the unofficial Slashdot digest

Fiber Optics In Antarctica Will Monitor Ice Sheet Melting

Posted by Soulskill in Science • View
sciencehabit writes: Earth is rapidly being wired with fiber-optic cables — inexpensive, flexible strands of silicon dioxide that have revolutionized telecommunications. They've already crisscrossed the planet's oceans, linking every continent but one: Antarctica. Now, fiber optics has arrived at the continent, but to measure ice sheet temperatures rather than carry telecommunication signals. A team of scientists using an innovative fiber-optic cable–based technology has measured temperature changes within and below the ice over 14 months. This technology, they say, offers a powerful new tool to observe and quantify melting at the base of the West Antarctic Ice Sheet.

WTF, the antarctic gets FO before me?

By Nyder • Score: 4, Informative • Thread

Nice, here I live in Seattle, just off of downtown, can't get fiber optics, but hey, whatever. fuckers.

Microsoft Introduces Build Cadence Selection With Windows 10

Posted by Soulskill in Technology • View
jones_supa writes: Microsoft has just released Windows 10 TP build 9860. Along with the new release, Microsoft is introducing an interesting cadence option for how quickly you will receive new builds. The "ring progression" goes from development, to testing, to release. By being in the slow cadence, you will get more stable builds, but they will arrive less often. By choosing the fast option, it allows you to receive the build on the same day that it is released. As a quick stats update, to date Microsoft has received over 250,000 pieces of feedback through the Windows Feedback tool, 25,381 community forum posts, and 641 suggestions in the Windows Suggestion Box.

It's great to see so much community feedback

By Anonymous Coward • Score: 3, Insightful • Thread
Hopefully all this community feedback translates into functional changes in the operating system. They made a huge mistake with Windows 8 by relying on the standard Windows 7 feedback mechanism (that seemingly most people turned off) so this looks like a much better solution with much broader participation.

Re:Does it rape your privacy

By Barlo_Mung_42 • Score: 4, Informative • Thread

It's not rape when you are giving full consent.

Aero yet

By Billly Gates • Score: 3 • Thread

I am waiting for it's return and more sane not all blinding white and borderless pastel colors. Tabs in explorer not implemented yet either.

So much feedback and yet Microsoft ignores it all

By angryargus • Score: 3, Insightful • Thread

The amount of feedback isn't surprising, but I would be surprised if anyone in the Redmond bubble ever made any changes (even slight) in response to any of that feedback. By the time they have a public release they're too far along in their big-company release process to accomodate changes.

Ebola Does Not Require an "Ebola Czar," Nor Calling Up the National Guard

Posted by Soulskill in Science • View
Lasrick writes: David Ropeik explores risk-perception psychology and Ebola in the U.S. "[O]fficials are up against the inherently emotional and instinctive nature of risk-perception psychology. Pioneering research on this subject by Paul Slovic, Baruch Fischhoff, and others, vast research on human cognition by Daniel Kahneman and colleagues, and research on the brain's fear response by neuroscientists Joseph LeDoux, Elizabeth Phelps, and others, all make abundantly clear that the perception of risk is not simply a matter of the facts, but more a matter of how those facts feel. ... People worry more about risks that are new and unfamiliar. People worry more about risks that cause greater pain and suffering. People worry more about threats against which we feel powerless, like a disease for which there is no vaccine and which has a high fatality rate if you get it. And people worry more about threats the more available they are to their consciousness—that is, the more aware people are of them."

American Exceptionalism Strikes Again

By onkelonkel • Score: 5, Interesting • Thread

We assumed we could easily handle Ebola if it came our way, because we are the most powerful and richest country on Earth. What we should have done is asked, "What are our weaknesses? Where is our medical system likely to fail?" Unfortunately we tend to suck at this kind of introspection. If we had asked, the most glaring weakness in our system, "Not everybody has medical coverage", might have been considered. Then when a sick black man recently arrived from West Africa came to the hospital without medical insurance we might have thought "EBOLA" and treated him right away, instead of thinking "poor Nigger, not gonna pay his bills" and sent him home with some Tylenol.

Re:Having a Surgeon General would help

By aralin • Score: 4, Informative • Thread

The only reason why he is "not qualified" is that NRA decided they will "Score" this vote. Congress critters are afraid to tarnish their 100% NRA approved record. *sigh*


By peragrin • Score: 4, Interesting • Thread

The problem is the CDC plan didn't work and the CDC and the hospital completely broke proper isolation procedures.

You never give the care takers permission to leave the town until after they have been isolated long enough to be clean. Let alone when one of them ask for permission to fly when she has a slight fever you say no.

I always figured the CDC could handle a major outbreak. now I don't think they could.

Re:Until we upgrade the dumb bunnies

By Overzeetop • Score: 5, Interesting • Thread

No, that's not leadership, it's damage control and/or preemptive excuses.

Do you remember the last time Obama declared that we "don't have a plan" because the conditions in Syria were complex and required addition time to evaluate the various options? Yeah, that honesty in leadership went over well, despite the fact that he made it clear that evaluating what was an exceptionally complex set of conditions could go horribly wrong if played incorrectly.

Ebola is just another disease without a (nearly guaranteed) cure. There are others out there, right now, which we know even less about (enterovirus, for example). This one is headline grabbing because you bleed out of your asshole. It's like "Ow, My Balls" but grosser for daytime shock newscasts. I mean, really - a facility takes on a patient with inadequate resources to do so, and fails. We're all somehow surprised.

Instead of stating that hospitals are, generally, bad places to isolate transmitted diseases and recommending facilities and transport set up for such work, we go into shit storm finger pointing mode and massive over-reaction. That's not leadership. That's damage control.

Re: Politics

By budgenator • Score: 4, Funny • Thread

American Hospitals are almost always Non-profits.

Google Leads $542m Funding Round For Augmented Reality Wearables Company

Posted by Soulskill in Technology • View
An anonymous reader writes: After rumors broke last week, Magic Leap has officially closed the deal on a $542 million Series B investment led by Google. The company has been extremely tight-lipped about what they're working on, but some digging reveals it is most likely an augmented reality wearable that uses a lightfield display. "Using our Dynamic Digitized Lightfield Signal, imagine being able to generate images indistinguishable from real objects and then being able to place those images seamlessly into the real world," the company teases. Having closed an investment round, Magic Leap is now soliciting developers to create for their platform and hiring a huge swath of positions.

Google = defense contractor

By globaljustin • Score: 3 • Thread

TFA's tech is all an extension of Google Glass in a way

Google's after the defense contractor market now...developing/marketing Glass as a consumer product was an afterthought and mostly for PR, imho

The Future of Stamps

Posted by Soulskill in Technology • View
New submitter Kkloe writes: Wired is running a profile of a gadget called Signet, which is trying to bring postage stamps into the age of high technology. Quoting: "At its core, it is a digital stamp and an app. If you want to send a parcel, you'd simply stamp it with a device that uses a laser to etch it with your name and a unique identifying pattern. After that, the USPS would pick up your package; from there, the app would prompt you to provide the name of the person you're trying to reach." I'm curious whether such a finely-detailed etching can even survive a journey. How far can you expect it to travel before all the handling and sorting make the mark unreadable to the sorting machines in the delivery office? Then you'd have to worry the post office would mark it as a fraudulent stamp (as someone has to pay for the shipping in some way) and either return it or throw it away.

Shipping companies....

By neoritter • Score: 3 • Thread

Shipping companies already do similar things with bar codes etc. So to the question in the summary, yes it should be fine. To the general idea, why? What's wrong with a QR code or a bar code?

Pitney Bowes

By tomhath • Score: 3 • Thread
What does this provide that a postage meter doesn't? He also seems to think the USPS should spend billions retooling how they sort mail.

Complete waste

By Russ1642 • Score: 5, Insightful • Thread

Why re-invent the printer just to stamp a package? All of the major shipping companies let you print out a shipping label already. As for the other stuff, such as having the shipping company look up an address, that can all be done with software provided there's enough incentive to develop it.

This is a really useless idea

By g1powermac • Score: 4, Interesting • Thread
Ok, for a bit of reference, I was a rural mail carrier for awhile. And from being a carrier and talking with fellow carriers after being one I can tell you people don't really send much first class mail anymore. The USPS is now basically converting into the last mile run carrier of packages, both originating from their system and both Fedex and UPS's systems. The local post office I've worked at has at times not been able to handle the sheer volume increase of packages. Now, if people want to ship packages, they can already print their own postage off their computers so this device does nothing for that (and there's plenty of bulk label creation systems for larger shippers which is what I do now). The other fairly large user of the USPS is advertisers using bulk mail rates and they won't use a device like this since they already have permits. So I see little use for this.

The Bogus Batoid Submarine is Wooden, not Yellow (Video)

Posted by Roblimo in Build new • View
This is a "wet" submarine. It doesn't try to keep water out. You wear SCUBA gear while pedaling it. And yes, it is powered by a person pushing pedals. That motion, through a drive train, makes manta-style wings flap. This explains the name, since rays are Batoids, and this sub is a fake Batoid, not a real one. It's a beautiful piece of work, and Martin Plazyk is obviously proud to show it off. He and his father, Bruce, operate as Faux Fish Technologies. Follow that link and you'll see many photos, along with a nice selection of videos showing their creations not just in static above-water displays, but in their natural (underwater) element. Meanwhile, here on Slashdot, Martin tells how Faux Fish subs are made. ( Alternate Video Link)


By SeaFox • Score: 3 • Thread

Instead of wearing myself out kicking my legs swimming and pushing myself through the water, I can now kick my legs peddling and wear myself out pushing myself and a humongous piece of wood through the water with me.

Samsung Acknowledges and Fixes Bug On 840 EVO SSDs

Posted by Soulskill in Hardware • View
Lucas123 writes: Samsung has issued a firmware fix for a bug on its popular 840 EVO triple-level cell SSD. The bug apparently slows read performance tremendously for any data more than a month old that has not been moved around on the NAND. Samsung said in a statement that the read problems occurred on its 2.5-in 840 EVO SSDs and 840 EVO mSATA drives because of an error in the flash management software algorithm. Some users on technical blog sites, such as, say the problem extends beyond the EVO line. They also questioned whether the firmware upgrade was a true fix or if it just covers up the bug by moving data around the SSD.

Re:Wonder what brand is best now... Intel?

By fuzzyfuzzyfungus • Score: 4, Informative • Thread
They had that one a while back where the drive would mysteriously decide that it had a capacity of 8MB, though that has been quashed for some time.

The tricky thing (and I'm not actually certain where they stand on this now) is that Intel's initial reputation was founded on the superior performance and reliability of the in-house controller design that they used in their x-18 and x-25, especially dramatic back when there was some utter garbage floating around (JMicron controllers, OCZ living up to their reputation) and the safe options were comparatively slow and extremely expensive.

Then, for some reason, they just sat and stagnated on that controller design for several generations, and eventually shipped a Marvell controller in order to have something with SATA 6Gb support. Since then, they've released some Sandforce based stuff, and some of their own; but it isn't as clear exactly what "Intel" on the label means anymore.

Anandtech had a WAY better article

By ashpool7 • Score: 5, Informative • Thread

More technical detail as to what is going on.

Classic Samsung...

By Andy Dodd • Score: 5, Informative • Thread

Couldn't write a proper wear levelling algorithm if their life depended on it.

First the MAG4FA/KYL00M/VYL00M data corruption bug that affected the Galaxy Nexus - https://android.googlesource.c...

Then (actually BEFORE it, Google found it during Galaxy Nexus development but Samsung kept it hush-hush - but it became a public issue much later) - the infamous Samsung Superbrick fiasco (If you fired a secure erase command at the chip, it had a chance of permanently corrupting the wear leveller data to the point where the chip's onboard controller would crash until you power cycled it any time you accessed that region of flash). -

Then pre-release 840 PRO devices suffer from the SAME DAMN BUG SAMSUNG HAD BEEN AWARE OF FOR OVER A YEAR - - While this only affected review devices, the fact that this was a known bug since before the release of the Galaxy Nexus (a year earlier) is inexcusable.

Then there was the Galaxy S3 "Sudden Death Syndrome" issue in late 2013... -

Then there were a few other issues -

Now this...

Re:Wonder what brand is best now... Intel?

By tlhIngan • Score: 4, Interesting • Thread

I'd rather go with stable than EXTREME, so I go with Intel. It might not be the fastest around, but we rarely hear about Intel SSD problems.

For SATA SSDs, there's no more extreme. All modern SSDs saturate a SATA-3 bus. If you wonder why they all benchmark at 540MB/sec reads and writes, that's why - SATA is the bottleneck, not the SSD.

PCIe SSDs are where the "extreme" ones go, and even the most conservative ones are pretty damn fast - the old MacBook Air's SSD clocks in at 750MB/sec read and write. I think the newer ones can hit 1GB/'sec now easy.

As for what to buy, well, Samsung, Intel and Toshiba are the general safe bets. Even with this bug, Samsung is still stable, just slow.

Intel's got a history of failure as well, but they seem to have gotten beyond it, and while they're not stunners, they generally are solid.

Toshiba's on the slower end of the scale, but Apple uses them, so they can't be TOO bad.

And yes, I say Apple, but you can see what Dell uses as well. The big OEMs that ship lots of units will generally pick ones that give the least warranty and support issues and thus are more conservative. Plus, recalls are expensive.

If you want to follow someone - pick Apple. Given the way news coverage is, if there's a problem with someone somewhere and their SSD in their Apple product, the whole world would know in a nanosecond. Someone as heavily scrutitinized as Apple (where even one failure in millions of computers sold would probably bring about SSD-gate) means if there is a real problem, you'd already know.


By sonicmerlin • Score: 3 • Thread

VNAND run at current 1X node levels should provide 32x the capacity for similar cost. Instead Samsung is using their tech to release 4X node level SSDs with similar capacity but double the cost of 1X node level 2D NAND. When the heck are we going to have some competitors come in with their own VNAND tech and bottom out the SSD market? They should even be able to achieve greater cost per byte effectiveness than HDDs.

NPR: '80s Ads Are Responsible For the Lack of Women Coders

Posted by Soulskill in Technology • View
gollum123 writes: Back in the day, computer science was as legitimate a career path for women as medicine, law, or science. But in 1984, the number of women majoring in computing-related subjects began to fall, and the percentage of women is now significantly lower in CS than in those other fields. NPR's Planet Money sought to answer a simple question: Why? According to the show's experts, computers were advertised as a "boy's toy." This, combined with early '80s geek culture staples like the book Hackers: Heroes of the Computer Revolution, as well as movies like War Games and Weird Science, conspired to instill the perception that computers were primarily for men.

Re:1..2..3 before SJW

By LWATCDR • Score: 5, Informative • Thread

"If you listen to the NPR segment, they have a couple of women who were former compsci majors give accounts of how the men in their classes denigrated them and mocked them for missing some knowledge. "
That is not sexism. Guess what? They did the exact same thing to males in the class.
I have read studies that show that women do better in all women schools because men tend to compete and display while women tend to co-operate.


By serviscope_minor • Score: 4, Insightful • Thread

No, perhaps you should learn to read, or perhaps learn to ont read things which aren't there. But ayway your "argument", that is more or less:

feminism is anti feminism because it implies women are weak and therefore we shouldn't actually be doing anything

is crap. Women are human. Humans are herding creatures and on the whole hate being the odd one out. Therefore a big gender imbalance is offputting.

Does that mean humans are weak? Possibly. Does that matter? No, not really.

Re:Can we stop trying to come up with a reason?

By PopeRatzo • Score: 4, Insightful • Thread

A womans contribution requires 9 months, during which time any distraction, disruption or stress can cause the "person creation" process to fail catastrophically.

If that were true, the human race would have become extinct long ago. Pregnant women are actually pretty robust and remain capable of just about anything (except becoming pregnant again) for the great majority of the 9 months.

At the end of the day, the problem is people like you...

That's not the best way to start a sentence in which you care to make a point.

Re:All the movies had women in business

By Aighearach • Score: 4, Insightful • Thread

Actually you underscore the lack of socialization during programming. Your attempted counter example shows your social meter is differently calibrated than average people. You accept a very tiny bit of edge dialogue as a replacement for continued socialization all day in typical office jobs.

The loner might not be a hermit in the mountains, it doesn't change that the job is primarily solitary, even when coordinating with a large team.

Re:1..2..3 before SJW

By NotDrWho • Score: 5, Insightful • Thread

I'm sorry, but wtf is your point? Are you saying that we should be hostile to women instead of nice, or nice instead of hostile, or that we should completely ignore them?

You say that men who are mean to women chase them off. Then you say men who are nice to women chase them off. And I'm pretty sure you would say that men ignoring women would chase them off. SO WHAT THE FUCK DO YOU SUGGEST?

Cell Transplant Allows Paralyzed Man To Walk

Posted by Soulskill in Science • View
New submitter tiberus sends word of a breakthrough medical treatment that has restored the ability to walk to a man who was paralyzed from the chest down after his spinal cord was severed in a knife attack. A research team from the UK, led by Professor Geoff Raisman, transplanted cells from the patient's nose, along with strips of nerve tissue from his ankle, to the place where the spine was severed. This allowed the fibers in the spinal cord to gradually reconnect. The treatment used olfactory ensheathing cells (OECs) - specialist cells that form part of the sense of smell. ... In the first of two operations, surgeons removed one of the patient's olfactory bulbs and grew the cells in culture. Two weeks later they transplanted the OECs into the spinal cord, which had been cut through in the knife attack apart from a thin strip of scar tissue on the right. They had just a drop of material to work with - about 500,000 cells. About 100 micro-injections of OECs were made above and below the injury. Four thin strips of nerve tissue were taken from the patient's ankle and placed across an 8mm (0.3in) gap on the left side of the cord. ... Two years after the treatment, he can now walk outside the rehabilitation center using a frame.

Is the article overstating or understanding?

By MobyDisk • Score: 3 • Thread

Can someone clarify the discrepency here?

Dr Tabakow carried out an initial trial involving three paralysed patients who each had a small amount of OECs injected in their damaged spinal cords. While none showed any significant improvement, the main purpose of the study was achieved, showing that the treatment was safe.

Prof Wagih El Masri said: "Although the clinical neurological recovery is to date modest, this intervention has resulted in findings of compelling scientific significance."

Darek Fidyka, who was paralysed from the chest down in a knife attack in 2010, can now walk using a frame.

So the doctors think that going from paralyzed to walking is modest and insignificant? Were they not talking about the same patient? Something doesn't make sense here.

So now he has no nose?

By Lucas123 • Score: 3 • Thread

How does he smell?


(Forgive me. The first image that came to mind when I read this story was the movie "Sleeper", when they were trying to clone the assassinated leader using his nose.)

Re:Is the article overstating or understanding?

By qbast • Score: 4, Informative • Thread
I think it is referring different cases - initial trial involving three patients while not successful at least showed that treatment is safe. New attempt on Mr. Fidyka went much better.

some bladder and bowel sensation and sexual functi

By morgauxo • Score: 4, Interesting • Thread

He has also recovered some bladder and bowel sensation and sexual function.

I'm happy to not be paralyzed and certainly hope to stay that way. But, if I was... I think these functions might be even more important to me then getting my legs back. Don't get me wrong, not being able to stand or walk would really suck. But.. a person with no leg function might get along in a wheel chair. Shitting oneself and not being able to enjoy sex... there just isn't a chair for that.

Wrong summary - it was operation by a Polish team.

By Moskit • Score: 3 • Thread

A research team from the UK, led by Professor Geoff Raisman, transplanted cells from the patient's nose


UK team researched it TOGETHER with Polish team. TFA mentiones both teams, and two leading doctors, one in UK, one in Poland.

Polish team performed the actual transplantation (practical part). It was led by a Polish doctor.

It's $%&^ Enigma all over again, "solved" by British who conveniently forgot it was Polish team who solved it first.

Ask Slashdot: Event Sign-Up Software Options For a Non-Profit?

Posted by timothy in Technology • View
New submitter don_e_b writes I have been asked by a non-profit to help them gather a team of volunteer developers, who they wish to have write an online volunteer sign-up site. This organization has a one large event per year with roughly 1400 volunteers total.I have advised them to investigate existing online volunteer offerings, and they can afford to pay for most that I've found so far. In the past two years, they have used a site written by a volunteer that has worked fine for them, but that volunteer is unavailable to maintain or enhance his site this year. They believe the existing online volunteer sign-up sites are not quite right — they feel they have very specific sign-up needs, and can not picture using anything other than their own custom software solution. I am convinced it's a mistake for this non-profit to create a software development team from a rotating pool of volunteers to write software upon which it is critically dependent. How would you convince them to abandon their plan to dive into project management and use an existing solution?

Kind of a solved problem.

By Animats • Score: 5, Informative • Thread

Here's a list of 62 volunteer-management packages. Some are web based. Some are free. Somewhere in there should be something that solves your problem.

the heart of the matter

By Anonymous Coward • Score: 5, Insightful • Thread

They're being lazy, and you're being lazy. Let me give you some real get-shit-done dealing-with-dullards project management 101.

When an organization feels they must use custom developers it's often because of those "unknown unknowns" in the non-existent specification that they want to make up as they go along because they cannot sit down and concentrate long enough to commit it to paper. You should not accept this. If you do, you shouldn't be in this business. Your job is to MAKE them decide on the specifications. If you think it's someone else's job, but nobody is doing the job, then guess what - it's your job, because your job is to do the fucking project correctly.

Mock it up SCREEN BY SCREEN ON PAPER, button by button, every edge case handled. Nail down every field, every possible error condition. Hold meetings with simulations waving bits of paper around to simulate swiping, button clicking, and result pages. Do not stop until you have a "working" piece of software that exists entirely in paper mockup that everyone agrees will solve all their problems. Tell them it is crazy to start coding until you get to this point because it's like starting work on a custom engine before you know if it's going into a car or truck. There is no reason not to do this, and nobody does this, because people are stupid and don't understand how software development works, and they think they can write the spec as they go along and the developers will just adapt and figure it out. It's our fault for being so adaptable on 90% of late-stage feature requests that come through, and it makes us feel like the 10% that kill us are actually our own inadequacies.

Then you write it up formally (as briefly as possible, preferably with shiny pictures or a pop-up book if you can) and you tell them this is the specification. You get signatures. You create an Appendix A that says that any feature request is a change to the scope, and that changes require a new Appendix, and also make them sign something that acknowledges that any appendices may necessitate starting ALL CODING FROM SCRATCH AGAIN, and that if the appendix is added because of something they "forgot" or "didn't think of until they had a chance to actually use the UI" then they take full responsibility for not thinking about the mockups hard enough.

Once that nightmare is over (which should be 3/4 of the cost of the project if you're getting paid), then you try to match their needs to a piece of existing software. Only if they truly have requirements that do not exist do you accept a custom development project.

The rotating pool of volunteers is of far less importance. A shitty implementation and customization of a third-party system can be just as confusing as a custom code project for new volunteers coming in, though arguably slightly less so, so it is certainly preferred.

Boil it down to cost

By plover • Score: 5, Insightful • Thread

A couple of years ago, I was asked to be the registration chair for a national event, which we successfully held this spring. All previous events had been run strictly on paper-and-pencil mail-in forms, but that involves a lot of manual work, including a lot of last minute work at the event door. I looked long and hard at various open source and commercial event management offerings, and I spoke to other people who ran similar events. Based on recommendations from other event organizers, I landed on regonline as a good blend of features and customizability, even though it was a bit expensive (though they offer a discount for a 501(c)(3) organization.) What it came down to for me was effort. I wouldn't have time to set up all the hosting needed, to install and configure the software, or to integrate with a payment gateway, and I got a lot of really valuable features from their system. I didn't want us to make our attendees suffer through hour-long lines at a registration booth. And I was able to provide instant reports to the conference chair, who used them to help run the event smoothly.

Something it sounds like you need to do here is figure out "who is the Registration Chair"? If it's you, your only question to the Event Chair should be "what is my budget?" Base your solution on the bottom line. If your budget is $5/registrant, and it includes lanyards and ID cards, your options are wide open. If your budget is $0.50/registrant, and you have to use a box of old "Hello my name is..." stickers, your options are a bit more limited. The important thing is: the Registration Chair is in charge of registration. He or she decides how to best solve the problem, not "here are some random developers, you must write us a site."

One thing that still isn't clear is why you would have to "write" a new site. It sounds like you created one a few years ago, and then another, and then another. I realize your group is a precious snowflake, completely unique in the world, but events really are just events. They all have web sites, registrants, admins, venues, agenda items, merchandise, travel, lodging, taxes, payments, receipts, badges, volunteers, and reports. And there is nothing in that list you can't get from the marketplace. Ultimately, if you absolutely can't use a packaged solution because of [illogical rationale], you should only need to have someone reconfigure the existing site. That's a lot less effort, perhaps not much more than c/2014/2015/g

Finally, if you're taking payments on line, you're going to run into extra effort and risk to interface with them. No matter what, you really, really don't want to be responsible for someone else's credit cards. Not these days. The risk is more than you can imagine. If that's something you can foist off on a third party, you'll keep a ton of liability out of your organization.


By Mathieu Lutfy • Score: 3 • Thread

They should only go with custom code up to a certain extent. The organization should have the freedom to choose its own service provider (including volunteers). I'm probably stating the obvious, but if there is too much custom code they will be forced to spend a lot to rewrite code when volunteers rotate (and most likely will want to roll their own fancier solution), spend a lot of energy/time/money to maintain the code, or have difficulties finding volunteers who want to get involved in such a mess.

I don't know the specifics of your use-case, but CiviCRM is a Free Software contact relationship management software aimed specifically at non-profits. It has a large community of users and developers. While the community mostly operates on non-profit budgets, it includes users such as the FSF, EFF, Wikimedia, sub-orgs of UNESCO, Amnesty International, NY State Senate, etc. I use it for my small local clients, but I'm happy to be able to pool ressources with such organisations.

While turn-key tools can only do so much, you would probably have better chances of customizing that to fit your needs, and in the long term, the organization can turn to specialized service providers if necessary, without restarting from scratch.

Heck, worst case, if your volunteers are PHP-averse and don't feel like spending too much time customizing the application, you can write just a front-end application to it, and use the CiviCRM REST API to store the data. Writing a whole new application just for that seems like a huge waste of ressources, and does not seem sustainable. An event management tool has a ton of small but critical features to think about.

If they think it will be hard to learn an existing generic tool, imagine how hard it will be for new staff/volunteers to use a completely custom tool. Not to mention that if your organisation has an aim of promoting common good, community building, etc, they should also participate in existing Free Software projects :)

Go to Staples with a $20 bill

By paiute • Score: 3 • Thread
95% of all projects like this, including in large corporations, would have cost less overall if they had just used index cards in metal boxes.

Google Adds USB Security Keys To 2-Factor Authentication Options

Posted by timothy in Management • View
An anonymous reader writes with this excerpt from VentureBeat: Google today announced it is beefing up its two-step verification feature with Security Key, a physical USB second factor that only works after verifying the login site is truly a Google website. The feature is available in Chrome: Instead of typing in a code, you can simply insert Security Key into your computer's USB port and tap it when prompted by Google's browser. "When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished," Google promises. While Security Key works with Google Accounts at no charge, you'll need to go out and buy a compatible USB device directly from a Universal 2nd Factor (U2F) participating vendor.

Re:USB Device Recommendation

By TWX • Score: 5, Funny • Thread

So, what is a good USB device for this?

Probably one whose controller firmware hasn't been compromised...

Re:Where is the NFC 2-factor?

By swillden • Score: 5, Interesting • Thread

I don't see how fumbling around with USB sticks is much better.

I use a YubKey NEO-n. It's a tiny device, only extends from the USB port by a millimeter or so... just enough that you can touch it to activate it. I just leave it plugged into my laptop all the time, so there's no "fumbling with USB sticks", I just run my finger along the side of the laptop until it hits the key. It's extremely convenient.

There's an obvious downside of leaving the key plugged into your laptop, of course. If someone steals your laptop they have your key. However, in order to make use of it they have to have (or guess) your password as well, so it's really only a risk if someone is specifically targeting you, in which case they could also steal your phone. Well, it's also a problem if you use a particularly lousy password, and if you don't notice that the laptop/key are gone soon enough that you can disable the key before the attacker guesses your password.

FWIW, Google switched to using security keys for corporate account authentication a while ago. Google's security operations team determined that the risk of theft of a security key is actually lower in practice than the risk that an employee's phone-based OTP might be phished. I would have thought that Google employees were too smart to be phished... but I suppose resistance to phishing attacks is as much about social intelligence as anything else, and Google hires a lot of socially inept people.

Re:Dongle Bells!

By creimer • Score: 4, Informative • Thread

You mean a serial port? I bet yours does and you didn't even know it.

The OP mentioned Commodore 64 dongles that typically plugged into the 9-pin joystick ports, which were compatible with the Atari 2600 joysticks. The 9-pin connector for the joystick ports were also used for serial ports on the PC, although I think that came later as 25-pin serial connectors were still common on modems in the early 1980's. Early PCs had a 15-pin game port on the old SoundBlaster cards. Don't recall if anyone made a 9-pin to 15-pin adapter to plug in the old Atari 2600 joysticks.

And if it doesn't?

None of my PCs have serial ports on them. I had to get a USB serial adapter to be able to console into my Cisco rack.

Man In The Browser Attack

By icknay • Score: 3 • Thread
It's great the Google is trying to advance this. The attack to worry about is "Man In the Browser" MITB

MITB is the difficult case, and the way that bank accounts get emptied. The bad guy has malware on the victim computer, and the malware puts up web pages, and of course it can just lie about the url bar. So then the bad guy puts up the fake bank web site, and the victim type in the 2-factor code or whatever, and now the bad guy has it. Obviously Google knows about the MITB case. Does this thing have some sort of MITB mitigation? I'm guessing it does something. Hey Google, what do you say?

The classical solution to MITB is that the little key has its own display, so it can show "Confirm transfer $4500 to account 3456" - showing the correct info to the "victim" even if their laptop is compromised. Basically, keeping the usb key itself from getting malware is feasible, while keeping the laptop or whatever clean is not.

Re:Yet another Chrome-only technology

By Minwee • Score: 5, Funny • Thread

It's really sad to see Google turning inwards like this. What happened to working towards open standards for such things?

Too true. Couldn't they have used an open standard like FIDO's U2F instead of using proprietary technology like...

Wait, what was your objection again?

Your Online TV Watching Can Now Be Tracked Across Devices

Posted by timothy in Entertainment • View
itwbennett (1594911) writes A partnership between TV measurement company Nielsen and analytics provider Adobe, announced today, will let broadcasters see (in aggregate and anonymized) how people interact with digital video between devices — for example if you begin watching a show on Netflix on your laptop, then switch to a Roku set-top box to finish it. The information learned will help broadcasters decide what to charge advertisers, and deliver targeted ads to viewers. Broadcasters can use the new Nielsen Digital Content Ratings, as they're called, beginning early next year. Early users include ESPN, Sony Pictures Television, Turner Broadcasting and Viacom.

Re:All the more reason to get an antenna.

By enjar • Score: 5, Informative • Thread

I live in the Boston metro area about 25 miles away from the broadcast towers and I get ABC, CBS, NBC, CW, FOX, two PBS and a couple independents. There are a couple Spanish channels and a shopping channel. There are subchannels on each so it ends up being something like 25 channels available. Some of them run reruns and old movies, for sure, but I get first run of anything on broadcast (goes into the TiVo), plus PBS has a lot of decent programming.

We also have Netflix and Amazon Prime but if you do your homework using sites like and you can get an antenna that's correctly sized and point it in the right direction, in addition to getting a rough idea of what you should be able to receive from your location.

Re:Ads Ads Ads Ads Ads Ads And More Ads Ads Ads Ad

By CastrTroy • Score: 4, Insightful • Thread
My thoughts exactly. It's obvious that Netflix can track you across devices because you are signed into your account and profile. They've been able to do this since they started streaming videos. I don't see how this has anything to do with advertisements though, as Netflix is a pay service and does not show any ads.

TPB isn't just cheaper.

By serviscope_minor • Score: 5, Interesting • Thread

TPB isn't just cheaper than other services it's better. In fact that's the main thing. Advantages of TPB:

* No Ads during the show (though I have to concede that impossibly proportioned women do appear to want to date my testicles).
* Huge library including some obscure stuff you can't buy.
* Great search.
* All shows in one place.
* No DRM: watch on any device you like, laptop, phone, random set top box.
* No streaming bullshit. Works online or off, on a flakey connection or a good one.
* Variety of different resolutions and qualities allowing you to trade off quality and download speed.
* Great clients for managing multiple downloads.
* Really great options for viewing the media. MPlayer I love you.
* Timely: the shows are usually online very fast. No waiting years for it to arrive legally. Yes that still happens.
* No ausive region coding (see no DRM). Yes I own those discs legally. No I'm not going to pay to buy another DVD player just to satisfy some abusive jerkweeds who think I'm some sort of crook for having lived abroad.
* No net connection required to watch the shows once acquired.

And now:

* Doesn't creepily track you.

It's amazing how much better a service you get while sailing the seven seas and looting the merchentmen, arr, matey.

Re:Sounding another death knell for cable companie

By tlhIngan • Score: 5, Informative • Thread

I don't mind analytics in general, but don't assume that they will help rescue your favorite show by proving that there is a big following. Managers will just slice and dice the analytics until it "proves" that the show doesn't have a big enough viewership to continue.

Even worse, it doesn't matter if 10,000,000 watch a show.

The Neilson numbers come in several forms. The ones you see daily are called "Live and Same Day" (L+SD), which counts views that watched the show live and within 24 hours of airing. Other numbers you can easily find are Live+3 days (L+3) and Live+7 (L+7).

But none of those numbers are actually used by anyone. That's why Neilson gives them out for free. No one's paying for that information, nor will they ever. And that's not where they make their money.

The real money is in the C3 number, or if you're CBS, you convinced advertisers to take C7 numbers. What are these? They're commercial ratings (for programming watched live to 3 days later). Basically you take the L3/L7 numbers, strip out the numbers while the program is showing, and you're left with just the numbers related to the advertising. And that's the number that makes Neilson money and the number stations pay money for. And yes, you skip ads on your DVR, which pull down those C3 numbers because it lowers the viewers for the advertising.

And that's because the largest source of income is advertising. Sure they get some through cable fees and Hulu and iTunes/Amazon/DVD etc. sales, but that's a tiny fraction of advertising.

CBS managed this season to convince advertisers to pay the C7 rate rather than C3, because well, it more accurately reflects today's lifestyle of people who record a show and watch it later in the week.

And that's all that matters. It doesn't matter if you can find 100,000,000 people to watch a show - if it's not reflected in those 100,000,000 people watching the ads.

It also brings up cord cutters who prefer to download their TV programming from torrents and such - as far as the industry is concerned, they don't care because those people don't add to advertising ratings.

Even under the new system - the new system just means that Neilson can more accurately measure their ratings, but if you're not watching the ads, it means jack squat to the producers.

So that super popular show people pirate? Guess what, the TV industry really doesn't care - you never were a "customer" and it doesn't matter if only 1M people watched it on TV while 100M people watched it off torrents - if those 1M people can't justify the ad rates and production costs, it's getting canned. The 100M other people? Too f'in bad - if it was that good, they should've watched it with ads.

If you ever wondered why worrying over TV piracy has subsided, that's one reason (who cares about pirates - they obviously don't care about their TV show), the other is they've found legal streaming to be even better. Because if they put a stream online to watch programming, they can make it such that you can't skip ads, and that's actually worth something - enough to pay for the effort of putting an online stream up. So you beat both DVR owners and appear as a hero for making a legal source available.

Bonus material - 2014-2015 TV season ad rates (30 second spot). This is what brings in the money.

Re:Ahh but

By khellendros1984 • Score: 5, Informative • Thread
I'm paying some god-awful amount of money for satellite every month (my wife handles the exact amount, but it comes out of my paycheck). It includes a DVR. Fairly often, I forget to record something that I could've recorded and watched legally. Streaming on Netflix? No. Hulu? No. The network's site? No. The satellite's On Demand service? No. Hmmm, sounds like it's torrent time, if I want to watch whatever it was. Of course, most of the time it's not worth the effort. I'll wait a few months for a rerun, or a few years for it to show up on Netflix, or something.

'Microsoft Lumia' Will Replace the Nokia Brand

Posted by timothy in Mobile • View
jones_supa writes The last emblems of Nokia are being removed from Microsoft products. "Microsoft Lumia" is the new brand name that takes their place. The name change follows a slow transition from over to Microsoft's new mobile site, and Nokia France will be the first of many countries that adopt "Microsoft Lumia" for its Facebook, Twitter, and other social media accounts. Microsoft has confirmed to The Verge that other countries will follow the rebranding steps in the coming weeks. Nokia itself continues as a reborn company focusing on mapping and network infrastructure services.

Re:Not a very exciting name

By Anonymous Coward • Score: 4, Informative • Thread

In Spanish "lumia" is an old word for prostitute. It is not of common use but it shows like that in the dictionary:

Re:The holy trinity ...

By Nemyst • Score: 4, Funny • Thread
Feels like they remembered the mantra but not that the last step was supposed to apply to competitors.


By roc97007 • Score: 4, Funny • Thread

"Microsoft Lumia. Because it will function as a flashlight."


By pushing-robot • Score: 5, Funny • Thread

The correct word is "bungle". A bungle of idiots.

Coincidentally, the same collective noun is used for managers. Microsoft seems to have both in great abundance, as well as a muddle of analysts and a quandary of advisors.

Re:Which no one will buy

By Uecker • Score: 4, Insightful • Thread

The numbers seem to imply other wise. Profitable with increasing sales before and loss-making and collapsing sales after declaring Symbian dead and switching to Windows Phone. In don't doubt that there was infighting which delayed things a lot, but the awesome N9 and its brother (with keyboard) were ready before Lumia - even when it took a long time, they had their own modern smartphone OS which got a lot of praise. And then there was always Android as an option. Switching to Windows Phone which was already loosing on the market was simply the most stupid thing to do. Overwhelmed By Recall For Deadly Airbags

Posted by timothy in Management • View
darylb writes "The NHTSA's website appears to be suffering under the load of recent vehicle recalls, including the latest recall of some 4.7 million vehicles using airbags made by Takata. Searching recalls by VIN is non-responsive at present. Searching by year, make, and model hangs after selecting the year. What can sites serving an important public function do to ensure they stay running during periods of unexpected load?" More on the airbag recall from The New York Times and the Detroit Free Press.

Be competent?

By h4ck7h3p14n37 • Score: 3, Insightful • Thread

How about building your tech stack so that it can be scaled up/down on-demand? I'm using Rackspace and we have dedicated servers along with cloud servers. I can add or remove cloud servers as needed and also have the load balancers updated.

If you're just doing reads against a database, it's straightforward to add additional replicas (we use MongoDB with replica sets, don't have enough data for sharding yet). If you need to do any processing, then you should build a grid compute system where you can just add additional compute nodes. We're using RabbitMQ along with Celery. Granted, this strategy ignores issues like a saturated network, but our provider is responsible for dealing with that.


By Richy_T • Score: 3, Insightful • Thread

What can sites serving an important public function do to ensure they stay running during periods of unexpected load?"

Not be created and run by government which has very little interest in ensuring the success of legislation which has already passed. There's the next election to think about, don't you know and those pesky Republians/Democrats [delete as applicable] are going to destroy the world if you don't vote in our slightly less scummy candidate.

Re:No problem

By Bengie • Score: 4, Informative • Thread
Airbags are for your head, seat belts are for your torso. If you enjoy slamming your head into your steering wheel, go ahead and disable your airbag. Even more fun are videos of an asymmetric head-on collision that favors one side over the other. The test dummies slam their heads into the frame of the car unless you have properly working forward and side airbags.

Re:We need to do it lke Europe.

By enjar • Score: 4, Insightful • Thread

I've received a few recall notices over the years for the cars I own. I followed the instructions on the form, made an appointment with the dealer, dropped the car off, then they did their thing. I never had to pay a dime.

You might be confusing a recall with a technical service bulletin. They are not the same, although a TSB can turn into a recall in certain cases -- and that happened in one case, for which I was refunded the money I'd paid for the service. All the recall notices I've received have had language on them to this effect, that if you repaired the car on your own dime (and can product a receipt) that they will reimburse you.

And if you buy a used car, it's probably worth the time to check for recalls. It's a similar situation for any consumer product you might pick up off Craigslist or from a private sale. We have a couple of kids and children's products are also notorious for this, since there's quite a "hand me down" / "cash sale" market that exists when your kids outgrow something and you don't need it any more.

Build for peak, not average

By Princeofcups • Score: 3 • Thread

Any critical system should run at 90% idle if it is going to handle peak demands. When the bean counters insist on scaling based on average load instead of peak usage, things always come crashing down.

Delivering Malicious Android Apps Hidden In Image Files

Posted by timothy in Mobile • View
An anonymous reader writes "Researchers have found a way to deliver a malicious app to Android users by hiding it into what seems to be an encrypted image file, which is then delivered via a legitimate, seemingly innocuous wrapper app. Fortinet malware researcher Axelle Apvrille and reverse engineer Ange Albertini created a custom tool they dubbed AngeCryption, which allows them to encrypt the payload Android application package (APK) and make it look like an image (PNG, JPG) file . They also had to create another APK that carries the "booby-trapped" image file and which can decrypt it to unveil the malicious APK file and install it. A malicious app thusly encrypted is nearly invisible to reverse engineers, and possibly even to AV solutions and Google's Android Bouncer." (Here's the original paper, from researchers Axelle Apvrille and Ange Albertini.)


By hawguy • Score: 3 • Thread

So they've "invented" Steganography?

Re:android = windows

By tepples • Score: 4 • Thread
If the malware didn't need root to enable itself as a device admin, then you don't need root to disable it. Most Android malware that makes the news is not the alleged "malware" installed by carriers, and besides, that's easily avoidable by buying Nexus or Google Play Edition devices and avoiding VZW and Sprint.


By gstoddart • Score: 4, Funny • Thread

Bah, why do you think all crypto discussions are about exchanges between Alice and Bob? :-P

Re:So you have to install an app...

By AmiMoJo • Score: 5, Insightful • Thread

It won't work on an Android device unless you first enable the ability to side load apps, click through all the warnings, then re-start the trojan, click through the side load app warning, and finally click through the new app installation screen and permission list.

Re:Windows Phone Store payment

By tlhIngan • Score: 4, Interesting • Thread

Google (like Apple), wants your credit card info for the play store

You can have an account without a credit card on both.

It's just a bit tricky, and it relies on the fact that if you try to make an account through "the front door" then yes, you need a credit card or other payment option.

But if you go through the "back door" it works just fine.

For iOS, what you do is you try to buy a FREE app. This will ask you to create an account, and will not ask for payment details (because the app is free). And now you have an account without an attached credit card.

Android is the same - just buy a free app.