What projects does the community like to donate to?
In the past, I've donated to EFF, Mint, Wikipedia (though this is controversial), Project Gutenburg and the Internet Archive. I just stumbled on torservers.net where you can fund Tor exit nodes. I guess GPG would also be a good candidate — the maintainer, Werner Koch's struggle for funding has been discussed here on SN before.
Do you guys have any other recommendations? Bounty Source looks interesting.
World-renowned Unix master Chris Siebenmann has written an article entitled 'I wish systemd would get over its thing about syslog'. It addresses the strained relationship between the systemd init system and the traditional syslog approach to logging used on many Linux systems.
Anyone who works with systemd soon comes to realize that systemd just doesn't like syslog very much. In fact systemd is so unhappy with syslog that it invented its own logging mechanism (in the form of journald). This is not news. What people who don't have to look deeply into the situation often don't realize is that systemd's dislike is sufficiently deep that systemd just doesn't interact very well with syslog.
This is a must-read article for anyone who needs to use systemd and syslog together.
Ever since Time Warner and Comcast announced their intent to seek a merger, public opinion has been fiercely against the idea. The discussions over whether the merger should be allowed have sparked increased discussion around the effective oligopoly and profound anticompetitive nature of American broadband. Now, news has broken that the US government’s regulators are considering killing the deal.
There’s been little serious argument that the merger should be allowed to proceed. While the two companies protested that allowing them to merge wouldn’t harm competition, the maps they produced to demonstrate this wound up illustrating just how anti-competitive the current system already is.
Ars Technica reports that Netflix is about to encrypt all its video streams with HTTPS. The feature will be rolled out in the coming year. This comes after one failed attempt six months ago.
Netflix's entry into the HTTPS party comes as privacy and security advocates are calling on all websites to encrypt all their traffic. The rationale behind the request is that continuous and complete HTTPS protection thwarts state-sponsored attacks that countries like the US and China launch from the Internet backbone. Web encryption is also useful against man-in-the-middle attacks that hijack huge chunks of Internet traffic. In both cases, HTTPS prevents the attacker from surreptitiously injecting malicious packets into the targeted data stream.
According to El Reg, this change will increase costs considerably for Netflix:
Netflix has battled with the overheads HTTPS incurs; Watson estimated a capacity hit between 30 to 53 percent thanks to encryption computational overheads and a lack of optimisations to avoid data copies to and from user space.
Such a hit would cost Netflix potentially hundreds of millions of dollars a year.
Tweaks could cut that overhead by a third while speculative advancements in the next several years could crush it by up to 80 percent.
Do we really need encrypted video streams?
The journal Basic and Applied Social Psychology announced in a February editorial that researchers who submit studies for publication would not be allowed to use common statistical methods, including p-values. While p-values are routinely misused in scientific literature, many researchers who understand its proper role are upset about the ban. Biostatistician Steven Goodman said, "This might be a case in which the cure is worse than the disease. The goal should be the intelligent use of statistics. If the journal is going to take away a tool, however misused, they need to substitute it with something more meaningful."
Scribol.com has a photo spread documenting a descent into into the crater known as the Door to Hell. Supposedly this was the first time any person has attempted to reach the bottom of the crater. The crater has a diameter of 70 metres (230 ft) and a depth of about 20 metres (66 ft). Natural gas vents through the sides and bottom of the crater continuously, creating a fire pit with unstable sides.
[Wikipedia] says the crater, located in Ahal Province, Turkmenistan, was created by Russian oil and gas drillers when they accidentally drilled into an underground void, which then collapsed, and continued to vent gas. It was allegedly intentionally set on fire to burn off the gas.**
That was in 1971. The crater has been burning ever since.
**(Locals insist the crater was there before the Soviets arrived, and the only thing the drillers added was the fire).
The extensive photos on the Scribol site document an attempt to reach the bottom of the crater to sample for extremophiles.. That effort was part of a 2013 National Geographic television special. A two minute video clip of this program is available which gives a good sense of the size of the crater.
[Ed. addition] Notable quotation from the scribol story:
"Now I had two alarms going off and I was starting to overheat," the adventurer continues. "The crew started to haul me up on the ropes, and all I could do was just try to relax and slow my breathing down. But trying to relax while dangling over fire with a low-air alarm going off is not a simple task."
Dan Geer at CIA funded In-Q-Tel looks at approaches for estimating vulnerabilities in software. PDF: http://geer.tinho.net/fgm/fgm.geer.1504.pdf
The motivation is this article by Bruce Schneier on whether the NSA should patch or exploit vulnerabilities. Quoting from the Geer article:
In a May 2014 article in The Atlantic , Bruce Schneier asked a cogent, first-principles question: “Are vulnerabilities in software dense or sparse?” If they are sparse, then every vulnerability you find and fix meaningfully lowers the number of vulnerabilities that are extant. If they are dense, then finding and fixing one more is essentially irrelevant to security and a waste of the resources spent finding it. Six-take-away-one is a 15% improvement. Six-thousand-take-away-one has no detectable value.
In Schneier's words:
There is no way to simultaneously defend U.S. networks while leaving foreign networks open to attack. Everyone uses the same software, so fixing us means fixing them, and leaving them vulnerable means leaving us vulnerable. As Harvard Law Professor Jack Goldsmith wrote, “every offensive weapon is a (potential) chink in our defense—and vice versa.” ...
If vulnerabilities are plentiful—and this seems to be true—the ones the U.S. finds and the ones the Chinese find will largely be different. This means that patching the vulnerabilities we find won’t make it appreciably harder for criminals to find the next one. We don’t really improve general software security by disclosing and patching unknown vulnerabilities, because the percentage we find and fix is small compared to the total number that are out there.
The Geer article has some interesting references: especially this well-titled analysis of OpenBSD's code base: "Milk or Wine: Does Software Security Improve with Age?" (PDF)
Twitter, the haiku-based platform beloved of the punditocracy and journalists(?), is in trouble:
According to Pew, only 23 percent of Americans over the age of 18 use Twitter. Facebook, on the other hand, is used by 71 percent of American adults. These stats by themselves don't necessarily spell disaster for the social network. Facebook has always dwarfed Twitter in size and, moreover, the platforms are fundamentally different — tweeted content reaches far beyond Twitter's digital properties to travel all over the media landscape, from other websites and apps to national television broadcasts.
What's perhaps more troubling, however, is that only 36 percent of those Twitter users visit the site daily, compared to Facebook which is visited daily by 70 percent of its users. What's worse, that number went down a full ten points from 46 percent between 2013 and 2014. Statistics like these run counter to the narrative pushed by many of the platform's defenders — and Twitter itself — that while it has far fewer users than Facebook these users experience Twitter on a deeper, more engaged level. In fact, that's the entire argument in support of Twitter's ad revenue prospects versus other more popular networks — because, frankly, its user growth has been abysmal. Last quarter Twitter added a mere 4 million users to bring its total to 288 million, which has allowed both Instagram and Pinterest — two platforms that as recently as 2012 had fewer users — to surpass it.
Me, I'm really looking forward to picking up a new Aeron chair and foosball table on the cheap at the impending Twitter HQ fire sale in NYC.
The FBI seized equipment from noted security researcher Chris Roberts on Wednesday, alleging that Roberts may have tampered with the systems aboard a United flight to Chicago. Roberts denies the claim.
Chris Roberts (a.k.a sidragon1), a leading researcher delving into the security of airplanes, was pulled off a plane in Syracuse, New York, on Wednesday by the FBI and questioned, apparently over concerns that he attempted to hack into critical systems aboard a United flight earlier in the day.
His laptop and a variety of external storage devices were confiscated by the FBI, which said it wanted to determine whether Roberts, an authority on security vulnerabilities in modern aircraft, may have accessed sensitive systems on a flight from Colorado to Chicago earlier in the day.
Roberts is the founder and Chief Technology Officer of One World Labs, a security research firm.
In response to mentions of his earlier research on Twitter, Roberts, using the @sidragon1 handle, had tweeted about his ability to hack into in-cabin control systems on the Boeing 737.
“Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? “PASS OXYGEN ON” Anyone ? :)”
A company is rolling out its 4D experience to add physical effects to the cinema experience:
Movie theaters are in for some very stormy weather now that CJ 4DPlex is rolling out its three newest effects: snow, rainstorm and warm air.
The inclement weather simulations will be shared with the public for the first time at CinemaCon, the annual exhibition trade show taking place this April in Las Vegas. It’s part of what the company has dubbed its 4DX experience.
The new additions join 4DX’s catalogue of standard effects, which include motion, water, fog, wind, air, lightning, bubbles, ticklers, scents and vibration. The idea of 4D theaters, which remain more popular in foreign countries than in the U.S., is to heighten the theatrical experience by pumping auditoriums with effects that mirror the on-screen action.
CJ 4DPlex says that the new effects will create a more immersive experience for any on-screen floods, explosions, earthquakes, tornadoes and fires. It also arrives just in time for a summer movie slate that includes disaster films like “San Andreas” and apocalyptic adventures such as “Mad Max: Fury Road,” both of which will be screened by the company.
4D theaters have been around in select places for several years now. My kids have dragged me to the Dora & Diego 4D movie at the Bronx Zoo scores of times; but, will such features find wider adoption? Will 4D succeed where 3D has failed to bring audiences back to the cinema?
From PC World:
More than two dozen U.S. government websites should be urgently upgraded to use encryption, as whistleblowers are potentially at risk, according to the American Civil Liberties Union.
At least 29 websites that can be used for reporting abuse and fraud don't use encryption, the ACLU said in a letter sent on Tuesday to the U.S.'s top technology chief, CIO Tony Scott.
There has been a broad push recently to move websites to using SSL/TLS (secure sockets layer/transport security layer) encryption. Most e-commerce sites use SSL/TLS, but the case has grown stronger for its broader adoption because of a surge in state-sponsored espionage and cybercriminal activity.
The government plans to upgrade all of its websites within two years to use encryption, signified by "https" in a browser's URL bar. It prevents data that is exchanged between a computer and a website from being read if it is intercepted or tampered with during a man-in-the-middle attack.
The ACLU said that the timeline "is not soon enough for some sensitive sites," which it said included the Justice Department, Treasury Department and the Department of Homeland Security.
Emacs vs. vi; PC vs. Mac; Windows vs. Linux; Sony vs. Nintendo. Holy wars of technological preference have been nothing new since the adolescence of computing technology, and are often the subject of many a debate here.
As they tussled in a parking lot, the men allegedly struck and jabbed each other with broken beer bottles. Mendez and Ecevo suffered minor wounds during the fight and were transported to a local hospital for treatment of cuts and bruises.
Which raises the question - How close have you all come to violence during a technological argument?
Two clinical trials for cancer were recently halted for the best possible reason; the drugs worked so well that it would be unethical to continue. One trial was for melanoma and the other was for lung cancer, but the drug-target was the same: Programmed cell death protein 1 (PD-1).
PD-1 is a protein that inhibits responses from T cells. Cancer often takes advantage of the PD-1 pathway to prevent a productive immune response that would otherwise kill the cancer. The drugs in both the clinical trials are antibodies that bind to PD-1, thus preventing cancer-mediated inhibition of the immune response. As this is a general mechanism that cancer uses to evade the immune system, it will likely be effective at treating other forms of cancer besides melanoma and lung cancer. Also, since the drugs are targeting T cells and not the cancer directly, resistance will not develop as easily.
We looked around briefly and also found:
The US Department of Education reports
The U.S. Department of Education took additional steps [April 14] to protect students and taxpayers and crack down on abuses within the for-profit sector by continuing its enforcement actions against Corinthian Colleges Inc. After a comprehensive review, the U.S. Department of Education has confirmed cases of misrepresentation of job placement rates to current and prospective students in Corinthian's Heald College system. The Department found 947 misstated placement rates and informed the company it is being fined about $30 million.
Specifically, the Department has determined that Heald College's inaccurate or incomplete disclosures were misleading to students; that they overstated the employment prospects of graduates of Heald's programs; and that current and prospective students of Heald could have relied upon that information as they were choosing whether to attend the school. Heald College provided the Department and its accreditors this inaccurate information as well.
The Department has also notified Corinthian it intends to deny Corinthian's pending applications to continue to participate in the Title IV federal student aid programs at its Heald Salinas and Stockton locations. Corinthian has 14 days to respond to the Department's notice, after which the Department will issue its final decision. Moreover, the Department has determined that Heald College is no longer allowed to enroll students and must prepare to help its current students either complete their education or continue it elsewhere.
The "Corinthian 15" debt strikers of February became the Corinthian 100 in late March with students refusing to pay back loans made under fraudulent conditions. Nine states' attorneys general agree that the bad loans should be forgiven.
Cable News Network notes
"Corinthian took advantage of students who were trying to build a better life for themselves and their families" said Massachusetts Attorney General Maura Healey.
[...]Tuition and fees for some of its programs cost more than five times those at other public colleges, according to the [Consumer Financial Protection Bureau]. A bachelor's degree cost up to $75,000 and an associate's was as much as $43,000.
Corinthian was so expensive that many students needed to take out both federal loans and private loans to cover the cost. The college offered its own private loans, which came with interest rates sometimes twice as high as federal loans.
Airbus has found a way to make flying economy even worse. That’s quite a feat, given how crummy the experience is these days. The trick, it turns out, is eliminating one the few remaining saving graces of air travel: better than even odds you won’t be squeezed into a middle seat. Generally, you’ve got a two in three chance of landing an aisle or a window.
But now, airlines flying the Airbus A380, the largest commercial jet on the planet, can reduce those odds. The European plane maker announced this week that it will offer a 3-5-3 cabin configuration, creating rows with 11 seats.
I've said it before, and I'll say it again, the future of civilized air travel lies with airships.