The warrant, issued on June 30, 2016, ordered Google to hand over information on a number of specific Gmail accounts, including message content, attachments, metadata, and locational data.

While Google complied with the warrants and handed all of the requested records for several accounts over to Uncle Sam’s agents, it refused to cough up information on two accounts and declined to access attachments on two others, arguing that because the data was held outside the US it was not covered by the warrant, as was decided in the Microsoft email brouhaha.

Judge Beeler, however, disagreed with the Chocolate Factory’s assessment, reasoning that if Google was able to pull up the data on its own machines in the US, then it should fall under a US court’s jurisdiction and, because it would be pulled from Google’s HQ in Mountain View, it was not considered overseas content the way Microsoft’s Ireland-based info was.

Source: Nuh-uh, Google, you WILL hand over emails stored on foreign servers, says US judge

Because in the US, are your base are belong to US

NL Court rules fan subtitles on TV and movies are illegal

Subtitle lovers, beware: a court just ruled that making fan subtitles or translations is not protected by the law. A Dutch group called (translated) the Free Subtitles Foundation took anti-piracy group BREIN to court over “fansubbing.” BREIN has previously been active in taking fan subtitles and translations offline, and the Foundation was hoping a Dutch court would come down on the side of fair use.

The court didn’t quite see it that way. It ruled that making subtitles without permission from the property owners amounted to copyright infringement. BREIN wasn’t unsympathetic, but said it couldn’t allow fansubbers to continue doing what they’re doing (using the word “illegal” so many times I’ve almost forgotten what it means):

With this decision in hand it will be easier for BREIN to maintain its work against illegal subtitlers and against sites and services that collect illegal subtitles and add movies and TV shows from an illegal source.

While this only effects the Free Subtitles Foundation and BREIN at the moment, it could set legal precedent for subtitle-makers all over the world.

Source: Court rules fan subtitles on TV and movies are illegal

FFS so translated versions of texts that don’t exist yet fall under copyright?!

Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools

The NSA’s Equation Group hacking tools, leaked last Friday by the Shadow Brokers, have now been used to infect thousands of Windows machines worldwide, we’re told.

On Thursday, Dan Tentler, founder of security shop Phobos Group, told The Register he’s seen rising numbers of boxes on the public internet showing signs they have DOUBLEPULSAR installed on them. These hijacked machines can be used to sling malware, spam netizens, launch further attacks on other victims, and so on.

DOUBLEPULSAR is a backdoor used to inject and run malicious code on an infected system, and is installed using the ETERNALBLUE exploit that attacks SMB file-sharing services on Windows XP to Server 2008 R2. That means to compromise a computer, it must be running a vulnerable version of Windows and expose an SMB service to the attacker. Both DOUBLEPULSAR and ETERNALBLUE are leaked Equation Group tools, now available for any script kiddie or hardened crim to download and wield against vulnerable systems.
entler said that a preliminary scan of the public internet on Thursday using revealed 15,196 infections, with four-fifths of those coming from IP ranges in the US. These numbers increase with each followup scan. A DOUBLEPULSAR-riddled system can be identified by the way it responds to a special ping to port 445.

“The polite term for what’s happening is a bloodbath. The impolite version is dumpster fire clown shoes shit show,” Tentler said. “I’m hopeful this is the wakeup moment for people over patching Windows machines.”

The problem may be even more serious. A larger scan by infosec researcher Robert Graham showed around 41,000 infected hosts and more scans are going to be carried out, so expect that number to rise.

Source: Script kiddies pwn 1000s of Windows boxes using leaked NSA hack tools

Researchers capture first ‘image’ of a dark matter web that connects galaxies

Researchers at the University of Waterloo have been able to capture the first composite image of a dark matter bridge that connects galaxies together. The scientists publish their work in a new paper in Monthly Notices of the Royal Astronomical Society.

The composite image, which combines a number of individual images, confirms predictions that galaxies across the universe are tied together through a cosmic web connected by dark matter that has until now remained unobservable.
They combined lensing images from more than 23,000 galaxy pairs located 4.5 billion light-years away to create a composite image or map that shows the presence of dark matter between the two galaxies. Results show the dark matter filament bridge is strongest between systems less than 40 million light years apart.

“By using this technique, we’re not only able to see that these dark matter filaments in the universe exist, we’re able to see the extent to which these filaments connect galaxies together,” said Epps.

Source: Researchers capture first ‘image’ of a dark matter web that connects galaxies

This new solar-powered device can pull water straight from the desert air

You can’t squeeze blood from a stone, but wringing water from the desert sky is now possible, thanks to a new spongelike device that uses sunlight to suck water vapor from air, even in low humidity. The device can produce nearly 3 liters of water per day for every kilogram of spongelike absorber it contains, and researchers say future versions will be even better. That means homes in the driest parts of the world could soon have a solar-powered appliance capable of delivering all the water they need, offering relief to billions of people.
“It has been a longstanding dream” to harvest water from desert air, says Mercouri Kanatzidis, a chemist at Northwestern University in Evanston, Illinois, who wasn’t involved with the work. “This demonstration … is a significant proof of concept.” It’s also one that Yaghi says has plenty of room for improvement. For starters, zirconium costs $150 a kilogram, making water-harvesting devices too expensive to be broadly useful. However, Yaghi says his group has already had early success in designing water-grabbing MOFs that replace zirconium with aluminum, a metal that is 100 times cheaper. That could make future water harvesters cheap enough not only to slake the thirst of people in arid regions, but perhaps even supply water to farmers in the desert

Source: This new solar-powered device can pull water straight from the desert air

Burger King ads talk to Google Home devices, make them talk when listening.

The advertisment says: “Hello Google, what is the whopper burger?” and Google home reads out the first line of the wiki page.
So Google blocked Burger King. So BK re-recorded and Google Home devices recite the first

Absolutely brilliant and very funny! Alexa next! And even more funny: changing the wiki page just as the advert runs and getting Google Home to read out something completely different!

Source: Burger King thought it had a great idea. Instead, it ended up with a Whopper of a problem.

Shadow Brokers release 4 year old NSA hacks for Win2k to Windows 8

The Shadow Brokers have leaked more hacking tools stolen from the NSA’s Equation Group – this time four-year-old exploits that attempt to hijack venerable Windows systems, from Windows 2000 up to Server 2012 and Windows 7 and 8.

The toolkit puts into anyone’s hands – from moronic script kiddies to hardened crims – highly classified nation-state-level weaponry that can potentially compromise and commandeer systems around the world. This is the same powerful toolkit Uncle Sam used once upon a time to hack into and secretly snoop on foreign governments, telcos, banks, and other organizations.

The files range from Microsoft Windows exploits to tools for monitoring SWIFT interbank payments. Ongoing analysis of the leaked documents and executables has revealed Cisco firewalls and VPN gateways are also targets.

Source: Leaked NSA point-and-pwn hack tools menace Win2k to Windows 8

These are actually useful and working tools, as opposed to the last lot.

Samsung blocks ability to remap Galaxy S8’s Bixby button

Samsung wants to keep you locked in the Bixby AI ecosystem in its fight against Amazon Alexa, Apple Siri, Google Assistant, and others.

Source: Samsung blocks ability to remap Galaxy S8’s Bixby button | ZDNet

And Bixby won’t work at all during launch. I’m actually not so very happy with Samsung deciding to ditch the hardware buttons, so not being able to remap at all sucks. Time to start looking for a new smartphone manufacturer: my S6 edge + wasn’t particularly great either. It’s battery life is half of what it was, the screen glass is cracked (and not repairable, even though the underlying LEDs are all fine) and the camera broke and had to be repaired. Not particularly impressive for a flagship phone.

feeling things you touch in VR

haptics for VR walls and other objects [CHI17 fullpaper]
← SIC on EMS [UIST16 contest hardware]
Ad Infinitum: a parasite [ScienceGallery’17] →

In this project, we explored how to add haptics to walls and other heavy objects in virtual reality. Our main idea is to prevent the user’s hands from penetrating virtual objects by means of electrical muscle stimulation (EMS). Figure 1a shows an example. As the shown user lifts a virtual cube, our system lets the user feel the weight and resistance of the cube. The heavier the cube and the harder the user presses the cube, the stronger a counterforce the system generates. Figure 1b illustrates how our system implements the physicality of the cube, i.e., by actuating the user’s opposing muscles with EMS.

Source: haptics for VR walls and other objects [CHI17 fullpaper] – pedro lopes research

MS now blocking updates for Win7 & 8 on PCs with modern CPUs. User makes patch to be able to install updates after all.

GitHub user Zeffy has created a patch that removes a limitation that Microsoft imposed on users of 7th generation processors, a limit that prevents users from receiving Windows updates if they still use Windows 7 and 8.1.

Source: User-Made Patch Lets Owners of Next-Gen CPUs Install Updates on Windows 7 & 8.1

MS wants to force you to update to that privacy invasion Windows 10 and has thought of another way to strongarm people into it.

Scammers place fake pins on Google Maps

A partnership between computer scientists at the University of California San Diego and Google has allowed the search giant to reduce by 70 percent fraudulent business listings in Google Maps. The researchers worked together to analyze more than 100,000 fraudulent listings to determine how scammers had been able to avoid detection—albeit for a limited amount of time—and how they made money.

The team presented their findings at the 26th International Conference on the World Wide Web in Australia earlier this month.

The computer scientists identified what they describe as a “new form of blackhat search engine optimization that targets local listing services” such as Google Maps. They also describe how these scammers were able to make money.
For example, when people run a search on their mobile phone, the search engine uses their physical location as one of the inputs to decide which results to display, Snoeren explained.

The scammers take advantage of this by using fake locations to make it look like their business is in close proximity to the user doing the search.
Scammers are able to make money when they get called to help a user based on a fake listing. Scammers might quote a low price when called on the phone, only to charge a higher fee when they show up. They might not be licensed but get the business anyway.

In another scheme, scammers set up fake pins for real hotels or restaurants on Google Maps. They set up websites where customers make reservations, which are connected to the business’ real website or to a travel agency, which is not part of the scam. This allows scammers to make money either by getting a commission for each reservation or for referring traffic to the businesses’ real websites.

*D.Y. Huang, D. Grundman, K. Thomas, A. Kumar, E. Bursztein, K. Levchenko and A.C. Snoeren, “Pinning Down Abuse on Google Maps,” Proc. of the International Conference on World Wide Web (WWW), April 3-7, 2017, Perth, Australia.

Caffe2 Open Source Brings Cross Platform Machine Learning Tools to Developers

We’re committed to providing the community with high-performance machine learning tools so that everyone can create intelligent apps and services. Caffe2 is shipping with tutorials and examples that demonstrate learning at massive scale which can leverage multiple GPUs in one machine or many machines with one or more GPUs. Learn to train and deploy models for iOS, Android, and Raspberry Pi. Pre-trained models from the Caffe2 Model Zoo can be run with just a few lines of code.

Caffe2 is deployed at Facebook to help developers and researchers train large machine learning models and deliver AI-powered experiences in our mobile apps. Now, developers will have access to many of the same tools, allowing them to run large-scale distributed training scenarios and build machine learning applications for mobile.

We’ve worked closely with NVIDIA, Qualcomm, Intel, Amazon, and Microsoft to optimize Caffe2 for both cloud and mobile environments. These collaborations will allow the machine learning community to rapidly experiment using more complex models and deploy the next generation of AI-enhanced apps and services. to optimize Caffe2 for both cloud and mobile environments. These collaborations will allow the machine learning community to rapidly experiment using more complex models and deploy the next generation of AI-enhanced apps and services.

Source: Caffe2 Open Source Brings Cross Platform Machine Learning Tools to Developers

AI Otto buys stock for ecommerce, decreases customer returns

The idea is to collect and analyse quantities of information to understand consumer tastes, recommend products to people and personalise websites for customers. Otto’s work stands out because it is already automating business decisions that go beyond customer management. The most important is trying to lower returns of products, which cost the firm millions of euros a year.

Its conventional data analysis showed that customers were less likely to return merchandise if it arrived within two days. Anything longer spelled trouble: a customer might spot the product in a shop for one euro less and buy it, forcing Otto to forgo the sale and eat the shipping costs.

But customers also dislike multiple shipments; they prefer to receive everything at once. Since Otto sells merchandise from other brands, and does not stock those goods itself, it is hard to avoid one of the two evils: shipping delays until all the orders are ready for fulfilment, or lots of boxes arriving at different times.
The AI system has proved so reliable—it predicts with 90% accuracy what will be sold within 30 days—that Otto allows it automatically to purchase around 200,000 items a month from third-party brands with no human intervention.
Overall, the surplus stock that Otto must hold has declined by a fifth. The new AI system has reduced product returns by more than 2m items a year.

Source: Automatic for the people: How Germany’s Otto uses artificial intelligence | The Economist

Video Game Maker Sparks Outrage With Trademark of ‘Cyberpunk’

Video game fans have been anticipating the latest franchise from CD Projekt Red, Cyberpunk 2077, for years. But only recently did it come to light that the makers of The Witcher franchise had trademarked the term “Cyberpunk” and this week some fans cried foul. Now, the developer is insisting that everything is ok and they’ll never use their power for evil.

Source: Video Game Maker Sparks Outrage With Trademark of ‘Cyberpunk’

How can you possibly trademark a common word?! Another example cited in this article is Sky TV suing SkyDrive and No Mans Sky for having the word Sky in it. This is ridiculous!

Shadow Brokers crack open NSA hacking tool cache for world+dog

The self-styled Shadow Brokers group has made a collection of NSA hacking tools and exploits publicly available.

The group released a password for their archive, making it available to all and sundry. They (unsuccessfully) attempted to auction off the trove last year.

In a (ranty) statement, Shadow Brokers said it was making the 2013 vintage hacking tools available as a protest against President Trump “abandoning” his base by bombing Syria in the wake of a chemical weapons attack on civilians, among other things.
Most of the exploits are old so it may be that the Shadow Brokers are either holding back on releasing the “good stuff” or never had them in the first place.

Snowden commented: “Quick review of the #ShadowBrokers leak of Top Secret NSA tools reveals it’s nowhere near the full library, but there’s still so much here that NSA should be able to instantly identify where this set came from and how they lost it. If they can’t, it’s a scandal.”

Source: Shadow Brokers crack open NSA hacking tool cache for world+dog

Jetfoiler: kiteboard on an electric foil

Source: About — Jetfoiler

There’s a big problem with AI: even its creators can’t explain how it works

No one really knows how the most advanced algorithms do what they do. That could be a problem.

Source: There’s a big problem with AI: even its creators can’t explain how it works

It’s a good run down of some of the places where accountability (self-driving cars, medical recommendations, AI driven tanks and drones, Siri, etc) is very important in order to understand, use and trust the choices a deep learning AI uses.

Smartphone gyros and open background tabs reveal your inputs, even when locked

Cyber experts at Newcastle University, UK, have revealed the ease with which malicious websites, as well as installed apps, can spy on us using just the information from the motion sensors in our mobile phones.

Analysing the movement of the device as we type in information, they have shown it is possible to crack four-digit PINs with a 70% accuracy on the first guess – 100% by the fifth guess – using just the data collected via the phone’s numerous internal sensors.
“Most smart phones, tablets, and other wearables are now equipped with a multitude of sensors, from the well-known GPS, camera and microphone to instruments such as the gyroscope, proximity, NFC, and rotation sensors and accelerometer.

“But because mobile apps and websites don’t need to ask permission to access most of them, malicious programs can covertly ‘listen in’ on your sensor data and use it to discover a wide range of sensitive information about you such as phone call timing, physical activities and even your touch actions, PINs and passwords.

“More worrying, on some browsers, we found that if you open a page on your phone or tablet which hosts one of these malicious code and then open, for example, your online banking account without closing the previous tab, then they can spy on every personal detail you enter.

“And worse still, in some cases, unless you close them down completely, they can even spy on you when your phone is locked.

“Despite the very real risks, when we asked people which sensors they were most concerned about we found a direct correlation between perceived risk and understanding. So people were far more concerned about the camera and GPS than they were about the silent sensors.”

Source: Are your sensors spying on you?

How To Make Your Car’s Face Pretty Again

It’s nearly impossible to keep your car’s paint looking perfect when you use it every day. It seems no matter what you do, highway debris, parking lot mayhem, and the sun’s UV rays do their fair share of damage to your pride and joy. Nothing short of a trip to a professional’s paint booth seems like a viable solution to the weathered appearance of your car.

Source: How To Make Your Car’s Face Pretty Again

This post walks you through repairing bumper gouges, bumper cracks and spot painting

Skip to toolbar