Guido van Rossum Looks at Python's Past, Present, and Future
This week from 63-year-old Python creator Guido van Rossum shared some interesting stories with ZDNet's senior reporter Nick Heath:
While sharing software with the world today only takes a few clicks, in the 1980s it was an altogether more laborious affair, with van Rossum recalling the difficulties of trying to distribute Python precursor ABC. "I remember around '85, going on a vacation trip to the US, my first ever visit to the US, with a magnetic tape in my luggage," says van Rossum. Armed with addresses and phone numbers of people who had signalled an interest in ABC via the rudimentary email system available at the time -- which wasn't suited to handling anything as large as source code -- he travelled door-to-door posting the tapes. Despite this effort, ABC didn't really take off. "So, no wonder we didn't get very far with the distribution of ABC, despite all its wonderful properties," he says.
But as the internet revolution gathered steam, it would be much easier to distribute Python without a suitcase full of tapes. Van Rossum released Python to the world via the alt.sources newsgroup in 1991, under what was pretty much an open-source licence, six years before the term was first coined. While Python interpreter still had to be joined together into a compressed file from 21 separate parts and downloaded overnight on the Usenet network, it was still a vastly more efficient delivery mechanism than the hand deliveries of a few years earlier.
Guido also shared some new comments on why he stepped down as Python's Benevolent Dictator for Life:
"I was very disappointed in how the people who disagreed technically went to social media and started ranting that the decision process was broken, or that I was making a grave mistake. I felt attacked behind my back," he says. "In the past, it had always been clear that if there were a decision to be made about a change in the language or an improved feature, a whole bunch of core developers would discuss the pros and cons of the thing. Either a clear consensus would appear or, if it was not so clear, I would mull it over in my head and decide one way or another. With PEP572, even though it was clearly controversial, I chose 'Yes, I want to do this', and people didn't agree to disagree.
"It wasn't exactly a revolt, but I felt that I didn't have the trust of enough of the core developer community to keep going."
He thinks the change in how disputes about the language play out is partly a result of how many people use Python today. "It's probably also the fact that the Python community is so much larger. It's harder to reach any form of consensus, of course, because there's always fringe dissidents, no matter which way you decide." Earlier this year, Python core developers -- those who work on maintaining and updating Python's reference CPython interpreter -- elected a steering council to oversee the future of the language. Van Rossum was elected, alongside Warsaw and fellow core developers Brett Cannon, Carol Willing, and Nick Coghlan.
Does Quantum Cryptography Need a Reboot?
"Despite decades of research,
there's no viable roadmap for how to scale quantum cryptography to secure real-world data and communications for the masses," according to IEEE Spectrum.
Wave723 shares their report:
A handful of companies now operate or pay for access to networks secured using quantum cryptography in the United States, China, Austria, and Japan. According to a recent industry report, six startups plus Toshiba are leading efforts to provide quantum cryptography to governments, large companies (including banks and financial institutions), and small to medium enterprises. But these early customers may never provide enough demand for these services to scale...
From a practical standpoint, then, it doesn't appear that quantum cryptography will be anything more than a physically elaborate and costly -- and, for many applications, largely ignorable -- method of securely delivering cryptographic keys anytime soon. This is in part because traditional cryptography, relying as it does on existing computer networks and hardware, costs very little to implement. Whereas quantum crypto requires an entirely new infrastructure of delicate single-photon detectors and sources, and dedicated fiber optic lines. So its high price tag must be offset by a proven security benefit it could somehow deliver -- a benefit that has remained theoretical at best.
Though it was supposed to replace mathematical cryptography, "Math may get the last laugh," the article explains. "An emerging subfield of mathematics with the somewhat misleading name '
post-quantum cryptography' now appears better situated to deliver robust and broadly scalable cryptosystems that could withstand attacks from quantum computers." They quote the security engineer at a New York cybersecurity firm who says quantum cryptography "seems like a solution to a problem that we don't really have."
The article ends by suggesting that research may ultimately be applicable to quantum computers -- which could then be used to defeat math-based cryptography. But riffing on the article's title,
sjames (Slashdot reader #1,099)
quips that instead of giving quantum cryptography a reboot, maybe it just needs
New Electric Motor Design Massively Boosts Power, Torque, and Efficiency
A Texas-based, father/son team raised $4.5 million in seed funding to build "a remarkable electric motor technology," reports New Atlas.
Long-time Slashdot reader
Linear Labs' impressive new circumferential flux motor design (video) uses four rotors [where other motors typically run one or two] and a software-reconfigurable, multi-coil stator, enclosed in a 3D magnetic "torque tunnel" to maximize efficiency even at high speeds. The stator can be configured on the fly by regrouping coils to use a variable number of overlapping phases simultaneously, producing full torque smoothly at low rpms without torque pulsing, or changing speeds with no change to frequency, current, or voltage, like an electronic transmission. An innovative approach to field weakening by gradually misaligning permanent magnets allows efficiencies to actually climb as speeds increase.
These features produce a highly compact motor with two to five times the torque density, at least three times the power density and at least twice the total output of any conventional permanent magnet motor of the same size. This also eliminates the need for gearing in many applications, reducing costs and weight while gaining 10-20% more range from a given battery pack.
Linear Labs has received 21 patents so far, with another 29 pending, and their prototypes have been verified by independent expert tests. Recently they received $4.5 million in seed funding, and are planning to build them into car and scooter prototypes over the next couple of years.
Amazon Ring Alert Leads To Capture of 'Extremely Dangerous' Escaped Convict
ABC News describes how Amazon's surveillance doorbell cameras today led to the capture of an "extremely dangerous" inmate:
Homicide suspect Curtis Watson, 44, escaped from work detail on a tractor at the West Tennessee State Penitentiary in Henning, Tennessee, about 50 miles northeast of Memphis, on Wednesday. The tractor was later found about a mile away from the prison. Around 3:30 a.m. Sunday morning, police received a tip from Henning residents Harvey and Anne Taylor that they believed they had video surveillance of Watson outside their home, Tennessee Bureau of Investigation Director David Rausch told reporters in a news conference.
The couple was woken up by an alarm from their Ring video doorbell system that alerted them someone was in their backyard, Harvey Taylor said. When they pulled up the screen, they saw a man looking in the refrigerator in their carport, but couldn't see his face. Once Watson closed the refrigerator door, Ann Taylor recognized Watson from his beard, and the couple called 911...
Within 30 minutes of receiving the Taylors' call, law enforcement officers from multiple agencies descended on the area, "which then kept it contained and controlled from that point forward," Rausch said.
'Who Owns Your Wireless Service? Crooks Do'
Long-time Slashdot reader
trolman scared this scathing editorial by security researcher Brian Krebs:
If you are somehow under the impression that you -- the customer -- are in control over the security, privacy and integrity of your mobile phone service, think again. And you'd be forgiven if you assumed the major wireless carriers or federal regulators had their hands firmly on the wheel. No, a series of recent court cases and unfortunate developments highlight the sad reality that the wireless industry today has all but ceded control over this vital national resource to cybercriminals, scammers, corrupt employees and plain old corporate greed...
Incessantly annoying and fraudulent robocalls. Corrupt wireless company employees taking hundreds of thousands of dollars in bribes to unlock and hijack mobile phone service. Wireless providers selling real-time customer location data, despite repeated promises to the contrary. A noticeable uptick in SIM-swapping attacks that lead to multi-million dollar cyberheists...
Is there any hope that lawmakers or regulators will do anything about these persistent problems? Gigi Sohn, a distinguished fellow at the Georgetown Institute for Technology Law and Policy, said the answer -- at least in this administration -- is probably a big "no."
"The takeaway here is the complete and total abdication of any oversight of the mobile wireless industry," Sohn told KrebsOnSecurity. "Our enforcement agencies aren't doing anything on these topics right now, and we have a complete and total breakdown of oversight of these incredibly powerful and important companies."
Vintage 30-Year-Old Mac Resurrected As a Web Server
Long-time Slashdot reader
After much work rebuilding and upgrading it, my Macintosh SE/30 from 1989 is now connected via Ethernet to the Web, and is hosting a simple website and old-style "guestbook." The site has been online for a few days (other than semi-frequent reboots of the system when it gets overloaded with requests), and has served nearly 20,000 visitors. For a machine with a 16MHz CPU and 68 megabytes of ram, it's held up remarkably well!
I'm basically inviting a "Slashdotting" of my old Mac, but I thought this project might bring a few smiles here. Enjoy!
"Awesome," wrote one visitor in the guestbook, adding "You should join a webring!"
Landmark 2.80 Release of Open Source Blender 3D With Improved UI Now Available
"In the 3D content creation space, where are lot of professional 3D software costs anywhere from 2K to 8K Dollars a license, people have always hoped that the free, open source 3D software Blender would some day be up to the job of replacing expensive commercial 3D software packages," writes Slashdot reader
This never happened, not because Blender didn't have good 3D features technically, but rather because the Blender Foundation simply did not listen to thousands of 3D artists screaming for a "more standard UI design" in Blender. Blender's eccentric GUI with reversed left-click-right-click conventions, keyboard shortcuts that don't match commercial software and other nastiness just didn't work for a lot of people.
After years of screaming, Blender finally got a much better and more familiar UI design in release 2.80, which can be downloaded here. Version 2.80 has many powerful features, but the standout feature is that after nearly 10 years of asking, 3D artists finally get a better, more standard, more sensible User Interface. This effectively means that for the first time, Blender can compete directly with expensive commercial 3D software made by industry leaders like Autodesk, Maxon, NewTek and SideFX.
Why the Blender Foundation took nearly a decade to revise the software's UI is anybody's guess.
Researchers Find More Than 40 Vulnerable Windows Device Drivers
Artem S. Tashkinov writes:
Researchers from security company Eclypsium have discovered that more than forty drivers from at least twenty different vendors -- including every major BIOS vendor, as well as hardware vendors like ASUS, Toshiba, NVIDIA, and Huawei -- include critical vulnerabilities allowing an escalation of privileges to full system level access.
Considering how widespread these drivers are, and the fact that they are digitally signed by Microsoft, they allow an attacker to more successfully penetrate target systems and networks, as well as remain hidden. Also while some of these drivers "are designed to update firmware, the driver is providing not only the necessary privileges, but also the mechanism to make changes" which means the attacker can gain a permanent foothold. Eclypsium has already notified Microsoft about the issues and at least NVIDIA has already released fixed drivers.
Facial Recognition Deployed on Children at Hundreds of US Summer Camps
The Washington Post describes a parent whose phone "rings 10 times a day
with notifications from the summer camp's facial-recognition service, which alerts him whenever one of his girls is photographed enjoying their newfound independence."
Cory Doctorow reports:
You can also call your kid if you think they look unhappy or if you are unsatisfied with them in any way and nag them. So kids mob photographers with big, fake smiles and beg to be photographed so their parents won't harass them.
The companies have "privacy policies" that grossly overreach, giving them perpetual licenses to distribute all the photos they take forever, for any purpose. They claim to have super-secure data-centers, but won't describe what makes them so sure their data centers are more secure than, say, the NSA's, Equifax, or any of the other "super secure" data centers that have been breached and dumped in recent memory.
And while parents enjoy all this looking at their kids while they're away in theory, they also report a kind of free-floating anxiety because they know just enough about their kids' lives at camp to worry, but not enough to assuage their worries.
One overseer of two camps tells the Post that more concerned parents call her in two hours than used to call in an entire month. One company adds that their service is now being used by over 160,000 parents -- and for children as young as six.
At least one camp takes over 1,000 photos each day -- scanning each one with facial recognition technology -- and the Post reports that facial-recognition technology has now already been deployed at "hundreds" of summer camps all across the United States.
Middle-Aged Hearing Loss Doubles Risk of Dementia
"Hearing loss in middle age is associated with higher odds of cognitive decline and dementia in later years," reports Reuters, citing a large study in Taiwan.
Researchers tracked more than 16,000 men and women and found that a new diagnosis of hearing loss between ages 45 and 65 more than doubled the odds of a dementia diagnosis in the next dozen years. Even mild levels of hearing loss could be a risk factor, so hearing protection, screening and hearing aids may be important means of reducing cognitive risk as well, the study team writes in JAMA Network Open.
"Hearing loss is a potential reversible risk factor for dementia, including Alzheimer's disease," said senior study author Charles Tzu-Chi Lee of National Taiwan Normal University in Taipei.
Past research suggests that about two thirds of the risk for dementia is hereditary or genetic, which means about one third of the risk is from things that are modifiable, Lee noted. Among modifiable risk factors, hearing loss accounts for about 9% of dementia risk, a greater proportion than factors like hypertension, obesity, depression, diabetes and smoking. "The early identification of hearing loss ... and successful hearing rehabilitation can mitigate the negative effects of hearing loss," Lee told Reuters Health by email.
Another Google Service Closes: Texts with Voicemail Transcripts
Long-time Slashdot reader
freelunch reports that Google Voice "has announced via email that they are ending one of their most popular features -- sending transcripts of voice mails via text message. The cited reason is carrier message blocking."
From Google's email:
It has come to our attention that certain carriers are blocking the delivery of these messages because they are automated and, at times, contain transcripts that resulted from unsolicited robocalls.
We can no longer ensure these messages will be delivered, so unfortunately we are turning down the feature. We have been slowly rolling out these changes and expect them to be fully deployed by 9 August 2019. No action is needed on your part.
However, the Get voicemail via email continues to be supported. As an alternative, the Google Voice iOS, Android and web apps can always be used to check voicemail and view transcripts.
DARPA Hopes To Develop an AI Tool That Can Detect Deepfakes
America's Defense Department "is looking to build tools that can quickly detect deepfakes and other manipulated media amid the growing threat of 'large-scale, automated disinformation attacks,'" reports Nextgov:
The Defense Advanced Research Projects Agency on Tuesday announced it would host a proposers day for an upcoming initiative focused on curbing the spread of malicious deepfakes, shockingly realistic but forged images, audio and videos generated by artificial intelligence. Under the Semantic Forensics program, or SemaFor, researchers aim to help computers use common sense and logical reasoning to detect manipulated media.
As global adversaries enhance their technological capabilities, deepfakes and other advanced disinformation tactics are becoming a top concern for the national security community... Industry has started developing tech that use statistical methods to determine if a video or image has been manipulated, but existing tools "are quickly becoming insufficient" as manipulation techniques continue to advance, according to DARPA. "Detection techniques that rely on statistical fingerprints can often be fooled with limited additional resources," officials said in a post on FedBizOpps...
Beyond simply detecting errors, officials also want the tools to attribute the media to different groups and determine whether the content was manipulated for nefarious purposes. Using that information, the tech would flag posts for human review. "A comprehensive suite of semantic inconsistency detectors would dramatically increase the burden on media falsifiers, requiring the creators of falsified media to get every semantic detail correct, while defenders only need to find one, or a very few, inconsistencies," DARPA officials said.
But that's easier said than done. Today, even the most advanced machine intelligence platforms have a tough time understanding the world beyond their training data.
Remember Autorun.inf Malware In Windows? Turns Out KDE Offers Something Similar
Long-time Slashdot reader
Artem S. Tashkinov writes:
A security researcher has published proof-of-concept (PoC) code for a vulnerability in the KDE software framework. A fix is not available at the time of writing. The bug was discovered by Dominik "zer0pwn" Penner and impacts the KDE Frameworks package 5.60.0 and below. The KDE Frameworks software library is at the base of the KDE desktop environment v4 and v5 (Plasma), currently included with a large number of Linux distributions.
The vulnerability occurs because of the way the KDesktopFile class (part of KDE Frameworks) handles .desktop or .directory files. It was discovered that malicious .desktop and .directory files could be created that could be used to run malicious code on a user's computer. When a user opens the KDE file viewer to access the directory where these files are stored, the malicious code contained within the .desktop or .directory files executes without user interaction — such as running the file.
Zero user interaction is required to trigger code execution — all you have to do is to browse a directory with a malicious file using any of KDE file system browsing applications like Dolphin.
When ZDNet contacted KDE for a comment Tuesday, their spokesperson
provided this response.
"We would appreciate if people would contact firstname.lastname@example.org before releasing an exploit into the public, rather than the other way around, so that we can decide on a timeline together."
San Diego's Connected Streetlights Taught to Recognize Bicycles
Last year the city of San Diego installed 3,200 smart streetlights, each one monitoring 36 x 54 meters of pavement. They originally used the data to time traffic signals -- but now Slashdot reader
Tekla Perry summarizes a report from IEEE Spectrum:
Developers for the City of San Diego spent months training its smart streetlights to recognize and count bicycles from just about any angle. The system is now monitoring bicycle traffic, but a few issues remain--figuring out how to distinguish between bicycles being ridden--and those doing the riding, like on a bike rack or thrown in a pickup truck.
The software has a similar problem with pedestrian-counting: When a convertible comes into view, it is counted as both a car and a pedestrian--the visible driver.
Ask Slashdot: How Will Abandonware Work With Today's DRM Locked Games?
Thousands of charmingly old-fashioned computer and console games from the 8-bit, 16-bit, MS-DOS era are easily re-playable today in a web browser -- many Abandonware websites now feature play-in-browser emulated games. Here is a video of 101 charming old MS-DOS games, most of which can be re-played on Abandonware websites across the internet in seconds.
But what about today's cloud-linked, DRM crippled games, which won't even work without Steam/Origin/UPlay, and many of which don't even allow you to host your own multiplayer servers anymore? How will we play them 20 years from now -- on what may be Android, Linux or other OSs -- when they are tethered into the cloud? And is writing a fully-working emulator for today's complex Windows/DirectX games even feasible?
How will Abandonware work 20 years from now?
Antitrust Issues? Amazon Pressured Sellers Offering Cheaper Prices on Walmart.com
"Amazon's determination to offer shoppers the best deals is prompting merchants selling products on its marketplace to raise their prices on competing websites," reports Bloomberg:
Amazon constantly scans rivals' prices to see if they're lower. When it discovers a product is cheaper on, say, Walmart.com, Amazon alerts the company selling the item and then makes the product harder to find and buy on its own marketplace -- effectively penalizing the merchant. In many cases, the merchant opts to raise the price on the rival site rather than risk losing sales on Amazon.
Pricing alerts reviewed by Bloomberg show Amazon doesn't explicitly tell sellers to raise prices on other sites, and the goal may be to push them to lower their prices on Amazon. But in interviews, merchants say they're so hemmed in by rising costs levied by Amazon and reliant on sales on its marketplace, that they're more likely to raise their prices elsewhere.
Antitrust experts say the Amazon policy is likely to attract scrutiny from Congress and the Federal Trade Commission, which recently took over jurisdiction of the Seattle-based company.
An analyst specializing in antitrust litigation tells Bloomberg that the policy "could end up being considered illegal conduct because people who prefer to shop on Walmart end up having to pay a higher price."
MacGyvering Mars: How NASA's Curiosity Team Worked Around A Broken Drill
As of Tuesday the Curiosity rover has been on Mars for over seven years, and this week NASA shared an
interactive 360-degree panorama of the planet's Teal Ridge.
Digital Trends provides this update:
Curiosity is halfway along its path through a region called the "clay-bearing unit" because the area has a high level of clay minerals. Clay minerals are of particular interest to scientists because they form in the presence of water, suggesting that there used to be water in this location thousands of years ago... The engineers estimate that the rover still has several years of power left in its nuclear power system, and will be able to continue operating beyond that with careful power budgeting.
"This nuclear power source, by the way, means that Curiosity is better equipped to handle monster Mars dust storms, such as the one that killed NASA's solar-powered Opportunity rover last year," reports Space.com, sharing more highlights from the years since Curiosity's touchdown:
[T]he rover quickly determined that the 96-mile-wide (154 kilometers) crater had hosted a lake-and-stream system in the ancient past. And further observations suggested that this environment was habitable for long stretches, perhaps hundreds of millions of years at a time. Curiosity has also detected several surges of methane in Gale Crater's air...
Curiosity may well live to welcome two more rovers to the Red Planet: NASA's Mars 2020 rover, whose design is based heavily on that of Curiosity, and the European-Russian ExoMars rover are both scheduled to touch down in February 2021.
Tablizer (Slashdot reader #95,088) shares a recent triumph that one NASA official says "represents months and months of work by our team." When an electric motor stalled inside Curiosity's drill, it left the rover
unable to reliably extend and retract its drill bit.
With the drill feed mechanism no longer reliably working, managers decided to keep the drill bit in its extended position. That raised concerns over the stability of the drill while in use because the prong-like extensions on each side of the bit will no longer be in contact with the rock. "We had to do a big pivot in the mission thinking about how we could drill without the feed motor," said Ashwin Vasavada, the Curiosity mission's project scientist at JPL, in a presentation to the Mars Exploration Program Analysis Group in April.
Controllers devised a way to use force applied by the robotic arm to null out forces generated by the drill, a role the arm was never designed to fill. Engineers used a replica of the Curiosity rover at JPL's "Mars Yard" to test out the new drilling techniques, and the rover drilled a test hole in a rock on Mars in February. That test did not produce a scientifically useful rock sample -- it used only the drill's rotary mechanism, not its hammer-like percussion capability -- but yielded important data for engineers to continue refining the updated drilling technique.
And thanks to this ongoing improvisation, the Curiosity mission's project scientist says, "We now have a key sample we might have never gotten."