Show 10 Wed 09:55 Slashdot [1]

09:55 German Entrepreneur Wants To Develop Lab-Grown Psilocybin
nightcats writes: A German capitalist wants to promote everything from psychological research, applied clinical uses of psychedelics, and even peace in the Mideast, with the help of lab-grown magic mushrooms. "Today, with a net worth of roughly $400 million accrued through various enterprises, [Christian] Angermayer is one of the driving forces behind the movement to turn long-shunned psychoactive substances, like the psilocybin derived from so-called magic mushrooms, into approved medications for depression and other mental illnesses," reports Scientific American. The strangest and most daring idea mentioned in the Scientific American piece by Meghana Keshavan relates to a bizarre project for resolving the Israeli-Palestinian conflict. "Angermayer, interested in expanding his web of psychedelics holdings, recently asked [Rick Doblin, founder and executive director of the Multidisciplinary Association for Psychedelic Studies, a nonprofit focused on research and education around the substances] if he might invest in his nonprofit, MAPS -- particularly its efforts to legalize therapeutic use of MDMA, commonly known as ecstasy," reports Scientific American. "Doblin demurred. MAPS is purely donation-based, and unlike Compass, intends to stay that way." "But their talk shifted to one of the highest priority projects at the nonprofit: An exploration of psychedelics in conflict remediation. Along with researchers at Imperial College London, MAPS plans on bringing Israelis and Palestinians together to take ayahuasca and, working with negotiation experts, sift through their respective traumas. The idea is that finding common ground in their spiritual and mystical experiences might help coax political reconciliation between the warring factions."

Show 10 Wed 09:22 Engadget [3]

09:22 Telsa's Model 3 can now use DC fast chargers across the US
Tesla has finally made it possible for Model 3 owners to use DC fast chargers that aren't part of its own Supercharger network. It just released an update for the EV that adds compatibility with all "CHAdeMO" DC fast chargers across North America. No...

09:22 YouTube revamps its copyright claim system for creators
Those in the business of hosting videos created by the public need to have a solid copyright protection and claim system in place. While YouTube's is far from perfect -- in fact, it's been abused and used to extort creators -- the company has rolled...

09:22 Amazon's Alexa will give medical advice from the NHS
The NHS has teamed up with Amazon to bring its health information to Alexa. As part of the NHS' long term plan to make its services available digitally, users will soon be able to ask Alexa questions such as "Alex, how do I treat a migraine?" or "Ale...
Hide

Show 10 Wed 08:31 ArsTechnica [1]

08:31 Official StarCraft mod makes the game look like a Saturday morning cartoon
Hands-on with $10 update for StarCraft Remastered: It's clean, cute, and hilarious.
Hide

Show 10 Wed 07:04 HackerNews [12]

Show 10 Wed 06:55 Slashdot [1]

06:55 Scientists 3D-Print Human Skin and Bone For Mars Astronauts
Scientists from the University Hospital of Dresden Technical University in Germany have successfully bio-printed skin and bone samples upside down to help determine if the method could be used in a low-gravity environment. CNET reports: The skin sample was printed using human blood plasma as a "bio ink." The researchers added plant and algae-based materials to increase the viscosity so it wouldn't just fly everywhere in low gravity. "Producing the bone sample involved printing human stem cells with a similar bio-ink composition, with the addition of a calcium phosphate bone cement as a structure-supporting material, which is subsequently absorbed during the growth phase," said Nieves Cubo, a bioprinting specialist at the university. These samples are just the first steps for the ESA's ambitious 3D bio-printing project, which is investigating what it would take to equip astronauts with medical and surgical facilities to help them survive and treat injuries on long spaceflights and on Mars.

Read more of this story
Hide

Show 10 Wed 06:20 Engadget [1]

06:20 Virgin Orbit preps the LauncherOne rocket for its first drop test
Virgin Orbit has gotten the thumbs up to conduct the LauncherOne system's first drop test, and it can happen "in the very near future." The Virgin Group's launch services company has successfully completed its final captive carry flight test, almost...
Hide

Show 10 Wed 04:34 lwn.net-comments [8]

04:34 Soft CPU affinity

Isn't relocating memory & changing NUMA masks already be part of this process?

Presumably hot-plugging is already migrating memory prior to the CPU being removed, (or so I assume; without the on-cpu memory controller, the EC-DRAM will blank). Or is RAM kept live during a hot-plug?

04:34 Miller: Red Hat, IBM, and Fedora

Yeah, but you have to admit that was a clever retort.

04:34 Miller: Red Hat, IBM, and Fedora

They have some really important patents, like the lock-less queues used in Linux.

04:34 Mucking about with microframeworks

Flask's been my go-to for at least five to six years now.

Although, I'd like to point out some of it's best extensions aren't very well known like flask-classy/classful
https://github.com/teracyhq/flask-classful

Can also go the other way, and sit on top of some C code.

Sanic is a drop in async replacement for Flask (more or less) with massive performance gain.
https://github.com/huge-success/sanic

Responder is a really nice tool as well, which can mount existing flask endpoints and handle background threads.
https://python-responder.org/en/latest/tour.html#mount-a-...
https://github.com/kennethreitz/responder
It sits on top of Uvicorn and Starlette ASGI.
https://www.starlette.io/

Borrowing the magic of node's libuv, and the uvloop FFI, python can zoom as fast as Golang can.
https://magic.io/blog/uvloop-blazing-fast-python-networking/
https://www.techempower.com/benchmarks/#section=data-r17&...

Unfortunately, I've been using uwsgi+nginx+uwsgi_pass for ages; and I'm reluctant to move back to proxy_pass, so I've stuck to pure Flask for now.

I could add Responder or Sanic to my existing webapps with a snap, more or less, I'd have to change out this singular python object, from Flask's implementation to Sanic's (which is API compatible)

flask_core = Flask(__name__)
becomes:
flask_core = Sanic(__name__)

api = responder.API()
api.mount('/yeflask', flask_core)

But don't blame me if ye cannot get ye flask.
https://tvtropes.org/pmwiki/pmwiki.php/Main/YouCantGetYeF...

04:34 Mucking about with microframeworks

It's also worth noting that the recommended way of installing Flask and extensions is in a virtual environment (e.g. virtualenv or pipenv), rather than via system packages (dnf, apt, etc).

From the Flask documentation:

Use a virtual environment to manage the dependencies for your project, both in development and in production.
What problem does a virtual environment solve? The more Python projects you have, the more likely it is that you need to work with different versions of Python libraries, or even Python itself. Newer versions of libraries for one project can break compatibility in another project.
Virtual environments are independent groups of Python libraries, one for each project. Packages installed for one project will not affect other projects or the operating system's packages.

04:34 I'm having difficulty understanding

> not much we can do about it

Have you considered running a fuzzer and fixing the bugs the fuzzer finds? That's how the mentioned nullptr bug was found.

04:34 Miller: Red Hat, IBM, and Fedora

Huh? What's contradictory? That's a condition of using etc the software, just as much as retaining the notice is.

04:34 Ryabitsev: Patches carved into developer sigchains

This is a pretty good explanation: https://blog.ffwll.ch/2017/08/github-why-cant-host-the-ke...

Hide

Show 10 Wed 03:20 Engadget [2]

03:20 Nintendo Switch Online adds a 'rewind' button to NES games next week
For July, Nintendo is adding Wrecking Crew and Donkey Kong 3 to the list of classic NES titles that Switch Online subscribers can play, but the biggest news is a feature that will work across the entire library: Rewind. Similar to a feature that Nint...

03:20 Netflix's 'Another Life' trailer shows Katee Sackhoff back in space
It's been a while since we heard about this 10-episode sci-fi series from Netflix that features Battlestar Galactica and Longmire star Katee Sackhoff, but now there's a new teaser trailer for Another Life. According to the synopsis, her character Nik...
Hide

Show 10 Wed 03:04 HackerNews [8]

Show 10 Wed 02:30 AndroidAuthority [9]

02:30 Become a coding pro with the Complete C++ Bundle for just $34
Right now you can get all the C++ coding training you need for the knock-down price of just $34.

02:30 The Google Pixel 4 XL seems to have large bezels, and it could be a wise move
The Google Pixel 4 XL seems to have substantial bezels, but there are loads of reasons why this is a sensible move.

02:30 Dr. Mario World: Everything you need to know
The modern update of the old-school classic is free-to-play. Download Dr. Mario World now!

02:30 Train to land a lucrative product manager role for $39
This $2,000-valued training bundle can jumpstart your career as a high-flying product manager.

02:30 New Qualcomm chipset might fix huge Wear OS issue, but is it already too late?
The new alleged chipset would replace the Snapdragon Wear 3100. But will that do any good?

02:30 Here's a dead simple method to save 20% on Amazon Prime Day
Save 20 percent simply by using the Amazon app's camera mode.

02:30 One of the best wireless gaming headset is now as low as $69
The Logitech G933 Artemis Spectrum offers immersive surround sound quality, elevating your gaming experience to the next level.

02:30 Here are the best Hulu original shows, plus a look at upcoming exclusive series
Hulu has many great exclusive series that are only available on the streaming service. Here's a look at the best Hulu original shows.

02:30 How to block websites on Android
Want to block websites on Android to protect your kids or prevent yourself from procrastinating? Here is how you can do it.
Hide

Show 10 Wed 02:25 Slashdot [4]

02:25 YouTube Is Making It Much Easier For Creators To Deal With Copyright Claims
YouTube is updating the way it handles manual copyright claims with changes that should make them much less of a headache for video creators. The Verge reports: Owners of copyrighted content -- like a record label or a movie studio -- will now have to say exactly where in a video their copyrighted material appears, which they didn't have to do in the past when manually reporting infringement. That'll allow creators to easily verify whether or not a claim is legitimate and to then edit out the content if they don't want to deal with the repercussions, like losing revenue or having the video taken down. With this change, the whole system will be a lot clearer and should operate much smoother. Video creators will be able to see the chunk that's been claimed, and YouTube will allow them to mute the audio during that portion, replace the audio with a free-to-use song from YouTube's library, or cut out that chunk of the video. If they choose any of those options, the copyright claim will automatically be released. (All of those options were previously available, but creators had to figure out on their own what they needed to cut out.)

Read more of this story

02:25 AI Trained On Old Scientific Papers Makes Discoveries Humans Missed
An anonymous reader quotes a report from Motherboard: In a study published in Nature on July 3, researchers from the Lawrence Berkeley National Laboratory used an algorithm called Word2Vec sift through scientific papers for connections humans had missed. Their algorithm then spit out predictions for possible thermoelectric materials, which convert heat to energy and are used in many heating and cooling applications. The algorithm didn't know the definition of thermoelectric, though. It received no training in materials science. Using only word associations, the algorithm was able to provide candidates for future thermoelectric materials, some of which may be better than those we currently use. To train the algorithm, the researchers assessed the language in 3.3 million abstracts related to material science, ending up with a vocabulary of about 500,000 words. They fed the abstracts to Word2vec, which used machine learning to analyze relationships between words. Using just the words found in scientific abstracts, the algorithm was able to understand concepts such as the periodic table and the chemical structure of molecules. The algorithm linked words that were found close together, creating vectors of related words that helped define concepts. In some cases, words were linked to thermoelectric concepts but had never been written about as thermoelectric in any abstract they surveyed. This gap in knowledge is hard to catch with a human eye, but easy for an algorithm to spot. After showing its capacity to predict future materials, researchers took their work back in time, virtually. They scrapped recent data and tested the algorithm on old papers, seeing if it could predict scientific discoveries before they happened. Once again, the algorithm worked. "In one experiment, researchers analyzed only papers published before 2009 and were able to predict one of the best modern-day thermoelectric materials four years before it was discovered in 2012," the report adds.

Read more of this story

00:55 T-Mobile Says It Can't Be Sued By Users Because of Forced-Arbitration Clause
T-Mobile U.S. is trying to force customers into arbitration in order to avoid a class-action lawsuit that accuses the phone carrier of violating federal law by selling its customers' real-time location data to third parties. Ars Technica reports: T-Mobile yesterday filed a motion to compel arbitration in U.S. District Court in Maryland, saying that customers agreed to terms and conditions that require disputes to be handled in arbitration instead of courts. The two plaintiffs named in the lawsuit did not opt out of the arbitration agreement, T-Mobile wrote. "As T-Mobile customers, each Plaintiff accepted T-Mobile's Terms and Conditions ('T&Cs')," T-Mobile wrote in a memorandum of law. "In so doing, they agreed to arbitrate on an individual basis any dispute related to T-Mobile's services and to waive their right to participate in a class action unless they timely opted out of the arbitration procedure outlined in the T&Cs. Neither Plaintiff elected to opt out. Accordingly, Plaintiffs have brought their grievances to the wrong forum and their claims should be dismissed in favor of arbitration." T-Mobile's terms and conditions say, "Thanks for choosing T-Mobile. Please read these Terms & Conditions ('T&Cs'), which contain important information about your relationship with T-Mobile, including mandatory arbitration of disputes between us, instead of class actions or jury trials. You will become bound by these provisions once you accept these T&Cs." Customers can opt out of arbitration by calling 1-866-323-4405 or online at www.T-Mobiledisputeresolution.com, but action must be taken within 30 days of activating a new phone line. The customers who opted out of T-Mobile arbitration could file a similar lawsuit, but that would result in a much smaller pool of customers who could seek damages. The class-action complaint seeks financial damages and certification of a class consisting of every person who was a T-Mobile customer in the U.S. between May 3, 2015 and March 9, 2019. That's at least 50 million people, the class-action complaint says.

Read more of this story

00:55 It's Time To Ban All Government Use of Face Recognition, Says Digital Rights Group
Fight for the Future, the digital rights advocacy group, is calling for a nationwide ban on government use of facial recognition. Fast Company reports: The group says the technology is just too dangerous to civil liberties to allow government agencies to use it, even with regulation. It launched a website where people can contact their legislators and urge them to support a ban. "Imagine if we could go back in time and prevent governments around the world from ever building nuclear or biological weapons. That's the moment in history we're in right now with facial recognition," said Evan Greer, deputy director of Fight for the Future, in a statement. "This surveillance technology poses such a profound threat to the future of human society and basic liberty that its dangers far outweigh any potential benefits. We don't need to regulate it, we need to ban it entirely."

Read more of this story
Hide

Show 10 Wed 00:20 Engadget [1]

00:20 Mars crew could 3D-print skin and bones for injuries
A journey to Mars will take several years, and humans won't be able to turn back if an astronaut suffers a burn or a bone fracture. Which is why scientists at the University Hospital of Dresden Technical University have now produced the first bioprin...
Hide

Show 09 Tue 23:25 Slashdot [2]

23:25 GitHub Removed Open Source Versions of 'Deepfakes' Porn App DeepNude
An anonymous reader quotes a report from Motherboard: GitHub recently removed code from its website that used neural networks to algorithmically strip clothing from images of women. The multiple code repositories were spun off from an app called DeepNude, a highly invasive piece of software that was specifically designed to create realistic nude images of women without their consent. The news shows how after DeepNude's creator pulled the plug on his own invention late last month following a media and public backlash, some platforms are now stopping the spread of similar tools. "We do not proactively monitor user-generated content, but we do actively investigate abuse reports. In this case, we disabled the project because we found it to be in violation of our acceptable use policy," a GitHub spokesperson told Motherboard in a statement. "We do not condone using GitHub for posting sexually obscene content and prohibit such conduct in our Terms of Service and Community Guidelines." The "Sexually Obscene" section of GitHub's Community Guidelines states: "Don't post content that is pornographic. This does not mean that all nudity, or all code and content related to sexuality, is prohibited. We recognize that sexuality is a part of life and non-pornographic sexual content may be a part of your project, or may be presented for educational or artistic purposes. We do not allow obscene sexual content or content that may involve the exploitation or sexualization of minors."

Read more of this story

23:25 The $280,000 Lab-Grown Burger Could Be a More Palatable $10 in Two Years
Lab-grown meat, first introduced to the world six years ago in the form of a $280,000 hamburger, could hit supermarket shelves at $10 a patty within two years, European start-ups told Reuters. From a report: Consumers concerned about climate change, animal welfare and their own health are fueling interest in so-called clean meat, with the number of associated business start-ups climbing from four at the end of 2016 to more than two dozen two years later, according to the Good Food Institute market researcher. Plant-based meat alternatives are also booming. Shares in Beyond Meat have more than tripled in price since its initial public offering in May. Beyond Meat and Impossible Foods each sell 100% plant-based meat alternatives to retailers and fast food chains across the United States. And cultured meat grown from animal cells could be next on the mainstream menu, with producers eyeing regulatory approval as they improve the technology and reduce costs. It was Dutch start-up Mosa Meat's co-founder Mark Post who created the first "cultured" beef hamburger in 2013 at a cost of 250,000 euros ($280,400), funded by Google co-founder Sergey Brin, but Mosa Meat and Spain's Biotech Meats say that production costs have fallen dramatically since then. "The burger was this expensive in 2013 because back then it was novel science and we were producing at very small scale. Once production is scaled up, we project the cost of producing a hamburger will be around 9 euros," a Mosa Meat spokeswoman told Reuters, adding that it could ultimately become even cheaper than a conventional hamburger.

Read more of this story
Hide

Show 09 Tue 23:04 HackerNews [16]

Show 09 Tue 22:51 ArsTechnica [6]

22:51 Apple updates entry-level MacBook Air and Pro, discontinues MacBook
The company also cut the costs of SSD upgrades across the Mac lineup.

22:51 AT&T takes some Time Warner shows off Netflix, makes them exclusive to HBO Max
HBO Max coming in spring 2020, combining HBO and other Time Warner content.

22:51 Dropbox Transfer tests direct sharing of files up to 100GB
Send copies of files (even the big ones) with this new Dropbox feature.

22:51 Computer from NASA's Apollo program reprogrammed to mine bitcoin
It takes the Apollo Guidance Computer 10 seconds to compute a single hash value.

22:51 Zoom for Mac made it too easy for hackers to access webcams. Here's what to do [Updated]
Read this before clicking on that Web link in your bathrobe.

22:51 Bloodhound LSR, the 1,000mph car, starts high-speed tests in October
The part jet, part rocket car will finally get to stretch its legs on a dry lake.
Hide

Show 09 Tue 21:55 Slashdot [2]

21:55 AT&T Will Automatically Block Fraud Calls For New Customers
AT&T will start automatically blocking fraud calls and issuing suspected spam call alerts for new phone customers at no extra cost. "You'll have to opt out if you don't want the company to screen calls this way," reports Engadget. "Existing customers, meanwhile, will see the feature automatically reach their accounts in the 'coming months.'" From the report: If you like the capabilities, you can turn it on right now either by downloading the AT&T Call Protect app or enabling it through your myAT&T account settings. Although AT&T isn't charging extra, the FCC rules don't prevent it or others from using the auto-blocking as an opportunity to raise subscription rates. It may take a while to learn whether or not there are any pitfalls to what otherwise seems like a promising upgrade.

Read more of this story

21:55 Skype Snap App Remains Hopelessly Outdated
An anonymous reader shares a report: The official Skype Snap app for Linux has not been updated in nearly six months, and Microsoft is yet to say why. When introducing the cross-distro build in early 2018, the company said the Skype Snap app would give it the "... ability to push the latest features straight to our users, no matter which device or distribution they happen to use." Clearly, not. Because at the time of writing this post the Skype Snap app sits on version 8.34.0.78, which the Snapcraft store reports was 'last updated' in November 2018. However, the "regular" Linux version available to download from the Skype website is on version 8.47.0.73, released June 2019.

Read more of this story
Hide

Show 09 Tue 21:20 Engadget [5]

21:20 Facebook plans to double its minority employees in the next five years
Facebook is more diverse than it was six years ago, but the company admits it has a long way to go. Today, Facebook released its 2019 Diversity Report, and while it employs more women and minorities than it did a few years ago, it's still predominant...

21:20 Marvel is auctioning props from its Netflix shows
The Netflix era of Marvel TV shows has drawn to a close, but that doesn't mean you'll have to walk away from it empty-handed... in fact, you might just own a piece of the shows themselves. Marvel and Prop Store are auctioning off props and costumes f...

21:20 Instant Pot joins the air fryer craze with the Vortex Plus
Now that Instant Pot is virtually synonymous with pressure cooking for some people, the company behind it is turning to another kitchen trend: air fryers. The recently acquired Instant Brands has introduced the Instant Vortex Plus, a seven-in-one ai...

21:20 Zoom will remove server behind Mac webcam security hole
Zoom is acting quickly on the security flaw that let intruders hijack Mac users' webcams. The video conferencing firm is releasing a patch on July 9th (that's today, if you're reading in time) that removes access to the local web server behind the v...

21:20 Players have created over 2 million levels on �Super Mario Maker 2'
Super Mario Maker 2 players are having a busy summer. Nintendo announced today that players have uploaded 2 million courses on the level creator since its worldwide release on June 28th. The highly-anticipated Nintendo Switch sequel to Super Mario Ma...
Hide

Show 09 Tue 20:25 Slashdot [3]

20:25 Raspberry Pi Admits To Faulty USB-C Design On the Pi 4
An anonymous reader quotes a report from Ars Technica: The Raspberry Pi 4 was announced two weeks ago as a major new upgrade to the line of cheap single-board hobbyist computers. The Pi 4 featured a faster CPU, options for up to 4GB of RAM, and a new, modern USB-C port for power delivery. The Pi 4 was the Raspberry Pi Foundation's first ever USB-C device, and, well, they screwed it up. As detailed by Tyler Ward, the Raspberry Pi 4 has a non-compliant USB-C charging port and doesn't work with as many chargers as it should. Thanks to the open nature of Raspberry Pi (even the schematics are online!), Ward was able to discover that Raspberry Pi just didn't design its USB-C port correctly. Two "CC" pins on a USB-C port are supposed to each get their own 5.1K ohms resistor, but Raspberry Pi came up with its own circuit design that allows them to share a single resistor. This is not a compliant design and breaks compatibility with some of the more powerful USB-C chargers out there. Whether your USB-C charger works with the Pi 4 has to do with whether it uses an "e-marked" cable. E-marked cables are fully featured USB-C cables with chips inside that negotiate power management, accessory modes, data rates, and other communication specs. Since the Pi 4 USB-C port is wired incorrectly, these smart cables will detect the Pi 4 as an "Audio Adaptor Accessory" and refuse to charge them. Usually, e-marked cables are more expensive and come with larger, higher-powered items, like a USB-C laptop. After reports started popping up on the Internet, Raspberry Pi cofounder Eben Upton admitted to TechRepublic that "A smart charger with an e-marked cable will incorrectly identify the Raspberry Pi 4 as an audio adapter accessory and refuse to provide power." Upton went on to say, "I expect this will be fixed in a future board revision, but for now users will need to apply one of the suggested workarounds. It's surprising this didn't show up in our (quite extensive) field testing program."

Read more of this story

20:25 Mozilla Blocks UAE Bid To Become an Internet Security Guardian After Hacking Reports
Firefox browser maker Mozilla is blocking the United Arab Emirates' government from serving as one of its internet security gatekeepers, citing Reuters reports on a UAE cyber espionage program. From a report: Mozilla said in a statement on Tuesday it was rejecting the UAE's bid to become a globally recognized internet security watchdog, empowered to certify the safety of websites for Firefox users. Mozilla said it made the decision because cybersecurity firm DarkMatter would have administered the gatekeeper role and it had been linked by Reuters and other reports to a state-run hacking program. Reuters reported in January that Abu Dhabi-based DarkMatter provided staff for a secret hacking operation, codenamed Project Raven, on behalf of an Emirati intelligence agency. The unit was largely comprised of former U.S. intelligence officials who conducted offensive cyber operations for the UAE government. Former Raven operatives told Reuters that many DarkMatter executives were unaware of the secretive program, which operated from a converted Abu Dhabi mansion away from DarkMatter's headquarters.

Read more of this story

20:25 Firefox 68 Arrives With Darker Reader View, Recommended Extensions, and IT Customizations
Mozilla today launched Firefox 68 for Windows, Mac, Linux, Android, and iOS. Firefox 68 includes a darker reader view, recommended extensions, IT Pro customizations, and more. From a report: As part of this release, Mozilla has curated a list of recommended extensions "that have been thoroughly reviewed for security, usability, and usefulness." You can find the list on the Get Add-ons page in the Firefox Add-ons Manager (about:addons). While Firefox has had dark mode for months, the Reader View's dark contrast only covered the text area. Now, when you change the contrast to dark, all sections of the site (including sidebars and toolbars) will be immersed in dark mode. With Firefox 60, Mozilla introduced an enterprise version of the browser that employers can customize. This let IT professionals configure Firefox for their organization, either using Group Policy on Windows or a JSON file that works across Windows, Mac, and Linux. With Firefox 68, Mozilla has added more enterprise policies -- to configure or remove the new tab page, turn off search suggestions, and so on.

Read more of this story
Hide

Show 09 Tue 19:04 HackerNews [13]

Show 09 Tue 18:55 Slashdot [3]

18:55 LinkedIn and the Art of Boastful Self-Promotion
Harry Barnes runs a Twitter account called The State of LinkedIn with more than 100,000 followers. On it, he tweets a curated selection of the most egotistical, self-unaware, jargon-ridden posts from LinkedIn members [Editor's note: the link may be paywalled]. From a report: Recent gems range from the boastful "You call it luck, I call it 80 hours a week", to the baffling "How easy is it to hire me? I interviewed myself", as well as the awful-wonderful morning routine which begins "I wake up. Instantly. From the fogginess of dreams, to the readiness of full consciousness..." Humble brags, including Mr Barnes's favourite, in which a man is pictured playing pool while a supercar just happens to be parked in the background, also feature regularly. Mr Barnes, who has worked in social media but runs the account as a hobby, says the idea is to poke fun at the ridiculous world of workplace self-promotion, rather than individuals. "All the content is sent to me," he says. "I don't trawl LinkedIn looking for it." Mr Barnes is not the only one enjoying the lighter side of LinkedIn. There is also the @CrapOnLinkedIn Twitter feed and parody LinkedIn accounts, such as the "demotivational speaker" Mike Winnet. Unlike other social networks, however, humour is not the norm for LinkedIn, which has always been a more grown-up, professional place. For better or for worse, that may be changing.

Read more of this story

18:55 WarnerMedia Announces HBO Max, Its Netflix Rival That Will Launch Next Year
There's HBO Go, HBO Now, and soon, there will be HBO Max. For WarnerMedia and parent company AT&T, the latter is most important, as it will become the subscription video service that they position against Netflix, Hulu, the upcoming Disney+, Apple's upcoming TV+, and a range of other paid video offerings. From a report: "Anchored with and inspired by the legacy of HBO's excellence and award-winning storytelling, the new service will be 'Maximized' with an extensive collection of exclusive original programming (Max Originals) and the best-of-the-best from WarnerMedia's enormous portfolio of beloved brands and libraries," the company wrote in a press release today. (The emphasis there is from WarnerMedia, of course.) So you'll get all the stuff you'd expect from having HBO -- TV series, on-demand movies, watching some primetime HBO shows live -- plus a huge serving of content from basically every other WarnerMedia property. More relevant to you is that WarnerMedia also confirmed that HBO Max will have exclusive streaming rights to every episode of Friends when it launches in spring 2020; that'll be after the hugely popular sitcom departs Netflix. Friends is set to leave in 2019, so there might be a gap where the show disappears from streaming altogether until HBO Max's debut.

Read more of this story

18:55 Ross Perot, Founder and Former CEO of Electronic Data Systems and Perot Systems, Dies At 89
Ross Perot, a self-made billionaire, independent presidential candidate, and philanthropist, has died at the age of 89 after a five-month battle with leukemia. Perot rose to fame after founding his first company, Electronic Data Systems, in 1962 with just $1,000 in savings. More than two decades later, he launched information technology services provider Perot Systems, which was acquired in 2009 by Dell for $3.9 billion. CNBC reports on his political accomplishments: As a disruptive third-party candidate for president, Perot ran on a platform of fiscal responsibility and protectionism. He won nearly 19% of the vote in the 1992 race -- by far the biggest slice of the electorate for a third-party candidate since Theodore Roosevelt's Bull Moose Party in the 1912 election. Perot stood out from the political crowd for his quirks as much as his business credentials and lack of experience in establishment politics. "I don't have any experience in running up a $4 trillion debt. I don't have any experience in gridlock government, where nobody takes responsibility for anything and everybody blames everybody else," he said in a 1992 presidential debate. The shifting of U.S. jobs to Mexico created a "giant sucking sound," he famously said during the campaign. Perot was also a bit of a pack rat, collecting everything from whimsical toys to priceless artifacts. Perot owned the only Magna Carta ever allowed to leave Great Britain, which he loaned to the National Archives in Washington, D.C., and in 2007, sold it for $20 million.

Read more of this story
Hide

Show 09 Tue 18:34 lwn.net-comments [43]

18:34 Debian and code names

It's still annoying.

If the code name is meant to be the main version identifier, it should be used everywhere, instead of a strange mix of code names here and version numbers there.

It doesn't help that there is no obvious way to find the correspondence between code names and version numbers. Maybe there's a list on debian.org, but I can't find it. I can find a list on Wikipedia, but shouldn't a project's own website be the primary source of information for such things?

Also, /etc/os-release is a relatively recent addition. For most of Debian's history, /etc/issue is all we had (or lsb_release -d, but that's not in the standard installation).

18:34 Ryabitsev: Patches carved into developer sigchains

It's also unnecessarily verbose and more expensive to generate and parse than msgpack, which is also self-describing.

Canonical JSON is anything but "easy to debug" when you're in the realm of nontrivial messages. You don't count curly parentheses to see which level an element is at, you pretty-print the thing, at which point you already parsed it and the original encoding no longer matters.

Also, you can store/transmit raw bytes, or in fact another message, in a msgpack binary string without having to mangle it in any way. With JSON your best bet is to base64-encode the thing. Poof, there goes your debuggability.

Also, if one usecase is to exchange updates over Bluetooth or similar protocols, you want to keep the overhead small.

18:34 Google's Fuchsia OS Developer Site Debuts (Forbes)

I bet the PostmarketOS crowd disagrees...

18:34 Google's Fuchsia OS Developer Site Debuts (Forbes)

The PostmarketOS people would probably be even happier if they had a kernel that actually gets updates.

18:34 Ryabitsev: Patches carved into developer sigchains

I also wonder how typical bug tracker features would be handled, things like one bug blocking another, bug assignment, sub-tasks, priorities - text tags, like "Signed-off-by" in Git?

18:34 Ryabitsev: Patches carved into developer sigchains

One thing that makes JSON easy to debug is its redundancy. There are many different JSON strings encoding the same content (so it can be pretty-printed and doesn't care about dictionary order). That means that taking the cryptographic hash of a JSON message is going to be painful. You either depend on the quirks of a particular encoder implementation (which seems to be what happened here), or you define a canonical form and make sure all JSON is in that form before you hash it.

18:34 Google's Fuchsia OS Developer Site Debuts (Forbes)

> Linux's libusb (for USB devices) and UIO (for everything else) have been around at least as long as Vista. I don't know how popular UIO turned out to be...

UIO is very popular in the embedded industry, where manufacturers just want to write a quick driver against a stable user-space ABI, without getting bothered much about kernel programming.

This is typically requested by HW engineers turned lousy SW engineers, who ask for giving them direct access to the device registers and interrupts without wanting to be bothered by anything else, or for quick embedded industry prototypes (and you know the industry's habit of moving prototypes code *as-is* into production).

I'm not aware of UIO being used *heavily* in other context like servers and desktops. The only exception I'm personally aware of is Google's Edge TPU work (drivers/staging/gasket), which should migrate to UIO if it's to be really merged mainline. Assuming that "Edge" TPU will extend one day from IoT to full-fledged laptops and such.

18:34 Ryabitsev: Patches carved into developer sigchains

I know there are more efficient formats than json, but in case of SSB it's not used to represent complex structures -- most of the records are simple key-value pairs that are one or two levels deep. Parsing them is not expensive and, in my mind, it makes more sense to retain compatibility with SSB in general than to hard-fork it for the purposes of optimization.

18:34 Ryabitsev: Patches carved into developer sigchains

Smaller than you'd think. For example, 20 years of vger.kernel.org archives is currently around 20GB. Clients lazy-load the chains as they cross-index the conversations, so someone replicating the entire archive would be able to participate without needing to wait for the entire thing to replicate.

18:34 Debian 10 ("Buster") has been released

USB(3) Ethernet dongles can be had for less than $20. Decent ones might run you $30.

18:34 Ryabitsev: Patches carved into developer sigchains

SSB records are structured data, so adding a specific record type ("type": "issue-report") is easy. The harder part is to agree what the standard for that should be, but looking at projects like git-bug and git-appraise should help figure out what kind of records should go into an issue-report.

18:34 Ryabitsev: Patches carved into developer sigchains

Would cross-referencing bugs from other bugs work too?

18:34 Miller: Red Hat, IBM, and Fedora
Would that be inline with Google's past company byline of do no evil?

18:34 Ryabitsev: Patches carved into developer sigchains

Re-tooling Linus is going to be the problem, not re-tooling patch handling. Email has served him well for handling patches.

18:34 Ryabitsev: Patches carved into developer sigchains

Yes, you can reference the message-id of the bug you want to link to. See: https://ssbc.github.io/docs/ssb/linking.html

18:34 Ryabitsev: Patches carved into developer sigchains

If other large communities which build infrastructure that a lot of people rely on such as Kubernetes are on Github why can't the Linux kernel be?

18:34 Ryabitsev: Patches carved into developer sigchains

It's not the number of people that matter, but the workflow. Github just doesn't support the workflow that kernel developers are comfortable with and use day-to-day.

18:34 Miller: Red Hat, IBM, and Fedora

IBM never had that byline. In fact, IBM has at one point specifically asked for permission to do evil.
https://en.wikipedia.org/wiki/JSLint#License

18:34 Ryabitsev: Patches carved into developer sigchains

Because somebody - can't remember who - took over responsibility for archiving news and this became pretty much a "single point of failure". Then Google took that over and turned it into Google Groups.

Combine that with the volume of spam, and I remember Demon (who had one of the biggest news feeds) had major problems scaling to cope with it. It just grew too big and imploded :-(

Cheers,
Wol

18:34 Miller: Red Hat, IBM, and Fedora

How many of these recent acquisitions are independent or even operating?

https://en.wikipedia.org/wiki/List_of_mergers_and_acquisi...

How many LWN readers remember Lotus? Tivoli? The history doesn't look good.

18:34 Miller: Red Hat, IBM, and Fedora

> IBM never had that byline. In fact, IBM has at one point specifically asked for permission to do evil.

To be fair, a license trying to prohibit evil without a very clear boundary is a terrible idea. It is reasonable legal advice to want that permission so you are not caught in that issue

18:34 Miller: Red Hat, IBM, and Fedora

That's a really ridiculous reading of the issue, full of hyperbole. No company can agree to any license with something so poorly defined as �don't be evil� as a legally binding clause.

18:34 Ryabitsev: Patches carved into developer sigchains

If the idea is to remove issue of email workflow in the long term, then kernel devs needs to change their workflow one way or another. Github is battle-tested with large scale projects already and has a lower entrance barrier as well for new developers (yes, new people and workflow matters, it's both and not just the latter). Why reinvent the wheel? ;)

18:34 Miller: Red Hat, IBM, and Fedora

The JSLint license is self-contradictory. On the one hand, it says "Permission is hereby granted [...] to deal in the Software without restriction, including without limitation the rights to use..."

And then it adds a restriction: "The Software shall be used for Good, not Evil." below the line that refers to "The above copyright notice". I don't see how the good/evil line can be seen as anything other than an irrelevant comment (but I can understand how people might be leery of it out of an abundance of caution.)

18:34 Ryabitsev: Patches carved into developer sigchains

Fossil (https://fossil-scm.org/) is a decentralized, self-archiving, fully attestable, 'cradle-to-grave' development platform that covers all aspects of project development. It was written to support SQLite development and has been in use on that project (and many others) for over a decade. The self-contained stand-alone Fossil executable is a GitHub-in-a-box that installs using a 2-line CGI script (as well as other options) and supports all aspects of project management. Fossil is well supported and has an active and enthusiastic user community.

Probably Konstantin wants something Git-based. Fine. But he (and others) might at least give Fossil a look in order to steal ideas that have been refined and tested on that system over the past 10 years.

18:34 Ryabitsev: Patches carved into developer sigchains

Fossil is not decentralized in the same sense that Git is not decentralized. You can clone it and fork it, but you require a canonical location of the repository for everyone to effectively collaborate (e.g. same as Linus has a canonical repository -- if it goes away, he or his replacement must designate what the new canonical repository is, and everyone must agree with that decision). At best, Fossil allows you to have read-only mirrors that you can promote in case the main server becomes unavailable, but no true decentralization -- Bob and Alice can't use a replica in Australia, while Charlie and Della are using a replica in Canada.

So, yes, Fossil is self-archiving, but you still have a single point of trust and authority with no built-in attestation. It still wants to set up cathedrals in the world that's excedingly good at targeting and taking out (or taking over) cathedrals.

18:34 Ryabitsev: Patches carved into developer sigchains

> If other large communities which build infrastructure that a lot of people rely on such as Kubernetes are on Github why can't the Linux kernel be?

Ugh, please no centralized infrastructure; be it GitHub, GitLab, or whatever.

18:34 Miller: Red Hat, IBM, and Fedora

How many of those cost 34 billion dollars, and how many of those came with hardly any IP?

18:34 Ryabitsev: Patches carved into developer sigchains

That was DejaNews!

18:34 Ryabitsev: Patches carved into developer sigchains

Fossil is not decentralized in the same sense that Git is not decentralized. You can clone it and fork it, but you require a canonical location of the repository for everyone to effectively collaborate...

False. Fossil will work completely decentralized, with no canonical server. Individual developers can push and pull content (code, wiki, tickets, forum posts, etc.) among themselves on an ad hoc basis. In the limit, everybody will end up with the same content.

Having a canonical server certainly makes collaboration a great deal simpler, since you don't have to rendezvous with some other community member to share your work, and since the canonical server will usually have most, if not all, of the latest changes so you don't have to pester other developers for rendezvous opportunities in order to pick up the latest changes. Having a server is very convenient. But it is not required.

The objective of Fossil is not to eliminate the central server or the benevolent dictator, but rather to reduce the number of external dependencies on the project so that:

it can be more easily cloned and forked should the dictator abdicate or go rogue,
the project can easily move to a new host as technologies evolve and as hosting companies go in and out of business, and
so that the project is less easily censored or deplatformed by a hosting provider or government that does not approve of its direction.

18:34 Ryabitsev: Patches carved into developer sigchains

Github is a proprietary service, with an issue workflow that won't really scale to the level of Linux kernel.

18:34 Ryabitsev: Patches carved into developer sigchains

> Canonical JSON is anything but "easy to debug" when you're in the realm of nontrivial messages. You don't count curly parentheses to see which level an element is at, you pretty-print the thing, at which point you already parsed it and the original encoding no longer matters.
The thing is, I can output the raw json or even read it from inside a debugger. Then I can trivially pretty-print it. If it's a web service, I can usually log it using various debug options.

With a binary format there's no such easy way to do it.

18:34 Miller: Red Hat, IBM, and Fedora

Are you trying to say that RH has hardly any IP? ;)

But, seriously, a $34b price tag gives Red Hat more inertia than the others, but it's on the same trajectory as the others now. I just don't see the model changing fundamentally from all the others.

18:34 Miller: Red Hat, IBM, and Fedora

What is Red Hat's IP? There's some tests, the knowledge base, the Insights rules, and that's pretty much it. Certainly not worth 34 billions.

18:34 Ryabitsev: Patches carved into developer sigchains

I admit that I haven't looked at fossil in very deep detail, mostly because it necessarily requires migration away from git -- which is a non-starter for the kernel community. Therefore, I may be mistaken about some important aspects of how it works.

I see that servers may set up sync relationships between each-other, but this must be done on the basis of trust external to the platform itself -- if I run a fossil replica, you won't be aware of my work unless I ask you to set up a sync with me. There are significant downsides to this scheme as opposed to the ad-hoc replication framework of SSB, mainly because the fabric is not self-healing -- if a malicious actor targets all known replicas, they can effectively shut down all collaboration on the project unless members of the community use some third-party channel to coordinate new replicas. With SSB, even if major replication pubs are targeted, peer-to-peer replication still works and organizing new pubs doesn't require using an external communication and coordination platform.

If Fossil is working for some people, then that's great, but it's not an acceptable solution for the Linux Kernel due to needing to force everyone to switch away from git.

18:34 Miller: Red Hat, IBM, and Fedora

Or because you need to use software under an Open Source license, which JSLint's license isn't.

18:34 Ryabitsev: Patches carved into developer sigchains

Fossil is ... not an acceptable solution for the Linux Kernel due to needing to force everyone to switch away from git.

This fact is understood and anticipated. I wasn't advocating that you switch, only that you perhaps look over our experience of the past 11 years, perhaps steal some ideas and/or some code, and maybe learn from our mistakes.

For all the years that we've been doing Fossil, folks have been throwing shade on us and saying things like "Why don't you use Git like everybody else because Git is Awesome!". I have several answers to that question, one of which is the argument that you (I'm assuming that mricon==Konstantin, correct me if I'm wrong) very eloquently made in your recent blog post, the part about "it's time for us to come up with a solution that would offer decentralized, self-archiving, fully attestable, 'cradle-to-grave' development platform that covers all aspects of project development and not just the code". That's one of the big reasons that SQLite has been using Fossil instead of Git all along. And all that time, I've struggled mightily to get people to understand it, seemingly without making any headway. So when somebody at kernel.org says essentially what I've been trying to say for a decade, I'm like "Wow!" And then I think maybe my years of experience in this area can help guide your design.

But perhaps this comment thread is straying too far off topic? Maybe follow-up on the Fossil Forum Thread or direct email to drh at sqlite.org, if you choose.

18:34 Miller: Red Hat, IBM, and Fedora

Relevant reminder: https://ourincrediblejourney.tumblr.com/

18:34 Miller: Red Hat, IBM, and Fedora

"That's pretty much it""

https://www.google.com/search?tbm=pts&tbm=pts&q=i...

18:34 Miller: Red Hat, IBM, and Fedora

Agree with the notion that RH has more inertia than the others based on size. Agree, as well, that there is a lot of history to overcome

18:34 Miller: Red Hat, IBM, and Fedora

All of which are covered by the Red Hat patent promise.

18:34 Miller: Red Hat, IBM, and Fedora

Which only works against those willing to never assert their patents against Redhat. It isn't as though Redhat's patent promise is Oprah saying, "REACH UNDER YOUR SEAT AND YOU GET A PATENT!"

18:34 Ryabitsev: Patches carved into developer sigchains

This sounds like a NIH syndrome to me. Why wasting time to reinvent what works already for majority? If email is not an option, what other suggestion do you have? Right now the kernel bugzilla is a catastrophe as well that no one actually checks and issue workflow via email does not really scale well either. What would be the alternative with a low entrance barrier for majority of developers?

Hide

Show 09 Tue 18:20 Engadget [9]

18:20 Raspberry Pi 4 doesn't work with some USB-C chargers
The Raspberry Pi 4 promises to be a boon for homebrew gadget makers, but it has flaw that could pose headaches for some users. Tyler Ward and others have discovered that the Pi 4 isn't using a properly designed USB-C port. Instead of giving two pins...

18:20 V-Moda's M-100 Crossfade headphones get a professional upgrade
V-Moda's heavy duty Crossfade M-100 headphones -- known for their 3D-printed personalization -- have been given an upgrade. The Crossfade M-100 Master has been engineered in conjunction with Roland in what V-Moda calls a "creators first" approach, ma...

18:20 Lyft expands wheelchair accessible rides in LA and SF
Lyft is testing a special line of cars just for riders who use wheelchairs. The ridesharing company announced today that it was piloting a new WAV (wheelchair accessible vehicle) service in Los Angeles and San Francisco Counties. All drivers will be...

18:20 HBO Max will be the exclusive streaming home of 'Friends'
AT&T's WarnerMedia finally has a name for its streaming service -- and some unfortunate news for people hoping it would share some classic shows. The new platform will be named HBO Max, and will unsurprisingly use HBO's material as its base on t...

18:20 Facebook is working on 'entirely new' apps and 'experiences'
Today, Facebook announced a New Product Experimentation (NPE) Team that will be responsible for developing new apps. The goal is to give people "entirely new experiences for building community" and to do so outside of Facebook's existing platforms. A...

18:20 AT&T will automatically block fraud calls for new customers
AT&T is making quick use of FCC rules explicitly allowing carriers to block robocalls by default. The network will start automatically blocking fraud calls (and issuing suspected spam call alerts) for new phone customers as a matter course, at n...

18:20 Moment made an anamorphic lens for drones
One year ago, Moment released an anamorphic lens for smartphones. Now, the company is bringing a rectangular lens to drones. The new Moment Air lineup includes an anamorphic lens for the DJI Mavic 2 Pro and Mavic 2 Zoom, plus new filters and a smartp...

18:20 Amazon, Apple, Facebook and Google to testify in Congress on competition
The House committee investigating antitrust in tech is about to call some big names to the microphone. Aides for antitrust panel chairman Rep. David Cicilline have confirmed that the committee is holding a hearing on July 16th where it will question...

18:20 Zero's SR/F electric motorcycle makes a great commuter bike
Zero has been on a roll for the past few years. Great electric motorcycles keep coming off their assembly line and the number I see on the streets of Northern California keeps growing. Before, if you rode an electrified motorcycle you got stare...
Hide

Show 09 Tue 18:00 ArsTechnica [9]

18:00 Cuphead the game is becoming Cuphead the animated Netflix series
Netflix adds one more video game franchise to its bustling portfolio.

18:00 The electric Mini is going into production; deliveries start early 2020
The addition of batteries doesn't compromise space, but range will be limited.

18:00 Raspberry Pi admits to faulty USB-C design on the Pi 4
"I expect this will be fixed in a future board revision," says co-creator.

18:00 Google speaks to fuzzy game-ownership question in new Stadia FAQ
Tucked into the fine print: A path to "Stadia Base" access before its formal launch.

18:00 Trump's Twitter blocks violate First Amendment rights, appeals court affirms
The best response to criticism is "more speech, not less," court rules.

18:00 Report: Russian intel started the Seth Rich rumor to cover for DNC hack
Yahoo News' Michael Isikoff claims SVR was the source of story in "ConspiracyLand" podcast.

18:00 T-Mobile says it can't be sued by users because of forced-arbitration clause
T-Mobile fights suit that says it broke law by selling users' phone-location data.

18:00 Dealmaster: Get a 256GB Samsung microSD card for $37
Plus a 128GB iPad for $330, lots of video game deals, and more.

18:00 �Close to 10%� of Autopilot software team reportedly quits after shakeup
In 2015, Musk declared self-driving "a much easier problem than people think."
Hide

Show 09 Tue 17:25 Slashdot [4]

17:25 IBM Closes Its $34 Billion Acquisition of Red Hat
IBM closed its $34 billion acquisition of Red Hat, the companies announced Tuesday. From a report: The deal was originally announced in October, when the companies said IBM would buy all shares in Red Hat for $190 each in cash. The acquisition of Red Hat, an open-source, enterprise software maker, marks the close of IBM's largest deal ever. It's one of the biggest in U.S. tech history. Excluding the AOL-Time Warner merger, it follows the $67 billion deal between Dell and EMC in 2016 and JDS Uniphase's $41 billion acquisition of optical-component supplier SDL in 2000. Under the deal, Red Hat will now be a unit of IBM's hybrid cloud division, according to the original announcement. The companies said Red Hat's CEO, Jim Whitehurst, would join IBM's senior management team and report to CEO Ginni Rometty. IBM previously said it hoped its acquisition of Red Hat will help it do more work in the cloud, one of its four key growth drivers, which are also social, mobile and analytics. The company lags behind Amazon and Microsoft in the cloud infrastructure business. IBM has seen three consecutive quarters of declining year-over-year revenue. But some analysts are hopeful about the Red Hat deal's opportunity to bring in new business.

Read more of this story

17:25 Trump Can't Block Critics From His Twitter Account, Appeals Court Rules
President Trump has been violating the Constitution by blocking people from following his Twitter account because they criticized or mocked him, a federal appeals court ruled on Tuesday. The ruling could have broader implications for how the First Amendment applies to the social-media era. From a report: Because Mr. Trump uses Twitter to conduct government business, he cannot exclude some Americans from reading his posts -- and engaging in conversations in the replies to them -- because he does not like their views, a three-judge panel on the United States Court of Appeals for the Second Circuit ruled unanimously. Writing for the panel, Judge Barrington D. Parker noted that the conduct of the government and its officials are subject today to a "wide-open, robust debate" that "generates a level of passion and intensity the likes of which have rarely been seen." The First Amendment prohibits an official who uses a social media account for government purposes from excluding people from an "otherwise open online dialogue" because they say things the official disagrees with, he wrote.

Read more of this story

17:25 Logitech Wireless USB Dongles Vulnerable To New Hijacking Flaws
A security researcher has publicly disclosed new vulnerabilities in the USB dongles (receivers) used by Logitech wireless keyboards, mice, and presentation clickers. New submitter raikoseagle shares a report: The vulnerabilities allow attackers to sniff on keyboard traffic, but also inject keystrokes (even into dongles not connected to a wireless keyboard) and take over the computer to which a dongle has been connected. When encryption is used to protect the connection between the dongle and its paired device, the vulnerabilities also allow attackers to recover the encryption key. Furthermore, if the USB dongle uses a "key blacklist" to prevent the paired device from injecting keystrokes, the vulnerabilities allow the bypassing of this security protection system. Marcus Mengs, the researcher who discovered these vulnerabilities, said he notified Logitech about his findings, and the vendor plans to patch some of the reported issues, but not all.

Read more of this story

17:25 Apple Lowers Prices on the MacBook Air and MacBook Pro and Adds New Features
Apple today announced updates to the MacBook Air and 13-inch MacBook Pro. The MacBook Air price is being lowered to $1,099, but it will be offered to college students for $999. From a report: It will be sold in the same configurations as before, starting with 128GB of storage, but Apple updated the screen with new TrueTone technology. That means it sets the colors on the screen to match the lighting of the room for a more comfortable viewing experience. It also includes the updated keyboard design that Apple first launched in updated MacBook Pros back in May. It should help to prevent some of the sticky key problems experienced in Apple's MacBooks. But this is not the full keyboard refresh that's rumored to ship with an entirely new keyboard configuration. The new 13-inch Retina MacBook Pro starts at $1,299 (or $1,199 for college students.) and includes a quad-core processor in the entry-level model for the first time and improved graphics performance. Like the refresh in May, the entry-level models now also come with new keyboard materials to help prevent sticking keys.

Read more of this story
Hide

Show 09 Tue 16:31 DailyWTF [1]

16:31 Process by Management

Alice's team was thirty developers, taking up most of the floor of a nondescript office building in yet another office park. Their team was a contractor-to-a-contractor for a branch of the US military, which meant a variety of things. First, bringing a thumb drive into the office was a firing offense. Second, they were used to a certain level of bureaucracy. You couldn't change a line of code unless you had four different documents confirming the change was necessary and was authorized, and actually deploying a change was a milestone event with code freezes and expected extra hours.

Despite all this, the thirty person team had built a great working relationship. They had made their process as efficient as they could, and their PM, Doug, understood the work well enough to keep things streamlined. In fact, Doug did such a good job that Doug got promoted. Enter Millie, his replacement.

Millie had done a stint in the Air Force and then went back to school for her MBA. She had bounced around a few different companies, and had managed to turn every job change into a small promotion. This was Millie's first time overseeing a pool of software developers, but she had an MBA. Management was management, and there was no reason she had to understand what developers did, so long as she understood the key performance indicators (KPI).

Like the quantity of defects. That was a great KPI, because it was measurable, had a clear negative impact, and it could be mitigated. Mitigated with a process.

After a few weeks of getting her bearings, Millie called a meeting. "Alright, everyone, I've been observing a little bit of how we work, and I think there may be some communication and organization issues, so I wanted to address that. I've looked at our current workflow, and I've made a few small changes that I wanted to review."

On one side of the white board, she drew a bubble labeled "In Production". "This is where we want our code to be, right? Working, quality-controlled code, in production, with no defects." On the opposite side of the board, she added a bubble for "PCCB Ticket." "And any code change starts with one of these- the Product Change Control Board reviews an open ticket. They'll then turn that ticket into a Functional Requirement Document." Millie added another bubble for that.

Alice had some questions already, but not quite about the inputs or outputs.

"Great, okay, so... we need to iterate on the FRD, and once the PCCB signs off we'll convert that to a System Requirement Document. Either a PM or a SME will decompose the SRD into one or more Work Packages."

Millie continued scribbling furiously as she explained exactly what a work package was, as this wasn't currently a term in use at their organization. Her explanation wasn't terribly clear, as Millie explained it as the set of steps required to implement a single feature, but a Functional Requirement was a feature, so how was the Work Package (WP) any different than the FRD?

"Please, hold your questions until the end, we have a lot to get through."

Finally, once the Work Package was analyzed, you could create a "Ticket Lifecycle Document", a new document which would hold all information about all of the efforts put towards the PCCB ticket. Which meante the TLD contained all the WPs, which raised questions about the point of adding work packages. From the TLD to a new PCCB ticket- a "Ready" ticket, then finally those requirements could go onto a Release backlog and a release management plan could be created.

"Finally," Milile explained, "we're ready to write code." In the center of the board, she added a single bubble: "Code".

And on and on the meeting went. The diagram grew. Lines kept getting added. Bubbles got inserted between existing bubbles. Arrows pointed to labels, or to bubbles, or maybe to arrows? By the end of Millie's meeting, it looked something like this.

"There, that lays out the correct pattern for getting our software to production, with a feedback loop that prevents defects. Any questions?"

There weren't any questions at the meeting, no. But boy, were there questions. Loads of questions. Questions like, "What font should I use on my resume?" and "is it time to stop listing my VBA experience on my resume?"

Over the next few months, under Millie's leadership, 17 developers from the 30 person team left the company, Alice among them. Every once in awhile, Alice checks the job listings for that company, to see if those developer positions have been filled. They're still hiring for software developers. Unfortunately, Alice hasn't seen any openings for a PM, so Millie is probably still there.

[Advertisement] Continuously monitor your servers for configuration changes, and report when there's configuration drift. Get started with Otter today!

Hide

Show 09 Tue 15:20 Engadget [11]

15:20 Netflix is working on a 'Cuphead' animated series
Cuphead and Mugman are making their way to Netflix. The protagonists of the devilishly difficult Cuphead will star in The Cuphead Show, an upcoming original animated series on the streaming platform. The game's distinctive, beautiful art style should...

15:20 The first all-electric Mini arrives in March 2020
It took years to become more than a concept, but the first all-electric Mini is official. The Mini Electric (also known as the Mini Cooper SE) is now slated to start deliveries in March 2020, and will hew closer to the conventional two-door Mini in d...

15:20 'Dr. Mario World' hits iOS a day early
The doctor is in, at least on iOS, as Nintendo's latest mobile game, Dr. Mario World, has arrived a day early on iPhone, iPad and iPad touch. Several Engadget editors were able to play Nintendo's match-three puzzler before the expected launch date of...

15:20 'Fortnite's' latest weapon lets you summon air strikes with a grenade
Epic Games has added Air Strikes to the Fortnite arsenal. With the weapon, you can launch a canister of colored smoke into an area and summon a hail storm of fire from above. You'll find the canisters in floor loot, chests, supply drops, vending mach...

15:20 Marriott faces $123 million UK fine over data breach
Marriott might soon face a stiff penalty for the massive November 2018 data breach. The UK's Information Commissioner's Office plans to fine the hotel chain £99,200,396 (about $123.7 million) for allegedly violating the EU's General Data Prote...

15:20 Netflix's new trailer for its �Saint Seiya' remake is making fans unhappy
Netflix is ramping up its anime push, dropping a trailer for its remake of classic anime Saint Seiya which will begin streaming in a few weeks.

15:20 Watch super slow-mo video from a camera with human-like vision
Conventional video cameras that capture scenes frame by frame have little in common with our eyes, which see the world continuously. A new type of device called an "event camera" works in much the same way, capturing movement as a constant stream of...

15:20 Federal appeals court rules Trump can't ban critics on Twitter
President Trump's desire to block critics on Twitter just hit another snag. A federal appeals court in New York has ruled that Trump is violating the First Amendment by blocking people he disagrees with on the social network. Public officials using...

15:20 The UK's high-energy lasers could zap drones and missiles out of the sky
The UK wants to take down enemy drones and missiles with high-energy light beams. The Ministry of Defense (MOD) announced that it's developing laser and radio frequency weapons. Referred to collectively as Direct Energy Weapons (DEW), they're powered...

15:20 Twitter revises rules on hate speech targeting religions
Twitter has technically banned hate speech based on religion before, but it should now be easier for the company to clamp down on that behavior. The social site has updated its rules to require the deletion of any tweet that "dehumanizes" others bas...

15:20 Domino's tests cashless stores and deliveries
Domino's is testing cashless stores, with customers only being able to use their card, contactless payments (like ApplePay or Android Pay), PayPal and Instagift cards to buy their pizzas both in store and when they have orders delivered. The trial is...
Hide

Show 09 Tue 15:04 HackerNews [13]

Show 09 Tue 14:30 AndroidAuthority [10]

14:30 Google updates Stadia FAQ to address local multiplayer, VR support
Google has updated its Stadia FAQ page, covering everything from the Stadia Controller to the possibility of VR support.

14:30 Samsung Galaxy M40 vs Xiaomi Redmi Note 7 Pro: Samsung fights back
Will Samsung manage to displace the latest Xiaomi Redmi Note? Here's the Samsung Galaxy M40 vs the Xiaomi Redmi Note 7 Pro!

14:30 Skip the Redmi K20 Pro flash sale queue by reserving yours early
Xiaomi says you can get a Redmi K20 series phone early in India thanks to its so-called Alpha Sale. But it's not really a sale.

14:30 Best smartphones in India under 40,000 rupees (July 2019)
If you're looking for an affordable flagship, there are great options available. These are best phones under 40,000 rupees in India!

14:30 OnePlus 7 Pro review: Bigger and brighter, but is it better?
The OnePlus 7 Pro packs a huge, immersive 90Hz display and a new triple-camera system, but trades battery life to make it happen.

14:30 Qualcomm 215 Mobile Platform announced: A much-needed upgrade for $100 phones
Qualcomm's new chipset brings 64-bit cores to its entry-level tier for the first time, but it enables plenty more features too.

14:30 12 things you need to know in tech today
It's probably not an overstatement to say the internet was saved, and has been ever since.

14:30 Deal: A great 4K TV and a cheap 1080p TV are steals on Amazon today
Why wait for Amazon Prime Day when there's a 40-inch 4K TV on sale for $130 and a 43-inch 4K TV on sale for $220 today?

14:30 OxygenOS: 6 features you need to know about
OnePlus' OxygenOS is one of the best Android skins out there. Check out some of the features that make it special.

14:30 The JBL Charge 4 is a great speaker, unless you already have a Charge 3
The JBL Charge 4 features many of the same features as the previous iteration, so is it worth the extra cash?
Hide

Show 09 Tue 14:25 lwn.net [4]

14:25 [$] Destaging ION
The Android system has shipped a couple of allocators for DMA buffers over the years; first came PMEM, then its replacement ION. The ION allocator has been in use since around 2012, but it remains stuck in the kernel's staging tree. The work to add ION to the mainline started in 2013; at that time, the allocator had multiple issues that made inclusion impossible. Recently, John Stultz posted a patch set introducing DMA-BUF heaps, an evolution of ION, that is designed to do exactly that - get the Android DMA-buffer allocator to the mainline Linux kernel.

14:25 Miller: Red Hat, IBM, and Fedora
Fedora project leader Matthew Miller reassures the community that IBM's acquisition of Red Hat, which just closed, will not affect Fedora. "In Fedora, our mission, governance, and objectives remain the same. Red Hat associates will continue to contribute to the upstream in the same ways they have been."

14:25 Security updates for Tuesday
Security updates have been issued by Arch Linux (irssi, python-django, and python2-django), Debian (libspring-security-2.0-java and zeromq3), Red Hat (python27-python), SUSE (ImageMagick, postgresql10, python-Pillow, and zeromq), and Ubuntu (apport, Docker, glib2.0, gvfs, whoopsie, and zeromq3).

14:25 Software in the Public Interest board elections
Software in the Public Interest (SPI) has announced that nominations are open until July 15 for 3 seats on the SPI board. "The ideal candidate will have an existing involvement in the Free and Open Source community, though this need not be with a project affiliated with SPI."
Hide

Show 09 Tue 14:25 Anandtech [2]

14:25 Samsung's 5nm EUV Technology Gets Closer: Tools by Cadence & Synopsys Certified

Samsung Foundry has certified full flow tools from Cadence and Synopsys for its 5LPE (5 nm low-power early) process technology that uses extreme ultraviolet lithography (EUV). Full flow design tools are required by chip developers to create efficient and predictable chip designs for advanced nodes quickly.

Samsung Foundry certified the Synopsys Fusion Design Platform as well as the Cadence Full-Flow Digital Solution full-flow design tools for its 5LPE technology using the Arm Cortex-A53 and Arm Cortex-A57 cores. The certification means that these sets of tools meet Samsung Foundry’s requirements and that by using them chip designers can attain optimal power, performance and area (PPA) benefits that 5LPE technology promises to offer.

Samsung’s 5LPE technology relies on FinFET transistors with a new standard cell architecture and uses both DUV and EUV step-and-scan systems. The new fabrication process enables chip designers to reuse 7LPP IP on ICs designed for 5LPE while enjoying all benefits the latter provides. When compared to 7LPP, the new technology has an up to 25% higher ‘logic efficiency’, it also enables chip developers to reduce power consumption of their designs by 20% or improve their performance by 10%.

The set of tools from Candence and Synopsys that is certified by Samsung includes compilers, validators, power circuit optimizers as well as EUV-specific tools.

Since Samsung’s 5LPE uses more EUV layers than the company’s 7LPP process, expect it to be used on Samsung’s upcoming EUV fab in Hwaseong. The production line is set to cost 6 trillion Korean Won ($4.615 billion), it is expected to be completed in 2019, and start high volume manufacturing in 2020.

Read more of this story
Hide

Show 09 Tue 14:21 The-Verge-Mobile [3]

14:21 Ajit Pai has a new proposal to go after international robocallers

On Monday, Federal Communications Commission chairman Ajit Pai proposed a new rule that would make malicious text message spoofing and overseas robocalls illegal, something that the agency has yet to fully address in its attempts to fight robocalls.

The measure formally implements rules approved by Congress last year that authorize the FCC to go after text message fraudsters and international robocallers. If approved, calls and texts that use spoofing to imitate a different phone number would be unlawful and would allow the FCC to bring enforcement actions against bad actors outside of the country who are looking to defraud or scam people in the US.

�Scammers often robocall us from overseas, and when they do, they typically spoof their...

14:21 Spotify's lighter Android app requiring only 10MB of storage is now available

Spotify is launching the lighter version of its Android app today � dubbed Spotify Lite � that's designed for people with smaller data plans and older devices. The 10MB app (the main Spotify app can require 100MB) ships with one major new feature: the ability to set a data limit and receive a notification when it's reached, which is a necessity for people who need to be mindful of their data usage.

Using Spotify Lite, listeners can also control their song cache and clear it with a tap, if storage is an issue. The app is available in 36 markets around Asia, Latin America, the Middle East, and Africa through Google Play and will work on any device running Android version 4.3 and higher. It offers the same experience as the usual Spotify...

14:21 Dr. Mario World releases a day early on iOS

Dr. Mario World is available now for iOS. Nintendo's latest smartphone game was originally slated to come out on July 10th, but Twitter user @Wario64 notes that the download has gone live a day early for Apple devices. As of time of publication, the game is not yet available for Android via the Google Play Store in either the UK or the US.

Whether you should pick up the game depends a lot on how faithful you want the experience to be to the original NES game. As we noted in our preview of the game, the new smartphone edition changes a lot about the experience, flipping the game board around and turning the gameplay from an endless experience akin to Tetris to a stage-by-stage puzzle game like Candy Crush.

The game also suffers from the...

Continue reading...
Hide

Show 09 Tue 14:21 The-Verge-Android [6]

14:21 Chrome OS will soon let you tether to an iPhone over USB

Chrome OS will soon be able to tether to an iPhone over USB, allowing Apple's phones to share a mobile data connection without the battery drain of doing it wirelessly. News of the feature was first reported by Chrome Unboxed, which spotted it in a commit to Chromium's source code. Along with consuming less battery power, the commit also notes that USB tethering should be more reliable than Wi-Fi.

Chrome OS has supported USB tethering to Android for a while now, and it also supports Instant Tethering where a Chromebook can automatically prompt and then connect you to a phone when it doesn't have a data connection. It's not quite as seamless as having LTE data access built directly into a device, but it's definitely better than having to...

14:21 Scam �Updates for Samsung' app pulled from the Google Play Store

Last week, a report from the CSIS Security Group pointed ZDNet (and the rest of us) to a very shady app on the Google Play Store called �Updates for Samsung.� It offered to provide system-level Android updates to phones � and, in fact, it did redistribute Samsung's software, though it was essentially a scam to get you to pay money for said updates.

Today, after we inquired, Google told The Verge that the app violated its policies and has been �suspended.� It is unclear what specific policy Google cited and when it became aware of the app. Last week, the developer of the app, Updato, claimed to BleepingComputer that it was pulling the app to �remove the firmware service portion and non Google payments,� though it defended the app as a...

14:21 How to get Google apps on an Amazon Fire tablet

The best thing about the Amazon Fire 7 tablet is its $49 price. The worst thing is that its Android-based Fire OS 6 software lacks most of what makes Android, well, Android. It (like Amazon's other Fire tablets) lacks any of the standard Google apps, like Google Maps, Google Photos, or Google Drive. What's worse is that the built-in Amazon Appstore is a stand-in for Google's Play Store, and most of the apps you know and love aren't available.

However, there is hope if you don't mind tinkering a bit. Amazon allows the installation of apps from outside sources on all of its Fire tablets, which means you can install the Google Play Store. Once you enable this feature, you'll be able to sideload Android packages (APKs) � in other words,...

14:21 Thousands of Android apps can track your phone � even if you deny permissions

When you explicitly tell an Android app, �No, you don't have permission to track my phone,� you probably expect that it won't have abilities that let it do that. But researchers say that thousands of apps have found ways to cheat Android's permissions system, phoning home your device's unique identifier and enough data to potentially reveal your location as well.

Even if you say �no� to one app when it asks for permission to see those personally identifying bits of data, it might not be enough: a second app with permissions you have approved can share those bits with the other one or leave them in shared storage where another app � potentially even a malicious one � can read it. The two apps might not seem related, but researchers say...

14:21 Google says Stadia games will remain playable even if publishers stop supporting the platform

Google has updated the FAQ page for its upcoming Stadia cloud gaming service and it includes one notable tidbit of new information. The company says that, in the rare event a game publisher pulls Stadia support for a title, Stadia will continue to make the game available to those who've purchased the license to stream it, per 9to5Google.

�Once you purchase the game, you own the right to play it. In the future, it is possible that some games may no longer be available for new purchases, but existing players will still be able to play the game,� the Stadia FAQ page reads. �Outside of unforeseen circumstances, Stadia will aim to keep any previously purchased title available for gameplay.�

It sounds like a rather specific scenario, but it's...

14:21 YouTube is back on the Fire TV, and Prime Video launches on Chromecast starting today

YouTube is officially back on Fire TV devices starting today, almost a year and a half after Google pulled the app as part of a lengthy fight with Amazon. Additionally, Amazon's Prime Video streaming is also launching today with support for Chromecast and more widespread Android TV devices, just as the two companies promised earlier this year.

According to Amazon, the YouTube app will be available on the following devices: the Fire TV Stick (2nd Gen), Fire TV Stick 4K, Fire TV Cube, and Fire TV Stick Basic Edition, along with Toshiba, Insignia, Element, and Westinghouse Fire TV Edition smart TVs.

Unlike the web browser workaround that Fire TV owners have had to use since Google pulled the original app, the official release is a...

Continue reading...
Hide

Show 09 Tue 14:21 Bruce-Schneier [2]

14:21 Cardiac Biometric

MIT Technology Review is reporting about an infrared laser device that can identify people by their unique cardiac signature at a distance:

A new device, developed for the Pentagon after US Special Forces requested it, can identify people without seeing their face: instead it detects their unique cardiac signature with an infrared laser. While it works at 200 meters (219 yards), longer distances could be possible with a better laser. "I don't want to say you could do it from space," says Steward Remaly, of the Pentagon's Combatting Terrorism Technical Support Office, "but longer ranges should be possible."
Contact infrared sensors are often used to automatically record a patient's pulse. They work by detecting the changes in reflection of infrared light caused by blood flow. By contrast, the new device, called Jetson, uses a technique known as laser vibrometry to detect the surface movement caused by the heartbeat. This works though typical clothing like a shirt and a jacket (though not thicker clothing such as a winter coat).
[...]
Remaly's team then developed algorithms capable of extracting a cardiac signature from the laser signals. He claims that Jetson can achieve over 95% accuracy under good conditions, and this might be further improved. In practice, it's likely that Jetson would be used alongside facial recognition or other identification methods.
Wenyao Xu of the State University of New York at Buffalo has also developed a remote cardiac sensor, although it works only up to 20 meters away and uses radar. He believes the cardiac approach is far more robust than facial recognition. "Compared with face, cardiac biometrics are more stable and can reach more than 98% accuracy," he says.

I have my usual questions about false positives vs false negatives, how stable the biometric is over time, and whether it works better or worse against particular sub-populations. But interesting nonetheless.

14:21 Cell Networks Hacked by (Probable) Nation-State Attackers

A sophisticated attacker has successfuly infiltrated cell providers to collect information on specific users:

The hackers have systematically broken in to more than 10 cell networks around the world to date over the past seven years to obtain massive amounts of call records -- including times and dates of calls, and their cell-based locations -- on at least 20 individuals.
[...]
Cybereason researchers said they first detected the attacks about a year ago. Before and since then, the hackers broke into one cell provider after the other to gain continued and persistent access to the networks. Their goal, the researchers believe, is to obtain and download rolling records on the target from the cell provider's database without having to deploy malware on each target's device.
[...]
The researchers found the hackers got into one of the cell networks by exploiting a vulnerability on an internet-connected web server to gain a foothold onto the provider's internal network. From there, the hackers continued to exploit each machine they found by stealing credentials to gain deeper access.

Who did it?

Cybereason did say it was with "very high probability" that the hackers were backed by a nation state but the researchers were reluctant to definitively pin the blame.
The tools and the techniques - such as the malware used by the hackers - appeared to be "textbook APT 10," referring to a hacker group believed to be backed by China, but Div said it was either APT 10, "or someone that wants us to go public and say it's [APT 10]."

Original report:

Based on the data available to us, Operation Soft Cell has been active since at least 2012, though some evidence suggests even earlier activity by the threat actor against telecommunications providers.
The attack was aiming to obtain CDR records of a large telecommunications provider.
The threat actor was attempting to steal all data stored in the active directory, compromising every single username and password in the organization, along with other personally identifiable information, billing data, call detail records, credentials, email servers, geo-location of users, and more.
The tools and TTPs used are commonly associated with Chinese threat actors.
During the persistent attack, the attackers worked in waves -- abandoning one thread of attack when it was detected and stopped, only to return months later with new tools and techniques.

Boing Boing post.
Hide

Show 09 Tue 13:10 ArsTechnica [3]

13:10 Space-based gravitational-wave detector may detect strange exoplanets
Large objects orbiting white dwarf binaries would be picked up by the LISA project.

13:10 Buzz Aldrin is looking forward, not back�and he has a plan to bring NASA along
"There has to be a better way of doing things. And I think I've found it.�

13:10 Elon Musk puts kibosh on hopes of refreshed Model S and X vehicles
Will this news halt the slump in sales for these two models, or accelerate it?
Hide

Show 09 Tue 12:55 Slashdot [1]

12:55 Google Unveils 'Code With Google,' Awards $1 Million To CS Teachers Group
theodp writes: TechCrunch reports that Google kicked off the 2019 Computer Science Teachers Association (CSTA) Conference in style with the announcement of Code with Google, a new coding resource for teachers which collects Google's own free course curriculum on teaching computer science and coding. Google also announced a $1 million grant to the teachers group alongside the unveiling of Code with Google. To hear Google tell it, Code with Google -- much like bacon -- makes everything better. An English and Language Arts teacher, blogs Google Education VP Maggie Johnson, "didn't know much about computer science, but wanted her students to get familiar with coding because it can help with other skills, such as critical thinking and collaboration. So she tried a [Google] CS First activity where students coded different endings [video] to the story they read in class. Melissa says that, in a short time, 'the kids were problem solving, troubleshooting, and helping one another. It was incredible to hear the conversations about coding and the other concepts we were learning in the room.'" Johnson is also on the Board of tech-bankrolled Code.org, which reported it had spent $91.4 million (thru Dec. 2018) to get CS into K-12 schools (Google is a $3+ million Code.org Gold Sponsor). Not too surprisingly, one of the CSTA 2019 keynotes will be delivered by employees of Platinum Conference Sponsor Google, including a former CSTA Executive Director (CSTA is currently led by Code.org's former Director of State Government Affairs -- it's a small K-12 CS world!).

Read more of this story
Hide

Show 09 Tue 12:20 Engadget [14]

12:20 Logitech's G Pro X headset helps you sound like a pro streamer
After teasing it earlier this week, Logitech has now revealed its new gaming headset, designed to help you sound like a professional streamer. The G Pro X marks the debut of Blue VO!CE software, which includes a suite of real-time mic effects that wi...

12:20 Virgin Galactic is going public to fund its expensive tourist spaceflights
Space tourism company Virgin Galactic has announced that it will go public via a merger with an investment firm. Its new partner, Social Capital Hedosophia (SCH), will invest $800 million in exchange for a 49 percent stake and take Virgin Galactic pu...

12:20 Qualcomm's Snapdragon 215 CPU brings modern features to budget phones
It's high time modern features like dual cameras, longer aspect ratio displays and VoLTE calling to sub-$100 phones and with Qualcomm's latest chipset, they just might real soon. The new Snapdragon 215 is meant to power phones that cost between $60 a...

12:20 A flaw in Zoom's Mac app may have let attackers hijack webcams
A serious security flaw in the Mac version of conferencing software Zoom can hijack webcams, but also leave users vulnerable to phishing and DOS attacks.

12:20 Musk: Tesla is not working on a Model S or Model X refresh
Tesla fans got excited last month after rumors of a Model S refresh started doing the rounds -- a driver near Tesla's Hawthorne design studio claimed to have spotted a mysterious test car, and of course the internet was abuzz with theories. Alas, Tes...

12:20 Google and Amazon bring the YouTube app back to Fire TV
Months after Amazon and Google ended their fight over streaming video, the official YouTube app is once again available on Fire TV devices. As of today, some Fire TV devices (multiple Fire TV Stick variants and the Fire TV Cube) and TV sets (from Ele...

12:20 Apple kills the non-Touch Bar MacBook Pro, discounts the Air
Apple isn't waiting until the fall and macOS Catalina to trot out Mac updates. The company has updated the MacBook Air and the entry 13-inch MacBook Pro with newer hardware and, in one case, a price cut. The Air now starts at an easier-to-swallow $...

12:20 Apple killed the 12-inch MacBook
Quietly lost amidst some upgrades to the MacBook Air and MacBook Pro is a notable absence from Apple's online store: the 12-inch MacBook has been discontinued. The laptop was first introduced in 2015 and ushered in a new era of MacBook design for App...

12:20 Dropbox Transfer lets you send up to 100GB of files at once
Sharing files through Dropbox is not a new concept. For years, the company has made it pretty easy to share any file or folder stored in your Dropbox with others, regardless of whether or not they have an account of their own. A new feature called Dr...

12:20 Facebook gives creators more ways to make money
As VidCon gets ready to take place between July 10th and 13th in Anaheim, California, Facebook has news to share with its creator community. The company has announced that it is introducing more ways for them to earn money on its site, starting by gi...

12:20 Uber adds 'Comfort' tier for extra legroom and silent drivers
Uber is adding a new ride option that aims to make your journey a more personal and relaxed affair. Uber Comfort is an upgrade on the everyday ride, and ensures you have extra legroom in a newer, mid-size car, where you can make advance requests rela...

12:20 Amazon Prime Video finally works with Chromecast and Android TV
Here's proof that Google and Amazon have truly buried the hatchet: Prime Video is finally available on Mountain View's streaming devices. The two tech giants ended their streaming video spat in April, paving the way for their services to become avail...

12:20 Xbox Game Pass now lets you add titles to a 'play later' list
Microsoft has introduced a new Xbox Game Pass feature that can help you remember to play the games you're putting off to finish the one you're on or to give those you've dropped in the past a second chance. You can now add titles from the service's c...

12:20 Google Lens can tell you about the people behind local artworks
If you're sitting in a coffee shop and you spot a neat mural on the wall, you could soon use your smartphone to identify the local artist who was behind it. A new feature of Google Lens currently being tested in San Francisco will recognize the artwo...
Hide

Show 09 Tue 11:04 HackerNews [11]

Show 09 Tue 09:55 Slashdot [1]

09:55 Bitcoin Mining On an Apollo Guidance Computer: 10.3 Seconds Per Hash
Slashdot reader volvox_voxel shares an excerpt from the latest blog post from software engineer Ken Shirriff, who is well known for his work on restoring some of the rarest computing hardware to its working condition: We've been restoring an Apollo Guidance Computer1. Now that we have the world's only working AGC, I decided to write some code for it. Trying to mine Bitcoin on this 1960s computer seemed both pointless and anachronistic, so I had to give it a shot. Implementing the Bitcoin hash algorithm in assembly code on this 15-bit computer was challenging, but I got it to work. Unfortunately, the computer is so slow that it would take about a billion times the age of the universe to successfully mine a Bitcoin block. He wasn't kidding about how long it would take to successfully mine a Bitcoin block. "The Apollo Guidance Computer took 5.15 seconds for one SHA-256 hash," writes Shirriff. "Since Bitcoin uses a double-hash, this results in a hash rate of 10.3 seconds per Bitcoin hash. Currently, the Bitcoin network is performing about 65 EH/s (65 quintillion hashes per second). At this difficulty, it would take the AGC 4x10^23 seconds on average to find a block. Since the universe is only 4.3x10^17 seconds old, it would take the AGC about a billion times the age of the universe to successfully mine a block."

Read more of this story
Hide

Show 09 Tue 09:20 Engadget [4]

09:20 Canon's G7 X III can shoot vertical video for your Instagram
Canon has unveiled a pair of PowerShot cameras that are well suited for YouTube and Instagram creators, even more so than its high-end EOS R cameras. The G7 X III and G5 X II, successors to the PowerShot G7 X II and G5 X, both pack 20-megapixel 1-inc...

09:20 US Navy's next-gen helicopter drone is ready for service
It took a few years, but the US Navy's beefier Fire Scout helicopter drone is finally ready for action... more or less. The military branch has declared that Northrop Grumman's MQ-8C has reached "initial operational capability," or the minimum state...

09:20 Electric toothbrush maker Quip gets into pay-as-you-go dental care
Quip, the electric toothbrush company that seemingly sponsors every podcast, is expanding into dental care. The company has launched Quipcare, a free app that lets patients book pay-as-you-go dental services like teeth cleanings, check-ups, fillings...

09:20 The Morning After: Amazon Prime Day strike plans
Hey, good morning! You look fabulous. Good morning, there! Amazon's Prime Day faces a threat, and we're not talking about Target and eBay's competitor sales. We also nail down some more details on Pokémon Sword and Shield, get a better look a...
Hide

Show 09 Tue 08:34 lwn.net-comments [17]

08:34 Debian 10 ("Buster") has been released

daemon ;-) background process. In Microsoft world, they might call them services .

08:34 Soft CPU affinity

CPU hot-plug removal, with affine processes.

08:34 Ryabitsev: Patches carved into developer sigchains

That isn't going to work if you want to use a non-JS implementation, IIRC SSB relies on the specific JSON to bytes serialisation that is provided by nodejs. Joey Hess mentions in this LibreLounge episode that folks have given up porting it to other languages:

https://librelounge.org/episodes/episode-14-secure-scuttl...

08:34 Ryabitsev: Patches carved into developer sigchains

Surely it's possible to replicate all the core design principles of SSB while replacing an implementation detail like the serialisation protocol? Particularly if it really is impractical to reimplement a compatible version outside nodejs . . .

08:34 Ryabitsev: Patches carved into developer sigchains

So what happens if I accidentally posted my private key or posted something else I regret a while later?

This is something that should also be used for bug reporting, right?

08:34 Ryabitsev: Patches carved into developer sigchains

JSON is fairly simple. I don't believe it's impossible or even hard to replicate the NodeJS's formatting.

But more importantly, the SSB standard should just specify canonicalization rules. Or use an existing one like: https://tools.ietf.org/html/draft-staykov-hu-json-canonic...

08:34 Debian 10 ("Buster") has been released

There are addons for thunderbird, though.

08:34 Ryabitsev: Patches carved into developer sigchains

posting something you will regret is the same with the email, but I think that's fine : if Secure Scuttlebutt was to be used as a vector for kernel development, the most important feature is the immutability of the whole chain of messages. I cannot explain exactly why (because it's too soon in the morning now), but it's a matter of process and guarantee of due diligence.

08:34 Ryabitsev: Patches carved into developer sigchains

That'd be a prime reason to change the format ASAP. Or replace JSON with msgpack, which only needs a couple of fairly trivial rules like "don't use a 32-bit signed integer when the value is <256" or "specify the dictionary ordering".

08:34 Debian and code names

And that seems a little English speaker-centric, too.

08:34 Debian 10 ("Buster") has been released

Why would the author know that in 2019 WiFi wouldn't work in a net installer image? When I install openSUSE I would never think that WiFi may still be an issue today. I was totally surprised when I read about that in the parent post.

08:34 Ryabitsev: Patches carved into developer sigchains

I wonder how big the SSB "repository" is likely to grow for a project like Linux, or even a much smaller one.

08:34 Debian and code names
An annoying aspect of Debian (and Ubuntu) is that /etc/issue only shows the version number, while everything else (e.g., packages.debian.org) uses the codename.

08:34 Debian and code names

What3words is available in 35 languages. The english position "reopens.stones.octagon" is in french "convaincu.verbe.hypertrophier".

What3words is a solution for the problem where you communicate addresses verbally and store them in your human memory but use a computer while trying to find them.

Fortunately the Indo-Arabic numeral system is used nearly everywhere so if I communicate GPS coordinates to another computer-user she can understand and store them without problems and instead of using map.what3words.com uses www.openstreetmap.org.

08:34 Ryabitsev: Patches carved into developer sigchains

Why? JSON is a perfectly fine format. It's also easy to debug and is self-describing.

The internal storage might, of course, use any other format.

08:34 Ryabitsev: Patches carved into developer sigchains

You can just discard old threads, just like with git you can use shallow clones.

08:34 Debian and code names

/etc/os-release is file you should be checking.

Hide

Show 09 Tue 08:25 Slashdot [1]

08:25 Moon Landing Could Have Infected the Earth With Lunar Germs, Say Astronauts
PolygamousRanchKid quotes a report from The Independent: A mistake made during the Apollo 11 moon landing could have brought lunar germs to the Earth, astronauts have revealed. When the three astronauts flew to the Moon and back, exactly 50 years ago this month, NASA worked hard to ensure that no bugs were brought back from the lunar surface. All three of the Apollo 11 crew were put into special clothes, scrubbed down and taken to a quarantine facility where they lived until scientists could be sure the Earth would not be contaminated. But interviews from a new documentary -- filmed by PBS and revealed by Space.com -- show that the plan to keep Earth could easily have failed, and that space bugs could have got into the Earth's atmosphere despite Nasa's best efforts. The astronauts noted that Nasa did not think there would be anything alive on the Moon that could be brought back down to the Earth. But the precautions were taken in case there were. "Look at it this way," astronaut Michael Collins said. "Suppose there were germs on the moon. There are germs on the moon, we come back, the command module is full of lunar germs. The command module lands in the Pacific Ocean, and what do they do? Open the hatch. You got to open the hatch! All the damn germs come out!"

Read more of this story
Hide

Show 09 Tue 07:04 HackerNews [7]

Show 09 Tue 06:20 Engadget [2]

06:20 Spotify Lite is now officially out for 36 markets around the world
Spotify has been testing a smaller, lighter version of its app since mid-2018 in hopes of expanding its reach to regions where internet connections are slow and people tend to use low-end-to-mid-range devices. Now, that app is finally ready for prime...

06:20 Google reveals multiplayer support and other new Stadia details
You won't lose access to your games on Google Stadia even if its publisher decides to exit the platform. That's one of the things the tech giant has revealed in a comprehensive update to the service's FAQ where Google promises that once you purchase...
Hide

Show 09 Tue 05:25 Slashdot [1]

05:25 Serious Zoom Security Flaw Could Let Websites Hijack Mac Cameras
Security researcher Jonathan Leitschuh has publicly disclosed a serious zero-day vulnerability for the Zoom video conference app on Macs that could allow websites to turn on user cameras without permission. The Verge reports: He has demonstrated that any website can open up a video-enabled call on a Mac with the Zoom app installed. That's possible in part because the Zoom app apparently installs a web server on Macs that accepts requests regular browsers wouldn't. In fact, if you uninstall Zoom, that web server persists and can reinstall Zoom without your intervention. Leitschuh details how he responsibly disclosed the vulnerability to Zoom back in late March, giving the company 90 days to solve the problem. According to Leitschuh's account, Zoom doesn't appear to have done enough to resolve the issue. The vulnerability was also disclosed to both the Chromium and Mozilla teams, but since it's not an issue with their browsers, there's not much those developers can do. The report notes that you can "patch" the vulnerability by making sure the Mac app is up to date and also disabling the setting that allows Zoom to turn your camera on when joining a meeting. "Again, simply uninstalling Zoom won't fix this problem, as that web server persists on your Mac," reports The Verge. "Turning off the web server requires running some terminal commands, which can be found at the bottom of the Medium post."

Read more of this story
Hide

Show 09 Tue 03:20 Engadget [2]

03:20 Netflix picks up heist movie starring Dwayne Johnson and Gal Gadot
Netflix is no stranger to buying movies originally destined for other studios, but its latest coup is particularly eyebrow-raising. The company has acquired Red Notice, a blockbuster heist thriller that was previously under Universal's wing. It was...

03:20 What's on TV: 'Alita: Battle Angel'
This week is light on big gaming releases, but sports fans can check out the MLB All-Star Game Tuesday, and ESPN's Espy's celebration on Wednesday. For movie fans, you can snag Robert Rodriguez's Alita: Battle Angel from digital retailers before the...
Hide

Show 09 Tue 03:04 HackerNews [14]

Show 09 Tue 02:30 AndroidAuthority [8]

02:30 Are you excited for the Pixel 4? (Poll of the Week)
How excited are you for the next Google phones?

02:30 Deals: Get up to 35% off a Samsung Galaxy S10 or $200 off a Pixel 3
These are two hot deals on two hot phones!

02:30 Netflix account sharing: Everything you need to know
Not sure if account sharing on Netflix is legal? Or how many people can watch simultaneously? Here's everything you need to know.

02:30 Deal: Become a spreadsheet sensation for just $19
Whether you use Microsoft Excel or Google Sheets, you'll get the skills to stand out with this beginner-friendly training bundle.

02:30 OnePlus 7 and 7 Pro update hub: Huge update lands for 7 Pro today
Check this hub for all the OnePlus 7 and OnePlus 7 Pro updates we know about!

02:30 The 10 best comedy shows and movies on HBO
Looking to laugh? HBO has you covered!

02:30 Boost the power of your Wi-Fi with this range extender for $25
The Rock Space Dual-Band Wi-Fi Range Extender can increase your Wi-Fi coverage by up to 1,292 square feet.

02:30 How to set up a YouTube channel � a step by step guide
Want to be the next big thing on YouTube? If so, setting up a YouTube channel is the first step. Here's how to do it.
Hide

Show 09 Tue 02:25 Slashdot [4]

02:25 Indoor Carbon Dioxide Levels Could Be a Health Hazard, Scientists Warn
An anonymous reader quotes a report from The Guardian: Indoor levels of carbon dioxide could be clouding our thinking and may even pose a wider danger to human health, researchers say. The authors of the latest study -- which reviews current evidence on the issue -- say there is a growing body of research suggesting levels of CO2 that can be found in bedrooms, classrooms and offices might have harmful effects on the body, including affecting cognitive performance. "There is enough evidence to be concerned, not enough to be alarmed. But there is no time to waste," said Dr Michael Hernke, a co-author of the study from the University of Wisconsin-Madison, stressing further research was needed. Writing in the journal Nature Sustainability, Hernke and colleagues report that they considered 18 studies of the levels of CO2 humans are exposed to, as well as its health impacts on both humans and animals. Traditionally, the team say, it had been thought that CO2 levels would need to reach a very high concentration of at least 5,000 parts per million (ppm) before they would affect human health. But a growing body of research suggests CO2 levels as low as 1,000ppm could cause health problems, even if exposure only lasts for a few hours. The team say crowded or poorly ventilated classrooms, office environments and bedrooms have all been found to have levels of CO2 that exceed 1,000ppm, and are spaces that people often remain in for many hours at a time. Air-conditioned trains and planes have also been found to exceed 1,000ppm.

Read more of this story

00:54 Instagram To Notify Users Comments Might Be Offensive Before They Are Posted
In an effort to curb cyber bullying, Instagram is rolling out a new AI feature that will automatically detect whether comments are offensive and notify users before they are posted. The Hill reports: In an example included in the company release, Instagram shows a user trying to comment "You are so ugly and stupid." Instagram follows up with a message asking the user "Are you sure you want to post this?" with an "undo" button. "From early tests of this feature, we have found that it encourages some people to undo their comment and share something less hurtful once they have had a chance to reflect," Instagram said. To further help protect users from unwanted interactions, Instagram said it will start testing a new "restrict" feature. Restricting a user will make it so the user's comments are only visible to that person; a user will be able to choose whether or not to make that the restricted person's comments available to others by approving them. Restricted users also will not be able to see when an account is active or when a person has read their direct messages.

Read more of this story

00:54 Sneaky Chrome Extension Disguises Netflix As a Google Hangout To Help You Slack Off At Work
Netflix Hangouts is a new Chrome extension that tries to make it easier to get away with watching Netflix while you're supposed to be working. Just go to the show you want to catch up on during work hours, and press the extension's icon in your Chrome menu to bring up a fake four-person conference call. Then you can sit back and watch the show in the window's bottom right feed while three fake colleagues get down to business. The Verge reports: The extension was developed by Mschf Internet Studios, which has produced a few internet curiosities like this over the years. There was the Slack channel that offered $1,000 in prize money for the first person to correctly guess each word of the day (it was shut down by Slack after just a week), a man who ate various foods as disgusting ice cream toppings, and who could forget Tabagotchi, the lovable virtual avatar that slowly died as you opened more and more tabs? Netflix Hangouts is the latest in a long line of services designed to let you slack off at work.

Read more of this story

00:54 Physicist Solves 2,000-Year-Old Optical Problem
Mexican physicist Rafael Gonzalez has found the solution to spherical aberration in optical lenses, solving the 2,000-year-old Wasserman-Wolf problem that Isaac Newton himself could not solve. Newton invented a telescope that solved the chromatic aberration, but not the spherical aberration. PetaPixel reports: Fast forward to 2018 when Hector A. Chaparro-Romo, a doctoral student at the National Autonomous University of Mexico (UNAM), who had been trying to solve this problem for 3 years, invited Rafael G. Gonzalez-Acuna, a doctoral student from Tec de Monterrey, to help him solve the problem. At first, Gonzalez did not want to devote resources to what he knew to be a millenary, impossible to solve problem. But upon the insistence of Hector Chaparro, he decided to accept the challenge. After months of working on solving the problem, Rafael Gonzalez recalls, "I remember one morning I was making myself a slice of bread with Nutella, when suddenly, I said out loud: Mothers! It is there!" He then ran to his computer and started programming the idea. When he executed the solution and saw that it worked, he says he jumped all over the place. It is unclear whether he finished eating the Nutella bread. Afterwards, the duo ran a simulation and calculated the efficacy with 500 rays, and the resulting average satisfaction for all examples was 99.9999999999%. Which, of course, is great news for gear reviewers on YouTube, as they will still be able to argue about the 0.0000000001% of sharpness difference among lens brands. Their findings were published in the journal Applied Optics. They also published an article in Applied Optics that gives an analytical solution to the Levi-Civita problem formulated in 1900. "The Levi-Civita problem, which has existed without a solution for over a century, was also considered a mythical problem by the specialized community," reports PetaPixel. "In this [algebraic] equation we describe how the shape of the second aspherical surface of the given lens should be given a first surface, which is provided by the user, as well as the object-image distance," explains Gonzalez. "The second surface is such that it corrects all the aberration generated by the first surface, and the spherical aberration is eliminated."

Read more of this story
Hide

Show 09 Tue 00:20 Engadget [4]

00:20 �CoD: Black Ops 4' is getting a fresh batch of zombies on July 9th
Zombies are on their way to Call of Duty: Black Ops 4. Activision announced today that "Operation: Apocalypse Z," a multiplayer-centric content pack that will conjure up game mode similar to the classic Zombies maps of previous games, will be coming...

00:20 Amazon orders comedy series from �Girls Trip' writer Tracy Oliver
Amazon has ordered ten episodes of a comedy series about the lives of four black women in New York City from Tracy Oliver, reported Deadline. Oliver, who is best known for her work in Girls Trip, Awkward Black Girl and teen drama The Sun is Also a St...

00:20 'Stranger Things 3' has been seen by over 40 million Netflix accounts
Remember when it was a big deal that Bright racked up 11 million viewers? That's now quaint by comparison. Netflix has revealed that 40.7 million accounts have watched Stranger Things 3 in the four days since its July 4th premiere, making it the mo...

00:20 Sling TV gets a new look on Apple TV and Roku
Sling TV has made some tweaks to its interface on Apple TV and Roku devices that should make for a better viewing experience. The company says the updates are in response to customer feedback, and should make it easier to sift through shows and movie...
Hide

Show 08 Mon 23:24 Slashdot [2]

23:24 IDC: For 1 In 4 Companies, Half of All AI Projects Fail
A new study from International Data Corporation (IDC) found that of the organizations already using AI, only 25% have developed an "enterprise-wide" AI strategy, and it found that among those in the process of deploying AI, a substantial number of projects are doomed to fail. VentureBeat reports: IDC's Artificial Intelligence Global Adoption Trends & Strategies report, which was published today, summarizes the results of a May 2019 survey of 2,473 organizations using AI solutions in their operations. It chiefly focused on respondents' AI strategy, culture, and implementation challenges, as well as their AI data readiness initiatives and the production deployment trends expected to experience growth in the next two years. Firms blamed the cost of AI solutions, a lack of qualified workers, and biased data as the principal blockers impeding AI adoption internally. Respondents identified skills shortages and unrealistic expectations as the top two reasons for failure, in fact, with a full quarter reporting up to 50% failure rate. However, that's not to suggest success stories are few in far between. More than 60% of companies reported changes in their business model in association with their AI adoption, and nearly 50% said they'd established a formal framework to encourage the ethical use, potential bias risks, and trust implications of AI, according to IDC. Moreover, 25% report having established a senior management position to ensure adherence.

Read more of this story

23:24 Tesco, One of the World's Largest Supermarket Operators, Is Testing Cashierless Stores Solely Dependent On Cameras
An anonymous reader quotes a report from The Wall Street Journal: Tesco, one of the world's largest supermarket operators, is one of several grocers testing cashierless stores with cameras that track what shoppers pick (Warning: source paywalled; alternative source), so they pay by simply walking out the door. The retailers hope the technology -- similar to that pioneered by Amazon.com Inc. in its Amazon Go stores in the U.S. -- will allow them to cut costs and alleviate lines as they face an evolving threat from the e-commerce giant. Tesco plans to open its self-styled "pick and go" or "frictionless shopping" store to the public next year after testing with employees. Eventually it wants to use the technology, developed by Israeli startup Trigo Vision, in more of its smaller grocery stores. Tesco's 4,000-square-foot test store uses 150 ceiling-mounted cameras to generate a three-dimensional view of products as they are taken off shelves. In its recent demo, Tesco's system detected shoppers as they walked around the store. It also identified a group of products when a person holding them stood in front of a screen, tallying up their total price. Tesco is considering identifying shoppers through an app or loyalty card when they enter the store and then charging their app when they leave. Tesco told investors its method costs one-tenth of systems used by its competitors, partly because it only uses cameras. Amazon Go uses cameras and sensors to track what shoppers pick. Amazon customers scan a QR code at a gate when they enter a store, then walk out when finished. While Tesco will track the movements of their customers, the company says the system used in its trial doesn't recognize faces.

Read more of this story
Hide

Show 08 Mon 23:04 HackerNews [11]

Show 08 Mon 22:40 ArsTechnica [4]

22:40 Amazon plans nationwide broadband�with both home and mobile service
Amazon seeks FCC approval to launch 3,236 low-Earth broadband satellites.

22:40 Antivaxxers turn to homeschooling to avoid protecting their kids' health
One anti-vaccine parent planned to quit her part-time job to "become an educator."

22:40 Russian spy sub crew prevented nuclear accident at cost of their lives
Submarine was on "combat training mission" with civilian expert aboard for equipment test.

22:40 Microsoft releases Windows 1.11 throwback app as a Stranger Things tie-in
Mystery solved: Microsoft's classic software tease is all about the Netflix show.
Hide

Show 08 Mon 22:34 lwn.net-comments [38]

22:34 Six (or seven) new system calls for filesystem mounting

KDE and GNOME both have their own (mutually incompatible) virtual filesystem systems: KIO and GVFS, respectively.

22:34 Development quotes of the week

I concur. I upgraded to Buster a few months ago. It automatically started using Wayland for my Gnome session and I haven't looked back. The desktop feels a lot smoother and more reliable under high system load (but that may also be due to the newer version of Gnome.) I've had a few minor problems (don't try the screen recorder!), but over all I'm very impressed.

22:34 Debian 10 ("Buster") has been released

My original post links to and comments on precisely that image. Are you still asserting that you bothered to read it before replying?

22:34 Debian 10 ("Buster") has been released

This is precisely the problem - as far as Linux is concerned, your laptop is basically the same as a mainframe sitting in a university datacentre in 1978. Individual programs running on your laptop are treated like users ("clients"), but a use case like "I would like my computer to send a job to a printer that is available on my network" requires something called a "server" at both ends. Oh, this is _totally fine_ if you regard your laptop as a mainframe yourself, and consider it critically important that users can send each other emails that never actually leave the local machine. Nobody born in the last forty years actually thinks like this however.

22:34 clone3(), fchmodat4(), and fsinfo()

Coincidentally, I'm actually working on a userspace library that helps avoid TOCTOUs like these (as well as many others)[1]. I sent a patchset for openat2 over the weekend[2] -- but I will probably have to resend it next week so folks actually see it.

[1]: https://github.com/openSUSE/libpathrs
[2]: https://marc.info/?l=linux-api&m=156242513200869&w=2

22:34 Debian 10 ("Buster") has been released

I understand Debian not just disabling root login by default and making it optional (after all, we have established that Linux is about choice above all), but not why it would actually discourage locking root, given that this model is the de facto standard superuser access method for every other distribution these days.

22:34 Debian 10 ("Buster") has been released

>My original post links to and comments on precisely that image. Are you still asserting that you bothered to read it before replying?

No, I missed that.

22:34 Debian 10 ("Buster") has been released

Every printing system deployed (be it desktop or mobile) is implemented with application "clients" talking to a local "server" which may or may not talk to a remote "server." All of this implementation detail is completely hidden from users, who don't know, or care, how printing is configured or implemented. They just want to print their stuff, and will complain loudly when it doesn't JustWork(tm).

Critizing debian's installer for not being terribly user friendly is all fine and dandy, but the hyperbole about treating laptops as mainframes seems rather out of place, especially as what you described is how pretty much all auto-discovered network-aware services operate.

22:34 Ryabitsev: Patches carved into developer sigchains

That sounds entirely awesome, modulo the single downside that I don't see how you can replicate actual *discussion* of patches, review workload etc this way without adding support into God only know how many mail clients or something like them...

22:34 Debian 10 ("Buster") has been released

Many wired interfaces _do_ work without added firmware blobs, even if they claim they do not ... the proprietary firmware blob may make it easier to work with the interface / make the interface work faster or whatever.

22:34 Ryabitsev: Patches carved into developer sigchains

Yeah, it'd be a ton of work, but there's already a ton of work involved in sifting through mailing lists or a dysfunctional bug tracker.

Linus was able to write git in three weeks or so, and the beautiful sauce-on-top then got done by some umpteen developers during the next couple of years. That kind of success is repeatable if you have the right plumbing in place, and something SSBish looks like it'd fit the bill.

That being said, git didn't just have a chain of sha-1, it also consisted of a bunch of conventions (i.e. what do tree, commit and tag records look like and how can you connect them, that kind of thing). Some people would need to get together and hash out the format and content for a common set of base messages.

(NB: minor nit: ugh, JSON. Please use msgpack instead.)

22:34 Ryabitsev: Patches carved into developer sigchains

I agree that this sounds like it could turn into a pretty neat solution.

As for replicating discussion, any new mechanism would need a bridge to email, at least for a transition period. I guess for this scheme one could set up a server that publishes a feed with the messages it picked up from email; similar to how one can comment on Github issues by replying to notification emails...

22:34 Debian 10 ("Buster") has been released

This 'precisely' communicates that you're throwing technically sounding terms around whose meanings you don't understand. Nobody ran "UNIX on mainframes in university data centres" in 1978. By that time, it was a 16-bit OS for PDP-11 minicomputers and didn't support networking. A MTA (still a mail transport agent) is a piece of software whose job is to transport mail on behalf of other applications (one would assume the name should suggest this). It's not "a mail server" and it has nothing to do with using minicomputers running UNIX for timesharing at universities in the 1980s. I didn't write anything about this. Something I did write about was "used by all kinds of services". The most prominent example would be cron --- any output generated by a cronjob will be mailed to the user owning the cronjob. The same is true for at, mostly useful (for me) for setting up remainders. Another job of a MTA is to connect to other MTAs over the internet to send internet mail. This means that it's possible to have a single SMTP implementation used by any number of programs instead of integrating one in all of the these programs.

People used to the "user-friendlyness" of e-mail "clients" which ultimatively grew of out of DOS programs running on a system without support for multiprogramming typically have a "send" button they have to use to send mail. If this fails, they will usually retry manually until it happens to succeed. But that's just a waste of time originating from an operating environment which didn't support anything better. In fully featured one, the MUA (mail user agents) hands of the mail to the MTA which will deliver it in the background, automatically retrying submission as needed until it succeeds.

If what you want it essentially a system without support for anything more sophisticated than what DOS could support, you're free to use one. But please, don't try to paint this as "modern technology" --- it's about the same age than what you desire to criticise, just technically more primitive due to hardware limitation of that time.

22:34 OpenPGP certificate flooding
Now it makes sense to me.

My naive thought is that it would be along the lines of:
1. Alice uploads her public key
2. Bob signs Alice's public key
3. For Bob's signature to be valid, Alice has to sign (or have already signed) Bob's key in her local keychain
4. Alice uploads the new (signed) public key, and Bob gets a copy of his public key signed by Alice.
5. Bob receives his public key (signed by Alice), and can (in turn) upload his public key (which is signed by Alice).

Though I'm sure there's a better idea than that...

22:34 Ryabitsev: Patches carved into developer sigchains

The way I see it, you can emulate it with a SMTP/POP bridge. You can run it on localhost and it can behave entirely like a legacy mailing list discussion, using any mail client:

- mux incoming SSB chains and make them available as a messages in a POP box
- accept incoming 25 from localhost, write them to your own SSB chain and trigger replication

-K

22:34 Ryabitsev: Patches carved into developer sigchains

His "decent" tool could run an IMAP server on localhost, which would reduce the mail client issues to whether the mail client can cope with an IMAP server containing the entire lkml archive in some organization (or, at least, as much of it as you've told the tool you want to be able to read through presently).

22:34 Debian 10 ("Buster") has been released

The comment which so infuriated you stated that in order to send mail Debian would probably ask you to install a mail server. That you have chosen to become apoplectic at the notion that someone wouldn't care for the intricacies of how email works, because any Real Email System involves local spooling daemons, is precisely (there's that word again) the problem here - from the perspective of the person hitting Send, the laptop is the client and something remote is the server. Nobody under forty years old cares that the "client" may involve some service that runs locally: this distinction is utterly academic and largely relates to a bygone world where that interaction would have mattered. But here we are with an installer that calls everything a server so as not to offend the sensibilities of people who immediately start accusing people of wanting to go back to DOS if they dare elide such implementational trivialities.

22:34 Debian 10 ("Buster") has been released

That you keep repeating this doesn't make it anymore sensible. An MTA is not a mail server (in the sense you're using the term). It's a piece of system infrastructure providing a 'mail sending facility' to other software. From the perspective of something who thinks of "DOS", someone's using a pretty feeble "personal computer" running "client software" in order to talk to more powerful/ versatile "server computers" capable of supporting the kind of (usually network-related) facilties the feeble, personal computer can't. This indeed relates to "a bygone age", namely, one which ended around the mid-1995s or so, where people at universities would provide somehow networked PCs running DOS/ early Windows and used programs which had to connect to "UNIX servers" to get "internet access" in some pretty indirect way. That's the computing model which is apparently hardwired into your brain.

At the same time, people using less feeble hardware, so-called UNIX workstations (single user machines for all practical purposes) didn't have to go down this clumsy road as the computers they were using were capable of participating in 'the network' as full-fledged member nodes on their own. That's also possible with all even remotely current hardware as that's capable of running the necessary software itself.

The "client" [computer] you're thinking of technically ceased to exist some time in the last century. BTW, I'm pretty certain that not even all people who were born after 1979 are so hardcore nostalgic that they want to keep this outdated concept alive just for the sake of doing so.

22:34 Debian and code names

> Codename do have meanings

Really? What kind of meaning is contained within "squeeze" or "jessie"? Codenames of Ubuntu or Mint with ascending first letters have a meaning, randomly chosen ones of a special set have no further meaning beyond being from this set (e.g. names from certain Pixar films).

I had for many years Debian as my desktop distro and still as my server distro but only during updating I remember the nonsensical codenames.

Please envision streets without numbers. Every street has codenames for the houses. Address: Jane Doe, Main Street / Diseased Merry Screwdriver. I assume you would have no problem finding the way to Jane Doe, because "Codename do have meanings".

22:34 Debian 10 ("Buster") has been released

> That you keep repeating this doesn't make it anymore sensible. An MTA is not a mail server (in the sense you're using the term). It's a piece of system infrastructure providing a 'mail sending facility' to other software.
Then it's fair to say that existing MTAs offered by Debian simply suck. A good MTA would integrate with the "Outbox" provided by the main GUI email client, allowing users to see and control the outgoing mail.

22:34 Ryabitsev: Patches carved into developer sigchains

What is the difference between SSB and Matrix? Both seem to solve the same problem in almost the same fashion.

22:34 Ryabitsev: Patches carved into developer sigchains

So, news but with crypto? I still don't understand very well why mailing lists took over news

22:34 Debian 10 ("Buster") has been released

Congratulations, Debian, and to repurpose Juan Antonio Samaranch's quadrennial line (though this time truthfully), it's the best release yet!

I started experimentation some months back and had nearly effortless upgrades, and what code changes I've had to make on some of my servers has nothing to do with Debian, but running old code that relies on quirks from old interpreters and the like whose quirks have changed. That happens every time, but there's even less of it this time.

22:34 Ryabitsev: Patches carved into developer sigchains

SSB's main idea is that it's a series of individual chains of records, each immutable after it's been replicated. If Alice, Bob and Charlie communicate about topic X, all pieces of that conversation are records on each of their individual SSB chains. All three chains are replicated on each of the participating computers, plus on the pub server -- but they remain three individual chains ("feeds"). If Alice wants to stop seeing anything Charlie posts, she can block their feed, but Bob will still be able to follow it. Every record on the individual chain is fully attestable to the user who created it. If Alice comments on a patch, posts a bug, or submits a pull request, both Bob and Charlie have 100% assurance that Alice is the author (because it's on her SSB chain and each message is signed with her private key), and that the messages have not been modified in-transit.

With Matrix, messages are stored on the Matrix server and added to the "room" where those conversations took place. That room is then replicated to all other participating matrix servers, ensuring redundancy and no single point of failure. Individual users and room admins can redact or delete existing messages and kick/ban participants from rooms. As such, there is limited attestation and no guarantee of immutability.

SSBs are immutable replicating activity records, while Matrix is a decentralized messaging protocol. That's the main difference.

22:34 Radeon problems, anyone?

I like this release, and my Stretch ->Buster upgrades have mostly been uneventful. However, for some reason I can't get the 4.19 kernel to work on my desktop PC with an AMD Radeon card. Has anyone run into this?

My card is VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Oland XT [Radeon HD 8670 / R7 250/350] and neither the radeon nor amdgpu module works. For now, I'm running the ancient Jessie kernel with the rest of the system on Buster... not optimal.

22:34 Ryabitsev: Patches carved into developer sigchains

I'm extremely skeptical that a "fork lift" replacement off all tools and communication workflows is achievable with even a modestly sized opens source project. I rather doubt it would even been possible to replace git with another if the only feature add is to allow "cool stuff in the future".

22:34 Ryabitsev: Patches carved into developer sigchains

Yes, Matrix rooms seem to be almost exactly what SBS does, modulo immutability. It should be fairly easy to add, though.

22:34 Ryabitsev: Patches carved into developer sigchains

It won't replace git, just the email.

22:34 Ryabitsev: Patches carved into developer sigchains

Immutability would be a terrible thing for Matrix rooms. Anyone could then post illicit content to make that room a legal liability for anyone to be in.

SSB is immune from this, because any illicit content lives on the spammer's individual chain and that chain can be blocked without any real impact on the project.

22:34 Ryabitsev: Patches carved into developer sigchains

Rather, this scheme is agnostic to how the project's code is managed. The goal is to develop a framework for decentralized developer communication -- i.e. everything that happens before actual code is committed.

(There is actually git-ssb that tries to make git repositories live on ssb itself, but I think there are some real important scaling implications with that solution.)

22:34 Debian 10 ("Buster") has been released

A wired interface isn't much use without an RJ45 port ... my wife's laptop has wi-fi and USB as its connectors, and that's about it ...

Cheers,
Wol

22:34 Debian 10 ("Buster") has been released

That is like saying you need a "wifi server" to listen to AP announcements. No, just at the time of looking for APs do you need to listen to announcements.

And passively listening to the network is not a "server" by any definition.

22:34 Debian and code names

> Please envision streets without numbers. Every street has codenames for the houses. Address: Jane Doe, Main Street / Diseased Merry Screwdriver.

There's already a system for that: https://what3words.com/about/ . More universal than street names and numbers, more precise, much easier to translate to GPS coordinates, easy to communicate and to remember. It appears there is no diseased.merry.screwdriver, but there is a displeased.merry.screwdriver in the ocean near Hawaii.

22:34 Ryabitsev: Patches carved into developer sigchains

Okay, that's nifty :-)

(thinking aloud.... I'm wondering if it would be possible to mix SSB with cooperative editing on a common document, like what we can do with google doc for example, but easier to filter and locate. What I'm missing in all collaborative editors is the git-like capability of cherry-picking changes from a changeset, and to have a separate thread for each comment)

22:34 Debian 10 ("Buster") has been released

So.. you're saying that every application should know about handling wifi connections, including listening to OOB network traffic and managing secret credentials?

If not a "server" then what else would you call the OS-level thingey that manages your network connections?

22:34 Debian and code names

Ok, these three word combinations seem have meanings, but can you decipher them without help of a computer?

What is more northern, "reopens.rooks.divide" or "boil.stones.closet" and which of the two is nearer "hollies.shivered.octagon". As "reopens.stones.octagon" shares parts with each of the former three, has it something in common with them?

what3words.com has nothing to do with meaning, these combination are simply random but memorable ids. The meaning of these ids are stored in a database not in the three word combinations themselves.

22:34 Debian and code names

I have to correct myself.

The names are mapped algorithmic to coordinates, so they have (in the strictest sense) meaning. Only this meaning isn't discernible for humans.

22:34 Debian 10 ("Buster") has been released

1. It's an unfair advantage; that stores do not usually carry Linux Distro's as installed. MANY things have been done to dis-wade you from installing a Gnu/Linux based distro. However, all you need are some tips. Just know it's not the developers blindness, for new users; there are many discoverable reasons why things are the way they are. The bad idea of not trying causes you to miss the gold. Council(tips) is not an egregious lack of user friendliness on the part of the devs. It is wisdom in any endeavor. Saving you time and frustration.

2. Purpose: Many sites list the advantages; but you need to decide which ones you want most. Security. Stability(app repository already compiled for stable), numerous apps, faster, more customizable to your wishes, longevity, fewest glitches, work on more hardware (scalability) so with many systems you can choose one way (to maintain) for them all, pre setup and hit the ground running with installed apps and easy to add and change around apps also. There are MANY more reason to eventually get some distro working and then actually use it a while. The main thing is you need not delete ANYTHING (like Windows) you have. Another drive or computer is the best way to use BOTH and (over a great time) compare them!

Note: Do remember: New users keep to the stable versions as this is different than closed software. Where you normally can't get the versions of an app still being tested. Core system (foundational apps) especially. With Debian stable tier then anything popular and newer usually gets fitted to stable, packaged and compiled for you in stable BACKPORTS. Basically; use only the back-ports that are a must for you and for some good reason. The longer term of around two years with Deb stable tier is not really a problematic, too old thing; near its end. It keep you stable (with a life) and perhaps the most stable, robust OS and system there is. It's working not maintaining. The upgrade ease WITH SECURITY UPGRADES is MAJOR reason to run Deb stable. Yet your safe practices matter.

Note: There still some old, odd ball computer parts (it's hardware devices) out there and actually made to hinder Linux(OS distro sets) use. Examine each device for of ease of compatibility with the main distros. Since this is very rare; trade out devices or systems if you can. Sometimes give away hardware is better than fight an odd ball device; even though one can fight and win on most. But don't. Replace it if free or low cost. Sometime an older (slightly older) release of a distro will work better on really old devices; but this is the wrong way! Use your best; not your worse; because people will give you parts better than that. See? go forward (to a point, yet not past stable; unless you are developing/testing), not backwards. Else, you'll create more problems than you solve.

Note: Don't test numerous desktop GUI managers on your main (non testing) system. Test them on a test drive or better, another computer. There, you may rather try one at a time so they don't mix desktop manager related and duplicate apps. So save time not having to removing things and upgrading apps you don't use.

3. New users start with Linux Mint (Get Mate for scaling, familiarity and custom, stability, low RAM and speed), and the 64 or 32 bit version for your computer. Remember if a 64bit prepared USB does not match then it will do absolutely nothing. You will want to remember; when trying out your newly distro install written USB stick if you get NOTHING then check if the system you are trying is 64bit. Also, a 32bit installer may install fine on a 64bit system; but that is probably not what you want.

4. Finally, to Debian stable: After about a year with Linux Mint and it's easy install, with it's mostly the same basic apps (different Ubuntu based compiler decisions/core system) and Mint environments ready to go with more added, then you may want Debian try instead; since you may want to customize more anyway. Debian seems hard the first time; as it require tips and is different for good reasons. Mainly; more choices and flexibility. More it build you own style/apps that can fit more things and not losing any good things to the wrong kind of user ease. It's where the core of ubuntu based mint get it's beginnings before more polish. But you can polish Debian to just the same everyday experience with ease. So have the best of both world's; after mint shows you all you're missing from closed systems.

5. Make Deb stable install easy: I wait until a live deb ISO; because you can get it WITH mate and whole system more than the net installer; which runs off newbies. Net installing is cool; but not in practice. It has great application; but for the person wanting stable for your main workstation (not just servers anymore) then the bigger download (use torrent) LIVE ISO with MATE has what you need for a full install and it's compressed. So almost no downloading on install and little on first upgrade. Then daily upgrades are fast and painless. Not to mention Debian stable new release tier "dist-upgrades" are the only sane ones I've seen. Even then you SHOULD not convert in the first weeks. See because while tested for stable; then the world knocks off the rouge edges even more (such as Nvidia crap where they refuse openness) as more people report and quickly fix it. All because of the rule "This is the STABLE teir!". And this rolls daily. You may need to MAKE yourself backup and do a clean install. As clean installs are technically better; just because you don't have to. Which is very helpful when a device may lose support (Like NVIDIA!). But we are talking REALLY old and people will give you passable devices better than that. Nvidia simply works against your ease and time savings here. Which we should think, devs (open developers in teaming mass) can't fix that. Because closed locks you in. Consider refusing to buy closed hardware(close firmware), from companies into planned obsolescence, and not having your back for the life of your desired usage.

6. If a live deb installer (the correct 64bit or 32bit) with Mate doesn't work then that can be very frustrating. However fixes are logged and new releases come very fast. Especially for small errors in their creation. ISO's downloads get dated fast; so rewriting USB's is the deal. It's also good to have the USB stick around in case you can't boot/start so you can just boot live off your mostly matched (upgrades) static USB installer and switch over (chroot) back inti your main system to fix it's boot with some easy command pasted in and done. remember 24/7 on-line Linux help. So much; that you have to pick from the best and latest fixes.

7. Things you probably know are you don't need huge, more costly USB stick sizes (or USB 3.0 necessarily) and the speed is what matters. Just bigger than the ISO file.

There are also torrent (get the popular ISO files faster) and ISO installer making (different per OS) programs for Windows and any system; that you may be using; to start.

Linux can use simple know commands to make the USB with other apps; but you best DOUBLE check the drive letter AFTER newly booted that time and make sure you have no typos to the drive you are overwriting! This is why backing up anything you can not lose, is the very first step. Which is regular practice anyway. If you have no other copy in the system then you better back critical stuff up. The USB writing programs help you; but you still have to be careful.

I've seen many confused about dragging the ISO file onto a USB stick and saying the distro sucks. LOL. You can't do that. The ISO is a compressed file or files and it needs to be written to make the USB boot like you spent hours installing it from scratch.

But once you know these little tips then you can breeze through a Debian install with expert ease! Just these things should show you the numerous way folks get several things wrong and give up trying to Install the legos's of Disros. Debian, the universal OS.

There will be some differences with new Deb releases, hardware vet, options to pick; but the LIVE ISO start with a built up system already. Just a little less than Mint polishes. So if you are flexible, with a never give up attitude (or have a Linus loving tech friend to help you and do not hesitate to ask them) then you do well to make your own Debian stable system, if you want to set the looks and all anyway. You will not have to decide if you want to deal with the issues with old vs. current ubuntu/Linux Mint releases again, EVERY 6 months or so, when the devs and testers move on. The whole time not claiming stable (as Debian Stable). And there's those easy security updates with Deb stable! [No the odder Deb based version of Mint is not better]. In fact; why use another Deb's core based distro when you can build your pure and untainted realDeb stable, just the same? If you like there default choices then you can add them to your deb stable. See? And when you start clean with a whole built out distro THE SAME starting place as most others then fixing problems fast (just upgrade by the next day, LOL) and stability, will be the best of ANYTHING (robust).

Hide

Show 08 Mon 21:54 Slashdot [2]

21:54 Brazil To Add Digital Data Protection To Fundamental Rights
An anonymous reader quotes a report from ZDNet: The Brazilian Senate has approved a proposal to add protection of data in digital platforms to the list of fundamental rights and individual citizen guarantees set out in the country's constitution. Brazil's general data protection law was due to go live in February 2020 but a stopgap measure signed by former president Michel Temer just before leaving office in January 2019 has extended the deadline to August next year. Earlier this year, the National Authority for Personal Data Protection has also been created , with attributions including the creation of frameworks on how to handle information and guide organizations on how to adhere to the rules. The authority will also be responsible for monitoring and applying fines to non-compliant organizations. "State and society should be entitled, as a general rule, to knowledge about each other, as long as there is a real need," said senator Simone Tebet, rapporteur of the proposal. "Other than that, data privacy should be preserved as much as possible."

Read more of this story

21:54 Amazon Staff Will Strike During Prime Day Over Working Conditions
Staff at a warehouse in Shakopee, Minnesota will hold six hours of strikes on July 15th (the start of Prime Day) to demand less stringent quotas and the conversion of more temporary workers into permanent employees. Engadget reports: The quotas make the work dangerous and unreliable, according to the workers, and permanent work will help create a "livable future." Workers in the U.S. have protested before (including a December protest in Minnesota over support for East African workers), but not during crucial sales days -- you've only really seen that practice in Europe until now. The company has declined to comment on the strike.

Read more of this story
Hide

Show 08 Mon 21:18 Engadget [4]

21:18 Instagram's anti-bullying tool lets you �restrict' problematic followers
Today, Instagram announced two new tools meant to combat bullying. The first will use AI to warn users if a comment they're about to post may be considered offensive. In theory, it will give users a chance to rethink their comments. The second will a...

21:18 Apple re-released its decade-old iOS 'Texas Hold'em' game
The App Store opened for business 11 years ago this week and to mark the anniversary of its app marketplace, Apple is reviving its old iOS poker game. The redesigned Texas Hold 'em app has a new lease on life with more characters, sharper graphics an...

21:18 1989 promo shows the 'Terminator' NES game that never was
The very first game based on The Terminator was supposed to be an NES side-scroller from Sunsoft, but it never panned out that way. The company lost the movie license and reworked the game into what would become Journey to Silius. However, evidence...

21:18 Maryland is already out of EV tax credits for 2019
Maryland's electric vehicle (EV) tax credits are so popular, they're already gone. According to the state's Motor Vehicle Administration, the $6 million fund meant to cover the tax credits was depleted before the fiscal year began on July 1st. The st...
Hide

Show 08 Mon 20:24 Slashdot [2]

20:24 Email App Superhuman's Superficial Privacy Fixes Do Not Prevent It From Spying on You
Mike Davidson: It took an article I almost didn't publish and tens of thousands of people saying they were creeped out, but Superhuman admitted they were wrong and reduced the danger that their surveillance pixels introduce. Good on Rahul Vohra and team for that. I will say, however, that I'm a little surprised how quickly some people are rolling over and giving Superhuman credit for fixing a problem that they didn't actually fix. [...] Let's take a look at how Superhuman [an email app that charges users $30 a month] explains their changes. Rahul correctly lays out four of the criticisms leveled at Superhuman's read receipts: Location data could be used in nefarious ways. Read statuses are on by default. Recipients of emails cannot opt out. Superhuman users cannot disable remote image loading. However, he also omits the core criticism: Recipients of Superhuman emails do not know their actions are being tracked or sent back to senders. Superhuman said it was keeping the read status feature, but turning it off by default. Users who want it will have to explicitly turn it on. Mike adds: This addresses the concern about teaching customers to surveil by default but also establishes that Superhuman is keeping the feature working almost exactly as-is, with the exception of not collecting or displaying actual locations. I've spoken with several people about how they interpreted Rahul's post on this particular detail. Some believed the whole log of timestamped read events was going away and were happy about that. Others read it as: you can still see exactly when and how many times someone has opened your email, complete with multiple timestamps -- you just can't see the location anymore. That, to me, is not sufficient. "A little less creepy" is still creepy. Also worth noting, "turning receipts off by default" does nothing to educate customers about the undisclosed surveillance they are enabling if they flip that switch.

Read more of this story

20:24 How Facebook Fought Fake News About Facebook
Facebook has built tools to track posts on Facebook and WhatsApp that talk about its executives, products, or moves Bloomberg reported on Monday. The company has been, for years, routinely using these tools to "snuff out" posts that it deems to offer untrue characterization of its services or people. From the report: Many companies monitor social media to learn what customers are saying about them. But Facebook's position is unique. It owns the platform it's watching, an advantage that may help Facebook track and reach users more effectively than other firms. And Facebook has been saddled with so many real problems recently that sometimes misinformation can stick. Stormchaser is just one of multiple tools Facebook has deployed to manage its reputation, which has taken a dramatic hit thanks to its role in spreading Russian misinformation during the U.S. election and numerous privacy scandals. The company employs hundreds of public relations officials and spent $13 million on government lobbying in 2018. Zuckerberg and Facebook Chief Operating Officer Sheryl Sandberg have become so intertwined with the company's image that Facebook routinely collects public survey data to understand how the general public views them -- data that shapes what the executives say and do publicly. Facebook's response: "We didn't use this internal tool to fight false news because that wasn't what it was built for, and it wouldn't have worked," the spokeswoman wrote in an email. "The tool was built with simple technology that helped us detect posts about Facebook based on keywords, so we could consider whether to respond to product confusion on our own platform. Comparing the two is a false equivalence." The New York Times' tech columnist Kevin Roose, writes: You could write a dissertation about this quote, and the difference between what Facebook considers "product confusion" (wrong stuff about us, which must be removed immediately) and "false news" (wrong stuff about other people, which is protected free speech).

Read more of this story