Author: azeeadmin

Xiaomi, the Chinese company best known for budget phones, is betting big on a future of connected homes. It plans to plough at least 100 billion yuan, or $1.48 billion, into the so-called “AIoT” sector over the next five years, founder and chief operating office Lei Jun announced on Friday.

AIoT, short for “AI + IoT,” is an upgrade from devices connected to the internet, known as the Internet of Things. AIoTs are intelligent, run on automated systems and can learn from users’ habits, like lights that automatically turn on when you get home.

“We see a future where all home devices will be connected to the internet and controlled by voice. A wave of home appliances will be replaced by smart devices. There will be an AIoT network that infiltrates every second and scenario of people’s lives, collecting mountains of users, traffic and data,” said Lei in his annual address to employees.

The plan is to get all sorts of gadgets, not just handsets, onto Xiaomi’s operating system so the company can hawk services through these devices. The move comes as Xiaomi, the world’s fourth-largest smartphone vendor, copes a weakening market. Smartphone shipments in China were down more than 15 percent year-over-year in 2018, according to a government-backed research institute.

Phones remain strategically important to Xiaomi as it looks to lower-end phones for growth. On Thursday, the company announced it has split up (not spin out) its budget phone brand, Redmi, in hope of launching “red rice” — what Redmi means in Chinese — to Xiaomi’s “little rice” stardom. The strategy is similar to how Huawei operates sub-brand Honor for its line of cheaper phones.

Xiaomi’s new billion-dollar pledge is a continuation of a plan in 2013 to back 100 startups over the course of five years. These portfolio companies, in turn, helped make Xiaomi products, which now count 132 million total devices among which 20 million are active daily. Meanwhile, Xiaomi’s voice assistant Xiao Ai has hit 100 million installs.

These gadgets, along with an assortment of lifestyle products like suitcases and umbrellas, became the largest revenue driver for Xiaomi in the second quarter of last year, the company’s earnings report shows.

Xiaomi is in a land grab with other Chinese tech giants like Baidu to enter people’s homes. It’s becoming something akin to a department store, but it can’t make everything itself. Recently, the giant made a big push in TVs through a partnership with a veteran Chinese home appliance manufacturer. It’s also teamed up with IKEA on a 100 million yuan ($14.8 million) fund for third-party developers, which will enrich Xiaomi’s inventory as consumers in China may soon be able to buy many Xiaomi-powered furniture from the Swedish retailer.

Two months ago, NASA quietly fixed a buggy internal server that was leaking sensitive information about the agency’s staff and their work.

The leaking server was — ironically — a bug reporting server, running the popular Jira bug triaging and tracking software. In NASA’s case, the software wasn’t properly configured, allowing anyone to access the server without a password, Avinash Jain, an India-based security researcher who found the exposed server, told TechCrunch.

According to Jain’s writeup, some Jira instances can be misconfigured to allow “everyone” access without a password — including anyone on the internet — and not “everyone” within an organization, as some believe.

This was the case for NASA’s leaking server.

Jain found the leaking server in October exposing NASA staff usernames and email addresses and the projects they were working on. Because Jira contains information about bugs and issues within an organization, including works in progress, the server was also gave up what agency staff are working on and their upcoming milestones.

It’s not known if any classified information was on the Jira server, such as names or details of sensitive projects. Jain also said it’s not clear how how many NASA staff users were in the database as Jira limits searches to 1,000 queries at a time.

After he contacted NASA and CERT/CC, the vulnerability disclosure center at Carnegie Mellon University, the exposed server was fixed some three weeks later, he said.

NASA never responded to his private disclosure.

Although NASA has a page on HackerOne, a vulnerability reporting program, allowing researchers to email NASA of security issues, the agency doesn’t have a dedicated bug bounty program.

“I dropped [NASA] around five emails before it was fixed, and I was never informed that it was fixed,” he told TechCrunch.

CERT/CC latest expressed its “appreciation” for Jain privately reporting the bug.

This latest server lapse is yet another bruise for the U.S. space agency’s security posture — the fourth known incident this decade, after over a dozen hacks in 2011 alone and another sensitive data breach in 2016.

The latest breach was just before Christmas, in which the agency reported a data compromise affecting current and former NASA employees between July 2006 to October 2018. But CERT/CC told Jain in an email that there was “no evidence” his finding was related to NASA’s latest breach disclosure.

NASA was unable to comment during the government shutdown, according to an automated message on the agency’s press line.

The Fortnite community may be polite, but that doesn’t mean they’re getting the customer service they deserve. The Better Business Bureau gave Fortnite maker Epic Games an “F,” the lowest possible grade.

The Better Business Bureau, which is not a government agency but rather a national network of nonprofits that measures how well businesses handle dispute resolution and relays that information to customers, says that 247 of 271 BBB complaints filed in the last year have gone unanswered by Epic.

An Epic spokesperson told Kotaku that “Epic Games is not affiliated with the Better Business Bureau and has redirected all player submitted complaints from the BBB to our Player Support staff.”

Kotaku points out that the BBB isn’t necessarily above reproach. TIME reported in 2013 that the one branch of the BBB based in Los Angeles had been involved in a pay-to-play scheme:

While the BBB offers consumers many services—lists of popular scams to watch out for and such—the organization’s mission isn’t to have your back. From top to bottom, the BBB is funded by the annual dues paid by businesses it anoints with “accreditation,” which allows the companies to put those iconic BBB stamps of approval on their storefronts and websites. This fact raises obvious questions about an inherent conflict of interest: The organization’s customers are businesses, not taxpayers or consumers. How can the BBB serve as an honest broker between businesses and consumers when it is fully funded by one of these parties? Many argue that it cannot — that there’s a natural incentive to paint its paying clients in the best possible light.

Epic Games is not accredited with the Better Business Bureau.

Here’s what the BBB had to say about its rating for Epic Games:

Epic Games is the creator of a number of well-known games that have a global following; in addition to Fortnite and Infinity Blade, they make Unreal, Gears of War, and Shadow Complex. The company has grown significantly in the past twelve months, and their most popular game, Fortnite, currently boasts more than 6 million followers on Twitter. A majority of complaints submitted to BBB against Epic Games deal with customer service and refund or exchange issues. One complainant wrote, “Epic Games failed to protect customer security, resulting in several unsanctioned charges over mine and my partner’s account.” Another complainant added that, “There is no phone number or proper email response time to return my unauthorized charge of $160. Nobody will answer, and I feel cheated.”

Epic has also had issues with account hacking on Fortnite, which has led the company to incentivize two-factor authentication on accounts by offering a special emote.

Though we are moving to an increasingly digital age, with email, Twitter and live-chat customer service growing more prevalent, there are certain instances where customers may feel they need to speak to another human being about their issue. Account hacking and unauthorized charges are two such situations, and the Epic Games support page doesn’t list a phone number, but rather asks customers to look up their question within a support FAQ or email.

We reached out to Epic Games but haven’t heard back.

Amazon’s Dash buttons have been found to breach consumer ecommerce rules in Germany.

The push-to-order gizmos were debuted by Amazon in 2015, in an attempt by the ecommerce giant to shave friction off of the online shopping process by encouraging consumers to fill their homes with stick-on, account-linked buttons that trigger product-specific staple purchases when pressed — from washing powder to toilet roll to cat food.

Germany was among the first international markets where Amazon launched Dash, in 2016, along with the UK and Austria. But yesterday a higher state court in Munich ruled the system does not provide consumers with sufficient information about a purchase.

The judgement follows a legal challenge by a regional consumer watchdog, Verbraucherzentrale NRW, which objects to the terms Amazon operates with Dash.

It complains that Amazon’s terms allow the company to substitute a product of a higher price or even a different product in place of what the consumer original selected for a Dash push purchase.

It argues consumers are also not provided with enough information on the purchase triggered when the button is pressed — which might be months after an original selection was made.

Dash buttons should carry a label stating that a paid purchase is triggered by a press, it believes.

The Munich court has now sided with the group’s view that Amazon does not provide sufficient information to Dash consumers, per Reuters.

In a press release following the ruling, Verbraucherzentrale NRW said the judges agreed Amazon should inform consumers about price and product before taking the order, rather than after the purchase as is currently the case.

It also expressed confidence the judgement leaves no room for Amazon to appeal — though the company has said it intends to do so.

Commenting on the ruling in a statement, Verbraucherzentrale NRW consumer bureau chief, Wolfgang Schuldzinski, said: “We are always open to innovation. But if innovation is to put consumers at a disadvantage and to make price comparisons more difficult, then we use all means against them, as in this case.”

Amazon did not reply to questions about how it intends to respond to the court ruling in the short term, such as whether it will withdraw the devices or change how Dash works in Germany.

Instead it emailed us the following statement, attributed to a spokesperson: “The decision is not only against innovation, it also prevents customers from making an informed choice for themselves about whether a service like Dash Button is a convenient way for them to shop. We are convinced the Dash Button and the corresponding app are in line with German legislation. Therefore, we’re going to appeal.”

Lisbon, characterized occasionally by some tech scene observers as ‘the warm Berlin’, has been threatening to generate more startups in the last few years, not least because it will now have the enormous Web Summit conference there for the next 10 years, and because it’s a cheap and great place to live. But the startups appearing have not quite been as numerous as many would like.

It’s therefore fantastic to see a new VC fund appearing in the city, set up by three experienced stalwarts of the scene.

Indico Capital Partners VC has now completed its first closing of €41M out of the €46M of commitments from investors from eight different countries. The fund will be aimed at Iberian early stage startups (that means Spain and Portugal), but of course those in particularly those based out of Portugal.

The fund says it will invest typically between €150,000 and €5M per portfolio company over their lifetime – pre-seed to series A, plus follow-on rounds. They say the first Indico investments have already been concluded and will be announced soon.

It’s far and away the first sizable, independent and private early-stage, tech-focused fund to be based in Lisbon and will focus on investments in B2B SaaS, Artificial Intelligence, Fintech and Cybersecurity to Marketplaces and B2C Platforms.

The fund comprises of three partners: Managing General Partner, Stephan Morais (former head of the leading corporate VC Caixa Capital), General Partner Ricardo Torgal (also former Caixa Capital senior investor) and Venture Partner Cristina Fonseca (co-founder and shareholder of Talkdesk).

Collectively the team has in the past invested in Farfetch, Unbabel, Codacy and many other success stories originating from Portugal over the past 6 years, in addition to Talkdesk itself.

The EIF (European Investment Fund), is the cornerstone investor of Indico, and has been joined by 20 other institutional and individual investors such as the IFD (Instituição Financeira de Desenvolvimento) through the Portugal Tech facility, Draper Esprit (a major global quoted VC fund based in the UK), pension funds, education and research institutions, wealth managers, high net worth individuals and many local and international tech entrepreneurs.

The fund is supported by InnovFin Equity, with the financial backing of the European Union under Horizon 2020 Financial Instruments and the European Funds for Strategic Investments (EFSI) set up under the Investment Plan for Europe.

Stephan Morais, Managing General Partner, said: “This is a milestone for the Portuguese ecosystem, we will keep on supporting the most promising Portuguese, and increasingly Iberian, early-stage tech startups, but now with an independent stable investment platform backed by a diversified global LP base.”

Ricardo Torgal, General Partner added that “VC is not hype, it’s about building a balanced portfolio and being there for the companies to help them grow to the next stage”.

Cristina Fonseca, Venture Partner, commented that “I have been backing many companies over the past few years as an angel investor and mentor, so it was an obvious decision to join the best investment team in the market with a solid track record. Early stage tech is where my heart is and this is a local nurturing activity before it becomes globally investable and scalable.”

VLC, the hugely popular media playing service, is filing one of its gaps with the addition of AirPlay support as its just crossed an incredible three billion users.

The new feature was revealed by Jean-Baptiste Kempf, one of the service’s lead developers, in an interview with Variety at CES and it will give users a chance to beam content from their Android or iOS device to an Apple TV. The addition, which is due in the upcoming version 4 of VLC, is the biggest new feature since the service added Chromecast support last summer.

But that’s not all that the dozen or so people on the VLC development team are working on.

In addition, Variety reports that VLC is preparing to add enable native support for VR content. Instead of SDKs, the team has reversed engineered popular hardware to offer features that will include the option to watch 2D content in a cinema-style environment. There are also plans to bring the service to more platforms, with VentureBeat reporting that the VLC team is eying PlayStation 4, Nintendo Switch and Roku devices.

VLC, which is managed by non-profit parent VideonLAN, racked up its 3 millionth download at CES, where it celebrated with the live ticker pictured above. The service reached one billion downloads back in May 2012, which represents incredible growth for a venture that began life as a project from Ecole Centrale Paris students in 1996.

The personal details belonging to more than 202 million job seekers in China, including information like phone numbers, email addresses, driver licenses and salary expectations, were freely available to anyone who knew where to look for as long as three years due to an insecure database.

That’s according to findings published by security researcher Bob Diachenko who located an open and unprotected MongoDB instance in late December which contained 202,730,434 “very detailed” records. The database was indexed in data search engines Binary Edge and Shodan, and was freely visible without a password or login. It was only made private after Diachenko released information about its existence on Twitter.

Diachenko, who is director of cyber risk research at Hacken, wasn’t able to match the database with a specific service, but he did locate a three-year-old GitHub repository for an app that included “identical structural patterns as those used in the exposed resumes.” Again, ownership is not clear at this point although the records do seem to contain data that was scraped from Chinese classifieds, including the Craigslist-like 58.com.

A 58.com spokesperson denied that the records were its creation. They instead claimed that their service had been the victim of scraping from a third-party.

“We have searched all over the database of us and investigated all the other storage, turned out that the sample data is not leaked from us. It seems that the data is leaked from a third party who scrape[d] data from many CV websites,” a spokesperson told Diachenko.

TechCrunch contacted 58.com but we have not yet received a response.

While the database has now been secured, it was potentially vulnerable for up to three years and there’s already evidence that it had been regularly accessed. Although, again, it isn’t clear who by.

“It’s worth noting that MongoDB log showed at least a dozen IPs who might have accessed the data before it was taken offline,” Diachenko wrote.

There’s plenty of mystery here — it isn’t clear whether 58.com was behind the hole, or if it is a rival service or a scraper — but what is more certain is that the vulnerability is one of the largest of its kind to be found in China.

The world’s highest-valued artificial intelligence startup SenseTime has set foot in Japan. The Beijing-based firm announced on Friday that it just opened a self-driving facility in Joso, a historic city 50 kilometers away from Tokyo where it plans to conduct R&D and road test driverless vehicles.

The initiative follows its agreement with Japanese auto giant Honda in 2017 to jointly work on autonomous driving technology. SenseTime, which is backed by Alibaba and last valued at more than $4.5 billion, is best known for object recognition technologies that have been deployed in China widely across retail, healthcare and public security. Bloomberg reported this week that the AI upstart is raising $2 billion in fresh funding,

Four-year-old SenseTime isn’t the only Chinese AI company finding opportunities in Japan. China’s biggest search engine provider Baidu is also bringing autonomous vehicles to its neighboring country, a move made possible through a partnership with SoftBank’s smart bus project SB Drive and Chinese automaker King Long.

Japan has in recent years made a big investment push in AI and autonomous driving, which could help it cope with an aging and declining workfoce. The government aims to put driverless cars on Tokyo’s public roads by 2020 when the Olympics takes place. The capital city said it already successfully trialled autonomous taxis last August.

SenseTime’s test park, which is situated near Japan’s famed innovation hub Tsukuba Science City, will be open to local residents who could check out the vehicles slated to transport them in a few years.

“We are glad to have the company setting up an R&D center for autonomous driving in our city,” said Mayor of Joso Takeshi Kandatsu in a statement. “I believe autonomous driving vehicles will bring not only revolutionary changes to our traffic system, but also solutions to regional traffic problems. With the help of SenseTime, I look forward to seeing autonomous cars running on the roads of Joso. We will give full support to make it happen.”

Improbable is taking a daring step after announcing earlier today that Unity had revoked its license to operate on the popular game development engine.

The UK-based cloud gaming startup has inked a late-night press release with Unity rival Epic Games, which operates the Unreal Engine and is the creator of Fortnite, establishing a $25 million fund designed to help game developers move to “more open engines.”

An incoming blog post penned by Epic Games CEO Tim Sweeney and Improbable CEO Herman Narula reads, in part:

To assist developers who are left in limbo by the new engine and service incompatibilities that were introduced today, Epic Games and Improbable are together establishing a US $25,000,000 combined fund to help developers transition to more open engines, services, and ecosystems. This funding will come from a variety of sources including Unreal Dev Grants, Improbable developer assistance funds, and Epic Games store funding.

This is pretty bold on Improbable’s part and seems to suggest that Unity didn’t give them a call after Improbable published a blog post that signed off with, “You [Unity] are an incredibly important company and one bad day doesn’t take away from all you’ve given us. Let’s fix this for our community, you know our number.”

Unity, for its part, claims that they gave Improbable ample notice that they were in violation of their Terms of Service and that the two had been deep in a “partnership” agreement that obviously fell short. The termination of Improbable’s Unity license essentially cut them off from a huge portion of indie developers who build their stuff on Unity.

Epic Games CEO Tim Sweeney was quick to jump on the news earlier today, rebuking Unity’s actions.

“Epic Games’ partnership with Improbable, and the integration of Improbable’s cloud-based development platform SpatialOS, is based on shared values, and a shared belief in how companies should work together to support mutual customers in a straightforward, no-surprises way,” the blog post reads.

In a way this is a positive development for Improbable, suggesting that Epic Games is committed to sticking with the startup, but at the same time, one wonders how Unity and Improbable’s relationship managed to sour so quickly based on what’s been said publicly today.

That’s not the kind of headline one expects to write going into the week. But here we are. Universal Space’s analog Pong table is a mindblower in a whole unexpected way. The tabletop machine goes more retro than retro by bring pong into the real world through the magic of magnets (some day, perhaps, we’ll discover how they work).

There’s a square “ball” and a pair of rectangular paddles on either side, moved back and forth by spinning a wheel. Like the classic game, spinning faster and hitting corners puts a little English on it, as they say in billiards. Players score by striking the opposite side the ball. From there, you tap an orange arcade button to fire it back.

It’s really a thing to behold — even more so in single player mode, where the machine controls the other panel. You’ve got easy, medium and hard options for that. I’d start off slow, because there’s a bit of a noticeable lag that takes some getting used to.

It’s a neat parlor trick, and one that will almost certainly get party guests excited. It’ll cost you, though — $3,000 to be precise. The arcade model is an additional $1,500. It’s a lot to pay for what feels like a kind of one trick pony. Like the original Pong, it’s hard to imagine it holding one’s attention long enough to justify the price.