Mediaboss Marketing

Enlarge / An arty photo of one of Facebook's data centres.

Facebook

With 1.3 billion daily users, the Facebook site and its apps are the most-used pieces of software in the world.Only a handful of software companies have ascended to a similar echelon of ubiquity, including Microsoft, Google, and Apple. For better or worse, that is the world we now live in, where a large percentage our waking hours is spent interacting with softwareand Facebook leads the pack, with the average userspending 50 minutes per day mostly watching videos and liking photos of babies.Television is the only leisure activity in the worldthat receives more attention than Facebook. And don't forget that Facebook now owns Instagram and WhatsApp, too.

Adobe Stock

That's why Facebook has some advanced bug-finding toolsincluding a devilishly clever dynamic analysis tool, initially devised by students at University College London and then acquired and further developed by Facebook's London office. This is the first time they've shown the inner workings of this new tool, dubbed Sapienz, to the press.

Eachtechnique serves a different purpose, and a big software company would usually use both. Static analysis is perfect for formally verifying that an algorithm works as intended, or for highlighting bad code that might allow for a buffer overflow orother security vulnerability. Dynamic analysis is better at finding the gnarly edge cases that cause crashes. Humans can manually perform both analyses, of course, but computers are obviously a lot quicker when it comes to testing millions of possible inputs.

Facebook's static analyser is called Infer. The company open-sourced the toolin 2013, and a lot of big names (Uber, Spotify, Mozilla) use it. There isn't a whole lot to say about it, other than it seems to be very popular and effective; download it today!

Sapienz has three main tricks up its sleeve.First, it uses a search-based evolutionary algorithm, rather than a random or model-based approach. Second, the fitness function that guides how the algorithm evolves is incredibly complex: there are multiple objectives, entwined by Pareto optimality, that must be fulfilled for each evolutionary change to be a success. And third, Facebook can run Sapienz on its One World test platform, which lets engineers find crashing bugs on hundreds of different Android devices simultaneously. (Sapienz only supportsAndroid apps currently, though there are plans to expand to otherplatforms and app types.)

The key to a successful evolutionary algorithm is its fitness function. I'm not your college computer science lecturer, so I won't go into too much detail, but a fitness function essentially looks at the result of a test case, and decides how close that result is to a desired outcome/objective. The results that don't fulfil the fitness function are tied up in a burlap sack and thrown in the river; the good ones are bred together, to form the basis of the next round of testing.

According to Facebook's engineers, most of their secret sauce is in Sapienz's fitness function, which has three objectives: to test as many of the app's methods and statements as possible, find as many crashes as possible, and minimise the length of the test sequences required to cause crashes. The first two are all about producing better, crash-free software; the third is to improve the efficiency of the system, so that a decent number of crashes can be found in a reasonable amount of time.

These three objectives are assessed by the fitness function for Pareto efficiency. That is, one objective isn't more important than the others: if the evolutionary algorithm is only producing long test sequences, but they're providing good coverage and finding lots of crashes, then those long tests will be kept alive. Over time the systemtries to hit Pareto optimality: where it's impossible to improve one objective without negatively impacting another. So, in this case, the algorithm would attempt to reduce the test sequence length without reducing coverage or the fault revelation.

Sapienz also strays slightly across the border into static analysis: it attempts to reverse-engineer the app (an Android APK in this case) to pull out some strings, which it then uses as natural-language inputs when testing begins. "We found this seeding to be particularly useful when testing apps that require a lot of user-generated content, e.g., Facebook, because it enables Sapienz to post and comment in an apparently more human-meaningful way," say the researchers.

Listing image by Adobe Stock

Read the original:
Facebook's evolutionary search for crashing software bugs - Ars Technica

WASHINGTON --Rob Joyce, the Trump administration's cybersecurity coordinator, said Tuesday the U.S. is lacking 300,000 cybersecurity experts needed to defend the country.

He also had a warning for the public about using software from Kaspersky Lab. U.S. officials believe the company has ties to the Kremlin -- and the federal government has vowed not to use its products.

CBS News has confirmed that FBI officials have met with private industry representatives to relay concerns about Kaspersky Lab, which is a Moscow-based cybersecurity company with suspected ties to Russian intelligence.

CBS News

FBI agents have also interviewed Kaspersky employees working in the U.S.

"I don't use Kaspersky Lab products," Joyce told CBS News' Jeff Pegues Tuesday in an exclusive interview.

He is also warning consumers against using the company's popular anti-virus software.

"Would you advise your family, your parents to use it?" Pegues asked.

"I would not," Joyce replied. "I worry that as a nation state Russia really hasn't done the right things for this country and they have a lot of control and latitude over the information that goes to companies in Russia. So I worry about that."

"There is a connection between Kaspersky and Russian intelligence, and I'm absolutely certain that Russian intelligence would want to use that connection to their advantage," said Michael Morell, a former deputy director of the CIA.

The U.S. government already prohibits its use, but local and state governments make extensive use of the Russian software. In fact, there are more than 400 million users worldwide.

Play Video

While President Trump meets with his Russian counterpart Vladimir Putin at the G20 summit in Germany to discuss a "cybersecurity task force," off...

The fear is Kaspersky's anti-virus software, which is supposed to protect users from malicious activity, could actually provide Russian intelligence with valuable information.

And as a Russian certificate shows, the company is registered with the FSB, one of Russia's intelligence agencies.

Eugene Kaspersky, the company's founder, once served in Russia's Ministry of Defense and is a graduate of a computer school tied to Russian intelligence.

Play Video

Our technology is under constant attack from people who want to steal personal information. Sometimes the only people who can defend our systems ...

The company denies the accusations, calling them "false allegations." A spokesperson said in an email that "the company has never helped nor will it help, any government in the world."

U.S. officials dismiss the denials, and continue to warn about the software.

"As cyber czar do you think more should be done to get the word out to the public not to use it?" Pegues asked Joyce.

"I think they should look at the decisions the government is making, and then make their own decisions," he said.

The FBI says it regularly meets with private sector organizations to share security concerns but it doesn't tell companies what business decisions to make. Kaspersky, meanwhile, is preparing a free version of its software.

2017 CBS Interactive Inc. All Rights Reserved.

See the original post:
WH cybersecurity coordinator warns against using Kaspersky Lab software - CBS News

WANT to keep your cash safe? Then keep an eye on your ID.

Figures out today show that identity fraud has hit record levels, with more than 500 identities stolen in the UK every day.

Getty - Contributor

Worryingly, there have been 89,000 identity fraud offences recorded in the last six months alone up five per cent on last year.

More than half of the offences are aimed at bank accounts and credit cards.

But there has been a sharp rise in fraudsters applying for loans, online shopping accounts and phone and insurance products, too.

The report is from Cifas, which maintains a UK fraud information database.

Chief executive Simon Dukes said: We have seen identity fraud attempts now reach epidemic levels. These frauds are taking place almost exclusively online.

"The vast amounts of personal data available either online or through data breaches is only making it easier for the fraudster.

Getty - Contributor

Here, we team up with Cifas to show you six ways to keep your identity safe.

Free, confidential advice from victimsupport.org.uk.

YOU can get FREE cash with super Sun Savers just for buying your favourite paper.

Our brilliant new rewards club, which launched this week, will pay back our most loyal readers.

The Sun

Just pick up the paper each day to collect your Sun Savers codes and we will GIVE YOU 5 when you have collected 28.

This isnt a one-off and there is no limit to how much cash you can save.

For every 28 codes you enter, we will give you a fiver. So over the course of a year, that could add up to 65.

We are keeping it super-simple. You dont have to enter codes from consecutive days, so dont worry if you forget a day or two.

Specimen

In fact, it is completely up to you how much you save.

Download our easy Sun Savers app and quickly scan your code using your smartphone. Or go online and enter your code at sunsavers.co.uk.

What is Sun Savers? Here's everything you need to know about our new rewards club

To get you on your way, join today and we will put a bonus 1 in your Sun Savers wallet tomorrow. And the good news doesnt stop with free cash.

With Sun Savers, we give you the best hacks, deals and tips to save money every single day.

TO JOIN: Dont worry, folks joining takes just 30 seconds, in three steps.

All well ask of you is your name, your date of birth and an email address to get you on the way to your first crisp fiver.

You can choose to save or cash out straight to your bank account or instantly with Paypal.

Dont delay join Sun Savers now!

SAVE BIG: We can scent a bargain. This 50ml DKNY MYNY Eau de Parfum was 50, now just 25 at Boots until September 12.

SAVE: 25

SAVE SMALL: Sleep easy with this pack of two Silentnight Ultrabounce pillows for a half-price 7 at George at Asda.

SAVE: 7

Getty - Contributor

READER Lynne Vickerstaff from Derby says: Visit charity shops during the holidays and snap up bargain puzzles and games to keep the kids busy.

WE all feel the need to put money away for a rainy day, and the average monthly sum we want to save is 320.

Sadly, our good intentions all too often come unstuck and the average saving achieved is 140, according to a new poll carried out for VoucherCodesPro.co.uk.

STUDENTS can bag ten per cent off at Co-op food stores using their NUS Extra membership card, and a further five per cent with a Co-op membership card.

Continue reading here:
Identify fraud online is reaching 'epidemic' levels here's how you can stay safe plus, get a free fiver from ... - The Sun

Photo by: Mark Lennihan/AP

Sisters Courtney, left, and Ashley Chang pose for photos with friends next to the newly unveiled sculpture of the Android 8.0 Oreo operating system Monday, Aug. 21, 2017, in New York.

SAN FRANCISCO (AP) An upcoming update to Google's Android software finally has a delectable name. The next version will be known as Oreo, extending Google's tradition of naming each version after a sweet treat.

Google anointed the software Monday after spending the past few months calling it "Android O."

Oreo boasts several new features, including the ability to respond to notifications directly on a phone's home screen and the ability to access apps without installing them on a device.

The free software is set to be released this fall, most likely after making its debut on a new Pixel phone that Google is expected to begin selling in October.

The nicknames for earlier Android versions have included Nougat, Marshmallow, and Lollipop.

Google and Oreo's maker, Mondelez, referred to their deal as a partnership, rather than a sponsorship, as no money was exchanged.

Google has named Android after a brand before: The 2013 version was known as Kit Kat. Financial terms weren't disclosed for that.

Android is the world's most widely used mobile operating system.

Apple doesn't use names for its iOS system for iPhones, though the software for Mac computers is named after big cats and geographic locations in California.

Read more here:
Google's newest Android OS gets a nickname: Oreo - Champaign/Urbana News-Gazette

The Plex service is widely appreciated by multimedia enthusiasts all over the world. It is a free software package that allows users to stream their media video, photos, and music to any device running the same software. Plex is supported on many platforms including consoles, smart TVs, tablets, and so forth. However, the company recentlymade an announcementthatupseta lot of people. Ithad planned to make data collection mandatory, without giving users an option to opt out. That plan has been canceled due to thenegative backlash.

In this day and age ofdata collection and invading ofprivacy, any decision made by companies in this regard will be scrutinized. Plex is no exception, as the software package is used by millions of people around the world. It is one of the most convenient ways to access and stream different types of media to any device. However, a newly announce plan by the company over the weekend had users up in arms, as they felt their privacy would have been invaded due to this decision.

The announcement of the change by the Plex team was bound tohave major repercussions. The company aimed to collect data onhow customers were usingthe software and services for which it is known. Up until now, that has always been a matter of users opting in to share this data or keeping it private at all times. The company decided the time had come to make abig change in this regardand make data collection mandatory at all times. Indeed, there would be no opt-out feature whatsoever.

The updated privacy policy reflecting these changes was not received all that well by the Plex community. In fact, they voiced their outrage on social media platforms and on the companys forum as well. Most Plex users do not wishto share their information with the company or detail how they use the software. After all, Plex is often used to stream less-than-legal content to other devices, which would give the company information onwhich users are known to havepossessedpirated content. It is unclear how that information would have been used, and with no opt-out feature, a lot of problems could have ensued.

According to the explanation provided by the company, this change was indeed necessary. A lot of information wasalready being transmitted due to servers connecting to the cloud, new services designed using metadata, and communication through the Plex cloud infrastructure to relay playback requests. Providing an opt-out feature in the setup, Plex claimed, would giveusers a false sense of privacy as a whole. The Plex software already collects a ton of information from which people cannot opt-out, and thus this updated privacy policy only reflected things which had been present for quite some already.

It did not take long until the Plex user base caught wind of this change andassumed the natureof an angry mob. Most of the users voicing concern promised to take their business elsewhere to other services, either paid or free of charge. Although thechange was supposed to go into effect onSeptember 20th, it appears the company has already reversed its decision altogether. This demonstrates thatfeedback from the public can certainly influence a companys decision-making. Even though Plex meant no harm whatsoever, the potential implications of thedata collection could have been catastrophic.

Additionally, Plex would have also been in violation of European Union law. These laws clearly state any company collecting users information needs the permission of the user specifically. Any updates made in regards to which information is collected has to be approved by users as well, which Plex had no intentionof doing. The fact that theplan will not go into effect after all is a small victory for privacy advocates. The opt-out feature will remain where it is right now, although the amount of data collected when users opt in will still reflect the proposed changes.

See the original post:
Plex Users Outraged Over Company's Plans to Collect More Information - The Merkle