Security updates for Thursday Security updates have been issued by openSUSE (chromium, libredwg, and thunderbird), Oracle (apache-commons-beanutils, java-1.8.0-openjdk, libarchive, and python-reportlab), Red Hat (kernel), Scientific Linux (apache-commons-beanutils, libarchive, and openslp), SUSE (java-11-openjdk), and Ubuntu (e2fsprogs, graphicsmagick, python-apt, and zlib).
[$] A tiny Python called Snek Keith Packard is no stranger to the linux.conf.au stage; he has spoken on a wide variety of topics since he started going to the conference in 2004(which was held inAdelaide, where organizers apparently had a lot of ice cream forattendees). One of his talks at this year's conference was on aneducation-focused project that he has been working on for around a year:a version of Python called "Snek" targeting embedded processors.He gave a look at some of the history of his work with 10-12 year-old students that led to thedevelopment of Snek as well as some plans for the language—and hardware torun it on—moving forward.
Security updates for Wednesday Security updates have been issued by Debian (tiff and transfig), Fedora (thunderbird-enigmail), Mageia (ffmpeg and sox), openSUSE (fontforge, python3, and tigervnc), Oracle (python-reportlab), Red Hat (apache-commons-beanutils, java-1.8.0-openjdk, kernel, kernel-alt, libarchive, openslp, openvswitch2.11, openvswitch2.12, and python-reportlab), Scientific Linux (java-1.8.0-openjdk and python-reportlab), SUSE (samba and tigervnc), and Ubuntu (python-pysaml2).
[$] Control-flow integrity for the kernel Control-flowintegrity (CFI) is a technique used to reduce the ability toredirect the execution of a program's code in attacker-specified ways. TheClang compiler has some features that can assist in maintainingcontrol-flow integrity, which have been applied to the Android kernel. KeesCook gave a talk about CFI for the Linux kernel at the recently concludedlinux.conf.au in Gold Coast, Australia.
Wine 5.0 released Wine 5.0 has been released. The mainhighlights are builtin modules in PE format, multi-monitor support, XAudio2reimplementation, and Vulkan 1.1 support. Wine is capable of running Windowsapplications on Linux and other POSIX-compliant systems.
Roose: PHP in 2020 Brent Roose argues thatit is time to take another look at PHP. "In this post, I want tolook at this bright side of PHP development. I want to show you that,despite its many shortcomings, PHP is a worthwhile language to learn. Iwant you to know that the PHP 5 era is coming to an end. That, if you wantto, you can write modern and clean PHP code, and leave behind much of themess it was 10 years ago."
Security updates for Tuesday Security updates have been issued by Debian (openconnect), Fedora (e2fsprogs, glibc, kernel, and nss), openSUSE (Mesa, php7, and slurm), Oracle (.NET Core, java-1.8.0-openjdk, java-11-openjdk, and thunderbird), Red Hat (java-1.8.0-openjdk, openvswitch, and openvswitch2.11), Scientific Linux (java-1.8.0-openjdk), SUSE (java-11-openjdk, libssh, libvpx, Mesa, and thunderbird), and Ubuntu (libbsd and samba).
[$] process_madvise(), pidfd capabilities, and the revenge of the PIDs Once upon a time, there were few ways for one process to operate uponanother after its creation; sending signals and ptrace() wereabout it. In recent years, interest inproviding ways for processes to control others has been on the increase,and the kernel's process-management API has been expanded accordingly.Along these lines, the process_madvise() system call has been proposed as a way for one process to influencehow memory management is done in another. There is a newprocess_madvise() series which is interesting in its own right,but this series has also raised a couple of questions about how processmanagement should be improved in general.
GNU make 4.3 released GNU make 4.3 is out. New features include explicit grouped targets, a new.EXTRA_PREREQS variable, the ability to specify parallel builds inthe makefile itself, and more. There are also a couple ofbackward-incompatible changes; see the announcement for details.
Security updates for Monday Security updates have been issued by CentOS (git, java-11-openjdk, and thunderbird), Debian (cacti, chromium, gpac, kernel, openjdk-11, ruby-excon, and thunderbird), Fedora (chromium and rubygem-rack), Mageia (suricata, tigervnc, and wireshark), openSUSE (glusterfs, libredwg, and uftpd), and Ubuntu (linux-hwe and sysstat).
Kernel prepatch 5.5-rc7 The 5.5-rc7 kernel prepatch is out. Linusis still unsure whether the final 5.5 release will come out next week ornot: "if it looks like there's pent-up fixes pending nextweek, I'll make another rc".
Three stable kernels Stable kernels 5.4.13, 4.19.97, and 4.14.166 have been released. They all containimportant fixes and users should upgrade.
[$] KRSI and proprietary BPF programs The "kernel runtime security instrumentation" (or KRSI) patch set enablesthe attachment of BPF programs to every security hook in the kernel; LWN covered this work in December. That articlefocused on ABI issues, but it deferred another potential problem toour 2020 predictions: the possibility thatvendors could start shipping proprietary BPF programs for use withframeworks like KRSI. Other developers did pick up on the possibility that KRSI could be abused this way, though,leading to a discussion on whether KRSI should continue to allow the loading of BPF programs that do not carrya GPL-compatible license.
Fedora CoreOS out of preview (Fedora Magazine) Fedora Magazine reportsthat the Fedora CoreOS distribution is now deemed ready for use."Fedora CoreOS is a new Fedora Edition built specifically for runningcontainerized workloads securely and at scale. It’s the successor to bothFedora Atomic Host and CoreOS Container Linux and is part of our effort toexplore new ways of assembling and updating an OS. Fedora CoreOS combinesthe provisioning tools and automatic update model of Container Linux withthe packaging technology, OCI support, and SELinux security of AtomicHost."
Where the open source InfluxDB time series database is going Something that is definitely very true today, and it was also true in 2013, is that developers want to work with open source tools. The tools developers choose to build their applications with are essentially how they're building their career. Those tools are going to be line items in their resume that says, I know this technology, I can build with these tools. So realistically, they want to adopt open source because they can take that from job to job, company to company and from cloud provider to cloud provider.
Hunting gremlins In the UTF-8 files I audit, the only invisible characters I expect to see... er... not see... are whitespace, horizontal tab and linefeed. All others I call "gremlins". They include carriage return, no-break space, soft hyphen and another 62 control characters. Gremlins are a nuisance. One gremlin causes a shell to hang. Less evil gremlins lurk inside apparently OK strings and cause the strings to be processed weirdly. This post explains a new script that locates and visualises gremlins in tab-separated tables.
What you need to know about System76's open source firmware project When you power on your computer, there’s a lot more going on than you might think. One of the most important elements involved is the embedded controller (EC). This is what is responsible for providing abstractions for the battery, charging system, keyboard, touchpad, suspend/resume, and thermal control, among others. These controllers are typically proprietary and usually run proprietary firmware.read more
Set up an offline command line dictionary in Fedora You don’t need an internet connection to have an easily searchable and extendable dictionary on your Fedora computer. You can use sdcv (StarDict under Console Version) and the public Stardict files on the default repositories to keep a local record for offline use. This article shows you how. What is sdcv? sdcv is a command […]
Linux on Embedded Ryzen with Radeon The board I am using is the IBase 918f-1605 to install Linux. Linux can be installed from a stock ISO, but the system does not perform as well unless using a special Linux kernel from AMD. It also helps to have the proper GPU driver for performance. Stability is much better with the AMD kernel they provide on their website.
Screenshot your Linux system configuration with Bash tools There are many reasons you might want to share your Linux configuration with other people. You might be looking for help troubleshooting a problem on your system, or maybe you're so proud of the environment you've created that you want to showcase it to fellow open source enthusiasts.
Canonical Introduces Scalable Android-Based Cloud Platform Canonical is deploying a scalable Android-based operating system for mobile and desktop enterprise applications from the cloud. The company just announced its Anbox Cloud containerized workload platform. Anbox Cloud allows apps to be streamed to any operating system or form factor. Its uses include cloud gaming, enterprise workplace applications, software testing and mobile device virtualization.
TROMjaro Updates Deliver Lighter, Better Manjaro The current version of TROMjaro is as close as it gets to being a Manjaro clone. However, a much different philosophy gives users something more than the Manjaro distro itself offers. The latest ISO release, version 11.11.2019, is based on Manjaro 18.1.2 "Juhraya." As such, TROMjaro is part of the Arch Linux family. TROMJaro offers a new twist on open source freedom in Linux.
Arduino Aims to Secure IoT With New Dev Platform, Hardware Arduino announced a new low-code Internet of Things application development platform at CES 2020 in Las Vegas. It also introduced the low-power Arduino Portenta H7 module, a new family of Portenta chips for a variety of hardware applications. Arduino has achieved prominence as a go-to developer of an innovation platform for connecting IoT products.
New Feren OS Does Plasma Better Feren OS now is built around Ubuntu Linux 18.04 and the KDE Plasma desktop instead of Linux Mint. The Cinnamon desktop version could retire later this year. The Feren OS community has released a mostly maintenance snapshot update for the Feren OS Cinnamon version. This new Feren OS release meets the goal of mixing the Cinnamon desktop with the more capable KDE Plasma 5 to make a better distro.
Samsung Debuts Sleek Galaxy Chromebook Samsung introduced a high-end Galaxy Chromebook at CES 2020 in Las Vegas. The new model could serve as an extension of the company's smartphone lineup and spawn a premium device demand in the category. Samsung aims to position it as the company's flagship Chromebook to meet potential demand for a more useful and powerful multipurpose premium mobile device.
Remix Could Bring Some Cinnamon Lovers Back to Ubuntu Ubuntu Cinnamon Remix arrived just in time for the holidays. Its first stable version is based on Ubuntu 19.10 Eoan Ermine. It utilizes Linux Mint's Cinnamon desktop environment on top of Ubuntu Linux's codebase. Work on several release candidate and beta versions stretches back to 2013. The efforts stayed under the radar until the announcement of the new distro's debut stable release.
Data-Munching Bug Throws Chrome 79 Android Rollout Into Chaos Google has stalled the rollout of its Chrome 79 Web browser for Android devices until it can find a way to neutralize a data-destroying bug. Affected users have been vilifying Google and app developers for failing to head off the problem. The latest Chrome version contains two highly anticipated new features: phishing protection, and the ability to reorder bookmarks.
Plenty of Linux Power Is Built Into Linux Lite 4.6 Serving two masters, in theory, is nearly impossible. In practice, the Linux Lite distribution easily satisfies Linux newcomers and veteran penguin fans as well. This distro is very beginner-friendly -- in large part due to a fine-tuned Xfce desktop interface that gives former Windows and macOS users a familiar base. I have always considered the distro's name -- "Linux Lite" -- to be a misnomer.
Should Discord Be in Your Incident Response Toolbox? Cybersecurity incident response teams have choices when it comes to communication tools: Microsoft Teams, Slack, Zoom and numerous others. Some require a subscription or commercial license -- others are free. Some are niche tools specifically designed for incident response. Some are generic business communication tools that IR teams have adapted for use during a cybersecurity incident.
Devs: Open Source Is Growing Despite Challenges Optimism about the future of open source is high among software developers worldwide. However, a growing number of devs worry that a lack of funding threatens its sustainability. That is a key takeaway from DigitalOcean's second annual open source survey. The online survey provides a snapshot of the state of open source, as well as a gauge of the inclusivity and friendliness of contributors.
Linux For All Shines on LXDE Desktop Linux For All very well could be a unifying Linux distribution that provides a common computing platform. LFA comes in just one flavor, the LXDE environment. However, LXDE is an inviting option that eliminates confusion and complexity in favor of a powerful desktop that is lightweight enough to run on low-powered aging hardware. A major advantage is better hardware support for Nvidia graphics.
OSGeoLive Distro Opens Doors to Geospatial Worlds If you ever have considered investigating or working with elements of the geospatial world, check out the latest edition of OSGeoLive, a Linux distribution that runs directly from a bootable DVD or USB thumb drive. You also can load a pre-made virtual machine disk file that runs in a VMware Workstation or VirtualBox environment. Or you can install it on a hard drive the old-fashioned way.
You've Come a Long Way, Linux-Baby When Linux first emerged from its cocoon in a frenzied Usenet thread, it is doubtful that almost anyone imagined the project would ascend to global prominence. Even more astonishingly, its dominance was driven as much, if not more, by its adoption by the private sector -- although it posed an antithesis to its business model -- as by any of its other notable traits.
How the Quantum Tech Race Puts the World's Data at Risk The technology one-upmanship between the United States and China is fast becoming the new space race. There's been a lot of talk in the press about the competition to reach 5G, but little traction outside of the tech community about something more momentous: the dangers of computing in a post-quantum world. The recent news from Google about its quantum capabilities is exciting.
Cleverly Reimagined Slax Distro Pushes Portable Linux's Limits Slax Linux is a handy portable operating system that can be a useful alternative to bulky, more complicated Linux options that install to a hard drive. However, it is far from a complete out-of-the-box solution. That is not a bad thing, though. Slax works. Copying just one folder from the downloaded ISO directly to a USB drive gives you a fully functional Linux OS.
GitHub Aims to Make Open Source Code Apocalypse-Proof in Arctic Vault GitHub wants to make sure its entire warehouse of open source code survives an apocalypse by burying it deep within an Arctic vault as one of several preservation strategies. Microsoft-owned GitHub is creating the Arctic Code Vault as a data repository for the existing Arctic World Archive. The AWA is a very-long-term archival facility about 0.16 miles deep in the permafrost of an Arctic mountain.
US Drinking Water Widely Contaminated With 'Forever Chemicals' The contamination of U.S. drinking water with man-made "forever chemicals" is far worse than previously estimated. with some of the highest levels found in Miami, Philadelphia and New Orleans, said a report on Wednesday by an environmental watchdog group. From a report: The chemicals, resistant to breaking down in the environment, are known as perfluoroalkyl substances, or PFAS. Some have been linked to cancers, liver damage, low birth weight and other health problems. The findings by the Environmental Working Group (EWG) show the group's previous estimate in 2018, based on unpublished U.S. Environmental Protection Agency (EPA) data, that 110 million Americans may be contaminated with PFAS, could be far too low. "It's nearly impossible to avoid contaminated drinking water from these chemicals," said David Andrews, a senior scientist at EWG and co-author of the report.
Scientists Discover 'Why Stress Turns Hair White' An anonymous reader quotes a report from the BBC: Scientists say they may have discovered why stress makes hair turn white, and a potential way of stopping it happening without reaching for the dye. Researchers behind the study, published in Nature, from the Universities of Sao Paulo and Harvard, believed the effects were linked to melanocyte stem cells, which produce melanin and are responsible for hair and skin color. And while carrying out in experiments on mice, they stumbled across evidence this was the case. Pain in mice triggered the release of adrenaline and cortisol, making their hearts beat faster and blood pressure rise, affecting the nervous system and causing acute stress. This process then sped up the depletion of stem cells that produced melanin in hair follicles. In another experiment, the researchers found they could block the changes by giving the mice an anti-hypertensive, which treats high blood pressure. And by comparing the genes of mice in pain with other mice, they could identify the protein involved in causing damage to stem cells from stress. When this protein -- cyclin-dependent kinase (CDK) -- was suppressed, the treatment also prevented a change in the color of their fur. This leaves the door open for scientists to help delay the onset of grey hair by targeting CDK with a drug.
How Dual-Screen Apps Will Run On Windows 10X, Android Microsoft has published a blog post detailing exactly how it imagines dual-screen apps will run on devices like the Surface Duo and Surface Neo -- two foldable devices unveiled back on October that run Android and Windows 10X, respectively. The Verge reports: By default, an app will occupy a single screen according to Microsoft. Surface Duo or Surface Neo users can then span the app across both displays when they're in double-portrait or double-landscape layout. Microsoft envisions that app developers will experiment with different ways to utilize both screens. Some of these include simply using both screens as an extended canvas, having two pages of a document shown at once, using the second display as a companion or dual view of something, or having a master part of the app on one display and details on the second. These are "initial app pattern ideas," according to Microsoft, and the company could well extend them based on developer feedback in the coming months. Microsoft is also releasing an Android emulator for the Surface Duo today to allow devs to test mobile apps. A Windows 10X emulator for the Surface Neo will arrive next month at around the same time that Microsoft plans to detail more of its dual-screen plans during a developer webcast. Microsoft's Android emulator will naturally support Android apps, and the Windows 10X version will include support for native Windows APIs to let developers detect hinge positions and optimize their win32 or Universal Windows Platform (UWP) apps for these new devices. Microsoft is also proposing new web standards for dual-screen layouts, and is "actively incubating new capabilities that enable web content to provide a great experience on dual-screen devices."
Facebook Trains An AI To Navigate Without Needing a Map A team at Facebook AI has created a reinforcement learning algorithm that lets a robot find its way in an unfamiliar environment without using a map. MIT Technology Review reports: Using just a depth-sensing camera, GPS, and compass data, the algorithm gets a robot to its goal 99.9% of the time along a route that is very close to the shortest possible path, which means no wrong turns, no backtracking, and no exploration. This is a big improvement over previous best efforts. [...] Facebook trained bots for three days inside AI Habitat, a photorealistic virtual mock-up of the interior of a building, with rooms and corridors and furniture. In that time they took 2.5 billion steps -- the equivalent of 80 years of human experience. Others have taken a month or more to train bots in a similar task, but Facebook massively sped things up by culling the slowest bots from the pool so that faster ones did not have to wait at the finish line each round. As ever, the team doesn't know exactly how the AI learned to navigate, but a best guess is that it picked up on patterns in the interior structure of the human-designed environments. Facebook is now testing its algorithm in real physical spaces using a LoCoBot robot.
Google Scientists Unveil the Biggest, Most Detailed Map of the Fly Brain Yet An anonymous reader shares a summary from Howard Hughes Medical Institute: In a darkened room in Ashburn, Virginia, rows of scientists sit at computer screens displaying vivid 3-D shapes. With a click of a mouse, they spin each shape to examine it from all sides. The scientists are working inside a concrete building at the Howard Hughes Medical Institute's Janelia Research Campus, just off a street called Helix Drive. But their minds are somewhere else entirely -- inside the brain of a fly. Each shape on the scientists' screens represents part of a fruit fly neuron. These researchers and others at Janelia are tackling a goal that once seemed out of reach: outlining each of the fly brain's roughly 100,000 neurons and pinpointing the millions of places they connect. Such a wiring diagram, or connectome, reveals the complete circuitry of different brain areas and how they're linked. The work could help unlock networks involved in memory formation, for example, or neural pathways that underlie movements. Gerry Rubin, vice president of HHMI and executive director of Janelia, has championed this project for more than a decade. It's a necessary step in understanding how the brain works, he says. When the project began, Rubin estimated that with available methods, tracing the connections between every fly neuron by hand would take 250 people working for two decades -- what he refers to as "a 5,000 person-year problem." Now, a stream of advances in imaging technology and deep-learning algorithms have yanked the dream of a fly connectome out of the clouds and into the realm of probability. High-powered customized microscopes, a team of dedicated neural proofreaders and data analysts, and a partnership with Google have sped up the process by orders of magnitude. Today, a team of Janelia researchers reports hitting a critical milestone: they've traced the path of every neuron in a portion of the female fruit fly brain they've dubbed the "hemibrain." The map encompasses 25,000 neurons -- roughly a third of the fly brain, by volume -- but its impact is outsized. It includes regions of keen interest to scientists -- those that control functions like learning, memory, smell, and navigation. With more than 20 million neural connections pinpointed so far, it's the biggest and most detailed map of the fly brain ever completed. The scientists have published a pre-print paper describing their work, and have made the data they collected available to view and download.
Twitter Tells Facial Recognition Trailblazer To Stop Using Site's Photos Kashmir Hill reporting for The New York Times: A mysterious company that has licensed its powerful facial recognition technology to hundreds of law enforcement agencies is facing attacks from Capitol Hill and from at least one Silicon Valley giant. Twitter sent a letter this week to the small start-up company, Clearview AI, demanding that it stop taking photos and any other data from the social media website "for any reason" and delete any data that it previously collected, a Twitter spokeswoman said. The cease-and-desist letter, sent on Tuesday, accused Clearview of violating Twitter's policies. The New York Times reported last week that Clearview had amassed a database of more than three billion photos from social media sites -- including Facebook, YouTube, Twitter and Venmo -- and elsewhere on the internet. The vast database powers an app that can match people to their online photos and link back to the sites the images came from. The app is used by more than 600 law enforcement agencies, ranging from local police departments to the F.B.I. and the Department of Homeland Security. Law enforcement officials told The Times that the app had helped them identify suspects in many criminal cases. It's unclear what social media sites can do to force Clearview to remove images from its database. "In the past, companies have sued websites that scrape information, accusing them of violating the Computer Fraud and Abuse Act, an anti-hacking law," notes the NYT. "But in September, a federal appeals court in California ruled against LinkedIn in such a case, establishing a precedent that the scraping of public data most likely doesn't violate the law."
Nintendo Doesn't Have To Refund Digital Preorders, According To European Court A European court has sided with Nintendo's ongoing practice to not let users cancel digital preorders. The Verge reports: According to Norwegian gaming site PressFire, the consumer authorities of Norway and Germany sued Nintendo for not letting users cancel digital preorders purchased from the eShop. The case went to court at the end of last year. This week, the court ruled in favor of Nintendo, meaning it can continue the practice for now. PressFire reports that the German consumer authority has appealed the ruling. When the Norwegian Consumer Council first formally criticized Nintendo's policy in 2018, it said that Nintendo's policy conflicts with the EU's Consumer Rights Directive, which requires that consumers must be able to cancel online purchases and receive refunds. Nintendo's no-refunds policy is also in place for the U.S. -- in fact, Nintendo states that all sales of digital purchases on the Wii U, Nintendo 3DS, and Nintendo Switch are final -- and Nintendo is the only console maker that doesn't let customers cancel a digital preorder, which the Norwegian Consumer Council noted in its 2018 complaint.
Seattle-Area Voters To Vote By Smartphone In 1st For US Elections A district encompassing Greater Seattle is set to become the first in which every voter can cast a ballot using a smartphone. NPR reports: The King Conservation District, a state environmental agency that encompasses Seattle and more than 30 other cities, is scheduled to detail the plan at a news conference on Wednesday. About 1.2 million eligible voters could take part. The new technology will be used for a board of supervisors election, and ballots will be accepted from Wednesday through election day on Feb. 11. King County voters will be able to use their name and birthdate to log in to a Web portal through the Internet browser on their phones, says Bryan Finney, the CEO of Democracy Live, the Seattle-based voting company providing the technology. Once voters have completed their ballots, they must verify their submissions and then submit a signature on the touch screen of their device. Finney says election officials in Washington are adept at signature verification because the state votes entirely by mail. That will be the way people are caught if they log in to the system under false pretenses and try to vote as someone else. The King County elections office plans to print out the ballots submitted electronically by voters whose signatures match and count the papers alongside the votes submitted through traditional routes. "Voters who use the smartphone portal also have the option to not submit their ballots electronically," notes NPR. "They can log in, fill out the ballot and then print it to either drop off at designated drop-off locations or put in the mail."
Mozilla Wants Young People To Consider 'Ethical Issues' Before Taking Jobs In Tech An anonymous reader quotes a report from Motherboard: The Mozilla Foundation, the non-profit arm of the company known for its privacy-friendly web browser Firefox, released a guide today for helping students navigate ethical issues in the tech industry, in particular, during the recruitment process. The guide advises students not to work for companies that build technology that harms vulnerable communities, and to educate themselves "on governance" inside companies before taking a job. It also discusses unions drives, walkouts, petitions, and other forms of worker organizing. The guide, which takes the form of a zine titled "With Great Tech Comes Great Responsibility," follows events hosted by the Mozilla Foundation last fall in partnership with six university campuses, including UC Berkeley, N.Y.U., M.I.T., Stanford, UC San Diego, and CSU Boulder. Not so subtly, it calls out Amazon, Palantir, and Google, which have faced backlash in recent months from tech workers as well as students on the campuses where they recruit. "Addressing ethical issues in tech can be overwhelming for students interested in working in tech. But change in the industry is not impossible. And it is increasingly necessary," reads the opening of the 11-page handbook -- citing military contracts, algorithmic bias, inhumane working conditions in warehouses, biased facial recognition software, and intrusive data mining as causes for concern.
Netflix Is Still Saying 'No' To Ads "During its Q4 earnings call, Netflix shot down the idea of an ad-supported option for its service," writes Slashdot reader saccade.com. TechCrunch reports: "Google and Facebook and Amazon are tremendously powerful at online advertising because they're integrating so much data from so many sources. There's a business cost to that, but that makes the advertising more targeted and effective. So I think those three are going to get most of the online advertising business," Netflix CEO Reed Hastings said. To grow a $5 billion to $10 billion advertising business, you'd need to "rip that away" from the existing providers [such as Facebook, Amazon Google], he continued. And stealing online advertising business from [them] is "quite challenging," Hastings added, saying "there's not easy money there." "We've got a much simpler business model, which is just focused on streaming and customer pleasure," he said. The CEO also noted that Netflix's strategic decision to not enter the ad business has its upsides, in terms of the controversies that surround companies that collect personal data on their users. To compete, Netflix would have to track more data on its subscribers, including things like their location -- that's not something it's interested in doing, he said, calling it "exploiting users." "We don't collect anything. We're really focused on just making our members happy," Hastings stated. "We think with our model that we'll actually get to larger revenue, larger profits, larger market cap because we don't have the exposure to something that we're strategically disadvantaged at -- which is online advertising against those big three," he said. TechCrunch points out that Netflix does track viewership data, overall viewing trends, and users' own interactions with its service. It also recently introduced a new "chose to watch" viewership metric. "However, none of this viewership tracking is on the scale of big tech's data collection practices, which is what Hastings meant by his comment," the report says.
Microsoft Discloses Security Breach of Customer Support Database Containing 250 Million Records An anonymous reader quotes a report from ZDNet: Microsoft disclosed today a security breach that took place last month in December 2019. In a blog post today, the OS maker said that an internal customer support database that was storing anonymized user analytics was accidentally exposed online without proper protections between December 5 and December 31. The database was spotted and reported to Microsoft by Bob Diachenko, a security researcher with Security Discovery. The leaky customer support database consisted of a cluster of five Elasticsearch servers, a technology used to simplify search operations, Diachenko told ZDNet today. All five servers stored the same data, appearing to be mirrors of each other. Diachenko said Microsoft secured the exposed database on the same day he reported the issue to the OS maker, despite being New Year's Eve. The servers contained roughly 250 million entries, with information such as email addresses, IP addresses, and support case details. Microsoft said that most of the records didn't contain any personal user information. "Microsoft blamed the accidental server exposure on misconfigured Azure security rules it deployed on December 5, which it now fixed," adds ZDNet. They went on to list several changes to prevent this sort of thing from happening again, such as "auditing the established network security rules for internal resources" and "adding additional alerting to service teams when security rule misconfigurations are detected."
Monty Python's Terry Jones Passes Away At 77 Mogster shares a report from the BBC: Monty Python stars have led the tributes to their co-star Terry Jones, who has died at the age of 77. The Welsh actor and writer played a variety of characters in the iconic comedy group's Flying Circus TV series, and directed several of their films. He died on Tuesday, four years after contracting a rare form of dementia known as Frontotemporal Dementia (FTD). Here are some of Jones' best lines: "Now, you listen here! He's not the Messiah. He's a very naughty boy!" -- as Brian's mother in Monty Python's Life of Brian "I'm alive, I'm alive!" -- as the naked hermit who gives away the location of a hiding Brian in Life of Brian "I shall use my largest scales" - as Sir Belvedere, who oversees a witch trial in Monty Python and the Holy Grail "What, the curtains?" -- as Prince Herbert, who is told "One day, lad, all this will be yours" in Holy Grail "Spam, spam, spam, spam, spam, spam, spam" -- as the greasy spoon waitress in a Monty Python sketch
Apple's Privacy Software Allowed Users To Be Tracked, Says Google Google researchers have exposed details of multiple security flaws in its rival Apple's Safari web browser that allowed users' browsing behavior to be tracked [Editor's note: the link may be paywalled; alternative source], despite the fact that the affected tool was specifically designed to protect their privacy. From a report: The flaws, which were ironically found in an anti-tracking feature known as Intelligent Tracking Prevention, were first disclosed by Google to Apple in August last year. In a soon-to-be published paper seen by the Financial Times, researchers in Google's cloud team have since identified five different types of potential attack that could have resulted from the vulnerabilities, allowing third parties to obtain "sensitive private information about the user's browsing habits." "You would not expect privacy-enhancing technologies to introduce privacy risks," said Lukasz Olejnik, an independent security researcher who has seen the paper. "If exploited or used, [these vulnerabilities] would allow unsanctioned and uncontrollable user tracking. Apple rolled out Intelligent Tracking Prevention in 2017, with the specific aim of protecting Safari browser users from being tracked around the web by advertisers' and other third-parties' cookies.
The Way We Write History Has Changed A deep dive into an archive will never be the same. From an essay: Instead of reading papers during an archival visit, historians can snap pictures of the documents and then look at them later. Ian Milligan, a historian at the University of Waterloo, noticed the trend among his colleagues and surveyed 250 historians, about half of them tenured or tenure-track, and half in other positions, about their work in the archives. The results quantified the new normal. While a subset of researchers (about 23 percent) took few (fewer than 200) photos, the plurality (about 40 percent) took more than 2,000 photographs for their "last substantive project." The driving force here is simple enough. Digital photos drive down the cost of archival research, allowing an individual to capture far more documents per hour. So an archival visit becomes a process of standing over documents, snapping pictures as quickly as possible. Some researchers organize their photos swiping on an iPhone, or with an open-source tool named Tropy; some, like Alex Wellerstein, a historian at Stevens Institute of Technology, have special digital-camera setups, and a standardized method. In my own work, I used Dropbox's photo tools, which I used to output PDFs, which I dropped into Scrivener, my preferred writing software. These practices might seem like a subtle shift -- researchers are still going to collections and requesting boxes and reading papers -- but the ways that information is collected and managed transmute what historians can learn from it. There has been, as Milligan put it, a "dramatic reshaping of historical practice." Different histories will be written because the tools of the discipline are changing.
IBM's Debating AI Just Got a Lot Closer To Being a Useful Tool We make decisions by weighing pros and cons. Artificial intelligence has the potential to help us with that by sifting through ever-increasing mounds of data. But to be truly useful, it needs to reason more like a human. An artificial intelligence technique known as argument mining could help. From a report: IBM has just taken a big step in that direction. The company's Project Debater team has spent several years developing an AI that can build arguments. Last year IBM demonstrated its work-in-progress technology in a live debate against a world-champion human debater, the equivalent of Watson's Jeopardy! showdown. Such stunts are fun, and it provided a proof of concept. Now IBM is turning its toy into a genuinely useful tool. The version of Project Debater used in the live debates included the seeds of the latest system, such as the capability to search hundreds of millions of new articles. But in the months since, the team has extensively tweaked the neural networks it uses, improving the quality of the evidence the system can unearth. One important addition is BERT, a neural network Google built for natural-language processing, which can answer queries. The work will be presented at the Association for the Advancement of Artificial Intelligence conference in New York next month. To train their AI, lead researcher Noam Slonim and his colleagues at IBM Research in Haifa, Israel, drew on 400 million documents taken from the LexisNexis database of newspaper and journal articles. This gave them some 10 billion sentences, a natural-language corpus around 50 times larger than Wikipedia. They paired this vast evidence pool with claims about several hundred different topics, such as "Blood donation should be mandatory" or "We should abandon Valentine's Day." They then asked crowd workers on the Figure Eight platform to label sentences according to whether or not they provided evidence for or against particular claims. The labeled data was fed to a supervised learning algorithm.
Linux k10temp Driver For AMD CPUs Updated To Better Handle Power/Temp Analysis As we have been eagerly talking about for the past week, the Linux kernel's k10temp driver was updated for better AMD CPU CCD temperatures and voltage/current reporting. Those improvements have been quickly evolving thanks to the work of the open-source community with AMD still sadly holding the datasheets concerning the power/temperature registers close to their vest. A new version of k10temp was sent out on Wednesday...
Vulkan 1.2 Comes To macOS / iOS Via Updated MoltenVK While Apple still isn't officially supporting the Vulkan graphics/compute API in remaining focused on their Metal drivers, MoltenVK at least has been updated for Vulkan 1.2 in allowing developers to target this Vulkan-to-Metal abstraction layer for macOS and iOS...
Debian 7 Through Debian Testing Benchmarks With/Without Mitigations As part of our many Linux benchmarks in ending out the 2010s we ran tests looking at CentOS 6 through CentOS 8, seven years of Ubuntu Linux performance, and various other Linux distribution benchmarks and testing other important pieces of open-source software over time. One of the additional comparisons now wrapped up is looking at the performance of Debian GNU/Linux going back from the old 7 series through the current 10 stable series and also Debian Testing. Tests where relevant were done out-of-the-box with the default security mitigations and again with mitigations disabled.
Wine Is Approaching Six Million Lines Given yesterday's release of Wine 5.0 I was curious to run some development stats on Wine Git as of the 5.0 release tag for seeing how development is trending on this wildly popular program among Linux users especially for running Windows games and applications...
AMD Radeon RX 5600 XT Linux Gaming Performance As announced back at CES, the Radeon RX 5600 XT is being launched as the newest Navi graphics card to fill the void between the original RX 5700 series and the budget RX 5500 XT. The Radeon RX 5600 XT graphics cards are beginning to ship today at $279+ USD price point and offers great Linux support but with one last minute -- and hopefully very temporary -- caveat.
GNOME Work Is Underway For Sharper Background Images Canonical's Daniel Van Vugt continues working on a variety of interesting performance optimizations for upstream GNOME as well as other usability enhancements for this desktop environment. One of the latest items being tackled is improving the quality of background images on GNOME...
Intel's Vulkan Driver Begins Making Infrastructure Changes For Multi-GPU Support For months we have seen various Intel open-source Linux graphics driver patches that begin preparing for multi-GPU support where in moving forward with their Xe graphics cards there could be the iGPU + dGPU setup or even multiple Xe graphics cards in a single system. So far those Intel Linux multi-GPU preparations have been focused on their kernel-space driver while now it's reaching into user-space with their Vulkan driver seeing early infrastructure changes...
Fedora's FESCo Has Deferred Any Decision On EarlyOOM By Default One of the changes planned for Fedora 32 has been to enable EarlyOOM by default to better handle low memory situations either due to the system running with minimal RAM or under memory pressure. But the Fedora Engineering and Steering Committee has yet to reach a decision over this default...
XanMod-ing Ubuntu To Perform Closer To Intel's Clear Linux Earlier this month many Phoronix readers were interested in our fresh tests of the XanMod-patched Linux kernel for boosting the desktop and workstation performance compared to Ubuntu's default Linux kernel. Among many patches, XanMod does pull in some kernel patches from Intel's performance-optimized Clear Linux, so we figured it would be interesting to see how the XanMod'ed Ubuntu compares to Clear Linux performance.
Players first got to experience the game's unique artistry and heartwarming plot in August last year when it landed on PC and PS4. So the fact that it's debuting on the Switch so relatively soon after its initial release makes this a real indie triumph -- especially since it wasn't backed by any major studios or platforms. It'll be available from February 6th and preorders are currently 10 percent off.
Pokémon Go fans can look forward to four festivals in the first half of the year, starting with one that coincides with the Taiwan Lantern Festival in Taichung from February 6th through the 9th. Next is a Safari Zone event, where players can catch region-exclusive Pokémon, in St. Louis from March 27th to 29th. Tickets for the event will be available starting on January 24th. Liverpool players are also getting a Safari Zone event from April 17th through the 19th, with tickets going on sale starting on January 31st. The last entry in the Pokémon Go calendar is another Safari Zone event in Philadelphia from May 8th through the 10th.
Meanwhile, Harry Potter fans can look forward to the second Harry Potter: Wizards Unite Fan Festival. It doesn't have a date yet, but the first one took place over Labor Day weekend last year. Finally, Niantic has three international events planned for Ingress players. Perpetua Hexathlon is happening on February 29th, while Lexicon Hexathlon is scheduled for April 25th. Both events will take place across multiple locations in Europe, North America and Asia Pacific. There's also Requiem Anomaly Munich, which is happening on May 9th.
In addition to revealing the economic impact of its real-world events, Niantic also dropped other relevant stats. The developer said it hosted more than 2.7 million attendees across 77 festivals held in 32 countries and that they walked 6.5 million kilometers together. Since its new website was created specifically for officials interested in bringing Niantic's events to their cities, we might see more get added to its festival calendar for the year.
Schools wanting to compete will be placed in regional conferences based on their geographic location, with two-player (duo) teams competing. There's no limit on the number of teams that can be registered at each school, with pre-season practice beginning on February 17th. The season proper, meanwhile, kicks off on February 24th, with top teams advancing to playoffs and a championship match scheduled for May.
The deadline for colleges are a little different, with February 26th the final registration date, although it's clear players should probably get in before that. PlayVS adds that while participants can play Fortnite on any supported device -- meaning PC, Playstation 4, Xbox One and mobile -- matches need to be on on an educational campus network and a coach needs to be present (you know, so they can stand behind you in sweats and a cap shouting "BUILD!" at you for no reason).
Epic's partnership with PlayVS shows that it is still very keen to grow the competitive aspect of its popular shooter and provide a pathway for budding esports pros. In 2019, the company put up $100 million in prize money across various competitions -- the most notable being the first-ever Fortnite World Cup in July. There, Kyle "Bugha" Giersdorf claimed the solo title and pocketed $3 million after dominating six battle royale matches at a packed Arthur Ashe Stadium in New York City.
Remember Motorola's $1,500 high-concept phone? It was supposed to start the pre-order process last month. Now, after a brief delay,
Microsoft has released a preview toolkit to help developers make apps for its Android-powered Surface Duo, including Java frameworks and emulation that can handle the two-screen device. This is rough code, to put it mildly,
There is no shortage of smart speakers out there. As our smart home guide kicks off this week, let us guide you through the best options across Amazon, Google, Sonos and the rest. We've separated the devices into different categories. Want the best-sounding smart speaker?
Engadget editors get their mitts on loads of smart home tech. A lot of it is entirely irrelevant. Another chunk of it is impossible to install in rented apartments and homes. Cherlynn has seen her fair share of smart home devices --
UN experts have issued a statement calling for an "immediate investigation" into claims the Saudi Crown Prince's account was used for a WhatsApp hack as well as his reported "continuous, multi-year, direct and personal" role in efforts to target opponents. These allegations are particularly "relevant" in light of the Saudi royal's alleged role in the murder of Washington Post journalist Jamal Khashoggi.
If a date turns ugly, users will be able to trigger an alarm via the Noonight tool within the Tinder app. They'll then be instructed to enter a code. If they don't, they'll receive a text from one of Noonlight's dispatchers. If they don't respond to that message, Noonlight will call them, and if there's no answer, or the user confirms that they need help, Noonlight will get in touch with police.
To use the feature, daters will have to share their real-time location data with the app. Match says this information won't be used for marketing or anything else, nor will the information be shared with Match -- it's all handled by Noonlight. Users opting in to the feature will also be able to display a badge on their dating profiles, which -- the company hopes -- will act as a deterrent to any bad actors on the platform.
Of course, there's always the possibility that an alarm could be triggered by accident during a date that's going well, but the company says that's a risk it's willing to take. Speaking to the Wall Street Journal, Match group chief executive Mandy Ginsberg said, "The false positives, believe me, we took them into account. If someone doesn't respond, worst case someone shows up and knocks on the door. It's not the worst thing in the world."
The new feature follows a number of safety-centric tools on the platform. Last year it rolled out a traveler alert system to help protect LGBTQ users in countries that discriminate, and back in 2018 it launched a Bumble-esque "women talk first" function. However, when it comes to data security within the app itself, its reputation isn't so solid. A major security flaw in 2018 granted account access with just a phone number, while the same year saw the revelation that user photos were not being encrypted. More recently, a study showed that Tinder -- alongside a number of other dating apps -- had been playing it fast and loose with sensitive customer data.
Nonetheless, any features that can make the tumultuous world of online dating safer for its users are undoubtedly a welcome move. The Noonlight feature will be free for users in the US from the end of January, with Match Group planning on rolling it out to its other dating apps in the coming months.
Apple was actually one of the first companies to ostracize the troublesome Flash software, which was riddled with vulnerabilities and security flaws. The company refused to support Flash on iOS back all the way back in 2007, and since then others have followed suit, including Google, Facebook, Microsoft and Mozilla. In 2017, Adobe itself announced plans to end Flash support and development in 2020.
The omission of support for Flash in Safari is unlikely to really impact on users, however, as up to this point the plugin had to be wilfully installed, and even then you'd have to really want to use it, since Safari didn't support any other plugins on Mac. Doing away with any and all support, however, signifies Apple's intentions to wash its hands of Flash altogether. Come the end of the year, when Adobe eventually pulls the plug, the once ubiquitous technology will be gone forever.
Office 365 business installations are auto-switching Chrome search to Bing Microsoft is making Bing the default search engine in Chrome -- for business users, that is. The tech giant has announced that when enterprise customers install Office 365 ProPlus Version 2002 or update the suite in February, they'll find that the "Microsoft Search in Bing" extension will also be installed for the Chrome browser. Microsoft says that making Bing the default search engine will allow users "to access relevant workplace information directly from the browser address bar."
As aren't happy about the change. And Microsoft seems to have expected the negative feedback, because its announcement includes instructions on how to exclude the extension from the installation or the upgrade. The tech giant also clarified that users stop can using Bing as the default search engine by toggling it off or by completely uninstalling it from devices. Those whose companies use Office 365 ProPlus may want to take note in case they'd rather search via Google like always.
For now, Microsoft will only forcibly install the extension for customers in certain regions, namely Australia, Canada, France, Germany, India, the UK and the US. However, the company may add other locations over time.
Being able to race your friends instead of just AI and the clock might make its touch-based controls and various free-to-play wrinkles a bit easier to stomach, but you won't know until you try. You can race random competitors, or turn on your location to race your friends -- if they're nearby.
If you've unlocked at least one cup within the game, then all you'll need to do is click the menu button and switch to multiplayer to race against live competition. The only thing to note for now is that multiplayer saves won't transfer over to the proper release once the beta ends at midnight ET next Tuesday, January 28th. The second multiplayer test is here! This time around, all players, including #MarioKartTour Gold Pass subscribers, can participate. Race your friends by tapping Menu, and then Multiplayer in-game. pic.twitter.com/IYqKWNmIue — Mario Kart Tour (@mariokarttourEN) January 23, 2020 Source: Nintendo (Twitter), Mario Kart Tour
Twitter launches Facebook-like reaction emojis for DMs Have you ever gotten a Twitter DM that made you wish you could give it a thumbs down, laugh at it or just generally react to it like you can on Facebook? Well, now you can. Twitter has rolled out emoji reactions for Direct Messages, which looks similar to Facebook's with a few key differences. Instead of the heart eyes and angry emojis, you're getting heart and fire reaction options.
You can easily react to a DM by clicking or tapping on the heart-plus icon that appears right next to a message. Double-tapping messages brings up the emoji panel, as well. The recipient will get a notification if you react to their DM, and they'll get your reaction as a text reply if they're using an older version of the app that doesn't support the feature. Based on what we've seen, you can add a reaction even to years-old messages, though we'd advise against going that route to not-so-subtly remind your ex that you exist. Say more with new emoji reactions for Direct Messages!
To add a reaction, click the ❤️➕ icon that appears when you hover over the message on web or double tap the message on mobile and select an emoji from the pop-up.
Fujifilm's X-T200 mirrorless camera uses gyros for ultra-stable video Fujifilm is taking a slightly unusual tactic to replacing its entry-level X-T100 mirrorless camera: make the sequel indispensable to video makers. Its just-introduced X-T200 still shoots 24.2-megapixel stills, but it now captures 4K video using a "Digital Gimbal Function" (really, gyro sensors) that promises extra-stable footage -- it smoothes the video "even further" than what you'd expect from a smartphone, Fujifilm claims. Whether or not that's true, you can expect HDR in both video and stills to bring out more detail in high-contrast situations.
You can also expect a new vari-angle 3.5-inch touchscreen display that can be opened and twisted to help frame your vlogs. And yes, the core photography should be improved as well. You can expect improved autofocusing (including for face and eye detection) with phase detection pixels across the sensor, and it processes data 3.5 times faster than its T100 processor. That should help with overall photography, but it should also cut back on the rolling shutter effect (aka "tower of jello") when recording videos.
There are speed limitations. While the new camera shoots full-resolution stills at a respectable 8 frames per second, 4K video is capped at 30FPS (even slow-motion 1080p is stuck at 120FPS). You won't want to lean on this if you insist on both high resolution and a high frame rate. Still, with the fully articulating display, 4K video, stabilization, lack of jello and both microphone and headphone ports (the latter via USB-C), the X-T200 could be the ultimate budget video and vlogging rig.
The X-T200 will cost about $100 more than its predecessor at $700 for just the body, or $800 if you want a 14-45mm f/3.5-5.6 optically stabilized kit lens. It's expected to ship in late February. And if you want more native lens options, there's also a $199 35mm f/2 prime lens coming at the same time to produce produce bright shots with soft backgrounds. While it lacks the weather-sealing and metal build of the current XF 35mm F/2 WR, it's half the price -- making it Fujifilm's cheapest prime lens yet.
DirecTV satellite is at risk of explosion due to battery issues DirecTV has one month to remove a satellite from geostationary orbit, so it doesn't take other satellites down with it if it ends up exploding. The AT&T-owned TV service fears that its Spaceway-1 satellite (a Boeing 702HP model) might explode due to battery issues that started manifesting in December. According to FCC filing dated January 19th that an anomaly caused "significant and irreversible thermal damage" to the satellite's batteries.
The company already switched the batteries off and has been operating Spaceway-1 using power generated by its solar panels. However, it's expected to pass through Earth's shadow in late February where only batteries can serve as its power source. That's why DirecTV has to send it 300 kilometers above geostationary orbit, at a place where satellites go to die, before February 25th. "The risk of a catastrophic battery failure makes it urgent that Spaceway-1 be fully de-orbited and decommissioned prior to the February 25th start of eclipse season," the company said in a statement.
Companies are required to dump their satellites' remaining fuel before decommissioning them to reduce the risk of explosion, but DirecTV asked the FCC for a waiver because it doesn't have enough time to do so. It takes two to three months to dump fuel from similar satellites, especially since DirecTV put in enough for Safeway-1 to stay in service until 2025. That said, it'll at least be in graveyard orbit if it does end up exploding, instead of in geostationary orbit where most telecommunication satellites are.
SpaceNews says DirecTV fans don't need to worry, though. No customers were affected (and will presumably be affected) by the event, since Spaceway-1 was merely a backup satellite.
Microsoft gets the ball rolling on Surface Duo apps Microsoft has moved one step closer to making its dual-screen Surface devices a practical reality. The tech giant has released a preview toolkit to help developers make apps for its Android-powered Surface Duo, including Java frameworks and emulation that can handle the two-screen device. This is rough code, to put it mildly, but it should help studios get started on the apps you'll use when the Surface Duo arrives late in the year.
People who want to write apps for the Surface Neo and Windows 10X will have to wait a while longer. Microsoft is planning to offer a pre-release version of the relevant Windows developer kit "in the coming weeks" through its usual Insider previews, with a 10X-ready emulator and programming interfaces appearing on February 11th.
The months of lead time should result in a fair amount of apps for both the Duo and Neo when they're ready. Just how many is another question. That might depend on how quickly Microsoft releases more polished developer kits, not to mention overall interest -- you'll only see widespread support if app writers think the new Surfaces (and Windows 10X) hold a lot of potential. Here's a quick look at some of the (unfinished) navigation gestures that are part of the Surface Duo. This build is pretty buggy, but still interesting to see. pic.twitter.com/Jra1xVfZl2 — Zac Bowden (@zacbowden) January 22, 2020 Source: Windows Blogs, Xamarin
California says Riot Games' discrimination settlement isn't enough Riot Games' tentative $10 million settlement over gender discrimination claims might be revised much higher. The LA Times has learned that California's Department of Fair Employment and Housing (DFEH) and the Division of Labor Standards Enforcement (DLSE) have requested to get involved the case and argue that the settlement terms are inadequate. DFEH contended that women at the League of Legends studio could be owed "over $400 million" in back pay based on the settlement's existing calculations, and that the non-financial agreements included "no enforceable changes" in policy at a company where sexism was reportedly widespread.
DLSE, meanwhile, believed that the attorneys for the women didn't do their homework and missed out on valid claims against Riot. Reportedly, the lawyers misfiled a notice for equal pay violations and didn't account for overtime or minimum wage violations in the settlement deal.
The court will decide on DSLE's right to intervene on January 31st, which could let it conduct its own investigation and legal action against Riot as part of the lawsuit. The judge will also make a decision on February 3rd to either accept the objections and toss out the $10 million deal or else move forward with that proposal.
As you might imagine, Riot has objected to attempts to alter the deal. Spokesperson Joe Hixson told the Times that DFEH's move was full of "inaccuracies and false allegations," and that Riot had "worked hard" to strike a fair deal. He claimed the move "downplays and ignores" changes to company culture made over the past year and a half. Lawyers for both Riot and the women have also asserted that the DLSE's opposition was flawed. It's ultimately up to the judge to decide, though, and a final deal could be months away if there are any changes to the terms.
India will launch a humanoid robot ahead of its first crewed space mission Before sending its first crewed mission in late 2021, India will launch a humanoid robot called Vyommitra into space, reports Gaganyaan craft. In the run up to the first Human Space Mission by India at @isro ... 'Vyommitra', the humanoid for #Gaganyaan unveiled. This prototype of humanoid will go as trial before Gaganyaan goes with Astronauts. #ISROpic.twitter.com/pnzklgSfqu — Dr Jitendra Singh (@DrJitendraSingh) January 22, 2020 "It will be simulating exactly the human functions there [in space]. It will check whether the system is right. This will be very useful to simulate, as if a human is flying," ISRO chairman K Sivan told reporters at the media event where the agency showed off the robot.
Although Vyommitra's appearance is sure to inspire headlines about its perceived gender, the fact of the matter is that sending robots into space is nothing new. Just last year, one of NASA's adorable Astrobee robots flew on its own aboard the International Space Station. When it comes to challenges of space flight, robots, whatever their shape, are better equipped to handle the stresses associated with leaving the earth's atmosphere than human bodies.
A 'The Witcher' anime film is coming to Netflix Netflix clearly knows its adaptation of confirmed rumors that it's working on an anime movie offshoot, The Witcher: Nightmare of the Wolf. It's not saying much about the plot besides talk of a "new threat facing the Continent," but fans may like the talent attached to the project. The Witcher series' Beau DeMayo and Lauren Hissrich are involved, and Legend of Korra's Studio Mir is producing the title.
There's no mention of a release date or casting.
It makes sense that Netflix might turn to anime. It can't really devote energy to a live action movie when a second season of the core show is already in the pipeline, but an animated movie is more feasible. And simply speaking, anime is in vogue at Netflix at the moment -- the company could ride two bandwagons at once this way. The rumors are true, a new Witcher story is in the works! The anime film, The Witcher: Nightmare of the Wolf, will take us back to a new threat facing the Continent. Brought to you by the Witcher team @LHissrich and @BeauDeMayo, and Studio Mir the studio behind Legend of Korra. — NX (@NXOnNetflix) January 22, 2020 Source: NX (Twitter)
Google helps publish the largest high-res map of brain connectivity A joint effort between Google and the Janelia Research Campus has just achieved a significant breakthrough in brain mapping. They've published the largest high-resolution map of brain connectivity to date, offering a 3D model of 25,000 fruit fly neurons across a diverse range of cell types and multiple brain regions. The team achieved the feat by cutting sections of the fly's brain into ultra-thin (20-micron) slices, imaging those pieces with electron streams from a scanning electron microscope and stitching them back together. The result is a sophisticated map with so few disruptions that it's practical to trace neurons through the brain.
Anyone can see and download the data, and there are papers both available and on the way detailing the work. The brain map won't accomplish much by itself. However, it could prove to be a treasure trove of data for scientists looking to understand fruit flies in particular or brain functionality at large.
With that said, it's important to temper expectations. Even as large as this map is, it represents just a quarter of the 100,000 neurons in a typical fruit fly. Most larger species' brains are considerably more complex, and a human's 86 billion neurons would take much, much more work to map correctly. This is an important moment, but it's ultimately a stepping stone.
Google Collections will save and organize your searches If you've ever attempted to find something you searched for on Google but didn't save, you know how frustrating that process can be. Google recognizes this, and it's introducing a new AI-powered Search feature that's meant to help. Today, it's launching Collections, which will group similar pages you've visited in Search. You'll be able to save the Collections, so that you can easily revisit them in the future.
Google will recommend Collections based on activities like cooking, shopping and hobbies. That could make it easier to keep track of a recipe you searched for last week or a wishlist purchase without digging through your history. Once you've saved a Collection, Google will use AI to recommend related websites, images, products and searches. You'll find those suggestions by clicking on the "Find More" button within a Collection. You'll also be able to share Collections and collaborate with others.
The new feature builds on the activity cards that Google introduced in 2018. At the time, Google said these AI-based recommendations will change the way we use the internet in the decades to come. The feature has a kind of Pinterest-esque quality, but it could be legitimately useful -- and perhaps a bit disturbing when you realize how much Google knows about your search habits.
Users around the globe can now share or collaborate on Collections, which you'll find in the Google App and on the web, in the side menu. Suggested Collections and recommendations begin rolling out today. Those features will be available first in the US.
With Project: Mara, Ninja Theory is now officially working on four separate projects. In addition to a sequel to Microsoft
PGA Tour highlight videos are coming to Facebook Watch You won't have to venture far beyond your Facebook feed to get a pro golf fix this year. The social network has reached a deal with the PGA Tour to bring daily round recaps and player-oriented highlight videos to Facebook Watch in 2020, starting with the Farmers Insurance Open on January 23rd. These will be "expanded" videos with material from both core TV broadcasts as well as the digital-only PGA Tour Live service. You should see coverage from 30-plus events like The Players Championship and FedExCup Playoffs.
You can also expect Watch Parties and other events as part of the arrangement.
This isn't as alluring as the live PGA coverage from 2018 -- you'll likely be watching long after that amazing swing or long-distance putt took place. It does show that Facebook is still committed to golf coverage, though, and reflects its determination to fill Watch with sports shows. It's clearly hoping the deluge of must-see plays will keep you on the site when you run out of cute pet clips.
Security researcher Bob Diachenko and Comparitech discovered the vulnerability on December 29th. Microsoft quickly fixed the issue two days later. It says the exposure was caused by a "misconfiguration" of one of its internal customer support databases. The company claims it found no evidence of "malicious use."
The server included conversation logs dating as far back as 2005 between Microsoft support personnel and customers from across the world. According to Comparitech, the database wasn't password-protected.
Microsoft says the "vast majority" of personal data that was exposed was redacted. However, Comparitech notes some information, such as email and IP addresses, was stored in plain text. Had someone been able to access the logs, they could have used them to more easily impersonate the company's support staff in a phishing scheme.
"We want to sincerely apologize and reassure our customers that we are taking it seriously and working diligently to learn and take action to prevent any future reoccurrence," Microsoft said. The company has started notifying people whose data was stored on the database.
In the wake of this latest exposure, Microsoft says it plans to audit its internal security rules, as well as implement additional tools to redact sensitive user information automatically. It will also put in place new and expanded alerts to notify its service teams when it detects a security misconfiguration.
For Microsoft, this is its second major data security incident tied to its customer support system in a single year. In April 2019, the company disclosed that hackers had used a customer support representative's credentials to breach the email accounts of some of its users. Ultimately, the issue in both cases is that internal support systems have almost unprecedented levels of access to user information, making them enticing targets to hackers. Dave Aitel, the chief security technology officer at Cyxtera, told Microsoft, Comparitech
Germany has to pay Microsoft for failing to upgrade from Windows 7 Last winter, Microsoft announced that Windows 7 would reach its end-of-life on January 14th, 2020. In other words, the company will not be releasing any updates for the operating system -- even crucial security patches -- after that date. The public had nearly a year to make the move to Windows 10, but Germany's government didn't upgrade in time. According to German newspaper loophole to upgrade to Windows 10 for free.
Seattle-area election will let residents vote by smartphone Claims that Americans could vote by phone have usually been hoaxes, but Seattle-area residents will get to try the real thing before long. NPR has learned that a King County board of supervisors election on February 11th will let all eligible voters cast their ballots by smartphone -- the first time this has been an option in the country. You'll have the mobile voting option from today (January 22nd) through to the actual election day.
The actual vote will require first entering your name and birthday on a mobile website, making your choice, verifying your submission and providing a signature on your touchscreen. As the state votes entirely by mail, it's theoretically easy to catch abuse by looking for signature mismatches. The county plans to print hard copies of these ballots to both help with matching and create a tangible record.
The aim, as is often the case with phone-based voting, is to boost turnout (which tends to be disproportionately low in the US). You may be more likely to vote if you don't even have to leave home. Bradley Tusk, the founder of the Tusk Philanthropies nonprofit funding the project, told NPR this could change how politicians behave knowing more of the public will make its voice heard. He hoped to back between 35 to 50 similar pilots over the next five years and use that to push for more widespread use of mobile voting.
This could serve as an experiment that gauges the effectiveness of smartphone-based voting in the US. At the same time, there are also widespread concerns that mobile votes could be prone to hacking and other attempts at interference. Russia gained access to voter databases in the 2016 federal election. What if it could interfere with the votes themselves? While physical copies of votes are helpful, they won't help if the digital versions are already bogus. It might require very tight monitoring to ensure that even these local votes are trustworthy, let alone voting across an entire country.
EA is shutting down its mobile 'Tetris' games EA is giving up on its mobile Tetris games. Tetris 2011 and Tetris Blitz have disappeared from the Play Store, and in the App Store, EA left a note for fans explaining that it will retire its Tetris app on April 21st, that includes Tetris 2011, Tetris Blitz and Tetris Premium.
EA hasn't given an explanation for retiring the games. It did say, "we have had an amazing journey with you so far but sadly, it's time to say goodbye." The decision likely comes down to licensing. EA was once the exclusive Tetris license holder, but that expired a while ago, and it appears EA just doesn't want to renew. Existing users should be able to continue playing the games until they expire in April.
Microsoft Office Update Switches Chrome Search Engine to Bing Microsoft is planning to use the Office 365 installer to forcibly switch Chrome users over to the company’s Bing search engine. Microsoft’s Office 365 ProPlus installer, used by businesses, will include a new Chrome extension next month that switches the default search engine to Bing. New installations of Office 365 ProPlus and updated installs will include the extension, as long as the default search engine in Chrome is not set to Bing. Microsoft is clearly marketing this to IT admins as enabling its Microsoft Search functionality in Chrome, but it also looks like a stealthy way of pushing people over to using Bing. If Bing is already set as the default search engine in Chrome, then the extension never gets installed. Microsoft is planning to roll this out in the US, UK, Australia, Canada, France, Germany, and India next month. Windows is an advertising platform. Get out while you can.
Google will provide 8 year of updates for Chromebooks When we first launched Chromebooks, devices only received three years of automatic updates. Over the years, we’ve been able to increase that to over six. Last fall, we extended AUE on many devices currently for sale, in many cases adding an extra year or more before they expire. This will help schools better select which devices to invest in and provide more time to transition from older devices. And now, devices launching in 2020 and beyond will receive automatic updates for even longer. The new Lenovo 10e Chromebook Tablet and Acer Chromebook 712 will both receive automatic updates until June 2028. So if you’re considering refreshing your fleet or investing in new devices, now is a great time. Eight years is a decent amount of time, especially since most Chromebooks are quite cheap so this longevity is really good value. I only wish Google were this dedicated to Android, too.
NomadBSD Speaking of using BSD as a general purpose operating system: NomadBSD is a persistent live system for USB flash drives, based on FreeBSD. Together with automatic hardware detection and setup, it is configured to be used as a desktop system that works out of the box, but can also be used for data recovery, for educational purposes, or to test FreeBSDs hardware compatibility. This seems like quite the polished and minimalist yet full-featured FreeBSD distribution to test out your hardware.
Wine 5.0 released This release represents a year of development effort and over 7,400 individual changes. It contains a large number of improvements that are listed in the release notes below. The main highlights are: Builtin modules in PE format. Multi-monitor support. XAudio2 reimplementation. Vulkan 1.1 support. Wine allows me to run virtually any Windows game I use on Linux including League of Legends, my most-played game so its a pretty amazing tool in my book. Since many people no longer directly interact with Wine, using it through tools like Steams compatibility tools or Lutris, instead, its easy to forget just how important of a project Wine really is.
WordPad is gettings ads in Windows 10 An upcoming feature of WordPad has been discovered by enthusiasts, revealing in-app ads that promote Microsoft Office. The change is hidden in recent Insider Preview builds, and not activated for most users. WordPad is a very simple text editor, more powerful than Notepad, but still less feature rich than Microsoft Word or LibreOffice Writer. It is good for creating a simple text document without complicated formatting. The more advertisements and preinstalled junkware Microsoft shoves into Windows 10, the more the otherwise decent operating system turns into a user-hostile joke. Apple is going down the same route with iOS, and everything about it just feels disgusting and sleazy. One of the many reasons I transitioned all my machines away from Windows and to Linux.
Apple dropped plan for encrypting backups after FBI complained Apple Inc dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters. The tech giant’s reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information. This once again just goes to show Apples privacy chest-thumping is nothing but marketing and grandstanding. This is effectively a backdoor for government agencies to use, and if the good guys! can use it, so can the bad guys. On top of that, this neatly ties into Apple handing over iCloud data to the Chinese government data that is most certainly being used by the Chinese regime in, among other things, its genocide of the Uyghurs. I prefer a company thats open and honest about what data it collects and uses and why Google over a company that purposefully tries to muddy the waters through marketing and grandstanding Apple. The devil you know and all that.
FreeBSD is an amazing operating system As mentioned previously, because FreeBSD is a real multi-purpose operating system with many different use cases, FreeBSD is very flexible and tuneable. Whether you want to run FreeBSD on your desktop computer or on your server, it provides many tuneable options that enables you to make it very performant. The options set out-of-the box may not suit your needs exactly, but then FreeBSD provides lots of documentation on how to get it to work as you need, and it provides a very helpful community with many people who has experience in dealing with many different situations and problems. I believe it is important to understand that FreeBSD is not like a GNU/Linux distribution. FreeBSD is an operating system made by developers who are also system administrators. This means that FreeBSD is supposed to be run by system administrators who understands how the system works. You cannot simply jump from something like Ubuntu, Fedora or OpenSUSE and then expect that you get the same experience on FreeBSD (I and a lot of other people would be extremely sad if that were the case). The BSDs just arent my thing. Im not a developer, and Im not a system administrator. Over the past six months or so, Ive moved all my machines and all my workflows over to Linux my laptop, my main PC (used for everything that isnt translating), and my office PC (for my translation work), and I couldnt be happier (in the interest of full disclosure, I do keep Windows around on my main PC for possible future Windows-only games, and I have a Windows 10 virtual machine on my office PC for some Windows-specific translation software I need to keep around). As I was planning this careful migration, I never once considered using any of the BSDs. For the simpler, almost exclusively desktop oriented work that I do, BSD just doesnt seem like the right tool for the job and thats okay, Im not the target audience and I suspect there are many people like me. I think the BSDs are stronger for not trying to be everything to all people, and this more focused development seems to be exactly why someone chooses BSD over Linux. And I see no reason why anybody should want to change that.
Google is working to bring official Steam support to Chrome OS Last week in Las Vegas while at CES, I spoke with Kan Liu, Director of Product Management for Googles Chrome OS. In a wide-ranging discussion about the Chrome platform and ecosystem, Liu dropped something of a bombshell on me: the Chrome team is working—very possibly in cooperation with Valve—to bring Steam to Chromebooks. The next question, of course, is just what sorts of games would even be worth playing on a Chromebook when run directly on local hardware. Currently, most Chromebooks have extremely limited 3D acceleration performance, with only the most recent devices like Samsungs Galaxy Chromebook possessing vaguely passable GPUs. Liu said we could expect that to change: more powerful Chromebooks, especially AMD Chromebooks, are coming. Liu would not explicitly confirm that any of these models would contain discrete Radeon graphics, but told us to stay tuned. This makes a lot of sense. Sure, you wont be running the latest and greatest AAA titles on Chromebooks any time soon, but Steam has a massive library of less intensive games and older titles that would run just fine on any mid-range Chromebook. On top of that, this would open Chromebooks up to Steams streaming feature.
The PinePhone starts shipping a Linux-powered smartphone for $150 Pine64 has announced that it is finally shipping the PinePhone, a smartphone that takes the rare step outside the Android/iOS duopoly and is designed to run mainline Linux distributions. The PinePhone starts shipping January 17 in the Braveheart! developer edition. An interesting device for sure, and the dip switches on the motherboard that act has hardware kill switches for things like the microphone and camera are pretty neat. I do take issue with the Linux-powered! as if thats some unique quality or anything. Save for the odd iPhone, every single smartphone in the world runs Linux. Maybe not in a form that adheres to your no true Scotsman idea of Linux, but 100% Linux nonetheless.
The new Microsoft Edge is out of preview and now available for download From this incredible momentum, today I’m pleased to announce the new Microsoft Edge is now available to download on all supported versions of Windows and macOS in more than 90 languages. Microsoft Edge is also available on iOS and Android, providing a true cross-platform experience. The new Microsoft Edge provides world class performance with more privacy, more productivity and more value while you browse. Our new browser also comes with our Privacy Promise and we can’t wait for you to try new features like tracking prevention, which is on by default, and provides three levels of control while you browse. The new Edge will also come to Linux, so this gives us yet another Chromium-based browser available on all platforms. Why, exactly, youd choose Edge over Chrome, Vivaldi, or any others is still not entirely clear to me, however.
Opening up the Baseboard Management Controller In 2011 Facebook announced the Open Compute Project to form a community around open-source designs and specifications for data center hardware. Facebook shared its hardware specs, which resulted in 38 percent less energy consumption and 24 percent cost savings compared with its existing data centers. What Facebook and other hyperscalers (Google, Microsoft, et al.) donate to the Open Compute Project are their solutions to the agonizing problems that come with running data centers at scale. Since then, the project has expanded to all aspects of the open data center: baseboard management controllers (BMCs), network interface controllers (NICs), rack designs, power busbars, servers, storage, firmware, and security. This column focuses on the BMC. This is an introduction to a complicated topic; some sections just touch the surface, but the intention is to provide a full picture of the world of the open-source BMC ecosystem, starting with a brief overview of the BMCs role in a system, touching on security concerns around the BMC, and then diving into some of the projects that have developed in the open-source ecosystem. A good overview.
The AlphaSmart dana in 2019 The AlphaSmart dana is technically a Palm OS PDA, in the same way that Hannibal Lecter is technically a famous chef. The dana does run Palm OS 4.0, but it has almost reversed priorities from a normal PDA. For example, I drafted college essays on a dana, but never used the calendar or address book until I began writing this article. In contrast, Palm OS founder Jeff Hawkins distilled the average PDA user’s needs down to, “All I really care about is calendars and address book and trying to coordinate with my secretary.” Palm designed their operating system to organize a social schedule, but AlphaSmart Inc. used that codebase to create a device that focused on expression rather than organization. AlphaSmart was founded by ex-Apple employees who designed simplified computers for classrooms that couldn’t afford high end computers. AlphaSmart achieved these lower costs by hyperfocusing on composition. Those lower costs became irrelevant as laptop prices dropped, but the hyperfocus on composition itself has become more relevant in an era of distraction. If we consider the dana as a device for producing drafts, even its flaws are transformed into strengths. The dana is the pinnacle of AlphaSmart’s writer-focused devices. Former Apple engineers Ketan Kothari and Joe Barrus created AlphaSmart in the early 90s to create word-processing computers. Kothari said that their goal was to allow the users to “focus on the words”. They floated their ideas in an education discussion board on FidoNet, and met up with a group of enthusiastic teachers to get feedback on a prototype device. The prototype was simply a full keyboard with an LCD display and the ability to store writing. The teachers liked it, but told the engineers they needed something with fewer keys, standard batteries, and a smaller form factor. Kothari and Barrus incorporated these few tweaks into their original AlphaSmart device. All future products kept this form factor: a reduced keyboard with an LCD screen, output ports, and a battery compartment. Future models introduced a handful of new features. The 1995 AlphaSmart Pro could connect to both PC and Mac computers. Five years later, the AlphaSmart 3000 introduced USB support. Then in 2002, the dana adapted Palm OS 4 to facilitate a much more capable machine. The dana included a touch screen, a backlight, proper file management, compatibility with loads of Palm applications, a larger screen, improved font rendering, and a plethora of ports including two SD card slots. The dana was the first of the AlphaSmart machines to use the Palm OS, and also the last. The dana was released at a retail cost of well over $500 adjusted for inflation. At that time, the lower end 600mhz iBook retailed for $1700 adjusted for inflation. As the cost and weight of laptops fell, AlphaSmart had to simplify their designs to compete with lower end laptops. They released the Neo which abandoned Palm OS and many of the dana’s features, but cost half as much as the dana. Initially, AlphaSmart aimed for a two tier product line with the cheaper Neo and the higher end dana. However, they found schools were reluctant to pay more without getting a full-blown laptop. AlphaSmart slightly upgraded the memory in the Neo, rebranded it as the Neo2, and continued for several years with this as their sole device. In 2013, even though the Neo2 sold as low as $119, it was finally killed off. There is no current successor, and the dana stands as the high water mark of AlphaSmart’s mission to create a machine with a focus on the words. The Machine Itself The dana is a text editor that theoretically could function as a complete word processor. In the same way that the calendar and address book were the center of Palm’s handhelds, AlphaWord is the software heart of the dana. AlphaWord has plenty of options for formatting, but I rarely go into them. I’m typing this on the dana right now, and I am focused entirely on the content. I’ve adjusted the font to 18 point Garamond bold, but that’s purely for visibility. The font will be stripped when I move the document onto my laptop. The dana can output RTF documents that preserve fonts, but it’s a bit awkward. Preserving the fonts requires squinting into the already blurry screen at smaller 12-point letters. The dana has so much word processing power that it can even print straight from the dana, but this feature just highlights how much the dana should not be used for a finished product. First, AlphaWord does not separate documents into pages. Documents are pure streams of text, which is perfect for a first draft. However, the pageless documents mean that the actual layout is a mystery until the document is printed. Next, the dana has quite a few technical printer issues. I connected to two cheap inkjet printers, and both ignored the dana. I connected to a Brother laser printer, and I believe it printed the correct number of pages, but they all came out blank. I found a couple large office-style copiers that could print the documents straight from AlphaWord, but they disregarded the font except for italics and bold. My favorite printer interaction was connecting to a thermal printer. I didn’t expect anything, but the cheap thermal printer spooled out anything the dana threw at it. The thermal printer completely disregarded all formatting on the dana, but there was something fitting in the stark receipt-like printouts coming from the simple keyboard. I experimented with sending some receipt-style list poetry to the thermal paper and was pleased with the output. However, I can’t imagine trying to read an essay off of a narrow scroll of receipt paper. While the dana can’t adequately print, Palm OS facilitates a plethora of ways to get documents off of the dana. USB keyboard emulation is both the best way to get material off of the dana, and the machine’s default setup. When connected to via a standard USB cable, the dana becomes
Google is seeking to deprecate Chrome’s User Agent string Google intends to deprecate the user agent string in Chrome. According to the proposal, the first step is to deprecate the “navigator.userAgent” method used to access the User Agent string, suggested to start in March with Chrome 81. This change won’t have any visible effect for most people, and websites will continue to work completely as normal. However, web developers will be given explicit warnings in the Chrome development console that retrieving the User Agent string is no longer a good idea. Next, with the release of Chrome 83 in June, Google will begin to freeze, or stop updating, the User Agent string with each update to Chrome. At the same time, Chrome will also “unify” the information shared about your device’s operating system, for example meaning that two computers on slightly different Windows 10 updates should have the same User Agent. This will eliminate one more potential fingerprinting method. Finally, beginning in September’s Chrome 85 release, every Chrome rowser running on a desktop operating system, such as Windows, macOS, or Linux, will report the exact same User Agent string, eliminating all possible User Agent fingerprinting. Similarly, Chrome 85 will unify the User Agent on mobile devices, though devices will apparently be lumped into one of a few categories based on screen size. User agent strings have long outlived their usefulness, and today only serve to artificially restrict browser access in the stupidest of ways. Im obviously not comfortable with Google spearheading this effort, so Im counting on a lot of scrutiny from the web community and other browser makers.
Amiga Java Since Java Grinder (a Java byte-code compiler) already supports the Motorola 68000 CPU with the Sega Genesis I figured it shouldnt be too hard to extend the MC68000.cxx class to support the Commodore Amiga computer. More specifically, the original Amiga 1000. Amazing.
Windows 7 is no longer supported beginning today Its the end of an era. Todays date, January 14, has been on the books for years now, and its the day that support ends for Windows 7 and Windows Server 2008. More specifically, extended support is ending for Windows 7 Service Pack 1, and Windows Server 2008 R2 Service Pack 1 and 2. There are, of course, workarounds. Microsoft is offering Extended Security Updates (ESUs) for those willing to pay up, and its only available for Windows 7 Professional and Enterprise. The price is going to be per-machine, and it will double every year. In other words, if youve got a business with multiple Windows 7 PCs, its going to be costly to keep them on the legacy OS. ESUs will be available for three years. You can get ESUs through volume licensing or through Microsoft 365. Windows 7 is 11 years old by now, and moving the operating system strictly to paid maintenance seems acceptable you cant expect operating systems to be maintained forever. This means that unless theyre planning on being irresponsible, Windows 7 users will have to start moving to Windows 10. They might want to download one of the many debloat programs, followed by a a tool that gives them strict control over Windows 10s leaky privacy settings. Or, you know, move to something else entirely.
Linux Journal Ceases Publication: An Awkward Goodbye by Kyle RankinIMPORTANT NOTICE FROM LINUX JOURNAL, LLC:On August 7, 2019, Linux Journal shut its doors for good. All staff were laid off and the company is left with no operating funds to continue in any capacity. The website will continue to stay up for the next few weeks, hopefully longer for archival purposes if we can make it happen. –Linux Journal, LLC
Final Letter from the Editor: The Awkward Goodbye
by Kyle Rankin
Have you ever met up with a friend at a restaurant for dinner, then after dinner you both step out to the street and say a proper goodbye, only when you leave, you find out that you both are walking in the same direction? So now, you get to walk together awkwardly until the true point where you part, and then you have another, second goodbye, that's much more awkward.
That's basically this post.
So, it was almost two years ago that I first said goodbye to Linux Journal and the Linux Journal community in my post "So Long and Thanks for All the Bash". That post was a proper goodbye. For starters, it had a catchy title with a pun. The post itself had all the elements of a proper goodbye: part retrospective, part "Thank You" to the Linux Journal team and the community, and OK, yes, it was also part rant. I recommend you read (or re-read) that post, because it captures my feelings about losing Linux Journal way better than I can muster here on our awkward second goodbye.
Of course, not long after I wrote that post, we found out that Linux Journal wasn't dead after all! We all actually had more time together and got to work fixing everything that had caused us to die in the first place. A lot of our analysis of what went wrong and what we intended to change was captured in my article Go to Full Article
Working in a Linux environment, how often have you seen a kernel panic? When it happens, your system is left in a crippled state until you reboot it completely. And, even after you get your system back into a functional state, you're still left with the question: why? You may have no idea what happened or why it happened. Those questions can be answered though, and the following guide will help you root out the cause of some of the conditions that led to the original crash.
Figure 1. A Typical Kernel Panic
Let's start by looking at a set of utilities known as kexec and kdump. kexec allows you to boot into another kernel from an existing (and running) kernel, and kdump is a kexec-based crash-dumping mechanism for Linux. Installing the Required Packages First and foremost, your kernel should have the following components statically built in to its image: CONFIG_RELOCATABLE=y CONFIG_KEXEC=y CONFIG_CRASH_DUMP=y CONFIG_DEBUG_INFO=y CONFIG_MAGIC_SYSRQ=y CONFIG_PROC_VMCORE=y You can find this in /boot/config-`uname -r`.
Make sure that your operating system is up to date with the latest-and-greatest package versions: $ sudo apt update && sudo apt upgrade Install the following packages (I'm currently using Debian, but the same should and will apply to Ubuntu): $ sudo apt install gcc make binutils linux-headers-`uname -r` ↪kdump-tools crash `uname -r`-dbg Note: Package names may vary across distributions.
During the installation, you will be prompted with questions to enable kexec to handle reboots (answer whatever you'd like, but I answered "no"; see Figure 2).
Figure 2. kexec Configuration Menu
And to enable kdump to run and load at system boot, answer "yes" (Figure 3).
Figure 3. kdump Configuration Menu Configuring kdump Open the /etc/default/kdump-tools file, and at the very top, you should see the following: Go to Full Article
Loadsharers: Funding the Load-Bearing Internet Person by Eric S. Raymond The internet has a sustainability problem. Many of its critical services depend on the dedication of unpaid volunteers, because they can't be monetized and thus don't have any revenue stream for the maintainers to live on. I'm talking about services like DNS, time synchronization, crypto libraries—software without which the net and the browser you're using couldn't function.
These volunteer maintainers are the Load-Bearing Internet People (LBIP). Underfunding them is a problem, because underfunded critical services tend to have gaps and holes that could have been fixed if there were more full-time attention on them. As our civilization becomes increasingly dependent on this software infrastructure, that attention shortfall could lead to disastrous outages.
I've been worrying about this problem since 2012, when I watched a hacker I know wreck his health while working on a critical infrastructure problem nobody else understood at the time. Billions of dollars in e-commerce hung on getting the particular software problem he had spotted solved, but because it masqueraded as network undercapacity, he had a lot of trouble getting even technically-savvy people to understand where the problem was. He solved it, but unable to afford medical insurance and literally living in a tent, he eventually went blind in one eye and is now prone to depressive spells.
More recently, I damaged my ankle and discovered that although there is such a thing as minor surgery on the medical level, there is no such thing as "minor surgery" on the financial level. I was looking—still am looking—at a serious prospect of either having my life savings wiped out or having to leave all 52 of the open-source projects I'm responsible for in the lurch as I scrambled for a full-time job. Projects at risk include the likes of GIFLIB, GPSD and NTPsec.
That refocused my mind on the LBIP problem. There aren't many Load-Bearing Internet People—probably on the close order of 1,000 worldwide—but they're a systemic vulnerability made inevitable by the existence of common software and internet services that can't be metered. And, burning them out is a serious problem. Even under the most cold-blooded assessment, civilization needs the mean service life of an LBIP to be long enough to train and acculturate a replacement.
(If that made you wonder—yes, in fact, I am training an apprentice. Different problem for a different article.)
Alas, traditional centralized funding models have failed the LBIPs. There are a few reasons for this: Go to Full Article
Documenting Proper Git Usage by Zack Brown Jonathan Corbet wrote a document for inclusion in the kernel tree, describing best practices for merging and rebasing git-based kernel repositories. As he put it, it represented workflows that were actually in current use, and it was a living document that hopefully would be added to and corrected over time.
The inspiration for the document came from noticing how frequently Linus Torvalds was unhappy with how other people—typically subsystem maintainers—handled their git trees.
It's interesting to note that before Linus wrote the git tool, branching and merging was virtually unheard of in the Open Source world. In CVS, it was a nightmare horror of leechcraft and broken magic. Other tools were not much better. One of the primary motivations behind git—aside from blazing speed—was, in fact, to make branching and merging trivial operations—and so they have become.
One of the offshoots of branching and merging, Jonathan wrote, was rebasing—altering the patch history of a local repository. The benefits of rebasing are fantastic. They can make a repository history cleaner and clearer, which in turn can make it easier to track down the patches that introduced a given bug. So rebasing has a direct value to the development process.
On the other hand, used poorly, rebasing can make a big mess. For example, suppose you rebase a repository that has already been merged with another, and then merge them again—insane soul death.
So Jonathan explained some good rules of thumb. Never rebase a repository that's already been shared. Never rebase patches that come from someone else's repository. And in general, simply never rebase—unless there's a genuine reason.
Since rebasing changes the history of patches, it relies on a new "base" version, from which the later patches diverge. Jonathan recommended choosing a base version that was generally thought to be more stable rather than less—a new version or a release candidate, for example, rather than just an arbitrary patch during regular development.
Jonathan also recommended, for any rebase, treating all the rebased patches as new code, and testing them thoroughly, even if they had been tested already prior to the rebase.
"If", he said, "rebasing is limited to private trees, commits are based on a well-known starting point, and they are well tested, the potential for trouble is low."
Moving on to merging, Jonathan pointed out that nearly 9% of all kernel commits were merges. There were more than 1,000 merge requests in the 5.1 development cycle alone. Go to Full Article
Earlier this year, I attended PyCon, the international Python conference. One topic, presented at numerous talks and discussed informally in the hallway, was the state of threading in Python—which is, in a nutshell, neither ideal nor as terrible as some critics would argue.
A related topic that came up repeatedly was that of "asyncio", a relatively new approach to concurrency in Python. Not only were there formal presentations and informal discussions about asyncio, but a number of people also asked me about courses on the subject.
I must admit, I was a bit surprised by all the interest. After all, asyncio isn't a new addition to Python; it's been around for a few years. And, it doesn't solve all of the problems associated with threads. Plus, it can be confusing for many people to get started with it.
And yet, there's no denying that after a number of years when people ignored asyncio, it's starting to gain steam. I'm sure part of the reason is that asyncio has matured and improved over time, thanks in no small part to much dedicated work by countless developers. But, it's also because asyncio is an increasingly good and useful choice for certain types of tasks—particularly tasks that work across networks.
So with this article, I'm kicking off a series on asyncio—what it is, how to use it, where it's appropriate, and how you can and should (and also can't and shouldn't) incorporate it into your own work. What Is asyncio? Everyone's grown used to computers being able to do more than one thing at a time—well, sort of. Although it might seem as though computers are doing more than one thing at a time, they're actually switching, very quickly, across different tasks. For example, when you ssh in to a Linux server, it might seem as though it's only executing your commands. But in actuality, you're getting a small "time slice" from the CPU, with the rest going to other tasks on the computer, such as the systems that handle networking, security and various protocols. Indeed, if you're using SSH to connect to such a server, some of those time slices are being used by sshd to handle your connection and even allow you to issue commands.
All of this is done, on modern operating systems, via "pre-emptive multitasking". In other words, running programs aren't given a choice of when they will give up control of the CPU. Rather, they're forced to give up control and then resume a little while later. Each process running on a computer is handled this way. Each process can, in turn, use threads, sub-processes that subdivide the time slice given to their parent process. Go to Full Article
Last year I wrote a feature-length article on the data backup system I set up for my RV (see Kyle's "DIY RV Offsite Backup and Media Server" from the June 2018 issue of LJ). If you haven't read that article yet, I recommend checking it out first so you can get details on the system. In summary, I set up a Raspberry Pi media center PC connected to a 12V television in the RV. I connected an 8TB hard drive to that system and synchronized all of my files and media so it acted as a kind of off-site backup. Finally, I set up a script that would attempt to sync over all of those files from my NAS whenever it detected that the RV was on the local network. So here, I provide an update on how that system is working and a few tweaks I've made to it since. What Works Overall, the media center has worked well. It's been great to have all of my media with me when I'm on a road trip, and my son appreciates having access to his favorite cartoons. Because the interface is identical to the media center we have at home, there's no learning curve—everything just works. Since the Raspberry Pi is powered off the TV in the RV, you just need to turn on the TV and everything fires up.
It's also been great knowing that I have a good backup of all of my files nearby. Should anything happen to my house or my main NAS, I know that I can just get backups from the RV. Having peace of mind about your important files is valuable, and it's nice knowing in the worst case when my NAS broke, I could just disconnect my USB drive from the RV, connect it to a local system, and be back up and running.
The WiFi booster I set up on the RV also has worked pretty well to increase the range of the Raspberry Pi (and the laptops inside the RV) when on the road. When we get to a campsite that happens to offer WiFi, I just reset the booster and set up a new access point that amplifies the campsite signal for inside the RV. On one trip, I even took it out of the RV and inside a hotel room to boost the weak signal. Go to Full Article
Why did David need to write this patch? Why weren't system calls already fairly easy to manage? When you make a system call, you add it to a master list, and then you add it to the system call "tables", which is where the running kernel looks up which kernel function corresponds to which system call number. Kernel developers need to make sure system calls are represented in all relevant spots in the source tree. Renaming, renumbering and making other changes to system calls involves a lot of fiddly little details. David's script simply would do everything right—end of story no problemo hasta la vista.
Arnd Bergmann remarked, "Ah, fun. You had already threatened to add that script in the past. The implementation of course looks fine, I was just hoping we could instead eliminate the need for it first." But, bowing to necessity, Arnd offered some technical suggestions for improvements to the patch.
However, Linus Torvalds swooped in at this particular moment, saying:
Ugh, I hate it.
I'm sure the script is all kinds of clever and useful, but I really think the solution is not this kind of helper script, but simply that we should work at not having each architecture add new system calls individually in the first place.
IOW, we should look at having just one unified table for new system call numbers, and aim for the per-architecture ones to be for "legacy numbering".
Maybe that won't happen, but in the _hope_ that it happens, I really would prefer that people not work at making scripts for the current nasty situation.
And the portcullis came crashing down.
It's interesting that, instead of accepting this relatively obvious improvement to the existing situation, Linus would rather leave it broken and ugly, so that someone someday somewhere might be motivated to do the harder-yet-better fix. And, it's all the more interesting given how extreme the current problem is. Without actually being broken, the situation requires developers to put in a tremendous amount of care and effort into something that David's script could make trivial and easy. Even for such an obviously "good" patch, Linus gives thought to the policy and cultural implications, and the future motivations of other people working in that region of code.
Note: if you're mentioned above and want to post a response above the comment section, send a message with your response text to firstname.lastname@example.org. Go to Full Article
Experts Attempt to Explain DevOps--and Almost Succeed by Bryan Lunduke What is DevOps? How does it relate to other ideas and methodologies within software development? Linux Journal Deputy Editor and longtime software developer, Bryan Lunduke isn't entirely sure, so he asks some experts to help him better understand the DevOps phenomenon.
The word DevOps confuses me.
I'm not even sure confuses me quite does justice to the pain I experience—right in the center of my brain—every time the word is uttered.
It's not that I dislike DevOps; it's that I genuinely don't understand what in tarnation it actually is. Let me demonstrate. What follows is the definition of DevOps on Wikipedia as of a few moments ago:
DevOps is a set of software development practices that combine software development (Dev) and information technology operations (Ops) to shorten the systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives.
I'm pretty sure I got three aneurysms just by copying and pasting that sentence, and I still have no clue what DevOps really is. Perhaps I should back up and give a little context on where I'm coming from.
My professional career began in the 1990s when I got my first job as a Software Test Engineer (the people that find bugs in software, hopefully before the software ships, and tell the programmers about them). During the years that followed, my title, and responsibilities, gradually evolved as I worked my way through as many software-industry job titles as I could: Automation Engineer: people that automate testing software. Software Development Engineer in Test: people that make tools for the testers to use. Software Development Engineer: aka "Coder", aka "Programmer". Dev Lead: "Hey, you're a good programmer! You should also manage a few other programmers but still code just as much as you did before, but, don't worry, we won't give you much of a raise! It'll be great!" Dev Manager: like a Dev Lead, with less programming, more managing. Director of Engineering: the manager of the managers of the programmers. Vice President of Technology/Engineering: aka "The big boss nerd man who gets to make decisions and gets in trouble first when deadlines are missed." During my various times with fancy-pants titles, I managed teams that included: Go to Full Article
DNA Geometry with cadnano by Joey Bernard This article introduces a tool you can use to work on three-dimensional DNA origami. The package is called cadnano, and it's currently being developed at the Wyss Institute. With this package, you'll be able to construct and manipulate the three-dimensional representations of DNA structures, as well as generate publication-quality graphics of your work.
Because this software is research-based, you won't likely find it in the package repository for your favourite distribution, in which case you'll need to install it from the GitHub repository.
Since cadnano is a Python program, written to use the Qt framework, you'll need to install some packages first. For example, in Debian-based distributions, you'll want to run the following commands: sudo apt-get install python3 python3-pip I found that installation was a bit tricky, so I created a virtual Python environment to manage module installations.
Changing directory into the source directory, you can build and install cadnano with: python setup.py install Now your cadnano should be available within the virtualenv.
You can start cadnano simply by executing the cadnano command from a terminal window. You'll see an essentially blank workspace, made up of several empty view panes and an empty inspector pane on the far right-hand side.
Figure 1. When you first start cadnano, you get a completely blank work space.
In order to walk through a few of the functions available in cadnano, let's create a six-strand nanotube. The first step is to create a background that you can use to build upon. At the top of the main window, you'll find three buttons in the toolbar that will let you create a "Freeform", "Honeycomb" or "Square" framework. For this example, click the honeycomb button.
Figure 2. Start your construction with one of the available geometric frameworks. Go to Full Article
Virtualization has always been a rich man's game, and more frugal enthusiasts—unable to afford fancy server-class components—often struggle to keep up. Linux provides free high-quality hypervisors, but when you start to throw real workloads at the host, its resources become saturated quickly. No amount of spare RAM shoved into an old Dell desktop is going to remedy this situation. If a properly decked-out host is out of your reach, you might want to consider containers instead.
Instead of virtualizing an entire computer, containers allow parts of the Linux kernel to be portioned into several pieces. This occurs without the overhead of emulating hardware or running several identical kernels. A full GUI environment, such as GNOME Shell can be launched inside a container, with a little gumption.
You can accomplish this through namespaces, a feature built in to the Linux kernel. An in-depth look at this feature is beyond the scope of this article, but a brief example sheds light on how these features can create containers. Each kind of namespace segments a different part of the kernel. The PID namespace, for example, prevents processes inside the namespace from seeing other processes running in the kernel. As a result, those processes believe that they are the only ones running on the computer. Each namespace does the same thing for other areas of the kernel as well. The mount namespace isolates the filesystem of the processes inside of it. The network namespace provides a unique network stack to processes running inside of them. The IPC, user, UTS and cgroup namespaces do the same for those areas of the kernel as well. When the seven namespaces are combined, the result is a container: an environment isolated enough to believe it is a freestanding Linux system.
Container frameworks will abstract the minutia of configuring namespaces away from the user, but each framework has a different emphasis. Docker is the most popular and is designed to run multiple copies of identical containers at scale. LXC/LXD is meant to create containers easily that mimic particular Linux distributions. In fact, earlier versions of LXC included a collection of scripts that created the filesystems of popular distributions. A third option is libvirt's lxc driver. Contrary to how it may sound, libvirt-lxc does not use LXC/LXD at all. Instead, the libvirt-lxc driver manipulates kernel namespaces directly. libvirt-lxc integrates into other tools within the libvirt suite as well, so the configuration of libvirt-lxc containers resembles those of virtual machines running in other libvirt drivers instead of a native LXC/LXD container. It is easy to learn as a result, even if the branding is confusing. Go to Full Article
Page last modified on October 08, 2013, at 07:08 PM