Alterslash

the unofficial Slashdot digest archive

The US Army Wants Distributed Bot Swarms And An 'Internet of Battlefield Things'

Posted by EditorDavidView on SlashDotShareable Link
turkeydance shares a new report about the U.S. Army Research Lab: In the coming months, the Lab will fund new programs related to highly (but not fully) autonomous drones and robots that can withstand adversary electronic warfare operations... A second program called the Internet of Battlefield Things seeks to put to military use "the research that's going on in the commercial space" on distributed sensors and Internet-connected devices... One thrust will be equipping drones and other autonomous systems with bigger brains and better networking so that they can function even when an enemy jams their ability to radio back to a human controller for direction... "When you don't have bandwidth, when you're under cyber attack, when you're being jammed. That's the problem we're trying to address."
The lab's director also says they want "as much processing as possible on the node" so it can continue functioning in "contested environments."

SoundCloud Halts Volunteer Archiving Project

Posted by EditorDavidView on SlashDotShareable Link
Slashdot reader nielo tipped us off to more SoundCloud news. Motherboard reports: Last week, a group of volunteer digital preservationists known as The Archive Team announced they would be attempting to independently archive a 123.6 million track, 900-terabyte swath of SoundCloud, the popular streaming music and audio service that recently announced mass layoffs and office closures, sparking fears of an imminent closure. But just as the volunteer archive of SoundCloud was due to be getting started, it's been abruptly called off at the behest of the company... I reached out to SoundCloud for more information, and a spokesperson responded with the following written statement: "SoundCloud is dedicated to protecting the rights and content of the creators who share their work on SoundCloud. We requested the Archive Team halt their efforts as any action to take content from SoundCloud violates our Terms of Use and infringes on our users' rights... SoundCloud is not going away -- not in 50 days, not in 80 days or anytime in the foreseeable future..." But that hasn't stopped some individuals on Reddit's r/datahoarder subreddit from attempting to gather their own personal archives of as much of SoundCloud as they want and can afford to host.

Microsoft Launches A Counterattack Against Russia's 'Fancy Bear' Hackers

Posted by EditorDavidView on SlashDotShareable Link
Kevin Poulsen writes on the Daily Beast: It turns out Microsoft has something even more formidable than Moscow's malware: Lawyers. Last year attorneys for the software maker quietly sued the hacker group known as Fancy Bear in a federal court outside Washington DC, accusing it of computer intrusion, cybersquatting, and infringing on Microsoft's trademarks... Since August, Microsoft has used the lawsuit to wrest control of 70 different command-and-control points from Fancy Bear... Rather than getting physical custody of the servers, which Fancy Bear rents from data centers around the world, Microsoft has been taking over the Internet domain names that route to them. These are addresses like "livemicrosoft[.]net" or "rsshotmail[.]com" that Fancy Bear registers under aliases for about $10 each. Once under Microsoft's control, the domains get redirected from Russia's servers to the company's, cutting off the hackers from their victims, and giving Microsoft a omniscient view of that servers' network of automated spies. "In other words," Microsoft outside counsel Sten Jenson explained in a court filing last year, "any time an infected computer attempts to contact a command-and-control server through one of the domains, it will instead be connected to a Microsoft-controlled, secure server."

Re:If It Weren't For Russia

By aliquis • Score: 4, Insightful • Thread

If it weren't for Russia we'd be Germans.
And it would had been great!

Are Nondisparagement Agreements Silencing Employee Complaints?

Posted by EditorDavidView on SlashDotShareable Link
cdreimer writes, "According to a report in the New York Times, 'nondisparagement agreements are increasingly included in employment contracts and legal settlements' to hide abuses that would otherwise be made public." The Times reports: Employment lawyers say nondisparagement agreements have helped enable a culture of secrecy. In particular, the tech start-up world has been roiled by accounts of workplace sexual harassment, and nondisparagement clauses have played a significant role in keeping those accusations secret... Nondisparagement clauses are not limited to legal settlements. They are increasingly found in standard employment contracts in many industries, sometimes in a simple offer letter that helps to create a blanket of silence around a company. Their use has become particularly widespread in tech employment contracts, from venture investment firms and start-ups to the biggest companies in Silicon Valley, including Google... Employees increasingly "have to give up their constitutional right to speak freely about their experiences if they want to be part of the work force," said Nancy E. Smith, a partner at the law firm Smith Mullin.
Three different tech industry employees told the Times "they are not allowed to acknowledge that the agreements even exist." And Google "declined to comment" for the article.

Double Down

By Anonymous Coward • Score: 4, Insightful • Thread

Ann Lai, a former employee, said in her lawsuit filed in San Mateo Superior Court in California that she had complained to her bosses about sexism, discrimination and inappropriate behavior in the workplace, and that Binary used the nondisparagement provision in her employment contract to threaten her and prevent her from talking about why she had quit her job.

If these threats come in, it is time to double down.

Call the police to report the sexual harassment AND file a lawsuit.
Both of these (reporting a crime to the police and filing a lawsuit) are immune to any silly non-disparagement clause.

An anonymous tip to local and national media reporters about the court docket where the case was filed?
That's just the icing on the cake.

Discourage, rather than enforce

By gurps_npc • Score: 3 • Thread

These types of agreements are always about the threat rather than the act.

That is, they exist not to actually stop people from reporting, but instead to discourage them. No reasonable judge would let you sue someone for reporting a crime.

But most of the time it is not entirely clear their is enough evidence of a crime going on, not until after the trial has begun.

So when your boss fires you after verbally demanding sex, you will think twice about suing, because you know that if you can't prove it, they might go after you. Honestly, chances are very low they would sue you for speaking out and even less that they would succeed.

But the threat of the law suit is enough to stop you from trying, at least unless you have a smoking gun email. (and now adays it is almost always an email.).

Who said anything about a crime?

By Roger W Moore • Score: 5, Interesting • Thread

No reasonable judge would let you sue someone for reporting a crime.

What guarantee do you have that you'll get a reasonable judge? Besides, who said anything about a crime? It is entirely possible for companies to engage in highly unethical, but completely legal, activity e.g. hiring child labourers in third world sweat shops to make their products which now does not happen because it was brought to the publics attention. Zero hour contracts are another example.

Large companies are beginning to have as much power over our lives as governments and this means that they need to start having the same limits on that power as a government.

Right ot not right?

By petes_PoV • Score: 5, Insightful • Thread

Employees increasingly "have to give up their constitutional right to speak freely about their experiences if they want to be part of the work force,"

It would seem that the U.S. has a pretty poor constitution if it can be superceded by contract law.

Isn't the whole point of a country's constitution that it stands above all "lesser" principles and laws.

This matches exactly my experience from 2009

By Anonymous Coward • Score: 3, Interesting • Thread

...except it was a severance agreement. I'd been fired, and there was a reasonably decent (6 weeks of pay) severance agreement. However, it included both the clause that I would never ever make an disparaging statement about the company, nor that I would admit the existence of this severance agreement or disclose any terms in it. This was for a small (few hundred employee) tech company in San Francisco.

I pushed back. I thought it was completely unreasonable to give up a part of my freedom of speech for this. At the time, I thought I might stay in the same general field (I haven't), and it would have been very constraining to never be able to criticize this company again. But, also, on principle, I did not like signing away my freedom of speech like that. What makes me sad is that almost everybody I talked to told me not to be ridiculous, to sign it. I was potentially giving up four weeks of severance pay (beyond the "two week notice" requiredby law), at a time when I'd just been fired and had no other job lined up. I was told by friends that it was irresponsible not to think about my wife and my own economic need for a stupid stand on principle. This makes me so sad, because at least nominally it was exactly these kinds of principles -- freedom of expression -- on which this country was supposedly founded. But, now, people find it childish and unrealistic to stand on principle.

I didn't have any serious complaints about the company at the time. Over the previous ~year it had undergone some reorganization that I thought was destructive, and I thought the circumstances leading up to my firing were particularly stupid, but I didn't have any sexual harassment complaints or anything like that. But, still, just because you don't have a big issue right now does not mean you should sign away a fraction of your freedom of speech for all time.

The other sad thing was that at one point, somebody from HR told me on the phone, "we're not trying to limit your freedom of expression, we just want you to manage your communication". People in the corporate world really believe things like this, which is rather alarming.

In the end, I managed to convince them to change it to "no disparaging statements for a year, no untrue disparaging statements ever". I decided I could live with that. Technically, I'm breaking the agreement right now by talking about it, which is why I post anonymously and don't name the company. I think that's stupid too, but I also know more than to risk putting myself up against the lawyers of even a small company.

IEEE Spectrum Declares Python The #1 Programming Language

Posted by EditorDavidView on SlashDotShareable Link
An anonymous reader quotes IEEE Spectrum's annual report on the top programming languages: As with all attempts to rank the usage of different languages, we have to rely on various proxies for popularity. In our case, this means having data journalist Nick Diakopoulos mine and combine 12 metrics from 10 carefully chosen online sources to rank 48 languages. But where we really differ from other rankings is that our interactive allows you choose how those metrics are weighted when they are combined, letting you personalize the rankings to your needs. We have a few preset weightings -- a default setting that's designed with the typical Spectrum reader in mind, as well as settings that emphasize emerging languages, what employers are looking for, and what's hot in open source...

Python has continued its upward trajectory from last year and jumped two places to the No. 1 slot, though the top four -- Python, C, Java, and C++ -- all remain very close in popularity. Indeed, in Diakopoulos's analysis of what the underlying metrics have to say about the languages currently in demand by recruiting companies, C comes out ahead of Python by a good margin... Ruby has fallen all the way down to 12th position, but in doing so it has given Apple's Swift the chance to join Google's Go in the Top Ten... Outside the Top Ten, Apple's Objective-C mirrors the ascent of Swift, dropping down to 26th place. However, for the second year in a row, no new languages have entered the rankings. We seem to have entered a period of consolidation in coding as programmers digest the tools created to cater to the explosion of cloud, mobile, and big data applications.

"Speaking of stabilized programming tools and languages," the article concludes, "it's worth noting Fortran's continued presence right in the middle of the rankings (sitting still in 28th place), along with Lisp in 35th place and Cobol hanging in at 40th."

MathWorks should be concerned

By 93 Escort Wagon • Score: 3 • Thread

I know a few EE faculty who have moved from using Matlab to using Python. Some of the grad students think the department should take a more active role in encouraging students to do the same - or to eliminate Matlab from courses entirely.

Re:I tried Python

By BarbaraHudson • Score: 4, Interesting • Thread
These surveys are strictly for idiots. For example (to use one of the data sources in the article), information drawn from what recruiting companies say they are looking for are complete garbage, as anyone who has spent much time here knows. Some recruiters are just trolling for new applicants to add to their slushpile, some are adding stuff that's totally irrelevant to the underlying job so that their candidate will look more well-rounded, some are bogus posts to supply HR with practice interviews, some are just posted as a way to be able to say "we looked for expertise in x and y before we hired an H1B (who doesn't know x or y, but it's rarely investigated) ".10 years experience in Java 9 or Windows 10? 5 years experience with Red Hat linux 7.3? We've all seen these shit listings, the same as we've seen the same job suddenly pop up from a dozen different recruiters. It doesn't mean they're looking for 12 people with that experience.

GIGO still applies.

Re:What does this do that Java does not?

By Gojira Shipi-Taro • Score: 4, Insightful • Thread

Not be owned by Oracle.

Easy to read code

By Roger W Moore • Score: 4, Insightful • Thread

The number of spaces preceding a statement determines the scope of that statement? Wow. That seems totally nonsensical to me.

Any more than the presence of a curly bracket 42 lines earlier determines the scope of a statement in C++? I agree it seems strange at first but it is actually really easy to adapt to and by forcing correct indentation it actually makes code easier to read.

Re:I tried Python

By Billly Gates • Score: 4, Insightful • Thread

These surveys are strictly for idiots. For example (to use one of the data sources in the article), information drawn from what recruiting companies say they are looking for are complete garbage, as anyone who has spent much time here knows. Some recruiters are just trolling for new applicants to add to their slushpile, some are adding stuff that's totally irrelevant to the underlying job so that their candidate will look more well-rounded, some are bogus posts to supply HR with practice interviews, some are just posted as a way to be able to say "we looked for expertise in x and y before we hired an H1B (who doesn't know x or y, but it's rarely investigated) ".10 years experience in Java 9 or Windows 10? 5 years experience with Red Hat linux 7.3? We've all seen these shit listings, the same as we've seen the same job suddenly pop up from a dozen different recruiters. It doesn't mean they're looking for 12 people with that experience.

GIGO still applies.

It still is relevant. As much as WE HATE HR they are the gatekeepers. Actually they are nto the gatekeepers. Taleo is the gatekeeper and SEO in LinkedIn and abunch of software programs are. They do the work so companies can be lazy and not have to do their job.

If you do not have that experience you will not be interviewed. That is a fact as your score will be below X and the application will be rejected and HR won't even know you applied.

Part of the problem isn't that they are bogus. It just that HR is incompetent and fall for the salespeople in Taleo who tell them software picks candidates for YOU, not it is there to assist you. Scenario one you need a SAP jr financial analyst assistant who can run reports?

  They ask the IT manager and finance manager. IT manager says yeah it uses SQL Server on the backend etc ... BOOM 5 years of SQL Server administration is now required. HR wants to make sure you know office ... BOOM 5 years Excel macro programming experience required. Now add a shitty HR filter app like Taleo and it generates a job description:
-5 years SQL Server administration experience
-3 to 5 years of Excel financial analysis programming in VBA
- 3 to 5 years of actually doing SAP reports (part of the job that is important)
- Mentions $15/hr because that is net worth of a college kid in accounting as it is a JR. level assistant.

Taleo reports none are q ualified. CEO lobbies senator. They important an Indian H1B1 visa who meets these requirements as no American can do the job and whines how could this happen? etc.

So my guess is some positions do prototyping in python. The HR software now requires 5 years of python coding and you get filtered out if you do not have it even if the position is really a java developer etc.

Anyway done with rant :-)

Ask Slashdot: Someone Else Is Using My Email Address

Posted by EditorDavidView on SlashDotShareable Link
periklisv writes: I daily receive emails from adult dating sites, loan services, government agencies, online retailers etc, all of them either asking me to verify my account, or, even worse, having signed me up to their service (especially dating sites), which makes me really uncomfortable, my being a married man with children... I was one of the early lucky people that registered a gmail address using my lastname@gmail.com. This has proven pretty convenient over the years, as it's simple and short, which makes it easy to communicate over the phone, write down on applications etc. However, over the past six months, some dude in Australia (I live in the EU) who happens to have the same last name as myself is using it to sign up to all sorts of services...

I tried to locate the person on Facebook, Twitter etc and contacted a few that seemed to match, but I never got a response. So the question is, how do you cope with such a case, especially nowadays that sites seem to ignore the email verification for signups?

Leave your best answers in the comments. What would you do if someone else started giving out your email address?

Autocomplete compounds the problem

By Chuck Chunder • Score: 4, Insightful • Thread
I think autocomplete might compound the problem. People get it wrong once and their browser helpfully offers the wrong email in future forms. They send a group email with a wrong address, people reply-all and then everyone's email client thinks it's a known address and helpfully offers it as an autocomplete option in future. I have a first name last name @ gmail account and I get it quite a bit. Sometimes included on some family emails, sometimes emails from lawyers. Some guys Xbox account (who are you Cationicllama88?). Once someone's uber/lyft account, which I presumably could have used. Mostly I just ignore them if it is just some random site someone has signed up to. If it's personal/business then I normally reply pointing out the mistake and then delete the email, those people are generally appreciative of the effort. The ride sharing company was a pleasant surprise, I expected them to be a faceless void but got a real person who sorted it out quickly.

Re:Reset the password on the accounts.

By ShaunC • Score: 5, Insightful • Thread

Yes, exactly. I have the same problem with my Gmail account. Over the years many hundreds of people have mistaken it for their email address, distributed it far and wide, and entered it into all sorts of things. Sometimes I just let it go, especially if a site only sends one "thanks for registering" email. I hit delete and move on. But if the service is a particularly spammy one, I'll use the "forgot password" link, login, change the password, turn off all email-related options, etc.

I used to look for an option to delete the account entirely, but that invariably led to the same people signing back up for the same services again. Occasionally I'll try to do the other guy a favor and tell the sender that they have the wrong address. It usually isn't worth the effort. Someone has a Royal Bank of Scotland account registered to my email and no amount of emailing, filling out their contact form, or tweeting at them ever did any good so I just filtered that domain out.

Not much you can do about people sending random unsolicited communications, though. I've received some really interesting misdirected mail over the years, including some stuff from the European Space Agency, and being cc'd on an NFL player's contract negotiations with a new team.

Re: I have a similar problem

By DigiShaman • Score: 4 • Thread

This happened to me. Some lady signed up as first-initial.middle-initial.lastname@gmail.com when in fact mine is the exact same but with no periods. To this day I get random order confirmations from Sears and medical info. I even know her name and address from the registration to the sites. No, I'm not going to pay her a visit or anything. It only happens a few times a year. But people really need to be clued in on this behavior of GMail. And I agree, it needs to be put to an end from Google.

Re:I have a similar problem

By LostOne • Score: 5, Interesting • Thread

I think you'll find this turns out *not* to be true. What is significant in the "local part" of the email address is *up to the local system* as long as it is in the set of characters that are permitted. Of course, Google (and anyone else for that matter) is perfectly allowed to ignore dots in the local part. But everyone is also perfectly allowed to treat them as significant.

Also, your wiki link does not back up your assertion that "A.BC" and "ABC" must be the same mailbox. It only gives rules on where a dot can appear unquoted in the local part. It does not say that it is to be ignored when routing.

Additionally, decades of operational practice on the Internet also directly violates your assertion. Dots have *always* been potentially significant for a local part. They were required for compuserve addresses back in the beginning, for instance.

NOTE: I am NOT saying that Google is doing things wrong. What they are doing is allowed. They are free to interpret the local part however they want. However, they are NOT required to ignore dots.

Re:Reverse the role

By gweihir • Score: 4, Informative • Thread

This does not go to court. It goes to ICANN arbitration. And unless it is a valid complaint, it will just get rejected directly.

Mozilla's New Open Source Voice-Recognition Project Wants Your Voice

Posted by EditorDavidView on SlashDotShareable Link
An anonymous reader quotes Mashable: Mozilla is building a massive repository of voice recordings for the voice apps of the future -- and it wants you to add yours to the collection. The organization behind the Firefox browser is launching Common Voice, a project to crowdsource audio samples from the public. The goal is to collect about 10,000 hours of audio in various accents and make it publicly available for everyone... Mozilla hopes to hand over the public dataset to independent developers so they can harness the crowdsourced audio to build the next generation of voice-powered apps and speech-to-text programs... You can also help train the speech-to-text capabilities by validating the recordings already submitted to the project. Just listen to a short clip, and report back if text on the screen matches what you heard... Mozilla says it aims is to expand the tech beyond just a standard voice recognition experience, including multiple accents, demographics and eventually languages for more accessible programs. Past open source voice-recognition projects have included Sphinx 4 and VoxForge, but unfortunately most of today's systems are still " locked up behind proprietary code at various companies, such as Amazon, Apple, and Microsoft."

Offline voice recognition

By WaffleMonster • Score: 3 • Thread

Thanks to Nuance voice recognition industry is effectively dead. If Mozilla can make this work in offline mode it would be awesome. Not requiring your every word to be recorded shipped off to third parties would be very useful.

Debian, Gnome Patched 'Bad Taste' VBScript-Injection Vulnerabilities

Posted by EditorDavidView on SlashDotShareable Link
Slashdot reader KiloByte warned us about new exploit for .MSI files named "bad taste". Neowin reports: A now-patched vulnerability in the "GNOME Files" file manager was recently discovered which allowed hackers to create dodgy MSI files which would run malicious VBScript code on Linux... Once Nils Dagsson Moskopp discovered the bug, he reported it to the Debian Project which fixed it very rapidly. The GNOME Project also patched the gnome-exe-thumbnailer file which is responsible for parsing MSI and EXE files inside the GNOME Files app... If you run a Linux distribution with the GNOME desktop it's advisable to run the update manager and check for updates as soon as possible before you become affected by this critical vulnerability.

Mission Accomplished!

By nt2ldap • Score: 4, Insightful • Thread
Looks like the Gnome Project has finally arrived: after years of bending and twisting to get Windows-like behavior out of the Linux desktop (you know, the "sad face" screen that appears when it crashes, oh wait... that would be MacOS!), they've finally done one better -- made Linux vulnerable to Windows malware. This time the trade off was decorations for security. Having already banned smb from our networks, we thought we were safe. Maybe it's time to look for a new DE. I think twm is still in the Fedora repo...

Here's why it works:

By GerbilSoft • Score: 4, Informative • Thread
gnome-exe-thumbnailer is a shell script that uses Wine to do the actual thumbnailing. The script uses Wine's VBScript interpreter to run a small VBScript to extract the icon.

The malicious MSI therefore ends up tricking gnome-exe-thumbnailer into running arbitrary VBScript.

Re:Requires WINE?

By KiloByte • Score: 5, Informative • Thread

Nope, Wine itself is enough, at least on installations which I looked at.

In the other hand, the exe thumbnailer is not an official Gnome project but comes from Ubuntu -- so with all of Gnome's insanities, this one is not their fault.

Re: What the heck?

By Zero__Kelvin • Score: 4, Informative • Thread
No. It isn't the default. You need to install wine. IOW if you are using Linux, and not adding support for Windows garbage, then you have nothing to worry about.

Re:Linux is nothing but a disappointment these day

By Anonymous Coward • Score: 4, Insightful • Thread

Linux of that era was robust and trustworthy.

It wasn't, you just believed that it was.

Grab a fresh install of that vintage, and the NSA and every script kiddie from here to eastern Europe will have three dozen working exploits for it.

Linux at the time was a VERY unimportant target. It wasn't established in the server space yet, and it was all but zero percent of the desktop. It wasn't worth bothering with.

Now that it is, if you use a Linux of that vintage it can be pwned with little more difficulty than Windows 95.

Any OS requires constant security updates to stay in the game.

Kickstarter Campaign Launched To Save NASA's Mission Control

Posted by EditorDavidView on SlashDotShareable Link
Long-time Slashdot reader yzf750 shares sad news about the facility where NASA conducted the Apollo moon landing in 1969: Mission Control at Johnson Space Center is a wreck and this Kickstarter project is trying to save it. The nearby city of Webster, Texas has promised to match Kickstarter funding up to $400,000. The goal is to raise $250,000 to add to the $3.5 million already budgeted by the city of Webster to restore Mission Control.
Contributors on Kickstarter can receive rewards including models of the Apollo 11 command module, lunch with Apollo flight controllers, VIP tours, or a free download of the documentary Mission Control: the Unsung Heroes of Apollo. The Kickstarter campaign was launched by Space Center Houston, which is also contributing $5 million to preserve what's been called a "cathedral of engineering."

In December the Houston Chronicle noted that though Mission Control is listed in America's National Register of Historic Places, "plans to restore it have been discussed for more than 20 years. But its restoration and preservation remain in limbo, with no set date for work to begin."

Not sure why I should fund

By rsilvergun • Score: 4, Interesting • Thread
somebody's pork barrel project. Especially from a State whose House Members and Senators fight against mine. Let's face it, once we could reliably launch satellites there wasn't much point to further space travel outside outside that. Maybe if their Congress Critters would stop trying to shut down Medicare & Medicaid (I've got buddies that depend on it to live) I'd be a little more charitable.

And yeah, the current climate has made me bitter as hell...

Re:Not sure why I should fund

By JoshuaZ • Score: 5, Insightful • Thread
I sympathize with your viewpoint a lot. At the same time, if everyone Blue and Red States decide to not do anything involving money going to the other we'll be in pretty bad shape. On the other hand, it looks almost like the Republicans are trying to make a tax system that disproportionately hits Blue States http://www.latimes.com/opinion/readersreact/la-ol-le-republican-tax-deductions-plan-20170619-story.html so maybe we're already at that point. Here's my suggestion: if you would have donated to this but won't because of the state, instead donate the same amount to a solar charity. The Solar Electric Light Fund http://self.org/ and Everybody Solar http://www.everybodysolar.org/ are both good options.

Mostly False

By fermion • Score: 5, Interesting • Thread
The summary appears to be mostly false, at least by what I have seen and what the linked articles says.

"Mission Control at Johnson Space Center is a wreck " is highly misleading. I don't think there has been unlimited access to the area since I was a kid. Last time I went there you had to pay Space Center Houston a fee and take a lame tour. The kickstarter money, according to the linked article, will be spent acquiring equipment and furniture so they can"accurately portraying how the area looked the moment the moon landing took place on July 20, 1969." While this is a fine goal, I really doubt that they are going to do any net good. Tearing out fragile equipment that no one understand anymore and replacing it with even more fragile equipment that someone got off eBay, claiming that it is original. Seems like someone is obsessed with period instruments.

I am really concerned with a bunch of unskilled amateurs tearing apart mission control. It is part of my life and part of the gulf coast legacy. Sure, if there is damage and existing items need to stabilized or restored go for it. But if we are going to recreate something to make it better tourist trap, that it a problem.

I think that the priority will be tourist over historical integrity. The area has been really pushing for tourist dollars, heavily advertising i the boardwalk and expanding amenities. It is embarrassing to admit, but Space Center Houston is crap, and one reason is that it does prioritize aesthetics over the science. This is fine for the audience, little kids, but now they want to destroy mission control. Restore, yes. Try to return it to a the way it looked on a certain day? Madness. Like all engineering pursuit, Mission Control was always a work in progress, and pretending you can retcon it for tourist dollars is delusional.

Steve Jobs' Life Is Now An Opera

Posted by EditorDavidView on SlashDotShareable Link
An anonymous reader quotes CNN's report on a new project from Pulitzer Prize-winning librettist Mark Campbell: "The (R)evolution of Steve Jobs" is set to open on Saturday night at the Santa Fe Opera, home to the largest summer-opera festival in U.S. The high-tech production, which runs until August 26, jumps in and out of key moments in the Apple founder's life, from early product-development days alongside Steve Wozniak and the launch of the original iPhone, to his wedding day with Laurene Powell Jobs... The opera features an electronic score, developed by Mason Bates, that incorporates sounds from the products Jobs created, including the audio synonymous with turning on an early Macintosh computer. The libretto, or operatic script, doesn't call out words like Apple or iPhone due to copyright issues; instead, it uses descriptors like "one device" to reference the smartphone. "Only one device, does it all," the libretto reads. "In one hand, all your need. One device. Communication, entertainment, illumination, connection, interaction, navigation, inspiration..."
One scene in the high-tech production shows Jobs standing in his family's garage on his 10th birthday. When his father gives him a workbench, the walls around them light up into video screens...

The Santa Fe Opera is innovative, but ...

By chipschap • Score: 3 • Thread

I've been to the Santa Fe Opera many times. They put on great productions in an awesome setting. It might be the greatest summer opera company anywhere. Each summer they do four operas from the (more or less) usual repertoire and one new or innovative production. One great example maybe 15 years back was "L'amour de loin" with Dawn Upshaw singing the principal role.

But an opera about Steve Jobs? Have the hipsters taken over even the southwest?

Granted, there was once an opera about Richard Nixon ("Nixon in China"). Maybe some day there will be an opera about Donald Trump; who knows?

But I think I'd skip the Steve Jobs opera.

Phantom Of The Steve Jobs Opera

By theodp • Score: 5, Funny • Thread

Floating, falling
Sweet intoxication
Touch me, trust me
Savor each sensation
Let the dream begin
Let your darker side give in
To the power of the music that I write
The power of the music of the night

I don't get the cult of Jobs

By rsilvergun • Score: 5, Insightful • Thread
I'll give him this, he did have one really good idea: Market computers & gadgets as high end accessories similar to expensive handbags. But he was an all around asshole with a company built on exploiting people (largely Foxconn employees who get woken up at 3am to make minor changes to his designs). He was also a dick to pretty much everyone (the Wozniak stuff is just the most well known). It's not like this info is hard to come by either. 10 minutes on google looking up well sourced articles will tell you how awful he is. But to hear people tell it he's some kind of wonderful.

Question:

By johnnys • Score: 4, Funny • Thread
Shouldn't it be a "safari" instead?

Let's Encrypt Criticized Over Speedy HTTPS Certifications

Posted by EditorDavidView on SlashDotShareable Link
100 million HTTPS certificates were issued in the last year by Let's Encrypt -- a free certificate authority founded by Mozilla, Cisco and the Electronic Frontier Foundation -- and they're now issuing more than 100,000 HTTPS certificates every day. Should they be performing more vetting? msm1267 shared this article from Kaspersky Lab's ThreatPost blog: [S]ome critics are sounding alarm bells and warning that Let's Encrypt might be guilty of going too far, too fast, and delivering too much of a good thing without the right checks and balances in place. The primary concern has been that while the growth of SSL/TLS encryption is a positive trend, it also offers criminals an easy way to facilitate website spoofing, server impersonation, man-in-the-middle attacks, and a way to sneak malware through company firewalls... Critics do not contend Let's Encrypt is responsible for these types of abuses. Rather, because it is the 800-pound gorilla when it comes to issuing basic domain validation certificates, critics believe Let's Encrypt could do a better job vetting applicants to weed out bad actors... "I think there should be some type of vetting process. That would make it more difficult for malicious actors to get them," said Justin Jett, director of audit and compliance at Plixer, a network traffic analytics firm...

Josh Aas, executive director of the Internet Security Research Group, the organization that oversees Let's Encrypt, points out that its role is not to police the internet, rather its mission is to make communications secure. He added that, unlike commercial certificate authorities, it keeps a searchable public database of every single domain it issues. "When people get surprised at the number of PayPal phishing sites and get worked up about it, the reason they know about it is because we allow anyone to search our records," he said. Many other certificate authorities keep their databases of issued certificates private, citing competitive reasons and that customers don't want to broadcast the names of their servers... The reason people treat us like a punching bag is that we are big and we are transparent. "

The criticism intensified after Let's Encrypt announced they'd soon offer wildcard certificates for subdomains. But the article also cites security researcher Scott Helme, who "argued if encryption is to be available to all then that includes the small percent of bad actors. 'I don't think it's for Signal, or Let's Encrypt, to decide who should have access to encryption."

Re:BS

By thegarbz • Score: 5, Insightful • Thread

Not only is it BS, it's the exact opposite.

Having in the past gotten a DV certificate through a normal vendor and now getting them through LetsEncrypt, it is quite clear that the process for LetsEncrypt is far more robust (actual proof I have access to the server by modifying it's contents as part of the handshake) than what most other CA's offer which for DV is based on little more than faith, and for EV based on talking to someone in an Indian call centre who can't understand you anyway.

Re:Have two cert grades

By thegarbz • Score: 4, Interesting • Thread

There is a solution to this: have two grades of certificates

You're right. There is a solution to this. It was developed 12 years ago in the form of EV certificates and has been in use for a long while along with a far better indicator than the one you proposed:

If you go to https://www.slashdot.org/ you will see a little green lock and the word "Secure"
If you go to https://www.bankofamerica.com/ you will see a little green lock and the words "Bank of America Corporation [US]"

No need for any fancy domain name URL checking.

Green bar and Cert types

By FeelGood314 • Score: 3, Informative • Thread
There are a number of things wrong in the comments so let's clarify them. There are three types of certificates: Extended Validation, Organization Validation and Domain Validation. The green lock only appears for sites with Extended Validation. Extended validation requires the site owner to prove they are a real company, really do own the name in the domain name, i.e. they are not spoofing something, that the DNS record is correct and that they control the domain. These are usually $250 - $500. Organization Validation has some checks and requires proof of control of the domain. It doesn't give you a green lock. Domain Validation only requires that you control the domain to get the cert. It doesn't give you a green lock. It is valuable in that, it prevents man-in-the-middle attacks and ensures that your communication is encrypted, however you have no assurances as to who is behind the domain. Domain Validation certs are usually free. Let's Encrypt only issues Domain Validation Certificates

There is a list of requirements for CAs to obey for granting certs and they are stringently audited and then the auditors are audited. (and one auditor has failed). The EV audits are extremely thorough. Further any EV certificates that are issued now have to be added to a certificate transparency log https://en.wikipedia.org/wiki/..., so all EV certs that have been issued are publicly viewable and now auditable by everyone. (the log is a merkle tree so inclusion in the tree is easy to find and undetected changes are impossible).

Conclusion: If you are going to a website that you expect to be secure for banking or from a reputable company and the lock isn't green then you are likely visiting a spoofed or compromised page. If you are visiting Joe from down the streets cat pic site a DV cert is good enough.

Re: Green Bar is the probem.

By Ultra64 • Score: 4, Insightful • Thread

>Words have meaning

Yes, and you're getting the meaning wrong.

>Secured was never ment to mean 'Encryypted', it was ment 'encrypted and you're talking to who you think you are'

That's still encrypted.

Re: agreed

By corychristison • Score: 4, Insightful • Thread

Personally I believe DANE is the future of secure websites.

CA's could still be useful for vetting entities and ensuring the domain you are connecting to is owned by the Entity you are trying to connect to.

Much like how Extended Validation certs are made, but the CA's would really need to step up their game.

A New Sampling Algorithm Could Eliminate Sensor Saturation

Posted by EditorDavidView on SlashDotShareable Link
Baron_Yam shared an article from Science Daily: Researchers from MIT and the Technical University of Munich have developed a new technique that could lead to cameras that can handle light of any intensity, and audio that doesn't skip or pop. Virtually any modern information-capture device -- such as a camera, audio recorder, or telephone -- has an analog-to-digital converter in it, a circuit that converts the fluctuating voltages of analog signals into strings of ones and zeroes. Almost all commercial analog-to-digital converters (ADCs), however, have voltage limits. If an incoming signal exceeds that limit, the ADC either cuts it off or flatlines at the maximum voltage. This phenomenon is familiar as the pops and skips of a "clipped" audio signal or as "saturation" in digital images -- when, for instance, a sky that looks blue to the naked eye shows up on-camera as a sheet of white.

Last week, at the International Conference on Sampling Theory and Applications, researchers from MIT and the Technical University of Munich presented a technique that they call unlimited sampling, which can accurately digitize signals whose voltage peaks are far beyond an ADC's voltage limit. The consequence could be cameras that capture all the gradations of color visible to the human eye, audio that doesn't skip, and medical and environmental sensors that can handle both long periods of low activity and the sudden signal spikes that are often the events of interest.

One of the paper's author's explains that "The idea is very simple. If you have a number that is too big to store in your computer memory, you can take the modulo of the number."

It's not an algorithm

By johannesg • Score: 3 • Thread

It's a different type of ADC, one that resets when it reaches saturation. So you can forget about using this 'new algorithm' in your existing equipment.

Links to the phase unwrapping problem

By goombah99 • Score: 5, Insightful • Thread

Their paper seems to ignore that this technique isomorphic to the well known phase unwrapping problem. The hard part has always been implementing it at the pixel level. This requires extra transistors, calibrations (because every pixel needs to be the same) and perfect uniformity in manufacturing, as well as a new source of noise. Finally the mathematical problem produces nasty noise unless you can also implement hystersis at the point of the amplitude wrap. If you don't it's going to suck, and if you do then you have even more transistors to implement for each pixel since it's now having to be stateful (know it's earlier state to implement the hysteresis)

https://en.wikipedia.org/wiki/...

https://ccrma.stanford.edu/~jo...

https://www.dsprelated.com/fre...

No, this does not solve the problem.

By dgatwood • Score: 5, Interesting • Thread

This is an interesting approach, and it would work pretty well for things like audio. It might help with the dynamic range of cameras when used at higher ISO settings, but it will not solve the problem by any means. The problem, though, is that in modern cameras, the sensor's pixels also have a maximum capacity, called the full well capacity. The sensor can't physically accumulate more of a charge than its full well capacity, and the DAC is designed so that its clipping point matches the full well capacity of the sensor at its base ISO. So you would still get clipping when the brightness exceeds what would otherwise by the sensor's clipping point at its base ISO, and if it is already at its base ISO, this wouldn't make any difference at all.

IMO, a better approach (which I proposed several years ago) is to sample the sensor and physically cancel out (subtract) the measured charge in the sensor itself, doing this multiple times per exposure to ensure that you don't hit the full well capacity. That approach also has the advantage of letting you do really cool time-based manipulation of the resulting photo. For example, you could do vector-based motion compensation of the individual subframes to dramatically reduce motion blur, compensate for some amount of camera shake, etc.

Even better, if you represent subsequent subframes relative to the previous subframe (e.g. -12 here, +2 there), you'll also usually get a high percentage of zeroes, which means you should be able to losslessly compress the additional subframes to be pretty small on average, potentially giving you the ability to adjust the image motion compensation after the fact to get an image in which motion is blurred more or less, according to taste.

In theory, you could even do bizarre, per-region motion compensation, such as making a baseball appear to be motionless while the bat is swinging at a high speed or vice versa. :-D But I digress.

Fake Paper or just Naive?

By labnet • Score: 3 • Thread

I've skip read the Paper and /. comments, and this reads like mathematical wank by guys that have never touched an oscilloscope.

First, they are waving their hands in the are about a magic 'resetting ADC'... seriously...
Do they even know what reset means? It has to be performed at the hardware level, It has to performed with DC offsetting (from a D/A converter), it has to be performed to 1 least significant bit of accuracy, and the input signal has to be rate limited. No way this will happen for any practical systems without adding artefacts when the offsetting circuitry tries to slew the input within one sample period.

The only real world way I can think of, that still retains DC accuracy, is servoing the input.
This is where a 'counteracting' force is used to subtract from the input... but servoing has hairs all over it, as it has to be super accurate in terms of amplitude and frequency response.

They should have talked to an electrical engineer before spouting off this rubbish.

Re:What genius!!

By green is the enemy • Score: 4, Informative • Thread
I'm an EE. This concept is interesting to me, but then I'm left wondering how they really tackle the problem of signal limits. It's not just that ADC that limits the signal. The amplifiers in the chain also do it. Maybe I should just read about it. The whole self-resetting ADC concept just strikes me as odd. I have a feeling it was invented to improve the dynamic range or sampling rate or reduce the power usage of ADCs, but not to magically sample arbitrarily large signals.

The US And Australia Are Testing Hypersonic Missiles

Posted by EditorDavidView on SlashDotShareable Link
schwit1 quotes Engadget: Both the U.S. and Australia have confirmed that they recently completed a series of mysterious hypersonic missile tests. All the countries will say is that the flights were successful, and that they represented "significant milestones" in testing everything from the design assembly to the control mechanisms. They won't even say which vehicles were used or how quickly they traveled, although past tests have usually relied on Terrier Orion rockets and have reached speeds as high as Mach 8.

The tests are part of the long-running HIFiRE (Hypersonic International Flight Research Experimentation) program, whose first launch took place way back in 2009. They should help bring hypersonic flight to a "range of applications," according to HIFiRE partner BAE. That could easily include ultra-fast aircraft, but it's widely believed the focus here is on missiles and similar unmanned weapons. A hypersonic missile would fulfill the US military's goal of building a conventional weapon that can strike anywhere within an hour, and it would be virtually impossible to stop using existing missile defenses. In theory, enemy nations wouldn't dare attack if they knew they'd face certain retaliation within minutes.

Originally NASA was involved in the project, which has been ongoing for more than eight years. But it's timeline may have shortened after reports that foreign powers including Russia and China are already building their own hypersonic missiles.

Re:It a ppears we, (the US of A) are kinda behind.

By hey! • Score: 4, Insightful • Thread

The reason they didn't use a cruise missile on Bin Laden wasn't civilian casualties. They've never been excessively concerned about collateral damage when going after lower level Al Qaeda officials, why start worrying then? Because they wanted the body -- hard physical evidence that the job was done. It could have been called either way.

Not peace DESTABILIZING ?

By redelm • Score: 3 • Thread

While options might in principle be a good thing, how is this particular weapon system anything other than destabilizing? Short hang time, hair-trigger.

We already have hypersonic missiles, they're called ICBMs (US Trident 3) and MRBMs. Launch one, any everybody watching assumes multiple incoming thermonukes. With the new toys, it might just be conventional explosives. That's going to make anyone abandon "launch-on-warning"? Least of all the US!

Consider the current crop of countries the US considers [potential] hot-war enemies: Would hypersonics keep the Russians out of Ukraine, let alone Crimea? The Chinese off the Pacific sandbanks? The NorKs from developing missiles? ISIS out of Raqqa? Iran from developing nukes? Short-fuse helps _none_ of these situations, and it is tough to think of one which it would.

Purpose of Military tech has changed

By gurps_npc • Score: 5, Insightful • Thread

Look, once you got nukes, the purpose of advancing military tech is no longer to attack other super-powers.

Instead, it becomes a combination of two possibilities:

1) Defeat lesser powers, including both non-nuclear nations and terrorists. They can't match our tech, so we do not need to go head to head against them.

2) BANKRUPT your competitor superpowers. The idea is to force other super powers to spend so much on defense that to keep up, that it limits their other options.

We are not trying to shoot down Russia's missiles. Instead we are trying to make it damn expensive for them to match us.

Which is why they are using other means besides their regular army. Ukraine, hacking, etc.

This is short range

By RhettLivingston • Score: 5, Interesting • Thread
Existing ICBMs are hypersonic on entry. This is being considered something new because it is hypersonic through atmosphere while still under propulsion. That requires a lot more fuel than coasting through space and letting gravity pull you in. This could not hit "anywhere" in minutes because it wouldn't have enough fuel to go through that much atmosphere. It is an advance in short to perhaps medium range missile technology in that it is fast enough to get to a plane or from a submarine to a target before a response can be made.

Linus Torvalds Now Reviews Gadgets On Google+

Posted by EditorDavidView on SlashDotShareable Link
An anonymous reader quotes ZDNet: If you know anything about Linus Torvalds, you know he's the mastermind and overlord of Linux. If you know him at all well, you know he's also an enthusiastic scuba diver and author of SubSurface, a do-it-all dive log program. And, if you know him really well, you'd know, like many other developers, he loves gadgets. Now, he's starting his own gadget review site on Google+: Working Gadgets...

"[W]hile waiting for my current build to finish, I decided to write a note about some of the gadgets I got that turned out to work, rather than all the crazy crap that didn't. Because while 90% of the cool toys I buy aren't all that great, there's still the ones that actually do live up to expectations. So the rule is: no rants. Just good stuff. Because this is about happy gadgets."

So far Linus has reviewed an automatic cat litter box, a scuba diving pressure regulator, and a Ubiquiti UniFi Wi-Fi access point that complements his Google WiFi mesh network.

Linus will be great at this. Just last week I saw him recommending a text editor.

Google Plus!

By kamapuaa • Score: 5, Funny • Thread

I remember Google Plus! I hope after this, Linus gets a MySpace account!

"Waiting for his build to finish"?

By freeze128 • Score: 3 • Thread
I would have thought that if anyone, Linus would have a fast enough system so he wouldn't HAVE to wait for his builds to finish.

Facebook Petitioned To Change License For ReactJS

Posted by EditorDavidView on SlashDotShareable Link
mpol writes: The Apache Software Foundation issued a notice last weekend indicating that it has added Facebook's BSD+Patents [ROCKSDB] license to its Category X list of disallowed licenses for Apache Project Management Committee members. This is the license that Facebook uses for most of its open source projects. The RocksDB software project from Facebook already changed its license to a dual Apache 2 and GPL 2. Users are now petitioning on GitHub to have Facebook change the license of React.JS as well.

React.JS is a well-known and often used JavaScript Framework for frontend development. It is licensed as BSD + Patents. If you use React.JS and agreed to its license, and you decide to sue Facebook for patent issues, you are no longer allowed to use React.JS or any Facebook software released under this license.

Re:Actual License: https://github.com/facebook/rea

By Antique Geekmeister • Score: 4, Insightful • Thread

> This is a ridiculous argument. The number of words in a document does not indicate how comprehensible that document is.

Or how safe. In many contracts, the devil is in the details. GPL has evolved to a longer license, and explicitly included patents in GPLv3, because various companies and individuals have tried to legally and illegally violate its stated goals. The more explicit license of GPL has helped protect us from monopoly control of media and of data, and is now helping protect developers and computer users from patent abuse.

Bad Move, Apache

By bill_mcgonigle • Score: 3 • Thread

Apache 2.0 could be tweaked like this to incorporate what Facebook is trying to do. They really should do it - it's an oversight and does not do enough to squash the patent trolls. Facebook is doing the right thing for the industry, even if the wording needs help. Apache Legal might forget what these licenses are for in a misguided quest for purity.

3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent and copyright licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed.