Slashdot Mirror

An anonymous reader writes: The Truck Factor describes the minimal number of developers that have to be hit by a truck (or quit) before a project is incapacitated. Wikipedia defines it as a "measurement of the concentration of information in individual team members. A high truck factor means that many individuals know enough to carry on and the project could still succeed even in very adverse events." The term is also known by bus factor/number. In this article, the authors calculate the truck factor for 133 popular GitHub applications. Spoiler, but unsurprising: Linux ranks near the top (meaning that it's highly resilient).

bromoseltzer writes: I use cloud storage to hold many gigs of personal files that I'd just as soon were not targets for casual data mining. (Google: I'm thinking of you.) I want to access them from Linux, Windows, and Android devices. I have been using encfs, which does the job for Linux fairly well (despite some well-known issues), but Windows and Android don't seem to have working clients. I really want to map a file system of encrypted files and encrypted names to a local unencrypted filesystem — the way encfs works. What solutions do Slashdot readers recommend? Ideal would be a competitive cloud storage service like Dropbox or Google Drive that provides trustworthy encryption with suitable clients. Is there anything like that?

paroneayea writes: GNU MediaGoblin has released version 0.8.0 dubbed "A Gallery of Fine Creatures". This release includes a number of improvements including an upgrade to GStreamer 1.0, improved video thumbnailing, and preliminary Python 3 support. Additionally, an improved Social API support making use of the Pump API means that existing pump.io clients like Pumpa and Dianara are now compatible with MediaGoblin. This coincides with work underway by MediaGoblin developers working with the W3C Social Working Group to build a general federation standard, of which a draft submission to the group is already in progress.

sciencehabit sends news of a study published in the Journal of Educational Psychology which found that science is still perceived as a predominantly male profession across the world. The results were broken out by country, and while the overall trend stayed consistent throughout (PDF), there were variations in perception. For explicit bias: "Countries where this association was strongest included South Africa and Japan. The United States ranked in the middle, with a score similar to Austria, Mexico, and Brazil. Portugal, Spain, and Canada were among the countries where the explicit bias was weakest." For implicit bias: "Denmark, Switzerland, Belgium, and Sweden were among the countries with the highest implicit bias scores. The United States again came in at the middle of the pack, scoring similarly to Singapore. Portugal, Spain, and Mexico had among the lowest implicit bias scores, though the respondents still associated science more with men than with women."

An anonymous reader writes: Google today launched Chrome 42 for Windows, Mac, and Linux with new developer tools. Chrome 42 offers two new APIs (Push API and Notifications API) that together allow sites to send notifications to their users even after the given page is closed. While this can be quite an intrusive feature for a browser, Google promises the users have to first grant explicit permission before they receive such a message.

New submitter mathiasfriman writes: SverigeLinux (SwedenLinux in Swedish) is a project financed by the Swedish Internet Fund that is developing a Linux deployment system for the public sector. It is based on DebianLAN and has just released its first public early alpha version. This 7 minute video shows how you can deploy up to 100 workstations with minimal Linux knowledge in under an hour, complete with DHCP, DNS and user data in LDAP, logins using Kerberos and centralized storage. The project has a home on GitHub and is looking for testers and developers. Don't worry, no Björgen Kjörgen; it's all in English.

siddesu writes A popular "encryption" package for Android that even charges a yearly subscription fee of $8 actually does nothing more than give a false sense of security to its users. Not only is the app using a worthless encryption method, it also uses weak keys and "encrypts" only a small portion of the files. One wonders how much snake oil flows through the app stores, from "battery savers" to "antivirus." What is the most worthless app purchase you made? Did you ask for a refund?

rjmarvin writes Now that its codebase is finally viewed as stable, OpenSSL is getting a good top-to-bottom once-over in the form of a sweeping audit. As part of the Linux Foundation's Core Infrastructure Initiative, the foundation and the Open Crypto Audit Project are sponsoring and organizing what may arguably be the highest-profile audit of a piece of open-source software in history. The audit itself will be conducted by the information assurance organization NCC Group, and its security research arm, Cryptography Services, will carry out the code review of OpenSSL's 447,247 line codebase over the next several months.

johntromp writes It took about 50,000 CPU hours and 4PB of disk IO, but now we know the exact number of legal 18x18 Go positions. Seeking computing power for the ultimate 19x19 count. And it's not a heat-death-of-the-universe kind of question, either, they say: "Thanks to the Chinese Remainder Theorem, the work of computing L(19,19) can be split up into 9 jobs that each compute 64 bits of the 566-bit result. Allowing for some redundancy, we need from 10 to 13 servers, each with at least 8 cores, 512GB RAM, and ample disk space (10-15TB), running for about 5-9 months."

Nerval's Lobster (2598977) writes Ever wanted to know how much H-1B holders make per year? Developer Swizec Teller, who is about to apply for an H-1B visa, took data from the U.S. Department of Labor and visualized it in a series of graphs that break down H-1B salaries on a state-by-state basis. Teller found that the average engineer with an H-1B makes $87,000 a year, a good deal higher than developers ($74,000) and programmers ($61,000) with the same visa. ("Don't call yourself a programmer," he half-joked on Twitter.) Architects, consultants, managers, administrators, and leads with H-1Bs can likewise expect six-figure annual salaries, depending on the state and company. Teller's site is well worth checking out for the interactive graphs, which he built with React and D3.js. The debate over H-1Bs is an emotional one for many tech pros, and research into the visa's true impact on the U.S. labor market wasn't helped by the U.S. Department of Labor's recent decision to destroy H-1B records after five years. "These are the only publicly available records for researchers to analyze on the demand by employers for H-1B visas with detail information on work locations," Neil Ruiz, who researches visa issues for The Brookings Institution, told Computerworld after the new policy was announced in late 2014.

An anonymous reader writes: Mark Nottingham, chair of the IETF HTTP working group, has announced that the HTTP/2 specification is done. It's on its way to the RFC Editor, along with the HPACK specification, where it'll be cleaned up and published. "The new standard brings a number of benefits to one of the Web's core technologies, such as faster page loads, longer-lived connections, more items arriving sooner and server push. HTTP/2 uses the same HTTP APIs that developers are familiar with, but offers a number of new features they can adopt. One notable change is that HTTP requests will be 'cheaper' to make. ... With HTTP/2, a new multiplexing feature allows lots of requests to be delivered at the same time, so the page load isn't blocked." Here's the HTTP/2 FAQ, and we recently talked about some common criticisms of the spec.

New submitter Bogdan Vasilescu writes: Diversity in teams is a double-edged sword. Increased team diversity results in more varied backgrounds and ideas, providing the team with access to broader information, enhanced creativity, adaptability, and problem solving skills. However, due to greater perceived differences in values, norms, and communication styles in more diverse teams, members become more likely to engage in stereotyping, cliquishness, and conflict.

In a recent study, researchers from University of California, Davis and Eindhoven University of Technology, The Netherlands have analyzed the effects of gender and tenure diversity on productivity and turnover for more than 23,000 open-source projects on GitHub. Using regression modeling, they showed that after controlling for team size and other confounds (such as a project's age, development model, or amount of social activity), both gender and tenure diversity are positive and significant predictors of productivity, together explaining a small but significant fraction of the data variability. On an economic and societal scale, these findings suggest that added investments in educational and professional training efforts and outreach for female programmers will likely result in added overall value.

The paper describing the results (preprint PDF here) will be presented at the prestigious ACM CHI Conference on Human Factors in Computing Systems, in Seoul, South Korea, in April 2015.

New submitter Bogdan Vasilescu writes: Diversity in teams is a double-edged sword. Increased team diversity results in more varied backgrounds and ideas, providing the team with access to broader information, enhanced creativity, adaptability, and problem solving skills. However, due to greater perceived differences in values, norms, and communication styles in more diverse teams, members become more likely to engage in stereotyping, cliquishness, and conflict.

In a recent study, researchers from University of California, Davis and Eindhoven University of Technology, The Netherlands have analyzed the effects of gender and tenure diversity on productivity and turnover for more than 23,000 open-source projects on GitHub. Using regression modeling, they showed that after controlling for team size and other confounds (such as a project's age, development model, or amount of social activity), both gender and tenure diversity are positive and significant predictors of productivity, together explaining a small but significant fraction of the data variability. On an economic and societal scale, these findings suggest that added investments in educational and professional training efforts and outreach for female programmers will likely result in added overall value.

The paper describing the results (preprint PDF here) will be presented at the prestigious ACM CHI Conference on Human Factors in Computing Systems, in Seoul, South Korea, in April 2015.

jones_supa writes: As you may have heard, the NSA has had some success in cracking Secure Shell (SSH) connections. To respond to these risks, a guide written by Stribika tries to help you make your shell as robust as possible. The two main concepts are to make the crypto harder and make stealing keys impossible. So prepare a cup of coffee and read the tutorial carefully to see what could be improved in your configuration. Stribika gives also some extra security tips: don't install what you don't need (as any code line can introduce a bug), use the kind of open source code that has actually been reviewed, keep your software up to date, and use exploit mitigation technologies.

New submitter stephenpeters writes The AdNauseam browser extension claims to click on each ad you have blocked with AdBlock in an attempt to obfuscate your browsing data. Officially launched mid November at the Digital Labour conference in New York, the authors hope this extension will register with advertisers as a protest against their pervasive monitoring of users online activities. It will be interesting to see how automated ad click browser extensions will affect the online ad arms race. Especially as French publishers are currently planning to sue Eyeo GmbH, the publishers of Adblock. This might obfuscate the meaning of the clicks, but what if it just encourages the ad sellers to claim even higher click-through rates as a selling point?

An anonymous reader writes: Most software developers are intimately familiar with having to waste time implementing something they probably shouldn't need to implement, or spending countless hours making their code work with bad (but required) software. Developer Paul Chiusano says this is because the economic model we use for building software just doesn't work. He writes, "What's the problem? In software, everyone is solving similar problems, and software makes it trivial to share solutions to these problems (unlike physical goods), in the form of common libraries, tools, etc. This ease of sharing means it makes perfect sense for actors to cooperate on the development of solutions to common problems. ... Obviously, it would be crazy to staff such critical projects largely with a handful of unpaid volunteers working in their spare time. Er, right?? Yet that is what projects like OpenSSL do. A huge number of people and businesses ostensibly benefit from these projects, and the vast majority are freeriders that contribute nothing to their development. This problem of freeriders is something that has plagued open source software for a very long time." Chiusano has some suggestions on how we can improve the way we allocate resources to software development.

An anonymous reader writes: For over two years there's been a Freedreno driver project that's been reverse-engineering Qualcomm's Adreno graphics hardware. Freedreno consists of both a user-space Gallium3D driver providing OpenGL / OpenGL ES support and a DRM/KMS kernel driver to replace Qualcomm's open-source kernel driver designed just around Android's needs. The community-based, reverse-engineering Freedreno driver project is finally paying off and gaining critical momentum with Qualcomm now contributing to the driver. QuIC through the Aurora Forum provided Adreno A4xx hardware support to the Freedreno MSM kernel driver.

An anonymous reader writes: Developer Paul Chiusano thinks much of programming culture has been infected by a "worse is better" mindset, where trade-offs to preserve compatibility and interoperability cripple the functionality of vital languages and architectures. He says, "[W]e do not merely calculate in earnest to what extent tradeoffs are necessary or desirable, keeping in mind our goals and values -- there is a culture around making such compromises that actively discourages people from even considering more radical, principled approaches." Chiusano takes C++ as an example, explaining how Stroustrup's insistence that it retain full compatibility with C has led to decades of problems and hacks.

He says this isn't necessarily the wrong approach, but the culture of software development prevents us from having a reasoned discussion about it. "Developing software is a form of investment management. When a company or an individual develops a new feature, inserts a hack, hires too quickly without sufficient onboarding or training, or works on better infrastructure for software development (including new languages, tools, and the like), these are investments or the taking on of debt. ... The outcome of everyone solving their own narrow short-term problems and never really revisiting the solutions is the sea of accidental complexity we now operate in, and which we all recognize is a problem."

An anonymous reader writes Coursera, the online education platform with over 9 million students, appears to have some serious privacy shortcomings. According to one of Stanford's instructors, 'any teacher can dump the entire user database, including over nine million names and email addresses.' Also, 'if you are logged into your Coursera account, any website that you visit can list your course enrollments.' The attack even has a working proof of concept [note: requires Coursera account]. A week after the problems were reported, Coursera still hasn't fixed them.

A limitation of current (affordable) 3D printers is their use of open loop controllers and stepper motors which limits reliability (drove the motor too quickly and skipped a step? Your model is ruined) and precision (~300 steps per revolution). A new project, Servo Stock instead uses cheap RC Servomotors combined with Hall Effect sensors, using a closed-loop controller to precisely position the extruder. The Servo Stock is derived from the delta robot Reprap Rostock (which is pretty cool even with stepper motors). The sensors give a resolution of 4096 ticks per rotation, and the controller can currently position the motors to within +/-2 ticks. They've also simplified the printer electronics by driving as much as possible from the controlling computer using Bowler, a new communication protocol for machine control. The Servo Stock also includes sensors for the hot end, presumably to be used to control the filament feed rate and temperature. The hardware models are fully parametric, allowing reasonably straightforward scaling of the design. Source for the hardware, firmware, and software is available.

A note on the video: the extruder platform is tilted in the video, but a project update indicates it was fixed by making the support arms more rigid.

First time accepted submitter blottsie (3618811) writes "A new project proposes to do away with dead 404 errors by implementing a new HTML attribute that will help access prior versions of hyperlinked content. With any luck, that means that you'll never have to run into a dead link again. ... The new feature would come in the form of introducing the mset attribute to the <a> element, which would allow users of the code to specify multiple dates and copies of content as an external resource." The mset attribute would specify a "reference candidate:" either a temporal reference (to ease finding the version cited on e.g. the wayback machine) or the url of a static copy of the linked document.

rjmarvin (3001897) writes "Two Princeton computer science students have created an open source platform for developing voice-controlled applications that are always on. Created by Shubhro Saha and Charlie Marsh, Jasper runs on the Raspberry Pi under Raspbian, using a collection of open source libraries to make up a development platform for building voice-controlled applications. Marsh and Saha demonstrate Jasper's capability to perform Internet searches, update social media, and control music players such as Spotify. You need a few easily obtainable bits of hardware (a USB microphone, wifi dongle or ethernet, and speakers). The whole thing is powered by CMU Sphinx (which /. covered the open sourcing of back in 2000). Jasper provides Python modules (under the MIT license) for recognizing phrases and taking action, or speaking when events occur. There doesn't seem to be anything tying it to the Raspberry Pi either, so you could likely run it on an HTPC for always-on voice control of your media center.

rjmarvin (3001897) writes "Two Princeton computer science students have created an open source platform for developing voice-controlled applications that are always on. Created by Shubhro Saha and Charlie Marsh, Jasper runs on the Raspberry Pi under Raspbian, using a collection of open source libraries to make up a development platform for building voice-controlled applications. Marsh and Saha demonstrate Jasper's capability to perform Internet searches, update social media, and control music players such as Spotify. You need a few easily obtainable bits of hardware (a USB microphone, wifi dongle or ethernet, and speakers). The whole thing is powered by CMU Sphinx (which /. covered the open sourcing of back in 2000). Jasper provides Python modules (under the MIT license) for recognizing phrases and taking action, or speaking when events occur. There doesn't seem to be anything tying it to the Raspberry Pi either, so you could likely run it on an HTPC for always-on voice control of your media center.

rjmarvin (3001897) writes "Two Princeton computer science students have created an open source platform for developing voice-controlled applications that are always on. Created by Shubhro Saha and Charlie Marsh, Jasper runs on the Raspberry Pi under Raspbian, using a collection of open source libraries to make up a development platform for building voice-controlled applications. Marsh and Saha demonstrate Jasper's capability to perform Internet searches, update social media, and control music players such as Spotify. You need a few easily obtainable bits of hardware (a USB microphone, wifi dongle or ethernet, and speakers). The whole thing is powered by CMU Sphinx (which /. covered the open sourcing of back in 2000). Jasper provides Python modules (under the MIT license) for recognizing phrases and taking action, or speaking when events occur. There doesn't seem to be anything tying it to the Raspberry Pi either, so you could likely run it on an HTPC for always-on voice control of your media center.

rjmarvin (3001897) writes "Two Princeton computer science students have created an open source platform for developing voice-controlled applications that are always on. Created by Shubhro Saha and Charlie Marsh, Jasper runs on the Raspberry Pi under Raspbian, using a collection of open source libraries to make up a development platform for building voice-controlled applications. Marsh and Saha demonstrate Jasper's capability to perform Internet searches, update social media, and control music players such as Spotify. You need a few easily obtainable bits of hardware (a USB microphone, wifi dongle or ethernet, and speakers). The whole thing is powered by CMU Sphinx (which /. covered the open sourcing of back in 2000). Jasper provides Python modules (under the MIT license) for recognizing phrases and taking action, or speaking when events occur. There doesn't seem to be anything tying it to the Raspberry Pi either, so you could likely run it on an HTPC for always-on voice control of your media center.

An anonymous reader writes "The F# programming language team has been providing source code releases for years, but all contributions to the core implementation were internal. Microsoft is now changing that. They've announced that they'll be accepting code contributions from the community for the core F# language, the compiler, library, and Visual F# tools. They praised the quality of work currently being done by the F# community: 'The F# community is already doing high-quality, cross-platform open engineering using modern tools, testing methodology and build processes. Some particularly active projects include the Visual F# Power Tools, FSharp.Data, F# Editing Support for Open Editors, the Deedle DataFrame library and a host of testing tools, web tools, templates, type providers and other tools.' Microsoft is actively solicited bug fixes, optimizations, and library improvements."

An anonymous reader writes "Researchers at New York University have devised a new scheme called PolyPassHash for storing password hash data so that passwords cannot be individually cracked by an attacker. Instead of a password hash being stored directly in the database, the information is used to encode a share in a Shamir Secret Store (technical details PDF). This means that a password cannot be validated without recovering a threshold of shares, thus an attacker must crack groups of passwords together. The solution is fast, easy to implement (with C and Python implementations available), requires no changes to clients, and makes a huge difference in practice. To put the security difference into perspective, three random 6 character passwords that are stored using standard salted secure hashes can be cracked by a laptop in an hour. With a PolyPassHash store, it would take every computer on the planet longer to crack these passwords than the universe is estimated to exist. With this new technique, HoneyWords, and hardware solutions all available, does an organization have any excuse if their password database is disclosed and user passwords are cracked?."

sfcrazy writes "It's not The Onion: Red Hat has partnered with Uhuru Software to bring Microsoft .NET Apps and SQL server capabilities to Red Hat's Platform-as-a-Service solution OpenShift." This brings OpenShift to Windows, and not .NET applications to GNU/Linux OpenShift installations. RedHat customers have apparently been asking for this for a while. The source is available: "The consistent model for managing both Linux and Windows systems that OpenShift provides allow organizations to achieve greater efficiency and agility. Windows is now a full-fledged member of the Open Source world of OpenShift. In keeping with the spirit of Open Source, Uhuru has made all of its OpenShift integration software for Windows available to the community and is working to have it officially integrated into OpenShift Origin."

In related news (OpenShift is usually used on top of OpenStack), darthcamaro writes "The OpenStack cloud platform keeps on gaining new converts. The latest is GoDaddy which today announced it is now officially supporting the OpenStack Foundation. How GoDaddy came to officially join the OpenStack Foundation is interesting, apparently the OpenStack Foundation found out that GoDaddy was using OpenStack though job postings."

An anonymous reader writes with news of an interesting demo for clmtrackr (a Javascript library for tracking of facial features) that hides your face using 3D masks overlayed on the video from your webcam using WebGL. The effect is kind of neat, and a bit creepy. The demo works in Chromium here, but not in Firefox (Debian unstable). There are a couple other demos; the facial deformation demo is reminiscent of the intro screen to Mario 64.

An anonymous reader writes with news of an interesting demo for clmtrackr (a Javascript library for tracking of facial features) that hides your face using 3D masks overlayed on the video from your webcam using WebGL. The effect is kind of neat, and a bit creepy. The demo works in Chromium here, but not in Firefox (Debian unstable). There are a couple other demos; the facial deformation demo is reminiscent of the intro screen to Mario 64.

New submitter amasad writes "This post describes building a JavaScript virtual machine and an in-browser stepping debugger using the latest JavaScript generator feature. It's called debug.js. 'For the past few years I’ve been working on creating tools to help people learn programming on the web. I’ve worked on repl.it and open sourced the underlying technology which powered a few learn to code websites and until recently lead product engineering at Codecademy. Through all that, one thing I really wanted to see are the tools to make it possible to visualize code execution and step through code in the browser. To catch glimpse of what an ideal interactive learning environment would be you should check out Learnable Programming by Bret Victor. In addition to the educational benefits of such a tool, if matured it could be also useful for code instrumentation, web IDEs, and creating a foundation for writing other VMs on top of JavaScript (having the pausable machine state let's you not worry about the non-blocking environment). Ever since I've read about the ES6 Generators proposal, I’ve been toying with this idea in my head but it wasn't a real possibility until Ben Newman's Regenerator brought generators to the browser.'"

An anonymous reader writes "Eric Helgeson documents his experience with an unscrupulous ISP that was injecting affiliate IDs into the URLs for online retailers. 'It appears that the method they were using was to poison the A record of retailers and do a 301 redirect back to the www cname. This is due to the way apex, or 'naked' domain names work.' Upon contacting the ISP, they offered him access to two DNS servers that don't perform the injection, but they showed no indication that they would stop, or opt-out any other subscribers. (It was also the only wireless provider in his area, so he couldn't just switch to a competitor.) Helgeson then sent the data he gathered to the affiliate programs of major retailers on the assumption that they'd be upset by this as well. He was right, and they put a stop to it. He says, 'ISP's ask you to not do crummy things on their networks, so how about they don't do the same to their customers?'"

Via Phoronix comes news that the new DRM driver for the Freedreno driver for Qualcomm Snapdragon Adreno graphics is gaining a few new features in Linux 3.13: "After a year of working on the 'Freedreno' Gallium3D user-space driver and getting that up to speed for Qualcomm Adreno/Snapdragon support, for the past few months he's been working on a complementary kernel driver rather than relying upon Qualcomm's Android-focused kernel layer. ... The work that Rob has ready for Linux 3.13 with this Qualcomm DRM graphics driver is DRI PRIME support, support for render nodes, updated header files, plane support, and a couple of other changes."

judgecorp writes "Google has released 'Coder,' described as a simple way to make web stuff on Raspberry Pi. The idea is to make the Pi into a simple web server and web development environment on which kids can learn HTML, CSS and JavaScript. They provide an image for the Raspberry Pi, and they've open-sourced Coder as well. 'We thought about all the stuff we could do to make Coder a more complete package, but we have a hunch that the sooner this gets into the open source and maker communities, the more we’ll learn about how it might be used. Hopefully, a few more folks will pitch in and help us make this even more accessible and helpful for new coders.'"

An anonymous reader writes "Have access to a telescope with a CCD? Now you can make your very own exoplanet transit curves. Brett Morris, a student from the University of Maryland, has written an open source photometry application known as Oscaar. In a recent NASA Press Release, Morris writes: "The purpose of a differential photometry code – the differential part – is to compare the changes in brightness of one star to another nearby. That way you can remove changes in stellar brightness due to the Earth's atmosphere. Our program measures the brightness change of all the stars in the telescope's field of view simultaneously, so you can pull out the change in brightness that you see from the planet-hosting star due to the transit event." The program opens up exoplanet-observing to amateur astronomers and undergraduate students across the globe."

hypnosec writes that software developer Michael Koziarski has released a bookmarklet "which he claims has the ability to reveal Mega users' master key. Koziarski went on to claim that Mega has the ability to grab its users' keys and use them to access their files. Dubbed MegaPWN, the tool not only reveals a user's master key, but also gives away a user's RSA private key exponent. 'MEGApwn is a bookmarklet that runs in your web browser and displays your supposedly secret MEGA master key, showing that it is not actually encrypted and can be retrieved by MEGA or anyone else with access to your computer without you knowing,' reads an explanation about the bookmarklet on its official page."

Today The New Yorker unveiled a project called Strongbox, which aims to let sources share tips and leaks with the news organization in a secure manner. It makes use of the TOR network and encrypts file uploads with PGP. Once the files are uploaded, they're transferred via thumb-drive to a laptop that isn't connected to the internet, which is erased every time it is powered on and booted with a live CD. The publication won't record any details about your visit, so even a government request to look at their records will fail to find any useful information. "There’s a growing technology gap: phone records, e-mail, computer forensics, and outright hacking are valuable weapons for anyone looking to identify a journalist’s source. With some exceptions, the press has done little to keep pace: our information-security efforts tend to gravitate toward the parts of our infrastructure that accept credit cards." Strongbox is actually just The New Yorker's version of a secure information-sharing platform called DeadDrop, built by Aaron Swartz shortly before his death. DeadDrop is free software.

In an overdue but welcome move, President Obama today issued an executive order mandating "open and machine-readable data" for government-published information. Also, kodiaktau writes "In a move to make data more readily available, the United States of America has announced the Project Open Data and has chosen GitHub to host the content." Ars has a great article on the announced policy, but as you might expect, it comes with caveats, exceptions, sub-goals and committees; don't expect too much change per day, or assume you have a right to open data, exactly, in the eyes of the government, but — "subject to appropriations" — it sounds good on paper. (I'd like the next step to be requiring that all file formats used by the government be open source.)

Nerval's Lobster writes "For comedy publication The Onion, a recent cyber-attack by the Syrian Electronic Army was no laughing matter. The SEA managed to compromise The Onion's Twitter account, plastering it with insults aimed at the United Nations, Israel, and Syrian rebels. 'UN retracts report of Syrian chemical weapon use: "Lab tests confirm it is Jihadi body odor,"' read a typical (and perhaps one of the more printable) ones. When the Tweets appeared, some Onion Twitter-followers questioned whether the newspaper was playing some sort of elaborate meta-joke, perhaps riffing on a recent series of high-profile cyber attacks. But the SEA was serious, and so was The Onion about flushing the attackers from its systems. In a new posting on theonion.github.io, the publication's IT crew details exactly what happened. On May 3, attackers from the SEA fired off phishing emails to Onion employees, at least one of whom clicked on a malicious link. From there, the attackers compromised a handful of systems. 'In total, the attacker compromised at least 5 accounts,' the account concluded. 'The attacker logged in to compromised accounts from 46.17.103.125 which is also where the SEA hosts a website.' But following the crisis, The Onion couldn't resist swiping at its attackers. 'Syrian Electronic Army Has a Little Fun Before Inevitable Upcoming Deaths at Hands of Rebels,' read the headline for a May 6 article that described a fictional massacre of the SEA in gruesome detail."