Alterslash

the unofficial Slashdot digest archive
 

Alterslash picks up to the best 5 comments from each of the day’s Slashdot stories, and presents them on a single page for easy reading.

Can We Replace YAML With an Easier Markup Language?

Posted by EditorDavidView on SlashDotShareable Link
On his personal blog, Red Hat's Chris Short (also a CNCF Cloud Native Ambassador) told his readers that "We kinda went down a rabbit hole the other day when I suggested folks check out yq. ("The aim of the project is to be the jq or sed of yaml files.")

"First, there's nothing wrong with this project. I like it, I find the tool useful, and that's that. But the great debate started over our lord and savior, YAML."

And then he shares what he learned from a bad experience reading the YAML spec in 2012: It was not an RFC, which I am fond of reading, but something about the YAML spec made me sad and frustrated. Syntax really mattered. Whitespace really mattered... It is human-readable because you see the human-readable words in the scalars and structures, but there was something off-putting about YAML. It was a markup language claiming not to be a markup language. I held the firm belief that markup languages are supposed to make things simpler for humans, not harder (XML is the antithesis of markup languages, in my opinion)...

Close to ten years later, I see YAML in the same somewhat offputting light... I hope that a drop in replacement is possible. The fact that we need tools like yq does show that there is some work to be done when it comes to wrangling the YAML beast at scale... Incrementally, YAML is better than XML but, it sucks compared to something like HTML or Markdown (which I can teach to execs and children alike)...

Yes, balancing machine and human readability is hard. The compromises suck, but, at some point, there's enough compute to run a process to take in something 100% human-readable and make it 100% machine-readable... There will always be complexity and a need to understand the tool you're using. But, YAML gives us an example that there can and should be better things.

In a comment on the original submission, Slashdot reader BAReFO0t writes "Binary markup or GTFO." UTF8 is already binary. Hell, ASCII is already binary numbers, not directly readable, but mapped to vector drawings or bitmap images ... that again are rendered to pixel values, that are then turning on blinkenlights or ink blots or noises that a human can actually recognize directly.

So why not extend it to structure, instead of just letters (... and colors ... and sound pressures... EBML's core [Extensible Binary Meta Language] is the logical choice.

If all editors always display it as, say XML, just like they all convert numbers into text-shaped blinkenlights too, people will soon call it "plain, human readable" too...

Java Geeks Discuss 'The War for the Browser' and the State of Java Modularization

Posted by EditorDavidView on SlashDotShareable Link
Self-described "Java geek" nfrankel writes: At the beginning of 2019, I wrote about the state of Java modularization. I took a sample of widespread libraries, and for each of them, I checked whether:

- It supports the module system i.e. it provides an automatic module name in the manifest

- It's a full-fledged module i.e. it provides a module-info

The results were interesting. 14 out of those 29 libraries supported the module system, while 2 were modules in their own right.

Nearly 2 years later, and with Java 16 looming around the corner, it's time to update the report. I kept the same libraries and added Hazelcast and Hazelcast Jet. I've checked the latest version...

Three full years after that release, 10 out of 31 libraries still don't provide a module-compatible JAR. Granted, 3 of them didn't release a new version in the meantime. That's still 7 libraries that didn't add a simple line of text in their MANIFEST.MF

Meanwhile, long-time Slashdot reader AirHog argues that "Java is in a war for the browser. Can it regain the place it once held in its heyday?" All major browsers have disabled support for Java (and indeed most non-JavaScript technologies). Web-based front-ends are usually coded in JavaScript or some wrapper designed to make it less problematic (like TypeScript). Yes, you can still make websites using Java technology. There are plenty of 'official' technologies like JSP and JSF. Unfortunately, these technologies are entirely server-side. You can generate the page using Java libraries and business logic, but once it is sent to the browser it is static and lifeless... Java client-side innovation has all but stopped, at least via the official channels....

How can Java increase its relevance? How can Java win back client-side developers? How can Java prevent other technologies from leveraging front-end dominance to win the back-end, like Java once did to other technologies?

To win the war, Java needs a strong client-side option. One that lets developers make modern web applications using Java code. One that leverages web technologies. One that supports components. One that builds quickly. One that produces fast-downloading, high performance, 100-Lighthouse-scoring apps. One that plays nicely with other JVM languages. What does Java need?

Spoiler: The article concludes that "What Java needs Is TeaVM... an ahead-of-time transpiler that compiles Java classes to JavaScript."

This is nonsensical!

By Jeremiah Cornelius • Score: 3 • Thread

"How do we make this screwdriver a better socket wrench"?

These are tools. You don't go chasing different jobs for the sake of promoting a particular tool. That's almost the definition of putting the cart before the horse. If there are excellent client side syntax and interpreters for a class of cases, the worst use of engineering hours is to adapt another, less suitable language perform the same work with additional complexity.

My professional career has spanned a bit more than the life cycle of Java to date. I've seen other technologies come and go, in that time. It's reasonable to see that Java, having once spilled into many niches, will last decades into the future as a business computing language that superseded COBOL. Meanwhile, many things that Java inspired or suggested became a part of newer tools, better suited for web clients or simply more fortuitous in timing.

The conclusion is, if you want to develop client-side libraries and applications, work in JS, instead of extending the wrong tool for the wrong job.

'How 30 Lines of Code Blew Up a 27-Ton Generator'

Posted by EditorDavidView on SlashDotShareable Link
After the U.S. unveiled charges against six members of the Sandworm unit in Russia's military intelligence agency, Wired re-visited "a secret experiment in 2007 proved that hackers could devastate power grid equipment beyond repair — with a file no bigger than a gif." It's an excerpt from the new book SANDWORM: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers which also remembers the late industrial control systems security pioneer Mike Assante: Among [Sandworm's] acts of cyberwar was an unprecedented attack on Ukraine's power grid in 2016, one that appeared designed to not merely cause a blackout, but to inflict physical damage on electric equipment. And when one cybersecurity researcher named Mike Assante dug into the details of that attack, he recognized a grid-hacking idea invented not by Russian hackers, but by the United State government, and tested a decade earlier...

[S]creens showed live footage from several angles of a massive diesel generator. The machine was the size of a school bus, a mint green, gargantuan mass of steel weighing 27 tons, about as much as an M3 Bradley tank. It sat a mile away from its audience in an electrical substation, producing enough electricity to power a hospital or a navy ship and emitting a steady roar. Waves of heat coming off its surface rippled the horizon in the video feed's image. Assante and his fellow Idaho National Laboratory researchers had bought the generator for $300,000 from an oil field in Alaska. They'd shipped it thousands of miles to the Idaho test site, an 890-square-mile piece of land where the national lab maintained a sizable power grid for testing purposes, complete with 61 miles of transmission lines and seven electrical substations. Now, if Assante had done his job properly, they were going to destroy it. And the assembled researchers planned to kill that very expensive and resilient piece of machinery not with any physical tool or weapon but with about 140 kilobytes of data, a file smaller than the average cat GIF shared today on Twitter....

Protective relays are designed to function as a safety mechanism to guard against dangerous physical conditions in electric systems. If lines overheat or a generator goes out of sync, it's those protective relays that detect the anomaly and open a circuit breaker, disconnecting the trouble spot, saving precious hardware, even preventing fires... But what if that protective relay could be paralyzed — or worse, corrupted so that it became the vehicle for an attacker's payload...?

Black chunks began to fly out of an access panel on the generator, which the researchers had left open to watch its internals. Inside, the black rubber grommet that linked the two halves of the generator's shaft was tearing itself apart. A few seconds later, the machine shook again as the protective relay code repeated its sabotage cycle, disconnecting the machine and reconnecting it out of sync. This time a cloud of gray smoke began to spill out of the generator, perhaps the result of the rubber debris burning inside it... The engineers had just proven without a doubt that hackers who attacked an electric utility could go beyond a temporary disruption of the victim's operations: They could damage its most critical equipment beyond repair...

Assante also remembers feeling something weightier in the moments after the Aurora experiment. It was a sense that, like Robert Oppenheimer watching the first atomic bomb test at another U.S. national lab six decades earlier, he was witnessing the birth of something historic and immensely powerful.

"I had a very real pit in my stomach," Assante says. "It was like a glimpse of the future."

Is the lesson not to make generators connected?

By magarity • Score: 5, Interesting • Thread

How often do such devices really need connectivity for firmware updates? Really, this is a lesson in isolation and access. Admittedly, shortsighted customers will probably ignore the lesson in favor of lower costs and convenience.

No bigger than a GIF?

By Joce640k • Score: 4, Funny • Thread

Is "GIF" the new unit of file size? What happened to "Libraries of Congress"?

Re:Is the lesson not to make generators connected?

By PPH • Score: 5, Insightful • Thread

companies make it necessary for hardware to be able to phone home in order to check software license status.

FTFY.

Re:Is the lesson not to make generators connected?

By DontBeAMoran • Score: 5, Insightful • Thread

We've been able to do read-only, one-way communications in hardware for decades. It's like all the new generation of engineers can't use the "old stuff" because they think their "new hotness" designs have to be better than the old stuff that's been working for decades before they were even born.

IMHO the solution could be a main CPU/uC that controls the hardware and sends status information to a secondary CPU/uC which is only in charge of external communications and has read-only firmware. You can't reach the main CPU from the outside and you can't change what the com CPU is doing.

Re:Porn blew up a pipeline

By Jeremi • Score: 4, Insightful • Thread

Why these things need to be connected to the Internet I'll never understand.

You're right, they don't need to be; you can always instead physically send somebody out to (middle-of-nowhere, Alaska) with a laptop to diagnose/adjust/reprogram them in person, whenever something goes wrong.

As to why they often are connected to the Internet, it's because nobody wants to be sent out to (middle-of-nowhere, Alaska) with a laptop to diagnose them in person -- particularly if the equipment in question is balky and has be re-serviced several times a week.

'Apple, Google and a Deal That Controls the Internet'

Posted by EditorDavidView on SlashDotShareable Link
The New York Times' looks at " a deal that controls the internet" — Apple's agreement to feature Google as the preselected search engine for iPhones, saying America's Justice Department views it "as a prime example of what prosecutors say are Google's illegal tactics to protect its monopoly and choke off competition..." The scrutiny of the pact, which was first inked 15 years ago and has rarely been discussed by either company, has highlighted the special relationship between Silicon Valley's two most valuable companies — an unlikely union of rivals that regulators say is unfairly preventing smaller companies from flourishing. "We have this sort of strange term in Silicon Valley: co-opetition," said Bruce Sewell, Apple's general counsel from 2009 to 2017. "You have brutal competition, but at the same time, you have necessary cooperation." Apple and Google are joined at the hip even though Mr. Cook has said internet advertising, Google's bread and butter, engages in "surveillance" of consumers and even though Steve Jobs, Apple's co-founder, once promised "thermonuclear war" on his Silicon Valley neighbor when he learned it was working on a rival to the iPhone. Apple and Google's parent company, Alphabet, worth more than $3 trillion combined, do compete on plenty of fronts, like smartphones, digital maps and laptops. But they also know how to make nice when it suits their interests. And few deals have been nicer to both sides of the table than the iPhone search deal.

Nearly half of Google's search traffic now comes from Apple devices, according to the Justice Department, and the prospect of losing the Apple deal has been described as a "code red" scenario inside the company. When iPhone users search on Google, they see the search ads that drive Google's business. They can also find their way to other Google products, like YouTube. A former Google executive, who asked not to be identified because he was not permitted to talk about the deal, said the prospect of losing Apple's traffic was "terrifying" to the company. The Justice Department, which is asking for a court injunction preventing Google from entering into deals like the one it made with Apple, argues that the arrangement has unfairly helped make Google, which handles 92 percent of the world's internet searches, the center of consumers' online lives...

[C]ompetitors like DuckDuckGo, a small search engine that sells itself as a privacy-focused alternative to Google, could never match Google's tab with Apple. Apple now receives an estimated $8 billion to $12 billion in annual payments — up from $1 billion a year in 2014 — in exchange for building Google's search engine into its products. It is probably the single biggest payment that Google makes to anyone and accounts for 14 to 21 percent of Apple's annual profits. That's not money Apple would be eager to walk away from.

In fact, Mr. Cook and Mr. Pichai met again in 2018 to discuss how they could increase revenue from search. After the meeting, a senior Apple employee wrote to a Google counterpart that "our vision is that we work as if we are one company," according to the Justice Department's complaint.
The article remembers Steve Jobs unveiling the iPhone in 2007 — and then inviting Google CEO Eric Schmidt onto the stage. Schmidt, who was also on Apple's board of directors, joked "If we just sort of merged the two companies, we could just call them AppleGoo."

He'd also added that with Google search on the iPhone, "you can actually merge without merging."

"Apple's traffic"

By Rosco P. Coltrane • Score: 3 • Thread

How revealing is that sentence.

If people weren't such passive consumers, they would change their default search engine, be it on iOS, Android, Linux or Windows. When I install a browser, that's the first thing I do.

It shouldn't be "Apple's traffic", it should be Apple users' traffic. Gee...

NYT in 2014: Jobs 'a walking antitrust violation'

By theodp • Score: 3 • Thread

Steve Jobs Defied Convention, and Perhaps the Law: James B. Stewart writes in the NYT that recent revelations that Steve Jobs was the driving force in a conspiracy to prevent competitors from poaching employees raises the question: If Steve Jobs were alive today, should he be in jail? Jobs 'was a walking antitrust violation. I'm simply astounded by the risks he seemed willing to take,' says Herbert Hovenkamp, a professor at the University of Iowa College of Law and an expert in antitrust law. 'Didn't he have lawyers advising him? You see this kind of behavior sometimes in small, private or family-run companies, but almost never in large public companies like Apple.' In 2007, Jobs threatened Palm with patent litigation unless Palm agreed not to recruit Apple employees, even though Palm's then-chief executive, Edward Colligan, told him that such a plan was 'likely illegal.' That same year, Jobs wrote Eric E. Schmidt, the chief executive of Google at the time, 'I would be extremely pleased if Google would stop doing this,' referring to its efforts to recruit an Apple engineer. When Jobs learned that the Google recruiter who contacted the Apple employee would be 'fired within the hour,' he responded with a smiley face. 'How could anyone have approved that?' says Hovenkamp. 'Any competent antitrust counsel would know that's illegal. And they had to know they'd get caught eventually.
 
See also: $415 Million Settlement Approved In Tech Worker Anti-Poaching Case

Is X.Org Server Abandonware?

Posted by EditorDavidView on SlashDotShareable Link
Phoronix ran a story this morning with this provocative headline: " It's Time To Admit It: The X.Org Server Is Abandonware." The last major release of the X.Org Server was in May 2018 but don't expect the long-awaited X.Org Server 1.21 to actually be released anytime soon. This should hardly be surprising but a prominent Intel open-source developer has conceded that the X.Org Server is pretty much "abandonware" with Wayland being the future. [Or, more specifically, that "The main worry I have is that xserver is abandonware without even regular releases from the main branch."]

This comes as X.Org Server development hits a nearly two decade low, the X.Org Server is well off its six month release regimen in not seeing a major release in over two years, and no one is stepping up to manage the 1.21 release. A year ago was a proposal to see new releases driven via continuous integration testing but even that didn't take flight and as we roll into 2021 there isn't any motivation for releasing new versions of the X.Org Server by those capable of doing so.

Red Hat folks have long stepped up to manage X.Org Server releases but with Fedora Workstation using Wayland by default and RHEL working that way, they haven't been eager to devote resources to new X.Org Server releases. Other major stakeholders also have resisted stepping up to ship 1.21 or commit any major resources to new xorg-server versions.

Laziness

By RightwingNutjob • Score: 4, Interesting • Thread
Won't replicate necessary features in proposed replacement. Won't maintain existing product. Spend all available energy explaining to the rubes why the functionality they use every single day for work is not important. Disgusting.

Re: And...

By ffkom • Score: 5, Informative • Thread
If Wayland was a replacement for X11, that comparison could be made. But Wayland deliberately does not replace most of X11's features, so it is not a replacement, just like Windows GDI is not a Postscript replacement.

If you want to compare X11 and Wayland, you need to include all the many libraries required to add up to X11's feature set before you can start.

Re:Can we just get rid of X

By caseih • Score: 4, Interesting • Thread

Your phone required a font server? I haven't used a font server with X for at least 15 years. And I have no idea what you're referring to about X consuming half your resources. I've actually used X11 on embedded devices and pre Android phones and it was pretty lightweight. Part of the problem with ongoing X11 maintenance is we only use a small part of the X server these days. No one is abandoning the remote X protocol so you can remote any modern gnome or kde app today with Xwayland running as a lightweight X server on top of Wayland. So maybe that's the best of both worlds.

Re:Can we just get rid of X

By MightyMartian • Score: 5, Informative • Thread

X11 is so lightweight that even the bastardized version we used to use in Cygwin to get X servers running in Windows XP didn't consume much overhead, and that was with the X client running on the same Windows XP box. When the X client was running on a *nix box, it was pretty damned tolerable. Perhaps the poster is thinking of desktop environments like KDE which definitely could run pretty darned slow and chewed up a helluva lot of resources, but that has little to do with X11. A lightweight desktop like XFCE is incredible in its responsiveness and speed, and frankly, just a cleaner experience than more "feature-rich" desktops like Gnome, Windows, KDR and the like.

The answer is mostly yes

By caseih • Score: 4, Informative • Thread

Large parts of the X.org server have been abandoned for many years. The font server, the built-in widget set, to name a couple of parts. I'm sure various input methods were tried over the years and abandoned. The modern X server is certainly a hack at this point. It works remarkably well, but it is still a hack and maintenance is difficult. The fact is very few people know how to fix bugs in the server. Fewer still understand the architecture. Several years ago there was good talk about this: https://www.youtube.com/watch?....

Abandoned by developers or not, the X server is still supported by major distributions, and as far as I know is the only thing supported by nVidia's drivers.

Wayland as currently implemented is missing some key features like application-level remoting and screen capturing (by design it seems. Also Wine cannot on Wayland outside of a desktop window currently. But these issues are not insurmountable. For whatever reason, Gnome on Wayland could crash and bring the entire desktop and all your apps down, at least until recently. This is not an experience that is familiar to X11 users!

I use X11 forwarding over SSH all the time. Remoting is a key feature of X11 that I depend on. Wayland has no built-in remoting, which is concerning. But as long as the X11 protocol is supported by applications and GUI toolkits, it will always work on Wayland with the Xwayland light-weight X server. So with this, yes, even forwarding over SSH works with wayland.

The U.S. Health Department Tried to Offer Early Vaccines to Shopping Mall Santas

Posted by EditorDavidView on SlashDotShareable Link
America's national health agency "halted a public-service coronavirus advertising campaign funded by $250 million in taxpayer money after it offered a special vaccine deal to an unusual set of essential workers: Santa Claus performers."

The Wall Street Journal reports: As part of the plan, a top Trump administration official wanted the Santa performers to promote the benefits of a Covid-19 vaccination and, in exchange, offered them early vaccine access ahead of the general public, according to audio recordings. Those who perform as Mrs. Claus and elves also would have been included....

The decision comes as the Covid-19 spread continues to accelerate in most states, and the vaccines are unlikely to be broadly available to the public before the holiday season. The coronavirus ad effort — titled "Covid 19 Public Health and Reopening America Public Service Announcements and Advertising Campaign" — was intended to "defeat despair, inspire hope and achieve national recovery," according to a work statement reviewed by The Wall Street Journal. It was to include television, radio, online and podcast announcements, starting immediately. The public-relations blitz began to fizzle after some celebrities, including actor Dennis Quaid, shied away from participating, a former White House official said, amid concerns that the campaign would be viewed as political rather than aiding public health....

[Former pharmaceutical lobbyist Alex Azar, now serving as America's Secretary of Health], has "ordered a strategic review of this public health education campaign that will be led by top public health and communications experts to determine whether the campaign serves important public health purposes," Health and Human Services officials said in a statement.

Santa's vaccines were the brainchild of Michael Caputo, a political strategist/lobbyist also appointed to America's Health and Human Services as assistant secretary, according to the Journal. But an HHS spokesman now tells them that the Santa "collaboration will not be happening."

They also get a quote from Ric Erwin, chairman of the Fraternal Order of Real Bearded Santas — who called the news "extremely disappointing." In a 12-minute phone call in late August, Mr. Caputo told Mr. Erwin of the Santa group that vaccines would likely be approved by mid-November and distributed to front-line workers before Thanksgiving.

"If you and your colleagues are not essential workers, I don't know what is," Mr. Caputo said on the call, which was recorded by Mr. Erwin and provided to the Journal. [In audio of the call published by the Journal, Santa responds by saying "Ho ho ho ho, ho ho ho. I love you."]

"I cannot wait to tell the president," Mr. Caputo said at another point about the plan. "He's going to love this." Mr. Erwin said on the call: "Since you would be doing Santa a serious favor, Santa would definitely reciprocate."

Mr. Caputo said: "I'm in, Santa, if you're in...."

Mr. Caputo said he wanted Santas to appear at rollout events in as many as 35 cities. In exchange, he said the Santas would get an early crack at inoculation.

Truth or The Onion

By ArchieBunker • Score: 5, Insightful • Thread

Things are getting pretty bad when you can't tell the real administration from satire.

Re: And...?

By quonset • Score: 5, Insightful • Thread

Because realistically, those are your two options.

No, those are not the two options. The third option is to not have any Santas but instead give the vaccine to medical workers, the very people trying to save everyone else's lives and are dying in the process.

There's a reason people in the medical field are considered essential employees whereas Santa is not.

Is Right to Repair Gaining Momentum?

Posted by EditorDavidView on SlashDotShareable Link
"A movement known as 'right to repair' is starting to make progress in pushing for laws that prohibit restrictions..." reports the New York Times: This August, Democrats introduced a bill in Congress to block manufacturers' limits on medical devices, spurred by the pandemic. In Europe, the European Commission announced plans in March for new right-to-repair rules that would cover phones, tablets, and laptops by 2021. In less than two weeks, Massachusetts voters will consider a measure that would make it easier for local garages to work on cars. And in more than 20 statehouses nationwide, right-to-repair legislation has been introduced in recent years by both Republicans and Democrats. Over the summer, the House advanced a funding bill that includes a requirement that the FTC complete a report on anticompetitive practices in the repair market and present its findings to Congress and the public. And in a letter to the Federal Trade Commission, Marine Captain Elle Ekman and former Marine Lucas Kunce last year detailed how mechanics in the American armed forces have run into similar obstacles...

Manufacturers argue that their products are repairable, and that they are protecting consumers' safety, privacy and security by restricting who does the repairs. Apple, for instance, limits consumers from repairing their devices by requiring specific tools or authorized parts. "When a repair is needed, a customer should have confidence the repair is done right," Jeff Williams, Apple's chief operating officer, said in a release last year. "We believe the safest and most reliable repair is one handled by a trained technician using genuine parts that have been properly engineered and rigorously tested."

Right to exclusive profit fits better

By burtosis • Score: 3 • Thread

When a repair is needed, a customer should have confidence the repair is done right

Or, to put it simply, they want all of the repair market pie. We still let people fix thousands of pounds of steel and plastic that can quickly accelerate to high speed while people are not only standing nearby but are actually on board. There are virtually no problems with this and the ones that have come up have been solved to nearly everyone’s satisfaction. They can take their monopolistic ideals of making repairs illegal and shove them up their collective a$$es.

This is a EU thing

By BAReFO0t • Score: 5, Insightful • Thread

Forcing charger compatibility,
GDPR,
now, right to repair...

It seems we got some guys on our side in there, and somehow they manage to run the show.

Since I always assume, every "modern" "democratic" government is a mere oligarchy of think tank lobbies (mosty corporations, but far from only), I wonder what groups might be the ones who are pushing this.

I just wish for a GPCR and a GPMR in the future.
A General Part Compatibility Regulation and a General Product Modularity Regulation.
Meaning everything from phones to power tools to operating systems and apps to cars must be built in a modular way, with standardized interfaces, that allows mixing and matching to what you actually need.
Like PCs.
It is why IBM compatibles became so successful back then, after all.
And that I can buy *plain* versions of foods, cause I am able to put wine in my damn sauerkraut myself, if I wish to, thank you very much! (Yes, I am German. How did you know? ;)
So many "new" products are just two common products, combined. And then you cannot freaking buy them alone anymore, and all the other choices are gone!
And right now, I am hopeful.

Apple, John Deere, etc.

By DontBeAMoran • Score: 5, Insightful • Thread

While I agree with companies in principle, I mean nobody wants a botched repair, the fact is that they can charge a fortune for their parts, for the custom tools required for repairs and for the training of repair technicians.

The other fact is that things are a lot more complicated to diagnose and repair than three decades ago. Back then, someone with basic knowledge could swap ICs on a Commodore 64 PCB, repair machinery engine, etc.

These days, everything is to tightly integrated and engineered to extreme specifications that the slightest error in repair can completely destroy what you're trying to repair. And if you botch the repair, you're the one to blame for messing it up but the company is also to blame because their made their product near-impossible to repair.

Maybe the solution is to force manufacturers to make everything modular so that almost any idiot with a screwdriver can open the thing up, remove the defective part, insert the new part, close back the thing. Repair done. However, say goodbye to things like thin smartphones and small, thin and light laptops.

The one light at the end of the tunnel is that I hope, if such laws were to pass, that they'd also force companies to standardize parts. Ex: buy a MacBook Air, open it up, remove the keyboard and install an ASUS keyboard instead. All companies would need to work together to establish the standards, but they've done it before (ISA cards, PCI cards, PCIe cards, M.2, RAM slots, ethernet, USB, USB2, USB3, USB-C, VGA, DVI, HDMI, DisplayPort, etc). Of course they'd be allowed to set desktop, laptop and tablet+smartphones standards, just like RAM modules today.

Imagine being able to add more RAM to your iPhone or iPad. And while we're at it, force them to use simple names for the standards. Ex: "Smartphone and Tablet RAM 2020".

I also believe that Apple does the best repairs

By Dixie_Flatline • Score: 4, Interesting • Thread

...But I still think there should be a right to repair.

I took my iPhone XR to the Apple Store to have the screen replaced. It was under warranty. Even though it was during the iPhone 12 launch day, and they have a lot of stuff going on to limit contact between patrons at the store and the employees, I never spent more than 5 minutes during drop-off and pick-up in the store (I timed it). It took them about half an hour to replace the screen. Same day service, which is important when the device is as important as your phone.

All that to say, if I broke my phone again, even out of warranty, I'd probably take it to Apple. I can trust them to do the job well, and quickly. I'm willing to pay for that.

But it's absurd for Apple to bar other places from repairing Apple devices, whether explicitly or by withholding parts and manuals. Apple's provided me with customer service that I'm willing to pay for, and that should be enough. People will come to your store for repairs if the value exceeds the price. Just keep doing a good job on the customer service front and you won't ever have to worry about 'losing' valuable repair dollars to 3rd parties. Honestly, if everyone is as bad at it as Apple thinks, they should be happy for the new business when someone comes in and buys a whole new iPhone because a screen replacement was botched.

Snopes.com Exposes 4chan Campaign to 'Kindle Mistrust in Snopes'

Posted by EditorDavidView on SlashDotShareable Link
"This is the perfect moment to do this. This is an age of conspiracies for boomers... Let's kindle their mistrust in Snopes and other fact checkers," wrote one 4chan poster.

Snopes.com later reported: In October 2020, a series of threads was posted to the anonymous internet forum 4Chan as part of operation "Snopes-Piercer," a smear campaign with the stated goal of "red-pilling some normies" — internet slang for a propaganda technique in which distorted, fabricated, or skewed information is used to further a self-determined "truth." In order to "red-pill" these people (one thread noted that "boomers" were the primary target), the plan was to create and circulate doctored screenshots of Snopes fact checks to make it appear as if Snopes fact-checkers addressed claims that we had not.

Over the next few days, users created and shared these fake Snopes screenshots in a number of additional 4chan threads. These images were also posted on social media sites, like Twitter.... Some were humorous (we did not actually address the claim that CNN reporter Chris Cuomo was actually Fredo from "The Godfather"), some were insidious (we did not really publish a fact check questioning the Holocaust), and some were political (we did not publish a fact check questioning the results of the 2020 election before the election happened)...

These red pill campaigns all follow a basic formula. The user decides what they want to be true and then they set out to find, or manufacture, the evidence to support that truth. A concerted effort is then made to spread these false narratives to as wide an audience as possible in order to "red-pill" the general population. In this formula, the desired "truth" comes first. The "evidence" comes second.

It goes without saying that this method is antithetical to the mission of Snopes, fact-checkers in general, journalists, and anyone seeking an objective view of reality.

Re:Snopes are dopes

By hey! • Score: 4, Insightful • Thread

Everyone has biases. The issue isn't how you arrived at your positions, it's how you *justify* them. Snopes tries to document its position using evidence, and therefore their arguments can be negated. Sometimes, like everyone else, they're wrong. But what's unusual about them is that then you can prove their argument is wrong.

Saying, in effect, "don't believe these guys' conclusions because they have a different political orientation than us," well, that's an intrinsically *unassailable* statement. That doesn't make it a good argument though. People can take it or leave it entirely based on their prior assumptions, so it's good for lazy people.

You can stop reading at this point:

By alternative_right • Score: 3 • Thread

internet slang for a propaganda technique in which distorted, fabricated, or skewed information is used to further a self-determined "truth."

Nope, red-pilling means introducing off-narrative facts in order to get people to distrust the rest of the narrative.

They figure out the bigger picture themselves. It's different than Leftist propaganda, which tells you exactly what to think in trope with the others. It's more like the Socratic method, in that it says, "Are you sure that's really true? How do you know... that you know?"

Re:Snopes, you bring this on yourselves

By Entrope • Score: 5, Insightful • Thread

I picked my three examples because they were the most recent examples where their political agenda really shined through, not because they were particularly strong. I really don't care enough about Snopes to try to figure out what their strongest example is.

You are engaging in exactly the same kind of dubious defense that Snopes did: Because that guy doesn't hide that he got rich from his wife's dead relative, and because the Biden campaign knew about his political agenda and his money, the wide exposure of that information in the context of the campaign ad must have had nothing to do with pulling the campaign ad. It begs the question, and does not support a "mostly false" label.

Re:Snopes, you bring this on yourselves

By AleRunner • Score: 4, Informative • Thread

- victim-blaming a woman for picking up her flag

Hard to tell. it's very clear the woman was involved in and acted in the violence herself. Do you have hard evidence like an extensive video to show that she didn't instigate something before she dropped her flag? I can't find a clear complete video that starts from the beginning.

Given that Snopes finds mixed truth here and I can't prove they had better evidence yet, I have difficulty seeing how this proves your case.

Please provide hard evidence the lady was attacked and I will atttempt to get Snopes to correct this story, then we'll see how they react. Again, otherwise this just seems to show that people see what they want to see no matter how objective their target is.

Re:Snopes, you bring this on yourselves

By uufnord • Score: 4, Insightful • Thread
Snopes fact-checked a satire news site after some ass clown presented some of their news as fact, and not satire. That's why it needed to be fact-checked. I don't understand why you'd have a problem with this. It's _precisely_ why fact-checkers need to exist: to oppose claims of fact that aren't facts.

So How Good Is Edge on Linux?

Posted by EditorDavidView on SlashDotShareable Link
"No one asked Microsoft to port its Edge browser to Linux," writes Steven J. Vaughan-Nichols at ZDNet, adding "Indeed, very few people asked for Edge on Windows.

"But, here it is. So, how good — or not — is it..?" The new release comes ready to run on Ubuntu, Debian, Fedora, and openSUSE Linux distributions... Since I've been benchmarking web browsers since Mosaic rolled off the bit assembly line, I benchmarked the first Edge browser and Chrome 86 and Firefox 81 on my main Linux production PC.... First up: JetStream 2.0, which is made up of 64 smaller tests. This JavaScript and WebAssembly benchmark suite focuses on advanced web applications. It rewards browsers that start up quickly, execute code quickly, and run smoothly. Higher scores are better on this benchmark.

JetStream's top-scorer — drumroll please — was Edge with 136.971. But, right behind it within the margin of error, was Chrome with a score of 132.413. This isn't too surprising. They are, after all, built on the same platform. Back in the back was Firefox with 102.131. Next up: Kraken 1.1. This benchmark, which is based on the long-obsolete SunSpider, measures JavaScript performance. To this basic JavaScript testing, it added typical use-case scenarios. Mozilla, Firefox's parent organization, created Kraken. With this benchmark, the lower the score, the better the result. To no great surprise, Firefox took first place here with 810.1 milliseconds (ms). Following it was Chrome with 904.5ms and then Edge with 958.8ms.

The latest version of WebXPRT is today's best browser benchmark. It's produced by the benchmark professionals at Principled Technology. This company's executives were the founders of the Ziff Davis Benchmark Operation, the gold-standard of PC benchmarking. WebXPRT uses scenarios created to mirror everyday tasks. These include Photo Enhancement, Organize Album, Stock Option Pricing, Local Notes, Sales Graphs, and DNA Sequencing. Here, the higher the score, the better the browser. On this benchmark, Firefox shines. It was an easy winner with a score of 272. Chrome edges out Edge 233 to 230.

The article concludes that "Oddly, Edge, which turned in a poor performance when I recently benchmarked it on Windows, did well on Linux. Who'd have guessed...? Edge is a good, fast browser on Linux. If you're a Windows user coming over to Linux or you're doing development work aimed at Edge, then by all means try Edge on Linux. It works and it works well."

Yet Vaughan-Nichols admits he's still not going to switch to Edge. "Chrome is more than fast enough for my purposes and I don't want my information tied into the Microsoft ecosystem. For better or worse, mine's already locked into the Googleverse and I can live with that."

Neither

By markdavis • Score: 3 • Thread

>"I don't want my information tied into the Microsoft ecosystem. For better or worse, mine's already locked into the Googleverse and I can live with that."

You don't have to be locked in to or live with either. If you actually value choice, privacy, security, performance, and standards, there is an alternative.

https://www.mozilla.org/en-US/...

Ad-Block?

By VendettaMF • Score: 3 • Thread

The summary, at least, is missing the one and only question of value about browsers (beyond basic functionality). Does effective ad, script, cookie and tracker-dot/sound blocking exist, and is it independently verifiable?

Nothing else matters.

Firefox hater?

By marcle • Score: 5, Informative • Thread

Firefox does quite well in the benchmarks, yet the author seems to think his only choice is between Edge and Chrome, and he picks Chrome while acknowledging Google's intrusiveness. Were it me armed with the same information he shares with us, I would say skip both of the data suckers and go with the best privacy.

It's more important the it's there I think.

By brainchill • Score: 3 • Thread
More than quibbling over how good it is or why it's there I think it is a sign of some good/cool things happening for the linux desktop. After being on this train now for 20+ years it makes me happy to see companies like Microsoft, whose relationship with linux has been largely adversarial, porting actual desktop software to run on the platform. To me it's a sign that they've acknowledged that it's not going away so they are going to make an effort to leverage the platform financially. I'm excited to use a current Microsoft Office on a linux desktop some day .... pretending like the open source office suites are "just as good" isn't doing anyone any favors.

"Good" and "fast" aren't necessarily the same.

By hey! • Score: 3 • Thread

In most cases Chrome or Firefox are fast enough, although individual situations can differ (e.g. depending on hardware, add-ons, background workload).

But the really important thing is compatibility, especially for in-house apps; developers don't like having to test their work across browsers, and IT departments unlike online services can dictate what their customers use. Most IT departments are using a Microsoft development and server stack that makes it easy to target Microsoft browsers.

I wonder if Microsoft is anticipating a future problems with their desktop OS monopoly? Smartphones have already made the desktop monopoly less important, and Edge is already available in the Google Play store for Android and in the Apple Store for the iPhone. If you were expecting further erosion of your desktop monopoly power, you might try to leverage that into the browser space while you still can.

The Battle Over Chips is About to Get Uglier

Posted by EditorDavidView on SlashDotShareable Link
"We're in a new world where governments are more concerned about the security of their digital infrastructure and the resiliency of their supply chains," Jimmy Goodrich, vice president of global policy with the Washington-based Semiconductor Industry Association, tells Bloomberg.

"The techno-nationalist trends gaining traction in multiple capitals around the world are a challenge to the semiconductor industry." At once highly globalized and yet concentrated in the hands of a few countries, the industry has choke points that the U.S. under the presidency of Donald Trump has sought to exploit in order to thwart China's plans to become a world leader in chip production. Washington says Beijing can only achieve that goal through state subvention [funding] at the expense of U.S. industry, while furthering Communist Party access to high-tech tools for surveillance and repression. China rejects the allegations, accusing the U.S. of hypocrisy and acting out of political motivation. For both sides, Taiwan, which is responsible for some 70% of chips manufactured to order, is the new front line...

Citing the need to promote "digital sovereignty," the European Commission is exploring a 30 billion-euro ($35 billion) drive to raise Europe's share of the world chip market to 20%, from less than 10% now. Japan is also looking to bolster its domestic capacity. At least one Japanese delegation traveled to Taiwan in May and June this year in the hope of convincing TSMC to invest in Japan, a person with knowledge of the visit said. But TSMC announced in May that it was building a $12 billion facility in Arizona, and the company declined to receive any foreign visitors seeking to woo it, said another person familiar with the company's thinking....

A focus of Beijing is to accelerate research into so-called third-generation semiconductors — circuits made of materials such as silicon carbide and gallium nitride, a fledgling technology where no country dominates. Yet without silicon capabilities it will be difficult for China to build a proper semiconductor industry, said a senior TSMC official. Another person from a company involved in third-generation chip production said designing them is an art, and even poaching a team of designers won't necessarily guarantee success. The consensus is it won't be easy for China to catch up, especially at the cutting-edge where TSMC and Samsung are producing chips whose circuits are measured in single-digit nanometers, or billionths of a meter. SMIC [a partially state-owned Chinese semiconductor foundry] would have to double annual research spending in the next two-to-three years just to prevent its technology gap with those companies widening, says Bloomberg Intelligence analyst Charles Shum.

The tussle raises the prospect of a broader decoupling of the global industry with two distinct supply chains.

Re:Catch me, I'm right behind you

By Pinky's Brain • Score: 5, Insightful • Thread

The US has a pretty good chance of plain catching Taiwan, instead of catching up. Taiwan can become a vassal of the US, or it can be slowly isolated by China until surrender is the only option. Given the Arizona plant, they seem to be leaning towards vassal of the US.

Of course China will threaten nukes if the US creates a formal defence pact with Taiwan, but TSMC might be important enough to risk it ... the US should have never let the situation fester this long. Nixon and Kissinger fucked up royally.

Disappointing news

By Joe2020 • Score: 3 • Thread

I came here to read about fried potatoes and instead do I get to read about Trump again. Out of curiosity do I need to ask, what did Mr. Trump ever do that didn't turn ugly at some point? About anything the man has touched turned ugly, didn't it?

Next time

By ZombieCatInABox • Score: 3 • Thread

Next time, don't put your country's entire manufacturing buziness into to hands of a cruel, murderous dictatorship.

Isn't it possible that both are correct?

By CrankyOldEngineer • Score: 4, Informative • Thread

Yes, Trump is a moron. And yes, PRC is a murderous regime that uses its mercantilist trade policy and slave labor to exert influence all over the globe. It's not sinophobia to want to insulate ourselves from this. The more products we're dependent on China for, the worse off we'll be. Didn't we learn anything from the PPE and pharmaceutical shortage? That's only the tip of the iceberg.

Re: Catch me, I'm right behind you

By Pinky's Brain • Score: 4, Insightful • Thread

Very attractive until you want to take your holiday to see family in Taiwan and China gets paranoid about you never returning ...

Does Python Need to Change?

Posted by EditorDavidView on SlashDotShareable Link
The Python programming language "is a big hit for machine learning," read a headline this week at ZDNet, adding " But now it needs to change."

Python is the top language according to IEEE Spectrum's electrical engineering audience, yet you can't run Python in a browser and you can't easily run it on a smartphone. Plus no one builds games in Python these days. To build browser applications, developers tend to go for JavaScript, Microsoft's type-safety take on it, TypeScript, Google-made Go, or even old but trusty PHP. On mobile, why would application developers use Python when there's Java, Java-compatible Kotlin, Apple's Swift, or Google's Dart? Python doesn't even support compilation to the WebAssembly runtime, a web application standard supported by Mozilla, Microsoft, Google, Apple, Intel, Fastly, RedHat and others.

These are just some of the limitations raised by Armin Ronacher, a developer with a long history in Python who 10 years ago created the popular Flask Python microframework to solve problems he had when writing web applications in Python. Austria-based Ronacher is the director of engineering at US startup Sentry — an open-source project and tech company used by engineering and product teams at GitHub, Atlassian, Reddit and others to monitor user app crashes due to glitches on the frontend, backend or in the mobile app itself... Despite Python's success as a language, Ronacher reckons it's at risk of losing its appeal as a general-purpose programming language and being relegated to a specific domain, such as Wolfram's Mathematica, which has also found a niche in data science and machine learning...

Peter Wang, co-founder and CEO of Anaconda, maker of the popular Anaconda Python distribution for data science, cringes at Python's limitations for building desktop and mobile applications. "It's an embarrassing admission, but it's incredibly awkward to use Python to build and distribute any applications that have actual graphical user interfaces," he tells ZDNet. "On desktops, Python is never the first-class language of the operating system, and it must resort to third-party frameworks like Qt or wxPython." Packaging and redistribution of Python desktop applications are also really difficult, he says.

Right tool for the job

By Pimpy • Score: 3 • Thread

Different languages have different strengths and weaknesses for different applications, simply because a language isn't suited for a particular task doesn't mean that it makes sense to bloat or introduce feature creep into the language.

35 years old...

By bradley13 • Score: 5, Insightful • Thread

"But 35-year-old Python does have its weaknesses"

What a surprise. People complain that Java has problems, because it is 25 years old. There's a lot of cruft that accumulates, and frankly we have learned something in that time. Python is even older, and it's a scripting language, which is rarely ideal.

I can only figure that Python took off, because it was initially easier for non-programmers to work with an untyped language. They built toolkits, which made Python popular for AI applications. But just about any other language would have been better. Java would have been better. Heck, a lot of languages would have been better. But people go where the toolkits and frameworks are, so...

Re:This headline:

By nospam007 • Score: 4, Informative • Thread

"You must not have read the actual article. "

Obviously! We're not newbies with a 7 figure uid.

Re: Nah

By Viol8 • Score: 4, Interesting • Thread

"NoSQL DBs are fine for certain problems"

Niche problems that rely purely on key value lookups which are few and far between. Any complex business logic will require relational queries at some point. At best a NoSQL DB can be used as a side loading document store to complement the main DB in an RDBMS.

Re:Horrible language

By joe_frisch • Score: 4, Interesting • Thread

I don't like python, but I think the biggest problem is people trying to use it for *everything* - and in academia that seems impossible to resist. At my lab a lot of effort has been spent moving matlab code to python - even though the matlab code works and because of our educational status / contract, matlab with all toolboxes is free to all researchers.

We have have people doing numerical analysis and massive real time control systems in a language that is just not built for that type of work.

Google Patched an Actively-Exploited Zero-Day Bug in Chrome

Posted by EditorDavidView on SlashDotShareable Link
"Google released an update to its Chrome browser that patches a zero-day vulnerability in the software's FreeType font rendering library that was actively being exploited in the wild, Threatpost reported this week: Security researcher Sergei Glazunov of Google Project Zero discovered the bug which is classified as a type of memory-corruption flaw called a heap buffer overflow in FreeType. Glazunov informed Google of the vulnerability on Monday. Project Zero is an internal security team at the company aimed at finding zero-day vulnerabilities.

By Tuesday, Google already had released a stable channel update, Chrome version 86.0.4240.111, that deploys five security fixes for Windows, Mac & Linux — among them a fix for the zero-day, which is being tracked as CVE-2020-15999 and is rated as high risk. "Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild," Prudhvikumar Bommana of the Google Chrome team wrote in a blog post announcing the update Tuesday... "The fix is also in today's stable release of FreeType 2.10.4," Ben Hawkes, technical lead for the Project Zero team, tweeted. Meanwhile, security researchers took to Twitter to encourage people to update their Chrome browsers immediately to avoid falling victim to attackers aiming to exploit the flaw...

In addition to the FreeType zero day, Google patched four other bugs — three of high risk and one of medium risk — in the Chrome update released this week... So far in the last 12 months Google has patched three zero-day vulnerabilities in its Chrome browser.

PoC font file for anyone interested

By kmike • Score: 5, Insightful • Thread

Attached to the Freetype bug case:
https://savannah.nongnu.org/bu...

Does "zero-day" actually mean anything anymore?

By mark-t • Score: 4, Interesting • Thread

It used to be the case that zero-day meant that an exploit was discovered within the same day that the thing being exploited was released... but at some point, the definition mutated to become an exploit that is discovered outside of the organization it was created in before the developer knows about it or has a fix for it.

Which in actuality is a bit weird... because almost all exploits would fit that definition, since if the developer has a fix for it, then the exploit doesn't work in the first place.

Buffer overflow in the year 2020

By MrL0G1C • Score: 4, Interesting • Thread

Why are buffer over-flows still working? Isn't this what DEP* and ASLR** are meant to prevent? Windows 7 is EOL and it has DEP and ASLR. So why is this news news?

*Data Execution Prevention
**Address Space Layout Randomisation

Chrome Caught Exempting Google Sites From User Requests To Delete Data

Posted by EditorDavidView on SlashDotShareable Link
This week the Verge reported: If you ask Chrome to delete all cookies and site data whenever you quit the browser, it's reasonable to expect that this policy applies to all websites. Recently, though, a bug in the browser meant data wasn't being removed for two sites in particular: Google and YouTube.

This problem was first documented by iOS developer Jeff Johnson on his blog. Johnson found that in Chrome version 86.0.4240.75, "local storage" data for Google.com and YouTube.com stuck around even after restarting the browser. We've been able to replicate similar behavior... The Register notes that Chrome's behavior could allow Google to stash cookie-style data as site data, allowing it to track users even when they think they're being careful by deleting their cookie and site data every time they close the browser.

In a statement, Google said it was aware of the issue and was working on a fix... At least one of the affected sites, YouTube, appears to have already been fixed. After we upgraded the Chrome browser to version 86.0.4240.111, YouTube's local storage data seems to successfully purge after a restart, although the data from Google.com still sticks around.

Re:Still using Chrome?

By Z00L00K • Score: 5, Insightful • Thread

I only use Chrome for limited purposes.

The main reason for Google not erasing the data related to Google sites is because they "need" that data to build a profile on you and if that data is erased then you damage their statistics.

Re:Bug? I think not.

By khchung • Score: 5, Insightful • Thread

The bug was letting people find out the cookies were not deleted. After it was "fixed", no one will find out those cookies were kept no matter how hard you tried to delete them.

Re:"a bug in the browser"

By AmiMoJo • Score: 5, Informative • Thread

Lately Google has been making changes to the site storage API that could have triggered this bug. The changes were at the request of add-on developers to bring it up to parity with Firefox.

Previously add-ons could only delete cookies for a site, not other kinds of stored data. The improved API allows everything to be removed. The development history of Cookie AutoDelete charts the changes. So it looks like when they changed the API they broke something as this used to work.

If someone could be bothered to go back and test old versions, and maybe test Chromium as well, they could pinpoint exactly when it happened.

Re:Bug? I think not.

By MrL0G1C • Score: 5, Insightful • Thread

You're missing the point that you generally expect a browser to treat all sites the same and not write hard-coded code in the browser to treat different urls differently. The probability here is that Google wrote the code to check if the site is theirs and then skip it when deleting cookies. The likelihood of this happening any other way is very remote.

If you're using Chrome then either you're a newbie or you don't care about an advertising giant tracking you and building up a big database of data metrics about you.

I've experienced this personally.

By dmitch33 • Score: 3, Interesting • Thread
I have experienced this first hand. I maintain a website for my brother's band. They put some written music onto a webpage that wasn't properly secured (my bad) but had no link to it. Either you knew the name of the page or you didn't get there. Well, as Google uses its DNS server to scrape and published the findings in their search engine. It has been over 5 years and Google still refuses to remove the copyrighted material!! As no intelligent or lawful human is involved in this process it is clear to see why Google is EVIL!!

Cult Expert Predicts QAnon Adherents Will 'Get Angry and Exit'

Posted by EditorDavidView on SlashDotShareable Link
"From my time studying cults and helping followers escape them, I can reassure you that QAnon will disintegrate in the United States over time if effective measures are taken if and when Trump is defeated," writes prominent mental health counselor Steven Haasan: When cult adherents get confused, then ashamed, then realize they've been scammed, they get angry and exit. While some followers may continue to believe in the cult for some time — especially if they stay in an information silo — eventually contact with family and friends who care about them and others who have escaped from cults can and will help people come back to themselves. People are not permanently programmed, despite what some pundits and politicians may say. Like fashions and fads, movements end.

How do we dismantle a dangerous cult safely and turn this into yet another American fad as embarrassing as bell-bottoms, polyester and pet rocks? By dismantling the power of its mythology so people who have been pulled into it return to independent thinking. Fundamentally, QAnon is a mind virus, and we must bring the rate of transmission down. For starters, stop mocking QAnon and calling it a conspiracy theory; it is a psy-op, an intentional online cult movement aimed at recruiting and indoctrinating people into an all-or-nothing, us-vs.-them, good-vs.-evil frame. It is important to understand that QAnon believers think they are heroes and believe they are aligned with a righteous cause. We must take them seriously and build a rapport of respect. In other words, agree and amplify that human trafficking is bad and wrong. Then show legitimate groups fighting trafficking... Reclaim this issue and demonstrate that QAnon is talking about it but does nothing, while others are taking action to make a difference...

[W]hile QAnon promoters are currently being removed from the internet platforms they use to spread their propaganda and interact with adherents, as they should be, this approach will only temporarily disrupt and slow down new recruits, rather than help anyone exit. In fact, these moves can validate followers' beliefs that they are being persecuted, while a large percentage of cult members will simply be directed to alternative platforms... The key to helping these folks out is more respectful interaction — not cancel culture, demonization or mockery. People need to be able to exit with dignity. We need to find ways to allow people to return to society with their humanity intact, in a way that honors the very real questions that led them to look toward alternative answers in the first place.

Re: Guys ... I'm a conservative ...

By Nidi62 • Score: 5, Insightful • Thread

Not sure how you missed all the Q signs/merchandise at Trump rallies, the sheriffs deputies wearing Q patches when meeting Trump down in Florida, the head of a NYPD union doing a Fox News interview with a Qanon mug plainly staged and displayed in the background, high profile former administration officials like Mike Flynn taking a QAnon pledge on YouTube, the hashtag/catch phrase WWG1WGA(where we go one, we go all) plastered everywhere, and actual elected officials openly supporting QAnon theories. Either you live under a rock or you are intentionally burning your head in the sand.

Re:Is Qanon so bad?

By drinkypoo • Score: 5, Insightful • Thread

Leftists celebrate differences, righties fear them.

That's why to righties it seems like leftists are "dividing" people. No, we're recognizing their differences. There are real differences between people, and recognizing them is key to serving those people's needs, which differ as well.

Righties don't give a fuck about other people's needs. If they see people as all the same, it's only to avoid recognizing that they have different problems and issues in their lives. It's much easier to pretend that everyone is all the same, because then you don't have to think — especially about how your actions affect different people differently.

Re:Interesting analogy

By lexman098 • Score: 4, Interesting • Thread
You are quite obviously not paying attention.

Before I say anything else, let me point out that according to 538 crunching the numbers, there is about a 15% chance Trump will win, 85% Biden. Trump is on his way out...

Either you're not paying attention or have a very short memory.

Record breaking unemployment levels for minorities (best ever)

It's supposedly best-ever unemployment rates for everyone. Minorities are still the highest. The numbers are bullshit though since they don't take into account people that have given up, part time workers struggling with multiple jobs etc. The gig economy is helping unemployment numbers but not really helping people in a lasting way.

great performance for retirement investments

This is QE from the fed. Trump obviously has little influence with the fed given his constant whining about how the fed should reduce interest rates to make him look good. Also, keeping interest rates so low for the long term isn't necessarily a good thing.

while signing off on policies that just kept working well.

Like his policy of separating children from their mothers at the border? Right, your 401k is doing well so who gives a shit really?

US administrations since the 1960s have been trying to bring peace in the middle East, to normalize relations between Israel and their neighbors. With damn little progress in 60 years. I can't believe Trump has brokered normalizing relations between Israel and FOUR different Muslim nations. Not one, not two, but four. Wow.

The hard part in those 60 years has been brokering peace between Israel and the *Palestinians* which they kicked out of their country in a racist attempt to have a 100% jewish state. We now have an apartheid which Trump has all but signed off on by moving our embassy to Jerusalem.

For decades every presidential candidate have vowed to move the US embassy in Israel to Jerusalem and for decades every president has reneged on that promise, to avoid upsetting the Muslim nations.

Please find a quote from a democratic presidential candidate to backup this claim. They didn't want to move the embassy because it would be the end of their hope for a two state solution. It has literally nothing to do with any other Muslim country.

For someone that supposedly doesn't like Trump you sure seem to be quite wilfully ignorant of his failings.

Re:It's metaphor

By JustAnotherOldGuy • Score: 5, Insightful • Thread

Unless of course you ask him how he ended up with a reported net worth of 9 million dollars despite ten million dollar gifts from China and Russia.

Well golly gee why don't you look at his tax returns? He released 22 years of them which is more than we can say for President Super Spreader.

So, ummm, what were you babbling about?

I was hacked by a meme - experience report

By remoteshell • Score: 3 • Thread
Around 2008 I was hacked by a survivalist meme that said "buy gold 'n silver, firearms and survival food". I prepped for a forest fire. In a flood in 2013, I was evaced on an Apache helicopter - the flood washed out roads to my home in Jamestown, CO. After the roads were partially restored, I was worried about looters - I had been listening to conspiracy oriented right-wing radio (KHNC AM in Colorado - truly weird stuff - not Fox). I felt compelled to move my firearms and metals out, although looting never happened. A zipline was required to get the guns and silver out. I had hundreds of pounds of each. I had a team of trained software engineers that I used as pack animals - great fun! I came to realize that what I thought were assets were liabilities. I got rid of the firearms. Did I mention that precious metals are hard to liquidate, and nobody wants to barter them, in addition to being a really bad investment? The pallets of food stayed good (plug for Mountain House). But what are you gonna do with pallets of food? I sent 'em off the the Rosebud reservation in a COVID relief effort this summer so they'd get eaten by folks who needed 'em. I finally figured out that that the folks who were community oriented did a lot better than I - especially moms with school age kiddos. It took 5 years to rebuild the town. I joined the community and escaped the whacko meme that hacked my ideology - I was a lifelong liberal beforehand, and reverted to that mindset. Last week there were forest fires raging near the town, and I evacuated again, and joined in community in helping my family and other families. The lessons learned were that I'm hackable by memes and listen to mom.

Slashdot Asks: How Do You Feel About Btrfs?

Posted by EditorDavidView on SlashDotShareable Link
emil (Slashdot reader #695) shares an article from Linux Journal re-visiting the saga of the btrfs file system (initially designed at Oracle in 2007): The btrfs filesystem has taunted the Linux community for years, offering a stunning array of features and capability, but never earning universal acclaim. Btrfs is perhaps more deserving of patience, as its promised capabilities dwarf all peers, earning it vocal proponents with great influence. Still, [while] none can argue that btrfs is unfinished, many features are very new, and stability concerns remain for common functions.

Most of the intended goals of btrfs have been met. However, Red Hat famously cut continued btrfs support from their 7.4 release, and has allowed the code to stagnate in their backported kernel since that time. The Fedora project announced their intention to adopt btrfs as the default filesystem for variants of their distribution, in a seeming juxtaposition. SUSE has maintained btrfs support for their own distribution and the greater community for many years.

For users, the most desirable features of btrfs are transparent compression and snapshots; these features are stable, and relatively easy to add as a veneer to stock CentOS (and its peers). Administrators are further compelled by adjustable checksums, scrubs, and the ability to enlarge as well as (surprisingly) shrink filesystem images, while some advanced btrfs topics (i.e. deduplication, RAID, ext4 conversion) aren't really germane for minimal loopback usage. The systemd init package also has dependencies upon btrfs, among them machinectl and systemd-nspawn . Despite these features, there are many usage patterns that are not directly appropriate for use with btrfs. It is hostile to most databases and many other programs with incompatible I/O, and should be approached with some care.

The original submission drew reactions from three disgruntled btrfs users. But the article goes on to explore providers of CentOS-compatible btrfs-enabled kernels, ultimately opining that "There are many 'rough edges' that are uncovered above with btrfs capabilities and implementations, especially with the measures taken to enable it for CentOS. Still, this is far better than ext2/3/4 and XFS, discarding all the desirable btrfs features, in that errors can be known because all filesystem content is checksummed." It would be helpful if the developers of btrfs and ZFS could work together to create a single kernel module, with maximal sharing of "cleanroom" code, that implemented both filesystems... Oracle is itself unwilling to settle these questions with either a GPL or BSD license release of ZFS. Oracle also delivers a btrfs implementation that is lacking in features, with inapplicable documentation, and out-of-date support tools (for CentOS 8 conversion). Oracle is the impediment, and a community effort to purge ZFS source of Oracle's contributions and unify it with btrfs seems the most straightforward option... It would also be helpful if other parties refrained from new filesystem efforts that lack the extensive btrfs functionality and feature set (i.e. Microsoft ReFS).

Until such a day that an advanced filesystem becomes a ubiquitous commodity as Linux is as an OS, the user community will continue to be torn between questionable support, lack of features, and workarounds in a fragmented btrfs community. This is an uncomfortable place to be, and we would do well to remember the parties responsible for keeping us here.

So how do Slashdot's readers feel about btrfs?

Re:Very simple reason:

By DeHackEd • Score: 4, Informative • Thread

This is not literally true any more than it is for ext4, xfs etc. ZFS has its own cache that doesn't appear as normal cache memory on Linux, but like any other cache it will grow as needed, shrink under pressure and will largely consume most available RAM if nothing else wants it. Now yes there have been some interaction issues with the Linux memory subsystem resulting in less-than-ideal behaviours, the fixes for which are scheduled for the 2.0 release, but it's trying its best.

"1 GB of RAM per 1 TB of storage" is more of a reminder that big data (especially in the enterprise scenario) usually means busy data which means more cache can be hugely beneficial. Remember ZFS was originally designed as an enterprise filesystem. Don't blow all your money on hard drives and forget to make the PC/server adequate for the job as well... but if it's a low throughput media server for a small family go ahead and give it 4 GB of RAM and fill'er up with disks.

The snapshot *is* the difference

By raymorris • Score: 4, Interesting • Thread

There are two ways to find the differences - either track the changes as they are made (which impacts write performance to some degree) or figure them out later, when you ask for the differences (which takes a few seconds or more at the time you ask for the differences). *All* systems have to do one or the other, or a combination of the two. No system can know what the differences are unless it either tracks the changes as they are made, or finds those differences later. LVM can operate in either mode, at your option. It can also "find the differences later" very quickly by using some metadata. For every xMB you write of changes, it writes a few bytes of metadata indicating which extent you changed, so write performance is unaffected (less than 1%) but finding the differences is very fast.

With the standard stack (dm/lvm), the conventional (older style) snapshot *is* the differences. That's what a snapshot is, a volume that holds the differences between what was and what is, plus some metadata mapping a name to the pair.

If you list the volumes with la /dev/mapper/myvg/myvol* you'll see one with a name that ends in "-cow". That cow volume is the differences. The "snapshot", the "what it used to be" is a logical construction of origin volume + cow.

That's why writes can be slower in some cases if you use that style - because a write to the origin consists of first copying the old extent to the snapshot.

If you primarily want to work with "the differences" and you want to have the differences available instantly rather than waiting a few seconds you can use that type of snapshot by setting a maximum size for the snapshot.

With the newer style thin snapshots, write performance is unaffected because the relationship between the origin and the snapshot is a metadata construction. On write, the old extent is assigned to the snapshot rather than copied. See, a volume is really just a list of extents (data blocks). So with run snapshots it just updates the list to say that data block now belongs to the snapshot. Finding the differences is just a matter of comparing the metadata to see which extents are in one volume and not the other. The metadata is typically kilobytes, so that comparison takes maybe 1 second. That gives you the list of changed extents, which is a volume of "the differences".

btrfs is best we currently have

By Jezral • Score: 4, Informative • Thread

I want mutable snapshots, transparent compression, and deduplication. I used to use ZFS because it support those features, but ZFS gobbles RAM and is not usable for external USB HDDs - it would just die in an unrecoverable way every ~3 months. And ZFS snapshots are not writable - there is no way to delete a file from all snapshots and actually free up the space, because the underlying snapshot is immutable.

Switched to btrfs around 7 years ago, and it's great. Writable snapshots, transparent tuneable compression, on-demand deduplication. And with compress-force, the performance quirks with large files such as databases are mostly mitigated, because changes only need to COW the 128 KiB block it is modifying.

There are certainly still features missing from btrfs. Recovering RAID1 is abysmal - you get 1 and only 1 chance to replace a failed device, and if you do it wrong you need to recreate the array. And parts of btrfs is not aware of its own COW - e.g. defrag will unshare blocks.

But even so, I use btrfs on workstations, production servers, development servers, backup servers, etc, and it's been excellent. Just remember what the workload is and set the compress-force algorithm accordingly - though these days zstd is a really good default for everything.

Re:I'd say the opposite. Enterprise knows mirrorin

By rl117 • Score: 4, Informative • Thread

http://blog.netbsd.org/tnf/res...

ZFS provides all these separate layers internally. It's not one monolithic blob, it's got very clear separation between filesystem interface, data management and data storage. "RAID" is completely decoupled and abstracted via the ZVOL interface. Compression is separate from low-level storage. Etc.

When you break it all down and actually look at a more detailed version of the design, it's not too dissimilar to mdraid + LVM + filesystem. The big difference is in the integration between the layers. mdraid pretends that multiple discs are a single linear volume. ZFS knows that it can partition I/O across volumes based upon their performance characteristics and to ensure physical separation of data when storing multiple copies. When recovering data, it can also cryptographically verify which copy is correct. mdraid+LVM can't do that. When rebuilding an array (resilvering) the filesystem knows which blocks are in use and which are not, so it doesn't need to spend time replicating unused blocks, or error out if those blocks have discrepancies. mdraid+LVM+filesystem can't do that. It's more intelligent because it's not using limited abstractions to fake a single linear volume. Both at the mdraid level to aggregate storage and the LV level to split it back up as another level of fake linear virtual block devices. It actually understands where the data is laid out on the storage in reality, and can make real use of that information for performance, data integrity and data recovery.

Re:Still not mature

By Bengie • Score: 4, Interesting • Thread
The whole BTRFS still needs fsck tells me everything I need to know about it. ZFS doesn't ever need anything like fsck. Either it transparently handles an error because of its CoW design and duplicate blocks, or the error is so bad that there is no sane way to fix it. Essentially, in the absolute worst case ZFS can always rollback to the last known good version of the file system. How BTRFS manages to be a greenfield CoW file system made after ZFS and didn't manage to do versioned CoW is beyond me.

I've read some pretty good blogs detailing the issues that some sysadmins have with BTRFS. It pretty much comes down to a combination massive dose of second-system effect and a superficial understanding of the problem domain. BTRFS was made by devs for devs with no input from sysadmins who have to manage petabyte sizes datasets and the kinds of issues, both management and recovery, they have to deal with.

Really. ZFS has feature like independently configurable duplicate metadata and data blocks. Not only does ZFS have redundant data via RAIDZ, but it by default has 2 copies of every metadata block, which is any block not involved with holding file data. These blocks are stored at intelligent large offsets from each other so they can be easily found and they are highly unlikely to be affected by failure modes like a 16MiB SSD page being modified during a read-modify-write cycle and power loss. If a block is detected being corrupt, ZFS can check one of the duplicates and copy it over the corrupt one to fix it. Imagine your single non-RAID SSD corrupts all of the data within a 16MiB page, and transparently recovering with no data loss. Configurable redundancy for single drives.

Of course this uses more data, but that's up to the user to decide. For my pfSense use-case, I have 2 large cheap first-gen TLS 100GiB+ SSDs in RAIDZ with little chance of drive failure, but a high risk of transient dataloss or corruption from power loss from this cheap drives. I have all of the data configured in triplicate on each drive, for a total of 6 copies of the meta+file data. Many people say you don't need to do this with pfSense since it is trivial to create a new boot imagine and import the last config backup. But I don't want to waste my time. pfSense comes up instantly after every power outage as if nothing happened. And being only 1% full SSDs, entire pool scrubs take 1-3 seconds.

ZFS does have its bugs, issues, limitations, and gotchas, but is was designed from software engineers with decades of experience dealing with data recovery in enterprise settings.