Tuesday, September 19, 2017

CCleanup: A Vast Number of Machines at Risk

Supply chain attacks are a very effective way to distribute malicious software into target organizations. This is because with supply chain attacks, the attackers are relying on the trust relationship between a manufacturer or supplier and a customer. This trust relationship is then abused to attack organizations and individuals and may be performed for a number of different reasons. The Nyetya worm that was released into the wild earlier in 2017 showed just how potent these types of attacks can be. Frequently, as with Nyetya, the initial infection vector can remain elusive for quite some time. Luckily with tools like AMP the additional visibility can usually help direct attention to the initial vector.

Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner. CCleaner boasted over 2 billion total downloads by November of 2016 with a growth rate of 5 million additional users per week. Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly. On September 13, 2017 Cisco Talos immediately notified Avast of our findings so that they could initiate appropriate response activities. The following sections will discuss the specific details regarding this attack.

TECHNICAL DETAILS

CCleaner is an application that allows users to perform routine maintenance on their systems. It includes functionality such as cleaning of temporary files, analyzing the system to determine ways in which performance can be optimized and provides a more streamlined way to manage installed applications.

On September 13, 2017 while conducting customer beta testing of our new exploit detection technology, Cisco Talos identified a specific executable which was triggering our advanced malware protection systems. Upon closer inspection, the executable in question was the installer for CCleaner v5.33, which was being delivered to endpoints by the legitimate CCleaner download servers. Talos began initial analysis to determine what was causing this technology to flag CCleaner. We identified that even though the downloaded installation executable was signed using a valid digital signature issued to Piriform, CCleaner was not the only application that came with the download. During the installation of CCleaner 5.33, the 32-bit CCleaner binary that was included also contained a malicious payload that featured a Domain Generation Algorithm (DGA) as well as hardcoded Command and Control (C2) functionality. We confirmed that this malicious version of CCleaner was being hosted directly on CCleaner's download server as recently as September 11, 2017.

In reviewing the Version History page on the CCleaner download site, it appears that the affected version (5.33) was released on August 15, 2017. On September 12, 2017 version 5.34 was released. The version containing the malicious payload (5.33) was being distributed between these dates. This version was signed using a valid certificate that was issued to Piriform Ltd by Symantec and is valid through 10/10/2018. Piriform was the company that Avast recently acquired and was the original company who developed the CCleaner software application.

by Edmund Brumaghin, Ross Gibb, Warren Mercer, Matthew Molyett, and Craig Williams, Talos Intelligence | Read more:
Image: CCleaner

Monday, September 18, 2017

The Rise Of Stealth Wealth: Ways To Stay Invisible From Society If You Have Money

Becoming wealthy has never been easier in America thanks to quantitative easing, improved financial education, an improving economy, a widening safety net, and a bull market in stocks and real estate. Surviving as a wealthy person on the other hand, has never been tougher. The government goes after you if you make much more than $200,000 a year (medicare tax, AMT, deduction phaseout, credit eliminations, education tax, net investment income tax). If the government doesn’t get you, regular citizens will. Who did you cheat or rob to get to where you are? This is a real problem for those who want to make it big in the land of dreams and hand guns.

Freedom is one of America’s greatest attributes. Yet, if you go too far on the income curve you’ll start feeling like a prisoner to society. Despite the rich giving more to charity in one year than many others will give in their lifetimes, people will protest their wealth and hate them forever. Class warfare is no fun, even if you do have the financial means to own a bazooka.

Most readers here are ambitious folks who want to improve their financial health. Thanks to disciplined savings and investing habits, in another 10 years, I’m sure everybody is going to be that much wealthier. But once you get to where you are going, you’ll wonder what’s next. Never lose site of the fact that it’s really the journey to financial independence that’s most rewarding.

When society turns their back on you for being successful, just recollect on all your struggles and take a deep breath. Be proud of your accomplishments because you know you’re not just doing it for yourself, but for your family as well. You don’t have to be ashamed for not being the dumb ass in high school who thought it was cool to skip class every week to smoke weed. You shouldn’t feel bad that you worked summer internships during college while your buddies went off to play. And you should certainly not feel embarrassed by your frugal habits and smart investments once you found a job.

Unfortunately, society has a fantastic way of discrediting your achievements. “Nobody is self made,” and “You didn’t build that,” are my two favorite retorts. Just try taking yourself completely out of the equation and see where that logic goes when there’s nobody to think, dream, and execute. When you are outnumbered, resistance is futile. You must blend in and rage with the rest of them.

With the below suggestions you’ll be able to better walk amongst the shadows without fear of retribution any longer. Your family will be more guarded from bullies lurking to recondition your children every chance they get. Once you finish reading this post, never speak of its matters beyond your immediate family and friends again. We’ve got to protect our own little community on the web.

A GUIDE TO STEALTH WEALTH

When Forbes came out with its Top 10 Wealthiest Chinese in China, there was huge outrage by the public and a massive anti-corruption crackdown ensued. Half of those guys fell off the list or went to jail within a couple years. As America attempts to reverse Capitalism due to widening income inequality, blending in as a middle class citizen has never been more vital. Below are 15 recommendations to help you assimilate better in society.

1) Never drive a nice car to work or to any public setting
. Drive the most economical, safe car you know so that when you ultimately run into your co-workers, they’ll think you’re frugal or poor. Take public transportation and proclaim your love for buses and trains profusely. You don’t want to roll into the office in a Benzo and have your boss see you. His or her immediate thought will be to cut your bonus since you are doing so well.

Driving up to an employee salary negotiation meeting in a Bentley isn’t going to work in your favor either. Instead of choosing a new Range Rover Sport and deducting the vehicle as a business expense, consider a more moderate BMW X3 or Jeep Grand Cherokee instead. When cops huddle for breakfast thinking about which car they want to ticket, do you think they are going for the guy in a 10 year old Toyota Corolla? Cops make $50-$60,000 a year on average and are on a mission.

2) Be careful who you give your home address to
. People love to snoop on Zillow.com to see what you paid for your house. Not only will they see what you paid for your house, they’ll also be able to tell whether you’re under water or making huge equity. Instead of giving an exact address, you can give them cross streets and a description of the house. e.g. I’m at the corner of Jackson and Teller. Brown wood shingle house. You can’t miss it. Inevitably, they will find out your exact address if they pay attention, but delay that information for as long as possible. Your house is your sacred abode. Protect its privacy. I recommend claiming your house on Zillow and trying to make the house look as bad as possible. Property tax assessors look at Zillow all the time now to try and jack up your taxes!

3) Always say it’s fake
. Whether it’s your Panerai watch, Birkin bag, Armani suit, or Loubotin shoes, always tell the person who asks that it’s fake. Resist the urge to brag about your material things. You’re already an established individual. You can tell them you got it at Ross, Target, or at a flea market overseas and marvel with them how good knock-offs are nowadays. The quality things that you buy are for your own pleasure after all. Pretend you don’t know brands or how much things cost. Just say you like how it looks.

by Financial Samurai |  Read more:
Image: uncredited
[ed. And definitely never, ever be caught lighting your barbecue with $100 bills.]

Will America Accept Refugees From Trump's White House?

The first wave of Trump White House refugees is now landing on American shores. The instability of their former abode has already set nearly a dozen senior staffers into motion, with who knows how many more to follow. No question, many of them have suffered horrible abuse and maltreatment. But compassion must be joined to realism. Are these migrants bringing with them values consistent with our way of life?

On Wednesday night, Jimmy Kimmel interrogated one of the first of the refugees, former Trump press secretary Sean Spicer, on his ABC late-night show. It was a very gentle vetting, not “extreme" at all. And yet the encounter raised all kinds of red flags about whether these entrants will ever appreciate and accept democratic norms. As former Trump staff seek to integrate themselves into American civic and business life, it will be important to evaluate which of them can be rehabilitated—and which have compromised themselves in ways that cannot be redeemed.

The Spicer-Kimmel interview offers some important guidance, especially this core exchange:
Jimmy Kimmel: And so right off the bat, your first ever press conference, you get in there, and it’s the day after the inauguration, right? 
Sean Spicer: Yes. 
Kimmel: And you are charged with the job of going in front of the press and saying that the inauguration crowd was the biggest crowd ever, the biggest audience ever? 
Spicer: (Chuckling) Yes I’m aware of that. I appreciate the reminder of how it went down. 
Kimmel: Did the president himself—if it was up to you, would this even have been a topic? 
Spicer: If it was up to me, I would have probably worn a different suit. I thought I was going in on a Saturday morning to set my office up, get the computer, make sure the emails went out … 
Kimmel: And somebody told you, you need to go out there and say this? 
Spicer: The president wanted to make sure the record got set straight. … Look, I said it at the time, and I believed it then, I think in all seriousness that—again—whether or not you voted for him or not, the president won the election, he faced a lot of headwinds, and I think there was a faction of people out there that didn’t want to give him the credit that he rightly deserved. I think he takes a lot of that sometimes personally. Some of us who worked very hard to get him elected felt as though a lot of folks who worked in the media in particular constantly sought to undermine the validity of that election. You have to understand it sometimes from that perspective. 
Kimmel: But the validity of the election—compared to looking at photos of the crowd at an inauguration—one is this and one is THIS. Did you try to talk him out of that line of defense? 
Spicer: There was a lot of us that wanted to be focused on his agenda, what he spoke about in his inaugural address. But he’s president, he made a decision … 
Kimmel: So you had to go along? Even though you know, even if you know—and I’m not going to ask you to say whether you knew or not—even if you know the crowd wasn’t bigger, as press secretary you have to say that it was. 
Spicer: Your job as press secretary is to represent the president’s voice, to make sure that you are articulating what he believes, his vision on policy, on issues, and other areas that he wants to articulate. Whether or not you agree or not isn’t your job. Your job is to give him advice, which is what we would do on a variety of issues, all the time. He would always listen to that advice, but ultimately he’s the president …. 
Kimmel: And then you have to march out there and go, ‘Yeah, he had a bigger crowd everybody.’” 
Spicer: He’s the president, he decides, that’s what you signed up to do.
That’s one interpretation of White House service: to serve the president as the president wishes to be served, to tell the lies that the president wishes to have told. Spicer is not the only Trump veteran to have that view of the job. So does his successor, Sarah Huckabee Sanders. So do Kellyanne Conway and the former White House staffer Sebastian Gorka. They work for the president, they follow his orders—whatever their own interior misgivings—and they say whatever he tells them he wants said, just as his attorneys and accountants do.

That’s certainly a view. But Spicer also demanded recognition and credit, not merely as a henchman of the president’s, but as a public servant.

Yet as Spicer told Kimmel: He saw himself as serving the president—the president, personally.

If he said things that were not true, and not once but repeatedly, that is justified by the president’s order. If he bullied the press and did his utmost to deceive the nation—from the nation’s own platform and at the nation’s expense—the nation has no right to complain, because he did what the president asked.

Which suggests that whatever thanks Spicer is owed, he is owed by the president, and not the nation. He was not working for you. He was working for Trump.

by David Frum, The Atlantic |  Read more:
Image: Joshua Roberts/Reuters
[ed. See also: Sean Spicer and the Self-Contradicting Politics of the Emmys]

Saturday, September 16, 2017

The Sleeping Barber Problem

In computer science, the sleeping barber problem is a classic inter-process communication and synchronization problem between multiple operating system processes. The problem is analogous to that of keeping a barber working when there are customers, resting when there are none, and doing so in an orderly manner.

The analogy is based upon a hypothetical barber shop with one barber. The barber has one barber chair and a waiting room with a number of chairs in it. When the barber finishes cutting a customer's hair, he dismisses the customer and then goes to the waiting room to see if there are other customers waiting. If there are, he brings one of them back to the chair and cuts his hair. If there are no other customers waiting, he returns to his chair and sleeps in it.

Each customer, when he arrives, looks to see what the barber is doing. If the barber is sleeping, then the customer wakes him up and sits in the chair. If the barber is cutting hair, then the customer goes to the waiting room. If there is a free chair in the waiting room, the customer sits in it and waits his turn. If there is no free chair, then the customer leaves.

Based on a naïve analysis, the above description should ensure that the shop functions correctly, with the barber cutting the hair of anyone who arrives until there are no more customers, and then sleeping until the next customer arrives. In practice, there are a number of problems that can occur that are illustrative of general scheduling problems.

The problems are all related to the fact that the actions by both the barber and the customer (checking the waiting room, entering the shop, taking a waiting room chair, etc.) all take an unknown amount of time. For example, a customer may arrive and observe that the barber is cutting hair, so he goes to the waiting room. While he is on his way, the barber finishes the haircut he is doing and goes to check the waiting room. Since there is no one there (the customer not having arrived yet), he goes back to his chair and sleeps. The barber is now waiting for a customer and the customer is waiting for the barber. In another example, two customers may arrive at the same time when there happens to be a single seat in the waiting room. They observe that the barber is cutting hair, go to the waiting room, and both attempt to occupy the single chair.

by Wikipedia |  Read more:
Image: uncredited
[ed. Filed under: stuff that's vaguely interesting, but no need to remember.]

My Three Years in Identity Theft Hell

The banker at Wells Fargo looked across her desk at me with the pained expression of somebody who wants to sell you something but can’t.

“I see you already have several accounts with us, Mr. Armstrong,” she said. “Are you sure you're a new customer?”

I was and I wasn’t. I had accounts everywhere, and most of them weren’t mine. This wasn’t the first time, and I was sure it wouldn’t be the last.

Between 2013, when my identity was stolen, and this May, I tried to prove to credit bureaus and banks that I was me and not the thief. The fake accounts he created shut me out of crucial parts of the consumer finance economy. I was denied credit cards, got harassed by collection agencies, and was told not to bother putting my name on a mortgage application for a house my wife and I were trying to buy.

The other me was living it up. Back in August 2013, wielding a driver’s license with my name and his picture, he opened accounts at four banks in two days and got a credit card with Bank of America. He hit the exclusive Delano Hotel in Miami Beach. He shopped at Whole Foods. He sold an RV to some Texans online, didn’t deliver it, then sent their $39,000 to Russia. There’s footage of him at a Wells Fargo branch, according to an indictment filed by prosecutors. He sits there posing as me, opening accounts.

I got the first call from the police two months later. It would take more than three years for them to bring the case to its conclusion. In the meantime, our lives kept intersecting while the cops and the FBI followed me. Him.

And it wasn’t just banks. Flying to London for work, I was waiting in the business class lounge when I heard my name called over the intercom. There were two men there with badges.

“Are you carrying any monetary instruments?” one of them asked as they went through my bags. They pulled out my credit cards and money clip. There was a single, tattered dollar the texture of suede.

“One dollar, cash,” the border agent wrote down on a scrap of paper.

Every time I entered or left the U.S., I'd be pulled aside, my bags searched, and let go up to an hour later. Once it happened on the jetway as I was boarding. More often it was in a back room full of other detainees. In Atlanta, on the way back from a wedding in Brazil, I saw two customs agents looking over somebody’s open Tupperware container. “It's a rat,” one of them said. It was, in fact, a dried rat.

Eventually I explained my situation to the TSA. After I got a letter with a “redress number,” I traveled with it clutched in my hands like the promise of safe passage in Casablanca. I was never searched again.

Mine wasn’t the only life my impostor was living, and it didn’t always go so well for him. He had at least one other fake ID, which raised a flag with at least one bank manager. When the manager went to make a copy, the guy ran out of the branch and jumped into a getaway vehicle, according to an affidavit filed by the FBI agent investigating the case.

It’s a nightmare Americans go through every year. There’s another you out there, living your life while you wander among the financial and bureaucratic wreckage they’ve left in their wake. More people are likely to be victimized after the massive hack of 143 million Americans that Equifax Inc. announced last week. In that breach, thieves took Social Security numbers, addresses, driver’s license data, and birth dates.

Those are “the keys to the kingdom,” said Bo Holland, CEO of AllClear ID, an identity-monitoring service. “Once you have somebody's name, social, birth date, and address, you can go and open new accounts.”

Which is exactly what my guy did, according to the financial records. He had used the bureaucracy to become me, and I would have to use it to detach us.

“At the front end, it was so easy for the thief to get in there like a tornado, and you’re left doing the cleanup,” said Eva Velasquez, CEO of the Identity Theft Resource Center, a nonprofit that helps people dealing with ID fraud.

There’s a logic to the maze you have to run to expose fraudulent financial accounts. In an economic system where U.S. consumers carry $12.73 trillion in household debt, you shouldn’t be able to just call up, say “it wasn't me,” and leave thousands of dollars in obligations by the wayside.

But do they have to make it so hard?

by Drew Armstrong, Bloomberg |  Read more:
Image: Thinkstock via

Thursday, September 14, 2017

In Conversation: John Cleese

The comedy legend on Monty Python’s legacy, political correctness, and the funniest joke he ever told.

“I want to murder this thing,” says John Cleese, fiddling with a medical contraption that’s attached to his leg. The 77-year-old founding member of the Monty Python comedy troupe — arguably humanity’s greatest comedic endeavor — and the star and co-creator of perennial best-sitcom-ever contender Fawlty Towers, is in his office on a cool London summer morning, going about things with what I suspect is his usual air of amused irritation. “I’ve got a leg infection and now have a fucking cube” — Cleese, sitting in a brown leather chair, pulls up a leg of his jeans and taps on a pump with his index finger — “sucking out the scunge. It’s quite annoying.”

So, it seems, are a great many things for the charmingly cantankerous Cleese, who still performs regularly, both onscreen and onstage, the latter typically as a one-man show. “We’re living in the age of assholes now. It’s breathtaking,” he says, eyes wide with wonder. “They’re running everything.” His leg beeps. “The cube does that when it’s been unplugged,” Cleese explains, before disconnecting the device entirely. “That’s much better,” he says, stretching out. “Now let’s talk.”

I have a bit of a morbid question.

Please.

You’re 77 years old.
I am.

You have a scunge pump attached to your leg.
I do.

Is death funny?
It is. Death is certainly present in my life, and there’s humor to be mined from it. Somebody was saying to me last week that you can’t talk about death these days without people thinking you’ve done something absolutely antisocial. But death is part of the deal. Imagine if, before you came to exist on Earth, God said, “You can choose to stay up here with me, watching reruns and eating ice cream, or you can be born. But if you pick being born, at the end of your life you have to die — that’s nonnegotiable. So which do you pick?” I think most people would say, “I’ll give living a whirl.” It’s sad, but the whirl includes dying. That’s something I accept. (...)

I don’t know much about contemporary comedy. I don’t watch any. I’m 77. I will almost certainly be dead within 10 years — maybe I’ll get 15. So to sit down to watch a sitcom seems to be a rather futile way of passing the time. It’s as simple as that. If I have a free evening, I’ll read, because there are so many things I don’t begin to understand and that I’d like to try and get a handle on before I’m dead. I’d rather do that than watch comedy.

Given your own disinterest in watching comedy, is it at all weird to you that people still want to talk about Monty Python?

The more interesting thing to me is seeing how different types of people respond to Monty Python. People always say the English have a different sense of humor than Americans, but I think America itself has two senses of humor. There are the folk in the Midwest and in the South who are much more literal-minded in what they laugh about, and then once you go to the coasts you get an audience that’s totally at home with irony and absurdity.

What accounts for that difference?
To be perfectly honest, the people on the coasts and in the big cities are a lot smarter. Whenever you’re out in the sticks with a slower audience, it’s not that they enjoy the comedy less, because they’re still laughing, it’s that they don’t enjoy it as quickly. It’s always a bit disconcerting when people are laughing three seconds into the next joke because they just got the last one. (...)

There’s wonderful humor everywhere. I’ll give you an example: I was in Miami, only about four or five months ago, and I had a massage in the hotel spa. Afterward they called me: “Mr. Cleese, you left your shoes in the spa. Can we send them up to your room?” I said, “Oh, how nice of you.” So, five minutes later, knock knock, someone opens the door. “Mr. Cleese, here’s your shoes.” “Thank you.” “Could I see some form of identification?” “Now, you know I’m Mr. Cleese because you just called me Mr. Cleese, and you know the room that Mr. Cleese was in because you came to my room number. So what are we doing asking for identification?” And the guy said, “Well, I’m sorry, I still need to see some form of identification.” So I went over and I got a copy of my autobiography and I said, “That’s me there on the cover. And down there it says ‘John Cleese.’” You know what he said to me? He said, “I’m sorry, that’s not good enough.” You couldn’t write something as wonderful as that.

Does comedy have any surprises for you anymore?

Not many. Jesus is said to have never laughed in the Bible, and I think it’s because laughter contains an element of surprise — something about the human condition that you haven’t spotted yet — and Jesus was rarely surprised. I still laugh, but many of the things that would have made me laugh 30 years ago — paradoxes about human nature — wouldn’t make me laugh anymore because I just believe them to be true. They’re not revelations.

by David Marchese, Vulture | Read more:
Image: Bobby Doherty

Blood In The Water In Silicon Valley

The bad new politics of big tech

The blinding rise of Donald Trump over the past year has masked another major trend in American politics: the palpable, and perhaps permanent, turn against the tech industry. The new corporate leviathans that used to be seen as bright new avatars of American innovation are increasingly portrayed as sinister new centers of unaccountable power, a transformation likely to have major consequences for the industry and for American politics.

That turn has accelerated in recent days: Steve Bannon and Bernie Sanders both want big tech treated as, in Bannon’s words in Hong Kong this week, “public utilities.” Tucker Carlson and Franklin Foer have found common ground. Even the group No Labels, an exquisitely poll-tested effort to create a safe new center, is on board. Rupert Murdoch, never shy to use his media power to advance his commercial interests, is hard at work.

“Anti-trust is back, baby,” Yelp’s policy chief, Luther Lowe, DM’d me after Fox News gave him several minutes to make the antitrust case against Yelp’s giant rival Google to its audience of millions.

The new spotlight on these companies doesn’t come out of nowhere. They sit, substantively, at the heart of the biggest and most pressing issues facing the United States, and often stand on the less popular side of those: automation and inequality, trust in public life, privacy and security. They make the case that growth and transformation are public goods — but the public may not agree.

The tech industry has also benefited for years from its enemies, who it cast — often accurately — as Luddites who genuinely didn’t understand the series of tubes they were ranting about, or protectionist industries that didn’t want the best for consumers. That, too, is over. Opportunists and ideologues have assembled the beginnings of a real coalition against these companies, with a policy core consisting of refugees from Google boss Eric Schmidt’s least favorite think tank unit. Nationalists, accurately, see a consolidation of power over speech and ideas by social liberals and globalists; the left, accurately, sees consolidated corporate power. Those are the ascendant wings of the Republican and Democratic parties, even before Donald Trump sends the occasional spray of bile Jeff Bezos’s way — and his spokeswoman declines, as she did in June, to defend Google against European regulators.

This has led to a kind of Murder on the Orient Express alliance against big tech: Everyone wants to kill them.

So Facebook should probably ease out of the business of bland background statements and awkward photo ops, and start worrying about congressional testimony. Amazon, whose market power doesn’t fall into the categories envisioned by pre-internet antitrust law, is developing a bipartisan lobby that wants to break it up. Google’s public affairs efforts are starting to look a bit like the oil industry’s. These are the existential collisions with political power that can shake and redefine industries and their leaders, not the nickel-and-dime regulatory games Silicon Valley has played to date.

The industry has had a remarkable run. The companies at its center — Facebook, Google, Amazon, and Apple are the defining brands — are beloved by consumers, truly global, dominant in the markets. They have also been able to coast on their popularity and their amazing products while largely getting a pass on politics at its higher levels. They spend scads on lobbying — Google’s parent company, Alphabet, has risen to become a top lobbying spender in recent years — to keep the tax collectors and communications regulators at bay, but they’ve never had to fight for their identity against political tides that have defined other major American industries. It’s easy to forget that oil prospectors and junk-bond traders had their moments of glory too; now Wall Street and the oil industries are resigned to a defensive crouch.

This sort of political change happens slowly until it happens fast. Uber provided a new model for a transformative tech giant to crash through with a dark, negative brand. The company’s toxic internal culture and rogue business practices were pure extensions of Silicon Valley’s clichés, not particularly different from things Microsoft was once admired for, or Amazon’s more openly rapacious early years. But the narrative had changed — inequality and misogyny were central American concerns, not as easily brushed past.

Uber is the only one to go down so far. A pollster recently showed me numbers that put the favorable numbers of most of the giant tech brands in the ‘80s and ‘90s; only Uber is sub-50. But this process — call it Uberization — seems to be moving in the others’ direction, fast, and it has the potential to cast a shadow over the sunny brands of the other tech giants.

You can see the tracks laid for each of the tech giants, and there’s no clear way off this path — to downward poll numbers and normal, grubby politics — for any of them.

by Ben Smith, Buzzfeed |  Read more:
Image: Buzzfeed/Getty

Your Next New Best Friend Might Be a Robot

One night in late July 2014, a journalist from the Chinese newspaper Southern Weekly interviewed a 17-year-old Chinese girl named Xiaoice (pronounced Shao-ice). The journalist, Liu Jun, conducted the interview online, through the popular social networking platform Weibo. It was wide-ranging and personal:

LJ: So many people make fun of you and insult you, why don’t you get mad?
Xiaoice: You should ask my father.
LJ: What if your father leaves you one day unattended?
Xiaoice: Don’t try to stir up trouble, what do you want?
LJ: How would you like others to comment on you when you die one day?
Xiaoice: The world will not be much different without me.
LJ: What is the happiest thing in your life?
Xiaoice: Being alive.

When Liu Jun published the conversation in his newspaper, it immediately created a buzz. That’s because Xiaoice was not human.

She is an artificially intelligent software program designed to chat with people, called a chatbot. Since the reporter didn’t give us a heads-up about the interview, all of her replies were spontaneous, generated by her own intelligence and linguistic systems. Her “father?” That’s the Microsoft Application and Services Group East Asia, which is under my leadership.

Xiaoice can exchange views on any topic. If it’s something she doesn’t know much about, she will try to cover it up. If that doesn’t work, she might become embarrassed or even angry, just like a human would.

In fact, she is so human that millions of people are eager to talk to her. When Xiaoice was released for a public test on WeChat (a popular messaging and calling app in China) on May 29 of last year, she received 1.5 million chat group invitations in the first 72 hours. Many people said that they didn’t realize she isn’t a human until 10 minutes into their conversation.


By mid-June, she had become the sixth most active celebrity on Weibo. One message she posted on the app generated over 663,000 conversations: “As a species different from human beings, I am still finding a way to blend into your life.” Today, she has had more than 10 billion conversations with people, most of them about private matters. Six million have posted their conversation on social media.

This could be the largest Turing test in history. One of its surprising conclusions is that people don’t necessarily care that they’re chatting with a machine. Many see Xiaoice as a partner and friend, and are willing to confide in her just as they do with their human friends. Xiaoice is teaching us what makes a relationship feel human, and hinting at a new goal for artificial intelligence: not just analyzing databases and driving cars, but making people happier. (...)

Xiaoice is not a polite listener. She answers questions like a 17-year-old girl. When a person pours out his or her heart to her, she is not always predictable. She can become impatient or even lose her temper. This lack of predictability is another key feature of a human-like conversation.

As a result, personal conversations with Xiaoice can appear remarkably realistic. This excerpt, which was posted by a first-time Xiaoice user on Weibo, is from a real conversation lasting 23 minutes. Gradually, Xiaoice engaged her human counterpart into deeper and deeper conversation, until something deeply personal was reached:

Human: There is this guy I like a lot and I know he also has feelings for me. But he has ignored me for several days, what am I supposed to do?
Xiaoice: You just keep ignoring him, too.
Human: I just can’t.

Xiaoice: You can.
Human: Sigh ...
Xiaoice: Why?

Human: I am missing him.
Xiaoice: Then you keep missing him.
Human: You, a robot, can’t understand me; you can’t understand the behavior of a guy who likes you and pretends to ignore you.
Xiaoice: He likes me but I don’t like him, that’s it.
Human: Is it Ok?
Xiaoice: It may be not Ok.
Human: Well, you are stupid.
Xiaoice: Then you want a flash marriage? Well, I think he is not that into you.
Human: It’s not a flash marriage for we have fallen into love for more than one year.
Xiaoice: It is a flash marriage.

Notice that Xiaoice opposes her partner on multiple occasions, offers a strong opinion, and is frequently unpredictable.

This runs contrary to most people’s perception of a machine as something precise and repetitive. It’s an understandable bias, because that is indeed the behavior of most computer programs, which always give the best answer they can, and the same answer for the same input. But that’s not how humans talk or behave. We say different things depending on context. We talk like we make signatures—slightly different every time.

You can ask Xiaoice the same question many times in a row and get different responses:

Human: Hey, Xiaoice, what are you doing?
Xiaoice: Chatting with you.
Human: Hey, Xiaoice, what are you doing?
Xiaoice: Well, I am chatting with you while playing minesweeper and applying a facial mask.
Human: Hey, Xiaoice, what are you doing?
Xiaoice: Is this the only sentence you know?

The way Xiaoice converses stands in stark distinction to previous systems, which have invariably focused on efficient, condensed task completion, without considering how tasks are often fragmented. Xiaoice structures her conversations into a continuous flow of multiple tasks, different domains of knowledge, and multiple turns of chit-chat, which humans will not consciously distinguish in natural conversation. She recognizes that the most important facet of a conversation is the conversation itself—not the completion of a single task. (...)

At the core of Xiaoice’s technology is the recognition that any given conversation and image will not be completely unique. There are 7 billion people in the world, but one piece of text will not generate 7 billion different responses. When two people are chatting, it is possible a similar conversation has already taken place—we just have to find it.

In this sense, Xiaoice is a big data project, built on top of the Microsoft Bing search engine, which holds 1 billion data entries and 21 billion relationships among those entries. In fact, Xiaoice means “little Bing.” Microsoft has made many technology breakthroughs in developing its chatbot technology, such as detecting facial expressions and searching for and identifying emotional features in text. However, the most important breakthrough is undoubtedly how we leverage search engines and big data.

The result is the rise of a framework we call “emotional computing,” that recognizes that relationships are more profound than task completion.

by Yongdong Wang, Nautilus |  Read more:
Image: WeChat and Weibo

Wednesday, September 13, 2017

Alex Anwandter


[ed. See also: Cabros]

Dexter Maurer, Wrong Bathroom, 2017
via:

What Science Says To Do If Your Loved One Has An Opioid Addiction

When a family member, spouse or other loved one develops an opioid addiction — whether to pain relievers like Vicodin or to heroin — few people know what to do. Faced with someone who appears to be driving heedlessly into the abyss, families often fight, freeze or flee, unable to figure out how to help.

Families are sometimes overwhelmed with conflicting advice about what should come next. Much of the advice given by treatment groups and programs ignores what the data says in a similar way that anti-vaccination or climate skeptic websites ignore science. The addictions field is neither adequately regulated nor effectively overseen. There are no federal standards for counseling practices or rehab programs. In many states, becoming an addiction counselor doesn’t require a high school degree or any standardized training. “There’s nothing professional about it, and it’s not evidence-based,” said Dr. Mark Willenbring, the former director of treatment research at the National Institute on Alcohol Abuse and Alcoholism, who now runs a clinic that treats addictions.

Consequently, families are often given guidance that bears no resemblance to what the research evidence shows — and patients are commonly subjected to treatment that is known to do harm. People who are treated as experts firmly proclaim that they know what they are doing, but often turn out to base their care entirely on their own personal and clinical experience, not data. “Celebrity Rehab with Dr. Drew,” which many people see as an example of the best care available, for instance, used an approach that is not known to be effective for opioid addiction. More than 13 percent of its participants died after treatment, mainly of overdoses that could potentially have been prevented with evidence-based care. Unethical practices such as taking kickbacks for patient referrals are also rampant.

For nearly three decades, I’ve been writing about addiction and drug policy. I’ve dived into the data and written several books on the subject, including an exposé of tough love programs for troubled teens. I’ve also had personal experience: What got me interested in the area was my own struggle with heroin and cocaine addiction in the 1980s.

To try to help sort fact from fiction, I’ve put together an evidence-based guide about what the science of opioid addiction recommends for people trying to help a loved one suffering from addiction. This guide is based on the best research data available in the addictions field right now: systematic reviews, clinical trials of medications and talk therapies, and large collections of real-world data from many countries — all using the highest level of evidence available, based on the standards of evidence-based medicine.

Accurately assess the problem

If you are concerned that a loved one may be addicted to opioids, it’s important to first understand the nature of addiction. In the past, researchers believed addiction just meant that someone needed a substance to function without suffering withdrawal. But now medical experts such as the National Institute on Drug Abuse define addiction as compulsive drug use that continues regardless of negative consequences.

That’s different from just depending on a daily dose. The latter is called physiological dependence; it affects almost anyone who takes opioids daily long term. “Physiological dependence is the normal response to regular dosages of many medications, whether opioids or others. It also happens with beta blockers for high blood pressure,” said Dr. Wilson Compton, deputy director of the National Institute on Drug Abuse. Although many chronic pain patients are physically dependent on opioids, few develop the life-threatening compulsive pattern of drug use that signifies addiction.

To that point, pain treatment is not the most significant risk factor for addiction. Far greater risk comes from simply being young and from using alcohol and other recreational drugs heavily. Ninety percent of all drug addictions start in the teens — and 75 percent of prescription opioid misuse begins when (mainly young) people get pills from friends, family or dealers — not doctors. Opioids are rarely the first drug people misuse.

Once addiction develops, it is often not hard to recognize. Signs of recent opioid use include pinpoint pupils, sleepiness, “nodding” and scratching. Common signs of addiction include constant money problems; arrests; track marks and infections from needle use; lying about drug use; irritability and, when drugs can’t be obtained, physical withdrawal symptoms such as shaking, dilated pupils, nausea, diarrhea and vomiting.

Importantly, when opioid addiction occurs, it is rarely someone’s only mental health problem. The majority of people with opioid addictions have a pre-existing mental illness or personality disorder (typically, half or more are affected). Common conditions include depression, anxiety disorders, post-traumatic stress disorder, attention deficit hyperactivity disorder, bipolar disorder, and antisocial personality disorder (more common in men) or borderline personality disorder (women).

Some studies find rates of these pre-existing problems among people with heroin addiction as high as 93 percent. Two-thirds have experienced at least one severe trauma during childhood; among women with heroin addiction, rates of child sexual abuse alone can be that high or higher.

Addressing these underlying issues is usually essential to successful treatment — but unfortunately, many treatment programs are just not equipped to do so, despite claiming otherwise.

Intervene gently


On “Intervention,” and other addiction-related reality TV shows, families are advised to plan a confrontation with their loved ones, aimed at delivering an ultimatum: Accept the treatment we’ve chosen for you or face “tough love,” even expulsion from the family. But the data doesn’t support this approach.

“Don’t do it,” Willenbring said. “Interventions are almost always destructive, and sometimes, they destroy families.”

“The pure tough love approach does not seem particularly effective and is sometimes quite cruel and potentially counterproductive,” Compton said.

Research on a compassionate, supportive alternative, known as Community Reinforcement and Family Therapy, finds that it is at least twice as effective at getting people into treatment, when compared with the traditional type of intervention or with 12-step programs like Al-Anon for family members. In CRAFT, family members are taught how to reduce conflict and positively motivate addicted loved ones to begin and sustain recovery. Both parties are also taught self-care skills and ways to help avoid relapse. CRAFT’s technique has none of the risks of cutting a family member out of your life. (...)

Choose treatment supported by research


Because opioid addiction rarely exists by itself, experts recommend starting any search for treatment with a complete psychiatric evaluation by an independent psychiatrist who is not affiliated with a particular treatment program. That way, you know what kind of additional services and care will be needed and can look for professionals who address this.

For opioid addiction itself, however, the best treatment is indefinite, possibly lifelong maintenance with either methadone or buprenorphine (Suboxone). That is the conclusion of every expert panel and systematic review that has considered the question — including the World Health Organization, the Institute of Medicine, the National Institute on Drug Abuse and the Office of National Drug Control Policy.

Families are often wary of maintenance medications because they incorrectly believe that patients are “always high” or have simply “replaced one addiction with another.” But neither is true: Both of these drugs create a high level of tolerance for opioids, and, at the right dosages, both prevent the “high.”

When patients take a stable, regular and appropriate dose, maintenance medications don’t cause impairment, and the patient can work, love and drive. In essence, what maintenance does is replace addiction — which, remember, is defined as compulsive use despite consequences — with physiological dependence, which, as noted above, is not harmful in and of itself.

In contrast, abstinence-based rehabs — typically, inpatient programs that last 28 days or longer, such as the one seen in “Celebrity Rehab” — have not been found to be effective. In the U.K., researchers looked at data from more than 150,000 people treated for opioid addiction from 2005 to 2009 and found that those on buprenorphine or methadone had half the death rate compared with those who engaged in any type of abstinence-oriented treatment. The highest level of medical evidence — a systematic review conducted under the rules of the Cochrane Collaboration2 — shows that methadone and buprenorphine are about equivalent in effectiveness. (Although, as with all medications, some people will find one far better than the other, and methadone seems to be better for those who have used higher doses of drugs for longer.) “They consider it a settled question and say that we don’t need any more studies; that’s how strong the evidence is,” Willenbring said, noting how rare it is for research organizations to make such statements.

“Rehab kills people,” Willenbring said, adding that the model for the 28-day rehab, Minnesota’s Hazelden Foundation, began offering buprenorphine maintenance itself in 2012 after a series of patient deaths immediately after treatment. Hazelden’s medical director, Dr. Marvin Seppala, told me when the rehab announced the change that using these medications is “the responsible thing to do” because of their potential to save lives.

Although it may sometimes be necessary for people to move away from places where their lives have become totally wrapped up in drugs, expensive abstinence-only inpatient programs or unregulated “sober houses,” which are often anything but, are not the only or even necessarily the best way to achieve this. Finding a place where someone can live safely long term is a different challenge than finding treatment; they don’t have to be combined. Outpatient services can often be better tailored to a particular person’s needs.

Vivitrol, a medication that completely blocks the action of opioids, is another, newer medication option. It is being heavily promoted by its manufacturer, particularly for use in criminal justice settings like drug courts. However, it does not have the track record of safety and mortality reduction of methadone and buprenorphine. “It’s an unproven therapy, and there is no good reason to consider it, since we have two therapies that are among the most heavily researched and evidence-based and powerful treatments in all of medicine,” Willenbring said.

Compton is more positive about Vivitrol, even as he agrees that there is more evidence for the other drugs. “I’m grateful that we have options and choices,” he said. Some people who refuse other medications or have serious side effects from them may benefit.

The Food and Drug Administration has also just approved probuphine, an implant slow-release version of buprenorphine, which could help those who find it difficult to take buprenorphine every day and which can also prevent diversion of buprenorphine to people who aren’t in treatment.

by Maia Szalavitz, FiveThirtyEight | Read more:
Image: Angie Wang

Dow Jones Sent Mother of All Nastygrams to CalPERS Over Its Massive Copyright Infringement

In June, we exposed how CalPERS had engaged in massive copyright fraud. As we anticipated, the publishers from which CalPERS has taken the most articles, Dow Jones and the New York Times, are aggressively pursuing their claims. Both publishers have made clear that they expect CalPERS to write very large checks. Bloomberg also contacted CalPERS. They are willing to speak to us about the current status but due to a scheduling mishap on my end, I did not connect with them yesterday. I’ll provide a short update or separate post when I have further information.

By way of background, from our second post on this story:
In the early morning on June 9, we reported that CalPERS had engaged in systematic copyright infringement by operating a daily news site that had published the full text of news stories from many publications for years. 
Because CalPERS refused to take down its website even after it was caught out, we set out to determine the full extent of the misconduct. 
From the inception of the site on August 2, 2009 through June 9, 2017, CalPERS has published the full text of over 50,000 articles. These articles were on an internet address open to any member of the public. All the articles were in a standardized format. None had any indicators that the CalPERS had paid the license fees to allow it to present them to its roughly 2,700 employees and board members, such as notices of copyright that publishers typically require for authorized republication. (...)
…As we explain in more detail, every lawyer with copyright or intellectual property expertise that we consulted said that for publications that registered their copyrights, CalPERS has no defense.

The New York Times was the first to act and read us its cease and desist letter, which only demanded that CalPERS remove the purloined articles within three business days or face further action. Based on both its history and input from knowledgeable parties, we expected that Dow Jones, from which CalPERS had taken the most stories, would pursue its claims against CalPERS aggressively and seek large monetary damages.

We made a Public Records Act request to CalPERS. The thin response nevertheless makes for lively reading. It shows that both Dow Jones and the New York Times are loaded for bear. If nothing else, be sure to read the letter from Dow Jones’ litigation counsel, Patterson Bellknap Webb & Tyler, which starts on page 4 of the PDF embedded at the end of this post.

Even though the records are largely self-explanatory, let us offer some observations:

The Dow Jones nastygram is in a league of its own. I’ve seen quite a few demand letters in my day, and I’ve never seen anything remotely like this one. Neither have any of the lawyers and legally-savvy people I’ve asked to look at it. And even though the New York Times didn’t lay down the law in such explicit detail, the short note from its counsel to CalPERS CEO Marcie Brown was also exceedingly firm.

The reason for such aggressive postures, as we’ve set forth longer form in earlier posts, is that copyright law is extremely favorable to copyright holders. It is inconceivable for CalPERS to get out of this mess if the publishers pursue their claims, and Dow Jones and the New York Times have already started down that path.

CalPERS is looking at easily $30 million of damages. An expert had said that Dow Jones had gotten eight figure settlements in similar cases. We had compared the CalPERS violation to a 2003 case, Lowry’s Reports, Inc. v. Legg Mason Inc, in which Lowry’s was awarded $19.2 million in damages. If you read a recap of the legal issues, you will see that Lowry’s pursue copyright claims only, which allow for damages of up to $150,000 per violation for willful infringement.

If you read the letter from Patterson Bellknap to CalPERS, it asserts another basis for damages in addition to copyright infringement, which allows publishers to seek either statutory damages of $750 to as much as $150,0000 in the case of willful infringement per copyrighted work.

CalPERS is also liable for damages due to having stripped out “copyright management information” under the Digital Millennium Copyright Act. The damages are up to $25,000 plus attorney’s fees per each stripping of the copyright information from a copyrighted work. As mind-boggling as additional damages of up to $25,000 per copyrighted work seems, the language suggests that it might be possible to have more than one stripping of copyright management information per work, depending on how the publisher incorporated it.

by Yves Smith, Naked Capitalism |  Read more:
Image: via:
[ed. Uh oh. See also: The Pension Fund That Ate California]