SoylentNews

MrPlow writes:

Submitted via IRC for SoyCow3941

We think of our job as controlling the user's experience. But the reality is, we control far less than we imagine.

Last week, two events reminded us, yet again, of how right Douglas Crockford was when he declared the web "the most hostile software engineering environment imaginable." Both were serious enough to take down an entire site—actually hundreds of entire sites, as it turned out. And both were avoidable.

[...] The first of these incidents involved the launch of Chrome 66. With that release, Google implemented a security patch with serious implications for folks who weren't paying attention. You might recall that quite a few questionable SSL certificates issued by Symantec Corporation's PKI began to surface early last year. Apparently, Symantec had subcontracted the creation of certificates without providing a whole lot of oversight. Long story short, the Chrome team decided the best course of action with respect to these potentially bogus (and security-threatening) SSL certificates was to set an "end of life" for accepting them as secure. They set Chrome 66 as the cutoff.

So, when Chrome 66 rolled out (an automatic, transparent update for pretty much everyone), suddenly any site running HTTPS on one of these certificates would no longer be considered secure. That's a major problem if the certificate in question is for our primary domain, but it's also a problem it's for a CDN we're using. You see, my server may be running on a valid SSL certificate, but if I have my assets—images, CSS, JavaScript—hosted on a CDN that is not secure, browsers will block those resources. It's like CSS Naked Day all over again.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

FocusWriter is a cross-platform tool available to be easily installed on multiple GNU/Linux distributions, as well as Windows and Mac OS.

FocusWriter isn't super powerful, nor is it deeply extensible, but it's not entirely special feature-less either, with the FocusWriter website listing its features as:

• TXT, basic RTF, Docx, basic ODT file support
• Timers and alarms
• Daily goals
• Fully customizable themes
• Typewriter sound effects (optional)
• Auto-save (optional)
• Live statistics (optional)
• Spell-checking (optional)
• Multi-document support
• Sessions
• Portable mode (optional)
• Translated into over 20 languages

The program opens the editing interface in fullscreen on start. All you see on start is a blank text document and a wooden background; no menus, buttons or other interface elements that may get in your way. How do you interact with the program then? How do you exit it, load documents, or change some of the default options? All you need to do is move the mouse cursor to the top of the screen and move it back down a bit afterward.

Because, why not? We haven't had an all-out Vim/Emacs war in a while.

Source: https://www.ghacks.net/2018/05/06/a-look-at-focuswriter-distraction-free-text-editor-on-gnu-linux/

Original Submission

takyon writes:

Pirate Radio Stations Explode on YouTube

A trick of YouTube's algorithms has led to the blossoming of hundreds of unlicensed, independent radio stations on the site, reminiscent of an age of underground broadcasts in the previous century.

Luke Pritchard and Jonny Laxton were 13 when they met at a boarding school in Crowthorne, England, in 2011. They bonded over a shared love of underground music and in 2014 started a YouTube channel, College Music, to promote the artists they liked.

At first, the channel grew slowly. Then, in the spring of 2016, Mr. Pritchard discovered 24/7 live-streaming, a feature that allows YouTube's users to broadcast a single video continuously. College Music had 794 subscribers in April 2015, a year before Mr. Pritchard and Mr. Laxton started streaming. A month after they began, they had more than 18,440. In April 2016, they had 98,110 subscribers and as of last month, with three active live streams, they have more than triple that amount, with 334,000. They make about $5,000 a month from the streams.

The boys stumbled upon a new strategy, one that, in the past two years, has helped a certain kind of YouTube channel achieve widespread popularity. Hundreds of independently run channels have begun to stream music nonstop, with videos that combine playlists with hundreds of songs and short, looped animations, often taken from anime films without copyright permission. Live streams come in many different genres. Two of College Music's streams are part of a family of channels that broadcast what the broadcasters call lofi (low-fidelity) hip-hop, mellow music that would sound familiar to fans of J. Dilla and Nujabes.

If you've ever clicked on a YouTube livestream entitled something like "lofi hip hop beats to relax/study/bang to", then you know what the article is talking about.

Original Submission

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

The financial benefits of finding and fixing defects throughout the software development life cycle (SDLC), starting at the very beginning, ought to make doing it a no-brainer. It is both easier and cheaper. One should build secure software from the ground up.

[...] The findings of a 2016 Forrester Research study call to mind an ancient proverb: A stitch in time saves nine. Or, in the case of software development, fixing defects early in the SDLC could reduce remediation costs by a factor of anywhere from 5 to 15.

The study set a baseline example of 5 hours of work to fix a defect in the coding/development stage. Finding and fixing that same defect in the final testing phase would take 5–7 times longer. And waiting until after the product was on the market to discover and fix the same defect would take even longer and cost 10–15 times more.

That doesn't include the potential cost of damages from a bad guy discovering the defect first and exploiting it to attack users.

And to the frequently stated worry that ongoing security testing creates intolerable delays in time to market, Forrester found the opposite: that it cuts time to market by 25%.

Hat tip to the old slashcode crew who left us some very good tools for doing exactly this.

Source: https://www.helpnetsecurity.com/2018/05/08/build-secure-software/

Original Submission

takyon writes:

What is edge computing?

The word edge in this context means literal geographic distribution. Edge computing is computing that's done at or near the source of the data, instead of relying on the cloud at one of a dozen data centers to do all the work. It doesn't mean the cloud will disappear. It means the cloud is coming to you. [...] One great driver for edge computing is the speed of light. If a Computer A needs to ask Computer B, half a globe away, before it can do anything, the user of Computer A perceives this delay as latency. The brief moments after you click a link before your web browser starts to actually show anything is in large part due to the speed of light. Multiplayer video games implement numerous elaborate techniques to mitigate true and perceived delay between you shooting at someone and you knowing, for certain, that you missed.

Voice assistants typically need to resolve your requests in the cloud, and the roundtrip time can be very noticeable. Your Echo has to process your speech, send a compressed representation of it to the cloud, the cloud has to uncompress that representation and process it — which might involve pinging another API somewhere, maybe to figure out the weather, and adding more speed of light-bound delay — and then the cloud sends your Echo the answer, and finally you can learn that today you should expect a high of 85 and a low of 42, so definitely give up on dressing appropriately for the weather.

So, a recent rumor that Amazon is working on its own AI chips for Alexa should come as no surprise. The more processing Amazon can do on your local Echo device, the less your Echo has to rely on the cloud. It means you get quicker replies, Amazon's server costs are less expensive, and conceivably, if enough of the work is done locally you could end up with more privacy — if Amazon is feeling magnanimous.

The phrase seems to be popping up more this week due to developments at Microsoft's Build 2018 conference:

Microsoft delivers new edge-computing tools that use its speech, camera, AI technologies

Wikipedia's article, complete with multiple issues.

Original Submission

Bill Dimm writes:

Heise.de reports that eight new security flaws have been reported to Intel by several teams of researchers:

All eight are essentially caused by the same design problem – you could say that they are Spectre Next Generation.

... Each of the eight vulnerabilities has its own number in the Common Vulnerability Enumerator (CVE) directory and each requires its own patches. It is likely that each vulnerability will receive its own name. Until then, we will jointly call these flaws Spectre-NG in order to distinguish them from the previously uncovered issues.

So far we only have concrete information on Intel's processors and their plans for patches. However, there is initial evidence that at least some ARM CPUs are also vulnerable. Further research is already underway on whether the closely related AMD processor architecture is also susceptible to the individual Spectre-NG gaps, and to what extent.

...Intel itself classifies four of the Spectre-NG vulnerabilities as "high risk"; the remaining four are rated as "medium". According to our own research, risks and attack scenarios at Spectre-NG are similar to those at Spectre – with one exception.

One of the Spectre-NG flaws simplifies attacks across system boundaries to such an extent that we estimate the threat potential to be significantly higher than with Spectre. Specifically, an attacker could launch exploit code in a virtual machine (VM) and attack the host system from there – the server of a cloud hoster, for example. Alternatively, it could attack the VMs of other customers running on the same server.

Original Submission

Justin Case writes:

The first machine to kill a human entirely on its own initiative was "Likely Caused By Software Set to Ignore Objects On Road" according to a new report on the collision which happened last March:

The car's sensors detected the pedestrian, who was crossing the street with a bicycle, but Uber's software decided it didn't need to react right away. That's a result of how the software was tuned. Like other autonomous vehicle systems, Uber's software has the ability to ignore "false positives," or objects in its path that wouldn't actually be a problem for the vehicle, such as a plastic bag floating over a road. In this case, Uber executives believe the company's system was tuned so that it reacted less to such objects. But the tuning went too far, and the car didn't react fast enough, one of these people said.

Fast enough? She walked across three and a half lanes in what should have been plain view of the car's LIDAR the entire time.

takyon: Also at Reuters. Older report at The Drive.

Previously: Uber Pulls Self-Driving Cars After First Fatal Crash of Autonomous Vehicle
Video Released of Fatal Uber - Pedestrian Accident, and More

Original Submission #1  Original Submission #2 

Arthur T Knackerbracket has found the following story:

Researchers have exploited a quirk in the genetic make-up of the deadly malaria parasite, Plasmodium falciparum, to create 38,000 mutant strains and then determine which of the organism's genes are essential to its growth and survival. P. falciparum is responsible for about half of all malaria cases and 90 percent of all malaria deaths. New information about the parasite's critical gene repertoire could help investigators prioritize targets for future antimalarial drug development.

[...] The complete genetic sequence of P. falciparum was determined more than a decade ago, but the functions of most of its genes remain unknown, and until now only a few hundred mutant strains had been created in the lab. The difficulties in manipulating P. falciparum stem in part from the extremely high percentage of adenine or thymine (two of the four chemical building blocks that make up DNA) in its genome. Standard methods for creating mutants rely on more variation in gene sequences and so do not work on P. falciparum. In the new research, Dr. Adams and his colleagues created mutated versions of nearly all the parasite's 6,000 genes with a technique that preferentially targets areas rich in adenine and thymine, thus exploiting the very feature that had foiled previous attempts at genetic manipulation.

M Zhang et al. Uncovering the essential genes of the human malaria parasite Plasmodium falciparum by saturation mutagenesis. Science DOI:10.1126/science.aap7847 (2018).

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow3941

Researchers at Tufts University have elucidated a mechanism by which the "good" bacteria that reside in our gastrointestinal tract can help protect us from inflammation, and how their disruption (dysbiosis) can increase the susceptibility of the liver to more harmful forms of disease. Their study, now available in the journal Cell Reports, identified two key metabolites produced by the bacteria in mice that modulate inflammation in the host and could ultimately reduce the severity of non-alcoholic fatty liver disease.

[...] People who eat a high fat diet are more susceptible to NAFLD. Replicating that diet in mice, the researchers found that within just a few weeks, their intestinal microbiota changed character significantly, with some species of bacteria increasing and others decreasing. At the same time, an inventory of metabolites in the mouse's GI tract, serum and liver showed some metabolites known to be linked to intestinal microbiota to shift compared to mice on a low-fat diet. Three of those metabolites -- tryptamine (TA), indole-3-acetate (I3A), and xanthurenic acid -- were significantly depleted in high fat diet mice.

"That's bad news for the liver," said Kyongbum Lee, Ph.D., professor of chemical and biological engineering at the School of Engineering at Tufts. "We demonstrated that two of these metabolites -- I3A and TA -- attenuate the effects of inflammation in several ways. Their depletion clears the way for disease to progress toward more serious stages."

Source: http://now.tufts.edu/news-releases/gut-check-metabolites-shed-intestinal-microbiota-keep-inflammation-bay

Smitha Krishnan, Yufang Ding, Nima Saedi, Maria Choi, Gautham V. Sridharan, David H. Sherr, Martin L. Yarmush, Robert C. Alaniz, Arul Jayaraman, Kyongbum Lee. Gut Microbiota-Derived Tryptophan Metabolites Modulate Inflammatory Response in Hepatocytes and Macrophages. Cell Reports, 2018; 23 (4): 1099 DOI: 10.1016/j.celrep.2018.03.109

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow3941

In case you weren't already terrified of robots that can jump over walls, fly or crawl, Army researchers are developing your next nightmare — a flexible, soft robot inspired by squid and other invertebrates. And they want soldiers to be able to use 3D printers to make them on the battlefield.

The U.S. Army Research Laboratory and the University of Minnesota are developing materials that can be 3D printed based on the flexibility and nimbleness of invertebrates such as a squid, according to an ARL release.

Traditional materials are too rigid and limit certain types of movement that robots might require to get into "confined or restricted spaces," said Ed Habtour, an ARL researcher. The prototypes that Habtour and fellow ARL researchers developed gave 3D-printed actuators three times the movement as what's been tested before. The material that they've used in their testing will bend in any direction when hit with electricity.

"In the initial phase of the project, our team began by investigating new methods for emulating the locomotion of invertebrates," said Michael McAlpine, a professor at the University of Minnesota. That helped researchers learn how to apply the natural movement of invertebrates like squids to produce "high bending motions without skeletal support," McAlpine said.

Source: https://www.armytimes.com/news/your-army/2018/04/18/army-researchers-are-developing-a-self-aware-robot-squid-you-can-3d-print-in-the-field/

Original Submission

takyon writes:

Weed the people? Companies relax drug-testing policies in bid to attract more workers

Near-full employment and changing attitudes about cannabis are prompting some companies to drop pre-employment drug screenings for marijuana, experts in human resources say. "It is happening," said Brian Kropp, group vice president at Gartner's HR practice. "In all the conversations we've been having with executives about this issue, more and more of them are dropping it," he said.

According to attorney James Reidy, chair of the labor and employment group at the law firm of Sheehan Phinney Bass & Green, an increasingly common viewpoint among employers is: "It's an artificial barrier to employment. ... It's no different than having a beer Sunday night."

[...] A 2011 survey conducted by the Society for Human Resource Management found that 57 percent of employers conducted drug tests on all job candidates, a number which likely has fallen since then, extrapolations from smaller studies suggest. A Colorado survey conducted by the Mountain States Employers Council (now called the Employers Council) in 2014, the year the state legalized marijuana for recreational adult use, found that 77 percent of employers said they conducted drug testing, a figure that fell to 62 percent three years later.

Also at Southeast Missourian (AP).

Original Submission

takyon writes:

Breathing Lunar Dust Could Give Astronauts Bronchitis and Even Lung Cancer

[In] a recent study, a team of pharmacologists, geneticists and geoscientists consider how being exposed to lunar dust could have a serious effect on future astronauts' lungs.

[...] Previous research has also shown that dust can cause damage to cells' DNA, which can cause mutations and eventually lead to cancer. For these reasons, Caston and her colleagues were well-motivated to see what harmful effects lunar soil could have on the human body. For the sake of their study, the team exposed human lung cells and mouse brain cells to samples of simulated lunar soil.

These simulants were created by using dust samples from Earth that resemble soil found on the Moon's lunar highlands and volcanic plains, which were then ground to a fine powder. What they found was that up to 90% of human lung cells and mouse neurons died when exposed to the dust samples. The simulants also caused significant DNA damage to mouse neurons, and the human lung cells were so effectively damaged that it was impossible to measure any damage to the cells' DNA.

Assessing Toxicity and Nuclear and Mitochondrial DNA Damage Caused by Exposure of Mammalian Cells to Lunar Regolith Simulants (open, DOI: 10.1002/2017GH000125) (DX)

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow3941

As the brain grows and develops, nerve cells must make connections between one another in order to function properly. Brain cells are tightly packed together, so each cell might touch hundreds or thousands of other cells, and yet those cells only make stable and strong connections with a fraction of those neighboring cells. Researchers have long puzzled over how the probing finger-like neuronal protrusions called filopodia decide on the right place to land and make a stable link. Now researchers at Jefferson (Philadelphia University + Thomas Jefferson University) have shown that a single molecule makes the yes-or-no decision at each touch with a neighboring neuron.

The new research was published in the Cell Press journal Neuron, and could have implications for our understanding of synapse-related diseases such as autism, Down syndrome, addiction or epilepsy.

"We've shown here that one molecule can both repel unproductive contacts and connect where appropriate based on the kinds of signals that pass through that molecule," said senior author on the paper Matthew Dalva, PhD, Professor of Neuroscience at The Vickie & Jack Farber Institute for Neuroscience and Director of the Synaptic Biology Center at Jefferson (Philadelphia University + Thomas Jefferson University). "This molecule is the only molecule we know of that can both repel and connect synapses."

Source: https://www.sciencedaily.com/releases/2018/05/180503142833.htm

Yu-Ting Mao, Julia X. Zhu, Kenji Hanamura, Giuliano Iurilli, Sandeep Robert Datta, Matthew B. Dalva. Filopodia Conduct Target Selection in Cortical Neurons Using Differences in Signal Kinetics of a Single Kinase. Neuron, 2018; DOI: 10.1016/j.neuron.2018.04.011

Original Submission

Arthur T Knackerbracket has found the following story:

Facebook wants to flex its artificial intelligence muscle even more, and it's looking to university towns to help.

The social networking giant is opening two new offices in Seattle and Pittsburgh, The New York Times reported Friday and Facebook confirmed, as part of an expanded effort to attract AI researchers and experts. The two cities are close to The University of Washington and Carnegie Mellon University, both of which are known for their AI research programs.

One thing Facebook hopes to make a standard in its labs is that those who come from academia will be able to continue their work at the school in addition to their efforts at Facebook.

"Professors gain a different type of experience in industry that can have a positive impact on their students and on their research," Yann LeCun, Facebook's director of AI research, said in a statement. "Conversely, their connection with industry helps produce new scientific advances that may be difficult to achieve in an academic environment, and helps turn those advances into practical technology."

Original Submission

MrPlow writes:

Submitted via IRC for SoyCow3941

A group of outsourcing companies that use the H-1B visa to fill U.S. jobs with foreign workers have filed a lawsuit claiming recent U.S. government restrictions on the visa program are illegal.

The legal action attacks a February policy change by U.S. Citizenship and Immigration that imposed tighter requirements on outsourcers seeking H-1B visas, which are intended for jobs requiring specialized skills and a bachelor's degree or higher.

[...] The new H-1B rules single out outsourcing firms and require that they provide evidence proving a worker will perform a specialized job, and that the job match the work specified on the visa application.

In the suit, two companies and a consortium that has been lobbying Congress over H-1B restrictions claimed Citizenship and Immigration lacked the authority to make the rule changes, and that the alleged over-reach violates the U.S. Administrative Procedures Act.

[...] The companies and group filing suit claim the new H-1B requirements will "choke out" their work by denying them H-1B visas and visa extensions.

"Without sufficient employees to meet their clients' needs, Plaintiffs will suffer irreparable harm to reputation and ability to compete," the suit said.

Source: https://www.mercurynews.com/2018/05/03/h-1b-visas-tighter-rules-illegal-tech-outsourcers-claim-in-lawsuit/

Original Submission

http://www.motortrend.com/news/tesla-model-3-teardown-details/

MotorTrend is running an overview of the 6000-person-hour teardown of a Tesla Model 3 by Munro & Associates, a well known reverse engineering and manufacturing consulting firm. A couple of details from the text (there are many photos as well):

Front Upper Control Arm—These are formed of thinner-gauge stamped steel then reinforced by having plastic webbing molded inside. This plastic also provides attachment points for routing the ABS sensor wiring. The oddity: Note the ingot of iron that is glued in place (held by zip-ties while glue sets). Munro reckons this is to dampen a troublesome natural frequency.

Charging Board—This large, complex board filters electricity coming in from the charger with the tall and modular board at right. This board is tailored to suit the electrical service of the vehicle's destination country. This U.S.-market car is prepped for three-phase current, so there are three big copper donuts under that board that look like the one on the left side of the board (that one handles the conversion to 12 volts). This approach is unique and deemed quite savvy relative to the Chevy Bolt and BMW i3 Munro has also analyzed.

Overall, they liked the electronics and panned much of the mechanical design and fastening/welding details--relative to current practice at other auto manufacturers. Which kind of makes sense given Tesla's location near Silicon Valley, and far from Detroit (although Tesla has hired many experienced engineers from existing car companies & suppliers).

The article includes a link to an overview of this analysis, which was published last week.

Original Submission