Alterslash picks up to the best 5 comments from each of the day’s Slashdot stories, and presents
them on a single page for easy reading.
Can We Replace YAML With an Easier Markup Language?
On his personal blog, Red Hat's Chris Short (also a CNCF Cloud Native Ambassador) told his readers that "We kinda
went down a rabbit hole the other day when I suggested folks check out
yq. ("The aim of the project is to be the
jq or
sed of yaml files.")
"First, there's nothing wrong with this project. I like it, I find the tool useful, and that's that. But the great debate started over our lord and savior, YAML."
And then he shares
what he learned from a bad experience reading the YAML spec in 2012:
It was not an RFC, which I am fond of reading, but something about the YAML spec made me sad and frustrated. Syntax really mattered. Whitespace really mattered... It is human-readable because you see the human-readable words in the scalars and structures, but there was something off-putting about YAML. It was a markup language claiming not to be a markup language. I held the firm belief that markup languages are supposed to make things simpler for humans, not harder (XML is the antithesis of markup languages, in my opinion)...
Close to ten years later, I see YAML in the same somewhat offputting light... I hope that a drop in replacement is possible. The fact that we need tools like yq does show that there is some work to be done when it comes to wrangling the YAML beast at scale... Incrementally, YAML is better than XML but, it sucks compared to something like HTML or Markdown (which I can teach to execs and children alike)...
Yes, balancing machine and human readability is hard. The compromises suck, but, at some point, there's enough compute to run a process to take in something 100% human-readable and make it 100% machine-readable... There will always be complexity and a need to understand the tool you're using. But, YAML gives us an example that there can and should be better things.
In
a comment on the original submission, Slashdot reader
BAReFO0t writes "Binary markup or GTFO."
UTF8 is already binary. Hell, ASCII is already binary numbers, not directly readable, but mapped to vector drawings or bitmap images ... that again are rendered to pixel values, that are then turning on blinkenlights or ink blots or noises that a human can actually recognize directly.
So why not extend it to structure, instead of just letters (... and colors ... and sound pressures... EBML's core [Extensible Binary Meta Language] is the logical choice.
If all editors always display it as, say XML, just like they all convert numbers into text-shaped blinkenlights too, people will soon call it "plain, human readable" too...
Java Geeks Discuss 'The War for the Browser' and the State of Java Modularization
Self-described "Java geek"
nfrankel writes:
At the beginning of 2019, I wrote about the state of Java modularization. I took a sample of widespread libraries, and for each of them, I checked whether:
- It supports the module system i.e. it provides an automatic module name in the manifest
- It's a full-fledged module i.e. it provides a module-info
The results were interesting. 14 out of those 29 libraries supported the module system, while 2 were modules in their own right.
Nearly 2 years later, and with Java 16 looming around the corner, it's time to update the report. I kept the same libraries and added Hazelcast and Hazelcast Jet. I've checked the latest version...
Three full years after that release, 10 out of 31 libraries still don't provide a module-compatible JAR. Granted, 3 of them didn't release a new version in the meantime. That's still 7 libraries that didn't add a simple line of text in their MANIFEST.MF
Meanwhile, long-time Slashdot reader
AirHog argues that "Java is in a war for the browser.
Can it regain the place it once held in its heyday?"
All major browsers have disabled support for Java (and indeed most non-JavaScript technologies). Web-based front-ends are usually coded in JavaScript or some wrapper designed to make it less problematic (like TypeScript). Yes, you can still make websites using Java technology. There are plenty of 'official' technologies like JSP and JSF. Unfortunately, these technologies are entirely server-side. You can generate the page using Java libraries and business logic, but once it is sent to the browser it is static and lifeless... Java client-side innovation has all but stopped, at least via the official channels....
How can Java increase its relevance? How can Java win back client-side developers? How can Java prevent other technologies from leveraging front-end dominance to win the back-end, like Java once did to other technologies?
To win the war, Java needs a strong client-side option. One that lets developers make modern web applications using Java code. One that leverages web technologies. One that supports components. One that builds quickly. One that produces fast-downloading, high performance, 100-Lighthouse-scoring apps. One that plays nicely with other JVM languages. What does Java need?
Spoiler: The article concludes that "What Java needs Is
TeaVM... an ahead-of-time transpiler that compiles Java classes to JavaScript."
'How 30 Lines of Code Blew Up a 27-Ton Generator'
After the U.S.
unveiled charges against six members of the Sandworm unit in Russia's military intelligence agency, Wired re-visited "a secret experiment in 2007 proved that hackers
could devastate power grid equipment beyond repair — with a file no bigger than a gif." It's an excerpt from the new book
SANDWORM: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers which also remembers the late industrial control systems security pioneer Mike Assante:
Among [Sandworm's] acts of cyberwar was an unprecedented attack on Ukraine's power grid in 2016, one that appeared designed to not merely cause a blackout, but to inflict physical damage on electric equipment. And when one cybersecurity researcher named Mike Assante dug into the details of that attack, he recognized a grid-hacking idea invented not by Russian hackers, but by the United State government, and tested a decade earlier...
[S]creens showed live footage from several angles of a massive diesel generator. The machine was the size of a school bus, a mint green, gargantuan mass of steel weighing 27 tons, about as much as an M3 Bradley tank. It sat a mile away from its audience in an electrical substation, producing enough electricity to power a hospital or a navy ship and emitting a steady roar. Waves of heat coming off its surface rippled the horizon in the video feed's image. Assante and his fellow Idaho National Laboratory researchers had bought the generator for $300,000 from an oil field in Alaska. They'd shipped it thousands of miles to the Idaho test site, an 890-square-mile piece of land where the national lab maintained a sizable power grid for testing purposes, complete with 61 miles of transmission lines and seven electrical substations. Now, if Assante had done his job properly, they were going to destroy it. And the assembled researchers planned to kill that very expensive and resilient piece of machinery not with any physical tool or weapon but with about 140 kilobytes of data, a file smaller than the average cat GIF shared today on Twitter....
Protective relays are designed to function as a safety mechanism to guard against dangerous physical conditions in electric systems. If lines overheat or a generator goes out of sync, it's those protective relays that detect the anomaly and open a circuit breaker, disconnecting the trouble spot, saving precious hardware, even preventing fires... But what if that protective relay could be paralyzed — or worse, corrupted so that it became the vehicle for an attacker's payload...?
Black chunks began to fly out of an access panel on the generator, which the researchers had left open to watch its internals. Inside, the black rubber grommet that linked the two halves of the generator's shaft was tearing itself apart. A few seconds later, the machine shook again as the protective relay code repeated its sabotage cycle, disconnecting the machine and reconnecting it out of sync. This time a cloud of gray smoke began to spill out of the generator, perhaps the result of the rubber debris burning inside it... The engineers had just proven without a doubt that hackers who attacked an electric utility could go beyond a temporary disruption of the victim's operations: They could damage its most critical equipment beyond repair...
Assante also remembers feeling something weightier in the moments after the Aurora experiment. It was a sense that, like Robert Oppenheimer watching the first atomic bomb test at another U.S. national lab six decades earlier, he was witnessing the birth of something historic and immensely powerful.
"I had a very real pit in my stomach," Assante says. "It was like a glimpse of the future."
'Apple, Google and a Deal That Controls the Internet'
The New York Times' looks at "
a deal that controls the internet" — Apple's agreement to feature Google as the preselected search engine for iPhones, saying America's Justice Department views it "as a prime example of what prosecutors say are Google's illegal tactics to protect its monopoly and choke off competition..."
The scrutiny of the pact, which was first inked 15 years ago and has rarely been discussed by either company, has highlighted the special relationship between Silicon Valley's two most valuable companies — an unlikely union of rivals that regulators say is unfairly preventing smaller companies from flourishing. "We have this sort of strange term in Silicon Valley: co-opetition," said Bruce Sewell, Apple's general counsel from 2009 to 2017. "You have brutal competition, but at the same time, you have necessary cooperation." Apple and Google are joined at the hip even though Mr. Cook has said internet advertising, Google's bread and butter, engages in "surveillance" of consumers and even though Steve Jobs, Apple's co-founder, once promised "thermonuclear war" on his Silicon Valley neighbor when he learned it was working on a rival to the iPhone. Apple and Google's parent company, Alphabet, worth more than $3 trillion combined, do compete on plenty of fronts, like smartphones, digital maps and laptops. But they also know how to make nice when it suits their interests. And few deals have been nicer to both sides of the table than the iPhone search deal.
Nearly half of Google's search traffic now comes from Apple devices, according to the Justice Department, and the prospect of losing the Apple deal has been described as a "code red" scenario inside the company. When iPhone users search on Google, they see the search ads that drive Google's business. They can also find their way to other Google products, like YouTube. A former Google executive, who asked not to be identified because he was not permitted to talk about the deal, said the prospect of losing Apple's traffic was "terrifying" to the company. The Justice Department, which is asking for a court injunction preventing Google from entering into deals like the one it made with Apple, argues that the arrangement has unfairly helped make Google, which handles 92 percent of the world's internet searches, the center of consumers' online lives...
[C]ompetitors like DuckDuckGo, a small search engine that sells itself as a privacy-focused alternative to Google, could never match Google's tab with Apple. Apple now receives an estimated $8 billion to $12 billion in annual payments — up from $1 billion a year in 2014 — in exchange for building Google's search engine into its products. It is probably the single biggest payment that Google makes to anyone and accounts for 14 to 21 percent of Apple's annual profits. That's not money Apple would be eager to walk away from.
In fact, Mr. Cook and Mr. Pichai met again in 2018 to discuss how they could increase revenue from search. After the meeting, a senior Apple employee wrote to a Google counterpart that "our vision is that we work as if we are one company," according to the Justice Department's complaint. The article remembers Steve Jobs
unveiling the iPhone in 2007 — and then inviting Google CEO Eric Schmidt onto the stage. Schmidt, who was also on Apple's board of directors, joked "If we just sort of merged the two companies, we could just call them AppleGoo."
He'd also added that with Google search on the iPhone, "you can actually merge without merging."
Is X.Org Server Abandonware?
Phoronix ran a story this morning with this provocative headline: "
It's Time To Admit It: The X.Org Server Is Abandonware."
The last major release of the X.Org Server was in May 2018 but don't expect the long-awaited X.Org Server 1.21 to actually be released anytime soon. This should hardly be surprising but a prominent Intel open-source developer has conceded that the X.Org Server is pretty much "abandonware" with Wayland being the future. [Or, more specifically, that "The main worry I have is that xserver is abandonware without even regular releases from the main branch."]
This comes as X.Org Server development hits a nearly two decade low, the X.Org Server is well off its six month release regimen in not seeing a major release in over two years, and no one is stepping up to manage the 1.21 release. A year ago was a proposal to see new releases driven via continuous integration testing but even that didn't take flight and as we roll into 2021 there isn't any motivation for releasing new versions of the X.Org Server by those capable of doing so.
Red Hat folks have long stepped up to manage X.Org Server releases but with Fedora Workstation using Wayland by default and RHEL working that way, they haven't been eager to devote resources to new X.Org Server releases. Other major stakeholders also have resisted stepping up to ship 1.21 or commit any major resources to new xorg-server versions.
The U.S. Health Department Tried to Offer Early Vaccines to Shopping Mall Santas
America's national health agency "halted a public-service coronavirus advertising campaign funded by $250 million in taxpayer money after it offered a special vaccine deal
to an unusual set of essential workers: Santa Claus performers."
The Wall Street Journal reports:
As part of the plan, a top Trump administration official wanted the Santa performers to promote the benefits of a Covid-19 vaccination and, in exchange, offered them early vaccine access ahead of the general public, according to audio recordings. Those who perform as Mrs. Claus and elves also would have been included....
The decision comes as the Covid-19 spread continues to accelerate in most states, and the vaccines are unlikely to be broadly available to the public before the holiday season. The coronavirus ad effort — titled "Covid 19 Public Health and Reopening America Public Service Announcements and Advertising Campaign" — was intended to "defeat despair, inspire hope and achieve national recovery," according to a work statement reviewed by The Wall Street Journal. It was to include television, radio, online and podcast announcements, starting immediately. The public-relations blitz began to fizzle after some celebrities, including actor Dennis Quaid, shied away from participating, a former White House official said, amid concerns that the campaign would be viewed as political rather than aiding public health....
[Former pharmaceutical lobbyist Alex Azar, now serving as America's Secretary of Health], has "ordered a strategic review of this public health education campaign that will be led by top public health and communications experts to determine whether the campaign serves important public health purposes," Health and Human Services officials said in a statement.
Santa's vaccines were the brainchild of Michael Caputo, a political strategist/lobbyist also appointed to America's Health and Human Services as assistant secretary, according to the Journal. But an HHS spokesman now tells them that the Santa "collaboration will not be happening."
They also get a quote from Ric Erwin, chairman of the Fraternal Order of Real Bearded Santas — who called the news "extremely disappointing."
In a 12-minute phone call in late August, Mr. Caputo told Mr. Erwin of the Santa group that vaccines would likely be approved by mid-November and distributed to front-line workers before Thanksgiving.
"If you and your colleagues are not essential workers, I don't know what is," Mr. Caputo said on the call, which was recorded by Mr. Erwin and provided to the Journal. [In audio of the call published by the Journal, Santa responds by saying "Ho ho ho ho, ho ho ho. I love you."]
"I cannot wait to tell the president," Mr. Caputo said at another point about the plan. "He's going to love this." Mr. Erwin said on the call: "Since you would be doing Santa a serious favor, Santa would definitely reciprocate."
Mr. Caputo said: "I'm in, Santa, if you're in...."
Mr. Caputo said he wanted Santas to appear at rollout events in as many as 35 cities. In exchange, he said the Santas would get an early crack at inoculation.
Is Right to Repair Gaining Momentum?
"A movement known as 'right to repair' is
starting to make progress in pushing for laws that prohibit restrictions..." reports the New York Times:
This August, Democrats introduced a bill in Congress to block manufacturers' limits on medical devices, spurred by the pandemic. In Europe, the European Commission announced plans in March for new right-to-repair rules that would cover phones, tablets, and laptops by 2021. In less than two weeks, Massachusetts voters will consider a measure that would make it easier for local garages to work on cars. And in more than 20 statehouses nationwide, right-to-repair legislation has been introduced in recent years by both Republicans and Democrats. Over the summer, the House advanced a funding bill that includes a requirement that the FTC complete a report on anticompetitive practices in the repair market and present its findings to Congress and the public. And in a letter to the Federal Trade Commission, Marine Captain Elle Ekman and former Marine Lucas Kunce last year detailed how mechanics in the American armed forces have run into similar obstacles...
Manufacturers argue that their products are repairable, and that they are protecting consumers' safety, privacy and security by restricting who does the repairs. Apple, for instance, limits consumers from repairing their devices by requiring specific tools or authorized parts. "When a repair is needed, a customer should have confidence the repair is done right," Jeff Williams, Apple's chief operating officer, said in a release last year. "We believe the safest and most reliable repair is one handled by a trained technician using genuine parts that have been properly engineered and rigorously tested."
Snopes.com Exposes 4chan Campaign to 'Kindle Mistrust in Snopes'
"This is the perfect moment to do this. This is an age of conspiracies for boomers... Let's kindle their mistrust in Snopes and other fact checkers," wrote
one 4chan poster.
Snopes.com later reported:
In October 2020, a series of threads was posted to the anonymous internet forum 4Chan as part of operation "Snopes-Piercer," a smear campaign with the stated goal of "red-pilling some normies" — internet slang for a propaganda technique in which distorted, fabricated, or skewed information is used to further a self-determined "truth." In order to "red-pill" these people (one thread noted that "boomers" were the primary target), the plan was to create and circulate doctored screenshots of Snopes fact checks to make it appear as if Snopes fact-checkers addressed claims that we had not.
Over the next few days, users created and shared these fake Snopes screenshots in a number of additional 4chan threads. These images were also posted on social media sites, like Twitter.... Some were humorous (we did not actually address the claim that CNN reporter Chris Cuomo was actually Fredo from "The Godfather"), some were insidious (we did not really publish a fact check questioning the Holocaust), and some were political (we did not publish a fact check questioning the results of the 2020 election before the election happened)...
These red pill campaigns all follow a basic formula. The user decides what they want to be true and then they set out to find, or manufacture, the evidence to support that truth. A concerted effort is then made to spread these false narratives to as wide an audience as possible in order to "red-pill" the general population. In this formula, the desired "truth" comes first. The "evidence" comes second.
It goes without saying that this method is antithetical to the mission of Snopes, fact-checkers in general, journalists, and anyone seeking an objective view of reality.
So How Good Is Edge on Linux?
"No one asked Microsoft to port its Edge browser to Linux," writes Steven J. Vaughan-Nichols at ZDNet, adding "Indeed,
very few people asked for Edge on Windows.
"But, here it is.
So, how good — or not — is it..?"
The new release comes ready to run on Ubuntu, Debian, Fedora, and openSUSE Linux distributions... Since I've been benchmarking web browsers since Mosaic rolled off the bit assembly line, I benchmarked the first Edge browser and Chrome 86 and Firefox 81 on my main Linux production PC.... First up: JetStream 2.0, which is made up of 64 smaller tests. This JavaScript and WebAssembly benchmark suite focuses on advanced web applications. It rewards browsers that start up quickly, execute code quickly, and run smoothly. Higher scores are better on this benchmark.
JetStream's top-scorer — drumroll please — was Edge with 136.971. But, right behind it within the margin of error, was Chrome with a score of 132.413. This isn't too surprising. They are, after all, built on the same platform. Back in the back was Firefox with 102.131. Next up: Kraken 1.1. This benchmark, which is based on the long-obsolete SunSpider, measures JavaScript performance. To this basic JavaScript testing, it added typical use-case scenarios. Mozilla, Firefox's parent organization, created Kraken. With this benchmark, the lower the score, the better the result. To no great surprise, Firefox took first place here with 810.1 milliseconds (ms). Following it was Chrome with 904.5ms and then Edge with 958.8ms.
The latest version of WebXPRT is today's best browser benchmark. It's produced by the benchmark professionals at Principled Technology. This company's executives were the founders of the Ziff Davis Benchmark Operation, the gold-standard of PC benchmarking. WebXPRT uses scenarios created to mirror everyday tasks. These include Photo Enhancement, Organize Album, Stock Option Pricing, Local Notes, Sales Graphs, and DNA Sequencing. Here, the higher the score, the better the browser. On this benchmark, Firefox shines. It was an easy winner with a score of 272. Chrome edges out Edge 233 to 230.
The article concludes that "Oddly, Edge, which turned in
a poor performance when I recently benchmarked it on Windows, did well on Linux. Who'd have guessed...? Edge is a good, fast browser on Linux. If you're a Windows user coming over to Linux or you're doing development work aimed at Edge, then by all means try Edge on Linux. It works and it works well."
Yet Vaughan-Nichols admits he's still not going to switch to Edge. "Chrome is more than fast enough for my purposes and I don't want my information tied into the Microsoft ecosystem. For better or worse, mine's already locked into the Googleverse and I can live with that."
The Battle Over Chips is About to Get Uglier
"We're in a new world where governments are more concerned about the security of their digital infrastructure and the resiliency of their supply chains," Jimmy Goodrich, vice president of global policy with the Washington-based Semiconductor Industry Association, tells Bloomberg.
"The
techno-nationalist trends gaining traction in multiple capitals around the world are a challenge to the semiconductor industry."
At once highly globalized and yet concentrated in the hands of a few countries, the industry has choke points that the U.S. under the presidency of Donald Trump has sought to exploit in order to thwart China's plans to become a world leader in chip production. Washington says Beijing can only achieve that goal through state subvention [funding] at the expense of U.S. industry, while furthering Communist Party access to high-tech tools for surveillance and repression. China rejects the allegations, accusing the U.S. of hypocrisy and acting out of political motivation. For both sides, Taiwan, which is responsible for some 70% of chips manufactured to order, is the new front line...
Citing the need to promote "digital sovereignty," the European Commission is exploring a 30 billion-euro ($35 billion) drive to raise Europe's share of the world chip market to 20%, from less than 10% now. Japan is also looking to bolster its domestic capacity. At least one Japanese delegation traveled to Taiwan in May and June this year in the hope of convincing TSMC to invest in Japan, a person with knowledge of the visit said. But TSMC announced in May that it was building a $12 billion facility in Arizona, and the company declined to receive any foreign visitors seeking to woo it, said another person familiar with the company's thinking....
A focus of Beijing is to accelerate research into so-called third-generation semiconductors — circuits made of materials such as silicon carbide and gallium nitride, a fledgling technology where no country dominates. Yet without silicon capabilities it will be difficult for China to build a proper semiconductor industry, said a senior TSMC official. Another person from a company involved in third-generation chip production said designing them is an art, and even poaching a team of designers won't necessarily guarantee success. The consensus is it won't be easy for China to catch up, especially at the cutting-edge where TSMC and Samsung are producing chips whose circuits are measured in single-digit nanometers, or billionths of a meter. SMIC [a partially state-owned Chinese semiconductor foundry] would have to double annual research spending in the next two-to-three years just to prevent its technology gap with those companies widening, says Bloomberg Intelligence analyst Charles Shum.
The tussle raises the prospect of a broader decoupling of the global industry with two distinct supply chains.
Does Python Need to Change?
The Python programming language "is a big hit for machine learning," read a headline this week at ZDNet, adding "
But now it needs to change."
Python is the top language according to IEEE Spectrum's electrical engineering audience, yet you can't run Python in a browser and you can't easily run it on a smartphone. Plus no one builds games in Python these days. To build browser applications, developers tend to go for JavaScript, Microsoft's type-safety take on it, TypeScript, Google-made Go, or even old but trusty PHP. On mobile, why would application developers use Python when there's Java, Java-compatible Kotlin, Apple's Swift, or Google's Dart? Python doesn't even support compilation to the WebAssembly runtime, a web application standard supported by Mozilla, Microsoft, Google, Apple, Intel, Fastly, RedHat and others.
These are just some of the limitations raised by Armin Ronacher, a developer with a long history in Python who 10 years ago created the popular Flask Python microframework to solve problems he had when writing web applications in Python. Austria-based Ronacher is the director of engineering at US startup Sentry — an open-source project and tech company used by engineering and product teams at GitHub, Atlassian, Reddit and others to monitor user app crashes due to glitches on the frontend, backend or in the mobile app itself... Despite Python's success as a language, Ronacher reckons it's at risk of losing its appeal as a general-purpose programming language and being relegated to a specific domain, such as Wolfram's Mathematica, which has also found a niche in data science and machine learning...
Peter Wang, co-founder and CEO of Anaconda, maker of the popular Anaconda Python distribution for data science, cringes at Python's limitations for building desktop and mobile applications. "It's an embarrassing admission, but it's incredibly awkward to use Python to build and distribute any applications that have actual graphical user interfaces," he tells ZDNet. "On desktops, Python is never the first-class language of the operating system, and it must resort to third-party frameworks like Qt or wxPython." Packaging and redistribution of Python desktop applications are also really difficult, he says.
Google Patched an Actively-Exploited Zero-Day Bug in Chrome
"Google released an
update to its Chrome browser that patches
a zero-day vulnerability in the software's FreeType font rendering library that was actively being exploited in the wild, Threatpost reported this week:
Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType. Glazunov informed Google of the vulnerability on Monday. Project Zero is an internal security team at the company aimed at finding zero-day vulnerabilities.
By Tuesday, Google already had released a stable channel update, Chrome version 86.0.4240.111, that deploys five security fixes for Windows, Mac & Linux — among them a fix for the zero-day, which is being tracked as CVE-2020-15999 and is rated as high risk. "Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild," Prudhvikumar Bommana of the Google Chrome team wrote in a blog post announcing the update Tuesday... "The fix is also in today's stable release of FreeType 2.10.4," Ben Hawkes, technical lead for the Project Zero team, tweeted. Meanwhile, security researchers took to Twitter to encourage people to update their Chrome browsers immediately to avoid falling victim to attackers aiming to exploit the flaw...
In addition to the FreeType zero day, Google patched four other bugs — three of high risk and one of medium risk — in the Chrome update released this week... So far in the last 12 months Google has patched three zero-day vulnerabilities in its Chrome browser.
Chrome Caught Exempting Google Sites From User Requests To Delete Data
This week the Verge reported:
If you ask Chrome to delete all cookies and site data whenever you quit the browser, it's reasonable to expect that this policy applies to all websites. Recently, though, a bug in the browser meant data wasn't being removed for two sites in particular: Google and YouTube.
This problem was first documented by iOS developer Jeff Johnson on his blog. Johnson found that in Chrome version 86.0.4240.75, "local storage" data for Google.com and YouTube.com stuck around even after restarting the browser. We've been able to replicate similar behavior... The Register notes that Chrome's behavior could allow Google to stash cookie-style data as site data, allowing it to track users even when they think they're being careful by deleting their cookie and site data every time they close the browser.
In a statement, Google said it was aware of the issue and was working on a fix... At least one of the affected sites, YouTube, appears to have already been fixed. After we upgraded the Chrome browser to version 86.0.4240.111, YouTube's local storage data seems to successfully purge after a restart, although the data from Google.com still sticks around.
Cult Expert Predicts QAnon Adherents Will 'Get Angry and Exit'
"From my time studying cults and helping followers escape them, I can reassure you that
QAnon will disintegrate in the United States over time if effective measures are taken if and when Trump is defeated," writes prominent mental health counselor Steven Haasan:
When cult adherents get confused, then ashamed, then realize they've been scammed, they get angry and exit. While some followers may continue to believe in the cult for some time — especially if they stay in an information silo — eventually contact with family and friends who care about them and others who have escaped from cults can and will help people come back to themselves. People are not permanently programmed, despite what some pundits and politicians may say. Like fashions and fads, movements end.
How do we dismantle a dangerous cult safely and turn this into yet another American fad as embarrassing as bell-bottoms, polyester and pet rocks? By dismantling the power of its mythology so people who have been pulled into it return to independent thinking. Fundamentally, QAnon is a mind virus, and we must bring the rate of transmission down. For starters, stop mocking QAnon and calling it a conspiracy theory; it is a psy-op, an intentional online cult movement aimed at recruiting and indoctrinating people into an all-or-nothing, us-vs.-them, good-vs.-evil frame. It is important to understand that QAnon believers think they are heroes and believe they are aligned with a righteous cause. We must take them seriously and build a rapport of respect. In other words, agree and amplify that human trafficking is bad and wrong. Then show legitimate groups fighting trafficking... Reclaim this issue and demonstrate that QAnon is talking about it but does nothing, while others are taking action to make a difference...
[W]hile QAnon promoters are currently being removed from the internet platforms they use to spread their propaganda and interact with adherents, as they should be, this approach will only temporarily disrupt and slow down new recruits, rather than help anyone exit. In fact, these moves can validate followers' beliefs that they are being persecuted, while a large percentage of cult members will simply be directed to alternative platforms... The key to helping these folks out is more respectful interaction — not cancel culture, demonization or mockery. People need to be able to exit with dignity. We need to find ways to allow people to return to society with their humanity intact, in a way that honors the very real questions that led them to look toward alternative answers in the first place.
Slashdot Asks: How Do You Feel About Btrfs?
emil (Slashdot reader #695) shares an article from
Linux Journal
re-visiting the saga of the btrfs file system (initially designed at Oracle in 2007):
The btrfs filesystem has taunted the Linux community for years, offering a stunning array of features and capability, but never earning universal acclaim. Btrfs is perhaps more deserving of patience, as its promised capabilities dwarf all peers, earning it vocal proponents with great influence. Still, [while] none can argue that btrfs is unfinished, many features are very new, and stability concerns remain for common functions.
Most of the intended goals of btrfs have been met. However, Red Hat famously cut continued btrfs support from their 7.4 release, and has allowed the code to stagnate in their backported kernel since that time. The Fedora project announced their intention to adopt btrfs as the default filesystem for variants of their distribution, in a seeming juxtaposition. SUSE has maintained btrfs support for their own distribution and the greater community for many years.
For users, the most desirable features of btrfs are transparent compression and snapshots; these features are stable, and relatively easy to add as a veneer to stock CentOS (and its peers). Administrators are further compelled by adjustable checksums, scrubs, and the ability to enlarge as well as (surprisingly) shrink filesystem images, while some advanced btrfs topics (i.e. deduplication, RAID, ext4 conversion) aren't really germane for minimal loopback usage. The systemd init package also has dependencies upon btrfs, among them machinectl and systemd-nspawn . Despite these features, there are many usage patterns that are not directly appropriate for use with btrfs. It is hostile to most databases and many other programs with incompatible I/O, and should be approached with some care.
The
original submission drew reactions from
three
disgruntled
btrfs users. But the article goes on to explore providers of CentOS-compatible btrfs-enabled kernels, ultimately opining that "There are many 'rough edges' that are uncovered above with btrfs capabilities and implementations, especially with the measures taken to enable it for CentOS. Still, this is far better than ext2/3/4 and XFS, discarding all the desirable btrfs features, in that errors can be known because all filesystem content is checksummed."
It would be helpful if the developers of btrfs and ZFS could work together to create a single kernel module, with maximal sharing of "cleanroom" code, that implemented both filesystems... Oracle is itself unwilling to settle these questions with either a GPL or BSD license release of ZFS. Oracle also delivers a btrfs implementation that is lacking in features, with inapplicable documentation, and out-of-date support tools (for CentOS 8 conversion). Oracle is the impediment, and a community effort to purge ZFS source of Oracle's contributions and unify it with btrfs seems the most straightforward option... It would also be helpful if other parties refrained from new filesystem efforts that lack the extensive btrfs functionality and feature set (i.e. Microsoft ReFS).
Until such a day that an advanced filesystem becomes a ubiquitous commodity as Linux is as an OS, the user community will continue to be torn between questionable support, lack of features, and workarounds in a fragmented btrfs community. This is an uncomfortable place to be, and we would do well to remember the parties responsible for keeping us here.
So how do Slashdot's readers feel about btrfs?
This is nonsensical!
"How do we make this screwdriver a better socket wrench"?
These are tools. You don't go chasing different jobs for the sake of promoting a particular tool. That's almost the definition of putting the cart before the horse. If there are excellent client side syntax and interpreters for a class of cases, the worst use of engineering hours is to adapt another, less suitable language perform the same work with additional complexity.
My professional career has spanned a bit more than the life cycle of Java to date. I've seen other technologies come and go, in that time. It's reasonable to see that Java, having once spilled into many niches, will last decades into the future as a business computing language that superseded COBOL. Meanwhile, many things that Java inspired or suggested became a part of newer tools, better suited for web clients or simply more fortuitous in timing.
The conclusion is, if you want to develop client-side libraries and applications, work in JS, instead of extending the wrong tool for the wrong job.