Alterslash

the unofficial Slashdot digest for 2018-Jul-11 today archive

Contents

  1. 'RSS Has Already Won'
  2. New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed
  3. NASA Commercial Crew Program for Space Station Faces Delays, Report Says
  4. Google Quietly Enables 'Site Isolation' Feature for 99% of Chrome Desktop Users
  5. Broadcom Buying CA For $19 billion
  6. AV1 is Well On Its Way To Becoming a Viable Alternative To Patented Video Codecs, Mozilla Says
  7. FCC Promises to Fix Comment System Hijacked During Net Neutrality Repeal
  8. RIP Tata Nano, the World's Cheapest Car
  9. Battling Fake Accounts, Twitter To Slash Millions of Followers
  10. ARM's Own Employees Complain About Anti-RISCV Website
  11. No, the FCC is Not Forcing Consumers To Pay $225 To File Complaints
  12. Chinese Mobile Phone Cameras Are Not-So-Secretly Recording Users' Activities
  13. Software Beats Animal Tests at Predicting Toxicity of Chemicals
  14. Apple To Refresh Mac mini, MacBook Pro, iMac Lineups Later This Year, Report Says
  15. Hacker Steals Military Docs Because Someone Didn't Change a Default FTP Password
  16. 80 Percent of IT Decision Makers Say Outdated Tech is Holding Them Back
  17. Access To Major Airport's Security System Offered on Dark Web for $10
  18. Malls In California Are Sending License Plate Information To ICE
  19. VC Market Is on Pace for Strongest Year Since Dot-Com Era
  20. Chinese Scientists Have Developed the World's First Destructive Laser Rifle
  21. Autonomous Robots Could be the Future of High Flying Stunts in Hollywood

Alterslash picks the best 5 comments from each of the day’s Slashdot stories, and presents them on a single page for easy reading.

'RSS Has Already Won'

Posted by msmashView on SlashDotShareable Link
Brian Schrader, an independent software developer, writes: It's been a little over 5 years since Google Reader shut down and the world of RSS readers was tossed into the junk drawer of collective memory. But, looking back on it today, I'd actually argue that RSS and Feeds as a whole never really disappeared, only the Feed Readers did. In building Pine, and as a long time Feed Reader user, I've been pleasantly surprised over these last 5 years to see that most sites still have RSS feeds. Sure, Facebook and Twitter don't support them, but YouTube, Reddit, Squarespace, Wordpress and so many more do by default. Feeds of all kinds still exist, nearly forgotten, in the markup of most websites, and this means that Feed Readers can, and will, make a comeback someday. The foundations are already laid; the hard work is done. RSS Feeds became a standard, and were built into the tools we use to make the web today. It's almost as if we laid the tracks and built the trains for a trans-continental railroad, but we've just forgotten how to sell tickets.

YouTube support is at best reluctant.

By pots • Score: 5, Informative • Thread
YouTube does, technically, support RSS feeds, but you have to know the secret handshake in order to get the feed address. Saying that feeds are "supported by default" is a little over-optimistic. Google does everything short of completely banning feeds in order to get you to stop using them and sign up with their tracking service instead.

For the secret handshake, use either:

"https://www.youtube.com/feeds/videos.xml?channel_id=[your channel ID here, alphanumeric string]"
or
"https://www.youtube.com/feeds/videos.xml?user=[username here, but the username is not always the display name. Check page source.]"

and copy that address to your RSS reader.

RSS is flexible

By imidan • Score: 3 • Thread
I was working on a project with a guy who loved to over-engineer things. At one point, we wanted the ability to share XML documents between sites by advertising them and allowing remote sites to download them on their own schedule. He spent the evening in his hotel room drawing up a complex client-server system with an elaborate API. When we met the next morning, I said, "Why don't we just do it with RSS?" And over the next half hour we verified that RSS did everything we wanted it to, already has developed tools and APIs, and is super simple. We stood up that system in more or less its current state the Monday after we got back from the meeting. RSS FTW.

Self-host TT-RSS

By cerberusss • Score: 4, Informative • Thread

I think lots of people here have some server running somewhere. Install Tiny Tiny RSS (TT-RSS) on there, and be able to access it from anywhere. Totally open source. https://tt-rss.org/

What's great is that there are a number of RSS reading apps that you can point to your server, so it doesn't matter whether you're on mobile or on your desktop browser. For Android, I'd suggest just use the app from the same author. For iOS, I use Tiny Reader (App Store link).

RSS: Rumors of it's demise...

By rsborg • Score: 3 • Thread

Was just a blatant move to kill it off to get people to use G+ / FB / Twitter so our every engagement can be tracked and sold to the advertisers (and possibly nation-states).

RSS "lost" like Obi-wan lost in Episode IV. It was never really gone.

The main problem with RSS

By DrXym • Score: 4, Interesting • Thread
Feeds are great but they don't align with the business models of Facebook, Yahoo, Google, et al. A feed is something outside of their control, their algorithms, their aggregation. These days if you want to use feeds you have to get an extension to do it. I use Feedbro in Firefox which is quite nice for this purpose.

New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed

Posted by msmashView on SlashDotShareable Link
Two security researchers have revealed details about two new Spectre-class vulnerabilities, which they've named Spectre 1.1 and Spectre 1.2. From a report: Just like all the previous Meltdown and Spectre CPU bugs variations, these two take advantage of the process of speculative execution -- a feature found in all modern CPUs that has the role of improving performance by computing operations in advance and later discarding unneeded data. According to researchers, a Spectre 1.1 attack uses speculative execution to deliver code that overflows CPU store cache buffers in order to write and run malicious code that retrieves data from previously-secured CPU memory sections. Spectre 1.1 is very similar to the Spectre variant 1 and 4, but the two researchers who discovered the bug say that "currently, no effective static analysis or compiler instrumentation is available to generically detect or mitigate Spectre 1.1." As for Spectre 1.2, researchers say this bug can be exploited to write to CPU memory sectors that are normally protected by read-only flags.

Re:So

By gweihir • Score: 5, Interesting • Thread

We will see whether this holds up, but at the moment Intel is the one that played it fast and loose in order to have a few percent more performance, while AMD was far more careful and conservative and is now far less at risk and maybe not at all due to massively higher effort to exploit the subset of these vulnerabilities where they are affected. It is still possible that an easy to exploit variant will eventually be found for AMD too, but at the moment there is none.

Given that AMD has already done some additional things against this class of exploits in Zen 2, it may be that Intel CPUs will be a continued problem for the next years, while the same things may be more of an annoyance on AMD or not even present. Well, market dominance is never a good thing. Quality almost always suffers and prices get inflated. It would be a good thing if Intel got cut down quite a bit in size.

Of course, many people now have do defend their bad decision to not even have looked at AMD and they are intent to muddy the waters.

Re:Quick - Panic!

By Anonymous Coward • Score: 5, Insightful • Thread

1) Ridiculously difficult to implement.

It only has to be implemented once and copied. Re: Life.

2)Beyond trial code that is ALL based on the original POC distributed by virus vendors, etc. there is NO known implementation in the wild.

Until viruses use it. Viruses were original POC.

3) This requires the virus to be running ON your fucking computer!! If you are running ANY virus on your computer, you're hosed.

Re: Javascript

4) Derived from 3), for the forseeable future ANY virus on your system is about 28Giga-times more likely to be a standard, run-of-the-mill virus.

And one based on Meltdown and/or Spectre could potentially bypass all security without any possible generic fix. So, obviously it'd be nice to know about it.

Meantime, everyone is running around wanting to burn their CPUs because they are "vulnerable". FFS!! Does NO ONE have ANY perspective left anymore?!? /rant

Yes, /rant. Who's going around burning their CPUs? The point is to find out as many of the vulnerabilities now to start introducing fixes in hardware. And knowing there are more varied variants means the fix needs to be more generic. It also means that we have to start honestly considering the possibility that javascript can be an attack vector against CPU bugs, so that's something to mitigate against where reasonable.

But, yea, let's not point out the potential scope of this or light an impetus to change CPUs to mitigate these risk! We should just not really cover it. Then if/when the attacks do come because people find out how to make them more doable, we're then really boned. I mean, it's not like it takes years for CPU designs to be developed and deployed to replace current CPUs.

Re:Not many CPU designs are

By viperidaenz • Score: 5, Informative • Thread

ARM Cortex A8, 9, 12, 15, 17, 57, 72, 73, 75... all of those implement speculative execution are are all vulnerable to Spectre v1 and v2. Some also v3, v3a and v4
The A76 is only vulnerable to v1 and v4
https://developer.arm.com/supp...

IBM Power CPUs do speculative execution. IBM aren't fixing Power 6 and earlier.
Power 7, 8 and 9 have been patched apparently (requires both firmware and OS updates to mitigate)

I'm sure there's more.

Re:Advanced Micro Devices IMMUNE

By drinkypoo • Score: 5, Informative • Thread

Mitigation of prior SPECTRE attacks is cheaper on AMD than on intel. I would be surprised to learn that was not the case again. In addition, it's more difficult to exploit on AMD, and further, AMD was NOT vulnerable to all the classes of SPECTRE attack which affected intel processors. So while you're technically correct, there are also caveats.

Re:Not many CPU designs are

By OneHundredAndTen • Score: 4, Interesting • Thread
The much-maligned Itanium remains impervious to all these attacks. Just saying.

NASA Commercial Crew Program for Space Station Faces Delays, Report Says

Posted by msmashView on SlashDotShareable Link
Plans to launch the first NASA astronauts since 2011 to the International Space Station from the United States look set to be delayed due to incomplete safety measures and accountability holes in the agency's commercial crew program, Reuters reported Wednesday, citing a federal report released on Wednesday. From the report: SpaceX and Boeing Co are the two main contractors selected under the National Aeronautics and Space Administration's commercial crew program to send U.S. astronauts to space as soon as 2019, using their Dragon and Starliner spacecraft respectively. But the report from the Government Accountability Office said the issues could cause delays in the launch of the first crewed mission from U.S. soil by a private company and could result in a nine-month gap in which no U.S. astronauts inhabit the ISS.

Curtailing Musks cash cow?

By seoras • Score: 4, Interesting • Thread

I read this interesting piece yesterday "The War on Tesla, Musk, and the Fight for the Future".
Quote: "people with 10,7 billion dollars bet against Tesla stand to utterly lose their shirt".

Musk doesn't seem too bothered because, quote: "Musk can create contracts at will from SpaceX (and, to a lesser extent, Boring Company). SpaceX is on a roll and flush with cash." and this "Musk can sell off a portion of his SpaceX stake to personally bail out Tesla. There’s a massive demand for buying into SpaceX that hasn’t been able to be filled because it’s privately held. And Musk has shown repeatedly throughout his history that he isn’t, if anything, afraid to go personally “all in”."

I wonder how much Musk is relying on US Government contracts to keep his cash cow nice and fat if it needs to be slaughtered for Tesla?

Of course the other reason for this will be to allow Boeing to catch up but who'd pass up the chance to kill two birds with one stone.
I'd expect more to follow this If I'm right. I hope not.

Analysis from April

By Michael Woodhams • Score: 3 • Thread

My favourite space news and analysis site is www.nasaspaceflight.com. (This is a misnomer - it covers space stuff world wide, not NASA specific, and so far as I can tell has no affiliation with NASA.) They last looked at the commercial crew program in April in a pair of articles:
https://www.nasaspaceflight.co...
https://www.nasaspaceflight.co...

Both were pretty up-beat about prospects, however the SpaceX article says:

[...] SpaceX aims to conduct a crew test flight of Dragon, known as DM-2. This mission is currently slated for December 2018 but is likely to slip into early 2019.

And the Boeing article says:

Officially, Boeing is targeting August 2018 for its Orbital Flight Test (OFT), their uncrewed certification mission for Starliner, to be followed in November 2018 with their Crew Flight Test (CFT). Those dates are based on the last quarterly review by the Commercial Crew Program in February, and there is some indication that those dates are likely to slip at the next quarterly review in May – with the CFT slipping into 2019.

TFA takes early 2019 as a start point:

SpaceX and Boeing Co are the two main contractors selected under the National Aeronautics and Space Administration’s commercial crew program to send U.S. astronauts to space as soon as 2019, using their Dragon and Starliner spacecraft respectively.

and seems to be talking about delays beyond this.

“Boeing and SpaceX continue to make progress developing their crew transportation systems, but both contractors have further delayed the certification milestone to early 2019,” the report said.

Reading between the lines, I take it that there is a significant time between certification and first crewed flight, so certification in early 2019 means no crewed flight in early 2019. Both capsules will have an uncrewed test flight some months before the first crewed flight. I don't know whether certification comes before or after the test flight.

Re:NASA internal estimates confirm conclusion

By Jerry • Score: 4, Interesting • Thread

This is pure politics, with ULA buying its way to the top with political "contributions".
The USAF recently completed a bid process for launching secret missions and SpaceX won the bidding.
https://www.space.com/40978-sp...

"This is the fifth competitive procurement under the current Phase 1A of the EELV program since SpaceX entered the market to challenge ULA. The $130 million award for the Falcon Heavy launch is considerably lower than the average $350 million price tag for Delta 4 launches. "

https://fee.org/articles/compe...
"One of the keys to SpaceX’s success has been its ability to substantially undercut the prices of its competitors. While SpaceX lists its Falcon 9 rocket starting at $62 million a flight, the US Air Force budgeted $422 million for a single ULA flight in 2020."

In time competition will bring the competitors together. SpaceX will raise it prices and the ULA will have to cut their to compete. The ULA will switch from using Russian RD-180 engines to the BE-4 engine Bezos is developing, but hasn't begun engine qualification testing and doesn't plant to till 2019. Meanwhile, the ULA has ordered, and Russia will supply by the end of 2018, TWO new batches of the Russian RD-180 engine.
https://www.zerohedge.com/news...
Those engines make the ULA dependent on the Russians and pose a security threat to the US.

Amazingly, NASA says the ULA is "ahead" of SpaceX! Only in NASA and the ULA's political dreams. I wonder how much money changed hands for NASA "insiders" to claim the ULA is "ahead" of SpaceX when SpaceX builds and supplies every part of their American made Falcon9 and Falcon Heavy, engines included.

Re:Analysis from April

By Michael Woodhams • Score: 4, Informative • Thread

Update: An AC pointed to this article:
https://arstechnica.com/scienc...

This makes it clear that certification comes after the first test crewed launch, and is likely to be in the late 2019/early 2020 time frame.

The report shows when NASA believes Boeing and SpaceX will each have completed a single non-crewed test flight, a test flight with crew, and then undergo a certification process to become ready for operational flights. This is known as the "certification milestone."

So this is about when the second crewed flight of each capsule can happen. Possibly the first (test) crewed flight won't go to the space station.

Re:Curtailing Musks cash cow?

By Michael Woodhams • Score: 4, Funny • Thread

They make good solar systems, battery packs, and cars, and there is high demand for each.

I for one am dead keen on buying a good solar system. I want multiple habitable moons around a gas giant - that would be really cool.

Google Quietly Enables 'Site Isolation' Feature for 99% of Chrome Desktop Users

Posted by msmashView on SlashDotShareable Link
Google has quietly enabled a security feature called Site Isolation for 99% of its desktop users on Windows, Mac, Linux, and Chrome OS. This happened in Chrome 67, released at the end of May. From a report: Site Isolation isn't a new feature per-se, being first added in Chrome 63, in December 2017. Back then, it was only available if users changed a Chrome flag and manually enabled it in each of their browsers. The feature is an architectural shift in Chrome's modus operandi because when Site Isolation is enabled, Chrome runs a different browser process for each Internet domain. Initially, Google described Site Isolation as an "additional security boundary between websites," and as a way to prevent malicious sites from messing with the code of legitimate sites.

10%

By phantomfive • Score: 5, Informative • Thread
10% memory usage increase, according to the article. Defends against spectre and meltdown somewhat.

Is it just for the URL in the address bar?

By dwywit • Score: 5, Interesting • Thread

Or does it cover each and every third-party domain, e.g. all the advertising domains pinged by landing on a web page?

Those domains are just as dangerous, if not more so, than the domain shown in the address bar.

Disabled by default?

By iamagloworm • Score: 5, Informative • Thread
99% of users? I am on the latest chrome and it was disabled for me. Check at chrome://flags/#enable-site-per-process

Re:Registered /.ers review of the Win64 model

By nullbort • Score: 4, Informative • Thread
https://pi-hole.net/

So the approved ads

By AHuxley • Score: 4, Funny • Thread
really know the user is looking and only approved ads get displayed.

Broadcom Buying CA For $19 billion

Posted by msmashView on SlashDotShareable Link
Broadcom on Wednesday announced plans to buy IT management software company CA for $18.9 billion in cash, just months after U.S. regulators blocked Broadcom's deal to buy fellow chip-maker Qualcomm.

Some history of CA, via CNBC reporter Ari Levy: 14 years ago CA was called Computer Associates. The former CEO was charged with securities fraud, conspiracy and obstruction of justice. The lead prosecutor was a Deputy Attorney General by the name James Comey. "The investigators in this case went up against highly sophisticated and allegedly corrupt corporate executives who used every means at their disposal to delay, deceive and derail the government's investigation," Comey said. "The Computer Associates story also includes a failed cover-up, replete with lies to government investigators, lies under oath, and the use of attorneys to obstruct and impede the government's investigation of this fraud," he said.

CA

By ceeam • Score: 5, Funny • Thread

Oh, a software company. I thought California costs a little more.

Elephant graveyard...

By Anonymous Coward • Score: 4, Informative • Thread

I always thought of CA as the place where old software goes to die, or at least be sold without any intent to improve or even support it

And nothing of value was acquired...

By ndykman • Score: 3 • Thread

CA is where software is put to pasture and slowly dies. It seems like this is okay, but they will charge you quite a premium to use it until it finally keels over. Honestly, I can say that it is worth the effort o remove anything they have from your organization. Or move to another one if you can.

Hooray, more mergers and acquisitions

By rsilvergun • Score: 3 • Thread
I'm sure this ill only increase competition and lower prices.

AV1 is Well On Its Way To Becoming a Viable Alternative To Patented Video Codecs, Mozilla Says

Posted by msmashView on SlashDotShareable Link
Here's a surprising fact: It costs money to watch video online, even on free sites like YouTube. That's because about 4 in 5 videos on the web today rely on a patented technology called the H.264 video codec. From a report: It took years for companies to put this complex, global set of legal and business agreements in place, so H.264 web video works everywhere. Now, as the industry shifts to using more efficient video codecs, those businesses are picking and choosing which next-generation technologies they will support. The fragmentation in the market is raising concerns about whether our favorite web past-time, watching videos, will continue to be accessible and affordable to all.

Over the last decade, several companies started building viable alternatives to patented video codecs. Mozilla worked on the Daala Project, Google released VP9, and Cisco created Thor for low-complexity videoconferencing. All these efforts had the same goal: to create a next-generation video compression technology that would make sharing high-quality video over the internet faster, more reliable, and less expensive. In 2015, Mozilla, Google, Cisco, and others joined with Amazon and Netflix and hardware vendors AMD, ARM, Intel, and NVIDIA to form AOMedia. As AOMedia grew, efforts to create an open video format coalesced around a new codec: AV1. AV1 is based largely on Google's VP9 code and incorporates tools and technologies from Daala, Thor, and VP10.

Mozilla loves AV1 for two reasons: AV1 is royalty-free, so anyone can use it free of charge. Software companies can use it to build video streaming into their applications. Web developers can build their own video players for their sites. The second reason we love AV1 is that it delivers better compression technology than even high-efficiency codecs -- about 30% better, according to a Moscow State University study.

Re:Waiting for the patent trolls

By steveha • Score: 5, Informative • Thread

What is of more concern to me is how carefully AV1 has been constructed in terms of its coding tools to avoid patent trolling and patent submarining

I don't think you need to worry. When Google announced VP8, MPEG-LA publicly announced that they were setting up a patent pool for it; they encouraged all the patent holders who VP8 infringed to step forward and add their patents to the pool.

Nobody ever came up with anything, and after over a year, MPEG-LA accepted a small amount of money from Google in exchange for a promise to never sue over VP8. No patents, no royalties, just a one-time payment; that was pretty much unconditional victory for Google and VP8. The news coverage called this a "licensing agreement" but it was more like "here, take a small amount of money and go away forever."

https://techcrunch.com/2013/03/07/google-and-mpeg-la-sign-licensing-agreement-covering-googles-vp8-video-codec-clearing-the-way-for-wider-adoption/

When VP8 was first announced, many self-appointed experts here on Slashdot declared confidently that it just had to infringe on H.264 patents, as a reading of the standard revealed numerous similarities. I am not a patent expert but I was pretty sure they were mistaken about this... Google spent something like a year after they licensed the technology before they released the open-source VP8, and I assumed that they had paid patent lawyers to go over the standard and make sure it didn't infringe on anything. Also, it looked to me like the original developers of the code had deliberately studied the existing patents and implemented something just different enough not to infringe.

It may be possible that a patent could pop up from seemingly nowhere, some weird patent nobody was paying attention to, and AV1 would be found to infringe upon it. If this scenario is possible for AV1, what makes it impossible for H.265? In fact, I'd argue it might be more likely for H.265, which is a complicated thing to which many companies tried to contribute (so they could get a share of royalties). I would be interested to hear an expert's opinion on whether AV1 is less complex than H.265... I bet that it is. And more complexity would suggest greater danger from overlooked patents.

As for submarine patents, again I am not very worried. The USA changed its patent laws between 1995 through 2000 to prevent abuses like submarine patents. Patents are 20 years from the date of filing, so playing games with paperwork extensions can't keep a patent alive forever anymore; and since 2000 patent filings are public, so the secrecy needed for submarine patents is gone.

So unless someone has a suitable patent application, filed before the year 1995, that they have kept alive with paperwork wizardry in the patent office, and nobody knows about it, and they get it granted... unless all of that is true, it shouldn't be possible for a submarine patent to torpedo AV1.

Re:Snicker

By rahvin112 • Score: 5, Interesting • Thread

That was an interesting post by the founder of MPEG. He assumes that the rise of AOM will mean the end of video codec advancement because no on will be making money on codecs. He's completely and horribly wrong on that assumption. There is no longer a need to make money on the codec, the major content providers that provide video to the public have a massive incentive to continue to improve codecs because it literally costs them money. Google, Netflix, Apple, Facebook etc all save money if the Codec improves, and those savings can be multiples more than the licensing fees MPEG-LA collects.

The need for MPEG and MPEG-LA is over. HEVC should be a dead standard. The rise of AOM and AVC1 is a blessing to all of humanity. A free codec, developed and supported by the very people broadcasting and producing all the video. The very people with the largest incentive to continue to improve the codec because every byte saved saves them money.

MPEG and MPEG-LA should wander off into the night, they simply aren't needed anymore and have been destroyed by the same patents they sought to exploit.

Re:Snicker

By sjames • Score: 4, Interesting • Thread

What's really sad is that the patent pools are so packed with greed that they'd rather crap their pants and die an ignoble death than offer a better deal. They will not be missed.

I'd hardly say it's "well on the way"

By AbRASiON • Score: 4, Interesting • Thread

It's only just reached 1.0 and the encoding time of the codec is mind blowingly slow. It makes encoding HEVC look extremely fast.

I'm praying that AV1 takes off in a big big way, I like the idea of a superior codec, saving me disk space and being open source and free, my inner PC hippie is into that.

I don't know if it does every single feature HEVC or 264 does mind you, it might be crap at 10bit or 12bit or something, I just don't know, but my understanding is, it's fairly good.

None the less, it's not going to be replacing anything for several years. You need to wait multiple generations for smartphones, tablets, laptops, PCs, TVs and god knows what else to have new AV1 capable chips in them. Plus the encoder needs obvious, intense optimisation. Honestly the litmus test is when the piracy teams (or at least a few hardcore anime groups) start using the codec.

When I can replace some of my stuff on my NAS, with something at least 33% smaller and identical or better quality, I'm much more interested.
I do wish them well and I hope these hype articles continue, but patience will be a virtue here.

Re:Xiph's Daala.

By theweatherelectric • Score: 5, Informative • Thread
Mozilla employs people from Xiph such as Chris Montgomery, Timothy Terriberry, Jean-Marc Valin, and Thomas Daede. I don't think paying the bills is laughable. Mozilla has funded development of Opus, Daala, and AV1.

If it helps, here's a recent blog post from Chris Montgomery on AV1's contstrainted directional enhancement filter.

FCC Promises to Fix Comment System Hijacked During Net Neutrality Repeal

Posted by msmashView on SlashDotShareable Link
FCC boss Ajit Pai says the agency will finally take steps to shore up the security of the FCC's public comment system after being widely criticized for turning a blind eye to routine fraud and abuse. From a report: If you'll recall, more than 22 million Americans voiced their thoughts on the Trump FCC's attack on net neutrality last fall via the agency's website. The vast majority of comments opposed the move, closely reflecting surveys that show widespread, bipartisan support for the rules. [...] Not a single one of your comments was cited in the FCC's 218 page justification for its decision.

[...] Back in May, Senators Senators Jeff Merkley (D-OR) and Pat Toomey (R-PA) fired off a letter to Pai demanding he actually do something about the abuse of FCC systems. [...] In a response letter this week provided to the Wall Street Journal, Pai says the agency is finally taking steps to address the problem, while acknowledging his own identity was hijacked during the comment process. "It is troubling that some bad actors submitted comments using false names," Mr. Pai said. "Indeed, like you, comments were submitted in my name and my wife's name that reflect viewpoints we do not hold." Pai's letter, which wasn't publicly shared, states that the FCC hopes to eventually "rebuild and re-engineer" the commission's electronic comment system "to institute appropriate safeguards against abusive conduct." It also states that Pai will approach Congress for funding for the overhaul, something Pai likely knows may not actually happen.

Promises made, promises klept

By PopeRatzo • Score: 3, Insightful • Thread

The FCC also promises not to come in your mouth.

It's all just theater

By SoftwareArtist • Score: 5, Insightful • Thread

This is just another distraction. The real problem is that the FCC is owned by the industry it's supposed to regulate. It doesn't matter what comments you send. It doesn't matter who sends fake comments in your name. They don't give a damn about anyone's comments anyway. They're just going to ignore them and do whatever they want. But now they can pretend they're doing something good, and if they can get people talking about fake comments, maybe that'll distract the public from all the gifts they're giving to industry.

RIP Tata Nano, the World's Cheapest Car

Posted by msmashView on SlashDotShareable Link
From a report: Well, you guys, pour one out for the Tata Nano. The world's cheapest car is all but dead. According to Bloomberg, Tata Motors built one single Nano in June 2018. During the same month in 2017, Tata produced 275. As a final nail in the coffin, Tata told Bloomberg the car "cannot continue beyond 2019." The Tata Nano entered the Indian market in 2008 priced from just 100,000 rupees, or about $1,500. The price increased over time, and according to Tata Motors' website, an entry-level Nano starts at 236,447 rupees today, or $3,435 based on current exchange rates. Right from the get-go, the Nano was plagued with production issues, not to mention poor safety and dismal crash test results. The cars were also known to catch fire, which, uh, isn't good.

Re:Poor Safety and Dismal Crash Test Results

By Anonymous Coward • Score: 4, Funny • Thread

iPhones prove that cutting corners might not help with the cost anyway.

Easy to scoff, harder to respect

By rh2600 • Score: 5, Interesting • Thread
It's easy to scoff at a cheap car that cut obvious corners and was far behind what we expect for first-world motor vehicle transport that costs an order of magnitude above what millions of people in developing nations can affort...

It takes some mental effort to respect that fact that Tata brought car-based mobility to a new generation of people that otherwise couldn't afford the level of vehicles we enjoy in more developed nations today... it wasn't too long ago (~50 years) that we were driving cars worse in quality and safety than the Nano... and they cost a pretty penny even for first world nations at the time...so why begrudge and scoff at another developing nation's progress on the same path we also walked (albeit earlier)?

2 of Them

By Anonymous Coward • Score: 4, Funny • Thread

I got two Tata Nanos so I could have my own pair of tatas.

Re:Easy to scoff, harder to respect

By dryriver • Score: 5, Insightful • Thread
Nano was created to cut down on the huge number of motorcycle deaths in India. It was supposed to be a motorcycle priced car that gives you SOME chance of survival (whereas a motorbike in India gives you pretty much none). Which is precisely why Tata was eventually pressured into shutting down the Nano before it evolves into a cheap AND safe ride a few years down the road. That would have cost dozens of other bigger car makers hundreds of thousands or eventually millions of car sales every year. The fact of the matter is that in the world we live in, trying to create something that is cheap AND usable will often get you into trouble.

Nano was the car which brought down Tata Motors

By Frankie70 • Score: 5, Informative • Thread

Tata Motor was the #2 car company in India after Maruti Suzuki before they introduced the Nano. Nano was their CEO Ratan Tata's pet project. Ratan Tata assumed the car would sell on it's own without much marketing & advertising expenditure. But the car didn't. People preferred to buy a 2nd hand car which cost the same as a new Nano but was a much better car. Ergo, the Nano was a flop. But because it was the CEO's pet project, the company wouldn't let it go, they spent a lot of money & effort over years to make sure the car doesn't die. Tata Motors went to losses because of the time, effort & money they spent on the car. They lost their position in the market. It was only after Ratan Tata resigned & a new CEO took over that the company was turned around again. And now they have at last stopped production of the car - something which should have been done 5-6 years back.

Battling Fake Accounts, Twitter To Slash Millions of Followers

Posted by msmashView on SlashDotShareable Link
Twitter will begin removing tens of millions of suspicious accounts from users' followers on Thursday, signaling a major new effort to restore trust on the popular but embattled platform. From a report: The reform takes aim at a pervasive form of social media fraud. Many users have inflated their followers on Twitter or other services with automated or fake accounts, buying the appearance of social influence to bolster their political activism, business endeavors or entertainment careers. Twitter's decision will have an immediate impact: Beginning on Thursday, many users, including those who have bought fake followers and any others who are followed by suspicious accounts, will see their follower numbers fall. While Twitter declined to provide an exact number of affected users, the company said it would strip tens of millions of questionable accounts from users' followers.

Heh. Hasta la vista, "Influencers"

By TigerPlish • Score: 5, Insightful • Thread

I hope there's a ton of "influencers" in this purge. They're the most fakety-fake-fake of all "media personalities."

Pointless?

By duke_cheetah2003 • Score: 3 • Thread

Can they actually eliminate fake accounts faster than they are being created?

NextDoor next...

By jtara • Score: 3, Interesting • Thread

When they figure out how to weed out fake account, could they share their knowledge with NextDoor.com?

Even the most obvious fakes are approved, and seldom deleted. In fact, complaining about the fakes will get you suspended.

In my neighborhood, we have/had:

- Jack Mehoff
- Pat McGroin
- Flappy Flapstick
- Elenor Capstick (seems innocuous, until "she" posts back-to-back comments with Flappy Flapstick)
- A fake reporter and fake executive producer of news from a local TV station. I reported it to the TV station. It wasn't them. They were contacting people about doing "stories".

These along with more than a dozen others are/were all the same person, apparently somebody unhappy with their HOA. They post as their neighbors who are not signed-up with Nextdoor on some of the fake accounts. I got stuck in the middle of this by trying to be nice and helping somebody sort Internet provider options. I got suspicious when "Pat McGroin" (how did I miss that?!) said that he lived in a complex for the developmentally disabled. ("We are all developmentally disabled up in here" was my first clue this was not genuine...) He went from asking for help about Internet providers to fake claims of elder abuse.

So, I Googled, expecting to find a group home, etc.. Nope, a normal condo complex with units selling from $500K to $700K. And one ass-pain homeowner who harasses the HOA and neighbors any way he can.

NextDoor apparently doesn't even make the most basic of checks. This guy logs-out and then right back in under a different account. I can guarantee he isn't using burner phones or posting from multiple Internet cafes. They give users "invitations" that they can use to invite others, and they are probably automatically approved without any checks - because of the fallacy that the inviter is a legitimate account. As well, "neighborhood leads" have super cow powers, and can approve new users. So, it only takes one bad apple to either hand out their 25 invitations to fakes, or become neighborhood lead and then approve fake accounts.

In case you're not familiar - NextDoor is a hyper-local site that limits visibility to immediate and nearby neighborhoods. They require real names and verify identity and residence. In theory.

NextDoor wants users to fell "safe" on their site. It is anything but.

ARM's Own Employees Complain About Anti-RISCV Website

Posted by msmashView on SlashDotShareable Link
lkcl writes: Phoronix and The Register have an insightful look into an effort by ARM that is reminiscent of Microsoft's "Get The Facts" campaign. RISC-V's design is a revamp of the RISC concept that is intended from the ground up to fix the mistakes and learn from the lessons of the past 30 years. Power efficiency is 40% better than ARM or Intel. Compressed instructions reduce I-cache misses by 20-25%, which is roughly comparable to the same performance that would be achieved by doubling the Instruction Cache size. Yet despite El Reg's insightful analysis,
all is not as it seems: on further investigation, some of ARM's criticism has merit, whilst some of it is clear out-and-out FUD from ARM that, being so critically dependent on free software, had its own employees complain so much that the site was pulled.

Also we cannot help but wonder which "Big Chip" company offered seven-figure salaries to try to shut down the IIT Madras Shakti Project. Most interesting however is the fact that ARM -- a $40 billion dollar company -- is rattled by RISC-V enough to use underhanded tactics, whilst Intel on the other hand is actually investing.

Re:Of course they are rattled

By alvinrod • Score: 5, Interesting • Thread
I wouldn't say that. Companies like NVidia are doing a lot of work in designing cores that are made for deep learning and other types of specialty workflows where a general purpose CPU isn't as efficient or the amount of processing power needed is massive. Others like AMD have developed new interconnect technologies (they call it Infinity Fabric) that can be used to connect multiple small dies together on an interposer. This has massive ramifications as it means you can create massive dies in a much more cost-effective manner. We've also seen both Intel and AMD making moves towards APUs and with HBM (high bandwidth memory) it's eventually going to hit a point where x86 processors can become a SoC to that point that PCs become much more simplified. Maybe this doesn't have the wow-factor of some flashy new invention, but steady progress is often far more important than most of what people want to call "true" innovation.

RISC-V is also an ISA (instruction set architecture) which is not an actual chip implementation. It's very similar to ARM in that it allows for companies to develop their own implementations of the chip, much like how Apple, Samsung, NVidia, and Qualcomm all make their own cores. The only difference is that RISC-V doesn't cost anything to license. You'll still need to pay chip designers to create an implementation if you don't have an open implementation that's free to use and there's no guarantee that any free implementation fits the use case that you'd want to target. Even if it does, there's still no guarantee that someone's proprietary implementation doesn't have such significantly better performance that it's better just to pay the additional cost anyway.

This summary is a mess

By wonkey_monkey • Score: 5, Interesting • Thread

I don't think I've ever read a more confusing summary. Clarifying that RISC-V isn't ARM's baby would have been a start. The subject of each sentence is also hard to decipher - is The Register's (do we have to call it "El Reg"? That's so twee) analysis about RISC-V, or about ARM's anti-RISC-V site? And so on.

My Thoughts

By DaMattster • Score: 4, Interesting • Thread
ARM is scared of losing it's death grip over IoT and smartphones. Usually active FUD campaigns bely this real concern. One day ARM will have to come to grips with the fact that it will be toppled. ARM is about to repeat the same expensive mistakes that Microsoft did with its Get The Facts campaign.

Re:This summary is a mess

By Tailhook • Score: 4, Informative • Thread

I don't think I've ever read a more confusing summary.

It might have helped if the first part of this had appeared on Slashdot. But yes, the summary, particular the title, is hopeless. A better title might be: "ARM beclowns itself with FUD against RISC-V"

This is about ARM FUD against RISC-V that appeared yesterday on a new site setup by ARM marketing creeps. It was a shock to people that respect ARM, so much so that some argued it was a hoax. It took some investigation into the FUD site and its origins to convince people.

The fact is that what ARM sells is being commoditized. It's being commoditized because what they sell isn't all that novel any longer. The core of an ARM based integrated circuit is a small fraction of the value of these devices today; they real value is in the peripherals.

Re:I wonder why anyone cares at all

By Anonymous Coward • Score: 4, Informative • Thread

It should be noted that RISC-V also has a complicated decoder. "Compressed instructions" is just a soft way of saying it.

The complexity of the RVC decoder and the complexity of an x86-64 decoder are nowhere near the same.

The x86-64 can have instructions from anywhere from 1 to 15 bytes long, and it takes a lot of processing to determine how long an instruction is, especially with all the prefixes (like the REX prefix that sees so much use in 64 bit code for x86). This necessitates a state machine of some sort to parse the prefixes and apply their modification to the effect of the instruction in question. Each instruction is highly encoded, which requires a complex decoder to determine the length and operands, before the actual performance optimizations like register renaming begin. Additionally, each variable-length instruction may be split into multiple micro-ops. Intel makes highly performant processors despite, not because of, the instruction set.

Unless you have non-standard extensions, RISC-V instructions can either be 2 or 4 bytes (the 2 byte ones being the compressed instruction set). Instructions must be 2-byte aligned. It is trivial to calculate the length of any instruction in such a chip - if the least significant 2 bits are 11, it's a 4 byte instruction, otherwise it's a 2 byte instruction. In 4 byte instructions, the source and destination registers, and the highest bit of the signed immedate are always stored in the same place in the instruction word, allowing register renaming to execute in parallel, to a large extent, with actually decoding the opcode. The 2 byte instructions are not quite as clean, but still much simpler to decode than x86. (See page 70 of the RISC-V user-level ISA documentation.) Additionally, it seems that every 2 byte instruction is equivalent to executing a certain 4 byte instruction. (p. 81)

And yet, apparently RISC-V compressed is more concise than most variable-length encodings. (Including x86-64, IIRC. So much for "x86-64 uses memory bandwidth and cache more efficiently.")

Source for the RISC-V compressed instruction formats starts at page 67.

No, the FCC is Not Forcing Consumers To Pay $225 To File Complaints

Posted by msmashView on SlashDotShareable Link
Having your voice heard at the Federal Communications Commission could soon cost you hundreds of dollars, according to congressional Democrats Tuesday who oppose a looming rule change by the nation's top telecom and cable regulator. But that may not be the case after all, a review of the FCC proposal shows. From a report: At issue is a proposal that the FCC is expected to vote on Thursday that looks at the agency's process for handling "informal" complaints -- the kind you might file if you've received an unwanted robocall or if you've heard something indecent on the radio. Under the proposal, the FCC could soon pass the informal complaints it receives directly to the companies that consumers are complaining about, the lawmakers said in a letter to FCC Chairman Ajit Pai. That might result in FCC staff no longer reviewing those submissions, they said. And customers who receive no relief from the companies would then be forced to lodge a "formal" complaint at the FCC, an existing procedure that costs $225.

"To advise consumers that they file a $225 formal complaint if not satisfied ignores the core mission of the FCC -- working in the public interest," wrote Reps. Frank Pallone Jr. (D-N.J.) and Mike Doyle (D-Pa.). The controversy was first reported by the Verge. Staffers for the House Energy and Commerce Committee did not immediately respond to a request for comment. The FCC said in a statement that the lawmakers had misunderstood the proposal. "The item would not change the Commission's handling of informal complaints," the agency said.

Re:Um... did the submitter read what they wrote?

By jwhyche • Score: 4, Funny • Thread

So basically, the next time comcast starts fucking with me and I need to file a complaint, unless I want to pony up 225 clams, I might as well print it out, stick it up my ass, and set one end on fire. What good is the FCC now anyway?

Re:The real story here...

By RedK • Score: 5, Informative • Thread

Dead on accurate... after the fact. They changed their headline for one. It used to read :

"The FCC wants to charge you $225 to review your complaint".

Whereas it now reads :

"Democrats argue a new FCC rule would hinder consumers, but Commission says they got it wrong".

This is a typical tactic, where you post an initial story, with initial "wrong facts" and "sensational" headline. Get a massive ton of shares of social media and get the outrage rolling, and then silently update the story to be less biased/sensational when the initial surge of visits/shares has died down.

Make sure to hide the correction way down. The Verge's story has this paragraph now :

"Update and correction July 11th, 12:30PM ET: The article has been updated to include the FCCâ(TM)s response and to clarify that the informal complaints change was expressed by the congressmen; this article previously described the change as requiring consumers to pay a $225 fee, as stated in the letter."

So yes, The Verge's story was initially bad. It was just later amended to be "Oh wait, lol journalism, our bad". Why did you jump at "you right-wing" people right away and call it conspiracy ?

Here's the actual text of the rule, before and aft

By raymorris • Score: 5, Informative • Thread

Here's the old / existing version:

 1.717 Procedure.

The Commission will forward informal complaints to the appropriate carrier for investigation. The carrier will, within such time as may be prescribed, advise the Commission in writing, with a copy to the complainant, of its satisfaction of the complaint or of its refusal or inability to do so. Where there are clear indications from the carrierâ(TM)s report or from other communications with the parties that the complaint has been satisfied, the Commission may, in its discretion, consider a complaint proceeding to be closed, without response to the complainant. In all other cases, the Commission will contact the complainant regarding its review and disposition of the matters raised. If the complainant is not satisfied by the carrierâ(TM)s response and the Commissionâ(TM)s disposition, it may file a formal complaint in accordance with  1.721 of this part.

A quick summary of the old/existing process:
The FCC informs the company of the complaint. If they don't resolve it, the consumer can file a formal complaint ($255)

In actual practice - the FCC logs complaints to a database and acts when there are many similar complaints against a company, or similar companies.

And the new version:

1.717 Procedure.

The Commission will forward informal complaints to the appropriate carrier for investigation and may set a due date for the carrier to provide a written response to the informal complaint to the Commission, with a copy to the complainant. The response will advise the Commission of the carrierâ(TM)s satisfaction of the complaint or of its refusal or inability to do so. Where there are clear indications from the carrierâ(TM)s response or from other communications with the parties that the complaint has been satisfied, the Commission may, in its discretion, consider a complaint proceeding to be closed. In all other cases, the Commission will notify the complainant that if the complainant is not satisfied by the carrierâ(TM)s response, or if the carrier has failed to submit a response by the due date, the complainant may file a formal complaint in accordance with  1.721 of this part.

A quick summary of the proposed process:
The FCC informs the company of the complaint. If they don't resolve it, the consumer can file a formal complaint ($255)

In actual practice - the FCC logs complaints to a database and acts when there are many similar complaints against a company, or similar companies.

Re: The real story here...

By RedK • Score: 5, Insightful • Thread

If it's unclear what the facts are... don't state things as fact then, which the initial Verge headline did. That's like one of the big problems with current day journalism, it's not based on facts.

Again : stop making this a right vs left thing. It's a bad thing regardless of your side of the political aisle.

Fed preemption of action against phone spammers

By Ungrounded Lightning • Score: 3 • Thread

What bugs me is that the federal law preempts civil suits against the likes of phone spammers, those who ignore the do-not-call list, etc.

My family has our land lines on the do-not-call list and yet is running a higher ratio of junk to real calls than junk to real snail mail, and the robocallers are starting to show up on our cellphones (which is supposedly strictly a no-no).

If we could civil-sue the offenders (say, in small-claims court) for damages in the form of the cost of our time and resources in receiving those calls, we could recover at least some of our losses, while the offenders might think twice about re-offending. But we can't, because the federal government preempted such suits, and then doesn't take effective action against the offenders, so the level of offence, and resulting damage, explodes.

It seems to me that such preemption might constitute a "taking" under the Fifth Amendment (for the alleged "public purpose" of avoiding crippling legitimate businesses with bogus suits from disgruntled customers when they make a legitimate phone contact).

If so, the Fed owes us all a lot of money.

Anyone up for running a class-action to recover that? B-)

Chinese Mobile Phone Cameras Are Not-So-Secretly Recording Users' Activities

Posted by msmashView on SlashDotShareable Link
Oiwan Lam, reporting for Global Voices: It has been widely reported that software and web applications made in China are often built with a "backdoor" feature, allowing the manufacturer or the government to monitor and collect data from the user's device. But how exactly does the backdoor feature work? Recent discussion among mobile phone users in mainland China has shed some light on the question.

Last month, users of Vivo NEX, a Chinese Android phone, found that when they opened certain applications on the phone, including Chinese internet giant QQ browser and travel booking app Ctrip, the mobile device's camera would self-activate. [...] One Weibo user observed that the retractable camera self-activates whenever he opens a new chat on Telegram, a messaging application designed for secured and encrypted communication.

[...] After the news of the self-activated camera bug spread, users started testing the issue on other applications and found that Baidu's voice input application has access to both the camera and voice recording function, which can be launched without users' authorization. A Vivo NEX user found that once she had installed Baidu's voice input system, it would activate the phone's camera and sound recording function whenever the user opened any application -- including chat apps, browsers -- that allows the user to input text.

Black PVC tape

By gweihir • Score: 3 • Thread

The only way to deal with cameras that do not have a hard-wired activation light.

Re:Would the same be possible with Apple iOS?

By Solandri • Score: 4, Informative • Thread
Both iOS and Android already give the device owner control over what functions an app is able to access. For example, Android notified me that an update to one of the games on my tablet was asking for access to the microphone and camera. I of course denied those permissions (the game seems to run just fine without them). Since my tablet is rooted, I also get control over which apps are allowed to use the network. So even with the few programs which need such access (like a photo-to-PDF converter), I'm confident it isn't transmitting info about me back to the app maker.

There are two reasons for the problem.
  • Certain apps need such permissions. The voice input app mentioned in the summary requires access to the microphone to function. The maker of the app can then abuse that permission to use the microphone to record conversations and transmit them back to the mothership. This is even more insidious with voice recognition apps, which have to record conversations and transmit them back for the recognition stage anyway. At that point the difference between legitimate and illegitimate use becomes whether the company keeps the recordings on file, or deletes them after the recognition is completed (which is why I've long advocated that voice recognition be moved to the device itself now that processors are getting to the point where that's feasible). It's impossible for OS-level restrictions to prevent this type of abuse.
  • China has encouraged forking Android and developing its own version for use in the Chinese market. Ostensibly this is to reduce the amount of control foreign companies (namely Google) have over products used within China. Most people however suspect that it's done so the Chinese government can insert its own monitoring software directly within the OS itself. The kind of stuff the NSA only dreams it could do. The maker of an open-source OS has no control over what happens to forks.

Support Purism products

By TheDarkener • Score: 3 • Thread

Purism products offer hardware kill-switches for camera, mic and multiple radios (bluetooth/wifi/...). They are vigilant in defending against shit like what is happening these days, likely not only in China.

From Wikipedia ( https://en.wikipedia.org/wiki/... ):

"Librem is a line of computers manufactured by Purism, SPC featuring free (libre) hardware and software.[1][2][3][4][5][6] The laptop line is designed to protect privacy and freedom by providing no non-free (proprietary) software in the operating system or kernel,[7][8][9][10] avoiding the Intel Active Management Technology,[11] and gradually freeing and securing firmware.[12][13] Librem laptops feature hardware kill switches[14][15][16] for the microphone, webcam, Bluetooth, & Wi-Fi, and can be purchased air gapped."

If you support these companies the security and privacy bar for all manufacturers will raise.

Not limited to China

By OYAHHH • Score: 4, Interesting • Thread

Google,

On it's Android platform is scanning every single url your phone is accessing and feeding those URLs into it's spider.

How do I know? I am developing an Android app which has NEVER been released, thus the website URLs used are supposed to be 100% private. Google's spider has been scanning every single one of my private website urls as accessed by my private Android app.

So, this crap is not limited to China.

This is China

By nospam007 • Score: 4, Insightful • Thread

It's not a backdoor, it's a frontdoor.

Software Beats Animal Tests at Predicting Toxicity of Chemicals

Posted by msmashView on SlashDotShareable Link
Machine-learning software trained on masses of chemical-safety data is so good at predicting some kinds of toxicity that it now rivals -- and sometimes outperforms -- expensive animal studies, researchers report. From a report: Computer models could replace some standard safety studies conducted on millions of animals each year, such as dropping compounds into rabbits' eyes to check if they are irritants, or feeding chemicals to rats to work out lethal doses, says Thomas Hartung, a toxicologist at Johns Hopkins University in Baltimore, Maryland. "The power of big data means we can produce a tool more predictive than many animal tests."

In a paper published in Toxicological Sciences on 11 July, Hartung's team reports that its algorithm can accurately predict toxicity for tens of thousands of chemicals -- a range much broader than other published models achieve -- across nine kinds of test, from inhalation damage to harm to aquatic ecosystems. The paper "draws attention to the new possibilities of big data," says Bennard van Ravenzwaay, a toxicologist at the chemicals firm BASF in Ludwigshafen, Germany. "I am 100% convinced this will be a pillar of toxicology in the future." Still, it could be many years before government regulators accept computer results in place of animal studies, he adds. And animal tests are harder to replace when it comes to assessing more complex harms, such as whether a chemical will cause cancer or interfere with fertility."

Amazing stuff

By 110010001000 • Score: 3, Insightful • Thread
Further proof that machine learning and AI has real world use. This is replacing the suffering of millions of animals today. Truly useful.

Who do we blame if it fails?

By jellomizer • Score: 4, Insightful • Thread

If we take a toxin that kills us, but had passed Animal Testing, then it is just God playing trick on us. But if it is something that an algorithm didn't realize to check then it is the fault of man. And some poor grad student will get hit with a multi-billion dollar lawsuit for not realizing such a chemical is harmful.

This is actually with my Tongue in Cheek response. But also a reflection of our culture and its intolerance for mistakes, to a point where we are being held back on progressing, because there could be new mistakes made, even though overall it is a much better solution.

Count me skeptic

By Unknown User • Score: 5, Interesting • Thread
Maybe I'm old-fashioned but it seems to me that confirming that a substance is not toxic and predicting how toxic it may be are two very different things.

Those poor animals

By jbmartin6 • Score: 3, Funny • Thread
I say, rather than torture the animals, let us get rid of these government regulations and let the people who want these stupid products test them out.

Re:Those poor animals

By Gravis Zero • Score: 4, Interesting • Thread

Those poor animals. I say, rather than torture the animals, let us get rid of these government regulations and let the people who want these stupid products test them out.

The problem here instead of well cared for (poor) animals, you would be testing on literally poor humans. Exploiting the poor isn't what I call an improvement.

Apple To Refresh Mac mini, MacBook Pro, iMac Lineups Later This Year, Report Says

Posted by msmashView on SlashDotShareable Link
According to a note shared by reliable Apple analyst Ming-Chi Kuo, Apple is planning to refresh a number of its computing product lineups later this year. Via MacRumors: iPhone: There are three iPhones in the works, two OLED models in 5.8 and 6.5-inch sizes and one LED model that will be available in a 6.1-inch size.
iPad: Apple is working on two new 11 and 12.9-inch models that are equipped with a full-screen design and no Home button, with Apple to replace Touch ID with Face ID.
Mac mini: Processor upgrades expected.
MacBook Pro: Processor upgrades expected.
MacBook: Processor upgrades expected.
New Low-Priced Notebook: Kuo believes Apple is designing a new low-priced notebook. He originally said that this would be in the MacBook Air family, but now has changed his mind. Previous rumors have suggested this machine could be a 12-inch MacBook.
iMac: Significant display performance upgrade alongside a processor upgrade.
Apple Watch: Two new models in sizes that include 1.57 inches (39.9mm) and 1.78 inches (45.2mm) with an enhanced heart rate detection feature.

Re:I can't wait to see the new connector

By 93 Escort Wagon • Score: 5, Informative • Thread

They’re removing the few remaining ports... BUT introducing the new Apple AirDongle! Wirelessly connect all your wired peripherals to your laptop - at (up to) 802.11ac speeds!

Starting at $899 for the 802.11g model.

Re:Underwhelming

By apoc.famine • Score: 5, Interesting • Thread

Honestly - what is is there to do?

More ram, bigger hard drives, better video cards, better battery life, cheaper.

Software will always need bug fixes...

And a shit-ton of that. They haven't been keeping pace on bug fixes for years now. Even though I've ditched Mac at this point, I still check in MPG to see what I'm missing. And because my wife still has the last MBP.

I stumbled on the Core Rot series googling a very irritating bug which Apple didn't seem to be addressing. Come to find out, it was well known and a year old at that point. Still hasn't gotten fixed 3 years later.

Apple has bigger problems

By sjbe • Score: 5, Insightful • Thread

If only Apple also upgraded iTunes to a decent music player that does not skip randomly in the middle of a track to the next song

You actually use iTunes? I haven't fired that up in probably 3 years. Frankly Apple has bigger fish to fry than that obsolete piece of garbage. For example:
1) The Mac Mini and Mac Pro haven't seen a meaningful update in years and basically get ignored
2) The Mac Pro design is stupid and needs to be fixed ASAP
3) Apple still can't get seamless integration between their operating systems and devices for files and data
4) Apple still doesn't have a decent application for proper note taking with the Apple Pencil
5) It's time for the lightning connector to die in a fire and be replaced with USB-C
6) Apple needs more than a single USB-C port on certain of their laptops
7) Dongle hell
8) Apple Pay still not accepted enough places
9) Apple Pencil is a total afterthought with basically no useful software support unless you are a digital artist focused on the iPad (useless on a Mac)
10) Apple treats cases for their phones as an afterthought rather than an important part of the device despite nearly every customer buying one
11) iPhones can have a power cord or a wired headset attached but not both at the same time.
12) Apple Maps still lags behind Google's offerings
13) Apple is ignoring equipment for serious artists (why don't they buy Wacom?)
14) It's still unclear what Apple's next Big Thing will be. To grow the company they can't coast on the iPhone forever.

The list goes on and on. Apple does a lot of things right but they could be doing so much more/better.

I don't think they have a choice

By rsilvergun • Score: 3 • Thread
at some point you can't get parts that old anymore. Their suppliers would move on. Apples big, but not that big. They make money on high margin, not high volume.

Re:Apple has bigger problems

By Dixie_Flatline • Score: 5, Informative • Thread

For #8, it's important for Americans to remember that they're not the only country in the world, and a great deal of why Apple Pay isn't accepted everywhere is because American payment infrastructure is woefully outdated and still apparently relies on signatures on pieces of paper in a great many instances.

Apple Pay is accepted anywhere that tap-to-pay works, so that means here in Canada that a huge and growing number of merchants accept it. Apple Pay isn't really specifically some sort of tech magic that needs Apple specific merchant hardware to work, it just needs run-of-the-mill tap-to-pay terminals.

Hacker Steals Military Docs Because Someone Didn't Change a Default FTP Password

Posted by msmashView on SlashDotShareable Link
New submitter secwatcher shares a report: A hacker is selling sensitive military documents on online hacking forums, a security firm has discovered. Some of the sensitive documents put up for sale include maintenance course books for servicing MQ-9 Reaper drones, and various training manuals describing comment deployment tactics for improvised explosive device (IED), an M1 ABRAMS tank operation manual, a crewman training and survival manual, and a document detailing tank platoon tactics. US-based threat intelligence firm Recorded Future discovered the documents for sale online. They say the hacker was selling the data for a price between $150 and $200, a very low asking price for such data. Recorded Future says it engaged the hacker online and discovered that he used Shodan to hunt down specific types of Netgear routers that use a known default FTP password. The hacker used this FTP password to gain access to some of these routers, some of which were located in military facilities, he said.

Re:wow - just wow

By BlueStrat • Score: 4, Interesting • Thread

who has netgear equipment anymore? who allows default passwords anymore? wow

Yes, but let's make this all about the "hacker" and ignore anything to do with holding any US military or politicians responsible for making the breach possible. After all, cases like that of Lauri Love show that the go-to response by the US government for these sorts of situations is "kill the messenger!" whenever government incompetence and corruption are exposed, and this behavior is not limited to Left or Right. It's natural human behavior that's amplified and given power by having a too-powerful central government

Strat

Re:Never attribute to malice

By MightyMartian • Score: 4, Informative • Thread

The fact that FTP is being used at all is a big red flag for me. Unless it's sitting inside a fully encrypted tunnel, an FTP password is so trivial to steal even if it isn't an obvious password. There may be a few cases where one has to use FTP, but where I have been forced to use it (old hardware), it's ringfenced like nuts, and I'm not going to have an FTP server open on the Internet, unless it's some sort of publicly available archive where I don't care who downloads off of it.

compulsion

By bugs2squash • Score: 4, Insightful • Thread

Hacker Steals Military Docs Because Someone Didn't Change a Default FTP Password

Should read Hacker Steals military docs because she's a sleazeball

The lack of a proper password helped her commit the crime, it didn't compel it, she could of instead just told the authorities about the screwup

Into the Breach

By PopeRatzo • Score: 3 • Thread

Well, Trump said he'd run the government like a business. He just didn't mention that the business was Equifax.

Re:The data itself...

By freeze128 • Score: 5, Funny • Thread
They have a manual that describes tactics for the deployment of COMMENTS? Slashdot could really use that...

80 Percent of IT Decision Makers Say Outdated Tech is Holding Them Back

Posted by msmashView on SlashDotShareable Link
A study by analysts Vanson Bourne for self service automation specialist SnapLogic looks at the data priorities and investment plans of IT decision makers, along with what's holding them back from maximizing value. From a report: Among the findings are that 80 percent of those surveyed report that outdated technology holds their organization back from taking advantage of new data-driven opportunities. Also that trust and quality issues slow progress, with only 29 percent of respondents having complete trust in the quality of their organization's data. Nearly three-quarters (74 percent) say they face unprecedented volumes of data but struggle to generate useful insights from it, estimating that they use only about half (51 percent) of the data they collect or generate. What's more, respondents estimate that less than half (48 percent) of all business decisions are based on data.

Re:Gut-Based Decisions?

By Cajun Hell • Score: 5, Funny • Thread

What's more, respondents estimate that less than half (48 percent) of all business decisions are based on data.

So what you are saying, is that over half of all business decisions are based on "gut feelings"?

It's only estimated to be about half, based on their gut feelings. The data tells a different story about how much the data is getting used. I'm trying to make sense of the data but the math is actually kind of hard. But my gut tells me that this data tells me it's about half the decisions.

I'll revise my estimate as more guts come in.

The real problem is poor planning

By fish_in_the_c • Score: 3 • Thread

So you have outdated 'tech/software' 'holding you back'?

Can you show me the plan you made when you installed said tech and software for it's maintenance / convalescence? Including expected budget for upgrades and replacements in a reasonable and timely fashion?
  Did you ensure you would be able to migrate all important data from that proprietary vendor format to whatever the new best thing would be to avoid vendor lock in?
Do you have everything sufficiently documented so that someone else can take over when your expert retires? Did you spend the money and time to do these things right?

NO? That sounds like a MANAGEMENT problem. Would you have done that with little planning with any other kind of company resource? Company vehicles? Buildings? .... hmm... no?

Not *outdated tech*

By ilsaloving • Score: 5, Informative • Thread

Blah blah blah old tech bad blah blah blah new tech good blah blah blah. Oh look, a company that sells a SAAS service says that old tech is bad and new tech is good!

This is such a pathetic self-serving refrain and I am SO sick of hearing it.

"Old" tech does *not* hold you back. Generally speaking, it never has, and it never will.

What *will* hold you back? Poor management will hold you back. Badly implemented technology that leaves you with a big pile of technical debt will hold you back. Hiring people based on buzzword bingo will hold you back.

I know companies who, for example, went all in on Hadoop because it was "new" and "cool" and "let you slice and dice massive amounts of data data with ease". (Their entire dataset was less than 1TB) Less than a year later, and the entire effort has been discarded because the effort required just to maintain the thing was overwhelming compared to the value they were actually getting out of it. They were able to accomplish what they wanted with much less effort using a single simple instance of SQL Server.

The current culture of treating with disdain anything older than 6 months has to be one of the most profoundly idiotic notions to have ever come out of the computer industry. We have become fans of reinventing the wheel over and over, without so much as once thinking about whether there is even a benefit to the effort.

It's one thing to introduce a new technology for realistic, practical reasons, such as you simply don't have the manpower to implement said thing with what you already have. But do NOT just spew junk self-serving surveys that blanket says "you gotta throw out what you got and get this new shiny" because that's a lie and you know it.

It is really too bad

By bravecanadian • Score: 3 • Thread

That the IT decision makers are generally:

a) beancounters who create this technological debt out of ignorance and generally against the recommendations of their subject matter experts.

or

b) IT people who are knowledgeable enough to avoid this problem, but not powerful enough in the organization to follow through because of the beancounters above them.

Re:The tech isn't the problem

By Moryath • Score: 5, Insightful • Thread
PEBKAC explains most of these "IT Decision Makers" though. Rarely, if ever, is the "decision maker" technologically literate.

I did some contract IT for a construction company once. They had FOUR different "VPN Solutions". Two hardware ones on differing routers, two software ones that they'd decided to kludge together from "free to home user" alternatives like Hamachi.

The initial thing they were bitching about was that Hamachi had dropped the "free" option down to 5 computers max and several employees got frozen out. They wanted it "fixed", didn't want to hear that commercial use totally violated the "free account" terms of service and that Hamachi wasn't likely to change it without them paying money, and had lost all the documentation for either of their hardware solutions.

The "server" running an old NT4 domain? Oh yeah. Ancient as hell, looking to die any day, but the CEO didn't want to buy anything new or pay anyone to migrate it because "I spent good money on that and it was just fine when I got it and it still works."

I wasn't the first person to wind up just doing the duct tape repairs and I probably won't be the last. When I left, I wasn't even told they were firing me for a month (in which time they brought in a guy who was "tech savvy" to a site manager position, then threw a bunch of IT work at him and he quit, then they hired a second guy and did the same but he stayed, I guess). Three of their employees emailed me a couple month later asking me to come in to fix things for them because (a) "new tech guy" was never in the office and (b) they'd never been told I didn't do contract work for the company any more. I just emailed them back, told them I didn't do contract IT for the company more and that all my documentation had been returned to the CEO, sorry.

This is basically the same way virtually every "small business" winds up running, though. The people who make the pocketbook decisions (a) are technologically illiterate, (b) think that everything now is "free" or "cheap and easy with no maintenance" thanks to marketing drones and FOSS evangelists who go way the fuck too far overpromising, and (c) don't want to hear the words "preventative maintenance" or even "maintenance", ever.

Access To Major Airport's Security System Offered on Dark Web for $10

Posted by msmashView on SlashDotShareable Link
Researchers at McAfee found remote access to a major airport's security system available on the dark web for $10. From a report: The hacked access came from an online market for remote desktop protocol (RDP) accounts, which sell access to hacked accounts in all kinds of systems. "There's a lot of discussion about sophisticated nation-state attacks, but this was a really cheap way anyone could get access to something," Raj Samani, chief scientist at McAfee, told Axios. The RDP market isn't typically about purchasing access to systems to actually use the systems. Instead, buyers pay between $3 and $19 for access to machines based on bandwidth. Those systems are often used for their resources rather than their information.

Not too surprised

By xxxJonBoyxxx • Score: 3 • Thread
Call me "not surprised" after passing umpteen machines in the security line with unprotected USB slots. One good boot and...

Re:Not too surprised

By dgatwood • Score: 5, Interesting • Thread

Call me "not surprised" after passing umpteen machines in the security line with unprotected USB slots. One good boot and...

Next up: Girls Gone Wild, Airport Edition. See topless teens as only millimeter-wave scanners can see them. See gregarious grandmas with guns. And everything in between.

The only way to prevent people from seeing naked pictures of yourself is to never allow them to be taken in the first place. This includes the scanners at the airport.

Our civilization is a house of cards

By Rick Schumann • Score: 3 • Thread
Do I really need to explain this at this point?

Probably more than they spent on security

By gweihir • Score: 3 • Thread

I do mean on effective security, not all that worthless "compliance" bullshit.

Malls In California Are Sending License Plate Information To ICE

Posted by BeauHDView on SlashDotShareable Link
Presto Vivace shares a report from The Week with the caption, "And they wonder why some of us prefer to shop online." From the report: Surveillance systems at more than 46 malls in California are capturing license plate information that is fed to Immigration and Customs Enforcement, the Electronic Frontier Foundation reported Tuesday. One company, Irvine Company Retail Properties, operates malls all over the state using a security network called Vigilant Solutions. Vigilant shares data with hundreds of law enforcement agencies, insurance companies, and debt collectors -- including ICE, which signed a contract with the security company earlier this year, reports The Verge. "[Irvine Company] is putting not only immigrants at risk, but invading the privacy of its customers by allowing a third-party to hold onto their data indefinitely," EFF wrote in its report, urging the chain of malls to stop providing information to ICE.

Re:Invading privacy?

By Maxo-Texas • Score: 4, Insightful • Thread

Your current location is your personal information. It's as key as your appearance which IS legally protected I.P.

This is a huge problem in that it can make it easier for a fascist government to control the citizenry.

We should really be subverting and destroying these cameras. We've accepted the possibility of being enslaved in return for security from theft.

Re:Invading privacy?

By Maxo-Texas • Score: 5, Insightful • Thread

and after they finish with the illegals, then you may be in the next group they come for.

I have a friend who is a strong 2nd amendment supporter and gun owner. But he's *finally* realising that the scenario where right wing police show up and confiscate his guns after a major right wing person is shot is a realistic possibility.

Mr. Trump, for example, has already shown he's willing to set aside the rule of law and a love for dictators who don't have 2nd amendment issues.

Re:Invading privacy?

By currently_awake • Score: 4, Insightful • Thread
If it's illegal for the police to do something without a warrant then it should be illegal for the police to hire someone to do that action without a warrant. If the American Federal Government is paying you to do something then (as an employee) you should be subject to the Constitution of the USA while doing it.

Re:Invading privacy?

By Areyoukiddingme • Score: 5, Insightful • Thread

The fact is that a vehicle with a license plate was in a public place during specific times. You don't have a reasonable expectation of privacy is such a public place.

Until this decade, I damn well did. Until the latter half of this decade, I damn well did. While it was possible to track me and everyone else in that public place sooner, it cost too much, so no one did. Now it's so cheap, any asshole can do it, and every asshole is doing it and that's not ok. I expect to be able to move around in a public place in relative anonymity, without being tracked by tens or hundreds or thousands of random jackoffs like you. And this is completely reasonable.

Re:Invading privacy?

By HeckRuler • Score: 4, Insightful • Thread

I'm a big believer that, without a warrant, cops should be limited to what civilians can do. When the government does it, it's called tracking. When a civilian does it, it's called stalking. Both are illegal. Or at least should be illegal. We should have to deal with harassment from the cops any more than from ex-lovers.

VC Market Is on Pace for Strongest Year Since Dot-Com Era

Posted by msmashView on SlashDotShareable Link
Venture capitalists are spending cash at levels not seen since the dot-com era, and theyâ(TM)re raising money at a pace to match. From a report: Last quarter, VCs spent $27.3 billion in the U.S., according to a report set for publication Tuesday by research firm PitchBook and the National Venture Capital Association, a trade group. That's the most in any second quarter since the group began tracking quarterly data more than a decade ago. Combined with a record-setting first quarter, the VC market had its strongest first-half-year performance since 2000. The $57.5 billion invested in startups so far this year has already surpassed the full-year total for six of the past 10 years. This year is on track to exceed the $81.9 billion invested last year, which was itself a record since the dot-com boom.

the vc market

By phantomfive • Score: 3 • Thread
A lot of this money has been coming from China: people who are afraid of their own country and don't want to invest money there.

Re:Others

By ShanghaiBill • Score: 4, Interesting • Thread

Basically, they/he are trying to divest from oil because they know that it will run out one day

Actually, this is the opposite of what they worry about. They are discovering new oil fields, and new ways to keep old wells productive, far faster than reserves are being depleted. Their real concern is falling prices and a long term worldwide glut caused by over production.

Chinese Scientists Have Developed the World's First Destructive Laser Rifle

Posted by msmashView on SlashDotShareable Link
PopularScience: Chinese scientists have developed the world's first destructive, man-portable laser weapon. However, there is more to the story of this cool looking, but "less than lethal" directed energy device. The laser rifle is the ZKZM-500, developed by Xian Institute of Optics and Precision Mechanics in Xian, Shaanxi. It's manufactured by the Institute's subsidiary, ZKZM Laser. Weighing at 6 pounds (about the weight of a typical assault rifle), the ZKZM-500 has a range of 2,600 feet. The ZKZM-500 uses a lithium battery with enough power for 1000 two second shots (keep in mind, those 1000 shots may not be at full power). According to Institute designers, its laser is powerful enough to instantly scar human skin and tissue. It can also ignite clothing, knock a small drone out of the sky, or even ignite a fuel tank. That would place its power output around 100-500 watts (most surgical lasers top out at 100 watts).

Nigh impossible

By guruevi • Score: 4, Funny • Thread

- The laser module - sure it exists but it is going to be big and need water cooling if it's going to be of any use
- The weight - the module itself for a 500W laser comes in ~5kg. Even if they somehow got the module to fit in the 6kg they claim it weighs, the batteries and watercooling will pack on an additional 6-10kg.
- The power requirements ~0.3 kWh (not accounting for losses from water cooling and other gear), that requires a small motorcycle battery, even if made from Lithium, not something you easily carry around in a 6kg package.

Re:Not even remotely close to 'first'

By Oswald McWeany • Score: 5, Funny • Thread

1955??? In a backpack? The first operational laser was in 1960 in a lab.
http://www.press.uchicago.edu/...

Yes, but time travel was invented in 2045.

You don't know the first things about laser rifles

By Cajun Hell • Score: 4, Funny • Thread

All it takes to thwart any laser based weaponry is to come covered in something that reflects and scatters light well.

That's why these people made a laser rifle. The rifling causes the photons to have a twisting polarity, which allows them to drill through reflective surfaces.

National Laser Association.

By Zorro • Score: 3 • Thread

You can have my Laser Rifle when you can pry it from my cold dead hands!

Proof of Concept, Probably not Practical

By foxalopex • Score: 3 • Thread

The US have heavily tested laser weapons already and for the most part they aren't practical compared to conventional weapons in most cases. This is one of those cool Sci-Fi ideas that doesn't pan out. The problem is most lasers aren't very efficient and the ones that are (chemical lasers) use stuff so nasty they'd be deadly to the soldier carrying it if it burst or broke. Not to mention rain or dust or hazy day would reduce its effectiveness. It's probably a concept weapon that can give you a burn or blind but compare that to oh getting hit by a 50 cal round which would blow parts off you. It's likely a test concept weapon for experimenting but I highly doubt it'll ever come into widespread use.

Autonomous Robots Could be the Future of High Flying Stunts in Hollywood

Posted by msmashView on SlashDotShareable Link
From a report: Visitors to Disneyland and other Disney resorts could end up seeing robots tackling some pretty crazy, death-defying stunts usually reserved for Marvel superheroes and Star Wars Jedi Masters. Disney's latest Stuntronics experiments with robots include teaching them to crawl, row and now, more impressively, perform daring aerial acrobatics. A new video features the robots propelled into the sky to spin and leap like robotic superheroes. And they look even more advanced and human-like than the last time we saw them. The robots, initially nicknamed Stickman, work by using on-board accelerometers, gyroscopes and laser range-finding data to determine how to perform impressive stunts like single and double backflips.