02 November 2018

Open Sourcing BERT: State-of-the-Art Pre-training for Natural Language Processing




One of the biggest challenges in natural language processing (NLP) is the shortage of training data. Because NLP is a diversified field with many distinct tasks, most task-specific datasets contain only a few thousand or a few hundred thousand human-labeled training examples. However, modern deep learning-based NLP models see benefits from much larger amounts of data, improving when trained on millions, or billions, of annotated training examples. To help close this gap in data, researchers have developed a variety of techniques for training general purpose language representation models using the enormous amount of unannotated text on the web (known as pre-training). The pre-trained model can then be fine-tuned on small-data NLP tasks like question answering and sentiment analysis, resulting in substantial accuracy improvements compared to training on these datasets from scratch.

Today, we are open sourcing a new technique for NLP pre-training called Bidirectional Encoder Representations from Transformers, or BERT. With this release, anyone in the world can train their own state-of-the-art question answering system (or a variety of other models) in about 30 minutes on a single Cloud TPU, or in a few hours using a single GPU. The release includes source code built on top of TensorFlow and a number of pre-trained language representation models. In our associated paper, we demonstrate state-of-the-art results on 11 NLP tasks, including the very competitive Stanford Question Answering Dataset (SQuAD v1.1).

What Makes BERT Different?
BERT builds upon recent work in pre-training contextual representations — including Semi-supervised Sequence Learning, Generative Pre-Training, ELMo, and ULMFit. However, unlike these previous models, BERT is the first deeply bidirectional, unsupervised language representation, pre-trained using only a plain text corpus (in this case, Wikipedia).

Why does this matter? Pre-trained representations can either be context-free or contextual, and contextual representations can further be unidirectional or bidirectional. Context-free models such as word2vec or GloVe generate a single word embedding representation for each word in the vocabulary. For example, the word “bank” would have the same context-free representation in “bank account” and “bank of the river.” Contextual models instead generate a representation of each word that is based on the other words in the sentence. For example, in the sentence “I accessed the bank account,” a unidirectional contextual model would represent “bank” based on “I accessed the” but not “account.” However, BERT represents “bank” using both its previous and next context — “I accessed the ... account” — starting from the very bottom of a deep neural network, making it deeply bidirectional.

A visualization of BERT’s neural network architecture compared to previous state-of-the-art contextual pre-training methods is shown below. The arrows indicate the information flow from one layer to the next. The green boxes at the top indicate the final contextualized representation of each input word:
BERT is deeply bidirectional, OpenAI GPT is unidirectional, and ELMo is shallowly bidirectional.
The Strength of Bidirectionality
If bidirectionality is so powerful, why hasn’t it been done before? To understand why, consider that unidirectional models are efficiently trained by predicting each word conditioned on the previous words in the sentence. However, it is not possible to train bidirectional models by simply conditioning each word on its previous and next words, since this would allow the word that’s being predicted to indirectly “see itself” in a multi-layer model.

To solve this problem, we use the straightforward technique of masking out some of the words in the input and then condition each word bidirectionally to predict the masked words. For example:
While this idea has been around for a very long time, BERT is the first time it was successfully used to pre-train a deep neural network.

BERT also learns to model relationships between sentences by pre-training on a very simple task that can be generated from any text corpus: Given two sentences A and B, is B the actual next sentence that comes after A in the corpus, or just a random sentence? For example:
Training with Cloud TPUs
Everything that we’ve described so far might seem fairly straightforward, so what’s the missing piece that made it work so well? Cloud TPUs. Cloud TPUs gave us the freedom to quickly experiment, debug, and tweak our models, which was critical in allowing us to move beyond existing pre-training techniques. The Transformer model architecture, developed by researchers at Google in 2017, also gave us the foundation we needed to make BERT successful. The Transformer is implemented in our open source release, as well as the tensor2tensor library.

Results with BERT
To evaluate performance, we compared BERT to other state-of-the-art NLP systems. Importantly, BERT achieved all of its results with almost no task-specific changes to the neural network architecture. On SQuAD v1.1, BERT achieves 93.2% F1 score (a measure of accuracy), surpassing the previous state-of-the-art score of 91.6% and human-level score of 91.2%:
BERT also improves the state-of-the-art by 7.6% absolute on the very challenging GLUE benchmark, a set of 9 diverse Natural Language Understanding (NLU) tasks. The amount of human-labeled training data in these tasks ranges from 2,500 examples to 400,000 examples, and BERT substantially improves upon the state-of-the-art accuracy on all of them:
Making BERT Work for You
The models that we are releasing can be fine-tuned on a wide variety of NLP tasks in a few hours or less. The open source release also includes code to run pre-training, although we believe the majority of NLP researchers who use BERT will never need to pre-train their own models from scratch. The BERT models that we are releasing today are English-only, but we hope to release models which have been pre-trained on a variety of languages in the near future.

The open source TensorFlow implementation and pointers to pre-trained BERT models can be found at http://goo.gl/language/bert. Alternatively, you can get started using BERT through Colab with the notebook “BERT FineTuning with Cloud TPUs.”

You can also read our paper "BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding" for more details.

Google finally adds consumer customer support with Google One


You may recall my tale of woe from last year when I recounted how I was locked out of my Google account for a month. It was a tough time, made all the more frustrating because there wasn’t any customer support to contact. That is changing for Google One users though, and it’s about time.

I received an email this week from Google informing me that my paid Google storage had been upgraded to Google One, Google’s freshly designed storage options announced last May. It comes with twice the storage, giving me two terabytes for the same $9.99 per month I was paying for one. It allows me to share my generous storage allotment with my family members, but the thing that really caught my eye was actual customer support.

With Google One, which is available for as little as $1.99 per month for 100 gigs of storage, everyone has access to actual customer support where they can talk to someone, who can (presumably) help them with issues like password recovery.

Brandon Badger, who is Google One product manager, says this is a critical component of the new storage package. “Support is important to us, we want people using our products to have a great experience and get questions or issues addressed in a timely manner,” Badger told TechCrunch. He added that users with paid storage plans often use many other Google products and services and this provides a way for customers to get answers to problems they have across the Google cloud ecosystem.

Photo: Google

Obviously, this long overdue and something that G Suite customers, the business side of Google’s tools, have had for some time. This ability to contact a customer service organization shows a maturation of consumer cloud products that had been missing previously.

As a journalist, when I got locked out I was forced to use my contacts at Google PR to give me that help. After many attempts was able to get my account credentials back, but I have received dozens of emails since I wrote that article from other unfortunate souls who faced the same predicament as I did, but lacked the connections I had. Unfortunately, as much as I could empathize with their plight (how could I not?), there wasn’t much I could do other than refer them to Google. I wrote about my level of frustration in my post:

Once you have gone through the recovery protocol, what is a person supposed to do to get Google’s attention? They don’t have customer service, yet I’m paying for storage. They don’t have a reasonable system for navigating this kind of problem and they don’t have a sensible appeals process.

While I hope I never get locked out of my Google account again, I’m happy to know that if I do, that I and so many others like me, at least have someone to contact about it now. That’s no guarantee that our problems will be resolved, of course, but it’s at least a path to getting something done that hadn’t previously existed.


Read Full Article

Match says Bumble is dropping its $400M lawsuit, but this battle isn’t over


Bumble and Match’s ongoing legal battles are continuing today. According to a statement released by Match Group this morning, Bumble is dropping its $400 million lawsuit against Match, which had claimed Match fraudulently obtained trade secrets during acquisition talks. However, Bumble is preparing to refile its suit at the state level, we’re hearing.

If you haven’t been following, the two companies have been doing battle in the court system for some time after Match Group failed to acquire Bumble twice — once in a deal that would have valued it at over $1 billion.

Bumble claimed Match then filed a lawsuit against it to make Bumble appear less attractive to other potential acquirers. Match’s suit claims Bumble infringed on patents around things like its use of a stack of profile cards, mutual opt-in and its swiped-based gestures — things Tinder had popularized in dating apps.

Bumble subsequently filed its own lawsuit in March 2018, this one claiming that Match used acquisition talks to fraudulently obtaining trade secrets. It says this is not a countersuit, but its own separate suit. (This is the one being discussed today by the companies.)

Match says it wasn’t served papers for Bumble’s suit. But Bumble CEO Whitney Wolfe had said they delayed serving papers to give Match a chance to settle.

After a failure to settle, Bumble announced on September 24, 2018 that it would be serving Match, and shared news of its IPO plans. The $400 million suit claims Match had asked for “confidential and trade secret information” in order to make a higher acquisition offer for Bumble, but that no subsequent offer came as result.

Match says Bumble asked the courts to drop its lawsuit just a few weeks after this announcement, and believes the whole thing is just a PR stunt around Bumble’s IPO.

Match today says it’s not opposed to the lawsuit being dropped. But it is now seeking declaratory judgements that will force these issues to be litigated in the right forums, it says.

It points out that Bumble had filed its state petition in Dallas County, rather than respond with counterclaims to Match’s suit in the Western District of Texas — “less than 100 miles from Bumble’s Austin headquarters.”

It asked the case to be transferred to federal courts in the Western District, where its IP case is pending.

Now, Match says that Bumble is asking the courts to drop its claims against Tinder’s parent company.

“We’re not opposing their request to dismiss their own claims, but we’re seeking declaratory judgements that will force these issues to be litigated in the right forums,” says a Match spokesperson. “As we say in section 132 of the amended counterclaim: ‘Match will not simply wait until Bumble decides whether or not it wants to pursue these claims – likely in connection with Bumble’s next media blitz. Match intends to litigate these baseless allegations now, and Match intends to conclusively disprove them.'”

Bumble responded this morning by saying it plans to continue to defend its business against Match.

“Match’s latest litigation filings are part of its ongoing campaign to slow down Bumble’s momentum in the market. Having tried and failed to acquire Bumble, Match now seems bent on trying to impair the very business it was so desperate to buy,” a Bumble spokesperson says. “Bumble is not intimidated and will continue to defend its business and users against Match’s misguided claims.”

It declined to comment on how, but we understand that the change from a state court system to federal courts is in play here. Bumble wanted to litigate at the state level, which means it has to dismiss its claims in the federal courts. Match could then accurately say Bumble’s lawsuit is being dropped, but that doesn’t necessarily mean Bumble’s plans have changed.

We understand that Bumble is now preparing to refile its case in the state court system, but it hasn’t done so yet.


Read Full Article

Match says Bumble is dropping its $400M lawsuit, but this battle isn’t over


Bumble and Match’s ongoing legal battles are continuing today. According to a statement released by Match Group this morning, Bumble is dropping its $400 million lawsuit against Match, which had claimed Match fraudulently obtained trade secrets during acquisition talks. However, Bumble is preparing to refile its suit at the state level, we’re hearing.

If you haven’t been following, the two companies have been doing battle in the court system for some time after Match Group failed to acquire Bumble twice – once in a deal that would have valued it at over $1 billion.

Bumble claimed Match then filed a lawsuit against it to make Bumble appear less attractive to other potential acquirers. Match’s suit claims Bumble infringed on patents around things like its use of a stack of profile cards, mutual opt-in, and its swiped-based gestures – things Tinder had popularized in dating apps.

Bumble subsequently filed its own lawsuit in March 2018, this one claiming that Match used acquisition talks to fraudulently obtaining trade secrets. It says this is not a countersuit, but its own separate suit. (This is the one being discussed today by the companies.)

Match says it wasn’t served papers for Bumble’s suit. But Bumble CEO Whitney Wolfe had said they delayed serving papers to give Match a chance to settle.

After a failure to settle, Bumble announced on September 24, 2018 that it would be serving Match, and shared news of its IPO plans. The $400 million suit claims Match had asked for “confidential and trade secret information” in order to make a higher acquisition offer for Bumble, but that no subsequent offer came as result.

Match says Bumble asked the courts to drop its lawsuit just a few weeks after this announcement, and believes the whole thing is just a PR stunt around Bumble’s IPO.

Match today says it’s not opposed to the lawsuit being dropped. But it is now seeking declaratory judgements that will force these issues to be litigated in the right forums, it says.

It points out that Bumble had filed its state petition in Dallas County, rather than respond with counterclaims to Match’s suit in the Western District of Texas – “less than 100 miles from Bumble’s Austin headquarters.”

It asked the case to be transferred to federal courts in the Western District, where its IP case is pending.

Now, Match says that Bumble is asking the courts to drop its claims against Tinder’s parent company.

“We’re not opposing their request to dismiss their own claims, but we’re seeking declaratory judgements that will force these issues to be litigated in the right forums,” says a Match spokesperson. “As we say in section 132 of the amended counterclaim: ‘Match will not simply wait until Bumble decides whether or not it wants to pursue these claims – likely in connection with Bumble’s next media blitz. Match intends to litigate these baseless allegations now, and Match intends to conclusively disprove them.'”

Bumble responded this morning, by saying it plans to continue to defend its business against Match.

“Match’s latest litigation filings are part of its ongoing campaign to slow down Bumble’s momentum in the market. Having tried and failed to acquire Bumble, Match now seems bent on trying to impair the very business it was so desperate to buy,” a Bumble spokesperson says. “Bumble is not intimidated and will continue to defend its business and users against Match’s misguided claims.”

It declined to comment on how, but we understand that the change from a state court system to federal courts is in play here. Bumble wanted to litigate at the state level, which means it has to dismiss its claims in the federal courts. Match could then accurately say Bumble’s lawsuit is being dropped, but that doesn’t necessarily mean Bumble’s plans have changed.

We understand that Bumble is now preparing to refile its case in the state court system, but it hasn’t done so yet.


Read Full Article

Vince Staples has fun with Google Maps in new video


Vince Staples’ latest record FM! drops today on Def Jam records — that’s some very good news from one of the best and brightest rappers in the game today. Staples is celebrating the release by giving us a glimpse into his home of North Long Beach, California (Norfy, as it were) the same way we all experience the world these days: Google Maps.

The video for the single “Fun” — which also features Oakland hip-hop mainstay E-40 — captures the idiosyncrasies of Google’s Street View right down to the blurry transitions. The novel execution aside, things captured by the fictional Street View car are tellingly not always as positive as the track’s three-word title implies. The shots culminate with arrest of three youths on bicycles and retaliation against the camera that brings to mind a recent Douglas Rushkoff title.

It’s a well-executed video for a great track from one of the most dynamic voices in hip-hop today. Just maybe don’t listen with the sound on at work.


Read Full Article

‘World of Warcraft: Classic’ demo limited to 60 minutes of playtime


Put away the Jolt, Blizzard is limiting the time gamers will be able to play the World of Warcraft: Classic demo. Basically, after playing for an hour, players will be logged off and will have to wait 60 minutes before resuming for another hour. The goal is to ensure a mass of players do not crash the servers, which, honestly, if the services crashed randomly, would be the most classic thing Blizzard could do to recreate the original WoW experience.

In a forum posting Blizzard says it hopes to lift the session limits as soon as possible.

Here’s some examples Blizzard provided to illustrate the session limits.

• If you play for 30 minutes and then log off for 60 minutes, when you come back you’ll have a fresh 60 minutes.
• If you play for 60 minutes, you’ll be disconnected and then have to wait 30 minutes before you can play again.
• If you play for 20 minutes, log off for 20 minutes, then play 40 more minutes, you’ll be logged off and wait 10 more minutes.

Blizzard previously stated the demo players would start out at level 15. The goal is to provide players ample time to feel out the different classes and the best way to do that is with a character with an established skill tree. However, characters are capped at level 19 and will not roll over to the full game once the demo is complete so enjoy it while it lasts.


Read Full Article

Apple News will launch a real-time election results hub on November 6


Apple is preparing to launch a new way for its customers to track election results. The company, on 8 PM ET on November 6, will swap out the existing Midterm Elections section in the Apple News app, and replace it with a new Election Night section instead. This section will also replace Apple News’ Digest tab at the bottom-center of the app, in order to lead users directly to the special section where they’ll be able to track the live results, updates on key races, latest developments and more.

The company is partnering with the Associated Press for its real-time election results, as do many news organizations thanks to AP’s history and experience with verifying results.

Here, Apple will use that AP data to inform a number of dynamic infographics as well as offer a complete list of federal election results in every state, including House and Senate seats.

These results will update every minute, or you can just “refresh” the page manually to force the update at any time.

If the balance of power in either the House or the Senate is determined by way of the incoming results, Apple News will publish a special alert at the top of the feed and a pop up notification, as well.

The Key Races section, meanwhile, offers another set of live updating infographics, showing the live results from the most interesting House, Senate or Gubernatorial races.

Another section will focus on the latest developments – meaning breaking news headlines and stories related to election night coverage. This will feature news from a variety of sources including Axios, Politico, The Washington Post, Fox News, CNN, The New York Times, CBS, and others.

CBS News, CNN, and Fox News will also contribute video clips to the Election Night hub, while ABC will offer a live video feed. Another live video feed from NBC News will appear in a widget alongside the Live Results infographic.

Apple says users won’t have to authenticate with their TV provider on election night to watch the videos in the hub.

A diversity of news sources was important to Apple, which wanted to have a range of options for people to read, as well as a way to present the news so people could see how it’s being processed across the ideological spectrum.

More importantly, all the news coverage in the hub isn’t being driven by algorithms. For Apple News’ team, Election Night is an all-hands-on-deck type of situation involving real human editors. In fact, human editorial oversight is a key difference between Apple’s approach to news aggregation and curation, compared with competitors like Google, Twitter and Facebook – all of which have come under fire for their outsized roles in the spread of information, and, at times, disinformation.

Apple has been taking the opposite approach, by staffing up an editorial team of former journalists, insteading of leaving news curation to technology.

Apple News is available across iPhone, iPad, and as of this year, Mac devices.

 

 

 


Read Full Article

5 Tools to Download or Capture Streaming Video From Any Website


video-downloader

Most of today’s internet traffic is spent streaming online video, with YouTube taking up a massive chunk. Over 400 hours of video content is uploaded to YouTube every minute, and YouTube has greater reach in the 18-49 demographic than even cable TV.

And then you have to consider other video streaming sites like Vimeo, Dailymotion, Metacafe, Twitch, etc. That’s a lot of data flowing around—and if your ISP caps your monthly data allowance, then all this video streaming can be expensive.

The solution is to capture or download online videos to watch offline, allowing you to re-watch as many times as you want without wasting data. Here are some of the best tools for capturing and downloading streaming video so you can watch them offline.

1. Video DownloadHelper

download-online-video-downloadhelper

Available on: Chrome, Firefox.

Supported sites: YouTube, Facebook, Instagram, Vimeo, Dailymotion, Lynda, Twitter, Udemy, and hundreds of other sites.

Video DownloadHelper is easily one of the most useful browser extensions you’ll ever install. It’s even simpler to use than the above-mentioned VideoGrabby, but the downside (sort of) is that you have to install it on your browser. But if you download a lot of videos on a day-to-day basis, Video DownloadHelper is definitely worth it!

The extension adds a button next to your browser’s address bar. Whenever you come across an online video, just click the button to download any video on the current page.

2. 4K Video Downloader

capture download online streaming video 4k video downloader

Available on: Windows, Mac, Linux.

Supported sites: YouTube, Facebook, Vimeo, Flickr, Dailymotion, and several other sites.

4K Video Downloader is the simplest and most straightforward tool. We recommend it if you want a no-hassle option that requires a close to zero effort on your part.

Just copy the URL of an online video and paste it into 4K Video Downloader. You can paste links to YouTube playlists or YouTube channels to download every video available, and you can even subscribe to YouTube channels and auto-download new videos as they’re made available. You can also download the annotations and subtitles in YouTube videos.

Video downloads are available in 8K, 4K, 1080p, or 720p as long as the source video was uploaded at that resolution, of course. Videos can be downloaded in MP4, MKV, and FLV formats. Or you can download only the audio portion in MP3 or M4A formats. (What’s the difference between MP3 and MP4?)

3. Freemake Video Downloader

download-online-video-freemake

Available on: Windows.

Supported sites: YouTube, Facebook, Liveleak, Veoh, Vimeo, Dailymotion, and dozens of other sites.

Freemake Video Downloader is one of the most popular video downloading tools out there. It’s completely free, easy to use, and relatively flexible as far as quality and format options are concerned. The one big downside is that it’s only available on Windows.

Videos can be downloaded in a handful of formats, including AVI, FLV, MKV, MP4, and WMV. Videos can also be downloaded in MP3 format if you only want the audio portion. The actual process only requires the URL of the video—just copy and paste it in.

4. JDownloader

download-online-video-jdownloader

Available on: Windows, Mac, Linux.

Supported sites: Nearly any site with streaming video.

JDownloader is like Freemake Video Downloader but with a twist. You take the URL of any page that has a streamed video on it, paste it into the app, and it will scan the page for all the videos it can detect. You get to pick which of the detected videos you want to download.

The nice thing about JDownloader is that you don’t need the direct URL of a specific video. Take a MakeUseOf article with five embedded videos, for example, and all them will be detected. This makes it very easy to capture several different videos at once.

Bundleware warning!
When you run the installer, you’ll come across a page that offers to install “Bing Search” or something else. On this page, the buttons will change to Decline and Accept. Make sure you click Decline! This will prevent bundleware from being installed on your system.

5. youtube-dl

Available on: Windows, Mac, Linux.

Supported sites: YouTube, Facebook, HBO, Metacafe, Vimeo, Dailymotion, and thousands of other sites.

youtube-dl is a tool for advanced users who are comfortable using the command line. If you prefer graphical interfaces, save yourself the headache and just use one of the ones listed above.

But if you’re okay with command line utilities, then youtube-dl offers the most flexibility of any video downloading tool. It’s complicated enough to have a non-trivial learning curve though, so prepare to read the documentation or else you’ll be lost.

You could also try youtube-dl-gui, which is an unofficial front-end user interface that’s available for Windows and Linux.

Features include several video selection and quality parameters, playlist processing, download rate limit, batch video downloading, automatic naming of files, inclusion of ads (currently experimental), and downloading subtitles (for sites like YouTube).

The following formats are supported: 3GP, AAC, FLV, M4A, MP3, MP4, OGG, WAV, and WEBM.

A Last Resort for Capturing Online Videos

If you encounter a video that isn’t supported by any of the above tools, the last resort is to play the video in fullscreen mode and record your screen as it plays. It’s not a perfect solution, but it works when nothing else does.

Check out our favorite screen recorder apps to get started. If you can get the direct URL of an online video, you can also use VLC to play and record online videos as a kind of streaming video recorder.

Read the full article: 5 Tools to Download or Capture Streaming Video From Any Website


Read Full Article

Apple Watch Series 4: The Undisputed King of Smartwatches

US Citizen Voter Records Hacked and Now for Sale on the Dark Web


cwa-informed-voter

So much is going on every month in the world of cybersecurity, online privacy, and data protection. It’s difficult to keep up!

Our monthly security digest will help you keep tabs on the most important security and privacy news every month. Here’s what happened in October.

1. Millions of US Voter Records for Sale on Dark Web

The dark web always has “interesting” goodies up for sale. In October 2018, security researchers at Anomali and Intel 471 found 35 million US voter records up for sale. The records, from 19 US states, include full names, phone numbers, physical addresses, voting histories, and other voter-specific information.

State voter registration lists aren’t entirely secret to begin with. Political campaigns, academics, and journalists can request voter registration information, so long as the records are not for commercial use or republished online.

However, in this instance, Anomali note that “When these lists are combined with other breached data containing sensitive information, e.g., social security number and driver’s license, on underground forums it provides malicious actors with key data points for creating a target profile of the US electorate.”

Particularly interesting is the claim from the seller that they “receive weekly updates of voter registration data across the states and that they receive information via contacts within the state governments.” The revelation suggests that the information is targeted, rather than the result of a leak.

Unfortunately, this isn’t the first leak of US voter record information. Back in 2015, the records of some 191 million US voters hit the internet. The database was exposed for several days and contained similar data to October’s leak.

The affected states are: Georgia, Idaho, Iowa, Kansas, Kentucky, Louisiana, Minnesota, Mississippi, Montana, New Mexico, Oregon, South Carolina, South Dakota, Tennessee, Texas, Utah, West Virginia, Wisconsin, and Wyoming.

2. Google Chose Not to Inform Users of Breach

One of the news stories from October was the death knell for Google’s social media platform, Google+. Google+ never managed to compete with Facebook or Twitter; even after Google forced millions of users to create accounts to post comments to YouTube.

The final nail in the coffin proved not to be the astoundingly short user interaction time with the platform. No. It was the revelation that the private data of Google+ users was left exposed for years—and Google did absolutely nothing about it.

The leak contained data for nearly 500,000 users. Google confirmed the leak includes names, email addresses, dates of birth, gender, occupation, places lived, relationship status, and profile pictures.

While this combination isn’t the end of the world, it’s still enough to attempt to create targeted phishing emails or force entry into other sites using password reset mechanisms.

The biggest news to come from the leak isn’t the exposure of private data, but rather that Google chose not to take the leak public. A memo leaked to the Wall Street Journal suggests that “Internal lawyers advised that Google wasn’t legally required to disclose the incident to the public.”

It is a bad look for Google, that’s for sure. What else are Google potentially hiding or covering up because the revelation would harm its business practices?

3. Torii Modular Botnet Is More Advanced Than Mirai

The phenomenally powerful Mirai botnet hit the headlines after staging consecutive record-breaking DDoS attacks. But a new modular botnet named Torii (because the initial researcher found his honeypot attacked from 52 Tor exit nodes) has built upon the foundations of Mirai, and taken attacks one step further.

But while Torii derives from Mirai, it would be wrong to say they are the same.

Torii stands out for a few reasons. One, unlike other Mirai derivatives, it doesn’t “do the usual stuff a botnet does like DDoS, attacking all the devices connected to the internet, or, of course, mining cryptocurrencies.” The Avast blog entry continues: “Instead, it comes with a rich set of features for exfiltration of (sensitive) information, modular architecture capable of fetching and executing other commands and executables and all of it via multiple layers of encrypted communication.”

Like other modular malware variants, Torii works in several stages. Once installed on a system, it checks the system architecture before dialing home to a command and control server for an appropriate payload. Architecture-specific payloads include ARM, x86, x64, MIPS, PowerPC, and more.

The secret to its success is undoubtedly its versatility. By attacking a huge range of platforms, shutting Torii down is incredibly difficult.

4. Cathay Pacific Suffers Huge Data Breach

Cathay Pacific has suffered a data breach exposing the private data of over 9.4 million customers.

The hack contains the information of 860,000 passport numbers, 245,000 Hong Kong ID card numbers, 403 expired credit card numbers, and 27 credit card numbers without a CCV verification code.

Other stolen data includes passenger names, nationalities, date of birth, email address, home address, and phone numbers, as well as other airline specific information.

Cathay Pacific Chief Executive Officer Rupert Hogg apologized to the airline’s customers, saying, “We are very sorry for any concern this data security event may cause our passengers. We acted immediately to contain the event, commence a thorough investigation with the assistance of a leading cybersecurity firm, and to further strengthen our IT security measures.”

The Cathay Pacific hack, however, firmly puts British Airway’s September data leak into perspective. BA immediately alerted customers to the hack and didn’t lose any passport numbers. The Cathay Pacific hack took place between March and May of this year. However, customers are only just finding out about the severity of the breach now.

If you’re just finding out, here’s how to check if anyone is trying to hack your online accounts.

5. 4-Year Old Libssh Vulnerability Discovered

Secure Shell implementation libssh has a four-year-old vulnerability affecting thousands of websites and servers around the globe. The vulnerability was introduced in the libssh version 0.6 update, released way back in 2014. It is unclear as to exactly how many sites are affected, but the internet-connected device search engine, Shodan, shows more than 6,000 results.

Rob Graham, CEO of Errata Security, says the vulnerability “is a big deal to us but not necessarily a big deal to the readers. It’s fascinating that such a trusted component as SSH now becomes your downfall.”

Positively, the major sites that use libssh appear unaffected. Perhaps the largest site is GitHub. However, GitHub security officials tweeted that they use a customized version of libssh for GitHub and GitHub Enterprise, so are unaffected by the vulnerability. Furthermore, it is important to note that this vulnerability does not affect OpenSSH or the similarly named libssh2.

Current advice is to patch any libssh devices immediately to version 0.7.6 or 0.8.4.

6. Hackers Target Fortnite Players With V-Bucks Scams

Fortnite is one of, if not the most popular video game in the world right now. The off-the-wall free-to-play battle royale-style game attracts over 70 million monthly players—and hackers have taken note. (Parents, your kids are playing Fortnite!)

Research from ZeroFOX suggests that hackers are targeting Fortnite’s in-game currency, V-Bucks. Players use V-Bucks to purchase cosmetic items for their in-game avatar. Despite the game being free, estimates suggest Fortnite is earning over $300 million per month for developers Epic Games.

Hackers run scam-sites advertising “Free Fortnite V-Bucks Generators” to trick unsuspecting victims into revealing their personal information, such as in-game credentials, credit card data, and home addresses.

“Games with a microeconomy, especially Fortnite, are prime targets for attackers to leverage their security attacks, scams and spam against,” said Zack Allen, director of threat operations at ZeroFOX. “These economies are a great way to make money without attracting too much attention to yourself because of the lack of regulation and the nuances of the economy (try describing a ‘V-Buck’ to any local law enforcement officer, you most likely will get a blank stare).”

It isn’t the first time Fortnite has come under security-scrutiny. In April 2018, Epic Games announced they wouldn’t use the Google Play Store for the Fortnite Android version. Refusing to use the Google Play Store means players lose out on the security offered by Google. You can check out how to safely install Fornite on Android right here.

October 2018 Security News Roundup

Those are seven of the top security stories from October 2018. But a lot more happened; we just don’t have space to list it all in detail. Here are five more interesting security stories that popped up last month:

  • IBM acquired Red Hat in a deal worth over $30 billion.
  • The Pentagon was hit with a security breach exposing 30,000 employees.
  • Ethical hackers uncovered 150 vulnerabilities in the US Marine Corps Enterprise Network.
  • Facebook is searching for a cybersecurity company acquisition to boost security and data protection.
  • Kaspersky Labs found the NSA DarkPulsar exploit in attacks against Russian, Iranian, and Egyptian nuclear targets.

Cybersecurity is a constantly evolving whirlwind of information. Keeping on top of the malware, data protection, privacy issues, and data breaches is a full-time job—that’s why we round up the most important news for you each month.

Check back at the beginning of next month for your November 2018 security roundup. In the meantime, check out exactly how artificial intelligence will fight modern hackers.

Read the full article: US Citizen Voter Records Hacked and Now for Sale on the Dark Web


Read Full Article

The 10 Best Chinese Shopping Sites That Ship to the US


chinese-shipping-usa

Most internet users will be familiar with AliExpress, but it’s far from being the only Chinese website that ships to the US. While you might not be able to find luxury items from the world’s top brands, Chinese shopping sites are great for cheap electronics, basic clothing, and items for around the home.

Here are the best Chinese shopping sites that ship to the United States.

1. AliExpress

aliexpress homepage

AliExpress is arguably the most well-known Chinese commerce website. With revenues of $40 billion, it’s also the largest; it earns almost four times more money than eBay.

Unlike Amazon, AliExpress doesn’t sell any products itself. Instead, it’s an e-commerce platform; it connects you with third-party sellers. The sellers are predominantly based in China, but there are also vendors in other South-East Asian countries.

Many vendors offer free shipping, but deliveries will take longer to arrive. You can also use DHL, UPS, FedEx, and other international couriers.

If you’re thinking about making a purchase on AliExpress, make sure you check out our guide to avoiding scams on the service before you hit the “Buy” button.

2. Banggood

Banggood Chinese Shopping Site

We spoke about Banggood when we reviewed the best sites for buying cheap electronics. Although electronics is the site’s main focus, you will also find sports equipment, fashion accessories, jewelry, and health products.

The business itself has been around since 2004, making it one of the older Chinese sites that ships to the United States.

Orders above $25 qualify for free shipping. Again, however, be warned that free deliveries can take a long time to arrive. We’re talking months, not weeks.

Banggood is well-blessed when it comes to payment methods. Credit cards, wire transfers, and PayPal are all supported, as are a host of third-party options like iDEAL and Dotpay.

3. GearBest

gearbest homepage

GearBest is much newer than the two sites we have looked at so far. It has only existed since 2014.

The site has close ties with Chinese smartphone manufacturer Xiaomi and offers much better deals on the company’s products than you would be able to find in a domestic store.

Other categories that the site covers include Baby and Kids, Home and Garden, Appliances, and Electrical and Tools.

GearBest is also great for non-US residents. The only two countries that it will not ship to are Palestine and South Sudan.

The site offers four shipping methods: unregistered, registered, priority, and expedited shipping. American residents can use all four plans. Unregistered shipping is free and takes up to 40 days. The price of the fastest option—expedited—is calculated by weight. It takes three to seven days.

GearBest does have US-based warehouses which can significantly reduce the time and improve the security of non-registered deliveries.

4. DHgate

dhgate homepage

Headquartered in Beijing, DHgate is primarily a fashion site (though it does have some limited electronic and home items available). If you’re looking for cheap shoes, wedding outfits, watches, hair and grooming products, or bags, DHgate should be your first port of call.

The site ships worldwide. If you live in the United States, you can use DHL or one of DHgate’s many local couriers. DHL should get your order to you within a week. Some of the lesser-known carriers such as China Post Air and Singapore Post can take more than a month.

5. YesStyle

yesstyle homepage

Sticking with the fashion theme, YesStyle sells menswear, womenswear, childrenswear, and lifestyle products. You’ll find everything from maternity clothes to cosplay outfits.

Unlike some of the other sites in this list, YesStyle sells mainstream brands. However, they are predominantly Japanese and Korean labels, so may not be instantly familiar to western audiences.

People who have a particular fondness for fashion in Japan and Korea will like the site; it has sections dedicated to the latest looks in each country.

If you spend more than $35, you will qualify for free shipping.

6. LightInTheBox

lightinthebox homepage

LightInTheBox, along with sister site MiniInTheBox, ships to more than 200 countries around the world. It sells products across three core categories: clothing, small gadgets, and home and garden.

The company was founded in 2007 and has gone from strength to strength. In 2013, it even listed on the New York Stock Exchange.

You can choose from several shipping options, all of which charge by weight. There is no free shipping. If you want to use a courier, LightInTheBox offers DHL, UPS, FedEx, and TNT.

7. Shein

shein homepage

Shein specializes in women’s fashion, though there are also some menswear and children’s products available.

The site is a great way to find outfits for specific looks; the products are sub-categories into styles such as Preppy, 90s Grunge, Faux Fur, Elegant, and so on. The site also has a considerable array of plus size outfits.

Shein only offers standard shipping and express shipping to the United States. Standard shipping costs $3.99 per order. If you order exceeds $49, shipping is free. Express shipping costs $12.90 but is free on orders above $99.

Residents of Puerto Rico, Hawaii, and Alaska cannot use the express option.

Note: If you would like some fashion advice, check out our list of apps that can help you choose which outfit to wear.

8. GeekBuying

lightinthebox homepage

GeekBuying is an electronics store. You’ll find Android phones, streaming boxes, wearables, smart security systems, tablets, and more. Like GearBest, it offers exclusive rates on Xiaomi smartphones.

The site also has some “fun” electronics. For example, there’s a section dedicated to remote control cars and another dedicated to electric scooters.

If you visit the site, make sure you check the Flash Deals section on the right-hand side of the page. You’ll find incredible bargains on products such as tablets, fitness bands, and TVs.

Shipping is free if you use standard delivery. DHL and TNT are also available.

9. RCMoment

RCMoment has a very specific focus—remote-controlled devices. You’ll find gadgets like drones, cars, boats, planes, and robots.

The site has great deals on the DJI Mavic Air drone, which we loved when we reviewed the product back in February 2018.

Some products qualify for free shipping. If you want the fastest shipping, head to the US Warehouse section of the sites to see which products are already held on American soil.

10. DealExtreme

dealextreme homepage

DealExtreme is up there with AliExpress in terms of popularity. It’s been in operation since 2006 and ships its products straight from its Hong Kong warehouse.

Almost all the products are electronic. The breadth of products is impressive; you’ll find everything from glucose monitors to tattoo guns.

The site also sells a lot of branded products. There are devices from SanDisk, Lenovo, Sony, Asus and more.

DealExtreme offers free worldwide shipping on all its items. You can ship express with couriers for an added fee.

Where Else Can You Find Great Deals Online?

To find more companies that sell quality products for a bargain price, check out our article on the best sites for deals on video games and our list of sites that offer better deals than eBay.

Read the full article: The 10 Best Chinese Shopping Sites That Ship to the US


Read Full Article

5 Windows 10 Bugs to Avoid in the October 2018 Update


Windows updates are never easy, but with Windows 10 we’re entering new territory. Not a single major update for this version of Microsoft’s operating system has gone by without making headlines.

With the Windows 10 version 1809 (“October 2018”) update, things are looking worse than ever before. Here are five bugs you might have had with Windows Update, as well as how to avoid them.

1. The Windows 10 Update Deletion Bug

Although you’ll find many new features in the Windows 10 October 2018 update some bad bugs have also been included. Probably the most famous and widely experienced bug is the accidental deletion of data.

Your data.

As Microsoft informed users on its support site:

“We have paused the rollout of the Windows 10 October 2018 Update (version 1809)* for all users as we investigate isolated reports of users missing some files after updating.”

When Microsoft refers to “some files”, it means personal data, saved files, and other documents saved to your personal profile.

Unfortunately, this didn’t come as a complete surprise to some. Previous updates (such as February 2018) had a small number of similar issues, and it seems little was done to investigate the cause of these deletions. At the time of writing, weeks after the update was released (and subsequently paused) there is no solution.

If you were prepared, a backup of your data could be installed. Meanwhile, if you’re particularly lucky, the Windows System Restore tool will have created a restore point that you can return to. If this is working correctly, your data files will be restored.

2. HP Users Get BSOD After October Update

Once upon a time, the Blue Screen of Death (BSOD) haunted Microsoft Windows users. It would typically appear following memory or driver errors and necessitated a reboot of your PC. With the release of Windows 8, it became far less common, but it isn’t gone completely.

Affecting HP machines, this new occurrence of the BSOD was linked to a keyboard driver, HpqKbFiltr.sys. This has since been fixed, with users encouraged to remove the driver. The driver has also been dropped from Windows Update.

There are two ways to deal with this. The first is to hope Windows reboots and runs long enough for you to manually delete the driver. Begin by clicking Start and entering Device Manager in the search box. Then click the first result.

Here, expand Keyboards, looking for the HP keyboard driver. Right-click and select Properties > Driver to check the version—you’re looking for version 11.0.3.1. If you find it, click Roll Back Driver and wait for the previous driver to be reinstated.

If this doesn’t work for you, a Windows Recovery is required to reset your system.

A similar issue has hit machines from Dell. Checking the website of your computer’s manufacturer for Windows Update-related issues is a good idea.

3. Brightness Control Problems on Surface Go Tablets

Even owners of Microsoft-produced hardware have been hit by Windows 10 Update issues. The Surface Go tablet (a budget version of the Surface Pro) has been hit by problems with the display brightness.

A firmware update has been released for the Surface Go, although you can try restarting your tablet or reinstalling the Intel graphic drivers first.

Dell XPS laptops have been similarly affected, and again, this isn’t the first time that a bug from a Windows Update has been spotted in earlier releases or on an Insider Preview release. Dell users should try reinstalling the graphic drivers to fix this.

4.Zip Tool Overwrites Older Versions

While many people use third-party tools to create and unpack ZIP archives, Windows has its own built in utility. Unfortunately, with the Windows 10 October 2018 Update, this has stopped working correctly.

The usual behavior for this tool when extracting archives is that it will check for previous versions of the files. It then informs you, asking for confirmation to overwrite.

Thanks to the October 2018 update, however, this action has vanished. Instead, files are simply overwritten. Worse still, it seems that it’s another example of an older bug that has been overlooked or ignored by Microsoft.

While this may not affect that many users, it remains an annoying problem with the update. Looking for a solution to this? Use a third-party ZIP utility, such as WinZIP or 7-ZIP.

5. Font Substitution Doesn’t Work

This is the bug that perhaps highlights just how shoddy this whole situation is. Font substitution is a system where the correct Unicode character is displayed when entering text. When it breaks, however, any input or displayed text just looks a total mess.

Specifically, the characters are the black and white star symbols, known officially as Unicode 2605 and Unicode 2606. These no longer appear as intended, but as empty rectangles.

Nothing says “this operating system is dud” better than something as simple as broken font substitution.

While Microsoft Office is unaffected, older apps that rely on the Windows 10 OS to perform font substitution look ridiculous. If you want to fix this manually, switching to a different font in Windows (and hoping for the best) is your best option.

Oh, and it’s a bug that was reported at least two months before the October 2018 release.

How to Avoid Windows Update Bugs

These bugs range from devastating to frustrating, and really shouldn’t be happening to a software publisher with a 40-year legacy.

You’ve probably spotted the pattern of bugs having been reported before the update was released, and it’s worth noting that in 2014, Microsoft abandoned in-house software testing for Windows 10 in favor of crowdsourcing bugs via the Windows Insider evaluation program.

That business decision doesn’t seem to be working out so well, does it?

So, what is the answer? Well, until things settle down, it’s a good idea to avoid installing the update. Thanks to how Windows Update works in Windows 10, however, this is easier said than done. There is no simple “disable updates” button.

What you can do, however, is employ some of the other features to delay updates. We’ve looked at seven ways to delay Windows 10 updates, so try one of these methods to avoid updating. Eventually, the update issues will be resolved, and it will be safe to upgrade. Having said that, it might be worth delaying future updates as well…

Read the full article: 5 Windows 10 Bugs to Avoid in the October 2018 Update


Read Full Article

7 iCloud Mail Tips for Better a Email Experience


icloud-mail-tips

Apple hands out free email addresses with every new Apple ID registered. It might not be the powerhouse that is Gmail, but iCloud Mail is still a useful email service to have at your disposal.

If you already use your iCloud Mail address, make sure you’re familiar with features like aliases and mail rules. If you’ve avoided using your iCloud address because you’re convinced it’s useless, these tips might change your mind.

1. Access Mail From Anywhere With iCloud.com

iCloud.com

Probably the best way to use iCloud Mail is through a browser. If you log in at iCloud.com using your Apple ID and select Mail, you get access to a few other features that a traditional mail client cannot provide (including Apple Mail).

This version of iCloud Mail has a decent search engine and filtering options at the bottom of the screen for only showing unread messages. You can also drag and drop messages into folders you have created in the left-hand sidebar.

Nearly all the other tips listed here rely on the web version of iCloud Mail. Unfortunately you can’t access this version from a mobile device, so you’ll need to log in from a desktop browser on your Mac or PC.

2. iCloud Mail Aliases Can Deal With Spam

iCloud Mail Alias

Aliases allow you to create up to three dummy @icloud.com email addresses. You will receive any email sent to these alias addresses until you decide to deactivate them. You can also filter your inbox by alias to remove unwanted messages from showing up.

Aliases provide a fairly useful barrier against spam (without needing a disposable email service). If you’re concerned about handing out your real email address when signing up for a service or entering a competition, you can hand over an alias instead. You’ll still be able to use the service or claim your prize, and you can disable the alias at a later date (or simply filter it out).

To create an alias, log in to iCloud.com and click Mail. Click on the cog icon in the bottom-left hand corner of the screen and select Preferences. Choose Accounts followed by Add an alias, then pick a suitable alias name. You can only register @icloud.com email aliases.

3. Create Rules for iCloud Mail

iCloud Mail Rules

Rules are one of the features that makes Gmail such a powerful mail client. These allow you to route mail to specific folders or skip the inbox altogether. You can filter by criteria like subject line, originating email address, or whether it’s addressed to one of your aliases.

You can create rules in iCloud Mail by logging into iCloud.com and clicking Mail. Next click on the cog icon in the bottom-left corner, then choose Preferences. Select Rules and click Add a Rule. Now set your incoming mail criteria followed by the desired action, then save it with Done.

These rules apply to all your devices going forward. That means that even though you can’t set up rules on your iPhone Mail client or in Apple Mail for macOS, iCloud will still adhere to these rules on the server side.

4. Send Large Files With Mail Drop

iCloud Mail Drop

Did you know you can send files up to 5GB in size using iCloud Mail? Using a feature called Mail Drop, iCloud Mail stores your file in the cloud and lets the recipient download it using a link contained in your email. Apple doesn’t state how big the maximum attachment is before Mail Drop kicks in. Any files you deliver using Mail Drop will only be available for download for 30 days.

You may need to turn on this feature before you can use it. Log in to iCloud.com and click Mail. Click on the cog in the bottom-left corner then choose Preferences. Under Composing, enable Use Mail Drop when sending large attachments.

To attach a file to your email message, simply drag and drop it onto your message while composing. You can also click on the Attach button (it looks like a paper clip) and select a file using this method. If email doesn’t cut it, check out a few other ways you can send large files.

5. Forward Mail Elsewhere

iCloud Mail Forwarding

One of the most useful mail rules is the ability to forward all incoming mail to another email address. This means you never have to check your iCloud mail, and can instead use it as an alias for your other accounts.

You can easily set this up using iCloud Mail rules. Log in to iCloud.com and click on Mail. Click on the cog icon in the bottom-left corner, then choose Rules. Under If a message choose is addressed to, then input your iCloud Mail email address in the first field.

In the next field under Then choose Forward to an Email Address and Mark as Read, then input the email address at which you want to receive your messages in the field below. Now all your incoming iCloud mail will be forwarded to your main email account.

Using Gmail, you can filter these incoming messages further. And if you’re using your iCloud Mail as an alias and start receiving spam, you can always delete this rule.

6. Set Up an Autoresponder in iCloud Mail

iCloud Mail Autoresponder

What’s an email client without an autoresponder? Apple’s iCloud Mail autoresponder is pretty barebones, but it gets the job done. You can’t set a daily autoresponder that kicks in while you’re out of the office, but you can set up a vacation autoresponder that replies to messages while you’re way.

Login to iCloud.com and click on Mail. In the bottom-left corner click on the cog followed by Preferences. Next click on Vacation, enable Automatically reply to messages when they are received, and input the dates during which you’ll be away.

Finally, add the message you want to send anyone who tries to contact you during this period.

7. Download Your Entire Mail History

Download iCloud Mail

If you want to download the entire contents of your iCloud Mail for archival purposes, you can do so by requesting a copy of your data from Apple. You could also configure a regular desktop email client to pull everything down, and then archive it using that instead.

To make a data request head to privacy.apple.com and log in with your Apple ID. Underneath Obtain a copy of your data, click Get started, then scroll to the bottom of the page and check iCloud Mail. If you want a copy of any other data, like your iCloud Drive contents, iCloud Photo Library, or personal data that Apple keeps on its servers, add it to the download.

Hit Continue, then specify a download size for the archive files Apple will deliver. Finally, hit Complete request and wait. Apple will take a few days to prepare the data, then you’ll get an email notifying you that your download is ready. You can then log back in to Apple’s privacy mini-site to start the download.

Not the Worst Email Service in the World

iCloud Mail is a no-frills email service, but it works well enough. The rules you set up are followed regardless of which device you use. Mail Drop is a genuinely useful way of sending large files. And if you’re not fond of Apple’s mail service, you can use it as another alias with automatic forwarding.

Using Apple Mail to access your iCloud Mail account? Check out our top Apple Mail tips for Mac users.

Read the full article: 7 iCloud Mail Tips for Better a Email Experience


Read Full Article

Why YouTube TV Is the Best Cable Replacement for Cord Cutters

The Zortrax Apoller safely smooths 3D prints


qZortraxApoller, a Smart Vapor Smoothing device that uses solvents to smooth the surface of 3D-printed objects. The resulting products look like they are injection molded and all of the little lines associated with FDM printing will disappear.

The system uses a microwave-like chamber that can hold multiple parts at once. The chamber atomizes the solvent, covering the parts, and lets the solvent do its work. Once its done it then sucks the excess vapor back into a collection chamber. The system won’t open until all of the solvent is gone, ensuring you don’t get a face full of acetone. This is an important consideration since this is sold as a desktop device and having clouds of solvent in the air at the office Christmas party could be messy.

“Vapor-smoothed models get the look of injection-molded parts with a glossy or matte finish depending on the filament used. With a dual condensation process, a 300ml bottle of solvent can be used for smoothing multiple prints instead of just one. This efficiency means that the combined weekly output of four typical FDM 3D printers can be automatically smoothed within one day without loss of quality,” the company wrote.

Given the often flimsy structural quality of FDM prints, this smoothing is more cosmetic and allows you, in theory, to create molds from 3D printed parts. In reality these glossy, acetone smoothed parts just look better and give you a better idea what the finished product – injection-molded or milled – will look like when all is said and done.


Read Full Article