Category: UNCATEGORIZED

Ladders, one of the most popular job recruitment sites in the U.S. specializing in high-end jobs, has exposed more than 13.7 million user records, following a security lapse.

The New York-based company left an Amazon -hosted Elasticsearch database exposed without a password, allowing anyone to access the data. Sanyam Jain, a security researcher and a member of the GDI Foundation, a non-profit aimed at securing exposed or leaking data, found the database and reported the findings to TechCrunch in an effort to secure the data.

Within an hour of TechCrunch reaching out, Ladders had pulled the database offline.

Marc Cenedella, chief executive, confirmed the exposure in a brief statement. “AWS confirms that our AWS Managed Elastic Search is secure, and is only accessible by Ladders employees at indicated IP addresses. We will look into this potential theft, and would appreciate your assistance in doing so,” he said.

TechCrunch verified the data by reaching out to more than a dozen users of the site. Several confirmed their data matched their Ladders profile. One user who responded said they are “not using the site anymore” following the breach.

Each record included names, email addresses, and their employment histories, such as their employer and job title. The user profiles also contain information about the industry they’re seeking a job in and their current compensation in U.S. dollars.

Many of the records also contained detailed job descriptions of their past employment, similar to a résumé.

Although some of the data was publicly viewable to other users on the site, much of the data contained personal and sensitive information, including email addresses, postal addresses, phone numbers and their approximate geolocation based off their IP address.

The database contained years’ worth of records.

Some records included their work authorizations, such as whether they are a U.S. citizen or if they are on a visa, such as an H1-B. Others listed their U.S. security clearance alongside their corresponding jobs, such as telecoms or military.

More than 379,000 recruiters information was also exposed, though the data wasn’t as sensitive.

Security researcher Jain recently found a leaking Wi-Fi password database and an exposed back-end database for a family tracking app, including the real-time location data of children.

Read more:

• A leaky SMS database exposed password resets and two-factor codes
• Chipotle customers are saying their accounts have been hacked
• We found a massive spam operation — and sunk its server
• Dow Jones’ watchlist of 2.4 million high-risk individuals has leaked
• Stop saying, ‘We take your privacy and security seriously’
• Robocaller firm Stratics Networks exposed millions of call recordings
• Massive mortgage and loan data leak gets worse as original documents also exposed

We’ve captured much of Niantic’s ongoing story in the first three parts of our EC-1, from its beginnings as an “entrepreneurial lab” within Google, to its spin-out as an independent company and the launch of Pokémon GO, to its ongoing focus on becoming a platform for others to build augmented reality products upon.

It’s not an origin story that serves as an easily replicable blueprint — but if we zoom out a bit, what’s to be learned?

A few key themes stuck with me as I researched Niantic’s story so far. Some of them – like the challenges involved with moving millions of users around the real world – are unique to this new augmented reality that Niantic is helping to create. Others – like that scaling is damned hard – are well-understood startup norms, but interesting to see from the perspective of an experienced team dealing with a product launch that went from zero to 100 real quick.

• Build on top of what works best
• AR alone doesn’t make a hit game
• Ship the MVP, but have the roadmap ready
• Scaling is hard, even when you’ve done it before
• As your userbase grows, so do your responsibilities
• Visual designs can have growing pains too
• Social features can be useful for more than just growth
• Get users rolling as fast as possible
• Communication keeps users happy

The reading time for this article is 16 minutes (5,150 words).

Build on top of what works best

Everything Niantic has built so far is an evolution of what the team had built before it. Each major step on Niantic’s path has a clear footprint that precedes it; a chunk of DNA that proved advantageous, and is carried along into the next thing.

Looking back, it’s a cycle we can see play out on repeat: build a thing, identify what works about it, trim the extra bits, then build a new thing from that foundation.

Seattle’s Madrona Venture Group has long been one of the most prominent early-stage funds in the backyard of Amazon and Microsoft. Now, however, the firm is starting to look beyond the Pacific Northwest with the launch of its $100 million Acceleration Fund, which will expand its geographic reach to the entire U.S. and give it a vehicle to invest in later rounds.

The new fund will see Madrona make more investments at the Series B and C stage. While Madrona has made a wide variety of investments over the years, including some into consumer services, its focus has long been on enterprise cloud companies, ranging from Apptio to Smartsheets and Heptio (which VMware recently acquired). We’ll see a similar focus with this new fund, as Madrona managing director Matt McIlwain told me, with an emphasis on cloud and applied machine learning companies. Unlike Madrona’s current focus on the Pacific Northwest — and Seattle in particular — this fund will also invest in companies across the country.

“Our long-time strategy has been early stage, broad-based technology, Pacific Northwest,” McIlwain told me. “We call it an acceleration fund because we want to differentiate it from what some people call opportunity funds, which is more of a ‘put more money into my existing company.’ This is not that. This is new money into great companies that have reached that initial product-market fit and that want to accelerate their growth.”

Madrona also expects that these companies have reached product differentiation and founders and key executives that can sell those products.

McIlwain noted that Madrona has selectively made some of these investments in companies like Tigera, Snowflake and Accolade over the years already. This new fund gives the firm a dedicated vehicle to invest in companies where it believes it can add more value at this later stage.

“When I joined Accolade almost four years ago – the mission was to accelerate the company’s growth by finding the best talent to build a world-class product and distribution team,” said Accolade CEO Raj Singh “To do that, you need world-class partners. Having worked with Matt McIlwain and Madrona on both the Apptio and Amperity board of directors, reaching out to Madrona was high on my priority list on day one. And they have lived up to my expectations – helping with customer acquisition, critical hires, key partnerships, and invaluable counsel.”

McIlwain told me that Madrona has yet to make its first investment from the new fund. “But we’re eager to find that first one that’ll be special enough,” he said.

The family of Walter Huang, an Apple engineer who died after his Tesla Model X with Autopilot engaged crashed into a highway median, is suing Tesla. The State of California Department of Transportation is also named in the lawsuit.

The wrongful death lawsuit, filed in in California Superior Court, County of Santa Clara, alleges that errors by Tesla’s Autopilot driver assistance system caused the crash that killed Huang on March 23, 2018. Huang, who was 38, died when his 2017 Tesla Model X hit a highway barrier on Highway 101 in Mountain View, California.

The lawsuit alleges that Tesla’s Autopilot driver assistance system misread lane lines, failed to detect the concrete media, failed to brake and instead accelerated into the median.

A Tesla spokesperson declined to comment on the lawsuit.

“Mrs. Huang lost her husband, and two children lost their father because Tesla is beta testing its Autopilot software on live drivers,” B. Mark  Fong, a partner at law firm Minami Tamaki said in a statement.

Other allegations against Tesla include product liability, defective product design, failure to warn, breach of warranty, intentional and negligent misrepresentation and false advertising. California DOT is also named in the lawsuit because the concrete highway median that Huang’s vehicle struck was missing its crash attenuator guard, according to the filing. Caltrans failed to replace the guard after an earlier crash there, the lawsuit alleges.

The lawsuit aims to “ensure the technology behind semi-autonomous cars is safe before it is released on the roads, and its risks are not withheld or misrepresented to the public,” said Doris Cheng, a partner at Walkup, Melodia, Kelly & Schoenberger, who is also representing the family.

In the days following the crash, Tesla released two blog posts and ended up scuffling with the National Transportation Safety Board, which had sent investigators to the crash scene.

Tesla’s March 30 blog post acknowledged Autopilot had been engaged at the time of the crash. Tesla said the driver had received several visual and one audible hands-on warning earlier in the drive and the driver’s hands were not detected on the wheel for six seconds prior to the collision.

Those comments prompted a response from the NTSB, which indicated it was “unhappy with the release of investigative information by Tesla.” The NTSB requires companies who are a party to an agency accident investigation to not release details about the incident to the public without approval.

Tesla CEO Elon Musk would soon chime in via Twitter to express his own disappointment and criticism of the NTSB.

Three weeks after the crash, Tesla issued a statement placing the blame on Huang and denying moral or legal liability for the crash.

“According to the family, Mr. Huang was well aware that Autopilot was not perfect and, specifically, he told them it was not reliable in that exact location, yet he nonetheless engaged Autopilot at that location. The crash happened on a clear day with several hundred feet of visibility ahead, which means that the only way for this accident to have occurred is if Mr. Huang was not paying attention to the road, despite the car providing multiple warnings to do so.”

The relationship between NTSB and Tesla would disintegrate further following the statement. Tesla said it withdrew from its party agreement with the NTSB. Within a day, NTSB claimed that it had removed Tesla as a party to its crash investigation.

A preliminary report from the NTSB didn’t make any conclusions of what caused the crash. But it did find that the vehicle accelerated from 62 mph to 70.8 mph in the final three seconds before impact and moved left as it approached the paved gore area dividing the main travel lane of 101 and Highway 85 exit ramp.

The report also found that in the 18 minutes and 55 seconds prior to impact, the Tesla provided two visual alerts and one auditory alert for the driver to place his hands on the steering wheel. The alerts were made more than 15 minutes before the crash.

Huang’s hands were detected on the steering wheel only 34 seconds during the last minute before impact. No pre-crash braking or evasive steering movement was detected, the report said.

The case is Sz Hua Huang et al v. Tesla Inc., The State of California, no. 19CV346663.

The 11th mission for Blue Origin’s New Shepard suborbital launch vehicle is slated for takeoff Tuesday morning. The craft will be carrying 38 (!) experimental payloads from NASA, students, and research organizations around the world. You’ll be able to watch the launch live tomorrow at about 6 AM Pacific time.

New Shepard, though a very different beast from the Falcon 9 and Heavy launch vehicles created by its rival SpaceX, is arguably a better platform for short-duration experiments that need to be exposed to launch stresses and microgravity. Launching satellites — that’s a job for Falcons and Deltas, or perhaps Blue Origin’s impending New Glenn, and they’re welcome to it. But researchers around the country are clamoring for spots on suborbital flights and Blue Origin is happy to provide them.

Tomorrow’s launch will be carrying several dozen, some of which will have been waiting years for their chance to board a rocket. Here are a few examples of what will be tested during the short flight:

• Evolved Medical Microgravity Suction Device: As more people go into space, we have to be prepared for more and graver injuries. Lots of standard medical tools won’t work properly in microgravity, so it’s necessary to redesign and test them under those conditions. This one is about providing suction, as you might guess, which can be used for lung injuries, drawing blood, and other situations that call for negative air pressure.

This little guy will be doing microgravity test prints using metal.

• 3D printing with metal in microgravity: Simply everyone knows we can 3D print stuff in space. But just as on Earth, you can’t always make your spare parts out of thermoplastic. Down here we use metal-based 3D printers, and this experiment aims to find out if a modified design will allow for metal printing in space as well.
• Suborbital centrifuge: It sounds like something the Enterprise would deploy in Star Trek, but it’s just a test bed for a new type of centrifuge that could help simulate other gravities, such as that of the Moon or Mars, for purposes of experiments. They do this on the ISS already but this would make it more compact and easier to automate, saving time and space aboard any craft it flies on.

The suborbital centrifuge, looking as cool as it sounds.

• BioChip SubOrbitalLab: The largest ever study of space-based health and the effects of microgravity on the human body was just concluded, but there’s much, much more to know. Part of that requires monitoring cells in real time — which like most things is easier to do on the surface. This lab-on-a-chip will test out a new technique for containing individual cells or masses and tracking changes to them in a microgravity environment.

It’s all made possible through NASA’s Flight Opportunities program, which is specifically all about putting small experiments aboard commercial spacecraft. The rest of the many gadgets and experiments awaiting launch are listed here.

The launch itself should be very similar to previous New Shepards, just like one commercial jet takeoff is like another. The booster fires up and ascends to just short of the Karman line at 100 kilometers, which (somewhat arbitrarily) marks the start of “space.”

At that point the capsule will detach and fly upwards with its own momentum, exposing the payloads within to several minutes of microgravity; after it tops out, it will descend and deploy its parachutes, after which it will drift leisurely to the ground. Meanwhile the rocket will have descended as well and made a soft landing on its deployable struts.

The launch is scheduled for 6:30 AM Pacific time — 8:30 AM Central in Texas, at Blue Origin’s launch site. You’ll be able to watch it live at the company’s site.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. Apple’s stock jumps 5 percent after beating expectations

Apple released earnings for its fiscal second quarter yesterday, reporting revenue of $58 billion, a decline of 5% from the year-ago quarter. It also reported quarterly earnings per diluted share of $2.46, down 10%.

The market seems to approve, with shares jumping after the numbers were released.

2. Facebook Dating opens to friends with Secret Crush

Facebook announced at its F8 conference that Dating is opening in 14 more countries, bringing the total to 19. It will launch in the U.S. before the end of the year.

3. Eric Schmidt and Diane Greene are leaving Alphabet’s board of directors

Along with the departures, Alphabet is also announcing the appointment of Robin L. Washington to its board.

LONDON, ENGLAND – MAY 01: Wikileaks Founder Julian Assange leaves Southwark Crown Court in a security van after being sentenced on May 1, 2019 in London, England. (Photo by Jack Taylor/Getty Images)

4. Julian Assange jailed for 50 weeks for breaching UK bail conditions

WikiLeaks founder Julian Assange was jailed to 50 weeks for violating his U.K. bail conditions in 2012 at a sentencing hearing at Southwark Crown Court.

5. Hulu tops 28 million customers, unveils new shows and a ‘binge watch’ ad experience

The streaming service also unveiled its new slate of shows and original programming, alongside other content deals and a new “binge advertising experience” that’s designed to be less intrusive.

6. A16z ushers in new fund strategy with $2.75B

Axios reported that Andreessen Horowitz, the storied venture capital firm with investments in Airbnb, BuzzFeed and Coinbase, has closed on $2.75 billion for two new funds.

7. YouTube sets a goal of having half of trending videos coming from its own site

YouTube wants to have half of the featured videos in its trending tab come from streams originating on the company’s own site going forward, according to the latest quarterly letter from chief executive Susan Wojcicki.

Walmart -owned streaming service Vudu announced today that it will be launching new interactive shows later this year, created through the company’s joint venture with interactive content startup Eko.

This confirms a Bloomberg report that Walmart plans to debut several interactive new shows produced with Eko, along with shoppable ads.

We’d hoped that the company would take advantage of its NewFronts event for advertisers today to reveal more details about these plans, but Vudu Senior Director Julian Franco simply confirmed that the service will be “rolling out interactive content” later this year.

He then rolled a brief clip of what looked like a variety of scripted programs (I caught a glimpse of “Saturday Night Live” star Beck Bennett), while the voiceover declaring, “You don’t just watch Eko stories, you control them.”

The video also said the content will cover a variety of genres, including comedy, drama and thrillers.

Franco had more details to share when it came to Vudu’s plans for non-interactive, original content. He announced that the service is co-producing “Albedo,” a science fiction detective series from “Rampage” director Brad Peyton that will premiere next year, and will mark “Lost” star Evangeline Lilly’s return to TV. In addition, the first three episodes of Nickelodeon’s remake “Blues Clues & You” will premiere on Vudu before they air on linear TV.

Also in the works are unscripted shows like “Turning Point With Randy Jackson” and “Friends with Strange Places,” a travel show with Queen Latifah.

In total, the service be premiering around a dozen original movies and TV shows later this year, Franco said. It might seem tough for Vudu to stand out in the crowded landscape of streaming companies spending big bucks on original content, but he argued that it will be differentiated by a focus on creating content kids, their parents and for entire families to watch together.

“We’re not just going to be programming for Williamsburg and Silver Lake,” he said.

As for those shoppable ads, Vudu Chief Operating Officer and Head of Product Scott Weinstein said the service is already testing them. These are ads with that allow you to purchase the featured products through a pop-up window. He added that these ads are dynamic, changing based on viewer preferences.

Weinstein also announced Vudu Audience Extension, an ad network that will allow advertisers to buy campaigns from Vudu that will run on other streaming media services.

“The future of TV looks a lot like the TV of the past — ad-supported, premium content that brings people together,” he said.

During last year’s F8 developer conference, Facebook announced the 1.0 launch of PyTorch, the company’s open source deep learning platform. At this year’s F8, the company launched version 1.1. The small increase in version numbers belies the importance of this release, which focuses on making the tool more appropriate for production usage, including improvements to how the tool handles distributed training.

“What we’re seeing with PyTorch is incredible moment internally at Facebook to ship it and then an echo of that externally with large companies,” Joe Spisak, Facebook AI’s product manager for PyTorch, told me. “Make no mistake, we’re not trying to monetize PyTorch […] but we want to see PyTorch have a community. And that community is starting to shift from a very research-centric community — and that continues to grow fast — into the production world.”

So with this release, the team and the over 1,000 open-source committers that have worked on this project are addressing the shortcoming of the earlier release as users continue to push the limits. Some of those users, for example, include Microsoft, which is using PyTorch for its language models that scale to a billion words and Toyota, which is using it for some of its driver assistance features.

As Spisak told me, one of the most important new features in PyTorch 1.1 is support for TensorBoard, Google’s visualization tool for TensorFlow that helps developers evaluate and inspect models. Spisak noted that Google and Facebook worked together very closely on building this integration. “Demand from developers has been incredible and we’re going to contribute back to Tensorboard as a project and bring new capabilities to it,” he said.

Also new are improvements to the PyTorch just-in-time compiler, which now supports dictionaries, user classes and attributes, for example, as well as the addition of new APIs to PyTorch that support Boolean tensors and support for custom recurrent neural networks.

What’s most important for many production users, though, is the improvements the team made to PyTorch’s distributed training capabilities. These include the ability to split large models across GPUs and various other tweaks that’ll make training large models faster when you have access to a cluster of machines.

At its F8 developer conference, Facebook today launched Ax and BoTorch, two new open-source AI tools.

BoTorch, which, as the name implies, is based on PyTorch, is a library for Bayesian optimization. That’s a pretty specialized tool. Ax, on the other hand, is the more interesting launch, as it’s a general-purpose platform for managing, deploying and automating AI experiments. Both tools, though, are part of the same overall work at Facebook, which focuses on what the company calls “adaptive experimentation.” Indeed, Ax interfaces with BoTorch and, internally, Facebook has used the two tools for tasks that vary from optimizing Instagram’s back-end infrastructure to improving the response rates of user surveys.

At its core, BoTorch — and Bayesian optimization in general — is all about making model optimizing easier and faster for data scientists to get to a production-ready model. Typically, this involves a lot of trial and error and is often more an art than a science. “It takes the art out of it. It automates it,” Joe Spisak, Facebook AI’s product manager for PyTorch, said. “And our goal is to consume the latest research.”

BoTorch is not the first Bayesian optimization tool. Facebook, however, argues that these existing libraries are difficult to extend and customize — and that they didn’t meet Facebook’s needs.

Ax then takes these capabilities and provides all the management functions around BoTorch’s ability to find the optimal configuration for these models, and allows developers to focus on getting their services production-ready. At Facebook, Ax interfaces with A/B testing and simulation tools, for example, and because the whole purpose of these tools is to automatically optimize the system, there’s very little user involvement needed. As it runs the experiments, Ax can automatically pick the best optimization strategy. That could be Bayesian optimization, bandit optimization (another classic optimization strategy) or another algorithm. Indeed, it’s worth noting that Ax is framework-agnostic. While it uses BoTorch, researchers can also plug in their own code using the services PyTorch and NumPy interfaces.

Open-sourcing tools at Facebook has become pretty standard at this point. PyTorch itself is a good example for this. Spisak also noted that for BoTorch, the team decided to open-source the tool because it wanted to collaborate with the top researchers in the field (and it did so by working with Cornell University for this first release, for example). “How do we collaborate? How do we build an open community around what we’re doing? You can’t do that in closed source. It has to be open source,” he said.

It’s no secret that unless you opt out, Google keeps a very detailed record of your location history and a log of the web sites you visit in Chrome and apps you use. There have always been ways to fully opt out of this or to painstakingly delete these records manually. Yet while there are plenty of reasons to opt out, you also miss out on many of Google’s personalization features. As a middle ground, Google today announced that you can now auto-delete your location history and web and app activity by setting a time limit for how long Google can save this data.

Google will give you two options for this time limit: 3 or 18 months. Any data that is older than that will be automatically deleted. With this, you will still get recommendations, but the extent of your personal data that’s stored on Google’s servers and can be used by the company will be limited. The recommendations, too, will only be based on the limited recent data you still share, so they won’t be as precise as before, but should still be useful.

For now, this feature is launching for location history, as well as web and app activity. That includes your Chrome browsing history, for example, as well as your notification history from Google’s Discover feature on Android, locations you searched for in Google Maps, apps you used and more.

This is still plenty other data in your Google Account, though, that isn’t included in this auto-delete service. There’s your voice and audio activity, for example, as well as your YouTube search and watch history. Over time, though, I’d expect Google to add these to the list of auto-deleting items, too.