[$] Per-system-call kernel-stack offset randomization In recent years, the kernel has (finally) upped its game when it comes tohardening. It is rather harder to compromise a running kernel than it usedto be. But "rather harder" is relative: attackers still manage to findways to exploit kernel bugs. One piece of information that can be helpfulto attackers is the location of the kernel stack; thispatch set from Kees Cook and Elena Reshetova may soon make thatinformation harder to come by and nearly useless in any case.
Security updates for Friday Security updates have been issued by Debian (bluez and php5), Fedora (chromium, kernel, and PyYAML), Gentoo (adobe-flash, libvpx, php, qtcore, and unzip), openSUSE (chromium, kernel, and mcpp), Oracle (ipmitool and libvncserver), Red Hat (ipmitool and rh-postgresql10-postgresql), Slackware (kernel), and SUSE (ldns and tomcat6).
Malcolm: Static analysis in GCC 10 David Malcolm writesabout the static-analysis features that he is working on adding to theGCC compiler. "This issue is, of course, a huge problem totackle. For this release, I’ve focused on the kinds of problems seen in Ccode—and, in particular double-free bugs—but with a view toward creating aframework that we can expand on in subsequent releases (when we can addmore checks and support languages other than C)."
[$] Avoiding retpolines with static calls January 2018 was a sad time in the kernel community. The Meltdown andSpectre vulnerabilities had finally been disclosed, and the requiredworkarounds hurt kernel performance in a number of ways. One of thoseworkarounds — retpolines —continues to cause pain, with developers goingout of their way to avoid indirect calls, since they must now be implementedwith retpolines. In some cases, though, there may be a way to avoid retpolines and regain much of the lost performance;after a long gestation period, the "static calls" mechanism may finally benearing the point where it can be merged upstream.
Plasma on TV: Presenting Plasma Bigscreen (KDE.News) The KDE.News site is carrying anannouncement for the PlasmaBigscreen environment, which is meant for large-screen televisions. "Talking of interacting from the couch,voice control provides users with the ultimate comfort when it comes to TVviewing. But most big brands not only do not safeguard the privacy of theircustomers, but actively harvest their conversations even when they are notsending instructions to their TV sets. We use Mycroft's Open Source voiceassistant to solve this problem."
Security updates for Thursday Security updates have been issued by CentOS (firefox, icu, kernel-rt, libvncserver, python-imaging, python-pip, python-virtualenv, thunderbird, tomcat, tomcat6, and zsh), Debian (icu and okular), Fedora (libxslt and php), Gentoo (bluez, chromium, pure-ftpd, samba, tor, weechat, xen, and zsh), Oracle (libvncserver), Red Hat (ipmitool and zsh), and SUSE (python-cffi, python-cryptography and python-cffi, python-cryptography, python-xattr).
[$] Helping FOSS conferences in the face of a pandemic The effects of the Coronavirusdisease 2019 (COVID-19) pandemic are horrific and far-reaching; wereally do not yet know just how bad it will get. One far less serious areathat has been affected is conferences forand about free and open-source software (FOSS). On the grand scale, these problems are pretty low on thepriority list.There are a fair number of non-profit organizations behind thegatherings, however, that have spent considerable sums setting upnow-canceled events or depend on the conferences for a big chunk of their budget—or both. A neworganization, FOSS Responders,has formed to try to help out.
O'Reilly shutting down its conference group O'Reilly has announcedthat it is canceling all of its upcoming in-person conferences and shuttingdown its conference group permanently. "Without understanding whenthis global health emergency may come to an end, we can’t plan for orexecute on a business that will be forever changed as a result of thiscrisis. With large technology vendors moving their events completelyon-line, we believe the stage is set for a new normal moving forward whenit comes to in-person events." There is still no notice to thiseffect on the OSCON page, butone assumes that is coming.
Some stable kernels Stable kernels 5.5.13, 5.5.12, 5.4.28, and 4.19.113 have been released. They all containimportant fixes and users should upgrade.
[$] Django changes its governance The Django web framework hascome a long way since it was first released as open source in 2005. Itstarted with a benevolent dictator for life (BDFL) governance model, likethe language it is implemented in, Python, but switched to a differentmodel in 2014. When Python switchedaway from the BDFL model in 2018, it followed Django's lead to someextent. But now Django is changing yet again, moving from governance basedaround a "core team" to one that is more inclusive and better reflects theway the project is operating now.
Security updates for Wednesday Security updates have been issued by Debian (e2fsprogs, ruby2.1, and weechat), Fedora (java-1.8.0-openjdk and webkit2gtk3), openSUSE (apache2-mod_auth_openidc, glibc, mcpp, nghttp2, and skopeo), Oracle (libvncserver and thunderbird), and SUSE (keepalived).
Speeding up Linux disk encryption (Cloudflare) The Cloudflare blog has anarticle on the company's work to improve the performance of Linux diskencryption. "As we can see the default Linux disk encryption implementation has asignificant impact on our cache latency in worst case scenarios, whereasthe patched implementation is indistinguishable from not using encryptionat all. In other words the improved encryption implementation does not haveany impact at all on our cache response speed, so we basically get it forfree!"Patches are available, but they are apparently not in any form to goupstream.
LLVM 10.0.0 released Version 10.0.0 of the LLVM compiler suite is out. New features includesupport for C++concepts, Windowscontrol flow guard support, and much more; click below for pointers toa set of language-specific release notes.
PSF: New pip resolver to roll out this year The Python Software Foundation blog looksat some changes to pip, the Python Package installer, in the process ofdeveloping a new resolver. The new resolver will reduce inconsistency and bestricter, refusing to install two packages with incompatible requirements. Also, this is a major change to a key part of pip - it's quitepossible there will initially be bugs. We would like to make sure thatthose get caught before people start using the new version inproduction. [...] We recognize that everyone's work is being disrupted by the COVID-19 pandemic, and that many data scientists and medical researchers use Python and pip in their work. We want to make the upgrade process as smooth and bug-free as possible for our users; if you can help us, you'll be helping each other.
How to Install Gradle on Debian 10 Gradle is a powerful and flexible build tool used primarily for Java projects, combining the best features of Ant and Maven. Unlike its predecessors, which use XML for scripting, Gradle uses Groovy, a dynamic, object-oriented programming language for the Java platform to define the project and build scripts. This article describes how to install Gradle on Debian 10 Linux.
Converting your Python 2 code to Python 3 Python 2 reached the end of life on January 1, 2020. Python 3 has been available since 2008, but converting from 2 to 3 has been slow because of dependencies on libraries that were not available in Python 3 initially. This tutorial will show you how to convert Python 2 code to Python 3 using the 2to3 tool.
Install and Use PHP Composer on CentOS 8 Composer is a dependency manager for PHP. Composer will pull in all the required PHP packages your project depends on and manages them for you. It is used in all modern PHP frameworks and platforms such as Laravel, Symfony, Drupal, and Magento 2. This tutorial goes through the steps of installing Composer on CentOS 8.
New Linux-powered SoC taps an old ARM9 architecture Microchip has launched a 600MHz ARM9-based “SAM9X60” processor with a 2D GPU and -40 to 105°C tolerance along with a Linux-driven, $260 “SAM9X60-EK Evaluation Kit” with MikroBus and Raspberry Pi expansion. Microchip has revised the ARM9-based AT91SAM9260 SoC that was introduced in 2006 by its subsidiary Atmel. The new SAM9X60 model has boosted the clock […]
Reasons to Give openSUSE a Try Users may fear trying openSUSE because of some reason. In any case, we’ll introduce you to the distribution and its features, and why you should give it a try.
Just another KVM setup on Debian Buster 10.3 Sequence of steps and bridge network configuration on native Debian Buster 10.3 host seemed to me a bit different from manuals which are available in meantime on the Net. Specifically I've undertaken some additional steps to fix error with Radeon kernel modesetting enabling also configuration bridge to physical LAN is supposed to be done in the way different from how it works on LXDE 4.
6 tricks for developing a work from home schedule When you start working from home, one of the first things you might have noticed is that there almost no outside influences on your schedule. You probably have meetings—some over team chat and others over video— that you have to attend, but otherwise, there[he]#039[/he]s nothing requiring you to do anything at any specific time. What you find out pretty quickly, though, is that there[he]#039[/he]s an invisible influence that sneaks up on you: deadlines.
How to detect outdated Kubernetes APIs Recently, deprecated APIs have been wreaking havoc on everyone[he]#039[/he]s Kubernetes manifests. Why is this happening?!? It[he]#039[/he]s because the objects that we[he]#039[/he]ve come to know and love are moving on to their new homes. And it[he]#039[/he]s not like this happened overnight. Deprecation warnings have been in place for quite a few releases now. We[he]#039[/he]ve all just been lazy and thought the day would never come. Well, it[he]#039[/he]s here!
Fanless Whiskey Lake mini-PCs include a model based on Intel NUC Elements Bleujour has launched a $836 and up “Kubb Passive” NUC system and is prepping an even smaller NUC Elements based Meta U mini-PC, both of which run Linux Mint on Intel’s Whiskey Lake. If you’re spending more time than usual on your computer in these days of quarantine, you may ask yourself: Why does my […]
AryaLinux Provides the Building Blocks for a Unique Linux Experience AryaLinux is something different, and when it comes to Linux operating systems, different can be very intriguing. Arya is both a distribution and a platform. That means you can use it as is or turn it into a branded computing system to meet your own specialized needs. Not all potential users want or need to turn Arya into their own Linux build. However, if you like tinkering, you can.
3D Printers Join Arsenal of COVID-19 Weapons The worldwide 3D printing community is stepping up to alleviate the shortage of medical equipment needed to battle the COVID-19 pandemic. Participants include entrepreneurs and hackers, companies in the 3D printing industry, automobile makers, aircraft manufacturers, universities, and even a shipbuilder. Some are offering free 3D printer files for download and use. Others are designing equipment.
Zorin OS Core Makes GNOME More Comfortable Zorin OS 15.2, released on March 8, adds an impressive selection of upgrades and improvements to an already well-oiled Linux operating system. Since its debut in July 2009 Zorin OS cofounder Artyom Zorin has hawked his distribution as an ideal Microsoft Windows replacement. That description is a strong selling point for this easier-to-use computing platform.
Open Source Tech Rushes to Front Lines of COVID-19 War Open Source software, once the scorn of Microsoft and profit-seeking software developers, is playing an active role in efforts to combat COVID-19's spread. Several open source projects are assisting health providers and helping people mitigate some of the hardships associated with the pandemic. Often, open source accomplishments in the public health and government services fields go unreported.
Crowdsourcing App Takes Aim at COVID-19 COVID-19 researchers have a new source of distributed computing power: crowdsourcing. Usually crowdsourcing involves information or opinion gathering, but in this case it involves computing power. By installing the Folding@home software program, anyone with a computer, gaming console, or even some phones and compute cycles to spare can contribute to the work of coronavirus researchers.
Report: Open Source Vulnerabilities Rampant in Popular Projects Open source vulnerabilities rose by nearly 50 percent in 2019 over the previous year, based on a new report. Common vulnerabilities rated as high or critical severity were found in all of the most popular open source projects, according to the WhiteSource 2020 annual report, "The State of Open Source Security Vulnerabilities." The vulnerability rate is expected to continue rising.
How to Run the Linux KDE Desktop on a Chromebook Chromebooks with the right stuff inside now are able to install and run a complete Linux experience with the KDE desktop without giving up the Chrome OS on the same device. It is not yet flawless, but it does create a hybrid computing platform that lets Linux and Android apps coexist on top of the Chrome OS. You can run a complete Linux graphical environment with the KDE desktop.
Elive Beta With Enlightenment Is Brilliant, but Don't Get Lost in the Maze Elive is one of the most unusual Linux distributions you are likely to encounter. Elive Linux is an awesome integration of the Debian Linux base and the Enlightenment desktop. The combination provides a uniquely powerful and flexible computing platform. Its name suggests only a part of what makes this distro unlike the few others that have the lightweight Enlightenment desktop baked in.
Netrunner Linux Still Goes Its Own Way at 'Twenty' Netrunner "Twenty" is a birthday release offering that makes what was good even better. Developers released Netrunner 20.01 on Feb. 23 with the latest stable Debian 10.3 "Buster" base and the KDE Plasma desktop. This release marks the distro's 20th birthday in a way. Code-named "Twenty," the 20.01 release is the 20th upgrade of the Netrunner project over its 10-year history.
Linux-Powered Azure IoT Security Platform Arrives After several years of building and testing previews, Microsoft has announced the general availability of its Azure Sphere secure IoT service. Microsoft first introduced Azure Sphere in 2018, opting to use its own version of a Linux operating system instead of Windows 10 to drive its new Azure Sphere OS to securely connect Internet of Things devices.
Freespire 6.0: A Return to GNOME2's Simpler Linux Days If you are tired of distro hopping and want a computing platform that works without drama, check out the latest Freespire Linux release. Freespire, a U.S.-based distribution built on Debian/Ubuntu, is a no-nonsense operating system that is uncomplicated to install and use. Freespire is released biannually. Developers on Feb. 11 released the latest MATE edition, the first of two updated versions.
Some Android Malware Can Break Your Phone When You Delete It Since Android's unveiling in 2007, the platform has stayed true to its commitment to provide open and free source code. The source code is freely available to developers and device manufacturers who can, at their own discretion, install the software without worrying about the hassles of licensing fees. Android not only delivers cheaper smartphones -- it is the largest mobile OS in the world.
Unsigned Firmware Puts Windows, Linux Peripherals at Risk Eclypsium has released research that identifies and confirms unsigned firmware in WiFi adapters, USB hubs, trackpads and cameras used in Windows and Linux computer and server products from Lenovo, Dell, HP and other major manufacturers. Eclypsium also demonstrated a successful attack on a server via a network interface card with unsigned firmware used by each of the big three server manufacturers.
Simplicity Does More Than Simplify Linux If you want a Linux distro that caters to gaming, check out the Simplicity Linux Gaming release. If you prefer a general-purpose computing platform without a gaming focus, try Simplicity's revamped release. Either way, you will experience a no-nonsense Linux OS that requires no assembly. Simplicity Linux is a Devuan-based distro with Cinnamon as the default window manager desktop environment.
MakuluLinux LinDoz Offers Windows Comfort Zone, but It's All Linux Under the Hood A new MakuluLinux LinDoz release is pending last-minute finishing touches and is perhaps days away, according to developer Jacque Montague Raymer. It is designed to make using Linux easier than ever. Recently, Raymer discussed the trials and tribulations of advancing his Linux line of distros. He revealed a process that no doubt is similar to what confronts many software developers.
The Two Faces of Open Source: ECT News Roundtable, Episode 5 The open source software movement has evolved dramatically over the past two decades. Many businesses that once considered open source a threat now recognize its value. In spite of increased enthusiasm among enterprises, consumer interest by and large has not materialized. With large companies increasingly embracing open source, what does it mean to be a part of the FOSS "community"?
US Officials Use Mobile Ad Location Data to Study How COVID-19 Spreads An anonymous reader quotes the Wall Street Journal: Government officials across the U.S. are using location data from millions of cellphones in a bid to better understand the movements of Americans during the coronavirus pandemic and how they may be affecting the spread of the disease... The data comes from the mobile advertising industry rather than cellphone carriers. The aim is to create a portal for federal, state and local officials that contains geolocation data in what could be as many as 500 cities across the U.S., one of the people said, to help plan the epidemic response... It shows which retail establishments, parks and other public spaces are still drawing crowds that could risk accelerating the transmission of the virus, according to people familiar with the matter... The data can also reveal general levels of compliance with stay-at-home or shelter-in-place orders, according to experts inside and outside government, and help measure the pandemic's economic impact by revealing the drop-off in retail customers at stores, decreases in automobile miles driven and other economic metrics. The CDC has started to get analyses based on location data through through an ad hoc coalition of tech companies and data providers — all working in conjunction with the White House and others in government, people said. The CDC and the White House didn't respond to requests for comment. It's the cellphone carriers turning over pandemic-fighting data in Germany, Austria, Spain, Belgium, the U.K., according to the article, while Israel mapped infections using its intelligence agencies' antiterrorism phone-tracking. But so far in the U.S., "the data being used has largely been drawn from the advertising industry. "The mobile marketing industry has billions of geographic data points on hundreds of millions of U.S. cell mobile devices..."
Should Students Still Be Graded In the Time of Covid-19? theodp writes: The LA Times reports that controversies over grading are roiling universities and colleges, as the coronavirus outbreak prompted them to shift to online learning and send most students home to disparate circumstances. Some students and faculty believe that normal grading practices during these times are deeply unfair, while others feel students should be able to choose between a letter grade or pass/fail, arguing that earning high marks can distinguish them for jobs, scholarships or graduate school. At Harvard, all undergraduates will receive grades of either "Emergency Satisfactory" or "Emergency Unsatisfactory" in their spring classes. Faculty may supplement this terminology with a "qualitative assessment of student learning." The coronavirus situation has also prompted grading changes at the high school level. The College Board announced that all AP exams will be streamlined and only include questions on material covered thru early March. Students taking the AP Computer Science Principles course will not even be subjected to an AP exam in 2020 but can still earn college credit.
NYT Investigates America's 'Lost Month' for Coronavirus Testing The New York Times interviewed over 50 current and former U.S. health officials, senior scientists, company executives, and administration officials to investigate America's "lost month" without widespread coronavirus testing, "when the world's richest country — armed with some of the most highly trained scientists and infectious disease specialists — squandered its best chance of containing the virus's spread." With capacity so limited, the Center for Disease Control's criteria for who was tested remained extremely narrow for weeks to come: only people who had recently traveled to China or had been in contact with someone who had the virus. The lack of tests in the states also meant local public health officials could not use another essential epidemiological tool: surveillance testing. To see where the virus might be hiding, nasal swab samples from people screened for the common flu would also be checked for the coronavirus... Even though researchers around the country quickly began creating tests that could diagnose Covid-19, many said they were hindered by the Food and Drug Administration's approval process. The new tests sat unused at labs around the country. Stanford was one of them. Researchers at the world-renowned university had a working test by February, based on protocols published by the World Health Organization.... By early March, after federal officials finally announced changes to expand testing, it was too late. With the early lapses, containment was no longer an option. The tool kit of epidemiology would shift — lockdowns, social disruption, intensive medical treatment — in hopes of mitigating the harm. Now, the United States has more than 100,000 coronavirus cases, the most of any country in the world... And still, many Americans sickened by the virus cannot get tested... In tacit acknowledgment of the shortage, Mr. Trump asked South Korea's president on Monday to send as many test kits as possible from the 100,000 produced there daily, more than the country needs. Public health experts reacted positively to the increased capacity. But having the ability to diagnose the disease three months after it was first disclosed by China does little to address why the United States was unable to do so sooner, when it might have helped reduce the toll of the pandemic.
One Woman Can Smell Parkinson's Disease Before Symptoms Manifest "For most of her life, Joy Milne had a superpower that she was totally oblivious to," reports NPR. Long-time Slashdot reader doug141 explains what happened next: Milne's husband's natural odor changed when he was 31. He was diagnosed with Parkinson's at 45. When Joy walked into a Parkinson's support group, she smelled the same odor on everybody. A Parkinson's researcher tested her with blind samples from early stage patients, late-stage patients, and controls... NPR tells the story of that test, which took place at the University of Edinburgh with a Parkinson's researcher named Tilo Kunath: [O]ut of all the samples, Joy made only one mistake. She identified a man in the control group, the group without Parkinson's, as having the disease. But many months later, Kunath says, that man actually approached him at an event and said, "Tilo, you're going to have to put me in the Parkinson's pile because I've just been diagnosed." It was incontrovertible: Joy not only could smell Parkinson's but could smell it even in the absence of its typical medical presentation. Kunath and fellow scientists published their work in ACS Central Science in March 2019, listing Joy as a co-author. Their research identified certain specific compounds that may contribute to the smell that Joy noticed on her husband and other Parkinson's patients. Joy and her super smelling abilities have opened up a whole new realm of research, Kunath says... Joy's superpower is so unusual that researchers all over the world have started working with her and have discovered that she can identify several kinds of illnesses — tuberculosis, Alzheimer's disease, cancer and diabetes. Kunath says the ultimate goal is developing a new tool that can detect detect Parkinson's early. "Imagine a society where you could detect such a devastating condition before it's causing problems and then prevent the problems from even occurring."
Cringely Predicts 2020 Will See 'the Death of IT' Long-time technology pundit Robert Cringely writes: IT — Information Technology — grew out of something we called MIS — Management Information Systems — but both meant a kid in a white shirt who brought you a new keyboard when yours broke. Well, the kid is now gone, sent home with everyone else, and that kid isn't coming back... ever. IT is near death, fading by the day. But don't blame COVID-19 because the death of IT was inevitable. This novel coronavirus just made it happen a little quicker... Amazon has been replacing all of our keyboards for some time now, along with our mice and our failed cables, and even entire PCs. IT has been changing steadily from kids taking elevators up from the sub-basement to Amazon Prime trucks rolling-up to your mailbox. At the same time, our network providers have been working to limit their truck rolls entirely. Stop by the Comcast storefront to get your cable modem, because nobody is going to come to install it if you aren't the first person living there to have cable... Secure Access Service Edge (SASE) extends both the network and a security model end-to-end over any network including 4G or 5G wireless. Some folks will run their applications in their end device, whether it is a PC, phone, tablet, whatever, and some will run their applications in the same cloud as SASE, in which case everything will be that much faster and more secure. That's end end-game if there is one — everything in the cloud with your device strictly for input and output, painting screens compressed with HTML5. It's the end of IT because your device will no longer contain anything so it can be simply replaced via Amazon if it is damaged or lost, with the IT kid in the white shirt becoming an Uber driver. Since COVID-19 is trapping us in our homes it is forcing this transition to happen faster than it might have. But it was always going to happen.
Working From Home Hasn't Broken the Internet sixoh1 shared this story from the Wall Street Journal: Home internet and wireless connectivity in the U.S. have largely withstood unprecedented demands as more Americans work and learn remotely. Broadband and wireless service providers say traffic has jumped in residential areas at times of the day when families would typically head to offices and schools. Still, that surge in usage hasn't yet resulted in widespread outages or unusually long service disruptions, industry executives and analysts say. That is because the biggest increases in usage are happening during normally fallow periods. Some service providers have joked that internet usage during the pandemic doesn't compare to the Super Bowl or season finale of the popular HBO show "Game of Thrones" in terms of strain on their networks, Evan Swarztrauber, senior policy adviser to the chairman of the Federal Communications Commission, said this week on a call hosted by consulting company Recon Analytics Inc.Broadband consumption during the hours of 9 a.m. to 5 p.m . has risen by more than 50% since January, according to broadband data company OpenVault, which measured connections in more than one million homes. Usage during the peak early-evening hours increased 20% as of March 25. OpenVault estimates that average data consumption per household in March will reach nearly 400 gigabytes, a nearly 11% increase over the previous monthly record in January.... Some carriers that use cells on wheels and aerial network-support drones after hurricanes or tornadoes are now deploying those resources to neighborhoods with heavy wireless-service usage and places where health-care facilities need additional connectivity. Several wireless carriers including Verizon, T-Mobile US Inc. and AT&T Inc. have been given temporary access to fresh spectrum over the past week to bolster network capacity. While Netflix is lowering its video quality in Canada, the Journal reports Netflix isn't as worried about the EU: Netflix Vice President Dave Temkin, speaking on a videoconference hosted by the network analytics company Kentik, said his engineers took some upgrades originally planned for the holiday season near the end of 2020 and simply made them sooner. A European regulator earlier this month asked Netflix to shift all its videos to standard-definition to avoid taxing domestic networks. Mr. Temkin said Netflix managed to shave its bandwidth usage using less drastic measures. "None of it is actually melting down," he said. And the article also has stats from America's ISPs and cellphone providers: AT&T said cellular-data traffic was almost flat, with more customers using their home wi-fi networks instead -- but voice phone calls increased as much as 44%.Charter saw increases in daytime network activity, but in most markets "levels remain well below capacity and typical peak evening usage."Comcast says its peak traffic increased 20%, but they're still running at 40% capacity.
Dark Web Hosting Site Suffers Cyberattack, 7,600 Sites Down It's the largest free web hosting provider for dark web services. But remember back in 2018 when its 6,500 sites all went down after attackers accessed its database and deleted all its accounts? It happened again -- for the second time in 16 months. And this time, ZDNet reports, Daniel's Host won't be coming back online for several months: Almost 7,600 dark web portals have been taken offline following the hack, during which an attacker deleted the web hosting portal's entire database. This happened earlier this month, on March 10, at around 03:30 am UTC, according to a message posted on DH's now-defunct portal by Daniel Winzen, the German software developer behind the service. Winzen said that an attacker accessed the DH backend and deleted all hosting-related databases. The attacker then deleted Winzen's database account and created a new one to use for future operations. Winzen discovered the hack the next morning, at which time most of the data was already lost. The service doesn't keep backups by design. In an email to ZDNet today, Winzen said he has yet to find out how the hacker breached the DH backend. However, since the dark web hosting service was more of a hobby, Winzen didn't look too much into it. "I am currently very busy with my day-to-day life and other projects, I decided to not spend too much time investigating," he told ZDNet... Winzen said that users should consider the passwords for their DH accounts as "leaked" and change them if they used the same password for other accounts. Winzen told ZDNet he still hopes to relaunch the service "at a later time" with "new features and improvements." "Not having to administrate the services all the time will hopefully give me more time for actual development."
To Conserve Bandwidth, Should Opting In Be Required Before Autoplaying Videos? An anonymous reader writes: We keep seeing stories about how providers are slowing down their streaming speed to reduce bandwidth usage during this period when many are being asked to stay at home... But it seems that many are totally ignoring a very obvious way to reduce usage significantly, and that is by disabling autoplay on their web sites and in their apps. To give an example, a couple of days ago I was watching a show on Hulu, and either I was more sleepy than I thought or the show was more boring than I had expected (probably some combination of both), but I drifted off to sleep. Two hours later I awoke and realize that Hulu had streamed two additional episodes that no one was watching. I searched in vain for a way to disable autoplay of the next episode, but if there is some way to do it I could not find it. What I wonder is how many people even want autoplay? I believe Netflix finally gave their users a way to disable it, but they need to affirmatively do so via a setting somewhere. But many other platforms give their users no option to disable autoplay. That is also true of many individual apps that can be used on a Roku or similar device. If conserving bandwidth is really that important, then my contention is that autoplaying of the next episode should be something you need to opt in for, not something enabled by default that either cannot be disabled or that forces the user to search for a setting to disable. "Firefox will disable autoplay," writes long-time Slashdot user bobs666 (adding "That's it use Firefox.") And there are ways to disable autoplay in the user settings on Netflix, YouTube, Hulu, and Amazon Prime. But wouldn't it make more sense to disable autoplay by default -- at least for the duration of this unusual instance of peak worldwide demand? I'd be interested in hearing from Slashdot's readers. Do you use autoplay -- or have you disabled it? And do you think streaming companies should turn it off by default?
How Devs Can Help Beat the COVID-19 Pandemic The state of New York hopes to "amplify" its response to COVID-19 by launching tech-driven products with top companies, and it's looking for professional volunteers with experience in software development, hardware deployment/end-user support, and data science (as well as areas like product management, design, operations management). Meanwhile, IBM's 2020 "Call for Code Global Challenge" is a virtual hackathon with a $200,000 prize, and they've now "expanded its focus" to include the effects of COVID-19. Tech columnist Mike Melanson writes: But this is just the beginning of the COVID-19 hackathon boom, which now includes efforts organized by tech giants, state governments, and grassroots initiatives alike. For example, the World Health Organization got together with technology companies and platforms such as AWS, Facebook, Giphy, Microsoft, Pinterest, Salesforce, Slack, TikTok, Twitter and WeChat to launch the COVID-19 Global Hackathon 1.0, which is running as we speak with a deadline for submissions of March 30th at 9 AM PST. If you're too late, fret not, for there are many more, such as the CODEVID-19 hackathon we mentioned last week that has a weekly rolling deadline. And deadlines aside, the U.S. Digital Response for COVID-19 is working to pair technology, data, and government professionals with those who need them, in a form of nationwide, technological mutual aid... [T]he COVID-19 open-source help desk is "a fast-track 'stack overflow' where you can get answers from the very people who wrote the software that you use or who are experts in its use." And if you happen to be either an open source author or expert, feel free to pitch in on answering questions... On the open data side of things, for example, GitHub offers a guide on open collaboration on COVID-19, while StackOverflow looks at the myriad ways to help the fight against COVID-19 from home. ProgrammableWeb has a list of developer hackathons to combat COVID-19, and even the Golang team offers some guidance for Go, the Go community, and the pandemic, with Erlang also joining in.
America's FDA Grants Emergency Approval for a 15-Minute Coronavirus Test While many coronavirus tests provide results within hours or days, America's Food and Drug Administration "has authorized the emergency use" of a new rapid coronavirus test from medical device manufacturer Abbott that could results in less than 15 minutes, reports NBC News: The FDA told Abbott it authorized the test's use after determining that "it is reasonable to believe that your product may be effective in diagnosing COVID-19," based on the scientific evidence presented. The agency added that the "known and potential benefits" of the test outweigh potential risks, such as false positives or negatives. The technology being used for the new test is similar to the one found in rapid flu tests, according to the FDA's authorization letter and Abbott. The FDA also said Friday it has issued at least 19 other emergency use authorizations for diagnostic tests to detect COVID-19, and that it is working with more than 220 test developers who are expected to submit emergency-use authorization requests soon... Abbott said it is ramping up production to deliver 50,000 tests to the U.S. health care system starting next week.
Physicists Disagree Over New Dark Matter Claim sciencehabit shared this article from Science magazine: For decades, astrophysicists have thought some sort of invisible dark matter must pervade the galaxies and hold them together, although its nature remains a mystery. Now, three physicists claim their observations of empty patches of sky rule out one possible explanation of the strange substance — that it is made out of unusual particles called sterile neutrinos. But others argue the data show no such thing. "I think that for most of the people in the community this is the end of the story," says study author Benjamin Safdi, an astroparticle physicist at the University of Michigan, Ann Arbor. But Kevork Abazajian, a theoretical physicist at the University of California, Irvine, says the new analysis is badly flawed. "To be honest, this is one of the worst cases of cherry picking the data that I've seen," he says. In unpublished work, another group looked at similar patches of sky and saw the very same sign of sterile neutrinos that eluded Safdi... Alexey Boyarsky, an astroparticle theorist at Leiden University, is unconvinced. "I think this paper is wrong," he says. Boyarsky says he and his colleagues performed a similar, unpublished analysis in 2018, also using images from XMM-Newton, and did see a 3.5-keV glow from the empty sky, just expected from peering through a halo of sterile neutrinos.
Some Researchers are Trying Mass Testing for Covid-19 Antibodies An anonymous reader quotes Wired: Next week, blood banks across the Netherlands are set to begin a nationwide experiment. As donations arrive — about 7,000 of them per week is the norm — they'll be screened with the usual battery of tests that keep the blood supply safe, plus one more: a test for antibodies to SARS-CoV-2, the virus that causes Covid-19. Then, in a few weeks, another batch of samples will get the same test. And after that, depending on the numbers, there could be further rounds. The blood donors should be fairly representative of Dutch adults ages 18 to 75, and most importantly, they'll all be healthy enough for blood donation — or at least outwardly so... Identifying what proportion of the population has already been infected is key to making the right decisions about containment... [B]ecause no Covid-19-specific serological [antibody] tests have been fully vetted yet, the FDA's latest guidance is that they shouldn't be relied upon for diagnoses. But in epidemiology circles, those tests are a sought-after tool for understanding the scope of the disease. Since February — which was either three weeks or a lifetime ago — epidemiologists have been trying to get the full scope of the number of infections here in the U.S... [A]s the disease has continued to spread and a patchwork of local "stay at home" rules begins to bend the course of the disease, projecting who has the disease and where the hot spots are has become more difficult for models to capture. Instead, you need boots-on-the-ground surveillance. In other words, to fill the gap created by a lack of diagnostic tests, you need more testing — but of a different sort. This time you have to know how many total people have already fought the bug, and how recently they've fought it. "Of all the data out there, if there was a good serological assay that was very specific about individuating recent cases, that would be the best data we could have," says Alex Perkins, an epidemiologist at the University of Notre Dame. The key, he says, is drawing blood from a representative sample that would show the true scope of unobserved infections... Another motivation to develop better blood tests is the potential to develop therapeutics from antibody-rich blood serum. Wired is currently providing free access to stories about the coronavirus.
Are There Exceptions to the Rule that Going Electric Reduces Emissions? "Averaged over the globe, electric vehicles (EVs) already represent about a 31-percent emissions savings" writes Ars Technica, noting results from a study which also found similar savings from energy-efficient home-heating pumps. "Even in the scenario where these technologies are promoted but the grid isn't cleaned up much, there's a substantial benefit through 2050." But the researchers also separated the world into 59 regions, then used data on the "greenness" of each country's electricity grids, considering the full range of available vehicle types and home-heating methods as well as their predicted "uptake" of green technologies from 2015 to 2050. And this did identify a handful exceptions, Ars Technica reports: Compare, for example, Switzerland's exceptionally low-carbon grid to Estonia's, which runs primarily on oil shale. Swapping an internal combustion vehicle for an electric one in Switzerland cuts emissions by 70 percent, and a heat pump will cut them by about 88 percent. But in Estonia, an electric vehicle would increase emissions by 40 percent and a heat pump pushes that to an eye-watering 120 percent. A more significant exception can be found in Japan. In the scenarios with little progress on grid emissions, a decade from now, the combination of Japan's dirtier grid and preference for hybrid vehicles means that swapping in EVs doesn't quite pay... As time goes on, emissions from manufacturing electric vehicles accounts for a larger share of their total life cycle emissions, the researchers note. You can make the vehicle efficient and the grid clean, but you'll also have to clean up industry to keep shrinking that carbon footprint. The article notes that the researchers also predict continued improvements in the efficiency of electric vehicles -- with an unintended side effect. "As time goes on, emissions from manufacturing electric vehicles accounts for a larger share of their total life cycle emissions, the researchers note. "You can make the vehicle efficient and the grid clean, but you'll also have to clean up industry to keep shrinking that carbon footprint."
School Quits Video Calls After Naked Man 'Guessed' the Meeting Link An anonymous reader quotes a report from TechCrunch: A school in Norway has stopped using popular video conferencing service Whereby after a naked man apparently "guessed" the link to a video lesson. According to Norwegian state broadcaster NRK, the man exposed himself in front of several young children over the video call. The theory, according to the report, is that the man guessed the meeting ID and joined the video call. One expert quoted in the story said some are "looking" for links. Last year security researchers told TechCrunch that malicious users could access and listen in to Zoom and Webex video meetings by cycling through different permutations of meeting IDs in bulk. The researchers said the flaw worked because many meetings were not protected by a passcode.
Announcing the official Reg-approved measure of social distancing: The Osman Look on my beanpoleness, ye Blighty, and mea-sure! Far away enough? Check our converter and find out! As you nervously shuffle away from your close-talking neighbour who always stood too near at the best of times, tutting and muttering "social distancing", you may wonder to yourself just what two metres or six feet should really look like. Luckily, El Reg's Standards Soviet is here to help.…
Google warns against disabling websites during Coronavirus pandemic Your search ranking will suffer less if you just make it a bit rubbish instead As companies shut their doors against the coronavirus outbreak, Google has released a set of guidelines to website owners on how to minimise the long-terms effects on their business's search ranking.…
India’s networking market collapsed … in Q4 2019! The nation is already well and truly routed, and telcos have new taxes to pay India's networking equipment market collapsed before the coronavirus could stab it in the back, thanks in part to a new tax on telcos.…
A Curious Look At Eight Core Server CPU Performance From Intel Xeon Haswell To AMD EPYC Rome When it comes to the AMD EPYC 7002 "Rome" processors we have looked at the various higher-end SKUs since their launch last August up to and including the EPYC 7742 with its 64 cores / 128 threads per socket. But for those wondering about the EPYC 7002 series performance at the bottom end of the spectrum, here are some fun benchmarks of the EPYC 7232P and EPYC 7262 on the near-final Ubuntu 20.04 LTS state compared to various vintages of Intel Xeon CPUs -- most notably, a curiosity driven look at the 8 core / 16 thread Intel Haswell Xeon performance.
Some Of The Features To Look Forward To With Linux 5.7 With the Linux 5.7 cycle kicking off in April with its merge window opening upon the release of Linux 5.6, here is a look at some of the changes and new features that have been on our radar for this next version of the Linux kernel...
GCC's New Static Analysis Capabilities Are Getting Into Shape For GCC 10 One of many new features in the GCC 10 code compiler releasing in about one month's time is finally having a built-in static analyzer. This static analyzer can be enabled with the -fanalyzer switch and has been maturing nicely for its initial capabilities in the GNU Compiler Collection 10...
PHP 7.4 Lands For Ubuntu 20.04 LTS It shouldn't come as a big surprise but PHP 7.4 has now landed in Ubuntu 20.04 LTS to replace the existing PHP 7.3 support within the "Focal Fossa" package archive...
AMD PassThru DMA Engine Driver Still Pending For The Linux Kernel In addition to the AMD Sensor Fusion Hub driver that we are hopeful could land in Linux 5.7 albeit not yet queued in the iio-next branch, another AMD driver that has been around for a few months in patch form but yet to be mainlined is the AMD PassThru DMA Engine driver...
VirtIO Video Driver Coming Together For The Mainline Linux Kernel VirtIO-Video is a VirtIO-based video driver for a virtual V4L2 streaming device with input/output buffers for sharing of video devices with guests. VirtIO Video has existed for a while now but it looks like it could be getting close to upstreaming in the Linux kernel...
Dropbox beta for Mac can finally sync your desktop Dropbox has been less alluring to some Mac users than iCloud in part because of its limited syncing. Where Apple's service can sync your desktop and Documents folder, you've had to be content with syncing a special folder with Dropbox's service. You might have reason to give it a second look in the near future, though. The 9to5Mac team has discovered that the latest Dropbox beta for Mac (sadly, not easy to grab) has the option of syncing your desktop, Documents and Downloads.
The move comes just weeks after Dropbox reworked its core sync engine to make it easier to maintain and improve reliability.
Like with iCloud, this only really makes sense if you subscribe to one of Dropbox's paid tiers (2GB is woefully inadequate). Even so, it could be very helpful if you want cloud storage that serves more as a seamless backup for common files than a place to upload specific files.
Russia busts card fraud ring that included an infamous hacker Russia tends to turn a blind eye to some fraudsters and hackers, but it just clamped down on a particularly large group. Investigators have charged at least 25 people involved in a credit card fraud ring that included a notorious hacker. While Russian authorities didn't provide a formal list of those caught in the bust, records and security blogger Andrey Sporov have revealed that one of those arrsted was Alexey Stroganov, also known as "Flint." As a Krebs on Security source said, Stroganov apparently had a stake in "almost every major [card] hack" from the past 10 years, and sent "hundreds of millions of dollars" through the seized cryptocurrency exchange BTC-e.
Stroganov was caught back in 2006 and sentenced to six years in prison alongside his associate Gerasim Selivanov, but the two were set free after two years. Selivanov was also arrested as part of this week's bust.
While it's unclear why officials chose to act now, cybercrime discussion forum members believe Stroganov and crew were arrested because they committed a cardinal sin in Russia: they targeted people within the country. While authorities are frequently tolerant of cybercriminals targeting the US (and orchestrate hacks themselves), they may have reached a breaking point with a fraudster on their own soil.
It's not certain that the hacker will get a long sentence. We wouldn't count on this deterring other crime rings, even those targeting Russia. However, it could disrupt attempts to swipe your financial info -- if just for a little while.
Lab-in-a-box test can detect COVID-19 in 5 minutes The FDA has scrambled to allow numerous COVID-19 tests in a bid to control the pandemic, but one of the latest may represent a big step forward in technology fighting the disease. Abbott has received emergency use authorization for a variant of its toaster-sized ID NOW lab-in-a-box that can provide positive results in as soon as five minutes, and all-clear results in 13 minutes. On top of this, it's one of the few tests of its kind that can be used outside of a hospital, such as at a clinic.
The key is its use of molecular testing that looks for a small section of the SARS-CoV-2 virus' RNA and amplifying that segment until there's enough to detect. Other testing methods can take hours or days to produce viable results.
Abbott is in the midst of ramping up production and expects to deliver 50,000 of the tests per day in the US as of next week. However, one of its greatest advantages may be its existing footprint. The ID NOW platform already has the "largest" molecular testing presence in the US, and is already "widely available" in doctors' offices and emergency rooms. If all goes well, the US could both have a more accurate representation of the pandemic's scope and ensure that the infected get the right care as quickly as possible.
The company also alluded to job cuts with references to "remaining employees," but didn't say how many people were losing jobs.
This isn't the end for OneWeb; Chapter 11 is usually used to regroup and get a second chance at life. However, the company clearly in a much more fragile position than it was even a few weeks ago. It has launched 74 satellites so far, but it's unclear how many more you'll see if the company doesn't find a buyer relatively quickly.
US officials use mobile ad location data to study how COVID-19 spreads The use of phone location tracking to keep tabs on COVID-19 is becoming increasingly common, and the US appears to be no exception. Wall Street Journal sources say federal (via the CDC), state and local governments have been receiving location data from mobile ads to help plan their pandemic response. The anonymized info helps officials understand where people are still gathering in significant numbers (and thus risk spreading the coronavirus), how well they're honoring stay-at-home demands and how the virus has impacted retail.
The goal is reportedly to create a portal with location data for up to 500 American cities, one tipster said. The CDC is understood to be getting data through a COVID-19 Mobility Data Network project coordinated by experts at Harvard, Johns Hopkins, Princeton and other schools.
Neither the CDC nor the White House has responded to requests for comment.
This could be helpful for authorities looking where to take action next, such as discouraging people from visiting parks or finding businesses that aren't complying with shelter-in-place orders. At the same time, there are clear privacy concerns. While the data shouldn't identify anyone, there are concerns it could still be abused. The rush to defend against COVID-19 may have unintended consequences if the data is mishandled, especially if it sticks around once the pandemic is over.
Google rolls out Drive shortcuts ahead of folder structure changes Google has started giving everyone access to Drive shortcuts, a few months after it first revealed its beta version. The feature was designed to make it easier to organize files and to point people to specific ones across various folders. You can, for instance, create a shortcut for a certain file saved in a shared drive and then send that shortcut to people in your team. They'll only be able to open it if they have access to the drive where it's saved, though -- those who don't have access to the drive can only see the shortcut.
The tech giant is rolling out the feature ahead of changing Drive's folder structure. Starting on September 30th, all your files will live in a single location -- it will no longer be possible to place a file in multiple folders, in case you have quite a few that are meant to be accessed by different people. After the change takes place, the files that live in multiple folders will gradually become shortcuts. Finally, to make the transition easier, Google is replacing the "Add to My Drive" button's function, so that tapping it will add a shortcut to Drive instead.
Fox Sports will air a 'Madden NFL 20' tournament on March 29th Fox Sports' NASCAR esports race was a success, and it's betting that it can repeat that achievement with football. FS1 is planning to air its first ever Fox Esports Madden NFL Invitational on March 29th at 7PM Eastern. The two-hour event will pit players (remotely, of course) against each other in a single-elimination, three-round Madden NFL 20 tournament. There are only eight players, but they include a mix of analysts and pros such as Derwin James (above), Matt Leinart and Michael Vick.
The event will also encourage donations to the CDC Foundation's efforts to fight the COVID-19 pandemic.
As with the NASCAR event, this is prompted in part by desperation. The absence of conventional sports has left Fox without much of its live programming. While the situation isn't as dire as it is for stock car racing (the NFL season isn't due to start for months), this gives Fox something to reel in viewers who'd otherwise have to wait a while to see live sports. If the Madden tourney is successful, it could lead to more virtual sports during the downtime and might expose many more people to esports.
A spokesperson described the hikes as "temporary opportunities" meant to reflect a "significant increase" in grocery orders. It wasn't clear when Amazon expected the pay offer to come to an end.
It won't be surprising if this lasts for a while, regardless of how long the coronavirus outbreak continues. Amazon is already dealing with grocery shortages and problems setting delivery windows. If Amazon doesn't adjust for demand, it won't just hurt the company's business -- it could lead to trouble for customers who may be forced to go outside and risk infection if they can't have groceries delivered.
NASA picks SpaceX to deliver cargo to the Lunar Gateway In the next few years, SpaceX will fly cargo to an orbit farther than where the ISS is. NASA has awarded the space agency with a contract to deliver critical cargo, scientific experiments and other supplies to the Lunar Gateway, which will serve as the staging point for missions headed to the lunar south pole under the Artemis program. SpaceX is the first commercial provider the agency has chosen for the project, and it's guaranteed at least two missions when the station is up and running in lunar orbit. NASA expects to start building the lunar outpost in 2022.
The space company will use a variant of the Dragon capsule -- different from the one it's using for ISS missions -- that can carry more than 5 metric tons of cargo for its Gateway missions. It will fly on top of the company's super-heavy lift launch vehicle, the Falcon Heavy rocket. Unlike current Dragon capsules that only stay docked to the ISS for a few weeks, the Gateway capsule will stay at the station for six to 12 months at a time. SpaceX will launch a variant of Dragon, optimized to carry more than 5 metric tons of cargo to Gateway in lunar orbit https://t.co/NdJaFU1xSD — SpaceX (@SpaceX) March 27, 2020 SpaceX President Gwynne Shotwell said in a statement:
"Returning to the Moon and supporting future space exploration requires affordable delivery of significant amounts of cargo. Through our partnership with NASA, SpaceX has been delivering scientific research and critical supplies to the International Space Station since 2012, and we are honored to continue the work beyond Earth's orbit and carry Artemis cargo to Gateway."
Microsoft pulls its smaller investments in facial recognition tech Microsoft has been vocal about setting limits on facial recognition, and it's now backing that up with its financial support -- or lack thereof. The company is ending minority investments in facial recognition startups and is pulling its stake in AnyVision, an Israeli startup whose recognition tech drew controversy when word emerged of its use at West Bank checkpoints. These investments don't allow for the "level of oversight or control" Microsoft likes over facial recognition, according to a joint statement from Microsoft's M12 venture capital fund and AnyVision. The Windows maker will instead focus on larger investments where it has more of a say.
There was no publicly available timeline for when Microsoft would offload its AnyVision stake, a spokesperson told Reuters.
AnyVision had been accused of using facial recognition to surveil Palestinians around the West Bank, contradicting Microsoft's promise to avoid any uses of the tech that impinged on democratic freedoms. However, an audit found no evidence of the claimed mass surveillance system and suggested the tech was limited to border crossings as AnyVision said. Microsoft is backing out to avoid future accusations where there are clear privacy breaches.
It doesn't help that facial recognition startups have drawn fire as of late. Clearview AI, for instance, has been attacked for a system that links faces in security footage to online presences, potentially enabling abuses of power that strip people of anonymity when in public. Although Microsoft is less likely to be embroiled in those kinds of scandals due to its principles, companies like Clearview serve as warnings of what could go wrong.
'Kind Words' is the rare social network where everyone is nice The older I get, the less energy I have for social media. Twitter is too busy, Facebook is too stupid and dating apps are just... ugh. But I still have that need to connect with people in some way, something I can approach at my own pace and not feel any kind of obligation. Last year came Popcannibal's app like Slowly. Slowly lets you search for people with common interests or from particular countries and then just simply write them a letter.
The app's name refers to how the program delivers these letters: slowly, as in how long it would take a physical letter to reach that physical address. It really requires you to think about what you write. However, I got a response yesterday and now I'm frozen over what to say in response. So much pressure! This is where Kind Words' one-way approach really has the advantage; you don't have to feel bad about not writing back, or not writing at all. The game expects nothing from you.
The one thing I wish Kind Words would borrow from Slowly are the stamps; there are so many to collect. It almost mimics real mail. Which I've been dabbling in too... well, not exactly dabbling, as I've probably spent $200 on postage alone. I joined Postcrossingat the start of the year, and it really has the best features of both Slowly and Kind Words, in that you can send out (real, paper) postcards and get one back, but you're not asked to engage with people past that.
You're only obligated to send something if you click "yes, I want to send out a postcard." You get a randomly assigned address, and once the recipient receives and registers the card with the site, your address is released to someone else who will send you a postcard. It's entirely at your own pace and you're not expected to start a conversation with anyone. And you get all the fun of collecting postcards and stamps, if that's your thing. The biggest drawback is that postcards and stamps (especially international postage) cost money. Meanwhile, Kind Words is only $5, and Slowly is free.
Because Kind Words is cheap and obligation free, I'd encourage anyone who needs a little pick me up to try it. Read a few letters. Listen to the music. Just enjoy being in the space and who knows, you might be inspired to write something.
As many of us close out another week in isolation, the urge for social contact is growing. Karissa Bell has some advice on hosting movie and game night from a safe distance thanks to the internet and tools like
Netflix says it's in talks with Ryan Reynolds, who has worked on a couple of other flicks for the company,
If you can live with their over-ear hook design, then this fourth-generation design may be a winner. The new Powerbeats start at $149.95 -- $50 less than their predecessor --
Have a suggestion on how we can improve The Morning After? Send us a note.
LG TVs add a Movies Anywhere app Now that Ultraviolet is gone, Movies Anywhere has become the dominant "digital locker" that enables viewing of purchased movies across different devices and services. Now LG is the first TV manufacturer (it was previously available on platforms like Roku or Fire TV, but those aren't only for smart TVs) to feature the main app, which easily organizes and sets up links for your accounts across the services that connect to it: Apple TV, Amazon Prime Video, Vudu, Google Play, Microsoft Movies & TV, Xfinity, FandangoNow or Verizon.
Hopefully, it should make movie night a little easier whether you're watching or just checking to see if a particular movie will be part of your digital collection on the service (Paramount, Lionsgate and MGM still haven't signed up, so your options are all from Disney/Fox, Sony, Universal and Warner Bros.). And if you have a few accounts with those services, then you can pull them all together in one place. It's also convenient if you're taking advantage of the recently-announced Screen Pass sharing feature that allows free viewing of movies your friends have purchased -- with some notable restrictions.
And yes, Sony is aware that Move controllers aren't always easy to find. It's now selling a $100 Tilt Brush bundle that includes two wands plus a code for Tilt Brush. That kit doesn't include the PSVR headset itself, but it beats having to scrounge for the controllers at other stores. However you complete your setup, it could be worth the expense if you need another creative tool to help you relax during a stressful time.
Games Done Quick will host a charity stream for COVID-19 relief If you want to help people directly affected by the coronavirus pandemic while watching some of the best speedrunners in the world show off their craft, you're in luck. The good folks over at Games Done Quick (GDQ) announced today they plan to host a COVID-19 charity stream next month. Dubbed Corona Relief Done Quick (CRDQ), the event will take place online over the April 17th weekend, with 100 percent of donations going directly to Direct Relief. The humanitarian agency works with doctors and nurses in the US and across the world to equip them with medical supplies to care for people affected by poverty and other emergencies. You'll be able to watch the stream on GDQ's Twitch channel.
As you might expect, the coronavirus pandemic will also affect Summer Games Done Quick (SGDQ) 2020. GDQ is postponing the event. At the moment, it plans to kick it off on August 16th, where it will run until the 23rd. As with last year's event, donations will support Doctors Without Borders. The change in schedule means a variety of dates related to the festival have shifted as well. You can find all the details on GDQ's website.
Roku is giving away 30 days of premium video Add Roku to the list of companies offering free premium TV trials to keep people entertained while they stay at home during the COVID-19 pandemic. It's launching a Home Together initiative that provides extended 30-day trials of familiar networks and services. Epix, Showtime, Hallmark and A&E Crime Cental are among the more conventional services on tap. FitFusion, Gaiam and Grokker can help you stay in shape while the gym is closed, while specialty stations like Acorn TV and Smithsonian are also available.
You can find the channels by either visiting The Roku Channel or checking areas like "Featured Free." As usual, this is as much about promoting the services (be sure to cancel any you don't want to keep) as it is giving people something to do when they can't go outside. If your idea of sheltering in place involves catching up on Power or semi-recent movies, though, you're well-covered.
Netflix is working on a live-action 'Dragon's Lair' movie After the massive success of Stranger Things, Netflix is delving back into '80s culture for another of its upcoming projects. It's developing a live-action movie based on the classic arcade game actually play in the show's second season). 🐉⚔️HEAR YE, HEAR YE⚔️🐉 Netflix is developing a live action feature adaptation of the legendary 80s arcade game Dragon's Lair. @VancityReynolds is in talks to play noble Knight Dirk the Daring, on his quest to rescue Princess Daphne from the titular dragon. — NX (@NXOnNetflix) March 27, 2020 Netflix says it's in talks with Ryan Reynolds, who has worked on a couple of other flicks for the company, to produce and star as Dirk the Daring. As in the game, the knight will go on a quest to save Princess Daphne from the aforementioned dragon. Daniel and Kevin Hageman -- who count The Lego Movie, Scary Stories to Tell in the Dark and an upcoming animated Star Trek series among their credits -- are writing the script.
There have been other attempts to make a Dragon's Lair movie, but now Netflix has the rights, it might finally happen. We all know Hollywood doesn't exactly have a stellar track record of turning games into excellent movies. However, Dragon's Lair has a simple, classic story that could translate well to film.
The company will begin allowing non-Facebook users to watch live streams from mobile devices, something previously only available on desktop. The feature is already available to Android users and will be rolling out to iOS "in the coming weeks."
Facebook is also adding new options that will allow livestreamers to reach those without a smartphone or access to reliable mobile data. Called "Public Switch Telephone Network," it will allow people to listen in on a livestream via a toll free number, similar to calling into a conference call. Similarly, Facebook Live is getting a new "audio only" mode so viewers can listen in without watching the accompanying video.
The new features could also help Facebook deal with the "unprecedented" surge in demand for its services in the wake of the coronavirus pandemic. The company said it's struggling to keep up with traffic, as more and more users turn to its messaging apps to stay in touch with loved ones.
Both video calling and live streaming are resource intensive for the company, which has already been forced to downgrade video quality in Europe. So if more users take advantage of features like audio only or calling into livestreams instead, it could also help Facebook conserve resources.
Slack is working on a way to call Microsoft Teams users As much as modern technology makes our daily lives easier, there's sometimes that frequent headache that comes when two competing services don't play nicely with one another. It's something Slack and Microsoft Teams users have had to contend with as they've transitioned to working from home. Thankfully, a fix is on its way.
NY court rules Postmates couriers are entitled to unemployment benefits Gig economy workers in New York won a significant battle this week after the state's Court of Appeals ruled in their favor against Postmates. Supporting a previous state decision, the court said Postmates couriers should be considered employees for the purposes of unemployment insurance. Moving forward, the company must support its contractors by paying into New York's Unemployment Insurance Fund on their behalf.
In the original decision, New York's Unemployment Insurance Appeal Board said Luis Vega, a former courier with Postmates, was entitled to employment insurance benefits after the company fired him. In its subsequent decision, the Court of Appeals argued Postmates effectively "dominates the significant aspects" of a courier's day-to-day by controlling where, when and to whom they can deliver food to while they're on the job. The court's judges felt that created an employer-employee relationship that exceeded the "incidental control" Postmates said it had over its couriers.
"The courts have solidified what we all have known for a while -- delivery drivers are employees and are entitled to the same unemployment benefits other employees can obtain," New York Attorney General Letitia James said. "As the nation battles the spread of the coronavirus and more and more employees are laid off, Postmates drivers should know they have the same safety net millions of others in New York have today." We've also reached out to Postmates for comment, and we'll update this article when we hear back.
While working for companies like Postmates and Instacart has always been something of a precarious proposition, the coronavirus pandemic has laid bare just how little job security gig economy workers enjoy. In a recent investor call, Uber CEO Dara Khosrowshahi told investors the company's ride volume has decreased by as much as 60 to 70 percent in cities hardest hit by the virus. In Uber's case, a lot of its drivers have been forced to take on delivery jobs to make up for the loss in income, putting themselves at further risk of getting sick with COVID-19.
Capcom delays ‘Resident Evil Resistance’ PS4 and Steam betas The remake of Resident Evil 3 will be out in just a few weeks, but Capcom wanted to give eager gamers the chance to play Capcom didn't mention what exactly those problems are, or how long it expects the delay to last. Only 14 days remain until the retail launch of both titles, so hopefully the beta will be available shortly -- otherwise the sneak peek would be rather pointless.
Resident Evil Resistance plots four "Survivors" against an evil "Mastermind." The player who takes on the role of the Mastermind can set traps and unleash monsters against the Survivors, who have to use their wits to escape.
Capcom said in a tweet, "Due to technical issues, there is a delay for the [Resident Evil] Resistance open beta on PS4 and Steam. The [Xbox One] version is unaffected and is available. We're working to resolve the issue as soon as we can and will keep you updated. Apologies for the inconvenience." While this could be disappointing for Resident Evil die-hards, the fact that the full game's release is imminent should be a consolation. Plus, the demo of Resident Evil 3 is available for anyone who really needs to scratch that survival horror itch.
Google's $800 million COVID-19 relief effort includes 2 million face masks Google's support for the fight against COVID-19 includes more than advisories and a search hub. The internet firm is making a $800 million-plus investment in multiple areas to aid treatment, support businesses and keep the public informed. This includes direct financial backing and know-ow, including partnering with supplier Magid GlovE & Safety to produce 2-3 million face masks for the CDC Foundation in the "coming weeks." It'll also assist the government, manufacturers and distributors in producing ventilators.
The business assistance includes a $200 million fund for financial institutions and non-governmental organizations to help small businesses get funds. All small businesses with active accounts over the past year will have access to a pool of $340 million in Google Ads credits.
Google's remaining funds include $250 million in ad grants for the WHO and government agencies to provide vital information (a leap from $25 million in February) and $20 million Google Cloud credits for academics using remote computing power to study possible treatments and track data. On top of this, Google is raising its employees' annual donation matching limit from $7,500 to $10,000.
Google isn't alone among tech companies in contributing extensive resources to dealing with the pandemic. However, this is clearly a large contribution -- and one that might be necessary as infection rates surge in the US and prompt widespread store closures.
These normally privacy-forward sources are saying this in response to the pandemic, obviously. But it's also because companies that track, target, identify and surveil individuals are pitching their technologies to ID and trace the infected — in shady backroom discussions with the White House.
The pandemic has us all in vulnerable positions, and some tech companies are just ethics-free enough to step in and take advantage of entire populations being held hostage by COVID-19. They see us as profitable, captive data generators while their PR departments act like they did something virtuous for the greater good. Like Zoom.
For reasons us privacy nerds can't comprehend, many people rushed to adopt and use Zoom for in-home teleconferencing once all the sheltering-in-place started. Zoom happens to be a privacy nightmare with a terrible security track record — so bad that in late 2019, EPIC (Electronic Privacy Information Center) made an official complaint to the FTC alleging "unfair and deceptive practices." According to EPIC, "Zoom intentionally designed its web conferencing service to bypass browser security settings and remotely enable a user's web camera without the knowledge or consent of the user."
That's not all: Zoom collects "your physical address, phone number, your job title, credit and debit card information, your Facebook account, your IP address, your OS and device details, and more" ... and traffics that data with whomever it's doing business with (it's unclear where or how Zoom sntaches that info, except to say it's "when you use or otherwise interact with our Products").
If only sleazy data dealers used their talents for good, right?
Look: former privacy pitchers, I get why you're now catching for Big Brother. This is an emergency. But looking at what's working (or not) in other countries, we will fail at containment unless we make sure pandemic response tracing tools don't blur into the fulfillment of ICE and police wishlists. There are serious epidemiologists talking about actual efforts to leverage tech for contact tracing but techbros solutionizing about location tracking need to stop. https://t.co/QuDZyz8FNs — Blake You're on Mute (@blakereid) March 24, 2020 If you're sitting at home (you better be) arguing this is a matter of privacy versus safety, you've just shown us that privacy and surveillance abuses are merely abstract concepts for you. This is not a black or white issue; staying at home is, washing your hands is, and behaving like you're infected for the safety of others is. We have failed to contain coronavirus, to stop its spread, and to prepare for the worst. Those failures have nothing to do with a lack of invasive surveillance, and cannot be cured by finally closing the information-sharing loop between Big Tech and Stephen Miller.
Elizabeth M. Renieris, a Fellow at Harvard's Berkman Klein Center for Internet & Society explained in When privacy meets pandemic how it's critical that core international human rights principles on privacy are baked into coronavirus-related tech.
"What happens if we trace people with no ability to help them," Renieris wrote. "What if it just doesn't work in some contexts? We especially have to ask these questions where some experimental methods of contact tracing are being entrusted to large for-profit tech companies." Ms. Renieris adds:
While no one seriously questions the need for interventions that can protect public health and safety, the framing of many privacy-related concerns skips a fundamental step in the analysis — namely, asking when an interference with fundamental rights is justified.
This analysis is grounded in core principles of international human rights law — not something particularly within Facebook or Google's expertise. If the privacy community skips this critical step, we have already lost the battle to protect our fundamental rights.
Do it wrong and people avoid getting tested, you wind up with unknown infected populations, and you create a marriage of surveillance and policing that cannot be walked back — you fail to contain the virus and democracy is DOA. Do it right and you have an informed and voluntary population, policing is separate from public health and medicine, there are safeguards in place to prevent inevitable abuses, and you stem the tide of infections. Pandemic surveillance: Privacy's tipping point
Yes, other governments around the world are using surveillance tools to stem COVID-19's spread. The main countries using technology to track and throttle the spread of the virus are China, Germany, Hong Kong, Israel, Italy, Singapore, South Korea, and Taiwan.
As you may know, China and Israel have gone full draconian. Israel has decided to leverage novel coronavirus in order to "lean in" on that whole police state thing. "Last week the Israeli government issued emergency orders granting the Shin Bet security service the authority to track its citizens," reported Haaertz, "allowing digital monitoring of coronavirus patients' cellphones, using means that were not disclosed."
The country's security service is "using the technology at its disposal to track the routes that patients have taken outside their homes and to determine whom they have gotten close to ... [and] tracking details of all calls made by coronavirus patients." But at least Israel is supposed to have an expiration date on keeping citizen data. Unlike China.
After unsuccessfully concealing the severity of its COVID-19 outbreak for two months, China rolled out the advanced tracking tech it used to round up more than a million Uyghur Muslims (now in concentration camps) and uses that tech to enforce an isolation policy. It includes phone tracking, facial recognition, and requiring hundreds of millions of citizens in lockdown to download an app. The app places people into three stoplight categories (green is free to move about; red is 14-day quarantine).
China, of course, said this was successful in stopping the pandemic, which has since resurfaced in the country, challenging that claim. This shows the location data of phones that were on a Florida beach during Spring Break. It then shows where those phones traveled.
First thing you should note is the importance of social distancing. The second is how much data your phone gives off. pic.twitter.com/iokUX3qjeB — Mikael Thalen (@MikaelThalen) March 26, 2020 The countries with the best balance of privacy and virus tracing are containing it, namely South Korea and Taiwan. In fact, most of the countries showing success with coronavirus tracing have unique, current legislation specific to pandemics with provisions on data collection. The laws in Germany, Italy, South Korea, and Taiwan meet the European Union's General Data Protection Regulation (GDPR) standards. These countries are thinking about what will happen in the days after we all survive the novel coronavirus, and acknowledge that it's a terrible idea to unbraid privacy from healthcare.
In South Korea and Taiwan, two countries who've done well to push back against the virus without the draconian tech-surveillance measures of China and Israel, legislation around data collection includes oversight and transparency for its citizens. "For example," Haaretz wrote regarding South Korea's approach, "citizens were provided with an explanation of what information was collected, for what purpose and when it would be erased."
That's how South Korea's officials addressed the problem of people avoiding tests over privacy concerns. Jung Eun-kyeong, the director of South Korea's Centers for Disease Control and Prevention told press, "We will balance the value of protecting individual human rights and privacy and the value of upholding public interest in preventing mass infections."
Singapore's COVID-19 mortality rate is arguably the lowest — and though the country isn't high in the freedom and democracy index, its success in using tech to fight the virus may be linked to its conditions around data privacy. "Privacy legislation in Singapore was most recently revised in 2014 and entails that the processing of data about individuals requires their consent," press reported. "Downloading the application was voluntary, it did not monitor people's whereabouts, and the information collected was not provided to the government."
In a way, it's no surprise that entrepreneurs, greedy corporations, and dark-intentioned authorities are seeing COVID-19 as an opportunistic land grab for money, control, and power. It's sickening. The most shady data harvesting companies, who are secretly gathering location data from smartphones and apps without the users' knowledge, are covidwashing their products and exploiting the disaster. https://t.co/uw1HbZSsKr — Wolfie Christl (@WolfieChristl) March 25, 2020 What is surprising, however, is how some seem to have learned from the mistakes of the greedy. Singapore -- again, no steward of democractic freedoms -- clearly gets that if you treat your people's privacy and data the same way Facebook does (or China, or Zoom for that matter), your problems are going to breed problems like tribbles.
The notion of repurposing tools that data harvesting companies use to track, snatch, and profit from our personal data without our explicit consent is some pretty ballsy -- or naive, or grossly privileged -- wishful thinking. These data collection tools were not built to save lives in emergencies: they were purpose-built for exploitation and abuse.
The only way to repurpose them safely and effectively is to treat them like they're radioactive: we must proceed with the certainty that all virus tracking and tracing tech will be abused. To not do so will be catastrophic.
Images: ANTHONY WALLACE/AFP via Getty Images (Checkpoint)
This week's best deals: Sony headphones, Surface Pro 7 and more This week brought a great deal on our favorite pair of wireless headphones, plus a number of other good deals. Those who need to shut out the world can grab Sony's WH-1000XM3 wireless noise-cancelling headphones for $238, and those who need a new 2-in-1 can get a discount on Microsoft's Surface Pro 7 -- Type Cover included. Musicians can also still snag Native Instruments plug-ins for free. Here are the best deals from the week that remain available today. Sony WH-1000XM3 wireless headphones Newegg still has Sony's WH-1000XM3 wireless noise-cancelling headphones for only $238, which is $112 less than their usual price of $350. We gave these headphones ascore of 94 and praised them for their excellent noise-cancellation capabilities and equally impressive audio quality. They have only a few downsides, one being finicky touch controls, but those can be easily overlooked when nearly everything else about these headphones is stellar. Surface Pro 7 from Microsoft. A model with a Core i5 processor, 8GB of RAM, and 128GB of storage bundled with a Type Cover is just $822. Typically, Microsoft sells these items separately, with the Type Cover alone going for $150 and the Surface starting at $899. This updated 2-in-1 finally includes USB-C ports and the Type Cover remains one of the best keyboard covers you can get. The bundle was $800 earlier this week, but the current $822 sale price remains good deal. Google Nest Hub Max to $200. While the $180 sale price from earlier this week has expired, the current sale price is worth considering. The Nest Hub Max is one of our favorite smart displays as it wears different hats depending on your needs. You can use it as a small TV to stream content like recipe videos, as a speaker to play music, as a camera for video calls and as your main at-home Google Assistant device. Analog Dreams software for free, which is a great deal considering it normally costs $50. This software synth can help you create your own versions of 80s pop hits at home. To use Analog Dreams, you'll first need Native Access and Kontakt Player -- both of which are part of the free Komplete Start bundle. After that, you'll be able to claim and download your free copy of Analog Dreams. work-from-home sale, an event that cuts up to 50 percent off some of its popular headphones and speakers. The company is known for making high-quality, albeit expensive, audio devices, so now's a good time to snag an item on your wishlist while it's more affordable than usual. Use the code WFH50 to save on select products -- the sale ends Sunday, March 29. 4 months of service for $4. Premium normally costs $10 per month, so this is a good deal if you wanted to check out Tidal for the first time. Just keep in mind that Tidal Premium includes high-quality audio streaming, but it does not include lossless audio streaming. That feature is reserved for Tidal HiFi subscribers, and that membership still costs $20 per month. Samsung's Galaxy Buds for $80, which is $50 less than their normal price of $130. We've seen the Galaxy Buds go down to $100 before, but this $80 sale price makes them an even better buy. We gave them a score of 69 for their reliable battery life and strong connectivity, but we did have reservations about their touch controls and mic quality. Nevertheless, these are solid earbuds that are a good alternative to the updated $150 Galaxy Buds+ if you have a tight budget. Buy Samsung Galaxy Buds on B&H Photo - $80
Control Panel isn’t dead yet but the System applet is looking nervous You may have seen dark rumors around the Web that Microsoft is about to kill off the classic Control Panel. Rest assured, friend, we were as horrified as you are—but on more careful inspection, this seems not to be the case. Thats one of the many downsides of being at the mercy of closed operating systems like Windows or macOS as a user, youre not really in control, and your platform landlords can decide to remove vital functionality or features on a whim, and theres nothing you can do about it. If you havent done so yet, Id highly suggest start looking at open source alternatives before its too late, because I feel the noose is only going to tighten more, not less.
Amiga machine code course Here you’ll find my complete set of posts covering the Amiga Machine Code course. The course consists of twelve letters and two disks, that can be found here. The letters are available as PDF’s in their original Danish language as well as translated to English. Some light reading for the weekend.
Dumping MiniDisc media If you have music on a collection of MiniDisc media and want to finally copy the data off onto modern media (or the cloud!), here are simple instructions for some different solutions. Why would you stop using MiniDisc though?
The exFAT filesystem is coming to Linux Paragon software’s not happy about it Ars Technica reports on a story from the early 2000s 2020: When software and operating system giant Microsoft announced its support for inclusion of the exFAT filesystem directly into the Linux kernel back in August, it didnt get a ton of press coverage. But filesystem vendor Paragon Software clearly noticed this months merge of the Microsoft-approved, largely Samsung-authored version of exFAT into the VFS for-next repository, which will in turn merge into Linux 5.7—and Paragon doesnt seem happy about it. Yesterday, Paragon issued a press release about European gateway-modem vendor Sagemcom adopting its version of exFAT into an upcoming series of Linux-based routers. Unfortunately, it chose to preface the announcement with a stream of FUD (Fear, Uncertainty, and Doubt) that wouldnt have looked out of place on Steve Ballmers letterhead in the 1990s. This is some get the facts! level of tripe. Youd think that in 2020, wed be spared this sort of nonsense, and Im sad Im even spending precious bits on this one but at least we get the name of Paragon out so you can avoid them like the plague.
AMD uses DMCA to mitigate massive GPU source code leak AMD has filed at least two DMCA notices against Github repos that carried stolen! source code relating to AMDs Navi and Arden GPUs, the latter being the processor for the upcoming Xbox Series X. The person claiming responsibility for the leak informs TorrentFreak that if they doesnt get a buyer for the remainder of the code, they will dump the whole lot online. Id love to hear the backstory behind this hack. For a company like AMD, such a hack mustve been an inside job, right? While I know I shouldnt be surprised anymore by just how lacking security can be at even the most prominent technology companies, I just cant imagine it being very easy to get your hands on this documentation and code without some form of inside help.
MIPS Loongson 3 seeing support improvements with Linux 5.7 For those managing to get their hands on a recently released Loongson 3A4000/3B4000 or even older Loongson 3 MIPS64 processors, improving the support is on the way with the upcoming Linux 5.7 kernel. Queued as part of the MIPS architecture work for Linux 5.7 are a number of Loongson improvements, in particular for the Loongson 3 series. The Loongson processors are pretty much impossible to come by outside of China, and gained some fame as the platform of choice for Richard Stallman.
Apple releases macOS 10.15.4, watchOS 6.2, and iOS, iPadOS and tvOS 13.4 Apple has released macOS 10.15.4, watchOS 6.2, and iOS, iPadOS and tvOS 13.4. Earlier today, Apple continued its tradition of updating all of its operating systems at once. The day brought major new feature releases to iOS, iPadOS, macOS, watchOS, and tvOS. The iOS, iPadOS, and tvOS updates are numbered 13.4, Apple Watches got watchOS 6.2, and Macs saw the release of macOS Catalina 10.15.4. You know where to get them.
Living a Google-free life with a Huawei phone Ever wondered whats it like to run Android without Googles services and applications? Well, get a Huawei device. A smartphone UI isn’t much use without apps, of course, and here is where Huawei hits its first hurdle. Huawei has its own store called AppGallery, which it claims is the third largest in the world based on its more than 400 million monthly active users. The vast majority of those users will be in China, of course, where the Google Play Store has never been included alongside AppGallery. If you buy a Mate 30 Pro now anywhere in the world, though, AppGallery is what you get out of the box. To be blunt, it is not great. I wouldn’t call it barren — there is support from major US companies like Microsoft, Amazon, and Snap. You can’t get Chrome, of course, but Opera is there if you want something with desktop sync. But a huge amount of its content is aimed at China, with other big Western names like Facebook, Slack, Netflix, and Twitter missing, which puts the Mate 30 Pro in a more precarious app situation than even the diciest days of Windows Phone. Huawei has announced a $1 billion plan to help stock AppGallery’s shelves, but it has its work cut out. A bigger problem is that even if you can get popular applications installed, they often wont work properly because the device lacks the Google Mobile Services. Its an incredibly hard situation for Huawei to be in.
Chrome phasing out support for user agent Google announced its decision to drop support for the User-Agent string in its Chrome browser. Instead, Chrome will offer a new API called Client Hints that will give the user greater control over which information is shared with websites. Weve talked about this earlier this year, but I want to highlight it again since its very important this initiative doesnt devolve into Google and Chrome shoving this alternative down the webs throat. Deprecating user agent strings is a good thing, but only if the replacement is a collective effort supported by everyone.
Apple just killed offline web apps while purporting to protect your privacy [updated: not really] Update: the WebKit blog post has been updated with a clarification: Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. Their days of use will match actual use of the web application which resets the timer. We do not expect the first-party in such a web application to have its website data deleted. Thats definitely a relief, and good thing they cleared this up. Original continues below: On the face of it, WebKit’s announcement yesterday titled Full Third-Party Cookie Blocking and More sounds like something I would wholeheartedly welcome. Unfortunately, I can’t because the “and more” bit effectively kills off Offline Web Apps and, with it, the chance to have privacy-respecting apps like the prototype I was exploring earlier in the year based on DAT. Block all third-party cookies, yes, by all means. But deleting all local storage (including Indexed DB, etc.) after 7 days effectively blocks any future decentralised apps using the browser (client side) as a trusted replication node in a peer-to-peer network. And that’s a huge blow to the future of privacy. Im sure thats entirely a coincidence for a company that wants to force everyone to use their App Store, the open web be damned.
Apple CarPlay, Android Auto distract drivers more than pot, alcohol, says study When Apple CarPlay and Android Auto first started rolling out, initial evidence suggested these technologies held promise to reduce distracted driving. These systems funneled the most important features from our phones onto the infotainment screen, curbing motorists desire to reach for their handhelds. Yet, it looks like these mirroring technologies may not be nearly as safe as initially hoped. A new study from the UKs IAM Roadsmart, an independent road safety organization, paints a far bleaker picture. The stark findings showed that drivers using one of the smartphone mirroring systems in a car displayed reaction times slower than someone whod used cannabis. In fact, these motorists reaction times were five times slower than someone driving with the legal limit of alcohol in their system. This shouldnt come as a surprise to anyone with more than two braincells to rub together. These systems are based on touch screen technology, and touchscreens without any tactility are simply not suited for use while operating a motor vehicle. Touchscreens are far more distracting than plain old tactile buttons in a fixed order that you learn over time and can feel, and it blows my mind that no safety regulations heavily curtailing their use to parked situations has been enacted just yet.
The Counterpoint program launcher The Counterpoint program launcher was supplied with the Amstrad PC5086 and other Amstrad PCs from that era. It acts as a user-friendly front end, replacing the full GUIs (Windows 2.0, or GEM) supplied with previous models. The Amstrad-branded version opens with a warning that it should only be used on Amstrad computers. However it appears to run successfully in non-Amstrad environments, such as the virtual machine used to make these screenshots. I love discovering user interfaces Ive never known about this before, and this one fits the bill just right. Wild UI experimentation was the norm during the late 80s and early 90s, before we all settled on what were all using now. Digging into the past and learning from even relatively obscure footnotes such as these is fascinating.
Android 11 Preview 2 hands-on: more polish and a new install method It came out much later in March than we expected, but yesterday Google launched the second developer preview for Android 11, the next big version of Android due out at the end of the year. Despite the coronavirus disrupting just about every part of normal life, Google posted the same schedule it did with Preview 1, indicating that the plan is still to have a preview release every month. Anyway, here are the important new things in this release. As always, an excellent look at the new features by Ars. Were still early on in Android 11s development cycle, though, so everything is still very much subject to change.
EAX x86 register: meaning and history Usually, x86 tutorials don’t spend much time explaining the historical perspective of design and naming decisions. When learning x86 assembly, you’re usually told something along the lines: Here’s EAX. It’s a register. Use it. So, what exactly do those letters stand for? E–A–X. I’m afraid there’s no short answer! We’ll have to go back to 1972… I love digital archeology.
Microsoft teases new File Explorer, Start Menu for Windows 10 We have seen earlier that Microsoft’s designers are working on a new Start Menu for Windows 10 (not Windows 10X) and now Panos Panay has posted a video celebrating 1 billion Windows 10 installations which appears to confirm that the changes and more are on the way. Theres finally hopefully going to be a modern replacement for Explorer, and context menus seem to be modern and thus consistent too. The already mentioned updated Stert menu is coming, too.
Linux Journal Ceases Publication: An Awkward Goodbye by Kyle RankinIMPORTANT NOTICE FROM LINUX JOURNAL, LLC:On August 7, 2019, Linux Journal shut its doors for good. All staff were laid off and the company is left with no operating funds to continue in any capacity. The website will continue to stay up for the next few weeks, hopefully longer for archival purposes if we can make it happen. –Linux Journal, LLC
Final Letter from the Editor: The Awkward Goodbye
by Kyle Rankin
Have you ever met up with a friend at a restaurant for dinner, then after dinner you both step out to the street and say a proper goodbye, only when you leave, you find out that you both are walking in the same direction? So now, you get to walk together awkwardly until the true point where you part, and then you have another, second goodbye, that's much more awkward.
That's basically this post.
So, it was almost two years ago that I first said goodbye to Linux Journal and the Linux Journal community in my post "So Long and Thanks for All the Bash". That post was a proper goodbye. For starters, it had a catchy title with a pun. The post itself had all the elements of a proper goodbye: part retrospective, part "Thank You" to the Linux Journal team and the community, and OK, yes, it was also part rant. I recommend you read (or re-read) that post, because it captures my feelings about losing Linux Journal way better than I can muster here on our awkward second goodbye.
Of course, not long after I wrote that post, we found out that Linux Journal wasn't dead after all! We all actually had more time together and got to work fixing everything that had caused us to die in the first place. A lot of our analysis of what went wrong and what we intended to change was captured in my article Go to Full Article
Working in a Linux environment, how often have you seen a kernel panic? When it happens, your system is left in a crippled state until you reboot it completely. And, even after you get your system back into a functional state, you're still left with the question: why? You may have no idea what happened or why it happened. Those questions can be answered though, and the following guide will help you root out the cause of some of the conditions that led to the original crash.
Figure 1. A Typical Kernel Panic
Let's start by looking at a set of utilities known as kexec and kdump. kexec allows you to boot into another kernel from an existing (and running) kernel, and kdump is a kexec-based crash-dumping mechanism for Linux. Installing the Required Packages First and foremost, your kernel should have the following components statically built in to its image: CONFIG_RELOCATABLE=y CONFIG_KEXEC=y CONFIG_CRASH_DUMP=y CONFIG_DEBUG_INFO=y CONFIG_MAGIC_SYSRQ=y CONFIG_PROC_VMCORE=y You can find this in /boot/config-`uname -r`.
Make sure that your operating system is up to date with the latest-and-greatest package versions: $ sudo apt update && sudo apt upgrade Install the following packages (I'm currently using Debian, but the same should and will apply to Ubuntu): $ sudo apt install gcc make binutils linux-headers-`uname -r` ↪kdump-tools crash `uname -r`-dbg Note: Package names may vary across distributions.
During the installation, you will be prompted with questions to enable kexec to handle reboots (answer whatever you'd like, but I answered "no"; see Figure 2).
Figure 2. kexec Configuration Menu
And to enable kdump to run and load at system boot, answer "yes" (Figure 3).
Figure 3. kdump Configuration Menu Configuring kdump Open the /etc/default/kdump-tools file, and at the very top, you should see the following: Go to Full Article
Loadsharers: Funding the Load-Bearing Internet Person by Eric S. Raymond The internet has a sustainability problem. Many of its critical services depend on the dedication of unpaid volunteers, because they can't be monetized and thus don't have any revenue stream for the maintainers to live on. I'm talking about services like DNS, time synchronization, crypto libraries—software without which the net and the browser you're using couldn't function.
These volunteer maintainers are the Load-Bearing Internet People (LBIP). Underfunding them is a problem, because underfunded critical services tend to have gaps and holes that could have been fixed if there were more full-time attention on them. As our civilization becomes increasingly dependent on this software infrastructure, that attention shortfall could lead to disastrous outages.
I've been worrying about this problem since 2012, when I watched a hacker I know wreck his health while working on a critical infrastructure problem nobody else understood at the time. Billions of dollars in e-commerce hung on getting the particular software problem he had spotted solved, but because it masqueraded as network undercapacity, he had a lot of trouble getting even technically-savvy people to understand where the problem was. He solved it, but unable to afford medical insurance and literally living in a tent, he eventually went blind in one eye and is now prone to depressive spells.
More recently, I damaged my ankle and discovered that although there is such a thing as minor surgery on the medical level, there is no such thing as "minor surgery" on the financial level. I was looking—still am looking—at a serious prospect of either having my life savings wiped out or having to leave all 52 of the open-source projects I'm responsible for in the lurch as I scrambled for a full-time job. Projects at risk include the likes of GIFLIB, GPSD and NTPsec.
That refocused my mind on the LBIP problem. There aren't many Load-Bearing Internet People—probably on the close order of 1,000 worldwide—but they're a systemic vulnerability made inevitable by the existence of common software and internet services that can't be metered. And, burning them out is a serious problem. Even under the most cold-blooded assessment, civilization needs the mean service life of an LBIP to be long enough to train and acculturate a replacement.
(If that made you wonder—yes, in fact, I am training an apprentice. Different problem for a different article.)
Alas, traditional centralized funding models have failed the LBIPs. There are a few reasons for this: Go to Full Article
Documenting Proper Git Usage by Zack Brown Jonathan Corbet wrote a document for inclusion in the kernel tree, describing best practices for merging and rebasing git-based kernel repositories. As he put it, it represented workflows that were actually in current use, and it was a living document that hopefully would be added to and corrected over time.
The inspiration for the document came from noticing how frequently Linus Torvalds was unhappy with how other people—typically subsystem maintainers—handled their git trees.
It's interesting to note that before Linus wrote the git tool, branching and merging was virtually unheard of in the Open Source world. In CVS, it was a nightmare horror of leechcraft and broken magic. Other tools were not much better. One of the primary motivations behind git—aside from blazing speed—was, in fact, to make branching and merging trivial operations—and so they have become.
One of the offshoots of branching and merging, Jonathan wrote, was rebasing—altering the patch history of a local repository. The benefits of rebasing are fantastic. They can make a repository history cleaner and clearer, which in turn can make it easier to track down the patches that introduced a given bug. So rebasing has a direct value to the development process.
On the other hand, used poorly, rebasing can make a big mess. For example, suppose you rebase a repository that has already been merged with another, and then merge them again—insane soul death.
So Jonathan explained some good rules of thumb. Never rebase a repository that's already been shared. Never rebase patches that come from someone else's repository. And in general, simply never rebase—unless there's a genuine reason.
Since rebasing changes the history of patches, it relies on a new "base" version, from which the later patches diverge. Jonathan recommended choosing a base version that was generally thought to be more stable rather than less—a new version or a release candidate, for example, rather than just an arbitrary patch during regular development.
Jonathan also recommended, for any rebase, treating all the rebased patches as new code, and testing them thoroughly, even if they had been tested already prior to the rebase.
"If", he said, "rebasing is limited to private trees, commits are based on a well-known starting point, and they are well tested, the potential for trouble is low."
Moving on to merging, Jonathan pointed out that nearly 9% of all kernel commits were merges. There were more than 1,000 merge requests in the 5.1 development cycle alone. Go to Full Article
Earlier this year, I attended PyCon, the international Python conference. One topic, presented at numerous talks and discussed informally in the hallway, was the state of threading in Python—which is, in a nutshell, neither ideal nor as terrible as some critics would argue.
A related topic that came up repeatedly was that of "asyncio", a relatively new approach to concurrency in Python. Not only were there formal presentations and informal discussions about asyncio, but a number of people also asked me about courses on the subject.
I must admit, I was a bit surprised by all the interest. After all, asyncio isn't a new addition to Python; it's been around for a few years. And, it doesn't solve all of the problems associated with threads. Plus, it can be confusing for many people to get started with it.
And yet, there's no denying that after a number of years when people ignored asyncio, it's starting to gain steam. I'm sure part of the reason is that asyncio has matured and improved over time, thanks in no small part to much dedicated work by countless developers. But, it's also because asyncio is an increasingly good and useful choice for certain types of tasks—particularly tasks that work across networks.
So with this article, I'm kicking off a series on asyncio—what it is, how to use it, where it's appropriate, and how you can and should (and also can't and shouldn't) incorporate it into your own work. What Is asyncio? Everyone's grown used to computers being able to do more than one thing at a time—well, sort of. Although it might seem as though computers are doing more than one thing at a time, they're actually switching, very quickly, across different tasks. For example, when you ssh in to a Linux server, it might seem as though it's only executing your commands. But in actuality, you're getting a small "time slice" from the CPU, with the rest going to other tasks on the computer, such as the systems that handle networking, security and various protocols. Indeed, if you're using SSH to connect to such a server, some of those time slices are being used by sshd to handle your connection and even allow you to issue commands.
All of this is done, on modern operating systems, via "pre-emptive multitasking". In other words, running programs aren't given a choice of when they will give up control of the CPU. Rather, they're forced to give up control and then resume a little while later. Each process running on a computer is handled this way. Each process can, in turn, use threads, sub-processes that subdivide the time slice given to their parent process. Go to Full Article
Last year I wrote a feature-length article on the data backup system I set up for my RV (see Kyle's "DIY RV Offsite Backup and Media Server" from the June 2018 issue of LJ). If you haven't read that article yet, I recommend checking it out first so you can get details on the system. In summary, I set up a Raspberry Pi media center PC connected to a 12V television in the RV. I connected an 8TB hard drive to that system and synchronized all of my files and media so it acted as a kind of off-site backup. Finally, I set up a script that would attempt to sync over all of those files from my NAS whenever it detected that the RV was on the local network. So here, I provide an update on how that system is working and a few tweaks I've made to it since. What Works Overall, the media center has worked well. It's been great to have all of my media with me when I'm on a road trip, and my son appreciates having access to his favorite cartoons. Because the interface is identical to the media center we have at home, there's no learning curve—everything just works. Since the Raspberry Pi is powered off the TV in the RV, you just need to turn on the TV and everything fires up.
It's also been great knowing that I have a good backup of all of my files nearby. Should anything happen to my house or my main NAS, I know that I can just get backups from the RV. Having peace of mind about your important files is valuable, and it's nice knowing in the worst case when my NAS broke, I could just disconnect my USB drive from the RV, connect it to a local system, and be back up and running.
The WiFi booster I set up on the RV also has worked pretty well to increase the range of the Raspberry Pi (and the laptops inside the RV) when on the road. When we get to a campsite that happens to offer WiFi, I just reset the booster and set up a new access point that amplifies the campsite signal for inside the RV. On one trip, I even took it out of the RV and inside a hotel room to boost the weak signal. Go to Full Article
Why did David need to write this patch? Why weren't system calls already fairly easy to manage? When you make a system call, you add it to a master list, and then you add it to the system call "tables", which is where the running kernel looks up which kernel function corresponds to which system call number. Kernel developers need to make sure system calls are represented in all relevant spots in the source tree. Renaming, renumbering and making other changes to system calls involves a lot of fiddly little details. David's script simply would do everything right—end of story no problemo hasta la vista.
Arnd Bergmann remarked, "Ah, fun. You had already threatened to add that script in the past. The implementation of course looks fine, I was just hoping we could instead eliminate the need for it first." But, bowing to necessity, Arnd offered some technical suggestions for improvements to the patch.
However, Linus Torvalds swooped in at this particular moment, saying:
Ugh, I hate it.
I'm sure the script is all kinds of clever and useful, but I really think the solution is not this kind of helper script, but simply that we should work at not having each architecture add new system calls individually in the first place.
IOW, we should look at having just one unified table for new system call numbers, and aim for the per-architecture ones to be for "legacy numbering".
Maybe that won't happen, but in the _hope_ that it happens, I really would prefer that people not work at making scripts for the current nasty situation.
And the portcullis came crashing down.
It's interesting that, instead of accepting this relatively obvious improvement to the existing situation, Linus would rather leave it broken and ugly, so that someone someday somewhere might be motivated to do the harder-yet-better fix. And, it's all the more interesting given how extreme the current problem is. Without actually being broken, the situation requires developers to put in a tremendous amount of care and effort into something that David's script could make trivial and easy. Even for such an obviously "good" patch, Linus gives thought to the policy and cultural implications, and the future motivations of other people working in that region of code.
Note: if you're mentioned above and want to post a response above the comment section, send a message with your response text to firstname.lastname@example.org. Go to Full Article
Experts Attempt to Explain DevOps--and Almost Succeed by Bryan Lunduke What is DevOps? How does it relate to other ideas and methodologies within software development? Linux Journal Deputy Editor and longtime software developer, Bryan Lunduke isn't entirely sure, so he asks some experts to help him better understand the DevOps phenomenon.
The word DevOps confuses me.
I'm not even sure confuses me quite does justice to the pain I experience—right in the center of my brain—every time the word is uttered.
It's not that I dislike DevOps; it's that I genuinely don't understand what in tarnation it actually is. Let me demonstrate. What follows is the definition of DevOps on Wikipedia as of a few moments ago:
DevOps is a set of software development practices that combine software development (Dev) and information technology operations (Ops) to shorten the systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives.
I'm pretty sure I got three aneurysms just by copying and pasting that sentence, and I still have no clue what DevOps really is. Perhaps I should back up and give a little context on where I'm coming from.
My professional career began in the 1990s when I got my first job as a Software Test Engineer (the people that find bugs in software, hopefully before the software ships, and tell the programmers about them). During the years that followed, my title, and responsibilities, gradually evolved as I worked my way through as many software-industry job titles as I could: Automation Engineer: people that automate testing software. Software Development Engineer in Test: people that make tools for the testers to use. Software Development Engineer: aka "Coder", aka "Programmer". Dev Lead: "Hey, you're a good programmer! You should also manage a few other programmers but still code just as much as you did before, but, don't worry, we won't give you much of a raise! It'll be great!" Dev Manager: like a Dev Lead, with less programming, more managing. Director of Engineering: the manager of the managers of the programmers. Vice President of Technology/Engineering: aka "The big boss nerd man who gets to make decisions and gets in trouble first when deadlines are missed." During my various times with fancy-pants titles, I managed teams that included: Go to Full Article
DNA Geometry with cadnano by Joey Bernard This article introduces a tool you can use to work on three-dimensional DNA origami. The package is called cadnano, and it's currently being developed at the Wyss Institute. With this package, you'll be able to construct and manipulate the three-dimensional representations of DNA structures, as well as generate publication-quality graphics of your work.
Because this software is research-based, you won't likely find it in the package repository for your favourite distribution, in which case you'll need to install it from the GitHub repository.
Since cadnano is a Python program, written to use the Qt framework, you'll need to install some packages first. For example, in Debian-based distributions, you'll want to run the following commands: sudo apt-get install python3 python3-pip I found that installation was a bit tricky, so I created a virtual Python environment to manage module installations.
Changing directory into the source directory, you can build and install cadnano with: python setup.py install Now your cadnano should be available within the virtualenv.
You can start cadnano simply by executing the cadnano command from a terminal window. You'll see an essentially blank workspace, made up of several empty view panes and an empty inspector pane on the far right-hand side.
Figure 1. When you first start cadnano, you get a completely blank work space.
In order to walk through a few of the functions available in cadnano, let's create a six-strand nanotube. The first step is to create a background that you can use to build upon. At the top of the main window, you'll find three buttons in the toolbar that will let you create a "Freeform", "Honeycomb" or "Square" framework. For this example, click the honeycomb button.
Figure 2. Start your construction with one of the available geometric frameworks. Go to Full Article
Virtualization has always been a rich man's game, and more frugal enthusiasts—unable to afford fancy server-class components—often struggle to keep up. Linux provides free high-quality hypervisors, but when you start to throw real workloads at the host, its resources become saturated quickly. No amount of spare RAM shoved into an old Dell desktop is going to remedy this situation. If a properly decked-out host is out of your reach, you might want to consider containers instead.
Instead of virtualizing an entire computer, containers allow parts of the Linux kernel to be portioned into several pieces. This occurs without the overhead of emulating hardware or running several identical kernels. A full GUI environment, such as GNOME Shell can be launched inside a container, with a little gumption.
You can accomplish this through namespaces, a feature built in to the Linux kernel. An in-depth look at this feature is beyond the scope of this article, but a brief example sheds light on how these features can create containers. Each kind of namespace segments a different part of the kernel. The PID namespace, for example, prevents processes inside the namespace from seeing other processes running in the kernel. As a result, those processes believe that they are the only ones running on the computer. Each namespace does the same thing for other areas of the kernel as well. The mount namespace isolates the filesystem of the processes inside of it. The network namespace provides a unique network stack to processes running inside of them. The IPC, user, UTS and cgroup namespaces do the same for those areas of the kernel as well. When the seven namespaces are combined, the result is a container: an environment isolated enough to believe it is a freestanding Linux system.
Container frameworks will abstract the minutia of configuring namespaces away from the user, but each framework has a different emphasis. Docker is the most popular and is designed to run multiple copies of identical containers at scale. LXC/LXD is meant to create containers easily that mimic particular Linux distributions. In fact, earlier versions of LXC included a collection of scripts that created the filesystems of popular distributions. A third option is libvirt's lxc driver. Contrary to how it may sound, libvirt-lxc does not use LXC/LXD at all. Instead, the libvirt-lxc driver manipulates kernel namespaces directly. libvirt-lxc integrates into other tools within the libvirt suite as well, so the configuration of libvirt-lxc containers resembles those of virtual machines running in other libvirt drivers instead of a native LXC/LXD container. It is easy to learn as a result, even if the branding is confusing. Go to Full Article
Page last modified on October 08, 2013, at 07:08 PM