the unofficial Slashdot digest for 2020-Jan-13 today archive

Alterslash picks up to the best 5 comments from each of the day’s Slashdot stories, and presents them on a single page for easy reading.

A Lithium-Ion Battery That You Can Scrunch

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from IEEE Spectrum: Busan-based firm Jenax has spent the past few years developing J.Flex, an advanced lithium-ion battery that is ultra-thin, flexible, and rechargeable. With the arrival of so many wearable gadgets, phones with flexible displays, and other portable gizmos, "we're now interacting with machines on a different level from what we did before," says EJ Shin, head of strategic planning at Jenax. "What we're doing at Jenax is putting batteries into locations where they couldn't be before," says Shin. Her firm demonstrated some of those new possibilities last week at CES 2020 in Las Vegas.

The devices shown by Jenax included a sensor-lined football helmet developed by UK-based firm HP1 Technologies to measure pressure and force of impact; a medical sensor patch designed in France that will be embedded in clothing to monitor a wearer's heart rate; and wearable power banks in the form of belts and bracelets for patients who must continuously be hooked up to medical devices. To make batteries flexible, companies play around with the components of a battery cell, namely the cathode, anode, electrolyte, and membrane separator. In the case of Jenax, which has more than 100 patents protecting its battery technology, Shin says the secret to its flexibility lies in "a combination of materials, polymer electrolyte, and the know-how developed over the years." J.Flex is made from graphite and lithium cobalt oxide, but its exact composition and architecture remains a secret.
"J.Flex can be as thin as 0.5 millimeters (suitable for sensors), and as tiny as 20 by 20 millimeters (mm) or as large as 200 by 200 mm," the report adds. "Its operating voltage is between 3 and 4.25 volts. Depending on the size, battery capacity varies from 10 milliampere-hours to 5 ampere-hours, with close to 90 percent of this capacity remaining after 1,000 charge-discharge cycles. Each charge typically takes an hour. J. Flex's battery life depends on how it's used, Shin says -- a single charge can last for a month in a sensor, but wouldn't last that long if the battery was powering a display."

Non-self-immolating batteries are better

By Gravis Zero • Score: 4, Interesting • Thread

While flexible batteries are nice, they will still self-immolate when punctured. This is problematic, especially if it's part of something you wear on your body. It seems to me that it would be best to perfect solid-state lithium batteries first and then move to flexible versions. Frankly, I wouldn't want to wear something that could burst into flames when punctured and putting it on a patient is just asking for problems.

Re: Non-self-immolating batteries are better

By Åke Malmgren • Score: 4 • Thread
Lithium iron phosphate and lithium titanate chemistries are mature, and while not "non-flammable" they are non-runaway, and mature tech with high cycle life. Yet nobody's mandating them everywhere, because they're less energy dense.

EFF Files Amicus Brief In Google v. Oracle, Arguing APIs Are Not Copyrightable

Posted by BeauHDView on SlashDotShareable Link
Areyoukiddingme writes: EFF has filed an amicus brief with the U.S. Supreme Court in Google v. Oracle, arguing that APIs are not copyrightable. From the press release: "The Electronic Frontier Foundation (EFF) today asked the U.S. Supreme Court to rule that functional aspects of Oracle's Java programming language are not copyrightable, and even if they were, employing them to create new computer code falls under fair use protections. The court is reviewing a long-running lawsuit Oracle filed against Google, which claimed that Google's use of certain Java application programming interfaces (APIs) in its Android operating system violated Oracle's copyrights. The case has far-reaching implications for innovation in software development, competition, and interoperability.

In a brief filed today, EFF argues that the Federal Circuit, in ruling APIs were copyrightable, ignored clear and specific language in the copyright statute that excludes copyright protection for procedures, processes, and methods of operation. 'Instead of following the law, the Federal Circuit decided to rewrite it to eliminate almost all the exclusions from copyright protection that Congress put in the statute,' said EFF Legal Director Corynne McSherry. 'APIs are not copyrightable. The Federal Circuit's ruling has created a dangerous precedent that will encourage more lawsuits and make innovative software development prohibitively expensive. Fortunately, the Supreme Court can and should fix this mess.'" Oral arguments before the U.S. Supreme Court are scheduled for March 2020, and a decision by June.

Re:I don't know what to think...

By Knightman • Score: 5, Insightful • Thread

...and help basically no one.

Except the lawyers...

Re:This would also affect the GPL.

By UnknownSoldier • Score: 5, Insightful • Thread

> Of COURSE an API is copyrightable
> how it's coded


1. A specification is NOT an implementation.
2. We ALREADY went through this in the 1980's with clean room reverse engineering of IBM's BIOS.
3. If API's are copyrightable then every retarded company will try to claim that EVERY function API in the std C lib is copyrightable. This is beyond fucking retarded. It would set the ENTIRE computing industry back 100+ years.
4. API's being copyrightable would be like a Mathematician claiming that the PLUS operator, or ANY OTHER operator is copyrightable. This is fucking retarded beyond belief.

// Copyrighting Mathematics is beyond stupid
    type Add( type, type );
    type Subtract( type, type );
    type Multiply( type, type );
    type Divide( type, type );

When does this insanity end???

> but Google absolutely copied nearly everything


5. You keep using that word "stole". I don't think it means what you think it means.
6. You can't fucking "STEAL" an API -- all you can do is COPY the specification.

If the specification is PUBLIC then you "legally copied it."
If the specification was PRIVATE then reverse engineering has LONG been held as a RIGHT.

Stop being an Oracle shill.

Re:This would also affect the GPL.

By Knightman • Score: 4, Insightful • Thread
How do you feel about the fact that Oracle copied functionality and API's from AWS3 wholesale and claims it's totally different from that Google did? Should Oracle pay billions to Amazon now? Or perhaps the whole thing about API's being copyrightable is just bullshit regardless how you feel about a company?

A sane ruling would involve looking at all the shit Google copied, in detail via discovery, then ruling that they did NOT just copy a high level description, then awarding Oracle fat stacks of cash

This tells me you haven't kept up, because that was what the prior trial was all about. The current case is about if API's are copyrightable or not, which the copyright law and prior precedents explicitly says they are not. If the ruling is upheld, expect lawsuit bonanza with all the big ones dukes it out until they come to agreement and cross-license each other which means all the smaller software companies are SOL unless they pay license fees for the privilege of using API's.

Re: This would also affect the GPL.

By post_below • Score: 5, Informative • Thread
That escalated quickly. You're probably trolling at this point but for the benefit of other readers: The above is wrong. An API (as the name implies) is an interface between programs or databases. The heavy lifting is done on one side or the other of an API, not within it. If the supreme court says that APIs are can be copyrighted then a huge part of the digital world becomes instantly illegal. It would be catastrophic. Hate Google all you want, there are good reasons to, but in this case they're not just fighting for themselves, intentionally or not they're also fighting for the tech world as a whole.

Re:This would also affect the GPL.

By StormReaver • Score: 4, Informative • Thread

An "API" includes the implementation.

Saying it over and over doesn't make it true. Google rewrote or used Apache's implementation of all but less than a dozen lines of code for the initial release, and then later rewrote those few copied lines of code (range check) almost immediately after.

Oracle's whole billion dollar case eventually hinged on the trivial range check code, which the original trial judge lambasted as being the dumbest claim in human history (I'm paraphrasing). Oracle, knowing that they had lost, then focused their claim on the API (which is a specification, not an implementation), which they also lost at trial -- twice. Then they successfully baffled with bullshit some stupid judges on the appeals court to agree with them.

Now we're all caught up.

How To Beat South Korea's AI Hiring Bots and Land a Job

Posted by BeauHDView on SlashDotShareable Link
As Korean firms start using AI to help hire new employees, students are going to school to learn how to beat the bots. Reuters reports: From his basement office in downtown Gangnam, careers consultant Park Seong-jung is among those in a growing business of offering lessons in handling recruitment screening by computers, not people. Video interviews using facial recognition technology to analyze character are key, according to Park. "Don't force a smile with your lips," he told students looking for work in a recent session, one of many he said he has conducted for hundreds of people. "Smile with your eyes."

Classes in dealing with AI in hiring, now being used by major South Korean conglomerates like SK Innovation and Hyundai Engineering & Construction, are still a tiny niche in the country's multi-billion dollar cram school industry. But classes are growing fast, operators like Park's People & People consultancy claim, offering a three-hour package for up to 100,000 won ($86.26). According to Korea Economic Research Institute (KERI), nearly a quarter of the top 131 corporations in the country currently use or plan to use AI in hiring. One AI video system reviewed by Reuters asks candidates to introduce themselves, during which it spots and counts facial expressions including 'fear' and 'joy' and analyses word choices. It then asks questions that can be tough: "You are on a business trip with your boss and you spot him using the company (credit) card to buy himself a gift. What will you say?" AI hiring also uses 'gamification' to gauge a candidate's personality and adaptability by putting them through a sequence of tests.

Illinois has laws on this

By Joe_Dragon • Score: 4, Interesting • Thread


By fluffernutter • Score: 4 • Thread
Is it just me or does it seem like you have to be good at a whole bunch of things in order to land a job, but your actual ability to do the job in question seems to be a very small factor?

Potentially Stupid Question.

By uncqual • Score: 5, Interesting • Thread

"You are on a business trip with your boss and you spot him using the company (credit) card to buy himself a gift.

At least in the US, this is a potentially stupid question because it depends on the background of the person being asked. I've worked at companies that gave me a credit card with their name on the face of it (along with mine in the "customized" name), but it was in my name and I was legally required to pay the bills -- if I wanted reimbursement, I had to file an expense report. I've also worked at companies that issued credit cards where the company paid the bill. In the former, you were technically supposed to use the card only for company business, but that was widely ignored and it certainly wasn't considered unethical to do so. In the latter, it would have been considered unethical to use it for anything but company business.

It's a little like a question "Do you use the copy machine at work for personal purposes?". Perhaps at most companies this is against policy, but it's widely done for small amount of copying (not, for example, printing out 2000 flyers for your garage band). However, for many years I worked for a company that explicitly said "Feel free to use the copy machines for personal use -- we would rather you spend 5 minutes making personal copies than leaving work, going to Kinkos, making copies, and then returning to work an hour after you left" (we were, of course, almost all salaried and most people worked whatever time was needed to get the job done).

Voight-Kampf Test

By TheNarrator • Score: 3 • Thread

Blade Runner predicts the future again:

City of Las Vegas Said It Successfully Avoided Devastating Cyberattack

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from ZDNet: Officials from the city of Las Vegas said they narrowly avoided a major security incident that took place on Tuesday, January 7. According to a statement published by the city on Wednesday, the compromise took place on Tuesday, at 4:30 am, in the morning. The city said IT staff immediately detected the intrusion and took steps to protect impacted systems. The city responded by taking several services offline, including its public website, which is still down at the time of writing.

City officials have not disclosed any details about the nature of the incident, but local press reported that it might have involved an email delivery vector. In a subsequent statement published on Twitter on Wednesday, the city confirmed it "resumed full operations with all data systems functioning as normal." "Thanks to our software security systems and fast action by our IT staff, we were fortunate to avoid what had the potential to be a devastating situation," it said. "We do not believe any data was lost from our systems and no personal data was taken. We are unclear as to who was responsible for the compromise, but we will continue to look for potential indications," the city also added.

What happens in Vegas...

By Mattcelt • Score: 3 • Thread

I guess the house does always win! O_O

Resume Building

By Logger • Score: 3, Funny • Thread

I narrowly avoided clicking on the linked article. It was a close call, but I did it. Prove me wrong.

they have failed :

By johnjones • Score: 4, Informative • Thread has :

DMARC policy is not strict
DNS does not provide a TLSA record for DANE.
mail servers supports one or more TLS versions that should be phased out e.g. and are insecure
mimecast supported mail servers allows for client-initiated renegotiation of the TLS stream, which is not secure.

Me too

By pellik • Score: 3 • Thread
I, too, also avoided devastating cyberattacks last week.

Samsung's Removable-Battery Smartphone Is Coming To the US For $499

Posted by BeauHDView on SlashDotShareable Link
PolygamousRanchKid shares a report from The Verge: We've already seen Samsung's new rugged smartphone with a removable battery, the Galaxy XCover Pro, because the company revealed it on its Finnish website before taking it down. Today, though, the company is officially announcing the phone and that it's coming to the U.S. for $499. For that price, you're getting a phone with a swappable battery that's a meaty 4,050mAh, and the phone even supports 15W fast charging, as well as with special docks that use pogo pins. The XCover Pro is intended to be used by workers in industrial settings or out in the field, so that huge battery should theoretically let workers use their phones for longer and give them the option to swap in a fresh battery in a pinch.

Otherwise, the phone's specs are mid-range: a 6.3-inch 2220 x 1080 display (which Samsung says you can use when you have gloves on), a 2GHz octa-core Exynos 9611 processor, 4GB of RAM, and 64GB of internal storage (with support for microSD storage up to 512GB). For cameras, the phone has a 13-megapixel front-facing camera in a corner of the screen and two rear cameras: a 25-megapixel camera and an 8-megapixel camera. It'll also ship with the latest Android 10 and Samsung's One UI 2.0, contrary to information from the early reveal that indicated that the XCover Pro was running Android 9 Pie.

Re:Talk about paying money for form over function

By Kitkoan • Score: 4, Insightful • Thread

Clearly you haven't traveled much or far....

Many people all over the world would love removable batteries for their phones, otherwise you wouldn't see so many people with external battery packs as those are cumbersome and awkward.... And this doesn't include using a swappable battery as a basic replacement.

Hint: Your usage case isn't the world's usage case

P.S. I recommend you go out into the world and meet new people and learn new things

Re:Cameras need space.

By timeOday • Score: 5, Informative • Thread
But SD cards under Android are still perfectly good for media storage, such as photos. On my Galaxy S8 I have hundreds of gigs of photos and video (or in my case, I have a lot of maps scanned for offline use).

I don't direly miss being able to run apps from the phone since it has 64 gb onboard for that.

Re:I never understood the obsession with removable

By JustAnotherOldGuy • Score: 4, Informative • Thread

It's not so much about being able to carry a spare as it's about extending the life of the phone by replacing the one component that's guaranteed to fail- the battery.

I like replaceable batteries and don't want to buy a phone that doesn't have one. To each their own, right?

4 years of updates

By mrwireless • Score: 5, Interesting • Thread

Perhaps the most interesting reason to buy this phone is because Samsung says it will provide update for 4 years. It even has a headphone jack.

Well, I do.

By twocows • Score: 4 • Thread
The 3.5mm jack was originally on almost every phone because it's useful. Isn't that what smartphones are for? A handy device that can do a bunch of different things? I don't care that much if Apple wants to "bravely" take it away in pursuit of ever more flimsy and worthless overpriced garbage because I don't buy from Apple, but the bigger problem is that the executives at every other company have only a few brain cells between them to smash together and generally mindlessly follow whatever Apple does because Apple is popular (thankfully this is finally fading). This led to a period where almost no phones of any reasonable quality had 3.5mm jacks. For those of us who used the 3.5mm jack, this was a straight-up downgrade in functionality for precisely no good reason. Again, this wouldn't have been a problem if they hadn't all done this. Consumer choice was at a minimum because smartphone manufacturers were uncreative hacks.

I shouldn't have to pay extra for some dumbshit adapter dongle. Those things cost extra money, they're easily lost, and they sometimes fail. And they wouldn't be necessary if they left my goddamn 3.5mm jack alone. And bluetooth/wireless earbuds or headsets are a much worse solution even than those. They're even more expensive, still easily lost, and will inevitably fail due to reliance on an internal battery that can't be replaced. When I'm riding my bike and listening to Spotify, I don't want to have to stop because my bluetooth headset or wireless earbud fell out when I went over a bump. They also sound like shit and some of them have noticeable audio lag (they're getting better on the second point, though).

So yes, it's a big deal when all of the smartphone companies decide to shove their collective heads up their asses just because Apple did it first. And the fact that some of them are finally realizing their mistake and re-adding 3.5mm jacks and replaceable batteries and other features that used to be standard is cause for celebration in my book, even if you don't care. No offense.

Lawrence Lessig Sues New York Times For Defamation Over Jeffrey Epstein Donation Story

Posted by BeauHDView on SlashDotShareable Link
Harvard law professor Lawrence Lessig sued the New York Times for defamation on Monday, claiming a story about Jeffrey Epstein's donations to MIT that referenced Lessig amounted to "clickbait." The Wrap reports: The story in question was published on Sept. 14, 2019 under the headline, "A Harvard Professor Doubles Down: If You Take Epstein's Money, Do It in Secret." Its lede, or introduction, read, "It is hard to defend soliciting donations from the convicted sex offender Jeffrey Epstein. But Lawrence Lessig, a Harvard Law professor, has been trying." The lawsuit, filed in Massachusetts, states, 'Defendants' actions here are part of a growing journalistic culture of clickbaiting: the use of a shocking headline and/or lede to entice readers to click on a particular article, irrespective of the truth of the headline. Defendants are fully aware that many, if not most, readers never read past the clickbait and that their takeaway concerning the target of the headline is limited to what they read in the headline." It also states that Lessig asked the paper to change the headline and lede, but his request was not granted.

In a Medium blog post published concurrently with the lawsuit, Lessig contended that an essay he wrote, which was the central conversation piece for the interview the Times' story was based on, calls soliciting money from convicted sex offenders a "mistake." Lessig argues that the Times' headline suggests the exact opposite. His essay argued if institutions take money from such individuals, the donors should be anonymous. He added that the "mistake" he wrote about would result in "the kind of harm it would trigger in both victims and women generally."
A Times spokesperson told TheWrap that "senior editors reviewed the story after Professor Lessig complained and were satisfied that the story accurately reflected his statements. We plan to defend against the claim vigorously."

Re:tough one

By Anonymous Coward • Score: 5, Informative • Thread

And then banned him from his golf courses after he found out what Epstein was up to.

How hard is that to understand?

Re:tough one

By squiggleslash • Score: 4, Informative • Thread

He makes that case by quoting the parts of the essay he wrote that the NYT wasn't summarizing.

And here then would be the rub for me at least (because most universities donâ(TM)t follow this rule): I think that universities should not be the launderers of reputation. I think that they should not accept blood money. Or more precisely, I believe that if they are going to accept blood money (type 4) or the money from people convicted of a crime (type 3), they should only ever accept that money anonymously. Anonymity â" or as my colleague Chris Robertson would put it, blinding â" is the least a university should do to avoid becoming the mechanism through which great wrong is forgiven. Were I king, I would ban non-anonymous gifts of type 3 or type 4.

and then later in the same essay:

Ok, thatâ(TM)s a lot of words to get to a critical point about the Joi Ito story: Everyone seems to treat it as if the anonymity and secrecy around Epsteinâ(TM)s gift are a measure of some kind of moral failing. I see it as exactly the opposite. IF you are going to take type 3 money, then you should only take it anonymously. And if you take it anonymously, then obviously you will take the many steps detailed by Farrow to keep it secret. Secrecy is the only saving virtue of accepting money like this. And rather than repeating unreflective paeans to âoetransparency,â we should recognize that in many cases, secrecy is golden. I suspect MIT takes similarly severe steps to keep the academic records of its students secret. Good for them, for here, too, transparency would be evil.

Lessig, to be fair, adds an addendum later to the same essay claiming he also doesn't think they should accept blood money, but the wording is weird and is obviously added because everyone else has read the essay in question the same way the NYTimes ultimately did. It reads as if he's changed his mind after realizing how unpopular his view is, and is playing word games to try to cover himself. Here's the relevant part of the addendum:

Iâ(TM)ve argued that âoeIFâ a great university takes type 3 contributions, then they should be anonymous. That conditional has been heard by some to mean I support the idea of a great university taking Type 3 contributions. I do not. I believe a great university should say, absolutely, it wonâ(TM)t take money from criminals. My only point was that MIT had apparently decided to take Type 3 contributions. âoeIFâ they do that, then of course the contributions should be anonymous.

This kinda would be believable if it wasn't for his first paragraph I quoted above, where it does sound as if he has no problem at all with the acceptance of blood money anonymously. He'd ban donations that aren't anonymous, not ban blood money.

I cannot stand the New York Times, but they appear to be right here. They probably should report (if they haven't) that Lessig walked back his comments, but I'm inclined to disbelieve Lessig's clarification because it absolutely does not match up with the first paragraph I quoted above.

Re:tough one

By quonset • Score: 4, Interesting • Thread

And then banned him from his golf courses after he found out what Epstein was up to.

False. The reason the con artist kicked him out was because Epstein disrespected some of the staff. Epstein's predilections had nothing to do with it.

Further, you mean to tell us that for fifteen years the con artist, who visited Epstein's place on numerous occasions, didn't know what was going on?

The donation is never anonymous

By Pinky's Brain • Score: 3 • Thread

Unless he leaves a bag of money on the doorstep they know damn well where it came from. So talking about anonymity is disingenuous. He is saying take the blood money and pretend you didn't know where it came from, but you do and it will cause quid pro quo. Consciously or unconsciously.

Pretend anonymity doesn't protect you from the moral hazard, it just protects you from bad PR.

Re:Lessig always has an odd take

By DrJimbo • Score: 4, Informative • Thread

Lessig actually said:

[...] I believe it was a mistake to take this money [from Epstein], even if anonymous.

The fine summary and the NYT got it backwards implying he supported taking anonymous donations from the likes of Epstein. This is why Lessig is suing the NYT.

Lessig was spot on. The NYT and (unsurprisingly the /. summary) were wrong about what Lessig said.

Visa Is Acquiring Plaid For $5.3 Billion

Posted by BeauHDView on SlashDotShareable Link
Visa announced today that it is buying financial services API startup Plaid for $5.3 billion, roughly double the price of its last private valuation. TechCrunch reports: Plaid develops financial services APIs. It is akin to what Stripe does for payments, but instead of facilitating payments, it helps developers share banking and other financial information more easily. It's the kind of service that makes sense for a company like Visa. The startup bought Quovo two years ago to move beyond just banking, and into broader financial services and investments. The idea was to provide a more holistic platform for financial services providers. As the founders wrote in a blog post at the time of the acquisition, "Financial applications have historically used Plaid primarily to interact with checking and savings accounts. In acquiring Quovo, we are extending our capabilities to a wider class of assets." The deal is expected to close in the next three to six months, pending regulatory approval.

Engage Ludicrous Speed

By Chris Mattern • Score: 5, Funny • Thread

They've gone to Plaid!

Hooray for fintech

By trawg • Score: 5, Insightful • Thread

A lot of VCs and startup people seem really excited by this news, like "yay, this fintech thing is panning out, the exits are going to be GREAT".

But while this seems like a great outcome for the fintechs and the VCs, it's actually the worst outcome for everyone else.

Finally, FINALLY we're seeing companies being able to take on the big banks with interesting and innovative financial products to chip away at their massive fortifications and the huge moats they've built around financial services. There's some actual, real competition, instead of the usual half-assed manoeuvring between a few big giants in the space.

But if the first thing that happens when one of them gets some serious traction is that they just get acquired by one of the big incumbents, we're just back where we started.

I'm sure it's hard to say no to billions of dollars, but I hope we see a couple of these companies stay independent.

Cards need to be regulated

By DogDude • Score: 3 • Thread
The card industry needs to be severely regulated. It's absurd that we're letting 3% of our GNP go to credit card processing, and there are zero laws protecting anybody except for Visa/MC.

Managing ledgers costs money

By KalvinB • Score: 5, Insightful • Thread

The 3% paid to processors is far more efficient than what it would cost for companies to manage their own card processing and handle fraud complaints, etc.

Target is about the only company that runs their own card processing and passes an immediate 5% savings back to the consumer.

CostCo also negotiates a lower processing fee and passes the savings onto consumers.

Unpatched Citrix Vulnerability Now Exploited, Patch Weeks Away

Posted by BeauHDView on SlashDotShareable Link
An anonymous reader quotes a report from Ars Technica: On December 16, 2019, Citrix revealed a vulnerability in the company's Application Delivery Controller and Gateway products -- commercial virtual-private-network gateways formerly marketed as NetScaler and used by tens of thousands of companies. The flaw, discovered by Mikhail Klyuchnikov of Positive Technologies, could give an attacker direct access to the local networks behind the gateways from the Internet without the need for an account or authentication using a crafted Web request. Citrix has published steps to reduce the risk of the exploit. But these steps, which simply configure a responder to handle requests using the text that targets the flaw, breaks under some circumstances and might interfere with access to the administration portal for the gateways by legitimate users. A permanent patch will not be released until January 20. And as of January 12, over 25,000 servers remain vulnerable, based on scans by Bad Packets.

This is not surprising, considering the number of Pulse Secure VPNs that have not yet been patched over six months after a fix was made available, despite Pulse Secure executives saying that they have "worked aggressively" to get customers to patch that vulnerability. And given that vulnerable Pulse Secure servers have been targeted now for ransomware attacks, the same will likely be true for unprotected Citrix VPN servers -- especially since last week, proof-of-concept exploits of the vulnerability began to appear, including at least two published on GitHub, as ZDNet's Catalin Cimpanu reported.
"The vulnerability allows the remote execution of commands in just two HTTP requests, thanks to a directory traversal bug in the implementation of the gateway's Web interface," the report adds. "The attacks use a request for the directory '/vpn/../vpns/' to fool the Apache Web server on the gateway to point to the '/vpns/' directory without authentication. The attacks then inject a command based on the template returned from the first request."

You can check for the vulnerability here.

Bing Loses Out To DuckDuckGo in Google's New Android Search Engine Ballot

Posted by msmashView on SlashDotShareable Link
Google announced last week the alternative search engines it will show to new Android users in the EU, with DuckDuckGo the most frequently offered choice and Bing tied for last place. From a report: EU citizens setting up Android devices from March 1 will given a choice of four search engines to use as their default, including Google. Whichever provider they chose will become the default for searches made in Chrome and through Android's home screen search box. A dedicated app for that provider will also be installed on their device.

Re:DuckDuckGo IS Bing

By DNS-and-BIND • Score: 5, Insightful • Thread
And having used them for a white (I know, horrors) Bing isn't that bad. I say this as a lifelong Microsoft hater. I have the official membership badge and hat. But not only is Bing not that bad, it also has a really good video search for porn, and it lacks the "curated" search results. By which I mean censored, because Google can and does penalize sources that don't agree with it to page 137 of results, and elevate sources that agree with it, to the point of them coming up very high on the first page on search results that match the politics of Google. It's a wonderful relief not being subject to that.

The summary is crap

By alexo • Score: 5, Informative • Thread

The summary completely neglects to mention the most important aspect: this was an auction, and the search engines that "won" were the ones that offered the highest payment per user to Google. It has absolutely nothing to do with the quality or the popularity of the search engine.

Re:DuckDuckGo IS Bing

By sunami88 • Score: 5, Informative • Thread

It's pretty clear that behind the scenes, DuckDuckGo is querying Bing's search engine and returning their results

Correct, in a sense. From the first paragraph on Wikipedia

[...]generating those results from over 400 individual sources, including crowdsourced sites such as Wikipedia, and other search engines like Bing, Yahoo!, and Yandex.

So it's not just Bing, but Bing is indeed one source.


By Socguy • Score: 3 • Thread
Duck Duck Go doesn't track and it's not as good a Google. But it's good enough and it doesn't track so I use it!

Adobe Brings One of Its Last Legacy Products To the Cloud

Posted by msmashView on SlashDotShareable Link
Adobe unveiled a cloud-based system to help clients build websites, bringing one of its last legacy products to the cloud almost a decade after shifting to internet-based software. From a report: The new content management system already is being used by some customers, the San Jose, California-based company said Monday in a statement. The software maker announced the service at the National Retail Federation conference in New York. Adobe is the largest vendor for enterprise customers in a $3.8 billion market for software that builds websites and manages digital assets, according to data from research firm IDC. The company said it's the first to provide a purely cloud-computing based solution to large business clients. The software maker currently manages 15 billion web page visits per day and more than 50 million digital assets, including images and videos, across its customer base. and closely held Squarespace are among the competitors in the field.

But I don't want it in the cloud.

By jellomizer • Score: 3 • Thread

I would much rather pay $1000 once for a major version of a product. And keep it on my system for the next 8-10 years. Then paying a monthly fee and get regular updates.

The problem is Creative Cloud isn't cheap monthly. And I don't use the product every day, I will just pick it up and use it randomly for a project. Even for 1k I can keep that older version for over a decade where I can spend less overall plus I can buy a new version base on my budget and need for the upgrade.

For the stuff I do, I really don't need features that they added from Photoshop CS3.

While I would prefer to use Photoshop, it no longer being an affordable option I find myself using Paint.Net and GIMP. Not because I think they are better. But they can get the job done, without being an extra monthly expense.

CC is NOT cloud-based

By Radical Moderate • Score: 3 • Thread
God I wish it was. Supporting Creative Cloud installs is a nightmare, Adobe's licensing keeps getting worse. And no, despite having "Cloud" in the name, it's not in the cloud. Photoshop, Illustrator, and friends still sit on your hard drive. And need to be updated every year. And the old version has to be removed prior to updating. And the uninstallers don't work. It's horrible.

Barr Asks Apple To Unlock iPhones of Pensacola Gunman

Posted by msmashView on SlashDotShareable Link
Attorney General William P. Barr declared on Monday that a deadly shooting last month at a naval air station in Pensacola, Fla., was an act of terrorism, and he asked Apple in an unusually high-profile request to provide access to two phones used by the gunman. From a report: Mr. Barr's appeal was an escalation of an ongoing fight between the Justice Department and Apple pitting personal privacy against public safety. "This situation perfectly illustrates why it is critical that the public be able to get access to digital evidence," Mr. Barr said, calling on Apple and other technology companies to find a solution and complaining that Apple has provided no "substantive assistance."

Apple has given investigators materials from the iCloud account of the gunman, Second Lt. Mohammed Saeed Alshamrani, a member of the Saudi air force training with the American military, who killed three sailors and wounded eight others on Dec. 6. But the company has refused to help the F.B.I. open the phones themselves, which would undermine its claims that its phones are secure.

Re: if joined can they force an backup / send me a

By gtall • Score: 4, Informative • Thread

And you expect that mouth-piece Barr to understand such an explanation. He doesn't have the mental capacity.

Re:What could there possibly be of value?

By smoot123 • Score: 5, Interesting • Thread the same way that it is impossible take some number of integers and add them in a different order and expect to be able to get a different total that is still correct.

Drifting way off topic here, I just saw a video demonstrating that by rearranging the terms of the infinite series 1 - 1/2 + 1/3 - 1/4 + 1/5..., you can make it add up to anything you want. Anything at all. It's one of those proofs where your first reaction is "no, that can't be, you made a mistake."

The gist of the proof is you pick your desired answer. Now add up positive terms until you exceed the answer. The series 1 + 1/3 + 1/5 doesn't converge so you can make the sum arbitrarily large. Then add negative terms until you're below your target. Then add more positive terms to go over. Lather, rinse, repeat. Since the amount you're over and undershooting decreases over time, you will get arbitrarily close to the number you picked, so the limit of the sum is the number you picked.

OK, back to flaming about Apple and/or the FBI.

Breaking security HELPS terrorists.

By couchslug • Score: 5, Informative • Thread

Security through obscurity doesn't work and government tools inevitably leak because they exist. When they do, they can be weaponized against their creator society.

Re:The court order can't be easily enforced these

By cayenne8 • Score: 5, Insightful • Thread

Look, most of the world doesn't even let people carry weapons on them for personal defense anymore so people can frankly just fuck right off with passionate libertarianism here. If you can't even carry a scary knife to protect you on the street, there is absolutely no principled argument for allowing big tech to create an environment where personal safety is so high that democratic states cannot enforce their warrants.

And the rest of the world can fuck right off when it comes to US rights within our country.

That's actually one of the points of HAVING a separate, independent, sovereign country.

I love the fact that I can carry concealed weapons, both guns and knives.....and I want to have my privacy rights protected too.

In the US, the gov. does NOT grant rights to the people.

The people are BORN with their rights.

We GIVE the government its limited roles, responsibilities and power via the limited, enumerated ones in the Constitution (speaking Federal here, but States are pretty much the same).

If the rest of the world wants to mandate whatever on their people....fine, but not in the US.

If the government grants your rights, you are a subject.

If the government gets its power from and is answerable to the people, then you are a citizen.

While the latter has been scarily eroding in the US, let's not help decrease the coefficient of friction of the slippery slope actively.

Off-topic: Is facial recognition a vulnerability?

By CheckeredFlag • Score: 3, Interesting • Thread
Just curious - would be possible for Apple to install a special version of iOS that changed the facial recognition code to simply return "true" and unlock the phone? If so, does this then make it less secure than a passcode alone? It's hard to see how facial or thumbprint recognition isn't a point of vulnerability for a hacked os. Would love to hear an explanation from someone who understands this.

Google Can View Millions of Patient Health Records in Most States

Posted by msmashView on SlashDotShareable Link
Through its partnerships with health care providers, Google can view tens of millions of patient records in at least three-quarters of states, the Wall Street Journal reports. From a report: Some of these partnerships allow Google to access identifiable information about patients without their or their doctors' knowledge, raising fears about how this data may be used. Google is developing a new search tool -- designed to be used by doctors, nurses and potentially patients -- that stores and analyzes patient information on its servers. The company and some health systems say argue that data-sharing can improve patient outcomes. Google says its health endeavors aren't connected with its advertising business.

Re:"...improve patient outcomes..."

By cayenne8 • Score: 4, Insightful • Thread
How in the world does this pass the HIPAA "sniff test"???

Privacy Rapists

By Sebby • Score: 4, Insightful • Thread

Hmm, letting a privacy rapist see people's personal medical information..... what could possibly go wrong??

Re:"...improve patient outcomes..."

By Sarten-X • Score: 4, Informative • Thread

As someone who used to be on the reading side of these arrangements, I can assure you it's all in the waivers you sign prior to receiving care.

HIPAA is really easy to work inside. Essentially, you just have to promise you'll protect the data, and you can get third-party access.

medical records are 10x price for a credit card

By mutley69 • Score: 4, Insightful • Thread
This kind of information should never get into the hands of a corporation that makes money out of data. It's absolutely something you should never tollerate. They should ask your permission to access these data. The hospital or the ones that manage that information are bound to the private nature of this data. They should never have allowed this access. In fact - i do believe we should do the same as we did in the end of the 60's in europe. Protest - strikes - action! Once your privacy is lost - you'll never get is back. It's so valuable that it makes me sad that people don't realise that using social media opens the flood-gates to loose all privacy!

Re:"...improve patient outcomes..."

By cayenne8 • Score: 4, Informative • Thread

While I'm no legal expert, I think you might have an issue as you altered the original contract without getting both parties to re-agree, unless they re-signed the altered contract?

Same idea as you make a contract for someone, get them to sign it, and then you just cross out whatever and write in "You own me 3 million bajillion dollars" and then sign and try getting it to hold up in court.

I'm not a legal expert either, but I think what you are signing here is a release form, not a contract, so it is perfectly legal for YOU to alter what permissions YOU give them for what they can do with your PI and health information.

Are We on the Cusp of an 'AI Winter'?

Posted by msmashView on SlashDotShareable Link
The last decade was a big one for artificial intelligence but researchers in the field believe that the industry is about to enter a new phase . From a report: Hype surrounding AI has peaked and troughed over the years as the abilities of the technology get overestimated and then re-evaluated. The peaks are known as AI summers, and the troughs AI winters. The 10s were arguably the hottest AI summer on record with tech giants repeatedly touting AI's abilities. AI pioneer Yoshua Bengio, sometimes called one of the "godfathers of AI", told the BBC that AI's abilities were somewhat overhyped in the 10s by certain companies with an interest in doing so. There are signs, however, that the hype might be about to start cooling off.

"I have the sense that AI is transitioning to a new phase," said Katja Hofmann, a principal researcher at Microsoft Research in Cambridge. Given the billions being invested in AI and the fact that there are likely to be more breakthroughs ahead, some researchers believe it would be wrong to call this new phase an AI winter. Robot Wars judge Noel Sharkey, who is also a professor of AI and robotics at Sheffield University, told the BBC that he likes the term "AI autumn" -- and several others agree.

I hope the term AI dies of frostbite

By TomGreenhaw • Score: 5, Insightful • Thread
Machine learning is much better. It implies that machines self program with training examples.

Artificial Intelligence implies vastly more with such great variety that it is nebulous and essentially meaningless.

Lower Standards...

By SirAstral • Score: 5, Insightful • Thread

The standards for what AI is just too low now.

We are calling advanced but dumb non-learning algorithms AI these days. We are a significant ways away from AI right now. We will not see it in our lifetimes based on what I am seeing. Every creature alive with AI can rewire itself... I do mean this literally. Neural pathways changes, dendrites remap based on needs, they fail with disease and damage, our motor stills are driven by these remapping and why practice is important. Computer do not do this... no software re-coding and learning is not even close to the same thing. We functionally change our compilers on input/processing/output while computers cannot do this for themselves. Until we begin work in this area, we are going to be very limited in what AI can achieve from a holistic perspective and be limited to using AI for only the simplest of reductive reasoning functions... which are still by no means a worthless pursuit, but lets stop calling that AI, because it is just not AI.

If it finds the answer by random testing... its not AI. It has to arrive at the answer in learning method way. We humans do not get to pass math class by giving random numbers to the teacher until we guess the right one, we should not have this benchmark for machines either!

If their AI was worth anything...

By doom • Score: 4, Insightful • Thread
If their AI was worth anything, wouldn't it be able to predict it's own winters? Why are we still paying attention to these "experts"?

Terminology, Statistics, and Lies

By mugnyte • Score: 5, Insightful • Thread

Yeah yeah, we know the term "AI" isn't meaningful, except in the general public's perception of a semi-autonomous machine in human-like form and endless potential for questionable agency to power a film plot.

The more important advances in form-fitting a larger number of inputs to an optimal solution path via Machine Learning will continue to find their uses. But "General AI", where a machine quickly surmises it's place, role and goals in a real-world, especially by keeping a model of it in several senses in highly-parallel processing, is leagues away. I doubt the physical architecture for such a thing has been invented yet.

But we're headed that direction. Someone will probably build several generations of ML that try to solve candidate-architectures for General AI first, and chew-away at the problem(s). Once we see parallelism scaled way up, and innovative cooling solutions for highly-layered semiconductors, we may be getting closer. This is speculative and assumptive on my part, obviously.


By Pseudonym • Score: 5, Informative • Thread

Minsky was partly responsible for the first AI Winter of the late 70s. He (or Schank) may have coined the term.

UK Govt Warns Not To Access Online Banking on Windows 7

Posted by msmashView on SlashDotShareable Link
The UK's National Cyber Security Centre (NCSC) is warning people of using online banking or accessing sensitive accounts from devices running Windows 7 from Tuesday, 14 January, when Microsoft ends support for the operating system. From a report: The NCSC, the government body for cybersecurity, is encouraging people to upgrade from Windows 7 as soon as possible, due to Microsoft's 2019 decision to stop providing technical support for the software. "The NCSC would encourage people to upgrade devices currently running Windows 7, allowing them to continue receiving software updates which help protect their devices," the NCSC spokesperson said. "We would urge those using the software after the deadline to replace unsupported devices as soon as possible, to move sensitive data to a supported device and not to use them for tasks like accessing bank and other sensitive accounts. They should also consider accessing email from a different device."

Maybe good advice for tech-unsavvy

By twocows • Score: 5, Interesting • Thread
Considering who their audience is, it might be good advice. Laypersons aren't going to understand things like their software will eventually stop getting updates and other devices on their network can trivially compromise their Win7 device. People who might actually know how to reasonably secure a system with an EOL OS likely aren't relying on the UK government for security advice.

Empty threats

By WaffleMonster • Score: 3 • Thread

Microsoft is still publically releasing patches for Windows XP. For example RDP remote exploit patches were released in May of 2019.

Re:So Magic???

By twocows • Score: 5, Insightful • Thread
The biggest problems day one are going to be the plethora of zero-days that drop because now they can't be patched on most Win7 systems. But that'll be relatively minor compared to the longer-term issues.

From January 14th until the end of time, every single exploit that gets discovered for Win7 will remain unpatched for systems without extended updates (unless MS caves for some really severe ones like they did with XP). That means that within a year, you'll have potentially hundreds of exploits of every type and severity affecting Windows 7. What's more, the CVEs disclosing these vulnerabilities will basically tell people who don't already know exactly where to start looking.

Now, most home users are behind a NAT firewall, so they don't usually need to worry about just getting compromised sitting around doing nothing. However, if another compromised device gets on the network, if they decide to run a public-facing service (e.g. run a website), etc., they're at a huge risk. Also, the various software packages on their computer will eventually stop receiving updates. This might not matter for, say, Game 2019, but other random software like (just as an example) 7zip might stop getting updates, which makes it a target, which means they're likely to encounter drive-bys trying to get them to run exploits with those things (e.g. email from granny "hey open this zip file!" designed to exploit 7zip to compromise the rest of the system). And once Chrome or Firefox stops pushing updates to Win7, it'll be open season for drive-by attacks.

If you're not using Windows 7 for anything particularly sensitive and you're not an attractive target and you're not running any common public-facing services and you isolate the system on its own vlan, you can probably secure Windows 7 to the point where it'll be mostly OK to use for the next few years. I wouldn't recommend it, but it's an option.

However, the UK government's not talking to people capable of doing that, because those people wouldn't be getting tech advice from their government. The UK government is addressing the vast majority of people who don't understand any of this and maybe just heard this thing about Windows 7 being unsafe but don't know why. And to those people, the UK government's advice is very, very sound.

Re:Please Upgrade

By ArchieBunker • Score: 4, Funny • Thread

Can't they just re-enable it with the next update?

What they meant was:

By dhaen • Score: 3 • Thread
Don't access Internet banking with Windows.7 day banking will always be available online.

Supreme Court Declines To Consider Medical Diagnostic Patents

Posted by msmashView on SlashDotShareable Link
The U.S. Supreme Court stayed out of the debate over what types of medical diagnostic tests can be patented, leaving in legal limbo companies that discover ways to diagnose and treat diseases based on patients' unique characteristics. From a report: The justices rejected an appeal by Quest Diagnostics's Athena unit that sought to restore its patent for a test to detect the presence of an autoimmune disease. A lower court had ruled in favor of the nonprofit Mayo Clinic that the test wasn't eligible for a patent because it merely covered a natural law -- the correlation between the presence of an antibody and the disease. Justices on Monday also rejected appeals to clarify the rules regarding software patents. The Supreme Court's action leaves it to Congress to resolve an issue that's created a legal gray area for such discoveries.

I say: Prison, for even attempting to.

By BAReFO0t • Score: 3 • Thread

If I seek to withhold a way in which anyone could tell you need medical treatment or you will suffer a great deal and/or die,

how is that any different from grievous bodily harm or manslaughter/murder?

I don't think it matters if you drown somebody to death, or don't open hatch right in front of you by which he could save himself from drowning to death.
Even if opening the hatch would be hard ... which in this case, it isn't, ... what monster would not at least try?

Only a psychopath.

Some things should be 'not-for-profit'

By Rick Schumann • Score: 3 • Thread
Or, at least, there should be a legal limit to how much profit you can make. The entire medical industry should be at the top of that list. Disagree? Then you tell me how it's right it is for some asshat to, for instance, buy a small pharmaceutical manufacturer that makes a one-of-a-kind life-saving medication, then jack up the price by a factor of ten thounsand, putting it out of reach of most of the people who need it to continue living? Realize this example is from real life and not made up, it's happened. Our civilizations' medical industry is supposed to benefit the people it's treating; how is patenting something like a diagnostic procedure accomplishing that? It's not, it's purpose is to force other companies to pay a royalty to use that procedure, the cost of which gets passed along to patients.
If you wan to help humanity, which medicine in general is supposed to exist for, then help all humanity, not just The Rich.

One works, one doesn't. Shkreli is in prison

By raymorris • Score: 5, Insightful • Thread

The VAST majority of medical breakthroughs over the last hundred years have come from the United States, where your billion dollar investment in researching all different possibilities just might pay off.

There are a LOT of countries where you can't "make a profit" on medicine (which mostly means recouping your research expenses from that didn't work out). Those countries produce approximately zero new medical research.

You want to change it from "you can buy the new med for $50 until the patent runs out, then it's $5" to "the meds are always $5". Your suggestion doesn't make that happen, though. Your suggestion is in place in many countries, lots of places to is no profit in medical research, and the result is there is no new medicine. Nobody can get it at any price. The actual options are:

A. The newest meds cost $50 for the first few years they are on the market, $5 thereafter (US system)
B. There are no new meds, at any price, because nobody is going to hand over their retirement savings for pharmaceutical research with no possibility that it'll come back and let them retire like any other investment would

Yeah Martin Shkreli is an asshole. And he's in prison, where he belongs.

They didn't invent anything

By raymorris • Score: 4, Insightful • Thread

Patents are for inventions, new ways of doing things.
Quest didn't invent anything. The courts saw that, killed the patent. Case closed.

More specifically, the law is you can't patent "the laws of nature, including the laws of physics of of mathematics". This is because inventions must be NEW and the laws of nature are not new.

Quest tried to patent "if you have this antibody, you might have this disease". That's not new - that statement was true 2,000 years ago.

Note you CAN patent a newly invented type of elevator, which USES the laws of physics, specifically gravity. You can't patent gravity, because gravity isn't a new invention. By the same token, you can't patent mathematical laws such as the commutative law of multiplication. You CAN patent a new invention which uses math in a new and useful way to do something new.

The best government money can buy.

By SeaFox • Score: 3 • Thread

The Supreme Court's action leaves it to Lobbyists to resolve an issue that's created a legal gray area for such discoveries.


Academic Research Finds Five US Telcos Vulnerable To SIM Swapping Attacks

Posted by msmashView on SlashDotShareable Link
A Princeton University academic study found that five major US prepaid wireless carriers are vulnerable to SIM swapping attacks. From a report: A SIM swap is when an attacker calls a mobile provider and tricks the telco's staff into changing a victim's phone number to an attacker-controlled SIM card. This allows the attacker to reset passwords and gain access to sensitive online accounts, like email inboxes, e-banking portals, or cryptocurrency trading systems. All last year, Princeton academics spent their time testing five major US telco providers to see if they could trick call center employees into changing a user's phone number to another SIM without providing proper credentials. According to the research team, AT&T, T-Mobile, Tracfone, US Mobile, and Verizon Wireless were found to be using vulnerable procedures with their customer support centers, procedures that attackers could use to conduct SIM swapping attacks. In addition, the research team also looked at 140 online services and websites and analyzed on which of these attackers could employ a SIM swap to hijack a user's account. According to the research team, 17 of the 140 websites were found to be vulnerable.

Don't use phone numbers for account recovery

By DigitAl56K • Score: 4, Interesting • Thread

I'll make a similar post here to one I made a couple of days back: Major companies and services should stop using phone numbers for account recovery. Google whines at you if you don't have a recovery phone number. Some companies use a phone number as their 2FA. Signal uses your phone number as your account, in fact you can't even use the desktop app without one.

I've had friends whose Google accounts and social media were all taken over thanks to SIM hijacking. We shouldn't base security on a model where the more of a target you are, the weaker the security -- i.e. at some point you get interesting enough for someone to dial up a carrier and then everything falls over.

OK for 2FA

By enriquevagu • Score: 3 • Thread

Just wanted to highlight that phone-based authentication, when combined with another mechanism (e.g. a password) in a two-factor authentication system, actually increases the security of the initial mechanism alone (the password). With the phone support in 2FA, an attacker needs to both obtain the password and perform the SIM swapping trick.

However, phone-based authentication should be completely forbidden as a password-recovery mechanism, since it lowers the security of the mechanism, essentially making the password useless. I bet this use is very common...

Microsoft To Replace Edge With Its Chromium Browser This Wednesday

Posted by msmashView on SlashDotShareable Link
Microsoft is replacing its Edge browser with the updated, Chromium-based version on January 15. Windows 10 users will be automatically transitioned over. From a report: We already knew this was coming because Microsoft announced the new Edge's launch date last month, but it wasn't clear that users would be pushed to the new version. Thankfully it will look mostly the same as the existing Edge browser, with all the same proprietary Microsoft features, except for a slightly more Chrome-esque look. Since the new Chromium Edge will be based off the same browser as Google Chrome, Edge will now support all the same extensions. Last month developers were invited to port their Chrome extensions over to the Microsoft Store, with the company saying that most extensions could be transferred over without any additional work. Edge is the default browser for all 900 million Windows 10 users, so there's obviously an incentive there to port extensions.

How did they fall so far?

By az-saguaro • Score: 4, Interesting • Thread

My question or comment is not about the merits of any of these browsers, rather about the nuances of corporate psychology and production.

(I use Firefox. I sometimes open Chrome and Edge because certain sites, for whatever reasons, only display properly on one or the other of these, so go with the flow. Edge is not nearly as bad as people like to complain about, and Chrome mostly works great but for its inherent spyware nature. The nice thing about Firefox, aside from that it works, is that it seems to have recently dedicated itself to being the anti-chrome anti-spyware full-featured browser.)

So, Edge is not so bad as people complain about, but it is still lightweight and amateurish. Here is my question. When MS wrangled browser supremacy away form Netscape, they built a capable product. Notwithstanding business ethics, security issues, or anything else worth criticizing about MS, they created a browser that fueled the internet and that developers wrote for. Then came, the Ballmer years with Vista and its legacy then Win 8. In the meantime, developers jumped ship as Chrome ascended. Now, MS wants to return to making a credible browser, Edge, but its original homespun Edge is not gaining traction, so now they are switching to a Chrome version.

How is it that MS lost its ability to make a credible or functional browser, when they were once the kings?
Have they inherently lost the engineering and management capabilities to make it happen, or are they so sidetracked and locked in on the wrong pathway that they cannot see their way back to a respectable home grown browser?
Can the engineers do it but management holds them back, or are they decimated of engineering talent in that division?
If they want respectability on an open source codebase, why Chrome rather than Firefox?

I am not in the industry, but it is fascinating to me that the Lords of the Internet have fallen so far that they can no longer make a good browser on their own.

Any thoughts or insights or comments?

Re:I don't think Edge was ever the default

By Dan East • Score: 5, Insightful • Thread

Basically, Edge failed due to lack of support.

Edge failed because there is no monetary incentive for MS to be developing and maintaining something as complex as a web browser. Years ago they tried to bastardize HTML to monetize it (specifically, ActiveX, which is basically Windows programs embedded web pages), and through antitrust / monopolistic practices. Those both failed. The only other incentive they could have is the "we're doing this to try and keep third party X from gaining total control of the browser space" type of strategic corporate maneuvering, but that is not worthwhile at this point either.

Web browsers are a constantly moving target. Think for a moment about all the other "free" software bundled with Windows. MS can develop a piece of software, like Paint, and then basically not touch it at all for *years*. Maybe freshen it up a little with a new release of Windows. A web browser (as in a true HTML engine and not a wrapper for one) is just a continuous PITA and money pit. MS is actually pretty smart to ditch Edge. To me, they seem to be willing to make tough decisions and let go of things better these days than ever before. Which is probably the reason their stock has risen steadily the last 6-7 years when it was totally flat for over a decade between 2000 and 2013.

Re:Loving Embrace

By twocows • Score: 4 • Thread
Eh, I don't know. I doubt Microsoft's quite as incompetent as you seem to think. Maybe under Ballmer, but not right now.

It seems far more likely to me that Edge was probably costly to develop and maintain and they didn't see the reason to waste those resources in a battle they already lost. A lot cheaper to manage 1% of an actively updated codebase than 100% of your own. Maybe they have a dim hope that some people won't immediately switch off it now that it's based on Chromium, but I doubt they're relying on that.

Re:I don't think Edge was ever the default

By MBGMorden • Score: 4, Informative • Thread

And any IE specific apps, enterprise or otherwise, can easily be run today in Chrome or other chromium based browsers.

Definitely not true. Granted, it's not Chrome's fault, but there are still quite applications that won't work in Chrome. Namely, any application that still uses Silverlight (which we have at least one). The vendor is actively working on getting an HTML5 version completed (since Silverlight goes end of life in less than 2 years), but they're not 100% there yet.

Re:I don't think Edge was ever the default

By TheRealMindChild • Score: 5, Interesting • Thread
(specifically, ActiveX, which is basically Windows programs embedded web pages)

You clearly don't really understand ActiveX. It was a set of interfaces and standards on top of COM that allowed platform/language independent creation, introspection, management and usage of objects. This technology *allowed* for such ease of use that Microsoft thought that allowing something like a webpage/browser to create such an object via unverified scripting was a good idea. And it sort of was... in a world where you can trust everyone. But there was never a permission system built for this, just like there is no permission system for loading a DLL. ActiveX is still very much in use today, inside applications and scripts. It is a powerful tool. A lot of components that are useful have never been replaced. And while .NET was meant to supercede ActiveX, it is more like ActiveX 2.0, and happily lives along side of it. It is interesting to mention that Internet Explorer itself is an ActiveX library/object, heavily ingrained in explorer and countless apps, which is why we can't just get rid of it.

Think for a moment about all the other "free" software bundled with Windows. MS can develop a piece of software, like Paint, and then basically not touch it at all for *years*.

Like stated above, you apparently fail to understand what Windows is and Microsofts goals for it are/were. Backward compatibility is significantly more important new features in the system. I can play a wav file just the same, same API calls, with the same binary compatible all the way back to Windows 9x, maybe even 3.1. You can't do that with Linux. You can only do that with a limited degree with MacOS. Paint, for instance is an OLE embedded COM server. It isn't just an app. It is also a library. Aside from bug fixes, you can't change it. As per COM's nature, you can only add new COM interfaces, but you have to leave the old ones intact. Windows entire ecosystem is like that. And to me, that makes it good

Florida Joins US Government in Probing Foreign Ties of Researchers

Posted by msmashView on SlashDotShareable Link
Florida lawmakers have begun an investigation into the foreign ties of researchers at the state's universities and research institution. The inquiry, the first of its kind at the state level, dovetails with an ongoing federal probe into whether such affiliations, notably with Chinese entities, pose a risk to the U.S. research enterprise. From a report: The Florida effort is triggered by revelations last month that six scientists at the Moffitt Cancer Center had been dismissed for failing to disclose their participation in China's Thousand Talents Program. The researchers include the center's CEO, Alan List, and the head of its research center, Thomas Sellers. "I'm appalled by the actions of the Moffitt CEO and some of its researchers," says state Representative Chris Sprowls (R), who is chair of a bipartisan select committee created by Republican House Speaker Jose Oliva. "The question is, has there also been any theft of intellectual property? Clearly, the intent is there." The Moffitt case is the latest instance of scientists being ousted from U.S. biomedical research institutions after being accused of failing to disclose foreign research ties or undermining the integrity of the process by which the National Institutes of Health (NIH) funds research. The MD Anderson Cancer Center cut ties with three scientists in April 2019 as part of a larger investigation, and 1 month later Emory University announced it had fired two neuroscientists. All five were Asian Americans.

Re:New McCarthyism

By l0ungeb0y • Score: 5, Insightful • Thread
I think this has more to do with the proliferation of Chinese students and employees spying for the Chinese Gov't and Corporations, and high tailing it back to China with millions of dollars in trade secrets and other stolen data Unless you've been living under a rock the last couple decades, it should be clear the amount of espionage China has been conducting in the US is completely out of hand

Re:How cute

By Nidi62 • Score: 4, Funny • Thread

The situation we're in now is more akin to Messerschmitt engineers working at Lockheed before the war... and sending what they learn back to Germany.

So what you're saying is we need to start inviting Chinese aerospace engineers to work at Boeing. I like your thinking, it'll set them back decades!

Probe ALL money ties.

By Gravis Zero • Score: 3 • Thread

Instead of focusing on monetary ties to schools, they should instead be probing all monetary ties, especially political funding. As it stands, it's all but impossible to know who is funding a PAC and politicians seems to think this is fine. The truth is that nothing about having foreign money in politics is fine but they turn a blind eye because they believe it benefits them.

The best way to avoid foreign monetary ties to school is to *gasp* have the government fund them. Yes, it costs money and you might have to *bigger gasp* raise taxes of massive corporations and the rich.

Not just China

By guruevi • Score: 4, Interesting • Thread

India, Iran and Russia all have deep ties into US research sites, especially in regards to healthcare and high-end physics (nuclear, fusion). There are pretty much monthly stories about researchers and years of data, collected and paid for by the US tax payer, disappearing into some of those countries.

The Chinese and India send gluts of students every year, the goal is that they'll collect knowledge and information and kickstart their own industries back at home. But a lot of them are also sent by companies and state actors to steal what they can't get.

We have met the enemy, and they are us

By InfiniteZero • Score: 3 • Thread

To the Chinese government, this is another fantastic gift. Just look up the fascinating story of Qian Xuesen, and how one of the founders of the legendary JPL became the father of China's space program.

We have nothing to fear but fear itself. The great nation on earth can only be destroyed from within. We are halfway there, unfortunately.

'We're Approaching the Limits of Computer Power -- We Need New Programmers Now'

Posted by msmashView on SlashDotShareable Link
Ever-faster processors led to bloated software, but physical limits may force a return to the concise code of the past. John Naughton: Moore's law is just a statement of an empirical correlation observed over a particular period in history and we are reaching the limits of its application. In 2010, Moore himself predicted that the laws of physics would call a halt to the exponential increases. "In terms of size of transistor," he said, "you can see that we're approaching the size of atoms, which is a fundamental barrier, but it'll be two or three generations before we get that far -- but that's as far out as we've ever been able to see. We have another 10 to 20 years before we reach a fundamental limit." We've now reached 2020 and so the certainty that we will always have sufficiently powerful computing hardware for our expanding needs is beginning to look complacent. Since this has been obvious for decades to those in the business, there's been lots of research into ingenious ways of packing more computing power into machines, for example using multi-core architectures in which a CPU has two or more separate processing units called "cores" -- in the hope of postponing the awful day when the silicon chip finally runs out of road. (The new Apple Mac Pro, for example, is powered by a 28-core Intel Xeon processor.) And of course there is also a good deal of frenzied research into quantum computing, which could, in principle, be an epochal development.

But computing involves a combination of hardware and software and one of the predictable consequences of Moore's law is that it made programmers lazier. Writing software is a craft and some people are better at it than others. They write code that is more elegant and, more importantly, leaner, so that it executes faster. In the early days, when the hardware was relatively primitive, craftsmanship really mattered. When Bill Gates was a lad, for example, he wrote a Basic interpreter for one of the earliest microcomputers, the TRS-80. Because the machine had only a tiny read-only memory, Gates had to fit it into just 16 kilobytes. He wrote it in assembly language to increase efficiency and save space; there's a legend that for years afterwards he could recite the entire program by heart. There are thousands of stories like this from the early days of computing. But as Moore's law took hold, the need to write lean, parsimonious code gradually disappeared and incentives changed.

Lotta FUD

By dbrueck • Score: 5, Insightful • Thread

This is a problem that will naturally take care of itself, the sky is not falling one bit.

A top (if not THE top) rule of optimization is: "don't optimize what you don't need to optimize". The bloat being complained about is mostly pointing out areas in which stuff isn't optimized and doesn't (yet) need to be optimized.

Software will naturally grow to the size of available resources in part because it's inefficient to prematurely optimize where you aren't resource constrained. If time to market is a high priority variable and your desktop app weighs in at 10MB, it probably doesn't make sense to take 25% longer dev time to get it down to 5MB.

Once there's a material benefit/advantage to optimizing away some of this bloat, it'll be taken care of automatically simply because then there is value to doing it. For example, if a mobile app is too hard on the battery, it'll often get poor reviews, causing some number of people to avoid it in favor of another app until the developer fixes the problem - i.e. the app gets optimized for power consumption because there's a good incentive to do it.

Re:why do Capitalists hate the Market?

By JustAnotherOldGuy • Score: 4, Insightful • Thread

We need programmers now!


Now just hold on there, you crazy radical! If we pay them we might not be able to afford a 3rd yacht!!

Start with what YOU want from your computer

By Opportunist • Score: 3 • Thread

If you want to have the "look and feel" of an overbloated desktop environment where papers fly animated from wiggling folders when you copy your stuff, and especially if you want that in a web browser, you're part of the problem.

Stop with that shit and concentrate on what's required. And suddenly you'll notice that the amount of processing power and ram you have at your disposal is plenty. For nearly anything you could possibly want to do on your desktop.

Re:New programmers

By JustAnotherOldGuy • Score: 4, Insightful • Thread

Many managers think they can slap the wine bottle out of the hands of the vagrant at the front steps of the building and replace a real programmer.

That was basically our hiring method for two years at a Seattle healthcare group I worked at.

Dev 1: I don't like him. He doesn't know anything.
Dev 2: I don't like him. He's a vicious clown with an attitude.
Dev 3: I don't like him. He stabbed Bob in the break room.
Dev 4: I don't like him. His only experience is with MS Access.
Manager: Okay, he's hired!

Re:As usual, the title is wrong

By avandesande • Score: 5, Insightful • Thread
Converting PHBanese for you. 'New Programmers' is code for 'More H1B slots'.

India Orders Investigation Into Alleged Anti-Competitive Practices by Amazon and Walmart's Flipkart

Posted by msmashView on SlashDotShareable Link
India ordered a large-scale investigation into Flipkart and Amazon India on Monday after a retail trade group alleged that the e-commerce giants were indulging in anti-competitive practices to gain foothold in the country. From a report: Competition Commission of India (CCI), the local antitrust body, noted four concerns including the arrangements between smartphone vendors and e-commerce platforms to sell certain handsets exclusively online, and e-commerce firms apparently giving preferential treatment to certain sellers, and said these allegations merit an investigation. The CCI also ordered Director General to investigate whether Amazon India and Walmart are offering deep discounts on their marketplaces and promoting their own private labels.

ICANN Wants to Let VeriSign Raise Prices on .Com Domains

Posted by EditorDavidView on SlashDotShareable Link
VeriSign has released a "proposed agreement" with ICANN to amend their exclusive .com registry agreement to allow them to raise the price of dotcom registrations up to 28% every six years.

Those new terms "are now open to public comment" -- and the Register points out that ICANN's decision seems to come with a corresponding $20 million for ICANN: Operator of the dot-com registry, Verisign, has decided to pay DNS overseer ICANN $4 million a year for the next five years in order to "educate the wider ICANN community about security threats."

Even though the generous $20 million donation has nothing to do with ICANN signing off on an extension of the dot-com contract until 2024, the "binding letter of intent" [PDF] stating the exact amount of funding will be appended to the registry agreement that Verisign has with ICANN to run the dot-com registry.

That extension lifts a price freeze put in place several years ago and will allow Verisign to increase prices by seven per cent a year [in each of the last four years of each six year contract renewal]. It's an increase that we calculated was worth $993 million and which the stock market appeared to agree with when it raised the company's share price by 16 per cent when the agreement was first flagged in November 2018...

ICANN explains the $20 million this time will be used to "support ICANN's initiatives to preserve and enhance the security, stability and resiliency of the DNS, including root server system governance, mitigation of DNS security threats, promotion and/or facilitation of DNSSEC deployment, the mitigation of name collisions, and research into the operation of the DNS."

Which is all entirely above board and not at all shady.

7% per year != 28%

By swillden • Score: 3 • Thread

The summary ignores compounding when it says that the agreement allows Verisign to raise prices by 28% every six years. The agreement says that Verisign can raise prices by 7% in each of the last four years of each six-year term. Four 7% increases is a hair above 31%, not 28%, so it allows Verisign to increase the prices by 31% every six years. A nit, perhaps, but one that's worth lots of money.

Over the course of 30 years, Verisign could increase prices by 387%. Somehow I doubt the cost of administering and serving .com domains is going to quadruple every 30 years. It's much more likely that it will decrease by a large factor.

OTOH, with the TLD expansion, there is now plenty of competition in the domain name space, and it may be that competition will prevent Verisign from raising prices too much. For commercial use ".com" is what you are expected to have these days, but that could easily change over the course of a few years, especially if businesses started using more focused TLDs. On the gripping hand, businesses may still feel obligated to buy the .com, just so no one can squat on it.

To everyone who said giving up.....

By thereddaikon • Score: 3 • Thread

Sovereign control was a good idea. I fucking told you so. It took ICANN just a few years to become completely corrupt and mishandle TLDs. And this is after nearly 30 years of smooth and fair operation under the US government. Can we take it back now?

And I can't figure out...

By clenhart • Score: 4, Insightful • Thread

... why it costs $12-$20 per year for *a registration*. (with DNS handled elsewhere.)


By WaffleMonster • Score: 4, Insightful • Thread

It's not as easy as you might think to run the single most important database on the entire Internet. Think about it for a moment and you'll realize that I'm not exaggerating with that statement, either.

Managing 150 million static records containing basic glue and contact information that rarely change is a trivially small undertaking by todays standards. Current yearly rate per record is already absurdly high and completely unjustifiable.

Especially when you consider the fact that domains are managed by third party registrars and VeriSign does not provide front end support for vast majority. VeriSign runs only two of the worlds root servers and is raking in well over a billion a year in net profit.

Please comment!

By Y2K is bogus • Score: 3 • Thread

When I last checked, only 6 people had publicly commented on this issue. It's just an email message, so please follow the links and log your comment!

How Is Computer Programming Different Today Than 20 Years Ago?

Posted by EditorDavidView on SlashDotShareable Link
This week a former engineer for the Microsoft Windows Core OS Division shared an insightful (and very entertaining) list with " some changes I have noticed over the last 20 years" in the computer programming world. Some excerpts: - Some programming concepts that were mostly theoretical 20 years ago have since made it to mainstream including many functional programming paradigms like immutability, tail recursion, lazily evaluated collections, pattern matching, first class functions and looking down upon anyone who don't use them...

- 3 billion devices run Java. That number hasn't changed in the last 10 years though...

- A package management ecosystem is essential for programming languages now. People simply don't want to go through the hassle of finding, downloading and installing libraries anymore. 20 years ago we used to visit web sites, downloaded zip files, copied them to correct locations, added them to the paths in the build configuration and prayed that they worked.

- Being a software development team now involves all team members performing a mysterious ritual of standing up together for 15 minutes in the morning and drawing occult symbols with post-its....

- Since we have much faster CPUs now, numerical calculations are done in Python which is much slower than Fortran. So numerical calculations basically take the same amount of time as they did 20 years ago...

- Even programming languages took a side on the debate on Tabs vs Spaces....

- Code must run behind at least three levels of virtualization now. Code that runs on bare metal is unnecessarily performant....

- A tutorial isn't really helpful if it's not a video recording that takes orders of magnitude longer to understand than its text.

- There is StackOverflow which simply didn't exist back then. Asking a programming question involved talking to your colleagues.

- People develop software on Macs.

In our new world where internet connectivity is the norm and being offline the exception, "Security is something we have to think about now... Because of side-channel attacks we can't even trust the physical processor anymore."

And of course, "We don't use IRC for communication anymore. We prefer a bloated version called Slack because we just didn't want to type in a server address...."


By Entrope • Score: 4, Insightful • Thread

Why are intrinsics not supposed to be a loose form of inline assembly code? The point of intrinsics is that the LANGUAGE, not the hardware, has no single, short way to express the instruction. No one asks for intrinsics that represent scalar addition, multiplication, or assignment, because those are all concisely and unambiguously defined by the language.

For example, take a population count function. Many CPUs provide that as a single instruction. gcc provides a __builtin_popcount() intrinsic, taking an unsigned int. What is the "right" way to express that in standard C so that the compiler knows to translate it to a single instruction, assuming one knows "unsigned int" is 32 bits wide?

for (ii = 0; ii < 32; ii++) count += 1 & (x >> ii); // A

for (ii = 0; x >> ii; ii++) count += 1 & (x >> ii); // B

count = popcnt_tab[x & 0xff] + popcount_tab[(x >> 8) & 0xff] + popcount_tab[(x >> 16) & 0xff] + popcount_tab[(x >> 24) & 0xff]; // C

tmp = (x & 0x55555555) + ((x >> 1) & 0x55555555);
tmp = (tmp & 0x33333333) + ((tmp >> 2) & 0x33333333);
tmp = (tmp & 0x0f0f0f0f) + ((tmp >> 4) & 0x0f0f0f0f);
tmp = (tmp & 0x00ff00ff) + ((tmp >> 8) & 0x00ff00ff);
count = (tmp & 0x0000ffff) + ((tmp >> 16) & 0x0000ffff); // D

Each of those is preferable in different conditions for hardware that does not have a popcount instruction. Should a compiler have to recognize all of those idioms, including the one that depends on a table lookup? Or is an intrinsic like __builtin_popcount() superior, especially when -- as with gcc -- it does have a library or open-coded implementation on hardware without that instruction?

I suspect your complaint about non-portable intrinsics hinges on the fact that different hardware implements different sets of vector instructions, and there is no good compromise between portability and non-trivial vector instructions. gcc again offers a good compromise where it exists -- overloading existing, well-defined operators to work independently on each value in vectors. Some other compilers (like Intel's) would rather tie people to the associated hardware, so they do not provide that kind of portability. Fortunately, C++ allows one to work around that bit of vendor lock-in.

Re:Numerical computing isn't done "in Python"

By Ambassador Kosh • Score: 4, Informative • Thread

They are probably using numpy, scipy etc and probably with numpy linked to a high performance BLAS library. Most of those calls are going to be to high performance lower level code. Actually it is pretty common to define a problem in python and have it solved by a high performance library.

Defining a neural network in c++ would take a lot longer and give no performance advantage compared to python. You definitely want to run it in a low level language.

Re:Python is a scripting language.

By DaveV1.0 • Score: 4, Insightful • Thread
No, it is not a really nice scripting language. It is whitespace dependent and that makes it a shitting language.

Re:I didn't write this article....

By gtall • Score: 5, Funny • Thread

"Curious what will the next 20 years bring" Electric Meeting Technicians (EMTs). These valuable bots will go to meetings for you, nod appropriately in the correct spots during a meeting, spout the latest in buzzword bingo to satisfy any management present, and generally make your life quite enjoyable. They will return from a meeting, plug themselves into your computer, and dump the contents of the meeting they have collected into your trash AND (this is the best part) automatically empty your trash for you.


By Junta • Score: 3 • Thread

The OSI 7 layer model has been superseded by the HTTP 1 layer model.

(Yes I know the OSI 7 layer model was never perfectly relevant, but it is a succinct expression of the general thinking of networking then versus now).