Welcome to the February 22, 2019 edition of ACM TechNews, providing timely information for IT professionals three times a week.
ACM TechNews mobile apps are available for Android phones and tablets (click here) and for iPhones (click here) and iPads (click here).
To view "Headlines At A Glance," hit the link labeled "Click here to view this online" found at the top of the page in the html version.
The online version now has a button at the top labeled "Show Headlines."
|
|
Remote Code Execution Vulnerability Discovered in WordPress
TechRadar Anthony Spadafora February 21, 2019
Researchers at Web application security testing firm RIPS Technologies have discovered a serious remote code execution flaw in WordPress that has been accessible to attackers for six years. A low-privileged hacker with an account level of "author" or higher can exploit the flaw using a combination of both the path Traversal and Local File Inclusion vulnerabilities within WordPress' core code. RIPS Technologies' Simon Scannell said the attack leverages how WordPress' image management system handles Post Meta entries, which are used to store metadata uploaded with images. Either a rogue or compromised author account can be used to tweak the metadata and set it to arbitrary values, and when combined with the Path Traversal flaw and a local file inclusion vulnerability in theme director, this could enable a hacker to execute arbitrary code on a WordPress blog's server. A susceptible blog could be commandeered within seconds via this attack, and the flaw affects all previous versions of WordPress before version 5.0.3.
|
A Crucial Step for Averting AI Disasters
The Wall Street Journal Sue Shellenbarger February 13, 2019
Data from the U.S. Bureau of Labor Statistics shows that, although technology companies have increased efforts to recruit women and minorities, computer and software professionals who write artificial intelligence (AI) programs remain largely white and male. A byproduct of this lack of diversity is that datasets often lack adequate representation of women or minority groups. For example, one widely used dataset is more than 74% male and 83% white, meaning algorithms based on this data could have blind spots or biases built in. Biases in algorithms can skew decision-making, and many companies have realized that eliminating bias upfront among those who write code is essential. Said Affectiva co-founder Rana el Kaliouby, "You need diversity in the data, and more important, in the team that's designing the algorithm."
|
The Secret History of Women in Coding
The New York Times Magazine Clive Thompson February 13, 2019
Women were among the earliest pioneers of coding. In the early days of computing, hardware innovation was typically handled by men, while software became the province of women due to its secondary status, and its reliance on heavy calculation. Thanks to women's contributions to programming of prototype systems like the Electronic Numerical Integrator and Computer (ENIAC), core concepts about software development were standardized. Women's expertise continued to serve them well as coding boomed in the private sector, where male software developers were in short supply; however, women's prestige began declining in 1984 as home computers exposed teenage boys to programming, skilling them for future careers as programmers. Adding to this contraction were cultural pressures that made coding less appealing to girls, and the ascendancy of software skills in business combined with gender bias to compound the discouragement.
*May Require Paid Registration
|
Why Priscilla Chan Wants to Turn Inmates Into Coders
CBS News February 20, 2019
Chan Zuckerberg Initiative founder Priscilla Chan is helping to launch programs to teach female prisoners coding skills. Eighteen inmates at Oklahoma's Mabel Bassett Correctional Center are participating in the Last Mile Program, to learn programming languages like HTML and JavaScript, without Internet access. Chan thinks technology companies will be open to hiring former convicts with the right skills and motivation. She said, "Seventy percent of individuals who are incarcerated will come back. But if you give vocational training, it goes down to 30%." Almost 500 inmates across four states have completed the Last Mile Program's year-long course to become software engineers. Said Chan, "There are so many jobs that need to be filled today and...there's an incredible appetite for people with the right training to do the right job."
|
Virtual Makeovers Are Better Than Ever. Beauty Companies Are Trying to Cash In
CNN Rachel Metz February 19, 2019
Augmented reality (AR) is being pushed to the mainstream by apps in the beauty industry that serve as a consumer tool for trying on makeup. One example is an iPhone app from Ulta Beauty subsidiary GlamST, aided by innovations in underlying technology such as facial-feature and finger tracking. More powerful front-facing cameras on modern smartphones also have helped boost AR's appeal to beauty companies. AR companies said virtual makeup makes sense, given the deeply entrenched consumer mindset of trying on products before purchase. Advocates like L'Oréal chief digital officer Lubomira Rochet said AR is improving sales, with shoppers typically spending more time on an app or website that has AR makeup or skin-care features; Rochet also saw a 10% greater likelihood that those who virtually try on products will buy them, compared to those who do not.
|
Audi's In-Car Information System Helps Drivers Avoid Red Lights
Popular Science Dan Carney February 18, 2019
Audi's Traffic Light Information (TLI) system can alert drivers to imminent red lights and other traffic signals. The TLI is set up so the car communicates wirelessly with traffic lights outfitted with the technology; if the light is red, or going to be red when the car reaches the intersection, a traffic signal icon appears on the head-up display, dashboard display, or both, with a countdown informing the driver how long it will take to see a green light. The TLI also indicates the speed to maintain to avoid stopping at upcoming lights. The Green Light Optimized Speed Advisory uses traffic signal data and vehicle position to calculate speed recommendations allowing drivers to reach traffic signals while they are green. The upgraded signals transmit reports to the municipalities that operate them, and local governments send the information to Traffic Technology Services (TTS). TTS sends that data to Audi, which sends it to cars via 4G LTE cellular connections.
|
Nike's Android App Doesn't Run Well with Its Adapt BB Self-Tying Shoes
CNet Alfred Ng February 20, 2019
Nike released the AdaptBB, a tech-equipped sneaker, during the NBA All-Star game, along with an app that can control the shoe's fit and light-up colors. However, for people using Android smartphones, the app for the self-tying sneakers has not had a flawless rollout. Multiple reviews for the Nike Adapt App on Google's Play Store said that it does not connect to the left shoes, after an update resulted in the sneaker's main feature becoming useless. While users are still able to wear the sneakers and walk around in them, all the smart features from the app stopped working following the update, according to several users. The iOS version of the app has had less trouble.
|
Putting Data Privacy in the Hands of Users
MIT News Rob Matheson February 20, 2019
Researchers at the Massachusetts Institute of Technology and Harvard University have developed a platform to ensure Web services comply with users' explicit preferences for retaining and sharing their data in the cloud. Riverbed is engineered so a Web browser or smartphone app communicates with the cloud using a proxy, which operates on a user's device. When the service attempts to upload user data to a remote service, the proxy tags the data with a set of permissible uses for their data, or "policies." Users can choose any number of predefined restrictions, and the proxy tags all data with the preferred policies. In the data center, Riverbed assigns the uploaded data to a partitioned cluster of software components, with each cluster processing only data tagged with the same policies; Riverbed also tracks the server-side code so it adheres to user policies, and terminates service if compliance is not met.
|
After a Baby, 28% of New Parents Leave Full-Time STEM Work
Science Rachel Bernstein February 18, 2019
A study by University of Michigan-Ann Arbor researchers found that after science, technology, engineering, and math (STEM) professionals become parents, 43% of women and 23% of men change fields, become part-timers, or exit the workforce entirely. Michigan's Erin Cech said these numbers were higher than expected. The research was based on the career paths of 629 men and 212 women tracked by the U.S. National Science Foundation's Scientists and Engineers Statistical Data System (SESTAT). SESTAT said these professionals were full-time STEM workers in 2003, and had their first child before the next SESTAT data collection cycle in 2006, versus almost 3,000 STEM workers without children. The University of Wisconsin, Madison's Anna Kaatz hopes these findings will spur policy changes to make STEM more welcoming and supportive for parents. Said Kaatz, "If this was some sort of epidemic killing people off, that's really a lot of people leaving just because they're starting a family."
|
Rice U. Researchers Unveil IoT Security Feature
Rice University Jade Boyd February 20, 2019
Researchers at Rice University have developed physically unclonable function (PUF) technology, which is 10 times more reliable than current methods of producing unclonable digital fingerprints for Internet of Things (IoT) devices. PUF uses a microchip's physical imperfections to produce unique security keys that can be used to authenticate devices linked to the IoT. The system generates two unique fingerprints for each PUF, known as the "zero-overhead" method. This method uses the same PUF components to make both keys and does not require extra area and latency because of a design feature that also allows the PUF to be about 15 times more energy-efficient than previously developed versions. Said Rice University researcher Kaiyuan Yang, "In our design, the PUF module is always on, but it takes very little power, even less than a conventional system in sleep mode."
|
Ubisoft, Mozilla Team Up to Develop Clever-Commit, an AI Coding Assistant
TechCrunch Frederic Lardinois February 12, 2019
Game developer Ubisoft has partnered with Mozilla to develop a proprietary artificial intelligence-based coding assistant that learns from a code base's bug and regression data to analyze and highlight potential new defects as new code is committed. Mozilla said the Clever-Commit coding assistant will provide Ubisoft with "programming language expertise in Rust, C++, and JavaScript, as well as expertise in C++ code analysis and analysis of bug tracking systems." Mozilla will initially use Clever-Commit during the Firefox code review phase and, once it proves itself, at other development stages. The organization hopes Clever-Commit will flag three to four out of five bugs before they are embedded within the code. Said Mozilla's Sylvestre Ledru, "With a new release every six to eight weeks, making sure the code we ship is as clean as possible is crucial to the performance people experience with Firefox."
|
'Tags' Let Your Phone Spot Counterfeit Stuff
Futurity.org Maria Hornbek February 21, 2019
Researchers at the University of Copenhagen in Denmark have developed a system to prevent product counterfeiting, by giving individual items a label, or "tag," that corresponds with a unique fingerprint. The tag is comprised of transparent ink impregnated with microparticles that can be sprayed on a bar code on paper, using physical unclonable function technology. The particles form a random, unique pattern of minuscule white dots that is impossible to duplicate. The system allows each product leaving a factory to be assigned an individual tag for registration in a database. Consumers also can use this system to authenticate products with a smartphone, by employing an app to scan an item's particle fingerprint, and check for a matching database image. The University of Copenhagen’s Thomas Just Sorensen said, “Today, consumers are not able to check for themselves whether an item is genuine or not. They must trust every step of the production and supply chain. Our system provides every step in this process with equal access to the system.”
|
|