All the News that Matters

• Fedora 29: jbig2dec FEDORA-2019-55973f4ef8
  rebase to 0.16 (bz #1741605)

• Fedora 30: thunderbird FEDORA-2019-cffb7e7911
  Update to latest upstream version.

• Fedora 30: jbig2dec FEDORA-2019-686ecf43f4
  rebase to 0.16 (bz #1741605)

• Fedora 31: openconnect FEDORA-2019-6969467639
  Update to 8.05 release (CVE-2019-16239)

• Fedora 31: bird FEDORA-2019-ff0f9ce167
  BIRD 2.0.6 (2019-09-10) * BGP: Optional Adj-RIB-Out * BGP: Extended optional parameters length * Filter: Sets and set expressions in path masks * Several important bugfixes

• Fedora 31: blis FEDORA-2019-27e101fdc3
  Don't call popen on ARM (in case it's run with privileges). Also replace patch to use FMA with simd pragma.

• Debian: DSA-4523-1: thunderbird security update
  Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, information disclosure and a covert content attack on S/MIME encryption using a crafted multipart/alternative message.

• Debian LTS: DLA-1919-2: linux-4.9 security update
  Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

• openSUSE: 2019:2138-1: important: skopeo
  An update that fixes one vulnerability is now available.

• openSUSE: 2019:2137-1: important: buildah
  An update that fixes one vulnerability is now available.

• Mageia 2019-0282: wireguard security update
  Updated wireshark packages fix security vulnerability: The Gryphon dissector could go into an infinite loop. For other fixes in this update, see the referenced releasenotes.

• Mageia 2019-0281: webkit2 security update
  Updated webkit2 packages fix security vulnerabilities: Processing maliciously crafted web content may lead to arbitrary code execution. Multiple memory corruption issues were addressed with improved memory handling (CVE-2019-8644).

• GNOME 3.34 released - coming soon in Fedora 31
  Today the GNOME project announced the release of GNOME 3.34. This latest release of GNOME will be the default desktop environment in Fedora 31 Workstation. The Beta release of Fedora 31 is currently expected in the next week or two, with the Final release scheduled for late October. GNOME 3.34 includes a number of new […]

• Meet PineTime: A $25 Linux Smartwatch in Making
  After budget friendly Pine Tab, Pine Phone and Pine Notebook, PINE64 just revealed that it is working on a Linux based smartwatch called PineTime. It should cost around $25 when it is available.

• Software Defined Storage And Object Storage In The Era Of Cloud And IoT
  Brief History of Storage and evolvement of Software defined Storage and Object Storage

• Proprietary Software Giants Tell Open Source 'Communities' That Proprietary Software Giants Are 'Friends'
  The openwashing services of the so-called 'Linux' Foundation are working; companies that are inherently against Open Source are being called "Open" and some people are willing to swallow this bait (so-called 'compromise' which is actually surrender to proprietary software regimes)

• Just some of the games coming to Linux in 2019, the September edition
  It's been quite a while since we had a listicle of interesting games gearing up for release on Linux in 2019, let's take a fresh look today.

• How To List Users and Groups on Linux
  On Linux, as a system administrator, you often want to have a complete list of all the users and all the groups on your host. It is quite crucial for security purposes to make sure that you have the correct amount of users and that you didn’t forget to delete some. There are several ways to list users and groups on Linux.

• An introduction to Virtual Machine Manager
  In my series about GNOME Boxes, I explained how Linux users can quickly spin up virtual machines on their desktop without much fuss. Boxes is ideal for creating virtual machines in a pinch when a simple configuration is all you need.

• Are Application Servers Dying a Slow Death?
  There has been concern for nearly five years application servers are dead. Truth be told, they are not dead, but is their usage in decline? The simple answer is yes. Over the years, it appears corporate environments have decided the return on investment is not there when looking at Java application servers. On the surface, one might assume that the likes of WebSphere or WebLogic might be the ones in decline due to cost.

• Akademy 2019 Wednesday and Thursday BoF Wrapup
  Wednesday continued the Akademy BoFs, group sessions and hacking in the morning followed by the daytrip in the afternoon to Lake Como, to have some fun, get away from laptops and get to know each other better. Thursday was back to BoFs, meetings and hacking culminating in a wrapup session at the end covering the last two days so that what happened in the different rooms can be shared with everyone including those not present.

• FOSS painting program Krita now has the Linux version on Steam
  Okay, not exactly gaming news but good to see anyway. Krita, the high quality FOSS painting program now has a Linux version available on Steam.

• Always Launch Terminal as root User (sudo) in Ubuntu
  This tutorial shows you how to configure the Ubuntu terminal to start with root permissions.

• How to Install Etherpad on Debian 9
  Etherpad is a real-time editor that is web-based and comes as an open-source package. This application allows users to simultaneously edit documents in real time and to see the differences through the use of colored text. In this article, we will show you how to install Etherpad on a managed Debian 9 server.

• Unknown Worlds are dumping the Linux version of Natural Selection 2
  Some sad news to share this Friday evening, as Unknown Worlds Entertainment have announced they're calling it a day for the Linux version of Natural Selection 2.

• 3rd gen kit for embedded linux self-training is Raspberry Pi B-based
  The 3rd generation Embedded Linux Learning Kit from Intellimetrix includes a Raspberry Pi 3B board, a Pi HAT with peripherals, power supply, cables and Linux software. It also features a manual tailored specifically for self-teaching yourself embedded Linux. Intellimetrix has announced the immediate availability of the third generation of its Embedded Linux Learning Kit (E.L.L.K.). […]

• Gunzip Command in Linux
  Gunzip is a command-line tool for decompressing Gzip files. Gzip is one of the most popular compression algorithms that reduce the size of a file and keep the original file mode, ownership, and timestamp. By convention, files compressed with Gzip are given either the .gz or .z extension. In this tutorial, we will explain how to use the gunzip command.

• Starship Is A Minimal And Fast Shell Prompt Written In Rust
  Starship is not only minimal, always out of your way and only showing information when needed, but it's also fast and highly customizable, so you can have it look very fancy if you wish. Written in Rust, the prompt is supposed to work with most common shells on most common operating systems.

• Automate your Linux system tasks with cron
  It's all about timing with cron, the scheduling daemon. Cron allows system administrators to schedule and automate scripted tasks with ease and precision.

• How to Install Lighttpd with PHP, MariaDB and Let's Encrypt SSL on Debian 10
  Lighttpd is a free, open-source and high-speed webserver specially designed for speed-critical environments. In this tutorial, we will learn how to install Lighttpd on Debian 10 with PHP-FPM and MariaDB support and we will secure the webserver with a Let's Encrypt SSL certificate.

• Microsoft Pays the Linux Foundation for Academy Software Foundation, Which the Linux Foundation is Outsourcing to Microsoft
  Microsoft has just bought some more seats and more control over Free/Open Source software; all it had to do was shell out some 'slush funds'

• Why the founder of Apache is all-in on blockchain
  Brian Behlendorf is perhaps best known for being a co-founder of the Apache Project, which became the Apache Software Foundation. Today, he's the executive director of the Hyperledger Foundation, an organization focused on enterprise-grade, open source, distributed ledgers (better known as blockchains). He also says he "put the first ad banner online and have been apologizing ever since."read more

• Pine64 Confirms $25 'PineTime' Smartwatch for Linux Smartphones
  Besides their Linux laptops, single-board computers, and tablets, Pine64 is now also working on "PineTime," a new $25 smartwatch for Linux smartphones running open source software (and based on either ARM Mbed or FreeRTOS), reports Liliputing.com:  The company describes the PineTime watch as a companion for Linux smartphones... you know, like the company's upcoming $150 PinePhone. For either or both of those reasons, it could appeal to folks who may not have wanted in on the smartphone space until now...   The PineTime uses an existing watch body that's used by other device makers, but Pine64 is choosing custom internal hardware. The PineTime will support Bluetooth 5.0, a heart rate monitor, and multi-day battery life and the watch features a zinc alloy & plastic case and comes with a charging dock...   At this point the PineTime is described as a side project, which means it's not a top priority for Pine64. While the company says the picture above is an actual photo of a prototype, Pine64 is still seeking software developers interested in contributing to the project, and the company's primary focus at this point will still be other upcoming devices like the PineBook Pro laptop and PinePhone smartphone.
          
  
  Read more of this story at Slashdot.
  

• Linux 5.3 Released
  "Linux 5.3 has been released," writes diegocg:  This release includes support for AMD Navi GPUs; support for the umwait x86 instructions that let processes wait for short amounts of time without spinning loops; a 'utilization clamping' mechanism that is used to boost interactivity on power-asymmetric CPUs used in phones; a new pidfd_open(2) system call that completes the work done to let users deal with the PID reuse problem; 16 millions of new IPv4 addresses in the 0.0.0.0/8 range are made available; support for Zhaoxin x86 CPUs; support Intel Speed Select for easier power selection in Xeon servers; and support for the lightweight hypervisor ACRN, built for embedded IoT devices. As always, many other new drivers and improvements can be found in the changelog.
          
  
  Read more of this story at Slashdot.
  

• Online Lenders Publicly Shame Debtors in the Philippines Using Their Facebook Contacts
  A man named Roger was surprised to hear from an old college friend after all these years, reports the Philippine Daily Inquirer -- and even more surprised to find out why.  What she wanted to know was why he gave her number to an online lending company that was hounding him at that time. The company told her that he was in debt and needed to pay up. Roger took out a loan using the company's app back in May, after seeing an ad on Facebook. His payment had been overdue for a week when the company contacted his college friend. But in fact he didn't give the company her number. The company tapped his contact list, then messaged his college friend to get him to make good on his debt. The company also called his wife and threatened to report him to his boss so he would lose his job. Roger, 26, has since paid back the loan. And he vowed to never use the app again...   Roger is not alone. The National Privacy Commission (NPC) has reported receiving 921 formal complaints since July 2018 about online lending companies who publicly shame borrowers to get them to pay up... Three companies are facing cases filed by the NPC for violating the Data Privacy Act of 2012... Privacy Commissioner Raymund Enriquez Liboro earlier released copies of the investigators' fact-finding reports, which recommended criminal prosecution of the board members of the three companies. "The investigation determined that their business practice specifically targets the privacy of persons, practically making a profit out of people's fear of losing face and dignity. These unethical practices simply have no place in a civilized society and must stop," Liboro then said...   In an affidavit sent to the NPC, one complainant said Fast Cash threatened to post her selfies on Facebook. Another said the CashLending app changed her profile picture on Facebook to an obscene picture... None of these would have happened unless the users gave permission to these apps. But many users backed into a corner by circumstance didn't have a choice. Roger, for one, said he could not use the app unless he agreed that the company could access his contacts... [T]he NPC argued that although the users gave their approval, the lack of easily understandable and clear information, among other factors, meant that it was not a "valid" consent... Among the charges filed against the companies are noncompliance with the legal requirements of processing personal data, as well as malicious and unauthorized disclosure. Their operators may face imprisonment of up to seven years and fines of not more than P5 million [about $97,000 U.S. dollars] under the Data Privacy Act of 2012.     One person who filed a formal complaint with the government later received a discouraging text message from the company in question. "Before you sue us, we already [sent] a text blast to all of your contacts. We know your home address, your office and even your ugly face. Good luck with your privacy law."
          
  
  Read more of this story at Slashdot.
  

• FCC Fails, Robocalls (and Complaints) Increase, Along with Number-Hijacking
  "Despite new initiatives by the Federal Communications Commission (FCC) and carriers, robocalls aren't on the wane," reports Forbes.   "Americans are still facing a scourge of 200 million unwanted robocalls a day, according to a report from Transaction Network Services (TNS), a major telecommunications network and services company. And nearly 30% of all U.S. calls were negative (nuisance, scam or fraud calls) in the first six months of the year, TNS said..."  Nuisance calls jumped 38% from the third quarter of last year, while high-risk calls -- such as scammers targeting identity theft -- were up 28%, TNS said. And the FCC actually saw an 8% increase year-over year in consumer robocall complaints when comparing February-June 2019 to February-June 2018, as cited by TNS in the report. There is a limit to what major U.S. carriers can do. They are only a small part of the problem, TNS said. While 70% of all calls (normal calls and unwanted calls) come from major U.S. carriers, only 12% of the high-risk calls are from the big carriers. That means the problem lies with lesser-known providers...   A growing threat is robocall hijacking -- when a subscriber's number is hijacked by a bad guy -- doubling over last year's figure, TNS said. TNS estimates that 1 in 1,700 numbers were hijacked by spoofers in 28 day-period. In the last report the frequency was only 1 in 4,000. In one case of hijacking, a spoofer placed over 36,000 scam calls in a 3-day period according to the TNS report.   Another spoofing threat cited in the report is that of legitimate toll-free numbers of leading tech companies. Here, the scammer will claim there is something wrong with the victim's account at the company and try to get personal information.   You can stop getting robocalls with a "simple but very effective" solution, according to the article. Both Android and iOS phones have a "Do Not Disturb" option in Settings -- so just enable that for everyone except your own contacts.
          
  
  Read more of this story at Slashdot.
  

• 'King of Kong' Billy Mitchell Argues He Was Framed for Donkey Kong Cheating, Threatens Legal Action
  "Billy Mitchell, the former Donkey Kong and Pac-Man high-score champion made famous in the 2007 film The King of Kong, has threatened legal action against the sanctioning bodies who threw out all of Mitchell's high scores in April 2018 after finding that two were illegitimate," reports Polygon. This week, lawyers for Mitchell sent a letter to Twin Galaxies and Guinness World Records demanding that both "retract their claims against Billy Mitchell" and restore the scores to their world record leaderboards, where Mitchell had been a fixture since the early 1980s... The letter to Twin Galaxies alleges that it defamed Mitchell, both in its findings and in later posts to their website.  In banning Mitchell, Twin Galaxies also vacated records that were not in question, and banned Mitchell from further participation in their leaderboards. One of Mitchell's records thrown out was a "perfect score" in Pac-Man (reaching the maximum number of points available in its 255 levels). Mitchell's attorneys say Twin Galaxies implied that score was tainted by cheating, too.   Guinness, say the lawyers, cited that disqualification in its 2019 Gamers Edition compilation of records in saying that Mitchell's "submitted scores were obtained while using [the emulator] MAME," which the attorneys take to mean as applying to all of Mitchell's scores, from 1982 to present day. They say that is factually incorrect and also impossible, as MAME was created in 1997...   The letter also alleges that Twin Galaxies "did not provide Billy Mitchell fair opportunity to provide evidence to prove his innocence," and that "specific evidence was accepted, while evidence of equal stature was rejected."  A 156-page package summarizing Mitchell's defense has been posted in Reddit's videogame speedrunning forum. It argues that the documentary's makers actually have filmed footage in which a videotaped high-score attempt at Funspot Arcade is clearly announced to be "not a score submission. This is for entertainment purposes only." And while the film-makers show that score being submitted, "this was only acting done for the movie...the scoreboard shown by the movie was forged.... Actually, in the King of Kong movie, the tape I hand Doris Self is a WWE Wrestling tape, not my 1,047,200 performance... The movie's portrayal that I submitted this performance is fictitious."   Mitchell's documents say that that score was submitted later -- without his permission -- by a referee for Twin Galaxies, arguing that the footage suffers from a compromised chain of custody. The documents even include emails written by the owner of the web site fuckbillymitchell.com "saying he has a 'master plan' to take Billy Mitchell down," along with statements from two separate witnesses who say that man had even at one point asked for help in how to fake footage of a videogame.   "I find the current accusation of Mitchell too close to exactly what Richard planned in 2009 to be overlooked."
          
  
  Read more of this story at Slashdot.
  

• Inspired By Harry Potter, 150 Colleges Now Have Quidditch Teams
  A reporter for SFGate describes what happened when he tried out for the quidditch team at the University of California at Berkeley:  The person throwing me what's called a "quaffle" (actually a slightly deflated volleyball) looked at me to make sure I'm ready. I gave them a head nod and grip my "broom" (a PVC pipe), ready to run. "GO!" I run 20 feet and turn back to catch the ball. Success!   But as I take my next step, I get decked by team captain Dara Gaeuman, fall to the ground, drop the quaffle, re-grab the quaffle, get back up, run over to the hoop and score. It's a triumphant moment for my post-healthy, 33-year-old self, regardless of the fact that this a drill. On the first day of practice. Of a sport I'm playing for the first time. With people who likely weren't born when the first Harry Potter book came out....   [I]n 2005, a pair of students at Middlebury College -- Xander Manshel and Alex Benepe -- translated quidditch into a non-flying sport. The game used to be played on wooden brooms until a few years ago when the game got too rough. There are still chasers (offensive players), beaters (defenders), seekers, keepers (like a goalie in hockey or soccer) and quaffles (again the balls, stay with me here) and bludgers (slightly deflated dodgeballs). But here the snitch is actually a person with sock-like pouch attached to their lower back that has to be snatched by the seekers, while the snitch tries to evade them... Almost 15 years after its inception, real-world quidditch has grown into a global phenomenon, with an International Quidditch Association (IQA) that has a World Cup every two years, a couple of semi-pro leagues, several regional and national leagues and more than 150 colleges and universities with club teams.   During practice, Chanun Ong, a sophomore returning for his second year on the team, tells a freshman, "I wasn't a big Harry Potter fan, but this sport is pretty legit."  There's a short video of the quidditch practice, and the the article's author remembers some crucial advice he received from one of the players. "Scrunch your body down if someone is about to throw a bludger at you, so you're a harder target to hit."   Although he also acknowledges that most of the people watching the two-hour practice "were passersby trying to figure out what the hell is going on."
          
  
  Read more of this story at Slashdot.
  

• The Next Energy-Efficient Architecture Revolution: A House Built By Robots
  "Erecting a new building ranks among the most inefficient, polluting activities humans undertake," reports Qz. "The construction sector is responsible for nearly 40% of the world's total energy consumption and CO2 emissions, according to a UN global survey. A consortium of Swiss researchers has one answer to the problem: working with robots."    Over four years, 30 different industry partners joined a team of experts at ETH Zurich university for a cutting-edge "digital fabrication" project: building the DFAB House. Timber beams were assembled by robots on site, it used 60% less cement, and it features some amazing ceilings printed with a large-scale 3D sand printer.  "This is a new way of seeing architecture," says Matthias Kohler, a member of DFAB's research team. The work of architects has long been presented in terms of designing inspiring building forms, while the technical specifics of construction has been relegated to the background. Kohler thinks this is quickly changing. "Suddenly how we use resources to build our habitats is at the center of architecture," he argues. "How you build matters."   DFAB isn't the first building project to use digital fabrication techniques. In 2014, Chinese company WinSun demonstrated the architectural potential of 3D printing by manufacturing 10 single-story houses in one day. A year later, the Shanghai-based company also printed an apartment building and a neoclassical mansion, but these projects remain in the development phase. Kohler explains that beating construction speed records wasn't necessarily their goal. "Of course we're interested in gaining breakthroughs in speed and economy, but we tried to hold to the idea of quality first," he says. "You can do things very, very fast but that doesn't mean that it's actually sustainable...."   Beyond the experimental structure in Switzerland, Kohler and Dillenburger explain that they're interested in fostering a dialogue with the global architecture and construction sectors. They've published their open-source data sets and have organized a traveling exhibition titled "How to Build a House: Architectural Research in the Digital Age," opening at the Cooper Union in New York this week.
          
  
  Read more of this story at Slashdot.
  

• Ask Slashdot: Can A Lack of Privacy Be Weaponized?
  Slashdot reader dryriver asks a scary what-if question about the detailed digital profiles of our online and offline lives that are being created by "hundreds of privately owned, profit-driven companies operating with no meaningful oversight."  Digital profiles are just a collection of 1s and 0s and are wide open to digital tampering or digital distortion. You could easily be made to appear to have done just about anything from visiting questionnable websites on the dark web, to buying things that you never actually bought or would have an interest in buying, to being in places in the physical world at given dates and times that you would never actually visit in real life. In other words, your digital profile(s) may make you appear to be a completely different person, doing completely different things, from who you objectively are in actuality.   For now, these digital profiles mostly sit in data centers around the world, and try to serve ads to you. But what happens if someday your digital profile is weaponized against you?   What happens in a situation where you need to prove that you are a morally upright, law-abiding person, and your digital profile(s) are accessed, and claim that you are anything but a moral, law-abiding person? What happens if these digital profiles are someday routinely examined by courts of law to determine whether you are a person of good character or not?   What happens if one of your digital profiles is purposely leaked into the public realm someday, and your "digital mirror image" did all sorts of crappy things that you, in real life, would never do?
          
  
  Read more of this story at Slashdot.
  

• Google's Search Results Begin Prioritizing 'Original Reporting'
  In the future Google will promote news articles that feature original reporting in its search results, the Hill reports.   "While we typically show the latest and most comprehensive version of a story in news results, we've made changes to our products globally to highlight articles that we identify as significant original reporting," Richard Gingras, Google's vice president of news, said in a blog post. "Such articles may stay in a highly visible position longer. This prominence allows users to view the original reporting while also looking at more recent articles alongside it." On top of the change for individual articles, Google's search raters will also begin identifying outlets that have a track record of original reporting in order to boost their content in search results...   For Google, the shift will mostly come in a change in guidelines for the 10,000 employees at the company who operate its search algorithms. The guidelines will now emphasize promoting an article that "provides information that would not otherwise have been known had the article not revealed it." And it will push raters to boost outlets with strong journalistic reputations. "Prestigious awards, such as the Pulitzer Prize award, or a history of high quality original reporting are strong evidence of positive reputation," the new guidelines read.
          
  
  Read more of this story at Slashdot.
  

• IOS 13 Lock Screen Lets Anyone See Your Address Book
  Slashdot reader dryriver writes:  A security researcher discovered that if you get your hands on someone else's iThing running iOS 13, and place a phone call to it, you can choose to respond with a TXT message, and get to see the contents of the address book on the iThing without actually getting past the lock screen...   The security researcher who found the flaw was not financially rewarded or acknowledged by Apple, but rather given the cold shoulder.   The security researcher says all he'd wanted was a $1 Apple Store card to keep as a trophy, according to The Register:  The procedure, demonstrated below in a video, involves receiving a call and opting to respond with a text message, and then changing the "to" field of the message, which can be accomplished via voice-over. The "to" field pulls up the owner's contacts list, thus giving an unauthorized miscreant the ability to crawl through the address book without ever needing to actually unlock the phone.   They also report that while the insecure-lock-screen iOS 13 will be officially released on September 19, a fixed version, iOS 13.1, "is due to land on September 30."
          
  
  Read more of this story at Slashdot.
  

• Python 2 Sunsets in 107 Days. JPMorgan Isn't Ready
  In 107 days, Python 2 -- first released in 2000 -- will officially sunset, according to an announcement this week by "volunteers who make and take care of the Python programming language."   But according to TechRepublic, not everybody is ready: Given Python's popularity and ubiquity, the amount of business logic hinging on Python is quite vast, presenting an issue for organizations still clinging to Python 2. JPMorgan's Athena trading platform is one of those applications -- while access has only been available directly to clients since 2018, the Athena platform is used internally at JPMorgan for pricing, trading, risk management, and analytics, with tools for data science and machine learning. This extensive feature set utilizes over 150,000 Python modules, over 500 open source packages, and 35 million lines of Python code contributed by over 1,500 developers, according to data presented by Misha Tselman, executive director at J.P. Morgan Chase in a talk at PyData 2017.   Migrating 35 million lines of code from Python 2 to Python 3 is quite the undertaking -- and JPMorgan is going to miss the deadline, according to eFinancialCareers, stating that JPMorgan's roadmap puts "most strategic components" compatible with Python 3 by the end of Q1 2020 -- that is, three months after the end of security patches -- with "all legacy Python 2.7 components" planned for compatibility with Python 3 by Q4 2020.   Modern developer practices are needed to maintain a project of this scale -- fortunately, JPMorgan uses Continuous Delivery, with 10,000 to 15,000 production changes per week, according to Tselman.   The eFinancialCareers site argues that banks "have been dragging their feet," adding that JPMorgan is not the only bank that still hasn't migrated to Python 3.  The Python volunteers are pointing concerned individuals to the Python 2.7 Countdown Clock, and their announcement also links to a list of support and migration vendors, adding "If you can pay to hire someone to help you, post on the job board or hire a consultant. If you need free help from volunteers, look at this help page."
          
  
  Read more of this story at Slashdot.
  

• The 'World's Safest' Bike Helmet Has A Built-in Airbag
  H&âOEouml;vding spent four years developing their next-generation bicycle helmet, the Metro reports:  Easier to use, adjustable and enabled with Bluetooth technology, the helmet, according to H&âOEouml;vding 's CEO Frederik Carling, is the world's safest. Donning advanced airbag tech and functions such as the ability to contact next-of-kin in the event of an accident, Frederik and the team spent years surveying people to make the kit as bespoke, safe and desirable as possible. Fredrik says: "Our surveys of cyclists in seven major European cities show that 70% would cycle more if they felt safer. We have focused on this and want to contribute to greater safety."    New features include the new patented airbag, along with an upgraded battery that can last for up to 15 hours. An iOS and Android compatible app allows the company to gather data relating to where urban cyclists experience the most accidents. The result? Data that can be used to argue for more cycling infrastructure and, of course, tech that saves more lives...   When the design-savvy headgear is activated, it registers movements 200 times a second and in the event of an accident, is inflated in 0.1 seconds to enclose the head and hold the cyclist's neck in place. 185,000 cyclists currently use it, with over 4,000 saying that it had made a significant difference during close calls.    In addition to all its safety features, Carling hopes that his helmet can be used to help the environment in the long run. "Cycling may be the answer to many of the challenges relating to the environment, congestion in cities and health, and we want to take cyclist protection to the next level," he says.
          
  
  Read more of this story at Slashdot.
  

• Released from Prison, Spammer Who Stole 17.5 Million Passwords Apologizes and Reforms
  An anonymous reader quotes ZDNet: Kyle Milliken, a 29-year-old Arkansas man, was released last week from a federal work camp. He served 17 months for hacking into the servers of several companies and stealing their user databases. Some of the victims included Disqus, from where he stole 17.5 million user records, Kickstarter, from where he took 5.2 million records, and Imgur, with 1.7 million records. For years, Milliken and his partners operated by using the credentials stolen from other companies to break into more lucrative accounts on other services.   If users had reused their passwords, Milliken would access their email inboxes, Facebook, Twitter, or Myspace accounts, and post spam promoting various products and services. From 2010 to 2014, Milliken and his colleagues operated a successful spam campaign using this simple scheme, making more than $1.4 million in profits, and living the high life. Authorities eventually caught up with the hacker. He was arrested in 2014, and collaborated with authorities for the next years, until last year, when it leaked that he was collaborating with authorities and was blackballed on the cybercrime underground....   In an interview with ZDNet last week, Milliken said he's planning to go back to school and then start a career in cyber-security... [H]e publicly apologized to the Kickstarter CEO on Twitter. "I've had a lot of time to reflect and see things from a different perspective," Milliken told ZDNet. "When you're hacking or have an objective to dump a database, you don't think about who's on the other end. There's a lot of talented people, a ton of work, and even more money that goes into creating a company... there's a bit of remorse for putting these people through cyber hell."  He also has a message for internet uesrs: stop reusing your passwords. And he also suggests enabling two-factor authentication.   "I honestly think that the big three email providers (Microsoft, Yahoo, Google) added this feature because of me."
          
  
  Read more of this story at Slashdot.
  

• Would Consumers Be Safer With a National Data Broker Registry?
  "A comprehensive national privacy law cannot be developed overnight..." argues the chief "data ethics officer" for Acxiom, a database marketing company, in a New York Times op-ed:  Still, people deserve to know who is collecting data about them, why it's being collected and the types of companies with which the data is being shared. They should also have assurances that companies collecting data have adequate measures in place to ensure security and confidentiality. That's why, until we have a national privacy law, we should pursue a national data broker registry to help consumers discover this information -- and learn the difference between good data actors and bad ones.   People who today use Facebook, Google, Amazon and Apple understand that these companies collect their data in an effort to improve their experience and to generate revenue by selling advertising. But there is less awareness of companies -- generally referred to as data brokers -- that collect, source and otherwise license information about consumers who are not their customers. The growing commercial use of data is outpacing the public's understanding....   Data-driven marketing helps businesses reduce wasteful ad spending and helps fund free or low-cost consumer products and services on the internet, including free search, email and social media platforms, as well as customized content. In many cases, it also funds the press and other channels of expression. Our business is underpinned by policies on comprehensive data governance, in an effort to ensure that data use is transparent, fair and just, that there are benefits for both businesses and consumers. We help marketers follow the golden rule of business -- "Know Your Customer" -- so that they can deliver a better experience. Unfortunately, the irresponsible actions of some individuals and organizations have cast a shadow over our industry. They violate consumers' privacy, profit from stolen data and commit fraud.   Increasing transparency -- initially through a data broker registry and ultimately through a robust and balanced national privacy law -- would help reduce the conflation of legitimate, regulated entities with unethical companies and criminals.
          
  
  Read more of this story at Slashdot.
  

• Ten Drones Attack Saudi Arabia's Oil and Gas Facilities
  "Saudi Arabia has cut oil and gas production following drone attacks on two major oil facilities run by state-owned company Aramco..." reports the BBC. "TV footage showed a huge blaze at Abqaiq, site of Aramco's largest oil processing plant [the world's biggest oil producer], while a second drone attack started fires in the Khurais oilfield."   The Iran-aligned Houthi movement (fighting the Western-backed military coalition supporting Yemen's government) has claimed credit for the attacks. Slashdot reader dryriver shared this report from the BBC:  Energy Minister Prince Abdulaziz bin Salman said the strikes had reduced crude oil production by 5.7m barrels a day -- about half the kingdom's output. A Yemeni Houthi rebel spokesman said it had deployed 10 drones in the attacks...   In a statement carried by the Saudi Press Agency (SPA), Prince Abdulaziz said the attacks "resulted in a temporary suspension of production at Abqaiq and Khurais plants". He said that part of the reduction would be compensated for by drawing on Aramco's oil stocks. The situation was under control at both facilities, Aramco CEO Amin Nasser said, adding that no casualties had been reported in the attacks.   The BBC also notes that Saudi Arabia produces 10% of the world's crude oil, adding that "cutting this in half could have a significant effect on the oil price come Monday when markets open."
          
  
  Read more of this story at Slashdot.
  

Engadget"Engadget RSS Feed"

• Nissan envisions car-themed esports gaming chairs
  
  Nissan's connection to gaming might extend beyond the occasional car in a racing sim. The automaker has joined with FaZe Clan and OpTic Gaming to design a trio of "esports gaming chairs" themed around (what else?) some of its more iconic cars. The GT-R Nismo is a "performance" chair with a thin carbon fiber shell, a racing seat shape, Nismo leather and an audio system built into the headset. The Armada chair echoes the SUV with extra-comfy lumbar support, posh leather and its own climate control. A Leaf chair, meanwhile, mimics the EV with "eco-friendly" materials and a USB charging port.
  
  At the moment, Nissan doesn't have plans to build the chairs. However, it's gauging "public reaction" to the seats and recently ran a Twitter poll to see which furniture people would like the most. If that's any indication of demand, the GT-R chair is the most popular concept by a long shot. If Nissan ever makes one of these models, that's likely to be the one supporting your posterior during long gaming sessions.
  This isn't a game. We've got some new concepts and they aren't cars. Share your pick of the gaming-inspired styles below. #NationalVideoGamesDay pic.twitter.com/aaNMGssmbf
  — Nissan (@NissanUSA) September 12, 2019
  Via: Autoblog
  
  Source: Nissan, Twitter
  

• AI can gauge the risk of dying from heart conditions
  
  AI's ability to predict threats to your health could soon include deadly heart conditions. Researchers at MIT's CSAIL have developed a machine learning system, RiskCardio, that can estimate the risk of death due to cardiovascular issues that block or reduce blood flow. All it needs is a 15-minute ECG reading -- from there, it gauges the danger based on the sets of consecutive beats in the sample. If the data is captured within 15 minutes of an event, RiskCardio can determine whether or not someone will die within 30 days, or even up to a year later.
  
  The approach is based on the notion that greater variability between heartbeats reflects greater risk. Scientists trained the machine learning system using historical data for patient outcomes. If a patient survived, their heartbeats were deemed relatively normal; if a patient died, their heart activity was considered risky. The ultimate risk score comes by averaging the prediction from each set of consecutive heartbeats.
  
  There's plenty of work to be done, including refining the training data to account for more ages, ethnic backgrounds and genders. It clearly needs to be accurate when mistakes could have dangerous consequences. If RiskCardio does enter service, though, it could prove vital to health care. Doctors could quickly assess a patient's health and decide on an appropriate level of treatment. CSAIL also hopes it can help understand less-than-clear scenarios by running poorly-labeled data through the system.
  
  Source: MIT CSAIL, ArXiv.org
  

• OnePlus 7T Pro may debut on October 10th
  
  You might only have to wait a few weeks more if you've been holding off for a OnePlus 7T. The historically accurate OnLeaks and Compareraja have claimed that both the OnePlus 7T and 7T Pro will be unveiled on October 10th, with availability slated for October 15th. The apparent scoop also includes specs for both, although it's clear these are incremental upgrades -- you won't be in a rush to upgrade a OnePlus 7 Pro.
  
  Both phones will reportedly tout slightly faster Snapdragon 855 Plus chips, the long-rumored 16-megapixel ultra-wide camera and a host of photography modes that includes a new macro mode. You won't see fundamental changes beyond that, according to the leak. It's not necessarily a bad thing when that still means top-tier specs in key areas, particularly the responsive 90Hz AMOLED screen. If these specs prove authentic, though, this is the definition of a "T" release from OnePlus -- an iterative upgrade meant to keep the device current, rather than court enthusiasts who replace their phones as often as possible.
  
  Source: Compareraja, OnLeaks (Twitter)
  

• 'Minecraft' now has 112 million players per month
  
  Fortnite might still have the lion's share of public attention, but that doesn't mean it's hurting the other gaming phenomenon. Microsoft's Helen Chiang told Business Insider in an interview that Minecraft now has 112 million active players every month, a surge of 20 million over figures from October 2018. This includes players across all platforms, including those who play the game as part of an Xbox Game Pass, but that's still no small achievement for a game that has been around in some form for roughly a decade.
  
  Chiang described it partly as a virtue of the creative game's evergreen status -- it's a title that people "keep coming back to." You may fire up Fortnite or other games that take the spotlight, but there's a real chance you'll return to building homes and tunnels in Minecraft after that.
  
  Other factors are likely important as well. On top of its sheer ubiquity across platforms, Minecraft's blocky graphics and simple mechanics make it easy to play on modestly-equipped devices, whether it's a budget PC or a smartphone. You can spend a modest amount on hardware and still get a quality experience.
  
  Microsoft's challenge at this point is to keep the game relevant. The augmented reality of ray-tracing and other attempts to spruce up the look. It's not clear that's enough, though. Roblox recently topped 100 million monthly players, and Fortnite may not be far off (it reported 78.3 million users in August 2018). It might not take much for other games to capture the cultural zeitgeist.
  
  Source: Business Insider
  

• Central banks to question Facebook over Libra cryptocurrency
  
  Facebook is about to undergo further scrutiny of its Libra cryptocurrency, and it may have to answer some difficult questions. Officials speaking to the Financial Times said that Libra representatives are meeting with officials from 26 central banks (including the Bank of England and the US Federal Reserve) in Basel, Switzerland on September 16th. The European Central Bank's Benoît Coeuré is expected to chair the gathering, which will question Facebook over the digital money's "scope and design."
  
  In response, Libra reiterated its earlier stance that it "welcome[s] this engagement" with politicians and regulators, and that it "deliberately" set out a long launch schedule to discuss issues and modify its plans based on feedback.
  
  The conversation might not go the way Facebook and the Libra team hope. Coeuré in particular has warned that Libra has to clear a "very high" bar, and EU finance ministers in particular have worried that cryptocurrencies like Libra could destabilize finance and undercut the authority of government banks. France and Germany have both argued that Libra should be blocked in the EU as it would challenge the "monetary sovereignty" of governments.
  
  Facebook has pitched Libra as a way to democratize money, providing banking to many first-timers and creating a format that's independent of any one country. However, it's that last part that has officials and critics worried. While Libra is a "stablecoin" that should be pegged to the value of conventional currency, it could give Facebook and the Libra Association a tremendous amount of clout if it takes off. It may not have much choice but to make concessions if it wants the currency to be widely available, and even that isn't guaranteed.
  
  Via: Reuters
  
  Source: Financial Times
  

• Verizon will launch home 5G everywhere mobile service is available
  
  Verizon (Engadget's parent company) may be rolling out 5G at a pokey pace, but at least you won't have to choose which kind of 5G you get. Consumer division chief Ronan Dunne told investors that fixed 5G Home service will "in due course" be available in every market where mobile 5G is available. It's "one network," he said -- there's little stopping Verizon from offering both. The carrier is planning a "full" launch for Home late in 2019 using the official 5G standard, so the synchronicity might begin relatively quickly.
  
  The initial service ran on an in-house approach to 5G and offers typical speeds of 300Mbps. It won't compete with gigabit fiber, but it's faster than many landline connections and, if you get an indoor antenna, let you set up yourself.
  
  The main catch, as always, is the slow pace of 5G deployment. Verizon's current 5G is available in parts of just 10 cities, and it can only roll out so quickly when the ultra-wideband technology requires an extensive number of cell sites to provide solid coverage. That reach should extend to 30 cities before 2019 is over, but that still means it could be a long while before 5G Home comes to your neighborhood. Still, that beats having to deal with the limited coverage of FiOS and other wired high-speed services.
  
  Via: Ars Technica
  
  Source: Verizon
  

• Initial Creative Emmy winners include Apple, Netflix and NASA
  
  The Creative Arts Emmy awards are only half-finished, but it's already clear that streaming services are thriving -- including a few you might not expect. Netflix came home with the most statuettes on the first night of the awards, receiving a total of 15 compared to 'just' eight for next-closest rival National Geographic. Four of those went to Queer Eye for Outstanding Structured Reality Program as well as specific reality show awards for casting and directing. The animated anthology Crew Dragon demo launch earned it an Outstanding Interactive Program award.
  
  The Creative Arts Emmys will wrap up with a second presentation on the evening of September 15th, and While these victories aren't particularly reflective of who will win at the main Emmy awards show on September 22nd, they do bode well for streaming services and technology as a whole. They're not necessarily dominant, but they're too large for the conventional TV industry to ignore.
  
  Via: Deadline, Variety
  
  Source: Emmys (PDF)
  

• New York state bans sales of flavored e-cigarettes
  
  New York isn't waiting for the federal government to take action on teen vaping. Governor Andrew Cuomo has announced an "emergency executive action" that will ban sales of flavored e-cigarettes. The move will see the state Department of Health's Commissioner hold an urgent meeting with the Public Health and Health Planning Council to implement the ban. E-cig makers and stores are "intentionally and recklessly" trying to court a younger audience, Cuomo claimed, and this would theoretically put a stop to the behavior.
  
  The state is simultaneously stepping up enforcement against retailers who sell to underage buyers, including undercover investigations that will have underage volunteers trying to buy e-cigs. He's also moving forward legislation that aims to ban "deceptive marketing" of e-cigs to teens and kids. The moves come on top of previous crackdowns, including the passing of a law raising the minimum buying age from 18 to 21 (due to take effect November 13th), an investigation into vaping companies and an executive order mandating awareness programs for schools.
  
  Cuomo pointed to Department of Health data showing steep climbs in e-cig use among teens. About 27 percent of high schoolers were using e-cigarettes, or 160 percent more than they were in 2014, according to officials. The governor also referenced a 2017 survey showing that 19 percent of state teens tried e-cigs due to flavors, with 27 percent citing flavor as a reason to keep smoking. He went on to accuse companies of falsely claiming e-cigs are safe, noting that early studies suggested they could lead to cardiovascular and respiratory problems.
  
  It's not certain if other states will follow suit, but this is still a significant blow to e-cig producers. They've taken efforts to curb teen vaping, such as Juul's stricter screening, but that clearly isn't enough in New York's eyes. They'll have no choice but to sell 'plain' e-cigs in one of the most populous states in the country, and they risk further legal action if New York feels their sales tactics are still too inviting to teens. The tide appears to be turning against the e-cig industry, and it might not have much choice but to honor ever-tougher restrictions.
  
  Via: Andrew Cuomo (Twitter)
  
  Source: New York State
  

• After Math: Shut it down, shut it all down
  
  While Moviepass shocked the internet with news on Friday that it would be shuttering its subscription-based service effective immediately, a number of tech companies were putting down kiboshes of their own. Facebook had to take down a Netanyahu chatbot over hate speech, Google got dinged a billion bucks by the EU, and Ford sold off the subscription service you didn't know it had. It's been a week of legal and regulatory smackdowns and we've got the headlines to prove it.
  
  
  Google to pay $1.1 billion in France following tax probe
  Good lord, even the Lannisters paid their debts more quickly than Google does. The internet behemoth was laid low this week after a French court concluded that yes, its does have to pay the billion-plus dollars it owes the European nation.
  
  
  Hulu drops support for Google's Daydream VR platform
  Oh Google Daydream VR, we hardly knew ye. And now we will know you even less as Hulu announced this week that it will be dropping support for the little-used platform. Daydream isn't dead yet but it sure seems to be going the way of 3D TV.
  
  
  Kickstarter accused of union-busting after firing two employees
  Kickstarter thought it could quietly kill off any talk of unionization when it fired two organizing staff members in recent weeks. Kickstarter was wrong. Now it finds itself in the center of a legal and PR firestorm that won't be going away any time soon.
  
  
  Facebook suspended Israeli PM's campaign chatbot for hate speech
  In the proud tradition of nascent technology advances immediately being used to spread racism and xenophobia (hi, Tay!) Facebook was forced to flip the switch on a chatbot associated with Israeli Prime Minister Benjamin Netanyahu's reelection campaign after it started spouting anti-Arab slogans at online users.
  
  
  Ford sells off its monthly car subscription service
  For the past couple of years, Ford has quietly offered customers in San Francisco, LA and Dallas access to its Canvas app-based car subscription scheme. However the car company announced this week that it will be selling its Canvas IP (and all 100 of the startup's employees) to Santa Monica's Fair, a similar startup which partners with Uber.
  
  
  

• The best USB-C hubs and docks
  
  By Nick Guy
  
  This post was done in partnership with Wirecutter. When readers choose to buy Wirecutter's independently chosen editorial picks, Wirecutter and Engadget may earn affiliate commission. Read the full guide to USB-C Hubs and Docks.
  
  After spending 20 hours testing 22 USB-C hubs and five USB-C docks, we think Vava's VA-UC006 USB-C Hub is the best option for connecting older peripherals and external storage devices to a new laptop or MacBook. It has an ideal range of ports that all transfer data at full speed, it's sturdily built, it's small and light enough to throw in a bag, and it's reasonably priced.
  
  With three USB-A ports plus HDMI (with 4K support), Ethernet, SD, microSD, and power passthrough, the Vava VA-UC006 offers the connectors most people need most of the time. It's powerful enough to leave at your desk full-time as a docking station but small enough to slip in your laptop bag and use on the go. The only downside is that the Ethernet port hinges open, a design that saves space but is more likely to break than a standard Ethernet port.
  
  HooToo's USB-C Hub HT-UC001 offers similar performance to the Vava for about two-thirds the price, but it lacks a microSD card reader and an Ethernet port. We think the Vava's more versatile port selection and slightly smaller size are worth paying for, but the HooToo is a good option if you need something less expensive.
  
  If you just need more USB 3.0 ports for flash drives, keyboards, mice, and other low-power accessories, Aukey's USB C to 4-Port USB 3.1 Gen 1 Hub (CB-C64) is the best option we tested, and the least expensive. It's a straightforward plastic adapter with four full-speed USB 3.0 ports. But its lack of passthrough power makes it a poor choice if your computer has only one or two USB-C ports, as the MacBook does.
  
  If you need only an Ethernet connection, we like the Cable Matters USB Type-C to Gigabit Ethernet Adapter. It delivers full Gigabit speed, it comes from a reputable company, and it's inexpensive. It did get warm when we used it, which is to be expected with USB-C Ethernet adapters, but it reached the same temperature as a more expensive model we tested.
  
  Docks are larger and usually equipped with more ports than hubs, and they can provide power on their own, making them a better fit if you're looking for something to set on your desk permanently. Among the five USB-C docks we tested, Dell's D6000 Universal Dock is the best, with four USB-A ports, a USB-C port, HDMI and two DisplayPort video ports, Gigabit Ethernet, and a 3.5 mm audio connector. It worked equally well with a PC and a Mac in our testing. It also delivers 65 watts—the most charging power of any dock we measured—and it's the least expensive dock option (though it's still more than twice as expensive as the Vava hub).
  Our picks' ports compared
  Name
  
  USB ports
  
  Video ports
  
  Card reader
  
  Ethernet
  
  Audio
  
  Charging
  
  Vava VA-UC006
  
  USB-A (three), USB-C (one, charge only)
  
  HDMI (one)
  
  SD, microSD
  
  Gigabit
  
  -
  
  Yes (requires laptop's charger)
  
  HooToo HT-UC001
  
  USB-A (three)
  
  HDMI (one)
  
  SD
  
  Gigabit
  
  -
  
  Yes (requires laptop's charger)
  
  Aukey CB-C64
  
  USB-A (four)
  
  -
  
  -
  
  -
  
  -
  
  -
  
  Dell D6000
  
  USB-A (four), USB-C (one)
  
  HDMI (one), DisplayPort (two)
  
  -
  
  Gigabit
  
  3.5 mm in/out (one), 3.5 mm out (one)
  
  Yes (charger included)
  
  Cable Matters USB Type-C to Gigabit Ethernet Adapter
  
  -
  
  -
  
  -
  
  Gigabit
  
  -
  
  -
  Why you should trust me
  I was the accessories editor at iLounge for a little more than three years and have been covering accessories at Wirecutter for a little longer than that. During that time, I've reviewed more than 1,000 iOS and Mac products, including numerous docking stations. I've also been responsible for most of Wirecutter's USB-C coverage from the start, researching and testing everything from chargers to adapters to cables.
  Who this is for
  USB-C hubs and docks let you hook your old stuff up to your new stuff. If you have a new, USB-C–based computer—whether it includes a USB-C port among its other ports or, like Apple's MacBook models or the newest Dell XPS 13, it has nothing but USB-C ports—and you still need to connect flash drives, printers, Ethernet, a display, or any other accessories you already own, a USB-C hub or dock will let you hook up multiple peripherals to a single USB-C port at once. Some models are ideal for tossing in your bag, while others are better for leaving plugged into everything at your desk.
  
  If you're looking for a more-powerful desktop docking option and your computer's USB-C ports also support Thunderbolt 3, you might consider a Thunderbolt 3 dock, which can connect to more monitors and transfer data faster. If you're just looking for a way to get more USB-C ports, well, unfortunately you're out of luck; we have yet to find any USB-C hubs that add extra USB-C ports.
  How we picked and tested
  The terms hub and dock are often used interchangeably and don't have exact definitions. For this guide, we treated anything designed to be portable as a hub; some hubs can pass power to a laptop when connected to a charger, but they don't come with one. Docks are designed to sit on a desk, equipped with their own power bricks, and capable of charging your laptop without your needing to provide a separate charger.
  
  We researched and tested hubs with a number of different port layouts, ranging from models with just USB-A ports to those including USB-A plus power passthrough, video output, Ethernet connectors, and SD card slots.
  
  For docks, we limited our search to units that were compatible with both PCs and Macs, cost less than $200, had at least four USB-A ports and a USB-C output port, and could power a computer and peripherals.
  
  We tested each hub and dock with both a MacBook Pro (13-inch, 2016, Four Thunderbolt 3 Ports) and the early-2018 USB-C–only version of the Dell XPS 13. We also tested our picks on a 2018 iPad Pro, though many of our tests don't actually work with iOS. Our tests included the following:
  USB-A: We ran AJA System Test speed tests using Samsung's Portable SSD T3. To measure how fast each hub could charge other devices, we connected a 10.5-inch iPad Pro and read the power draw with PortaPow's USB Power Monitor. HDMI: We connected each of the docks via HDMI to a Dell Ultra HD 4K Monitor P2715Q with the resolution set to 4K. Mac computers support only a 30 Hz refresh rate at 4K resolution, but the Dell XPS 13 pushes out a full 60 Hz. Ethernet: We verified the connection speed in Network Utility on a Mac, which displays the link speed. Heat: Because hubs and adapters can get quite hot during use—especially, in our experience, when using Ethernet—we also measured the temperatures of our picks with an infrared thermometer after 15 minutes of continuous data and Ethernet use to make sure they weren't dangerously hot. As a Satechi representative explained to us, "All the bandwidth that goes to Ethernet, HDMI, USB and SD card ports requires energy consumption and that's transferred to heat. Operating temperatures between 86-122 degrees Fahrenheit ... are normal." SD card: We ran AJA System Test on a 64 GB SanDisk Extreme Pro. microSD card: We ran the same test as above using the Samsung Evo Select 64 GB. Power passthrough: macOS reports the incoming power in its System Report. We used the MacBook Pro's 61 W charger and the included USB-C cable, and we recorded what the computer was reporting.The best USB-C hub: Vava VA-UC006 USB-C Hub
  Photo: Michael Hession
  Vava's VA-UC006 USB-C Hub is the best way to add the widest array and greatest number of ports to your USB-C–based computer in a highly portable and durable package. It has all the right connections—three USB-A ports, USB-C power passthrough, Gigabit Ethernet, HDMI, and microSD and SD card slots—to be handy on the go, or even to act as a semipermanent desk accessory. Nothing else comes close to offering the same combination of performance, design, and price.
  
  The aluminum hub measures 4 inches long, 2 inches wide—similar in size to an old iPod nano���and less than half an inch at its thickest point. Its 6-inch USB-C cable is long enough that you should be able to position it as needed, and the cable itself feels sturdy but not so stiff that it'll be hard to keep it where you want it. At less than 2.5 ounces, the hub is easy to pack and doesn't weigh you down.
  
  There are some ports all hubs need to have, and some that are nice but not necessary; the Vava hub has all of the above. You get three USB 3.0 Type-A ports, and in our testing each of them passed data to a portable SSD at average read speeds of 414 MB/s and write speeds of 366 MB/s (these figures were consistent across almost all of the hubs and docks we tested). Next to that line of ports is an HDMI port that in our testing pushed out 4K video at 60 Hz from the XPS 13 as expected. The Mac was limited to 30 Hz because getting 60 Hz, 4K video out of a Mac requires a precise setup; the iPad Pro was also limited to a 30 Hz refresh rate.
  
  The Vava hub's microSD and SD card slots. Photo: Michael Hession
  The Vava also has SD and microSD card slots on the opposite edge for photo transfers. The full-size SD card slot averaged 87 MB/s read and 76 MB/s write in our tests. Those speeds are a little slower than what our standalone USB-C SD card reader pick produced, but not by much, and they're as fast as the results from the slot on any other hub we tested. The microSD card speeds were slower at 86 MB/s read and 58 MB/s write, but again, with those speeds the Vava matched or beat the competition.
  
  Finally, the Vava has a USB-C port for power passthrough and a Gigabit Ethernet port. Our 13-inch MacBook Pro reported receiving 49 watts when we connected Apple's 61 W charger to the hub. That figure is lower than with some of the competition, but still fast enough to charge your 13-inch computer at a reasonable speed (15-inch machines will still charge but at a slower rate). The Ethernet port is the most clever element of the whole hub: Rather than increasing the thickness of the entire device to accommodate an Ethernet plug, the Vava design uses a flip-open door to expand the full port as needed.
  
  Flaws but not dealbreakers
  
  That clever Ethernet port is one of the Vava hub's few potential flaws. Because it's a moving part, there's a chance it could break. We didn't see anything in our short-term tests to suggest it would, but no other hub or dock we tested had a comparable potential point of failure.
  
  The Vava's three USB-A ports are tightly arranged side by side, so you likely won't be able to connect three flash drives or thicker plugs at a time.
  
  Vava promises up to a 100-watt passthrough charge rate, but in our tests the hub limited the power coming from our 61 W power adapter to 49 watts.
  
  Like many USB-C hubs we've tested, the Vava gets hot during use. We measured it at 110 °F after 15 minutes with the USB-C power cable and an Ethernet cord plugged in. That's hot enough to be noticeable when you touch it, but not so much that it's dangerous—as we noted above, that's within the normal operating temperature for this kind of accessory.
  Cheaper but fewer ports: HooToo USB C Hub HT-UC001
  Photo: Nick Guy
  HooToo's USB C Hub HT-UC001 isn't quite as full-featured or compact as Vava's hub, but it offers many of the same ports for about two-thirds of the price. Providing three USB-A ports, HDMI output, USB-C power passthrough, and a full-size SD card slot, it's a good option if you want to be able to use wired accessories and hook up to an external display but aren't concerned about using a wired network connection.
  
  The HooToo hub's USB-C power passthrough port is on one side, the three USB Type-A ports and SD card reader are on the other, and the HDMI port is on the end. Photo: Nick Guy
  In our tests, all the ports worked as expected. USB read and write speeds were comparable to those of every other hub we tested. We also recorded a 60 Hz refresh rate at 4K resolution from the Dell XPS 13, and the MacBook Pro reported a power draw of 55 W (a little higher than, but similar to, the Vava's result). A 100-watt version of the hub is also available—it's still cheaper than the Vava, but you need that much power only if you have a larger laptop like the 15-inch MacBook Pro.
  
  The HooToo hub works well, has all the ports most people will need, and feels almost as nice as the Vava hub. The aluminum and plastic rectangle is about 0.3 inch longer than the Vava hub, but about the same width and thickness. The HooToo's cable is also a bit thicker than the Vava's, so this hub is less likely to stay where you want it to. If you're willing to accept these compromises and don't need the Vava hub's extra features, the HooToo hub is a good choice, but we think the Vava hub's versatility and size make it worth the extra money.
  A cheap way to add more USB-A ports: Aukey CB-C64
  Photo: Michael Hession
  Aukey's USB C to 4-Port USB 3.1 Gen 1 Hub (CB-C64) is the best choice for adding a handful of USB 3.0 ports to your USB-C computer, and it's cheap. Equipped with four USB-A ports, the hub will let you connect any combination of a keyboard, mouse, printer, flash drive, or another low-power-draw device such as a webcam, gamepad, or portable hard drive. (Aukey says that "for best performance, the power demand of connected devices shouldn't exceed the total USB output of 5V 0.9A.") In our tests, all of the ports transferred data as quickly as anything else we tried. The 3.9-by-1.3-inch black plastic rectangle is less than half an inch thick and weighs a little over an ounce. You can throw it in a bag without even noticing it's there.
  The best USB-C–to–Ethernet adapter: Cable Matters USB Type-C to Gigabit Ethernet Adapter
  Photo: Michael Hession
  We think most people will be better off with a hub that provides an array of ports, but if you need only an Ethernet connection, we recommend the Cable Matters USB Type-C to Gigabit Ethernet Adapter. This simple plastic adapter works as expected, delivering full Gigabit speed, and it comes from a company we know and trust. As a bonus, it's inexpensive. USB-C Ethernet adapters are known to get hot; this one reached only about 100 °F after 15 minutes of use, the same as a more expensive metal-bodied model from Anker. That does feel warm to the touch, but not uncomfortably hot, and it's expected behavior.
  The best USB-C dock: Dell D6000 Universal Dock
  Photo: Michael Hession
  Most people are best served by a portable hub because hubs are more affordable and do many of the same tasks as docks. But if you're looking for a stationary option (for example, if you like to hook your laptop up to a display and accessories at your desk) that doesn't require an additional laptop charger, we suggest Dell's D6000 Universal Dock. (If your PC or Mac supports Thunderbolt 3 and you plan to connect your computer to high-speed external hard drives or multiple high-resolution displays, a Thunderbolt 3 dock is a better choice than a USB-C dock.)
  
  Compared with a portable hub, the D6000 offers more video-output options (one HDMI port and two DisplayPorts), more USB ports (four USB-A, one USB-C), 3.5 mm audio-in and -out jacks, and charging, all over a single USB-C cable. (It comes with its own power adapter, so you can keep the charger that came with your laptop in your travel bag.) It's less expensive than other docks we tested and works reliably with both Macs and PCs—although the DisplayPort ports won't work with Macs because of a recent software limitation—and it provides more power to a laptop than similarly priced options (65 watts, versus 39 watts from other models).
  
  The rear of the D6000, including its video, Ethernet, USB-A, and 3.5 mm audio ports. Photo: Michael Hession
  The D6000 is a utilitarian 6.5-by-3-inch black plastic rectangle with a rubber antislip base. Its permanently connected, 3-foot USB-C cable comes out the left side, and a USB-A 3.0 adapter on the cord lets you connect to an older computer. From left to right along the front, you'll find a combined audio-in and -out jack, two USB 3.0 ports, and a USB-C port that you can use for data or to provide up to 12 W of power to a device. Flip the dock around to the back, and you see an HDMI port, two DisplayPort outputs, Gigabit Ethernet, another pair of USB-A ports, and a 3.5 mm audio-out jack.
  
  All of the Dell dock's data ports transferred data at rates comparable to what we saw from every other dock and hub we tested. We measured full 4K, 60 Hz videos from the DisplayPort connectors using the Dell dock, although that dropped to a 1080p resolution over HDMI. DisplayPort doesn't work at all with Macs running up-to-date software because the dock uses DisplayLink, software that was broken by the macOS 10.13.4 update and remains broken in the current version of macOS; the ports didn't work with our iPad Pro, either. The HDMI port put out 4K video at 30 Hz when connected to a Mac and an iPad Pro, as expected.
  
  Look at the size of that power brick! Photo: Michael Hession
  One thing to keep in mind with this dock is the huge power brick: It's almost exactly the same size as the dock itself. But because the dock is meant to stay on a desk rather than tossed in a bag, this isn't a dealbreaker. The cable running from the charger to the dock is about 6 feet long, so you should be able to position the power brick in a convenient place without it getting in the way.
  The competition
  USB-C hubs
  
  HooToo's HT-UC009 USB-C Hub and Vava's VA-UC010 USB-C Hub are identical hubs from brands with the same parent company. Their design is a little larger than that of the Vava VA-UC006, though, and of their three USB-A ports, only two support USB 3.0 speeds, with the last limited to 2.0 rates.
  
  Twelve South's StayGo comes with both a short USB-C cable (which you can store inside the unit) and a longer cable; the combination allows you to easily use the hub at your desk or on the go. Unfortunately, at 2.4 inches wide and 5 inches long, this model is larger than most of the hubs we've seen, and in our testing we didn't measure a proper 30 Hz refresh rate from it at even 1080p resolution, let alone 60 Hz at 4K. This model also about twice the price of the Vava VA-UC006.
  
  Vava's VA-UC008 USB-C Hub is much larger than our main pick, and one of its USB-A ports supports only 2.0 speeds.
  
  Kingston's Nucleum is one of the few USB-C hubs to feature a USB-C data port in addition to one for power. But it lacks an Ethernet connection, and it's more expensive than our main pick right now. This hub is also about an inch longer. If you value that extra USB-C port and don't need Ethernet, consider it.
  
  Satechi's Aluminum Multi-Port Adapter V2 has identical ports and performance to our Vava pick, but is larger and more expensive. However, it has a regular Ethernet port that is less fragile than the Vava's fold-up port. In our tests it stayed cooler than the Vava hub at 96 °F. We don't think that's worth paying more for, but the Satechi dock is a decent backup option if it goes on sale or if our top pick is unavailable.
  
  Dodocool's 8-in-1 Multifunction USB-C Hub worked just as well as our pick, with the exact same selection of ports. But it's bigger and feels cheaper, and we didn't like the port layout as much. We think spending a few dollars more on our pick is worth it for a more compact metal design and a better layout.
  
  Aukey's CB-C55 Multiport USB-C Adapter and Anker's Premium USB-C Mini-Dock each have one fewer USB-A port than our pick, at a similar or higher price. Additionally, the Aukey hub had the slowest SD and microSD read and write speeds we tested by a wide margin, and the Anker lacks a microSD slot.
  
  Sanho's HyperDrive USB-C Hub and Satechi's Slim Aluminum Type-C Multi-Port Adapter are identical units with identical performance. Both have only two USB-A ports and cost more than our pick, but we like the streamlined design.
  
  Vava's VA-UC003 USB Type-C Hub plugs directly into a computer's USB-C port rather than using a cable; this means it can block surrounding ports. And it has only two USB-A ports itself.
  
  The Lenovo C107 USB-C Hub (a licensed product not actually made or supported by Lenovo itself) worked fine in our tests, with speed and power results in line with those of the rest of the hubs we tested. But many customers have complained about performance, and no clear path to customer support is available if you have an issue.
  
  USB-A hubs
  
  The AmazonBasics USB 3.1 Type-C to 4 Port USB Hub and the Monoprice SuperSpeed 4-Port USB-C Hub work just as well as our pick but are larger.
  
  Monoprice's Select Series USB-C to 4x USB-A 3.0 Adapter was also just as fast in our tests, but its layout prevents two flash drives from being connected in adjacent ports.
  
  In owner reviews of Anker's USB-C to 4-Port USB 3.0 Hub, we saw too many complaints about Wi-Fi interference for us to recommend it, although we didn't see this problem in our testing.
  
  Other hubs
  
  After testing USB-A/Ethernet hubs, including Anker's Premium USB-C Hub with Ethernet and Power Delivery and Monoprice's Select Series USB-C to 3x USB-A 3.0, Gigabit Ethernet, and USB-C (F) Adapter, we decided that their value and usefulness weren't good enough for us to recommend any of them over similarly priced hubs with more types of ports. Dodocool's USB-C 3.1 to 3-Port USB 3.0 Hub with Gigabit Ethernet Adapter and Power Delivery was the least expensive model in this category, but it offered the lowest power draw from its ports, and the Ethernet connector simply didn't work on our Mac, although it did on our Dell.
  
  We applied the same reasoning to hubs that had only USB-A ports and power passthrough, such as Dodocool's USB-C to 4-Port USB 3.0 Hub with PD or Monoprice's Select Series USB-C to 4x USB-A 3.0 and USB-C (F) Adapter.
  
  USB-C docks
  
  Plugable's USB-C Triple Display Docking Station worked well in our tests. Compared with our picks, however, it's more expensive, with identical data performance and a lower power output of 39 watts.
  
  The inputs and outputs on the HP Elite USB-C Docking Station simply didn't work with our MacBook Pro. No video, no data, nothing. It did work with our Dell XPS 13, but even so only one of the four USB-A ports is 3.0 speed; the rest are all 2.0.
  
  OWC says not to use its USB-C Dock (Mini DisplayPort) or USB-C Dock (HDMI) with 2017 or later Macs. That restriction, combined with the fact that neither version was able to deliver video from our Dell XPS 13 to our monitor, means you really shouldn't pick either one.
  
  We decided not to test Henge Docks's Stone, Belkin's USB-C 3.1 Express Dock HD, and StarTech's MST30C2DPPD USB-C Dock, DK30CHDDPPD Dual Monitor USB-C Dock, DKWG30DPHPD Wireless USB-C Docking Station, MST30C2HDPPD Dual Monitor USB-C Dock, and DK30CH2DPPD USB-C Triple Monitor Dock due to their high prices at the time we were researching this guide. We also declined to test Plugable's UD-CA1A USB-C Docking Station, CalDigit's USB-C Dock, Kensington's SD4600P USB-C Docking Station, Kensington's SD4500 USB-C Docking Station, and Dell's WD15 Monitor Dock based on factors including their port selection and power output.
  
  This guide may have been updated by Wirecutter. To see the current recommendation, please go here.
  
  When readers choose to buy Wirecutter's independently chosen editorial picks, Wirecutter and Engadget may earn affiliate commissions.
  

• 'Gears 5' will add new modes and maps in its first six months
  
  Now that outlined what you can expect in the first six months, and there shouldn't be a shortage of new material. The initial season ("Operation" in Gears speak) is starting off modestly with weekly Escape Hives and Supply Drop additions, but things will ramp up over the course of October with weekly Special Events and new characters. The spicier content, however, may wait until Operation 2's arrival in December.
  
  The winter season, like others, will kick off with a "major" update that can include new competitive multiplayer modes, maps, features, characters, Escape Hives and Map Builder tiles. There may be "more," the developers added. You can also assume there will be Tours of Duty that let you accrue cosmetics through achievements.
  
  These kinds of drip-feed releases aren't new to gaming, but they do show how things have changed even GamesRadar
  
  Source: Gears 5
  

• Hulu's 'Castle Rock' season 2 teaser shows the origins of 'Misery'
  
  Hulu is at last ready to offer a glimpse at teaser for the Stephen King-based anthology focuses on the arrival of a younger version of Misery villain Annie Wilkes (Lizzy Caplan) in Castle Rock as she's "budding" into a full-fledged psychopath. The clip makes clear that Wilkes is acting partly out of a warped sense of duty to her daughter -- not that others (including her daughter) believe her.
  
  The 10-episode season premieres October 23rd and will also feature stars like Tim Robbins (playing a character from The Sun King), Paul Sparks and Yusra Warsama. It's too soon to say if this will live up to the bar set by the first season, but it's clear that there are plenty of stories left to tell in this fictional universe -- this could continue so long as there's interest in King's novels.
  
  
  Via: io9
  
  Source: Hulu (YouTube)
  

• YouTube is shutting down its TV-friendly web interface
  
  If you tend to watch YouTube using the Leanback interface on a home theater PC, you might have to scrounge for an alternative. YouTube is warning visitors to the Leanback web portal that this version "will be going away soon." This won't preclude you from watching YouTube, of course, but you'll have to turn to another device f you want an interface that's easier to navigate from across the living room.
  
  We've asked YouTube for comment.
  
  It's not clear at this stage why YouTube might pull the web app. Android Police speculated that this could be an attempt to discourage device makers from circumventing its app through a browser. However, it could also just be a matter of shifting company resources as the web version becomes less and less necessary. Many people now have access to smart TVs, consoles and media hubs with a largely identical interface. In those cases, the web version is redundant. This could help YouTube pour more effort into native apps.
  
  Via: Android Police
  
  Source: YouTube
  

• SIM-based attack has been used to spy on people for two years
  
  In a few cases,your SIM card may pose more of a security risk than your phone's software. AdaptiveMobile Security researchers say they've discovered a new vulnerability, nicknamed Simjacker, that's being used to surveil people's devices by an unnamed surveillance company. The technique sends SMS messages containing instructions for an old S@T Browser app supported on some carriers' SIM cards. Where S@T was originally intended to launch browsers, play sounds or otherwise trigger common actions on phones, Simjacker uses it to obtain location info and IMEI numbers that are later sent to an "accomplice device" (again using SMS) that records the data.
  
  Crucially, the approach is silent. While it does use SMS, you won't get notifications. An intruder can obtain frequent updates without giving away their activity. The exploit is also device-agnostic, and has been used against iPhones, numerous brands of Android phones and some SIM-equipped Internet of Things devices.
  
  And it's not just a theoretical exercise. The surveillance company has reportedly been using Simjacker in 30-plus countries (mainly in the Middle East, North Africa, Asia and eastern Europe) for a minimum of two years. While most targets were 'only' checked a few times per day over long stretches of time, a handful of people were targeted hundreds of times over the space of a week -- 250 in the case of the most prominent target. It's not believed to be a mass surveillance campaign, but AdaptiveMobile also hasn't said whether this was being used for tracking criminals or more nefarious purposes, like spying on political dissidents. The company is mounting a "highly sophisticated" operation, AdaptiveMobile said.
  
  It should be possible for networks to thwart these attacks. Simjacker is sending code rather than everyday text, so it should be feasible to block the code. It may be difficult to coordinate that response, though, when the affected countries have a total population of a billion. And while you're not likely to be targeted by this particular organization, there's nothing precluding a similarly capable attacker from launching a wider campaign. It may be a long while before you can assume your SIM isn't a potential weakness.
  
  Via: ZDNet, TechRadar
  
  Source: AdaptiveMobile Security, (PDF)
  

• Discord is pulling its subscription service's free games library
  
  Discord's Nitro subscription service stepped into Steam territory last year when it gave subscribers access to a curated library of games. It only ever offered a fraction of the titles Steam has -- it launched with just over 60, including decided remove its Nitro Games catalogue on October 15th.
  
  In a blog post announcing the change, the company explained that it has to revisit the games' annual contracts next month since the gaming library rolled out in October 2018. "Through your valuable feedback, it became clear that while we and some of you love these games, the truth is the vast majority of Nitro subscribers didn't play them," part of the post reads. As a result, the company chose not to renew the contracts and to stop offering the free games next month.
  
  Not a lot of people would miss the catalogue based on Discord's statement, but those who will can ask for a refund by contacting its billing department. The company will retain its $10-a-month plan even without the gaming library promising more features to make up for it. In fact, it has just doubled subscribers' upload size to 100MB and reduced the number of boosts needed to reach Level 3 from 50 to 20.
  
  Via: Polygon
  
  Source: Discord
  

• Deluge of Pixel 4 photos confirms a few of the phone's key specs
  
  If you thought the torrent of detailed Pixel 4 leaks was over, you have another thing coming. Vietnamese phone shop D Store Mobile has sent nearly two dozen photos of a pre-release Pixel 4 XL to The Verge that appear to confirm some of its previously rumored specs. Notably, the main rear camera will snap shots with a brighter f/1.73 aperture (versus f/1.8 on the Pixel 3). The telephoto camera's specs aren't available, but you can safely presume there will be improvements to low-light photos and some close-ups.
  
  Curiously, the camera app will apparently default to capturing 16:9 photos to fill the screen, rather than 4:3 photos to make the most of the sensor.
  
  Other specs in the photos show expected but welcome performance upgrades. The speedy 90Hz OLED screen remains the highlight, but you'll also get a Snapdragon 855 processor with 6GB of RAM, a 3,700mAh battery (on the XL) and 128GB of UFS storage on at least one model. It won't beat ASUS' ROG Phone II in terms of raw power, then. Google instead seems focused on its touch-free gestures and its usual AI wizardry to reel you in.
  
  Source: The Verge
  

• Microsoft's Surface Laptop 3 may come in a 15-inch model
  
  To date, you've had to buy a Surface Book 2 if you've wanted a Microsoft-made laptop larger than 13.5-inches. Soon, though, you might not have to spend quite so much to get a large surface. The historically accurate WinFuture claims that Microsoft will unveil a 15-inch flavor of the next Surface Laptop (presumably the Surface Laptop 3) at its October 2nd event. Most details aren't available at this stage, but Microsoft reportedly intends to preserve the taller-than-usual 3:2 screen aspect ratio like it did for the larger Surface Book.
  
  There may be more shakeups at the media gathering. The Verge expects an AMD-powered Surface Laptop 3 (the first AMD-based Surface of any kind) at the event, although it's not certain if the new chip option would be available in the 15-inch system, the 13.5-inch variant or both.
  
  The October 2nd presentation could have a wide variety of devices on tap, including an updatedSurface Pro, a Qualcomm Snapdragon-based system and a teaser for a dual-screen Surface. It wouldn't represent a radical departure for Microsoft (outside of the teaser), but it would diversify a lineup that's still quite small.
  
  Via: The Verge
  
  Source: WinFuture (translated)
  

• Mercedes' latest high-tech concept car is a throwback to 1901
  
  Many of Mercedes' concept cars are focused squarely on the future, but its newest example goes back in time even as it aims to go forward. The automaker has unveiled a Vision Mercedes Simplex concept car that hearkens back to the 1901 Mercedes 35 PS, billed as the "first modern car," while relying heavily on modern technology. The absence of a gas engine (the powerplant is described only as an "alternative drive") is really the least surprising thing here -- it's the cabin and nose that are the real standouts.
  
  The grille has been replaced by a "3D display" that both displays the vintage Mercedes logo an, more importantly, displays the car's status at a glance. The cockpit, meanwhile, sticks to the minimalist look of very early cars through projections that display context-sensitive info like speed and navigation. You could focus your attention on driving your retro ride instead of processing a sea of information. Porsche, take note.
  
  You're unlikely to see a production version of the Simplex. It doesn't even have a windshield or a rated power output, let alone the equipment needed to pass modern safety standards. This is more an illustration of how Mercedes could recall its roots without giving up present-day creature comforts. Don't be surprised if you see the projections and other elements find their way into road-going cars, even if it's in a limited form.
  
  
  Source: Daimler
  

• Recommended Reading: The redesigned WWE Network
  
  WWE Network 2.0: How WWE rebuilt its streaming service after a split with Disney
  Chris Welch,
  The Verge
  
  After a flashy reveal at CES a few years ago, the WWE Network is by all accounts a success, amassing well over a million subscribers by early 2019. Disney threw a wrench in the plans when it bought BAMTech, the company that had successfully constructed streaming services for the likes of Major League Baseball and HBO Now. It was also what WWE relied on for its 24/7 buffet of choke slams and live events. WWE saw the writing on the wall, and rebuilt its streaming library from the ground up.
  
  Apple wanted to improve songwriter pay to $0.00091 per stream. Spotify and Google weren't keen.
  Tim Ingham,
  Music Business Worldwide
  
  The debate over music streaming royalties continues, and as it does, we learn more about where all sides stand.
  
  Who's country
  Rob Rushin
  The Bitter Southerner
  
  Ken Burns' next documentary is all about country music. The Bitter Southerner has a preview with both him and the super talented Rhiannon Giddens.
  
  The big show never ends: How Dan and Keith's 'SportsCenter' changed TV forever
  Bryan Curtis
  The Ringer
  
  As ESPN celebrates its 40th anniversary, The Ringer takes a look at the legacy of its flagship show for highlights and commentary.
  

• Hitting the Books: 'Dirty bomb' fears spawned America's nuclear spy force
  
  Welcome to Hitting the Books. With less than one in five Americans reading just for fun these days, we've done the hard work for you by scouring the internet for the most interesting, thought provoking books on science and technology we can find and delivering an easily digestible nugget of their stories.
  The Bastard Brigade: The True Story of the Renegade Scientists and Spies Who Sabotaged the Nazi Atomic Bomb
  by Sam Kean
  
  World War II could have ended disastrously for the Allies had the Axis powers managed a breakthrough in fission technology before they did. With every nation subjugated by the Nazi war machine, the fascist invaders gained more resources, more production facilities and more technological prowess thanks to their conscription of Europe's leading nuclear researchers.
  
  But their efforts did not go unopposed. From saboteur scientists working for the Resistance to a ramshackle array of US and Allied military officers, an ex-MLB catcher-turned-spy -- heck, there are even a couple of Kennedy's in there -- Bastard Brigade tells the harrowing tale of our fight to keep The Bomb out of Hitler's hands.
  
  In the excerpt below, author Sam Kean revisits the desperate days of late 1943. The Nazi propaganda was relentless and researchers with the Manhattan Project were in a state of panic, convinced that Hitler had a nuclear-tipped V-3 ready with America's name on it. Paranoia grew so intense that the US military deployed a crack unit of nuclear inspectors with orders to scour Europe for evidence of a Nazi atomic bomb.
  
  
  
  After fleeing Denmark, Niels Bohr sailed to the United States to advise on the Manhattan Project, and he proved just as much of a security nightmare in America as he had in Europe. He first visited New York, a dangerous city for an oblivious jaywalker like him; more than once he almost got creamed crossing the street. Then, on a cross-country train ride to New Mexico, he kept blowing his cover by forgetting his code name (Nicholas Baker), and an armed guard had to sleep outside his room at night to keep him from wandering off. Worst of all, he blabbed about fission research to anyone who'd listen. Things got so bad that General Leslie Groves had to drop everything he was doing to join Bohr for the last leg of the trip, which he spent lecturing the physicist — "for twelve straight hours," Groves recalled — about the need for discretion. Bohr instantly saw the wisdom in this and promised not to say another unauthorized word to anyone. He even succeeded in keeping his vow for a good five minutes after arriving in Los Alamos. But as soon as Bohr saw his old colleagues, at a reception in his honor, he started babbling again — spilling every secret Groves had just warned him to keep mum about. The man was simply incapable of keeping his trap shut.
  
  Although the Great Dane proved a valuable mentor at Los Alamos — at fifty-nine, he was the eldest scientist at the lab, thirty years older than the average — the immediate result of his trip was to heighten the paranoia about the Nazi atomic bomb, especially for Groves. Groves was not a hysterical man by nature, but as one of his staff noted, "He worried the hell out of the German bomb project during the war." Bohr's account of his conversation with Heisenberg in 1941 only deepened the general's unease. He also rehashed the Heisenberg Sturm und Drang for Oppenheimer and other top officials at Los Alamos; this included pulling out the sketch Heisenberg had made, which caused quite a stir. To be sure, everyone concluded that it looked more like a nuclear reactor than a bomb, but the sketch was two years old at that point; Germany had no doubt made great progress since. And if nothing else, you could use reactors to breed plutonium.
  
  Or worse. In addition to plutonium, running a reactor created all sorts of nasty by-products that were ideal for so-called dirty bombs. Although dirty bombs also require radioactive material, they differ from fission bombs in important ways. Fission bombs kill by releasing gobs of energy all at once; they vaporize you. Dirty bombs kill by releasing deadly isotopes that wriggle inside your body; they poison you. And while fission bombs require a nuclear explosion, dirty bombs don't. You simply have to spread the dirty radioactive material around, which you can do with regular explosives; you can even mix the material with smoke or powder and use crop dusters to spray it on troops or cities.
  
  As of 1943 there was no hard evidence that Germany was making dirty bombs, but the very idea of them contaminated the minds of Manhattan Project scientists, filling them with lurid visions. In the summer of 1943, project officials installed secret nuclear-defense systems in Boston, Chicago, New York, San Francisco, and Washington, with Geiger counters wired to air-raid sirens in case of attack with radioactive species. There was talk of preemptive strikes as well.
  
  Enrico Fermi pulled Robert Oppenheimer aside one day and suggested manufacturing deadly strontium-90 to poison food and water supplies in Germany. Oppenheimer met this horrifying suggestion with enthusiasm, and abandoned it only after determining that they probably couldn't kill enough people to make it worthwhile. He wanted at least half a million dead Germans, or why bother?
  
  The paranoia reached its peak, or nadir, in late 1943. Based on projections about the rate of German research, several scientists convinced themselves that the Nazis probably had enough radioactive material by then to make several dirty bombs. Nazi propaganda minister Joseph Goebbels then ratcheted up the tension by declaring that Germany would soon unleash a revolutionary "uranium torpedo" on the Allies. The only question was when, and for various reasons American fears began to coalesce around dates in December. For one thing, security always slackened during the holiday season. For another, Hitler clearly loved stagecraft and grand gestures — witness the Berlin Olympics and his stormtroopers goose-stepping through Paris. He would certainly plan the attack to maximize its emotional impact. And what day could be more devastating than Christmas or New Year's Eve? Their imaginations now at full gallop, a few American nuclear scientists actually sent their families to hideouts in the countryside in late December to protect them. They then endured a grim holiday week alone by the phone, their stomachs churning with acid, awaiting news of the atomic apocalypse.
  
  Nothing like that happened, obviously, but the hysteria once again highlighted the fact that Manhattan Project leaders had no idea what German scientists were really up to. At the time, the United States
  had pathetic intelligence capabilities, and there were no espionage units with scientific expertise, which meant they were probably overlooking vital clues. (The vast majority of people, for example, still considered uranium a useless metal.) And the problem would only get worse over the next year. By late 1943 the Allies had gained footholds in Italy and were planning to attack occupied France in 1944. Every newly conquered city meant new chances to gain precious atomic intelligence — or alternatively, to let it slip away.
  
  To fix this problem, one of Groves's deputies came up with a plan. Rather than rely on third-hand rumors from abroad, he decided the Manhattan Project should build its own intelligence unit to scour Europe. It would consist of both scientists and soldiers, and they would spend their days infiltrating labs, deciphering secret documents, and interrogating captured scientists. This was something new in the history of warfare: no one had ever turned scientists loose like this on an espionage spree. The team would report directly to Groves and would operate in strict secrecy, allowing no one in the field to know what they were searching for. The closer they could get to the front lines, the better.
  
  The program became known as the Alsos mission, a name based on a multilingual pun: α ́ λσος means "grove" in Greek. But when the object of the pun, Groves himself, discovered this Easter egg, he was furious. He didn't find it cute, and furthermore considered it a security hazard, since anyone who knew his role on the Manhattan Project could then infer what this scientific outfit was doing in Europe.
  
  (There's evidence, in fact, that a few British agents did deduce the purpose of Alsos based solely on the name.) No one in Groves's office ever confessed to this etymological crime, and by the time Groves found out about it, the name had already started circulating within the Pentagon. Changing it would only draw more attention, so he grudgingly let it stand.
  
  Groves eventually widened the scope of Alsos beyond nuclear science, figuring that as long as people were ransacking German labs, they might as well learn all they could about radar, rockets, jet engines, and biological weapons, too. But in large part, these other topics served as a beard, a way to obscure the mission's real goal: hunting down secrets about the Nazi nuclear bomb. Alsos also had the authority to seize atomic matériel like uranium and heavy water, and even scientists themselves. As the mission evolved, in fact, manhunts became its top priority. All the uranium on earth wouldn't do much good without a Hahn or a Heisenberg to sculpt it into weapons. Given their hostility to Groves, the British hated Alsos. The existing intelligence apparatus worked just fine, they insisted; there was no need to deploy a bunch of skittish scientists to the front, especially when they ran a high risk of being captured and interrogated, no doubt "in the Russian manner." Groves cared not a whit for what the British thought, but he shared their concern on this last point. Therefore none of the scientists who worked on the Manhattan Project were eligible for Alsos — they simply knew too many secrets.
  
  Ruling out everyone on the Manhattan Project, however, left very few candidates for the role of chief scientific officer on Alsos. Ideally, Groves wanted a nuclear physicist with some experience studying neutrons and cyclotrons. He couldn't be a theoretical egghead, though: the job would be as much detective work as anything. Given the dangers involved, he would have to be pretty eager to do something for the war effort, and knowledge of Europe and its languages would be a nice bonus. But where on earth would they find somebody like that?
  
  Luckily, the selection of chief military officer went more smoothly. Groves already had a candidate in mind, in fact, a former science teacher with experience in irregular warfare — someone just as obsessed as he was with security and someone who needed to get transferred out of his current post before he enraged every general in the army. Boris Theodore Pash.
  
  Excerpted from the book THE BASTARD BRIGADE: THE TRUE STORY OF THE RENEGADE SCIENTISTS AND SPIES WHO SABOTAGED THE NAZI ATOMIC BOMB by Sam Kean. Copyright © 2019 by Sam Kean. Reprinted with permission of Little, Brown and Company. All rights reserved.
  

• This week in tech history: Apple pulls the plug on the iPod classic
  
  At Engadget, we spend every day looking at how technology will shape the future. But it's also important to look back at how far we've come. That's what This Week in Tech History does. Join us every weekend for a recap of historical tech news, anniversaries and advances from the recent and not-so-recent past. This week, we're looking back at Apple's iPod classic, which was discontinued five years ago on September 9th, 2014.
  
  It's been just over five years since Apple killed off the iPod Classic (henceforth known as the iPod, because it is the One True iPod). Its death on September 9th, 2014 was no big surprise: Sales had been declining for years as the iPhone surpassed it in sales and feature set. Indeed, the notion of loading files from a computer onto a spinning hard drive to listen to music was totally anachronistic by 2014. Apple Music hadn't arrived yet, but Spotify was quickly becoming the most important way to listen to music. Since we were all carrying smartphones, having another device for music just didn't make sense anymore.
  
  In retrospect, though, I sometimes miss the iPod. Over the last five years, smartphones have taken on a predictable form. Screens are bigger, networks are (marginally) faster, cameras are better, but all in all, we know what we're getting with a handset. However, our relationship with smartphones is far more fraught than it was in 2014. We're overloaded with notifications telling us about the horrible state of the world, networks like Twitter and Facebook are minefields of abuse, subscriptions and microtransactions suck more money out of wallets -- and yet we can't put our phones down.
  
  Against the backdrop of smartphone addiction, the iPod suddenly seems appealing. Its tiny, 2.5-inch screen contained a UI meant to help you skim through thousands of songs quickly and easily; there was very little to distract you from your music. A device that felt so futuristic when it came out now feels positively retro. It's full of buttons! You have to copy files from your computer to use it! There's no internet connection!
  
  Of course, those aren't bugs but features to a small but substantial group of music lovers. You can find a whole variety of iPods for sale on eBay, not surprising considering how popular they were, but it's still an impressive secondary market. There's also a healthy mod community that'll help interested hackers put a larger, more modern SSD drive and new battery into that old iPod case. If you're the kind of person with a carefully-curated MP3 library built up over the last two decades, or someone who still buys CDs and rips them to a computer, you're probably the kind of person who pines for an iPod.
  
  
  Koichi Kamoshida via Getty Images
  
  
  
  Even though Apple killed off the original iPod five years ago, the brand still has a little value for the company. Apple still sells an iPod touch, though it's more of an iOS gateway drug at this point than anything else. But after years of the smartphone obviating various single-purpose gadgets -- cameras, music players, portable gaming devices and more -- it's not hard to imagine a world where people concerned with quality rather than convenience opt for dedicated devices again. If you're the kind of person who carries a Sony RX-100, Nintendo Switch or Kindle, you get it.
  
  While it doesn't seem likely that Apple will bring back the iPod any time soon, that won't keep me from daydreaming about what a modern update to the line would look like. This is Apple we're talking about, so it would probably only work with Apple Music or an existing MP3 library, but that's OK. As long as there was a way to sync downloaded songs from Apple Music to this imaginary iPod, it would be sufficiently modern for my tastes. Throw in a slightly larger, higher-resolution screen, a fast SSD, long battery life and a headphone jack and we're off to the races. As long as there's a click wheel, I'd at least give it a shot. The iPod 2020 probably wouldn't find a large audience -- but as we approach the iPod's 20th anniversary, I bet Apple would be surprised to find just how many fans are still out there.
  
  
  

• The Morning After: MoviePass shuts down
  
  Hey, good morning! You look fabulous.
  
  Apple's big iPhone 11 event revealed the biggest news of the week, but that's not all that happened. Tesla went plaid, we celebrated the Dreamcast and Honda put a price tag on its cute EV. Check out those highlights as well as big news from Friday including the end of MoviePass.
  
  
  
  The end of a wild ride.MoviePass is shutting down on September 14th
  
  Apple reveals the powerful new iPhone 11 Pro and Pro Max
  
  iPhone 11 Pro and Pro Max are powered by Apple's new A13 Bionic processor, which is reportedly around 20 percent faster than last year's A12 when it comes to CPU and GPU speeds. That's the same CPU as the standard iPhone 11, so the big Pro benefits are a triple camera system and some glorious new Super Retina OLED screens with a 2,000,000:1 contrast ratio and up to 1,200 nits of brightness.
  
  As for the triple cameras, they're housed in a square camera hump for the Wide, Ultra-Wide and telephoto lenses. An upcoming feature called Deep Fusion will use all three at once and then stitch the results together for higher-quality photos. Also, these phones are Apple's first to come with an 18W fast charger packed in.
  
  
  
  Better battery life and dual cameras for the masses.iPhone 11: Still cheap and cheerful
  
  iPhone 11 will follow up last year's XR model by including a new A13 Bionic chipset (that it shares with the more expensive Pro edition). Its new chipset is both more powerful and more efficient, which is enough to extend battery life by another hour over the XR. Apple also upgraded the rear camera with a 12-megapixel ultra-wide lens for dual-lens action and Night Mode.
  
  You can get its aluminum frame in six shades, and an updated front TrueDepth camera can pull off tricks like slow-motion selfies. Still, the best news about this mid-range phone might be the price -- it starts at $699.
  
  
  
  Even more black.MIT scientists accidentally create the blackest material ever
  
  Sony's Crystal cinema display supports 16K, but could cost millions
  
  The uphill battle to build Honda's first modern EV
  
  higher price and less range than some rivals. We interviewed company executives at the Frankfurt Motor Show to find out the thinking behind decisions made "to demonstrate Honda's capability in looks, technology and driving ability."
  
  
  
  9/9/99The Dreamcast predicted everything about modern consoles
  
  Devindra Hardawar reminisces about all the ways it changed gaming, and the impact those changes had even into the present day. Also, we asked readers for memories of the Dreamcast era, and your responses were just as incredible. Grab your VMUs Sega fans, we're going back to 1999.
  But wait, there's more... Disney CEO Bob Iger resigns from Apple board ahead of TV+ launch Consensual phishing: How to crack your half-forgotten crypto password Lamborghini's V12 gets electrified with the 819HP Sian hybrid Sega Genesis Mini review: The best mini console out there Watch Tesla's record-breaking 'Plaid Mode' Laguna Seca lap Android 10 review: Good today, better tomorrow Engadget's Guide to Privacy - Dark-alley defense: Tech tools to keep you safe
  
  The Morning After is a new daily newsletter from Engadget designed to help you fight off FOMO. Who knows what you'll miss if you don't Subscribe.
  
  Craving even more? Like us on Facebook or Follow us on Twitter.
  
  Have a suggestion on how we can improve The Morning After? Send us a note.
  

• Amazon's 'Undone' takes rotoscope animation to new heights
  
  Minnow Mountain and involves drawing over live-action footage, helps it stand out from everything else on TV today. Every second of the show makes it clear how far we've come from Richard Linklater's Waking Life and A Scanner Darkly, thanks to lush watercolor backgrounds and immersive three-dimensional environments. Undone is such a revelation I wouldn't be surprised if it leads to a revival of rotoscoping, a technique pioneered by the early 20th century animator Max Fleischer.
  
  "We think that the show plays the tension of reality," Purdy said in an interview with Engadget. "The fact that it is both live action and animation simultaneously, allows you to come in and play with your imagination, but also to be stretched in terms of that kind of initial feeling of 'What is this? What is this that I'm seeing?'... The fact that it is moving between mediums or is existing simultaneously between these mediums is playing thematically with what the show is exploring."
  
  
  
  After binging the entire series over the past week, it's hard to imagine Undone being presented any other way. Alma's journey gets trippy quickly — she might jump from floating in space to reliving a childhood memory of a family trip to Mexico. At one point, she runs down a seemingly infinite hallway as she encounters her past self. At times, Undone resembles the works of the anime director Satoshi Kon, who used the limitless potential of animation to craft scenes that would be incredibly expensive (and at times logistically impossible) in live action.
  
  Surprisingly, Bob-Waksberg, who also created Bojack Horseman, says he and Purdy didn't write Undone with the intention of animating it. But upon reading the script for the first time, director Hisko Hulsing quickly realized that rotoscoped animation would be the ideal medium.
  Amazon
  
  "He felt like they [the characters] were so emotional, it would be really hard to capture that emotion with traditional two-dimensional animated characters," Purdy said. "He recommended it [rotoscoped animation]... We already had concerns about capturing all that -- those micro-expressions and emotions -- and so it felt like the right choice. And then through the process of making this, I feel like Hisko made all of those advances and elevated the work. It's so lush and rich and also grounded at the same time."
  
  
  
  Hulsing brought together rotoscoping with his own animation style. The result is a show that can hop between realistic scenes of family squabbles and otherworldly science fiction at the drop of a hat. And it often flips between those modes, like when Alma is struggle to hold onto reality while coming to grips with the secrets of the cosmos. (Or maybe it's all just a manifestation of her her own mental illness.)
  
  Given just how few rotoscoped animation projects there are, Undone executive producer Tommy Pollota told Bob-Waksberg, every new entry inevitably begets new technologies and production processes. In this case, there was more computer imagery and 3D modeling involved, which helped to paint the reality an unreality of the world. But Bob-Waksberg also credits the rotoscoped artists at Minnow Mountain for their ability to capture actor's nuances.
  
  
  
  "The rotoscope artist literally pick up everything and they choose what parts of your face they want to accentuate," he said. "You can actually be very subtle and I think these actors are incredible. Rosa we've said she has the face for rotoscoping because she's so expressive in the tiniest of ways and so subtle, but she can convey huge emotional shifts."
  Amazon
  
  You might not recognize Salazar's face from Undone, but there's a good chance you've heard her voice. She also played the lead role in Alita: Battle Angel, which was motion captured using the same technology used in Avatar. Both techniques manage to capture a certain essence of Salazar's performance. But while I was wowed by the polished 3D animation in Alita, the hand drawn look of Undone does a better job of conveying her expressions and attitude.
  
  In that respect, Undone represents everything I love about animation. It's a show that goes to some truly wild places. But what makes it work is its ability to convey humanity translated through human hands.
  

• Galaxy Tab S6 review: Good notepad, bad notebook
  
  While the rest of the industry may have given up on making premium Android tablets, Samsung isn't quitting just yet. It still believes Google's software has the potential to power superthin and light 2-in-1s, and so it recently unveiled a new version of its hybrid tablet. The Galaxy Tab S6 is a 10.5-inch device that's designed for people who need to get work done on the go. It comes with an upgraded S Pen that features so-called Air Gestures for remote control of your apps; enhanced handwriting recognition to sort out your notes; and a redesigned keyboard cover (sold separately). As with previous Samsung tablets, you can expect a beautiful display, long battery life and capable performance. What really stands out about the Tab S6, though, is the S Pen, which is included in the $649 price. The stylus makes the device a really good digital notepad, but the Tab S6 still isn't quite the "laptop with the mobility of a tablet" that Samsung claims it is.
  
  
  
  
  The S Pen shines
  I love the S Pen on the Galaxy Note 10, so it doesn't surprise me that I also dig the Tab S6's stylus. The tablet version is larger and feels more like a real pen, which makes sketching for long periods of time more comfortable. As with the Note 10, Samsung added an accelerometer and gyroscope to the Tab S6's S Pen, along with a Bluetooth radio to enable remote control with Air Gestures. So when you're using the camera, for example, you can remove the S Pen, hold down its button and swipe from side-to-side to switch modes. Flick up and down to change cameras, and make an "N" shape to zoom in on a scene.
  
  As with the Note 10, I mostly found these gestures useful only in the camera app and in very specific instances, like trying to capture myself nailing yoga poses. For the most part, though, I enjoyed the S Pen more as a stylus than as a remote control.
  
  
  
  Writing with the S Pen feels as smooth and natural as before -- there's just enough resistance from the screen to make it feel like I'm writing on paper. But Samsung has improved its handwriting-recognition software to the point where it's not just more accurate at identifying what you've written -- it also automatically converts your scribbles in the background. This way, you don't even have to manually hit convert on each note to be able to search for specific words you've jotted down.
  
  I found the Tab S6 just as effective at recognizing my awful handwriting as the Note 10, though when I truly let go and wrote in lazy, extreme cursive, the system couldn't decipher my words. I get it -- most human beings probably couldn't make sense of my chicken scratch, either. But the Tab S6 understood most other things I wrote; I didn't have to try too hard to write legibly for it to correctly interpret my jottings.
  
  All told, this is a truly useful feature that gives me more reason to rely on the S Pen and the Tab S6 as a sort of digital notebook. You can also easily convert your notes to Word documents or PDFs, then send them to your friends for thoughts. As an aspiring author, I found it particularly handy to jot down my musings when inspiration hit me, then convert them later before adding them to a running Google Doc.
  
  
  
  Because of its new Bluetooth features, the S Pen requires charging, and you can do so by docking the pen on the back of the tablet, where there's a groove carved out for it. The pen stays in place magnetically, with a charging indicator appearing on the tablet itself. This seems like a flimsy method to keep the S Pen; I felt like it could fall off at any time -- though, to be fair, it didn't. But if you get one of Samsung's first-party cases for the Tab S6, they'll hold the pen in place more firmly.
  Kickstand and display
  You can get Samsung's new two-piece keyboard cover too for an extra $180. The top half includes a kickstand that sticks magnetically to the back of the Tab S6 and has a little bump that houses the S Pen. The other half of the cover is a detachable keyboard, which connects to the tablet via pogo pins. You can tear away this bottom half when you don't need to type documents and just use the kickstand part to prop up the device for playing games or, like I did on a recent flight, watching videos on a tiny airplane tray.
  
  I enjoyed my episodes of the Galaxy Tab S4 was its shoddy keyboard accessory. Not only was it cramped and somewhat flimsy, but there were a bunch of redundant keys. Worst of all, it didn't have a trackpad, so you had to reach across the keyboard to touch the screen if you wanted to, say, select a cell on a spreadsheet or hit a "Yes" button.
  
  With the Tab S6, it seems like Samsung heard about half of what I said. There's now a trackpad! It makes for a much more intuitive environment for working in desktop mode, even if it's a little smaller than I'd like. The touchpad was responsive, and two-finger gestures for scrolling and zooming worked well. I couldn't use the three-finger swipe to switch between open apps, nor could I use this cursor to drag and select text, though.
  
  Samsung also made the buttons a little deeper than before and added a function key so you can use it to trigger shortcuts that have been added to the top row. On the old keyboard, this row simply had numbers and symbols that you could trigger by pressing downshift. Now, you can also get Escape, Dex and Delete if you hold down Fn and press the `, \ and backspace buttons, respectively. As for the rest of the keys in that row, using Fn with them will give you F1 to F12 for things like opening a new tab or refreshing a webpage. I'd prefer if Samsung put controls for display brightness and volume here, but I suppose I have to be thankful for the little improvements here.
  
  I have some lingering complaints. The buttons are still a little too small, especially the backspace key. I end up having to reach a lot farther than I'm used to and end up hitting \ instead. When I'm holding down the Shift key in an animated bout of all-caps typing, the space bar doesn't work. I'll end up with a stream of words tied to each other so it looks even more incoherent when I'm digitally screaming at the world. Also, the horizontal-arrow keys don't always work -- they're useless in a URL bar, for example.
  
  These may have more to do with the Tab S6's software than the keyboard itself, which brings me to another one of my biggest annoyances with Samsung's tablets: Dex.
  
  
  Dex mode still needs work
  Oh, Dex. Where do I begin? On the Tab S6, Dex is a software interface that mimics a full desktop experience, allowing you to pull up all your apps in windows. You can resize these panels and overlay them on each other. It all sounds like a great idea, except my early experiences with Dex really burned me. There was a lot of inconsistency around whether the browser app was pulling a desktop version of a site and which apps had been optimized for the desktop environment.
  
  Samsung has since refined the software, and it's a very subtle improvement. Apps behave more like I expect them to on a desktop, although you'll have to make a lot of tweaks for them to truly run like they should. For example, you'll need to enable the "Force apps to resize" setting in Dex Labs before you can maximize every window you open. Some apps will also have to relaunch when you switch between Android and Dex modes, which takes a few seconds.
  
  Also, Chrome still doesn't automatically load the desktop version of websites, and for some reason, there are two screenshot shortcuts on the taskbar. Two! One is the native Android screenshot button, and the other is a special Samsung one. Even if one is much better than the other -- like maybe it pastes rainbow unicorns all over your screenshots or something -- why include both? Why not just have the better one in there?
  
  I would also like to see some interface changes. When I use the Alt-Tab shortcut to switch between apps, for example, the highlight over the selected app is really faint, and I can't really tell which app I've toggled to. A bolder color scheme would make this much easier to see at a glance. I'd also like the name of the app on each window's title bar so I don't have to guess. Also, sometimes clicking on a browser tab closes it, even when I tapped nowhere near the X button!
  
  It's all these little annoyances that make Dex still feel unreliable. Even though it's more stable -- in that it crashes less than before -- I still want it to be better.
  Performance and battery life
  Aside from failing to provide a reliable desktop multitasking interface, though, the Tab S6 is a sturdy performer. Its Snapdragon 855 processor capably handled my workflow, which typically consists of Slack, Gmail, Chrome, Calendar, Docs, Twitter and a few other apps. It also held up when I pushed it further by sneaking in a session of Cooking Dash, which typically lags a bit on my Pixel 3.
  Samsung Galaxy Tab S6 15:08 Samsung Galaxy Tab S4 11:50 Microsoft Surface Pro 6 15:34 iPad Pro (12.9-inch, 2018) 11:30 iPad Air (2019) 11:00
  I was also pleasantly surprised by the Tab S6's battery life -- it made it through a recent two-day journey from Germany to New York, including an eight-hour flight, with plenty of juice to spare. On our battery test, it lasted 15 hours and eight minutes, beating its predecessor by three hours. That's also better than the iPad Air and the 12.9-inch iPad Pro, though just shy of the Surface Pro 6's 15-1/2-hour result.
  Wrap-up
  With its kickstand, keyboard and wannabe desktop interface, the Tab S6 is Samsung's latest attempt at mimicking Microsoft's Surface tablets. Sure, Samsung could have just done that by making another Windows hybrid, but it feels like the company knew Android would be a better match for the S Pen's newfound capabilities. And, once again, it is the comfortable, smooth stylus that sets the Tab series apart. Those who like taking notes by hand and want an attractive, lightweight, powerful device that lasts ages will appreciate the Tab S6. Android (not to mention Dex) may feel limited for anyone looking to get real work done, but if you don't need to do much more than edit a few documents or slideshows on the go while staying in touch with your colleagues, the Tab S6 will do just fine.
  

• Sling TV now works in Apple's Safari browser
  
  You can now stream both live and on-demand Sling TV content within Apple's Safari browser for desktop. The Dish-owned over-the-top internet TV service already supports Chrome and Edge, but this additional feature means you don't have to use its Mac app anymore if Safari is your browser of choice and you're not particularly fond of the other options.
  
  To be able to access the service on your browser, you'll need to make sure you're using Safari version 11.1 (released in 2018 and available for some of the latest versions of Mac OS) or later. That's pretty much all you need, though -- the advantage of watching in a browser, after all, is that you don't need to download and run a separate app anymore.
  
  Source: Sling
  

• Linux Journal Ceases Publication: An Awkward Goodbye
      by Kyle Rankin    IMPORTANT NOTICE FROM LINUX JOURNAL, LLC: On August 7, 2019, Linux Journal shut its doors for good. All staff were laid off and the company is left with no operating funds to continue in any capacity. The website will continue to stay up for the next few weeks, hopefully longer for archival purposes if we can make it happen.  –Linux Journal, LLC
   
  
  
   
  Final Letter from the Editor: The Awkward Goodbye
  
  by Kyle Rankin
  
  Have you ever met up with a friend at a restaurant for dinner, then after dinner you both step out to the street and say a proper goodbye, only when you leave, you find out that you both are walking in the same direction? So now, you get to walk together awkwardly until the true point where you part, and then you have another, second goodbye, that's much more awkward.
  
  That's basically this post. 
  
  So, it was almost two years ago that I first said goodbye to Linux Journal and the Linux Journal community in my post "So Long and Thanks for All the Bash". That post was a proper goodbye. For starters, it had a catchy title with a pun. The post itself had all the elements of a proper goodbye: part retrospective, part "Thank You" to the Linux Journal team and the community, and OK, yes, it was also part rant. I recommend you read (or re-read) that post, because it captures my feelings about losing Linux Journal way better than I can muster here on our awkward second goodbye. 
  
  Of course, not long after I wrote that post, we found out that Linux Journal wasn't dead after all! We all actually had more time together and got to work fixing everything that had caused us to die in the first place. A lot of our analysis of what went wrong and what we intended to change was captured in my article Go to Full Article          

• Oops! Debugging Kernel Panics
      by Petros Koutoupis   
  A look into what causes kernel panics and some utilities to help gain more information.
  
  Working in a Linux environment, how often have you seen a kernel panic? When it happens, your system is left in a crippled state until you reboot it completely. And, even after you get your system back into a functional state, you're still left with the question: why? You may have no idea what happened or why it happened. Those questions can be answered though, and the following guide will help you root out the cause of some of the conditions that led to the original crash.
  
  Figure 1. A Typical Kernel Panic
  
  Let's start by looking at a set of utilities known as kexec and kdump. kexec allows you to boot into another kernel from an existing (and running) kernel, and kdump is a kexec-based crash-dumping mechanism for Linux.
   Installing the Required Packages
  First and foremost, your kernel should have the following components statically built in to its image:
    CONFIG_RELOCATABLE=y CONFIG_KEXEC=y CONFIG_CRASH_DUMP=y CONFIG_DEBUG_INFO=y CONFIG_MAGIC_SYSRQ=y CONFIG_PROC_VMCORE=y  
  You can find this in /boot/config-`uname -r`.
  
  Make sure that your operating system is up to date with the latest-and-greatest package versions:
    $ sudo apt update && sudo apt upgrade  
  Install the following packages (I'm currently using Debian, but the same should and will apply to Ubuntu):
    $ sudo apt install gcc make binutils linux-headers-`uname -r`  ↪kdump-tools crash `uname -r`-dbg  
  Note: Package names may vary across distributions.
  
  During the installation, you will be prompted with questions to enable kexec to handle reboots (answer whatever you'd like, but I answered "no"; see Figure 2).
  
  Figure 2. kexec Configuration Menu
  
  And to enable kdump to run and load at system boot, answer "yes" (Figure 3).
  
  Figure 3. kdump Configuration Menu
   Configuring kdump
  Open the /etc/default/kdump-tools file, and at the very top, you should see the following:
      Go to Full Article          

• Loadsharers: Funding the Load-Bearing Internet Person
      by Eric S. Raymond   
  The internet has a sustainability problem. Many of its critical services depend on the dedication of unpaid volunteers, because they can't be monetized and thus don't have any revenue stream for the maintainers to live on. I'm talking about services like DNS, time synchronization, crypto libraries—software without which the net and the browser you're using couldn't function.
  
  These volunteer maintainers are the Load-Bearing Internet People (LBIP). Underfunding them is a problem, because underfunded critical services tend to have gaps and holes that could have been fixed if there were more full-time attention on them. As our civilization becomes increasingly dependent on this software infrastructure, that attention shortfall could lead to disastrous outages.
  
  I've been worrying about this problem since 2012, when I watched a hacker I know wreck his health while working on a critical infrastructure problem nobody else understood at the time. Billions of dollars in e-commerce hung on getting the particular software problem he had spotted solved, but because it masqueraded as network undercapacity, he had a lot of trouble getting even technically-savvy people to understand where the problem was. He solved it, but unable to afford medical insurance and literally living in a tent, he eventually went blind in one eye and is now prone to depressive spells.
  
  More recently, I damaged my ankle and discovered that although there is such a thing as minor surgery on the medical level, there is no such thing as "minor surgery" on the financial level. I was looking—still am looking—at a serious prospect of either having my life savings wiped out or having to leave all 52 of the open-source projects I'm responsible for in the lurch as I scrambled for a full-time job. Projects at risk include the likes of GIFLIB, GPSD and NTPsec.
  
  That refocused my mind on the LBIP problem. There aren't many Load-Bearing Internet People—probably on the close order of 1,000 worldwide—but they're a systemic vulnerability made inevitable by the existence of common software and internet services that can't be metered. And, burning them out is a serious problem. Even under the most cold-blooded assessment, civilization needs the mean service life of an LBIP to be long enough to train and acculturate a replacement.
  
  (If that made you wonder—yes, in fact, I am training an apprentice. Different problem for a different article.)
  
  Alas, traditional centralized funding models have failed the LBIPs. There are a few reasons for this:
      Go to Full Article          

• Documenting Proper Git Usage
      by Zack Brown   
  Jonathan Corbet wrote a document for inclusion in the kernel tree, describing best practices for merging and rebasing git-based kernel repositories. As he put it, it represented workflows that were actually in current use, and it was a living document that hopefully would be added to and corrected over time.
  
  The inspiration for the document came from noticing how frequently Linus Torvalds was unhappy with how other people—typically subsystem maintainers—handled their git trees.
  
  It's interesting to note that before Linus wrote the git tool, branching and merging was virtually unheard of in the Open Source world. In CVS, it was a nightmare horror of leechcraft and broken magic. Other tools were not much better. One of the primary motivations behind git—aside from blazing speed—was, in fact, to make branching and merging trivial operations—and so they have become.
  
  One of the offshoots of branching and merging, Jonathan wrote, was rebasing—altering the patch history of a local repository. The benefits of rebasing are fantastic. They can make a repository history cleaner and clearer, which in turn can make it easier to track down the patches that introduced a given bug. So rebasing has a direct value to the development process.
  
  On the other hand, used poorly, rebasing can make a big mess. For example, suppose you rebase a repository that has already been merged with another, and then merge them again—insane soul death.
  
  So Jonathan explained some good rules of thumb. Never rebase a repository that's already been shared. Never rebase patches that come from someone else's repository. And in general, simply never rebase—unless there's a genuine reason.
  
  Since rebasing changes the history of patches, it relies on a new "base" version, from which the later patches diverge. Jonathan recommended choosing a base version that was generally thought to be more stable rather than less—a new version or a release candidate, for example, rather than just an arbitrary patch during regular development.
  
  Jonathan also recommended, for any rebase, treating all the rebased patches as new code, and testing them thoroughly, even if they had been tested already prior to the rebase.
  
  "If", he said, "rebasing is limited to private trees, commits are based on a well-known starting point, and they are well tested, the potential for trouble is low."
  
  Moving on to merging, Jonathan pointed out that nearly 9% of all kernel commits were merges. There were more than 1,000 merge requests in the 5.1 development cycle alone.
      Go to Full Article          

• Understanding Python's asyncio
      by Reuven M. Lerner   
  How to get started using Python's asyncio.
  
  Earlier this year, I attended PyCon, the international Python conference. One topic, presented at numerous talks and discussed informally in the hallway, was the state of threading in Python—which is, in a nutshell, neither ideal nor as terrible as some critics would argue.
  
  A related topic that came up repeatedly was that of "asyncio", a relatively new approach to concurrency in Python. Not only were there formal presentations and informal discussions about asyncio, but a number of people also asked me about courses on the subject.
  
  I must admit, I was a bit surprised by all the interest. After all, asyncio isn't a new addition to Python; it's been around for a few years. And, it doesn't solve all of the problems associated with threads. Plus, it can be confusing for many people to get started with it.
  
  And yet, there's no denying that after a number of years when people ignored asyncio, it's starting to gain steam. I'm sure part of the reason is that asyncio has matured and improved over time, thanks in no small part to much dedicated work by countless developers. But, it's also because asyncio is an increasingly good and useful choice for certain types of tasks—particularly tasks that work across networks.
  
  So with this article, I'm kicking off a series on asyncio—what it is, how to use it, where it's appropriate, and how you can and should (and also can't and shouldn't) incorporate it into your own work.
   What Is asyncio?
  Everyone's grown used to computers being able to do more than one thing at a time—well, sort of. Although it might seem as though computers are doing more than one thing at a time, they're actually switching, very quickly, across different tasks. For example, when you ssh in to a Linux server, it might seem as though it's only executing your commands. But in actuality, you're getting a small "time slice" from the CPU, with the rest going to other tasks on the computer, such as the systems that handle networking, security and various protocols. Indeed, if you're using SSH to connect to such a server, some of those time slices are being used by sshd to handle your connection and even allow you to issue commands.
  
  All of this is done, on modern operating systems, via "pre-emptive multitasking". In other words, running programs aren't given a choice of when they will give up control of the CPU. Rather, they're forced to give up control and then resume a little while later. Each process running on a computer is handled this way. Each process can, in turn, use threads, sub-processes that subdivide the time slice given to their parent process.
      Go to Full Article          

• RV Offsite Backup Update
      by Kyle Rankin   
  Having an offsite backup in your RV is great, and after a year of use, I've discovered some ways to make it even better.
  
  Last year I wrote a feature-length article on the data backup system I set up for my RV (see Kyle's "DIY RV Offsite Backup and Media Server" from the June 2018 issue of LJ). If you haven't read that article yet, I recommend checking it out first so you can get details on the system. In summary, I set up a Raspberry Pi media center PC connected to a 12V television in the RV. I connected an 8TB hard drive to that system and synchronized all of my files and media so it acted as a kind of off-site backup. Finally, I set up a script that would attempt to sync over all of those files from my NAS whenever it detected that the RV was on the local network. So here, I provide an update on how that system is working and a few tweaks I've made to it since.
   What Works
  Overall, the media center has worked well. It's been great to have all of my media with me when I'm on a road trip, and my son appreciates having access to his favorite cartoons. Because the interface is identical to the media center we have at home, there's no learning curve—everything just works. Since the Raspberry Pi is powered off the TV in the RV, you just need to turn on the TV and everything fires up.
  
  It's also been great knowing that I have a good backup of all of my files nearby. Should anything happen to my house or my main NAS, I know that I can just get backups from the RV. Having peace of mind about your important files is valuable, and it's nice knowing in the worst case when my NAS broke, I could just disconnect my USB drive from the RV, connect it to a local system, and be back up and running.
  
  The WiFi booster I set up on the RV also has worked pretty well to increase the range of the Raspberry Pi (and the laptops inside the RV) when on the road. When we get to a campsite that happens to offer WiFi, I just reset the booster and set up a new access point that amplifies the campsite signal for inside the RV. On one trip, I even took it out of the RV and inside a hotel room to boost the weak signal.
      Go to Full Article          

• Another Episode of "Seems Perfectly Feasible and Then Dies"--Script to Simplify the Process of Changing System Call Tables
      by Zack Brown   
  David Howells put in quite a bit of work on a script, ./scripts/syscall-manage.pl, to simplify the entire process of changing the system call tables. With this script, it was a simple matter to add, remove, rename or renumber any system call you liked. The script also would resolve git conflicts, in the event that two repositories renumbered the system calls in conflicting ways.
  
  Why did David need to write this patch? Why weren't system calls already fairly easy to manage? When you make a system call, you add it to a master list, and then you add it to the system call "tables", which is where the running kernel looks up which kernel function corresponds to which system call number. Kernel developers need to make sure system calls are represented in all relevant spots in the source tree. Renaming, renumbering and making other changes to system calls involves a lot of fiddly little details. David's script simply would do everything right—end of story no problemo hasta la vista.
  
  Arnd Bergmann remarked, "Ah, fun. You had already threatened to add that script in the past. The implementation of course looks fine, I was just hoping we could instead eliminate the need for it first." But, bowing to necessity, Arnd offered some technical suggestions for improvements to the patch.
  
  However, Linus Torvalds swooped in at this particular moment, saying:
  
  Ugh, I hate it.
  
  I'm sure the script is all kinds of clever and useful, but I really think the solution is not this kind of helper script, but simply that we should work at not having each architecture add new system calls individually in the first place.
  
  IOW, we should look at having just one unified table for new system call numbers, and aim for the per-architecture ones to be for "legacy numbering".
  
  Maybe that won't happen, but in the _hope_ that it happens, I really would prefer that people not work at making scripts for the current nasty situation.
  
  And the portcullis came crashing down.
  
  It's interesting that, instead of accepting this relatively obvious improvement to the existing situation, Linus would rather leave it broken and ugly, so that someone someday somewhere might be motivated to do the harder-yet-better fix. And, it's all the more interesting given how extreme the current problem is. Without actually being broken, the situation requires developers to put in a tremendous amount of care and effort into something that David's script could make trivial and easy. Even for such an obviously "good" patch, Linus gives thought to the policy and cultural implications, and the future motivations of other people working in that region of code.
  
  Note: if you're mentioned above and want to post a response above the comment section, send a message with your response text to ljeditor@linuxjournal.com.
      Go to Full Article          

• Experts Attempt to Explain DevOps--and Almost Succeed
      by Bryan Lunduke   
  What is DevOps? How does it relate to other ideas and methodologies within software development? Linux Journal Deputy Editor and longtime software developer, Bryan Lunduke isn't entirely sure, so he asks some experts to help him better understand the DevOps phenomenon.
  
  The word DevOps confuses me.
  
  I'm not even sure confuses me quite does justice to the pain I experience—right in the center of my brain—every time the word is uttered.
  
  It's not that I dislike DevOps; it's that I genuinely don't understand what in tarnation it actually is. Let me demonstrate. What follows is the definition of DevOps on Wikipedia as of a few moments ago:
  
  DevOps is a set of software development practices that combine software development (Dev) and information technology operations (Ops) to shorten the systems development life cycle while delivering features, fixes, and updates frequently in close alignment with business objectives.
  
  I'm pretty sure I got three aneurysms just by copying and pasting that sentence, and I still have no clue what DevOps really is. Perhaps I should back up and give a little context on where I'm coming from.
  
  My professional career began in the 1990s when I got my first job as a Software Test Engineer (the people that find bugs in software, hopefully before the software ships, and tell the programmers about them). During the years that followed, my title, and responsibilities, gradually evolved as I worked my way through as many software-industry job titles as I could:
   Automation Engineer: people that automate testing software.    Software Development Engineer in Test: people that make tools for the testers to use.    Software Development Engineer: aka "Coder", aka "Programmer".    Dev Lead: "Hey, you're a good programmer! You should also manage a few other programmers but still code just as much as you did before, but, don't worry, we won't give you much of a raise! It'll be great!"    Dev Manager: like a Dev Lead, with less programming, more managing.    Director of Engineering: the manager of the managers of the programmers.    Vice President of Technology/Engineering: aka "The big boss nerd man who gets to make decisions and gets in trouble first when deadlines are missed." 
  During my various times with fancy-pants titles, I managed teams that included:
      Go to Full Article          

• DNA Geometry with cadnano
      by Joey Bernard   
  This article introduces a tool you can use to work on three-dimensional DNA origami. The package is called cadnano, and it's currently being developed at the Wyss Institute. With this package, you'll be able to construct and manipulate the three-dimensional representations of DNA structures, as well as generate publication-quality graphics of your work.
  
  Because this software is research-based, you won't likely find it in the package repository for your favourite distribution, in which case you'll need to install it from the GitHub repository.
  
  Since cadnano is a Python program, written to use the Qt framework, you'll need to install some packages first. For example, in Debian-based distributions, you'll want to run the following commands:
    sudo apt-get install python3 python3-pip  
  I found that installation was a bit tricky, so I created a virtual Python environment to manage module installations.
  
  Once you're in your activated virtualenv, install the required Python modules with the command:
    pip3 install pythreejs termcolor pytz pandas pyqt5 sip  
  After those dependencies are installed, grab the source code with the command:
    git clone https://github.com/cadnano/cadnano2.5.git  
  This will grab the Qt5 version. The Qt4 version is in the repository https://github.com/cadnano/cadnano2.git.
  
  Changing directory into the source directory, you can build and install cadnano with:
    python setup.py install  
  Now your cadnano should be available within the virtualenv.
  
  You can start cadnano simply by executing the cadnano command from a terminal window. You'll see an essentially blank workspace, made up of several empty view panes and an empty inspector pane on the far right-hand side.
  
  Figure 1. When you first start cadnano, you get a completely blank work space.
  
  In order to walk through a few of the functions available in cadnano, let's create a six-strand nanotube. The first step is to create a background that you can use to build upon. At the top of the main window, you'll find three buttons in the toolbar that will let you create a "Freeform", "Honeycomb" or "Square" framework. For this example, click the honeycomb button.
  
  Figure 2. Start your construction with one of the available geometric frameworks.
      Go to Full Article          

• Running GNOME in a Container
      by Adam Verslype   
  Containerizing the GUI separates your work and play.
  
  Virtualization has always been a rich man's game, and more frugal enthusiasts—unable to afford fancy server-class components—often struggle to keep up. Linux provides free high-quality hypervisors, but when you start to throw real workloads at the host, its resources become saturated quickly. No amount of spare RAM shoved into an old Dell desktop is going to remedy this situation. If a properly decked-out host is out of your reach, you might want to consider containers instead.
  
  Instead of virtualizing an entire computer, containers allow parts of the Linux kernel to be portioned into several pieces. This occurs without the overhead of emulating hardware or running several identical kernels. A full GUI environment, such as GNOME Shell can be launched inside a container, with a little gumption.
  
  You can accomplish this through namespaces, a feature built in to the Linux kernel. An in-depth look at this feature is beyond the scope of this article, but a brief example sheds light on how these features can create containers. Each kind of namespace segments a different part of the kernel. The PID namespace, for example, prevents processes inside the namespace from seeing other processes running in the kernel. As a result, those processes believe that they are the only ones running on the computer. Each namespace does the same thing for other areas of the kernel as well. The mount namespace isolates the filesystem of the processes inside of it. The network namespace provides a unique network stack to processes running inside of them. The IPC, user, UTS and cgroup namespaces do the same for those areas of the kernel as well. When the seven namespaces are combined, the result is a container: an environment isolated enough to believe it is a freestanding Linux system.
  
  Container frameworks will abstract the minutia of configuring namespaces away from the user, but each framework has a different emphasis. Docker is the most popular and is designed to run multiple copies of identical containers at scale. LXC/LXD is meant to create containers easily that mimic particular Linux distributions. In fact, earlier versions of LXC included a collection of scripts that created the filesystems of popular distributions. A third option is libvirt's lxc driver. Contrary to how it may sound, libvirt-lxc does not use LXC/LXD at all. Instead, the libvirt-lxc driver manipulates kernel namespaces directly. libvirt-lxc integrates into other tools within the libvirt suite as well, so the configuration of libvirt-lxc containers resembles those of virtual machines running in other libvirt drivers instead of a native LXC/LXD container. It is easy to learn as a result, even if the branding is confusing.
      Go to Full Article