Alterslash picks up to the best 5 comments from each of the day’s Slashdot stories, and presents
them on a single page for easy reading.
Do You Remember MIDI Music Files?
A new article at Motherboard remembers when
the MIDI file format became the main way music was shared on the internet "for an incredibly short but memorable period of time..."
[I]n the hunt for additional features, the two primary developers of web browsers during the era -- Microsoft and Netscape -- added functionality that made audio files accessible when loading websites, whether as background music or as embedded files with a dedicated player. Either way, it was one of the earliest examples of a plug-in that much of the public ran into -- even before Flash. In particular, Microsoft's Internet Explorer supported it as far back as version 1.0, while Netscape Navigator supported it with the use of a plug-in and added native support starting in version 3.0. There was a period, during the peak of the Geocities era, where loading a website with a MIDI file was a common occurrence.
When Geocities was shut down in 2019, the MIDI files found on various websites during that time were collected by The Archive Team. The Internet Archive includes more than 51,000 files in The Geocities MIDI Collection. The list of songs, which can be seen here, is very much a time capsule to a specific era. Have a favorite song from 1998? Search for it in here, sans spaces, and you'll probably find it...! They sound like a musical time capsule, and evoke memories of a specific time for many web surfers of the era. "Even in an age of high-quality MP3s, the chintzy sounds of MIDI files resonate on the Web," writer Douglas Wolk wrote for Spin in 2000, immediately adding the reason: "They play on just about anything smarter than a Tupperware bowl, and they're also very small...." The thing that often gets lost with these compositions of popular songs done in MIDI format is that they're often done by people, either for purposes of running a sound bank (which might come in handy, for example, with karaoke), or by amateurs trying to recreate the songs they enjoy or heard on the radio.... [I]ts moment in the sun reflected its utility during a period of time when the demand for multimedia content from the internet was growing -- but the ability for computers to offer it up in a full-fat format was limited. (Stupid modems....) MIDI is very much not dead -- far from it. Its great strength is the fact that a MIDI-supporting iPad can communicate with some of the earliest MIDI-supporting devices, such as the Commodore 64.
Using
a browser plugin called Jazz-Plugin, their writer even re-discovered
John Roache's Ragtime MIDI Library. "[I]t occurred to me that I should spend more time writing about one of the things that makes the Web so special -- labors of love. Unlike any medium before it, the Web gives people with unusual talents and interests a chance to share their passions with fellow enthusiasts -- and with folks like me who just happen to drop by."
6 In 10 Websites May Be Impacted by jQuery XSS Vulnerabilities
"Although the JavaScript library jQuery is no longer as popular as it was, it is still widely used. As a result
at least six in ten websites are impacted by jQuery XSS vulnerabilities," reports
I Programmer:
Even more security issues are introduced by the jQuery libraries used to extend jQuery's capabilities. These findings come from open source security platform, Snyk and are included in "The state of JavaScript frameworks security report 2019". While this report is mainly devoted to a security review of the two leading JavaScript frameworks, Angular and React, it takes a "sneak peek" into the security vulnerabilities in three other frontend JavaScript ecosystem projects - Vue.js, Bootstrap and jQuery.
jQuery was downloaded more than 120 million times in the last 12 months, which is equivalent to the number of downloads for Vue.js (40 million) and Bootstrap (79 million) combined. Snyk reports that four vulnerabilities had been found for Vue.js, all of which have been fixed. Bootstrap contained seven cross-site scripting (XSS) vulnerabilities. Three of these were disclosed in 2019 and there are no security fixes or upgrade paths to avoid them. In the case of jQuery, Snyk tracked six security vulnerabilities affecting jQuery across all of its releases to date. Four are medium severity Cross-Site Scripting vulnerabilities, one is a medium severity Prototype Pollution vulnerability, and the final one is a low severity Denial of Service vulnerability.
The report concludes that unless you are using jQuery 3.4.0 and above then you are using vulnerable jQuery versions.
Ask Slashdot: Are There Storage Devices With Hardware Compression Built In?
Slashdot reader
dryriver writes:
Using a compressed disk drive or hard drive has been possible for decades now. But when you do this in software or the operating system, the CPU does the compressing and decompressing. Are there any hard drives or SSDs that can work compressed using their own built in hardware for this?
I'm not talking about realtime video compression using a hardware CODEC chip -- this does exist and is used -- but rather a storage medium that compresses every possible type of file using its own compression and decompression realtime hardware without a significant speed hit.
Leave your best thoughts and suggestions in the comments. Are there storage devices with hardware compressiong built in?
NPM Adds Command-Line Option To Help Fund Open-Source Coders
"Despite its own solvency concerns, NPM Inc on Tuesday deployed code changes that add a 'funding' command to the latest version of the npm command-line tool, namely v6.13.0," reports the Register:
Henceforth, developers creating packages for the JavaScript runtime environment Node.js can declare metadata that describes where would-be donors can go to offer financial support. Doing so involves adding a funding field to package.json, a file that lists various module settings and dependencies. The funding field should be a URL that points to an online funding service, like Patreon, or payment-accepting website....
In a phone interview with The Register, NPM Inc co-founder and co-CTO Isaac Schlueter said: "The problem we're solving is open source projects need funding and there are very few ways people can get that information in front of people using their code...." Schlueter allowed that NPM Inc's funding mechanism may reward good marketers more than it rewards good developers. But he believes it will work against that. "One thing nice about this approach is that it does take some of the marketing skill out of the equation," he said. "Because all you really have to do is set up a payment URL and then put that in your packages. You don't have to craft the message expertly, you'll show up on that list at the end of the install."
"At the end of August, we made a promise to the community to invest time & effort to better support package maintainers," explains an announcement on the NPM blog.
"This work is just the first, small step toward
creating a means/mechanism for a more sustainable open source development ecosystem."
Boeing's Poor Information Security Threatens Passenger Safety, National Security, Says Researcher
itwbennett writes:
Security researcher Chris Kubecka has identified (and reported to Boeing and the Department of Homeland Security back in August) a number of security vulnerabilities in Boeing's networks, email system, and website. "[T]he company's failure to remedy the security failures she reported demonstrate either an unwillingness or inability to take responsibility for their information security," writes JM Porup for CSO online.
The vulnerabilities include a publicly exposed test developer network, a lack of encryption on the boeing.com website, failure to use DMARC for email security, and, perhaps most notably, an email server infected with malware.
For its part, Boeing says that the vulnerabilities Kubecka reported are "common IT vulnerabilities — the type of cyber-hygiene issues thousands of companies confront every day" and that the company has "no indication of a compromise in any aviation system or product that Boeing produces." What Porup's reporting and Kubecka's research clearly shows, however, is how poor information security practices can become aviation security risks.
Python Finally Overtakes Java on GitHub
"The hit programming language Python has climbed over once-dominant Java to become the second most popular language on Microsoft-owned open-source code-sharing site GitHub," reports ZDNet:
Python now outranks Java based on the number of repository contributors, and by that metric Python is now second only to JavaScript, which has been in top spot since 2014, according to GitHub's 'State of the Octoverse' report for 2019...
Another interesting aspect of GitHub's report is its ranking of fastest-growing languages. Google's Dart programming language and Flutter, for building UIs for iOS and Android apps, are getting major traction with developers on GitHub. Dart was the fastest-growing language between 2018 and 2019, with usage up a massive 532%. It was followed by the Mozilla-developed Rust, which grew a respectable 235%. Microsoft is experimenting with Rust in its Windows code base because it was designed to address memory-related security bugs -- the dominant flaw-type in Microsoft software over the past decade.
Last year Kotlin, the Google-endorsed programming language for Android app development, was the fastest-growing language on GitHub. It's not a top-10 language yet, but it still grew 182% over the year. Microsoft-backed TypeScript, its superset of JavaScript, is also growing fast, up 161% over the past year as more developers use it to grapple with large-scale JavaScript apps.
Other languages making up the top 10 fastest-growing category are HCL, PowerShell, Apex, Python, Assembly, and Go.
AI Cracks Centuries-Old 'Three Body Problem' In Under a Second
Long-time Slashdot reader
taiwanjohn shared this article from Live Science:
The mind-bending calculations required to predict how three heavenly bodies orbit each other have baffled physicists since the time of Sir Isaac Newton. Now artificial intelligence (A.I.) has shown that it can solve the problem in a fraction of the time required by previous approaches.
Newton was the first to formulate the problem in the 17th century, but finding a simple way to solve it has proved incredibly difficult. The gravitational interactions between three celestial objects like planets, stars and moons result in a chaotic system -- one that is complex and highly sensitive to the starting positions of each body. Current approaches to solving these problems involve using software that can take weeks or even months to complete calculations. So researchers decided to see if a neural network -- a type of pattern recognizing A.I. that loosely mimics how the brain works -- could do better.
The algorithm they built provided accurate solutions up to 100 million times faster than the most advanced software program, known as Brutus. That could prove invaluable to astronomers trying to understand things like the behavior of star clusters and the broader evolution of the universe, said Chris Foley, a biostatistician at the University of Cambridge and co-author of a paper to the arXiv database, which has yet to be peer-reviewed.
Acetaminophen In Pregnancy May Be Linked To Higher Risk of ADHD, Autism
schwit1 tipped us off to an interesting new study. Newsweek reports:
Babies of women who took acetaminophen -- a common painkiller marketed in the U.S. under the brand name Tylenol -- near the end of pregnancy had a higher likelihood of being diagnosed with autism spectrum disorders or with attention deficit hyperactivity disorder (ADHD), according to a study published in JAMA Psychiatry.
The study, conducted by researchers from the Johns Hopkins University Bloomberg School of Public Health, cross referenced blood samples taken from the mother after the baby's birth and samples taken from the babies' umbilical cords, which were used to assess how much acetaminophen the mother had ingested. A mother-to-be who takes Tylenol during their pregnancy is liable to have some of the medication reach a developing fetus, as the drug has been demonstrated to cross the placenta, according to United Press International (UPI). The children involved in the study were reexamined when they were around 10 years old. Researchers found that those children whose umbilical cords had contained higher levels of acetaminophen were significantly more likely to have an autism spectrum disorder or ADHD than the children who did not appear to have been exposed to acetaminophen in utero.
According to UPI's analysis of the findings, "the odds of these developmental disorders were more than twice as high in children exposed to acetaminophen near the time of birth. The association was strongest between exposure to acetaminophen and ADHD in the child."
'Is Eating Red Meat OK, After All? Probably Not'
Remember last month when "an international collaboration of researchers"
suggested there was no reason to reduce consumption of red meat? Here's a response from Frank Hu, chairman of the Nutrition Department at the Harvard T.H. Chan School of Public Health:
The recent guidelines published in the Annals of Internal Medicine should not change existing recommendations on healthy and balanced eating patterns for the prevention of chronic diseases. Guidance to reduce red and processed meats is based on a large body of evidence indicating that higher consumption of red meat -- especially processed red meat -- is associated with higher risk of Type 2 diabetes, cardiovascular disease, certain types of cancers, and premature death.
While this guidance is supported by both national and international organizations, including the American Heart Association, American Cancer Society, and the World Health Organization, consumers should know that the new guidelines were released by a self-selected panel of 14 members. Furthermore, when my colleagues and I closely reviewed the studies informing the panel's decision, we saw that their findings contradicted their guidance. In short, the three meta-analyses of observational studies actually confirmed existing evidence on the potential for health benefits when cutting back on red and processed meats. However, because they based their analysis on a measure of three servings of red meat per week, the effects of an individual reducing consumption appeared small. But if you consider that about a third of U.S. adults eat one serving or more of red meat each day, the potential health benefits of reducing consumption become much greater...
[N]utrition research is complex, and rarely do [its findings] reverse so abruptly. That's why it's so important to look beyond the headlines at the quality of the evidence behind the claims. Still, the publication of these new guidelines in such a prominent medical journal is unfortunate as it risks further harm to the credibility of nutrition science, eroding public trust in research as well as the recommendations they ultimately inform.
Scammers Are Actively Exploiting A Firefox Bug
Long-time Slashdot reader
slack_justyb shares this story from Ars Technica:
Scammers are actively exploiting a bug in Firefox that causes the browser to lock up after displaying a message warning the computer is running a pirated version of Windows that has been hacked... The message then advises the person to call a toll-free number in the next five minutes or face having the computer disabled...
Jérôme Segura, head of threat intelligence at security provider Malwarebytes, said the Firefox bug is being exploited by several sites... On Monday, Segura reported the bug to the Bugzilla forum. He said he has since received word Mozilla is actively working on a fix. In a statement sent seven hours after this post went live, a Mozilla representative wrote: "We are working on a fix to the authentication prompt bug that we expect to land in the next couple of releases (either in Firefox 71 or 72)."
What Shape Is the Universe? A New Study Suggests We've Got It All Wrong
An anonymous reader quotes Quanta magazine:
A provocative paper published in the journal Nature Astronomy argues that the universe may curve around and close in on itself like a sphere, rather than lying flat like a sheet of paper as the standard theory of cosmology predicts. The authors reanalyzed a major cosmological data set and concluded that the data favors a closed universe with 99% certainty — even as other evidence suggests the universe is flat.
Singapore Wants To Become an Asian Hub For Virtual Banks
An anonymous reader quotes a report from Bloomberg:
Singapore's welcome mat to virtual banks is going beyond its own shores. The island nation wants to become a regional hub for technology firms with advanced data expertise, said Ravi Menon, managing director of the Monetary Authority of Singapore. Doing so would improve banking services at home and in other parts of Southeast Asia, he said. "Singapore wants to be a base for these players as they grow in the region," Menon, who has led the financial regulator since 2011, said in a recent interview. "And that means anchoring them here at the early stage of their development, and allowing them access to the domestic banking market.
Singapore's traditional incumbents likeDBS Group Holdings Ltd., Oversea-Chinese Banking Corp. and United Overseas Bank Ltd. already provide digital services through mobile phones and other channels. Still, more can be done by technology firms, according to Menon. "Some of these other players use a range of other data to make very quick assessments and are able to disburse these loans in a very short space of time," Menon said. "Those kinds of things are not met adequately or as easily, or it would require tremendous additional cost or effort on the part of traditional banks." Menon said he expects non-financial firms to work with traditional banks through joint ventures and other combinations. "As with all competition, you will see some consolidation taking place, some creative destruction taking place," Menon said. "What's most important for us as policy makers is to make sure that the consumer benefits." .
WeWork Says It Will Divest All 'Non-Core' Businesses
WeWork
released Friday a "90-day game plan" that details sweeping changes to its businesses,
including a divestiture of all "non-core businesses" and a reduction in headcount. CNBC reports:
The changes are detailed in a nearly 50-page presentation, which was first put together in October as part of a pitch to investors, but was made public on Friday. WeWork said it plans to divest several of its side ventures, including content marketing platform Conductor, women-focused co-working start-up The Wing, office management platform Managed by Q, Meetup, real estate-focused start-up SpaceIQ, workplace software company Teem and Wave Garden, a maker of wave pools.
The company expects job cuts to occur across its ventures, G&A and growth-related functions, but said the community teams, which oversee WeWork's physical locations, will not be impacted as a result of the move. WeWork plans to focus on the core office-sharing desk business, in an effort to turn around the struggling company, as well as "re-energize employees" and "realign performance incentives." Specifically, the company plans to turn its focus toward enterprise customers, rather than the small and mid-sized businesses, such as start-ups, that it offered leases to in the past. The company also said that it would be led by "proven executives in membership-focused, subscription-based businesses" moving forward, instead of being primarily "founder-led."
Share of Cryptocurrency Jobs Grew 1,457% In 4 Years
The share of cryptocurrency jobs per million
has risen 1,457% over the past four years, according to a study by job site
Indeed.com. VentureBeat reports:
Indeed analyzed millions of job postings on Indeed.com to unpack how Bitcoin, cryptocurrency, and blockchain trends have affected the job market. Searches for Bitcoin, blockchain, and cryptocurrency roles are going down -- yet employer demand has skyrocketed. According to Indeed, in the four-year period between September 2015 and September 2019, the share of these jobs per million grew by 1,457%. In that same time period, the share of searches per million increased by 469%.
In the past year, the share of cryptocurrency job postings per million on Indeed.com has increased by 26%, while the share of searches per million for jobs has decreased by 53%. Bitcoin's volatility seems to correlate with job seeker interest, and the change in Bitcoin price this year might be why job searches have declined. Employers, however, are doubling down on the technology, which uses decentralized ledgers to produce secure and transparent transactions. The report says that if you want a better chance at getting a job in this field you should be a programmer familiar with basic cryptography, P2P networks, and a language like C++, Java, Python, or JavaScript (along with certain soft crypto skills). To stand out, you should learn new blockchain development languages, like Hyperledger, Bitcoin Script, Ethereum's Solidity, the Ripple protocol, or even languages currently in development -- like Rholang.
The top hirers are as follows: Deloitte, IBM, Accenture, Cisco, Collins Aerospace, Ernst & Young, Coinbase, Overstock, Ripple, Verizon, Circle, Kraken, ConsenSys, JP Morgan Chase, and Signature Bank.
Re:MODs
God bless Winamp for still supporting MOD files. I still have a few from days gone by. This has sparked me to throw a few of my favorites into the playlist.
I still have respect for the tech that could encode what to most ears sounds like a full-featured 5-minute song in 750kB...