Employers are Tracking Employees ‘Productivity’ – Sometimes Badly

Here’s an interesting statistic spotted by Fortune. “Eight out of the 10 largest private employers in the U.S. are tracking productivity metrics for their employees, according to an examination from The New York Times.”
“Some of this software measures active time, watches for keyboard pauses, and even silently counts keystrokes.”

J.P. Morgan, Barclays Bank, and UnitedHealth Group all track employees, The Times reported, seeing everything from how long it takes to write an email to keyboard activity. There are repercussions if workers aren’t meeting expectations: a prodding note, a skipped bonus, or a work-from-home day taken away, to name a few. For employers surrendering in the fight to return to the office, such surveillance is a way to maintain a sense of control. As Paul Wartenberg, who installs monitor systems, told The Times, “If we’re going to give up on bringing people back to the office, we’re not going to give up on managing productivity….

But tracking these remote workers’ every move doesn’t seem to be telling employers much. “We’re in this era of measurement but we don’t know what we should be measuring,” Ryan Fuller, former vice president for workplace intelligence at Microsoft, told the Times.

From the New York Times’ article. (Alternate URLs here, here, and here.)
In lower-paying jobs, the monitoring is already ubiquitous: not just at Amazon, where the second-by-second measurements became notorious, but also for Kroger cashiers, UPS drivers and millions of others…. Now digital productivity monitoring is also spreading among white-collar jobs and roles that require graduate degrees. Many employees, whether working remotely or in person, are subject to trackers, scores, “idle” buttons, or just quiet, constantly accumulating records. Pauses can lead to penalties, from lost pay to lost jobs.

Some radiologists see scoreboards showing their “inactivity” time and how their productivity stacks up against their colleagues’…. Public servants are tracked, too: In June, New York’s Metropolitan Transportation Authority told engineers and other employees they could work remotely one day a week if they agreed to full-time productivity monitoring. Architects, academic administrators, doctors, nursing home workers and lawyers described growing electronic surveillance over every minute of their workday.

They echoed complaints that employees in many lower-paid positions have voiced for years: that their jobs are relentless, that they don’t have control — and in some cases, that they don’t even have enough time to use the bathroom. In interviews and in hundreds of written submissions to The Times, white-collar workers described being tracked as “demoralizing,” “humiliating” and “toxic.” Micromanagement is becoming standard, they said. But the most urgent complaint, spanning industries and incomes, is that the working world’s new clocks are just wrong: inept at capturing offline activity, unreliable at assessing hard-to-quantify tasks and prone to undermining the work itself….

But many employers, along with makers of the tracking technology, say that even if the details need refining, the practice has become valuable — and perhaps inevitable. Tracking, they say, allows them to manage with newfound clarity, fairness and insight. Derelict workers can be rooted out. Industrious ones can be rewarded. “It’s a way to really just focus on the results,” rather than impressions, said Marisa Goldenberg, [who] said she used the tools in moderation…
[I]n-person workplaces have embraced the tools as well. Tommy Weir, whose company, Enaible, provides group productivity scores to Fortune 500 companies, aims to eventually use individual scores to calibrate pay.

Read more of this story at Slashdot.

Elon Musk Interviewed by Tesla Owners, Hears from a Former Professor

In June a YouTube channel called “Tesla Owners Silicon Valley” ran an hour-long interview with Elon Musk. (Musk begins by sharing an example of the “comedically long” list of things that can disrupt a supply chain, remembering an incident where a drug gang shoot out led to the mistaken impounding of a nearby truck that was delivering parts for a Tesla Model S factory — ultimately shutting down Model S production for three days.)

There’s some candid discussions about the technology of electric cars – but also some surprisingly personal insights. Musk also reveals he’s been thinking about electric cars since high school, as “the way cars should be, if you could just solve range… People will look back on the internal combustion car era as a strange time. Quaint.” And then he remembers the moment in 1995 when he put his graduate studies at Stanford “on hold” to pursue a business career, reassuring Stanford professor William Nix that “I will probably fail” and predicting an eventual return to Stanford. Nix had responded that he did not think Musk would fail.

It turns out that 27 years later, now-emeritus professor William Nix heard the interview, and typed up a fond letter to Elon Musk at SpaceX’s headquarters in Texas. Nix complimented Musk on the interview, noting Musk’s remarks on the challenges in using silicon for the anodes of electric batteries. “About 10 years ago we at Stanford did research on the very issues you described. Indeed, it almost seemed like you had read all the papers.”

Musk’s hour-long interview with the group was followed by two more hour-long interviews, and since then the group has been sharing short excerpts that give candid glimpses of Musk’s thinking. (The overwhelming focus is solving full self-driving,” Musk says in one clip. “That’s essential. That’s really the difference between Tesla being worth a lot of money and being worth basically zero.”)

Read more of this story at Slashdot.

Do Inaccurate Search Results Disrupt Democracies?

Users of Google “must recalibrate their thinking on what Google is and how information is returned to them,” warns an Assistant Professor at the School of Information and Library Science at UNC-Chapel Hill.

In a new book titled The Propagandists’ Playbook, they’re warning that simple link-filled search results have been transformed by “Google’s latest desire to answer our questions for us, rather than requiring us to click on the returns.” The trouble starts when Google returns inaccurate answers “that often disrupt democratic participation, confirm unsubstantiated claims, and are easily manipulatable by people looking to spread falsehoods.”

By adding all of these features, Google — as well as competitors such as DuckDuckGo and Bing, which also summarize content — has effectively changed the experience from an explorative search environment to a platform designed around verification, replacing a process that enables learning and investigation with one that is more like a fact-checking service…. The problem is, many rely on search engines to seek out information about more convoluted topics. And, as my research reveals, this shift can lead to incorrect returns… Worse yet, when errors like this happen, there is no mechanism whereby users who notice discrepancies can flag it for informational review….

The trouble is, many users still rely on Google to fact-check information, and doing so might strengthen their belief in false claims. This is not only because Google sometimes delivers misleading or incorrect information, but also because people I spoke with for my research believed that Google’s top search returns were “more important,” “more relevant,” and “more accurate,” and they trusted Google more than the news — they considered it to be a more objective source….

This leads to what I refer to in my book, The Propagandists’ Playbook, as the “IKEA effect of misinformation.” Business scholars have found that when consumers build their own merchandise, they value the product more than an already assembled item of similar quality — they feel more competent and therefore happier with their purchase. Conspiracy theorists and propagandists are drawing on the same strategy, providing a tangible, do-it-yourself quality to the information they provide. Independently conducting a search on a given topic makes audiences feel like they are engaging in an act of self-discovery when they are actually participating in a scavenger-hunt engineered by those spreading the lies….

Rather than assume that returns validate truth, we must apply the same scrutiny we’ve learned to have toward information on social media.

Another problem the article points out: “Googling the exact same phrase that you see on Twitter will likely return the same information you saw on Twitter.

“Just because it’s from a search engine doesn’t make it more reliable.”

Read more of this story at Slashdot.

After Mockery, Mark Zuckerberg Promises Better Metaverse Graphics, Post New Avatar

What do you when people hate your $10 billion selfie? “Mark Zuckerberg, in response to a torrent of critical memes mocking the graphics of Meta’s newest project, has heard his critics — and changed his selfie,” reports CNN:

Zuckerberg debuted Horizon Worlds, a virtual reality social app, in France and Spain earlier this week, sharing a somewhat flat, goofy digital avatar in front of an animated Eiffel Tower and la Sagrada Família.

The internet immediately jumped in, mocking what many users viewed as (hopefully) preliminary graphics for a venture that Meta has spent at least $10 billion in the last year.

New York Times tech columnist Kevin Roose compared the graphics to “worse than a 2008 Wii game” on Twitter. Slate used the term “buttcheeks.” Twitter was less kind: “eye-gougingly ugly” and “an international laughing stock” popping up. Many compared it to early 90’s graphics and pointed out how lifeless and childish the Zuckerberg selfie looked. It quickly won the designation “dead eyes.”
Well, Zuckerberg has apparently seen the memes, because on Friday he announced there are major updates coming — along with new avatar graphics.

In a CNBC report on how Zuckerberg “is getting dragged on the internet for how ugly the graphics of this game are,” they’d actually quoted a Forbes headline that asked, “Does Mark Zuckerberg not understand how bad his metaverse is?”

Read more of this story at Slashdot.

After Signing US Climate Bill, Biden Plans More Executive Actions to Cut Emissions

Senior White House officials say even more action is coming on climate change. They’re telling the New York Times that U.S. President Joe Biden plans “a series of executive actions to further reduce greenhouse gas emissions and help keep the planet from warming to dangerous temperatures.”

Biden is on track to deploy a series of measures, including new regulations on emissions from vehicle tailpipes, power plants and oil and gas wells, the officials said.

In pushing more executive action, Mr. Biden is trying to make up for the compromises his party made on climate measures to pass the Inflation Reduction Act, which includes the largest single American investment to slow global warming. Democrats had to scale back some of their loftiest ambitions, including by agreeing to fossil fuel and drilling provisions, as concessions to Senator Joe Manchin III, Democrat of West Virginia, a holdout from a conservative state that is heavily dependent on coal and gas. Gina McCarthy, the White House climate adviser, said that regulatory moves, combined with the new legislation and action from states, could help Mr. Biden meet his promise to cut greenhouse gas emissions by 50 percent, compared to 2005 levels, by the end of the decade. The climate bill, she said, was “a starting point.”

“The president has not chosen to just look at Congress, he’s chosen to recognize that he has presidential authorities and responsibilities under the law to keep moving this forward,” she said. “And he’s going to continue to use those.” […] Ms. McCarthy noted the E.P.A. still has “broad authority” to regulate emissions from electricity generation. She also said the government is forging ahead with new regulations on soot and other traditional air pollutants, which will have the side benefit of cutting carbon emissions…. Mr. Biden has the executive authority to issue regulations through federal agencies, and under the Clean Air Act of 1970 can establish rules to address air pollution.

Read more of this story at Slashdot.

Vietnam Demands Big Tech Localize Data Storage and Offices

Vietnam’s Ministry of Information and Communications updated cybersecurity laws this week to mandate Big Tech and telecoms companies store user data locally, and control that data with local entities. The Register reports: The data affected goes beyond the basics of name, email, credit card information, phone number and IP address, and extends into social elements — including groups of which users are members, or the friends with whom they digitally interact. “Data of all internet users ranging from financial records and biometric data to information on people’s ethnicity and political views, or any data created by users while surfing the internet must be to stored domestically,” read the decree (PDF) issued Wednesday, as translated by Reuters. The decree applies to a wide swath of businesses including those providing telecom services, storing and sharing data in cyberspace, providing national or international domain names for users in Vietnam, e-commerce, online payments, payment intermediaries, transport connection services operating in cyberspace, social media, online video games, messaging services, and voice or video calls.

According to Article 26 of the government’s Decree 53, the new rules go into effect October 1, 2022 — around seven weeks from the date of its announcement. However, foreign companies have an entire 12 months in which to comply — beginning when they receive instructions from the Minister of Public Security. The companies are then required to store the data in Vietnam for a minimum of 24 months. System logs will need to be stored for 12 months. After this grace period, authorities reserve the right to make sure affected companies are following the law through investigations and data collection requests, as well as content removal orders. Further reading: Vietnam To Make Apple Watch, MacBook For First Time Ever

Read more of this story at Slashdot.

PSA: Update Your iPhone To iOS 15.6.1 For Two Major Security Fixes

Erik Prince Wants To Sell You a ‘Secure’ Smartphone That’s Too Good To Be True

MIT Technology Review obtained Prince’s investor presentation for the “RedPill Phone,” which promises more than it could possibly deliver. From the report: Erik Prince’s pitch to investors was simple — but certainly ambitious: pay just 5 million euros and cure the biggest cybersecurity and privacy plagues of our day. The American billionaire — best known for founding the notorious private military firm Blackwater, which became globally infamous for killing Iraqi civilians and threatening US government investigators — was pushing Unplugged, a smartphone startup promising “free speech, privacy, and security” untethered from dominant tech giants like Apple and Google. In June, Prince publicly revealed the new phone, priced at $850. But before that, beginning in 2021, he was privately hawking the device to investors — using a previously unreported pitch deck that has been obtained by MIT Technology Review. It boldly claims that the phone and its operating system are “impenetrable” to surveillance, interception, and tampering, and its messenger service is marketed as “impossible to intercept or decrypt.”

Boasting falsely that Unplugged has built “the first operating system free of big tech monetization and analytics,” Prince bragged that the device is protected by “government-grade encryption.” Better yet, the pitch added, Unplugged is to be hosted on a global array of server farms so that it “can never be taken offline.” One option is said to be a server farm “on a vessel” located in an “undisclosed location on international waters, connected via satellite to Elon Musk’s StarLink.” An Unplugged spokesperson explained that “they benefit in having servers not be subject to any governmental law.” The Unplugged investor pitch deck is a messy mix of these impossible claims, meaningless buzzwords, and outright fiction. While none of the experts I spoke with had yet been able to test the phone or read its code, because the company hasn’t provided access, the evidence available suggests Unplugged will fall wildly short of what’s promised.

[…] The UP Phone’s operating system, called LibertOS, is a proprietary version of Google’s Android, according to an Unplugged spokesperson. It’s running on an unclear mix of hardware that a company spokesperson says they’ve designed on their own. Even just maintaining a unique Android “fork” — a version of the operating system that departs from the original, like a fork in the road — is a difficult endeavor that can cost massive money and resources, experts warn. For a small startup, that can be an insurmountable challenge. […] Another key issue is life span. Apple’s iPhones are considered the most secure consumer device on the market due in part to the fact that the company offers security updates to some of its older phones for six years, longer than virtually all competitors. When support for a phone ends, security vulnerabilities go unaddressed, and the phone is no longer secure. There is no information available on how long UP Phones will receive security support. “There are two things happening here,” says Allan Liska, a cyberintelligence analyst at the cybersecurity firm Recorded Future. “There are the actual attempts to make real secure phones, and then there is the marketing BS. Distinguishing between those two can be really hard.”

“When I worked in US intelligence, we [penetrated] a number of phone companies overseas,” says Liska. “We were inside those phone companies. We could easily track people based on where they connected to the towers. So when you talk about being impenetrable, that’s wrong. This is a phone, and the way that phones work is they triangulate to cell towers, and there is always latitude and longitude for exactly where you’re sitting,” he adds. “Nothing you do to the phone is going to change that.”

The UP Phone is due out in November 2022.

Read more of this story at Slashdot.

Google’s New Bug Bounties Include Their Custom Linux Kernel’s Experimental Security Mitigations

Google uses Linux “in almost everything,” according to the leader of Google’s “product security response” team — including Chromebooks, Android smartphones, and even Google Cloud.

“Because of this, we have heavily invested in Linux’s security — and today, we’re announcing how we’re building on those investments and increasing our rewards.”

In 2020, we launched an open-source Kubernetes-based Capture-the-Flag (CTF) project called, kCTF. The kCTF Vulnerability Rewards Program lets researchers connect to our Google Kubernetes Engine (GKE) instances, and if they can hack it, they get a flag, and are potentially rewarded.

All of GKE and its dependencies are in scope, but every flag caught so far has been a container breakout through a Linux kernel vulnerability.

We’ve learned that finding and exploiting heap memory corruption vulnerabilities in the Linux kernel could be made a lot harder. Unfortunately, security mitigations are often hard to quantify, however, we think we’ve found a way to do so concretely going forward….

First, we are indefinitely extending the increased reward amounts we announced earlier this year, meaning we’ll continue to pay $20,000 — $91,337 USD for vulnerabilities on our lab kCTF deployment to reward the important work being done to understand and improve kernel security. This is in addition to our existing patch rewards for proactive security improvements.

Second, we’re launching new instances with additional rewards to evaluate the latest Linux kernel stable image as well as new experimental mitigations in a custom kernel we’ve built. Rather than simply learning about the current state of the stable kernels, the new instances will be used to ask the community to help us evaluate the value of both our latest and more experimental security mitigations. Today, we are starting with a set of mitigations we believe will make most of the vulnerabilities (9/10 vulns and 10/13 exploits) we received this past year more difficult to exploit. For new exploits of vulnerabilities submitted which also compromise the latest Linux kernel, we will pay an additional $21,000 USD. For those which compromise our custom Linux kernel with our experimental mitigations, the reward will be another $21,000 USD (if they are clearly bypassing the mitigations we are testing). This brings the total rewards up to a maximum of $133,337 USD.

We hope this will allow us to learn more about how hard (or easy) it is to bypass our experimental mitigations…..

With the kCTF VRP program, we are building a pipeline to analyze, experiment, measure and build security mitigations to make the Linux kernel as safe as we can with the help of the security community. We hope that, over time, we will be able to make security mitigations that make exploitation of Linux kernel vulnerabilities as hard as possible.

“We don’t care about vulnerabilities; we care about exploits,” Vela told the Register. “We expect the vulnerabilities are there, they will get patched, and that’s nice and all. But the whole idea is what do to beyond just patching a couple of vulnerabilities.”
In total, Google paid out $8.7 million in rewards to almost 700 researchers across its various VPRs last year. “We are just one actor in the whole community that happens to have economic resources, financial resources, but we need the community to help us make the Kernel better,” Vela said.

“If the community is engaged and helps us validate the mitigations that we have, then, we will continue growing on top of that. But the whole idea is that we need to see where the community wants us to go with this….”

[I]t’s not always about the cash payout, according to Vela, and different bug hunters have different motivations. Some want money, some want fame and some just want to solve an interesting problem, Vela said. “We are trying to find the right combination to captivate people.”

Read more of this story at Slashdot.

Linux 6.0 Arrives With Performance Improvements and More Rust Coming

Linux creator Linus Torvalds has announced the first release candidate for the Linux kernel version 6.0, but he says the major number change doesn’t signify anything especially different about this release. ZDNet: While there is nothing fundamentally different about this release compared with 5.19, Torvalds noted that there were over 13,500 non-merge commits and over 800 merged commits, meaning “6.0 looks to be another fairly sizable release.” According to Torvalds, most of the updates are improvements to the GPU, networking and sound. Torvalds stuck to his word after releasing Linux kernel 5.19 last month, when he flagged he would likely call the next release 6.0 because he’s “starting to worry about getting confused by big numbers again.”

On Sunday’s release of Linux 6.0 release candidate version 1 (rc-1), he explained his reasoning behind choosing a new major version number and its purpose for developers. Again, it’s about avoiding confusion rather than signaling that the release has major new features. His threshold for changing the lead version number was .20 because it is difficult to remember incremental version numbers beyond that. “Despite the major number change, there’s nothing fundamentally different about this release – I’ve long eschewed the notion that major numbers are meaningful, and the only reason for a ‘hierarchical; numbering system is to make the numbers easier to remember and distinguish,” said Torvalds. Torvalds lamented some Rust-enabling code didn’t make it into the release. The Register adds: “I actually was hoping that we’d get some of the first rust infrastructure, and the multi-gen LRU VM, but neither of them happened this time around,” he mused, before observing “There’s always more releases. This is one of those releases where you should not look at the diffstat too closely, because more than half of it is yet another AMD GPU register dump,” he added, noting that Intel’s Gaudi2 Ai processors are also likely to produce plenty of similar kernel additions. “The CPU people also show up in the JSON files that describe the perf events, but they look absolutely tiny compared to the ‘asic_reg’ auto-generated GPU and AI hardware definitions,” he added.

Read more of this story at Slashdot.