Covers the period:
2017-01-01 .. 2017-02-22
(SPIDs: [586..612]) --martyb
Join our Folding@Home team:
Support us: Subscribe Here
Even tiny brains can learn strange and tricky stuff, especially by watching tiny experts.
Buff-tailed bumblebees got several chances to watch a trained bee roll a ball to a goal. These observers then quickly mastered the unusual task themselves when given a chance, researchers report in the Feb. 24 Science. And most of the newcomers even improved on the goal-sinking by taking a shortcut demo-bees hadn't used, says behavioral ecologist Olli Loukola at Queen Mary University of London.
Learning abilities of animals without big vertebrate brains often get severely underestimated, Loukola says. "The idea that small brains constrain insects is kind of wrong, or old-fashioned."
Anil Dash's article discusses how the internet has enabled and encouraged the formation of what he calls "Fake Markets." These Fake Markets have the appearance of a more ordinary free market, but the choices allowed therein are either illusory or can be arbitrarily shuffled or removed without knowledge of any of the parties to the transaction. He traces the changes in business plans of companies such as Uber, Google, and eBay to show how they have evolved from creating new markets to strangling them.
But unlike competitive sellers on eBay, Uber drivers can't set their prices. In fact, prices can be (and regularly have been) changed unilaterally by Uber. And passengers can't make informed choices about selecting a driver: The algorithm by which a passenger and driver are matched is opaque—to both the passenger and driver. In fact, as Data & Society's research has shown, Uber has at times deliberately misrepresented the market of available cars by showing "ghost" cars to users in the Uber app.
It seems this "market" has some awfully weird traits.
- Consumers can't trust the information they're being provided to make a purchasing decision.
- A single opaque algorithm defines which buyers are matched with which sellers.
- Sellers have no control over their own pricing or profit margins.
- Regulators see the genuine short-term consumer benefit but don't realize the long-term harms that can arise.
This is, by any reasonable definition, no market at all. One might even call Uber a "Fake Market". Yet, by carefully describing drivers in their system as "entrepreneurs" and appropriating the language of true markets, Uber has been welcomed by communities and policymakers as if they were creating a new marketplace. That has serious implications for policy, regulation and even civil rights. For example, we can sincerely laud Uber for making it easier for African American passengers to reliably hail a car when they need a ride, but if persistent patterns of bias from drivers arise again in the Uber era, we'll have a harder time regulating those abuses because Uber doesn't usually follow the same policies as licensed taxis.
Continuation of: Site Update 2/27
So, the recent site update got a lot of news, and comments. Predictably, there was a lot of comments split on the fence both ways. I've been out sick and haven't been actively involved in SN in a few days, but I did review the updated changes on dev before they went out. I'm still not up to responding to you guys personally, and TMB/Paul have had things covered, so I'm just going to write a blanket story. So, let's open this and say THIS ISN'T THE FINAL SET OF HOW THINGS WILL BE. I'm leaving my comments above the fold to make it clear what's going on. I'd put that in a blink tag on if that was still in the HTML standard.
The changes to commenting were primarily driven on technical grounds. To do D1.5, the site had to load a mass load of comments and do server side processing to thread them. To give you an example, on a cold page load, before we apply caching a few points in the site would take over a minute to load, render and thread. The only thing that prevented the site from becoming unusable in 503s is that the frontend has a lot of caching. Even with that, we can't cache every single bit of the site at once. In a "cold cache" scenario such as after a varnish or DB update, the site would be borderline unusable until those caches could be loaded. So let me make this clear that this change wasn't a change for changes sake. There was (and is) a need to revamp the commenting.
We noted that this change was coming in other meta stories, and even had a landing article on dev for people coming to check it out. No one did. How we use commenting on dev and how we use it on production are two different things; you can't realistically test these things in real world conditions without updating production.
As TMB stated, we couldn't get the same behavior without making the site cry in the corner, and this was fairly extensively tested on dev before it went live. For older users to the site, you may remember this is not the first time we've changed comments, and rather predictably, the roll out of Improved Commenting actually was fairly buggy. This is a more drastic update.
Right now, we're going to keep improving and changing things to address as many things as possible. To that extent, there will be a daily article for at least this week if not longer to allow for feedback as we work to make things better. If, at the end of all the tweaking, we can't satisfy the vast majority of folks, a revert remains as an available option. We've built this entire site on listening to the community, and taking their feedback into account. That isn't going to change now. I'm hoping we've earned enough trust from you guys collectively to be allowed to at least experiment for a bit.
I'm going to leave the rest of the article for the dev crew to use. Due to personal real life issues, I'm likely not going to be around much, so if you don't see me, that's why. I have full faith in the staff in helping manage and keep things going.
Hi! I'm martyb (aka Bytram) your friendly neighborhood QA/test guy chiming in with my 2¢ on the upgrade/rollout.
Firstly, I apologize that you are seeing ANY issues with the site upgrade. I took this update very seriously and was, unfortunately, only able to perform about half of the testing that I wanted to see done before we went live. That said, there are some issues that were reported that I had not foreseen, so this has been a learning experience for me, too.
Secondly, I'd like to point out what you are NOT seeing -- the many MANY changes that TMB and PJ made as a result of feedback arising from testing. That said, comments are THE thing that makes this site. It's not the timeliness or fine writing of the stories — as I see it, this site is all about providing a venue for discussion.
Look past the fold for the rest of my comments.
Though there were a whole lot of tests that I was able to perform, there were many others that I had still not gotten to yet. I apologize that some of you had to scrape your knuckles on some very rough edges that made it through. In preparation for rollout I had written a series of programs to allow me to automate some aspects of submitting comments in different hierarchies which were key in identifying shortcomings in testing the correct operation of the expand/collapse and hide/show features. I was by no means able to perform an exhaustive test of all of the permutations but I was able to catch a number of issues and I'm sure TMB and PJ will attest that I beat on them pretty hard to make some changes. So far, I've seen no comments complaining about those controls functioning as they should, so YAY on that.
What has not been tested, and for which I hereby request the help of the community, are the user preferences whereby one can provide modifiers to certain aspects of comments. To access these, go to your preferences page, and then click on the "Comments" tab.
Here, you will see a set of modifiers grouped under the header: "Points Modification." The comment's actual score remains unchanged, but these modifiers allow you to provide a nudge to different categories so you could, say, favor "Funny" comments by adding +2 to the score calculation, and hiding all comments modded "Offtopic" by changing that modifier to "-6".
The "Reason Modifiers" are:
Insightful Offtopic Spam Interesting Flamebait Disagree Funny Troll Touché Informative Redundant
The "People Modifiers" are:
Friend Fan Foe Freak Friends-of-Friends fof Foes-of-Friends
And so on with modifiers for Anonymous postings, Karma Bonus, New User Modifiers, Small Comment Modifiers, and Long Comment Modifier.
I would appreciate these being explored and verified as to their correct operation. If you choose to help, please mention in the comments which control you tested, and what happened when you set it to -6, -2, +2, and +6.
These values are suggested so as to explore settings that make a given category nearly hidden (a "+5 Interesting" comment with the "Interesting" modifier set to -6 results in an effective score of -1) — set your threshold/breakthrough to 0 and those comments should not be displayed. Conversely, you can set the "Troll" modifier to +6 so even a "-1 Troll" comment would receive an effective score of +5 and should always appear in the comments you see displayed.
Lastly, but of extreme importance in my mind, is how impressed I am by the community feedback. Issues were stated, explained why it was problematic, steps required to reproduce, steps taken as an attempt at a workaround -- THIS is what keeps me going and donating my time to this site. We are working together to make this the best site we can. I'm proud to be a member of this community. Together I'm sure we can get the remaining issues worked out to people's satisfaction. And, as NCommander stated, if we are not able to do so, there is a fallback to the old approach. I must admit that some of the new features were a bit jarring to me (I started reading at the green site before it even had UIDs) so there's some long-practice reading/viewing skills that are being challenged, but overall I'm liking the changes. I hope you do, too.
The Federal Communications Commission plans to halt implementation of a privacy rule that requires ISPs to protect the security of its customers' personal information.
The data security rule is part of a broader privacy rulemaking implemented under former Chairman Tom Wheeler but opposed by the FCC's new Republican majority. The privacy order's data security obligations are scheduled to take effect on March 2, but Chairman Ajit Pai wants to prevent that from happening.
The data security rule requires ISPs and phone companies to take "reasonable" steps to protect customers' information—such as Social Security numbers, financial and health information, and Web browsing data—from theft and data breaches.
"Chairman Pai is seeking to act on a request to stay this rule before it takes effect on March 2," an FCC spokesperson said in a statement to Ars.
The rule would be blocked even if a majority of commissioners supported keeping them in place, because the FCC's Wireline Competition Bureau can make the decision on its own.
Add this to the long list of problems caused by buzzing drones: Frightening 1,500 elk into stampeding at a time of year when too much stress can be deadly for the animals.
This winter already is one for the books in western Wyoming. More than twice as much snowfall than usual has fallen in many areas, and more than 3 feet has accumulated at the National Elk Refuge in the scenic valley of Jackson Hole.
Typically the National Elk Refuge provides a winter haven for elk. But on Monday, David A. Smart, 45, of Washington, D.C., got a $280 ticket for allegedly launching a drone from a highway pullout and flying it over hundreds of elk resting there.
The device caused the elk to stampede half a mile through the snow. Smart was trying to film the animals and afterward was apologetic, refuge deputy manager Cris Dippel said Friday.
Nonetheless, wildlife managers take animal harassment seriously. The federal crime of which Smart was accused, disturbing wildlife, is punishable by an up to $5,000 fine.
Source: Popular Mechanics
The proof is in the packaging. Making all cigarette packets look the same reduces the positive feelings smokers associate with specific brands and encourages quitting, Australian research shows.
The findings come ahead of the UK and Ireland introducing plain tobacco packaging in May.
Australia was the first nation to introduce such legislation in December 2012. Since then, all cigarettes have been sold in plain olive packets with standard fonts and graphic health warnings.
The primary goal was to make cigarettes less appealing so that people would not take up smoking in the first place. But an added bonus has been the number of existing smokers who have ditched the habit.
Between 2010 and 2013, the proportion of daily smokers in Australia dropped from 15.1 to 12.8 per cent – a record decline. The number of calls to quit helplines also increased by 78 per cent after the policy change.
Hugh Webb, et al. Smoke signals: The decline of brand identity predicts reduced smoking behaviour following the introduction of plain packaging, Addictive Behaviors Reports, DOI: 10.1016/j.abrep.2017.02.003
A Vancouver man was denied entry into the United States after a US Customs and Border Patrol officer read his profiles on the gay hookup app Scruff and the website BBRT.
[...] André, a 30-year-old Vancouver set decorator who declined to give his full name for fear of retaliation from US Customs, describes the experience as "humiliating."[He] says he was planning to visit his boyfriend, who was working in New Orleans. But when he was going through Customs preclearance at Vancouver airport last October, he was selected for secondary inspection, where an officer took his phone, computer and other possessions, and demanded the passwords for his devices.
"I didn't know what to do. I was scared, so I gave them the password and then I sat there for at least an hour or two. I missed my flight," André says. "He came back and just started grilling me. 'Is this your email?' and it was an email attached to a Craigslist account for sex ads. He asked me, 'Is this your account on Scruff? Is this you on BBRT?' I was like, 'Yes, this is me.'"
[...] "I could tell just by his nature that he had no intentions of letting me through. They were just going to keep asking me questions looking for something," he says. "So I asked for the interrogation to stop. I asked if I go back to Canada am I barred for life? He said no, so I accepted that offer."
A month later, André attempted to fly to New Orleans again. This time, he brought what he thought was ample proof that he was not a sex worker: letters from his employer, pay stubs, bank statements, a lease agreement and phone contracts to prove he intended to return to Canada.
When he went through secondary inspection at Vancouver airport, US Customs officers didn't even need to ask for his passwords — they were saved in their own system. But André had wiped his phone of sex apps, browser history and messages, thinking that would dispel any suggestion he was looking for sex work. Instead, the border officers took that as suspicious.
-- submitted from IRC
Another privilege-escalation vulnerability has been discovered in Linux kernel that dates back to 2005 and affects major distro of the Linux operating system, including Redhat, Debian, OpenSUSE, and Ubuntu.
Over a decade old Linux Kernel bug (CVE-2017-6074) has been discovered by security researcher Andrey Konovalov in the DCCP (Datagram Congestion Control Protocol) implementation using Syzkaller, a kernel fuzzing tool released by Google.
The vulnerability is a use-after-free flaw in the way the Linux kernel's "DCCP protocol implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket."
The DCCP double-free vulnerability could allow a local unprivileged user to alter the Linux kernel memory, enabling them to cause a denial of service (system crash) or escalate privileges to gain administrative access on a system.
"An attacker can control what object that would be and overwrite its content with arbitrary data by using some of the kernel heap spraying techniques. If the overwritten object has any triggerable function pointers, an attacker gets to execute arbitrary code within the kernel," full disclosure mailing list about the vulnerability reads.
Jeff Regan was born with underdeveloped optic nerves and had spent most of his life in a blur. Then four years ago, he donned an unwieldy headset made by a Toronto company called eSight. Suddenly, Regan could read a newspaper while eating breakfast and make out the faces of his co-workers from across the room. He's been able to attend plays and watch what's happening on stage, without having to guess why people around him were laughing. "These glasses have made my life so much better," said Regan, 48, a Canadian engineer who lives in London, Ontario.
The headsets from eSight transmit images from a forward-facing camera to small internal screens — one for each eye — in a way that beams the video into the wearer's peripheral vision. That turns out to be all that some people with limited vision, even legal blindness, need to see things they never could before. That's because many visual impairments degrade central vision while leaving peripheral vision largely intact.
Although eSight's glasses won't help people with total blindness, they could still be a huge deal for the millions of peoples whose vision is so impaired that it can't be corrected with ordinary lenses.
Source: Popular Mechanics
A mid-2016 security incident led to Apple purging its data centers of servers built by Supermicro, including returning recently purchased systems, according to a report by The Information. Malware-infected firmware was reportedly detected in an internal development environment for Apple's App Store, as well as some production servers handling queries through Apple's Siri service.
An Apple spokesperson denied there was a security incident. However, Supermicro's senior vice-president of technology, Tau Leng, told The Information that Apple had ended its relationship with Supermicro because of the compromised systems in the App Store development environment. Leng also confirmed Apple returned equipment that it had recently purchased. An anonymous source was cited as the source of the information regarding infected Siri servers.
[...] A source familiar with the case at Apple told Ars that the compromised firmware affected servers in Apple's design lab, and not active Siri servers. The firmware, according to the source, was downloaded directly from Supermicro's support site—and that firmware is still hosted there.
Thursday's watershed attack on the widely used SHA1 hashing function has claimed its first casualty: the version control system used by the WebKit browser engine, which became completely corrupted after someone uploaded two proof-of-concept PDF files that have identical message digests.
The bug resides in Apache SVN, an open source version control system that WebKit and other large software development organizations use to keep track of code submitted by individual members. Often abbreviated as SVN, Subversion uses SHA1 to track and merge duplicate files. Somehow, SVN systems can experience a severe glitch when they encounter the two PDF files published Thursday, proving that real-world collisions on SHA1 are now practical.
On Friday morning, the researchers updated their informational website to add the frequently asked question "Is SVN affected?" The answer:
"Yes - please exercise care, as SHA-1 colliding files are currently breaking SVN repositories. Subversion servers use SHA-1 for deduplication and repositories become corrupted when two colliding files are committed to the repository. This has been discovered in WebKit's Subversion repository and independently confirmed by us. Due to the corruption the Subversion server will not accept further commits."
The US Department of Defense wants you to contribute unclassified code to software projects developed in support of national security. Toward that end, it has launched Code.mil, which points to a Github repository intended to offer public access to code financed by public money. But at the moment, the DoD's repo lacks any actual code.
Open source and free software represent industry best practices, the DoD said in a statement, even as it acknowledged the agency has yet to widely adopt it. Code.mil represents an attempt to change that dynamic. On the project website, the DoD goes so far as to suggest that anything other than open source software puts lives at risk.
"US military members and their families make significant sacrifices to protect our country," the agency explains in its FAQs. "Their lives should not be negatively impacted by outdated tools and software development practices that lag far behind private sector standards." And in case that isn't clear enough, the agency states, "Modern software is open sourced software."
-- submitted from IRC
What's surprising about the announcement isn't so much that the ASF is accepting this face in the crowd to its ranks – it's hard to turn around in the software world these days without tripping over ML tools – but rather that MXNet developers, most of whom are from Amazon, believe ASF is relevant.
MXNet is an open-source "deep learning" framework that allows you to define, train, and deploy so-called neural networks on a wide array of devices. It also happens to be the machine learning (ML) tool of choice at Amazon Web Services (AWS) and is available today via ready-to-deploy EC2 instances.
Deep learning is the currently very popular subset of ML that focuses on hierarchical algorithms with non-linearities, which help find patterns and learn representations within data sets. That's a fancy way of saying it learns as it finds. Deep learning tools are currently popular thanks to their success in applications like speech recognition, natural language understanding and recommendation systems (think Siri, Alexa and so on). Every time you sit on your couch yelling at Alexa you're employing a deep learning system.
What makes MXNet interesting at this stage is Amazon claims it's the most scalable tool the company has, and Amazon is a company that knows a thing or two about what scales and what doesn't.
-- submitted from IRC
We've had the Nintendo Switch here in Ars' orbiting HQ for a few days now, and while we're still working on a more thorough review ahead of launch, we're now able to share some initial impressions of the final retail system to add to our hands-on time from last month.
So far, testing out the Switch has exclusively meant playing The Legend of Zelda: Breath of the Wild, the only one of nine confirmed launch games we have our hands on as of yet. Any significant non-gaming or online functions are tied to a "Day One" system update that likely won't be available in time for pre-launch reviews. Further thoughts on the experience of motion controlled games (like 1-2-Switch), or games that support individual Joy-Cons held horizontally (like Super Bomberman R) will also have to wait.
[...] My favorite way to play Breath of the Wild so far is with the Joy-Cons detached from the system, one held in each hand. You can connect the individual controllers to a centralized Grip to make them feel more like a standard dual-stick controller, but I'm not sure why you would want to. Held separately, you can lounge around comfortably with your hands and arms resting literally anywhere, rather than having to scrunch them together directly in front of you.
[...] Despite its thin profile, the Switch feels relatively hefty in the hand and comes across as much denser than the likes of the 3DS or Vita (and especially the airy, toy-like tablet on the Wii U). The tablet itself is solidly built and doesn't feel in danger of snapping apart under stress.
[...] We'll be putting the Switch through as much testing as we can leading up to its March 3 launch next week. For now, though, my inner seven-year-old is still marveling at how far Nintendo handhelds have come since the original black-and-white Game Boy.
-- submitted from IRC
Arthur T Knackerbracket has found the following story:
Woobo is a cuddly interactive toy that talks to kids. Also, it records their conversations.
It's a source of anxiety for any parent: getting rid of your child's beloved toy.
That's exactly what regulators in Germany told citizens to do with My Friend Cayla. And it wasn't enough to just throw Cayla away; parents actually had to destroy the blonde, peppy-looking doll.
The smart toy, which records conversations with kids, fell into the category of "hidden espionage devices," according to the regulators. My Friend Cayla was accused of asking children personal questions, like their favorite shows and toys, and saving the data to send to a third-party company that also makes voice identification products for police.
Just a day after the German ban was announced, Toy Fair kicked off in New York -- and smart toys were all over the place. Teddy Ruxpin, the storytelling bear beloved by '80s babies, returned with a high-tech makeover, as did Hologram Barbie, a voice-assistant animated sequel to the controversial Hello Barbie. Toy Fair also featured smart toy newcomers like Woobo, essentially a cuddly version of the Amazon Echo and Google Home speakers.
The contrasts illustrate the fine line between protecting one's privacy and the desire to create compelling and engaging products. It's the same broader debate that's raging throughout the technology and consumer electronics world, with companies like Google hoovering up personal data to better serve you ads. Only this time, the issue affects impressionable children.
Smart toys are a multibillion-dollar industry that's only getting larger as more kids are growing up connected and clamoring for the next high-tech distraction. Parents are flocking to connected toys for tots, with one research firm predicting that revenue for smart toys will reach $8.8 billion by 2020.
The booming market could be blowing up even faster if only children's online privacy concerns weren't in the way, members of the toy industry lamented at Toy Fair. While parents are looking out for their kids' safety and privacy, toymakers say data collection is necessary to make the next generation's iconic toy.
The Children's Online Privacy Protection Act, passed in 1998, requires companies targeting kids under 13 to get consent from parents before collecting personal information from children, as well as allowing parents to review any data a company collects on their kids. The data also must be deleted within 30 days of its use. COPPA's author, Sen. Edward Markey, a Massachusetts Democrat, questioned the makers of My Friend Cayla about potential violations of the act "given the sensitive nature of children's recorded speech."
The toy industry, unsurprisingly, takes a different view.
"To take smart toys to the next level of engagement and give kids what they want, you have to take data and create an engaging experience that's connected to their friends and based on their persona," said Krissa Watry, CEO of Dynepic, the company behind iOKids, a social media platform for children and their parents.
-- submitted from IRC